| |
| |||||||
Log-Analyse und Auswertung: pC sehr langsam, Werbung ploppt auf beim Browseröffnen, nicht löschbare Datei im DownloadordnerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
11.12.2016, 17:52
| #1 |
 |  pC sehr langsam, Werbung ploppt auf beim Browseröffnen, nicht löschbare Datei im Downloadordner Hallo, mein PC wurde langsamer und langsamer. Außerdem öffneten sich selbstständig Tabs mit Werbung bei meinem Chrom-Browser. Im IE hat sich die Bing-Suchmaschine eingezeckt. Daher habe ich im Netz nach Hilfe gesucht und bin auf diese Seite hier gestoßen: hxxp://www.pc-magazin.de/ratgeber/spyware-vollversionen-malware-entfernen-1890344.html. Wahrscheinlich keine gute Idee, selbst Maßnahmen zu ergreifen, aber nun ist "das Kind in den Brunnen gefallen". Ich hatte niemanden, den ich fragen konnte und von eurer Seite habe ich eben erst erfahren. Hätte nie im Traum gedacht, dass es nette Leute gibt, die sich solcher Probleme annehmen. Jedenfalls habe ich folgende Programme durchlaufen lassen: MalwareBytes, Adw-Cleaner und Eset (Testversionen). Alle infizierten Dateien habe ich leider gleich gelöscht. Habe auch nur noch den Logfile von MalwareBytes. Die Bind-Suchmaschine hängt aber immer noch fest im IE und jetzt habe ich auch noch eine dubiose Datei im Download-Ordner, die ich nicht mehr löschen kann (Meldung: "Element wurde nicht gefunden"). Ich habe Angst, etwas falsch oder unvollständig gemacht zu haben und hoffe, dass sie mir helfen können (trotz meines laienhaften Vorgriffes). Ist noch Schadsoftware auf meinem Rechner, z. B. die Bind Suchmaschine im IE? Und wie lösche ich die Datei im Downloadorner? Vielen lieben Dank im Voraus Ursprungssituation - Logfile Malwarebytes Code:
ATTFilter Malwarebytes
www.malwarebytes.com
-Protokolldetails-
Scan-Datum: 10.12.16
Scan-Zeit: 11:59
Protokolldatei: Malwarebytes Logfile.txt
Administrator: Ja
-Softwaredaten-
Version: 3.0.4.1269
Komponentenversion: 1.0.39
Version des Aktualisierungspakets: 1.0.683
Lizenz: Testversion
-Systemdaten-
Betriebssystem: Windows 10
CPU: x64
Dateisystem: NTFS
Benutzer: Dell-PC\Anna
-Scan-Übersicht-
Scan-Typ: Bedrohungs-Scan
Ergebnis: Abgeschlossen
Gescannte Objekte: 418896
Abgelaufene Zeit: 3 Min., 40 Sek.
-Scan-Optionen-
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
-Scan-Details-
Prozess: 0
(keine bösartigen Elemente erkannt)
Modul: 0
(keine bösartigen Elemente erkannt)
Registrierungsschlüssel: 18
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{6EDBF8C0-C94C-4A13-956F-E393BCA5BA4B}, In Quarantäne, [967], [169679],1.0.683
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{6EDBF8C0-C94C-4A13-956F-E393BCA5BA4B}, In Quarantäne, [967], [169679],1.0.683
PUP.Optional.TaskRNDM, HKU\S-1-5-21-3609346958-2387263161-451292197-1000\SOFTWARE\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}, In Quarantäne, [8788], [169164],1.0.683
PUP.Optional.CouponMarvel, HKLM\SOFTWARE\SECURITYUTILITY, In Quarantäne, [1894], [253414],1.0.683
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{68E07AC4-A7BC-41EE-BE34-1C6087DCB673}, In Quarantäne, [2360], [258235],1.0.683
PUP.Optional.MySearch123, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}, In Quarantäne, [17475], [252841],1.0.683
PUP.Optional.Gameo, HKU\S-1-5-21-3609346958-2387263161-451292197-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOWREGISTRY\AUDIO\POLICYCONFIG\PROPERTYSTORE\2157a585_0, In Quarantäne, [8040], [185308],1.0.683
PUP.Optional.CouponMarvel, HKLM\SOFTWARE\WOW6432NODE\SECURITYUTILITY, In Quarantäne, [1894], [253414],1.0.683
PUP.Optional.SparkTrustPCCleaner, HKLM\SOFTWARE\WOW6432NODE\SPARKTRUST\SparkTrust PC Cleaner Plus, In Quarantäne, [2165], [340393],1.0.683
PUP.Optional.SparkTrustPCCleaner, HKU\S-1-5-21-3609346958-2387263161-451292197-1000\SOFTWARE\SPARKTRUST\UNS\SparkTrust PC Cleaner Plus, In Quarantäne, [2165], [340391],1.0.683
PUP.Optional.Conduit, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, In Quarantäne, [717], [236865],1.0.683
PUP.Optional.Conduit, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, In Quarantäne, [717], [236865],1.0.683
PUP.Optional.Conduit, HKU\S-1-5-21-3609346958-2387263161-451292197-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, In Quarantäne, [717], [236865],1.0.683
PUP.Optional.SearchProtect.AppFlsh, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\avabvbavad, In Quarantäne, [12691], [253646],1.0.683
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\APPDATALOW\SOFTWARE\_CrossriderRegNamePlaceHolder_, In Quarantäne, [307], [246383],1.0.683
PUP.Optional.SuperOptimizer, HKU\S-1-5-18\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}, In Quarantäne, [8409], [243667],1.0.683
PUP.Optional.ProductSetup, HKU\S-1-5-21-3609346958-2387263161-451292197-1000\SOFTWARE\PRODUCTSETUP, In Quarantäne, [16823], [242047],1.0.683
PUP.Optional.SparkTrustPCCleaner, HKU\S-1-5-21-3609346958-2387263161-451292197-1000\SOFTWARE\SPARKTRUST\SparkTrust PC Cleaner Plus, In Quarantäne, [2165], [340390],1.0.683
Registrierungswert: 7
PUP.Optional.CouponMarvel, HKLM\SOFTWARE\SECURITYUTILITY|INSTALL_DIR, In Quarantäne, [1894], [253414],1.0.683
PUP.Optional.CouponMarvel, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|APPINIT_DLLS, In Quarantäne, [1894], [-1],0.0.0
PUP.Optional.CouponMarvel, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|APPINIT_DLLS, In Quarantäne, [1894], [-1],0.0.0
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{68E07AC4-A7BC-41EE-BE34-1C6087DCB673}|PATH, In Quarantäne, [2360], [258235],1.0.683
PUP.Optional.CouponMarvel, HKLM\SOFTWARE\WOW6432NODE\SECURITYUTILITY|INSTALL_DIR, In Quarantäne, [1894], [253414],1.0.683
PUP.Optional.Conduit, HKU\S-1-5-21-3609346958-2387263161-451292197-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, In Quarantäne, [717], [236865],1.0.683
PUP.Optional.ProductSetup, HKU\S-1-5-21-3609346958-2387263161-451292197-1000\SOFTWARE\PRODUCTSETUP|TB, In Quarantäne, [16823], [242047],1.0.683
Daten-Stream: 0
(keine bösartigen Elemente erkannt)
Ordner: 30
PUP.Optional.SparkTrustPCCleaner, C:\PROGRAMDATA\SparkTrust\SparkTrust PC Cleaner Plus, In Quarantäne, [2165], [340375],1.0.683
PUP.Optional.SparkTrustPCCleaner, C:\USERS\ANNA\APPDATA\ROAMING\SparkTrust\SparkTrust PC Cleaner Plus, In Quarantäne, [2165], [340375],1.0.683
PUP.Optional.MiuiTab, C:\Program Files (x86)\MiuiTab\web\_locales\es-419, In Quarantäne, [10534], [178494],1.0.683
PUP.Optional.MiuiTab, C:\Program Files (x86)\MiuiTab\web\_locales\en-US, In Quarantäne, [10534], [178494],1.0.683
PUP.Optional.MiuiTab, C:\Program Files (x86)\MiuiTab\web\_locales\es-ES, In Quarantäne, [10534], [178494],1.0.683
PUP.Optional.MiuiTab, C:\Program Files (x86)\MiuiTab\web\_locales\fr-BE, In Quarantäne, [10534], [178494],1.0.683
PUP.Optional.MiuiTab, C:\Program Files (x86)\MiuiTab\web\_locales\fr-CA, In Quarantäne, [10534], [178494],1.0.683
PUP.Optional.MiuiTab, C:\Program Files (x86)\MiuiTab\web\_locales\fr-CH, In Quarantäne, [10534], [178494],1.0.683
PUP.Optional.MiuiTab, C:\Program Files (x86)\MiuiTab\web\_locales\fr-FR, In Quarantäne, [10534], [178494],1.0.683
PUP.Optional.MiuiTab, C:\Program Files (x86)\MiuiTab\web\_locales\fr-LU, In Quarantäne, [10534], [178494],1.0.683
PUP.Optional.MiuiTab, C:\Program Files (x86)\MiuiTab\web\_locales\it-CH, In Quarantäne, [10534], [178494],1.0.683
PUP.Optional.MiuiTab, C:\Program Files (x86)\MiuiTab\web\_locales\it-IT, In Quarantäne, [10534], [178494],1.0.683
PUP.Optional.MiuiTab, C:\Program Files (x86)\MiuiTab\web\_locales\pt-BR, In Quarantäne, [10534], [178494],1.0.683
PUP.Optional.MiuiTab, C:\Program Files (x86)\MiuiTab\web\_locales\ru-MO, In Quarantäne, [10534], [178494],1.0.683
PUP.Optional.MiuiTab, C:\Program Files (x86)\MiuiTab\web\_locales\tr-TR, In Quarantäne, [10534], [178494],1.0.683
PUP.Optional.MiuiTab, C:\Program Files (x86)\MiuiTab\web\_locales\vi-VI, In Quarantäne, [10534], [178494],1.0.683
PUP.Optional.MiuiTab, C:\Program Files (x86)\MiuiTab\web\_locales\zh-CN, In Quarantäne, [10534], [178494],1.0.683
PUP.Optional.MiuiTab, C:\Program Files (x86)\MiuiTab\web\_locales\zh-TW, In Quarantäne, [10534], [178494],1.0.683
PUP.Optional.MiuiTab, C:\Program Files (x86)\MiuiTab\web\_locales\pl, In Quarantäne, [10534], [178494],1.0.683
PUP.Optional.MiuiTab, C:\Program Files (x86)\MiuiTab\web\_locales\pt, In Quarantäne, [10534], [178494],1.0.683
PUP.Optional.MiuiTab, C:\Program Files (x86)\MiuiTab\web\_locales\ru, In Quarantäne, [10534], [178494],1.0.683
PUP.Optional.MiuiTab, C:\Program Files (x86)\MiuiTab\web\_locales, In Quarantäne, [10534], [178494],1.0.683
PUP.Optional.MiuiTab, C:\Program Files (x86)\MiuiTab\skin\image, In Quarantäne, [10534], [178494],1.0.683
PUP.Optional.MiuiTab, C:\Program Files (x86)\MiuiTab\web\img, In Quarantäne, [10534], [178494],1.0.683
PUP.Optional.MiuiTab, C:\Program Files (x86)\MiuiTab\web\js, In Quarantäne, [10534], [178494],1.0.683
PUP.Optional.MiuiTab, C:\Program Files (x86)\MiuiTab\skin, In Quarantäne, [10534], [178494],1.0.683
PUP.Optional.MiuiTab, C:\Program Files (x86)\MiuiTab\web, In Quarantäne, [10534], [178494],1.0.683
PUP.Optional.MiuiTab, C:\PROGRAM FILES (X86)\MiuiTab, In Quarantäne, [10534], [178494],1.0.683
PUP.Optional.VBates, C:\Users\Anna\AppData\LocalLow\Company\Product\1.0, In Quarantäne, [156], [247040],1.0.683
PUP.Optional.VBates, C:\USERS\ANNA\APPDATA\LOCALLOW\COMPANY\PRODUCT, In Quarantäne, [156], [247040],1.0.683
Datei: 67
PUP.Optional.SparkTrustPCCleaner, C:\ProgramData\SparkTrust\SparkTrust PC Cleaner Plus\License_Time.rdat, In Quarantäne, [2165], [340375],1.0.683
PUP.Optional.SparkTrustPCCleaner, C:\ProgramData\SparkTrust\SparkTrust PC Cleaner Plus\RB.rdat, In Quarantäne, [2165], [340375],1.0.683
PUP.Optional.SparkTrustPCCleaner, C:\ProgramData\SparkTrust\SparkTrust PC Cleaner Plus\tfn.xml, In Quarantäne, [2165], [340375],1.0.683
PUP.Optional.MiuiTab, C:\Program Files (x86)\MiuiTab\skin\about.png, In Quarantäne, [10534], [178494],1.0.683
PUP.Optional.MiuiTab, C:\Program Files (x86)\MiuiTab\skin\about_bk.png, In Quarantäne, [10534], [178494],1.0.683
PUP.Optional.MiuiTab, C:\Program Files (x86)\MiuiTab\skin\btn.png, In Quarantäne, [10534], [178494],1.0.683
PUP.Optional.MiuiTab, C:\Program Files (x86)\MiuiTab\skin\btn_apply.png, In Quarantäne, [10534], [178494],1.0.683
PUP.Optional.MiuiTab, C:\Program Files (x86)\MiuiTab\skin\close.png, In Quarantäne, [10534], [178494],1.0.683
PUP.Optional.MiuiTab, C:\Program Files (x86)\MiuiTab\skin\conf.xml, In Quarantäne, [10534], [178494],1.0.683
PUP.Optional.MiuiTab, C:\Program Files (x86)\MiuiTab\skin\conf_back.png, In Quarantäne, [10534], [178494],1.0.683
PUP.Optional.MiuiTab, C:\Program Files (x86)\MiuiTab\skin\input_bk.png, In Quarantäne, [10534], [178494],1.0.683
PUP.Optional.MiuiTab, C:\Program Files (x86)\MiuiTab\skin\logo.png, In Quarantäne, [10534], [178494],1.0.683
PUP.Optional.MiuiTab, C:\Program Files (x86)\MiuiTab\skin\main.xml, In Quarantäne, [10534], [178494],1.0.683
PUP.Optional.MiuiTab, C:\Program Files (x86)\MiuiTab\skin\radio_1.png, In Quarantäne, [10534], [178494],1.0.683
PUP.Optional.MiuiTab, C:\Program Files (x86)\MiuiTab\skin\radio_2.png, In Quarantäne, [10534], [178494],1.0.683
PUP.Optional.MiuiTab, C:\Program Files (x86)\MiuiTab\skin\rigth_arrow.png, In Quarantäne, [10534], [178494],1.0.683
PUP.Optional.MiuiTab, C:\Program Files (x86)\MiuiTab\skin\settings.png, In Quarantäne, [10534], [178494],1.0.683
PUP.Optional.MiuiTab, C:\Program Files (x86)\MiuiTab\web\img\google_trends.png, In Quarantäne, [10534], [178494],1.0.683
PUP.Optional.MiuiTab, C:\Program Files (x86)\MiuiTab\web\img\icon128.png, In Quarantäne, [10534], [178494],1.0.683
PUP.Optional.MiuiTab, C:\Program Files (x86)\MiuiTab\web\img\icon16.png, In Quarantäne, [10534], [178494],1.0.683
PUP.Optional.MiuiTab, C:\Program Files (x86)\MiuiTab\web\img\icon48.png, In Quarantäne, [10534], [178494],1.0.683
PUP.Optional.MiuiTab, C:\Program Files (x86)\MiuiTab\web\img\loading.gif, In Quarantäne, [10534], [178494],1.0.683
PUP.Optional.MiuiTab, C:\Program Files (x86)\MiuiTab\web\img\logo32.ico, In Quarantäne, [10534], [178494],1.0.683
PUP.Optional.MiuiTab, C:\Program Files (x86)\MiuiTab\web\js\common.js, In Quarantäne, [10534], [178494],1.0.683
PUP.Optional.MiuiTab, C:\Program Files (x86)\MiuiTab\web\js\ga.js, In Quarantäne, [10534], [178494],1.0.683
PUP.Optional.MiuiTab, C:\Program Files (x86)\MiuiTab\web\js\jquery-1.11.0.min.js, In Quarantäne, [10534], [178494],1.0.683
PUP.Optional.MiuiTab, C:\Program Files (x86)\MiuiTab\web\js\jquery.autocomplete.js, In Quarantäne, [10534], [178494],1.0.683
PUP.Optional.MiuiTab, C:\Program Files (x86)\MiuiTab\web\js\jquery.xdomainrequest.min.js, In Quarantäne, [10534], [178494],1.0.683
PUP.Optional.MiuiTab, C:\Program Files (x86)\MiuiTab\web\js\js.js, In Quarantäne, [10534], [178494],1.0.683
PUP.Optional.MiuiTab, C:\Program Files (x86)\MiuiTab\web\js\library.js, In Quarantäne, [10534], [178494],1.0.683
PUP.Optional.MiuiTab, C:\Program Files (x86)\MiuiTab\web\js\xagainit-ie8.js, In Quarantäne, [10534], [178494],1.0.683
PUP.Optional.MiuiTab, C:\Program Files (x86)\MiuiTab\web\js\xagainit2.0.js, In Quarantäne, [10534], [178494],1.0.683
PUP.Optional.MiuiTab, C:\Program Files (x86)\MiuiTab\web\js\xdomain.min.js, In Quarantäne, [10534], [178494],1.0.683
PUP.Optional.MiuiTab, C:\Program Files (x86)\MiuiTab\web\_locales\en-US\messages.json, In Quarantäne, [10534], [178494],1.0.683
PUP.Optional.MiuiTab, C:\Program Files (x86)\MiuiTab\web\_locales\es-419\messages.json, In Quarantäne, [10534], [178494],1.0.683
PUP.Optional.MiuiTab, C:\Program Files (x86)\MiuiTab\web\_locales\es-ES\messages.json, In Quarantäne, [10534], [178494],1.0.683
PUP.Optional.MiuiTab, C:\Program Files (x86)\MiuiTab\web\_locales\fr-BE\messages.json, In Quarantäne, [10534], [178494],1.0.683
PUP.Optional.MiuiTab, C:\Program Files (x86)\MiuiTab\web\_locales\fr-CA\messages.json, In Quarantäne, [10534], [178494],1.0.683
PUP.Optional.MiuiTab, C:\Program Files (x86)\MiuiTab\web\_locales\fr-CH\messages.json, In Quarantäne, [10534], [178494],1.0.683
PUP.Optional.MiuiTab, C:\Program Files (x86)\MiuiTab\web\_locales\fr-FR\messages.json, In Quarantäne, [10534], [178494],1.0.683
PUP.Optional.MiuiTab, C:\Program Files (x86)\MiuiTab\web\_locales\fr-LU\messages.json, In Quarantäne, [10534], [178494],1.0.683
PUP.Optional.MiuiTab, C:\Program Files (x86)\MiuiTab\web\_locales\it-CH\messages.json, In Quarantäne, [10534], [178494],1.0.683
PUP.Optional.MiuiTab, C:\Program Files (x86)\MiuiTab\web\_locales\it-IT\messages.json, In Quarantäne, [10534], [178494],1.0.683
PUP.Optional.MiuiTab, C:\Program Files (x86)\MiuiTab\web\_locales\pl\messages.json, In Quarantäne, [10534], [178494],1.0.683
PUP.Optional.MiuiTab, C:\Program Files (x86)\MiuiTab\web\_locales\pt\messages.json, In Quarantäne, [10534], [178494],1.0.683
PUP.Optional.MiuiTab, C:\Program Files (x86)\MiuiTab\web\_locales\pt-BR\messages.json, In Quarantäne, [10534], [178494],1.0.683
PUP.Optional.MiuiTab, C:\Program Files (x86)\MiuiTab\web\_locales\ru\messages.json, In Quarantäne, [10534], [178494],1.0.683
PUP.Optional.MiuiTab, C:\Program Files (x86)\MiuiTab\web\_locales\ru-MO\messages.json, In Quarantäne, [10534], [178494],1.0.683
PUP.Optional.MiuiTab, C:\Program Files (x86)\MiuiTab\web\_locales\tr-TR\messages.json, In Quarantäne, [10534], [178494],1.0.683
PUP.Optional.MiuiTab, C:\Program Files (x86)\MiuiTab\web\_locales\vi-VI\messages.json, In Quarantäne, [10534], [178494],1.0.683
PUP.Optional.MiuiTab, C:\Program Files (x86)\MiuiTab\web\_locales\zh-CN\messages.json, In Quarantäne, [10534], [178494],1.0.683
PUP.Optional.MiuiTab, C:\Program Files (x86)\MiuiTab\web\_locales\zh-TW\messages.json, In Quarantäne, [10534], [178494],1.0.683
PUP.Optional.MiuiTab, C:\Program Files (x86)\MiuiTab\web\data.html, In Quarantäne, [10534], [178494],1.0.683
PUP.Optional.MiuiTab, C:\Program Files (x86)\MiuiTab\web\indexIE.html, In Quarantäne, [10534], [178494],1.0.683
PUP.Optional.MiuiTab, C:\Program Files (x86)\MiuiTab\web\indexIE8.html, In Quarantäne, [10534], [178494],1.0.683
PUP.Optional.MiuiTab, C:\Program Files (x86)\MiuiTab\web\main.css, In Quarantäne, [10534], [178494],1.0.683
PUP.Optional.MiuiTab, C:\Program Files (x86)\MiuiTab\web\ver.txt, In Quarantäne, [10534], [178494],1.0.683
PUP.Optional.MiuiTab, C:\Program Files (x86)\MiuiTab\conf, In Quarantäne, [10534], [178494],1.0.683
PUP.Optional.MiuiTab, C:\Program Files (x86)\MiuiTab\ffsearch_toolbar!1.0.0.1031.xpi, In Quarantäne, [10534], [178494],1.0.683
PUP.Optional.MiuiTab, C:\Program Files (x86)\MiuiTab\install.data, In Quarantäne, [10534], [178494],1.0.683
PUP.Optional.MiuiTab, C:\Program Files (x86)\MiuiTab\msvcp110.dll, In Quarantäne, [10534], [178494],1.0.683
PUP.Optional.MiuiTab, C:\Program Files (x86)\MiuiTab\msvcr110.dll, In Quarantäne, [10534], [178494],1.0.683
PUP.Optional.MiuiTab, C:\Program Files (x86)\MiuiTab\searchProvider.xml, In Quarantäne, [10534], [178494],1.0.683
PUP.Optional.MiuiTab, C:\Program Files (x86)\MiuiTab\uninstall.exe, In Quarantäne, [10534], [178494],1.0.683
PUP.Optional.OpenCandy, C:\WINDOWS\SYSWOW64\PHOTOSCAPE_V3.7.EXE, In Quarantäne, [647], [297667],1.0.683
PUP.Optional.VBates, C:\USERS\ANNA\APPDATA\LOCALLOW\COMPANY\PRODUCT\1.0\LOCALSTORAGEIE.TXT, In Quarantäne, [156], [247040],1.0.683
PUP.Optional.VBates, C:\Users\Anna\AppData\LocalLow\Company\Product\1.0\localStorageIE_backup.txt, In Quarantäne, [156], [247040],1.0.683
Physischer Sektor: 0
(keine bösartigen Elemente erkannt)
(end)
Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 07-12-2016
durchgeführt von Anna (Administrator) auf DELL-PC (11-12-2016 16:03:46)
Gestartet von C:\Users\Anna\Downloads
Geladene Profile: Anna (Verfügbare Profile: Anna & DefaultAppPool)
Platform: Windows 10 Pro Version 1607 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Edge)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Tweaking.com) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.350_none_43278ee965418581\TiWorker.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
==================== Registry (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2786768 2016-11-29] (Malwarebytes)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-11-20] (AVAST Software)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [210432 2016-07-05] (Geek Software GmbH)
HKU\S-1-5-21-3609346958-2387263161-451292197-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8944344 2016-09-28] (Piriform Ltd)
HKU\S-1-5-21-3609346958-2387263161-451292197-1000\...\MountPoints2: {e70445ad-9b8a-11e6-b557-485ab6533c16} - "F:\AutoRun.exe"
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-09-12] (AVAST Software)
Startup: C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FacebookGamesNotifier.exe.lnk [2016-08-17]
ShortcutTarget: FacebookGamesNotifier.exe.lnk -> C:\Users\Anna\AppData\Local\Facebook\Games\FacebookGamesNotifier.exe (Keine Datei)
GroupPolicy: Beschränkung - Chrome <======= ACHTUNG
CHR HKLM\SOFTWARE\Policies\Google: Beschränkung <======= ACHTUNG
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{020b4a51-955d-430a-8db9-d41666a7f79d}: [DhcpNameServer] 192.168.178.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-3609346958-2387263161-451292197-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com
HKU\S-1-5-21-3609346958-2387263161-451292197-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {c9ab6446-7efc-47fe-966c-dc54324eff9f} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3609346958-2387263161-451292197-1000 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3609346958-2387263161-451292197-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
FireFox:
========
FF DefaultProfile: 3o2q61ea.default
FF ProfilePath: C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\3o2q61ea.default [2016-12-11]
FF NewTab: Mozilla\Firefox\Profiles\3o2q61ea.default -> about:blank
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\3o2q61ea.default -> Bing
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\3o2q61ea.default -> Bing
FF Homepage: Mozilla\Firefox\Profiles\3o2q61ea.default -> about:blank
FF Extension: (Adblock Plus) - C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\3o2q61ea.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-24]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-09-12]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-09-12]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll [2016-11-12] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-12] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default [2016-12-11]
CHR Extension: (Google Docs) - C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-21]
CHR Extension: (Google Drive) - C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-04]
CHR Extension: (YouTube) - C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-04]
CHR Extension: (Adblock Plus) - C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-27]
CHR Extension: (Avast SafePrice) - C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-11-15]
CHR Extension: (Google Docs Offline) - C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-07-04]
CHR Extension: (Avast Online Security) - C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-10-27]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-07-14]
CHR Extension: (Amazon) - C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocbnpbkmjpgbdcgiflkgkpnkinifpgpj [2015-06-23]
CHR Extension: (Google Mail) - C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-04]
CHR Extension: (Chrome Media Router) - C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-04]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <nicht gefunden>
CHR HKLM-x32\...\Chrome\Extension: [ocbnpbkmjpgbdcgiflkgkpnkinifpgpj] - C:\Users\Anna\ChromeExtensions\ocbnpbkmjpgbdcgiflkgkpnkinifpgpj\amazon-icon-2.crx [2015-06-08]
==================== Dienste (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-09-12] (AVAST Software)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-11-29] (Malwarebytes)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ======================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [37656 2016-09-12] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [37144 2016-09-12] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [108816 2016-09-12] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [103064 2016-09-12] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-09-12] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [969184 2016-09-14] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [513632 2016-09-22] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [163416 2016-09-12] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2016-10-16] (AVAST Software)
R3 ATP; C:\WINDOWS\System32\drivers\AsusTP.sys [101368 2015-12-14] (ASUS Corporation)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77408 2016-11-29] ()
R3 m76usb; C:\WINDOWS\System32\drivers\m76usb.sys [563360 2015-06-03] (Ralink Technology Corp.)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [176064 2016-12-10] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [102856 2016-12-11] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2016-12-11] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [250816 2016-12-11] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [91584 2016-12-11] (Malwarebytes)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 netr28x; C:\WINDOWS\system32\DRIVERS\netr28x.sys [2554528 2015-06-12] (MediaTek Inc.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 ssudserd; C:\WINDOWS\system32\DRIVERS\ssudserd.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
U3 idsvc; kein ImagePath
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-12-11 16:03 - 2016-12-11 16:04 - 00014371 _____ C:\Users\Anna\Downloads\FRST.txt
2016-12-11 16:03 - 2016-12-11 16:03 - 00000000 ____D C:\FRST
2016-12-11 16:02 - 2016-12-11 16:03 - 02420224 _____ (Farbar) C:\Users\Anna\Downloads\FRST64.exe
2016-12-11 14:13 - 2016-12-11 14:13 - 00002232 _____ C:\Users\Anna\Desktop\Tweaking.com - Windows Repair.lnk
2016-12-11 14:10 - 2016-12-11 14:10 - 00003764 _____ C:\WINDOWS\System32\Tasks\Tweaking.com - Windows Repair Tray Icon
2016-12-11 14:10 - 2016-12-11 14:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2016-12-11 14:09 - 2016-12-11 14:09 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2016-12-11 14:08 - 2016-12-11 14:13 - 00190155 _____ C:\WINDOWS\Tweaking.com - Windows Repair Setup Log.txt
2016-12-11 14:05 - 2016-12-11 14:08 - 32247136 _____ (Tweaking.com) C:\Users\Anna\Downloads\tweaking.com_windows_repair_aio_setup (1).exe
2016-12-11 11:49 - 2016-12-11 11:49 - 00388608 _____ (Trend Micro Inc.) C:\Users\Anna\Downloads\HijackThis.exe
2016-12-11 11:09 - 2016-12-11 11:09 - 00001083 _____ C:\Users\Anna\Desktop\adwcleaner_6.040 - Verknüpfung.lnk
2016-12-11 11:08 - 2016-12-11 11:08 - 00001264 _____ C:\Users\Anna\Desktop\procexp64 - Verknüpfung.lnk
2016-12-11 11:08 - 2016-12-11 11:08 - 00001181 _____ C:\Users\Anna\Desktop\Autoruns64 - Verknüpfung.lnk
2016-12-11 11:08 - 2016-12-11 11:08 - 00001124 _____ C:\Users\Anna\Desktop\ESETOnlineScanner_DEU - Verknüpfung.lnk
2016-12-11 10:50 - 2016-12-11 10:55 - 00000000 ____D C:\Users\Anna\Downloads\ProcessExplorer
2016-12-11 10:45 - 2016-12-11 10:45 - 00000000 ____D C:\Users\Anna\AppData\Local\ESET
2016-12-11 10:37 - 2016-12-11 10:45 - 06776448 _____ (ESET spol. s r.o.) C:\Users\Anna\Downloads\ESETOnlineScanner_DEU.exe
2016-12-10 11:43 - 2016-12-10 11:43 - 00176064 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2016-12-10 11:42 - 2016-12-11 15:55 - 00102856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2016-12-10 11:42 - 2016-12-11 15:55 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2016-12-10 11:42 - 2016-12-11 15:54 - 00250816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-12-10 11:42 - 2016-12-11 15:54 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-12-10 11:42 - 2016-12-10 11:42 - 00001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2016-12-10 11:42 - 2016-12-10 11:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2016-12-10 11:42 - 2016-12-10 11:42 - 00000000 ____D C:\Program Files\Malwarebytes
2016-12-10 11:42 - 2016-11-29 06:27 - 00077408 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2016-12-10 10:30 - 2016-12-10 10:31 - 01304400 _____ C:\Users\Anna\Downloads\Autoruns.zip
2016-12-10 10:20 - 2016-12-10 10:20 - 00000841 _____ C:\Users\Anna\Desktop\Yoga - Verknüpfung.lnk
2016-12-10 10:07 - 2016-12-10 10:07 - 00303010 _____ C:\Users\Anna\Desktop\cc_20161210_100726.reg
2016-12-10 10:01 - 2016-11-11 11:14 - 00603488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2016-12-10 10:01 - 2016-11-11 10:56 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2016-12-10 10:01 - 2016-11-11 10:24 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-12-10 10:01 - 2016-11-11 10:22 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-12-10 10:01 - 2016-11-11 10:21 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-12-10 10:01 - 2016-11-11 10:20 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2016-12-10 10:01 - 2016-11-11 10:20 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2016-12-10 10:01 - 2016-11-11 10:18 - 00967168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-12-10 10:01 - 2016-11-11 10:14 - 00615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2016-12-10 10:01 - 2016-11-11 10:11 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-12-10 10:01 - 2016-11-11 10:07 - 00347648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2016-12-10 10:01 - 2016-11-11 08:04 - 02682880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netshell.dll
2016-12-10 10:00 - 2016-11-11 11:22 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-12-10 10:00 - 2016-11-11 11:13 - 01886344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-12-10 10:00 - 2016-11-11 11:13 - 00352096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2016-12-10 10:00 - 2016-11-11 11:12 - 00128352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2016-12-10 10:00 - 2016-11-11 11:03 - 01069720 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2016-12-10 10:00 - 2016-11-11 11:03 - 00266544 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2016-12-10 10:00 - 2016-11-11 11:01 - 01859264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-12-10 10:00 - 2016-11-11 11:01 - 01293152 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-12-10 10:00 - 2016-11-11 10:57 - 22224480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-12-10 10:00 - 2016-11-11 10:56 - 00424616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
2016-12-10 10:00 - 2016-11-11 10:56 - 00418952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-12-10 10:00 - 2016-11-11 10:56 - 00163752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTWorkQ.dll
2016-12-10 10:00 - 2016-11-11 10:29 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2016-12-10 10:00 - 2016-11-11 10:25 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2016-12-10 10:00 - 2016-11-11 10:25 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
2016-12-10 10:00 - 2016-11-11 10:21 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2016-12-10 10:00 - 2016-11-11 10:21 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2016-12-10 10:00 - 2016-11-11 10:20 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2016-12-10 10:00 - 2016-11-11 10:19 - 00366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2016-12-10 10:00 - 2016-11-11 10:19 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-12-10 10:00 - 2016-11-11 10:18 - 17188352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-12-10 10:00 - 2016-11-11 10:17 - 01004032 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-12-10 10:00 - 2016-11-11 10:11 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-12-10 10:00 - 2016-11-11 10:08 - 00539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2016-12-10 10:00 - 2016-11-11 10:06 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-12-10 10:00 - 2016-11-11 10:04 - 02800128 _____ (Microsoft Corporation) C:\WINDOWS\system32\netshell.dll
2016-12-10 10:00 - 2016-11-11 10:04 - 01232384 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-12-10 10:00 - 2016-11-11 10:04 - 00455168 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-12-10 10:00 - 2016-11-11 10:04 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2016-12-10 10:00 - 2016-11-11 10:03 - 00842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2016-12-10 10:00 - 2016-11-11 08:49 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2016-12-10 10:00 - 2016-11-11 08:48 - 02277248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2016-12-10 10:00 - 2016-11-11 08:47 - 00527880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-12-10 10:00 - 2016-11-11 08:42 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-12-10 10:00 - 2016-11-11 08:42 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-12-10 10:00 - 2016-11-11 08:42 - 01123912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2016-12-10 10:00 - 2016-11-11 08:42 - 00952416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-12-10 10:00 - 2016-11-11 08:42 - 00091936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfaudiocnv.dll
2016-12-10 10:00 - 2016-11-11 08:41 - 00157536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudStorageWizard.exe
2016-12-10 10:00 - 2016-11-11 08:25 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-12-10 10:00 - 2016-11-11 08:25 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-12-10 10:00 - 2016-11-11 08:24 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-12-10 10:00 - 2016-11-11 08:23 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2016-12-10 10:00 - 2016-11-11 08:21 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-12-10 10:00 - 2016-11-11 08:19 - 01755136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll
2016-12-10 10:00 - 2016-11-11 08:19 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-12-10 10:00 - 2016-11-11 08:19 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2016-12-10 10:00 - 2016-11-11 08:19 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2016-12-10 10:00 - 2016-11-11 08:18 - 02333184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2016-12-10 10:00 - 2016-11-11 08:17 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe
2016-12-10 10:00 - 2016-11-11 08:15 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-12-10 10:00 - 2016-11-11 08:15 - 01357824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2016-12-10 10:00 - 2016-11-11 08:15 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-12-10 10:00 - 2016-11-11 08:15 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2016-12-10 10:00 - 2016-11-11 08:11 - 03306496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-12-10 10:00 - 2016-11-11 08:10 - 06109184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-12-10 10:00 - 2016-11-11 08:09 - 05380608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-12-10 10:00 - 2016-11-11 08:09 - 00545280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2016-12-10 10:00 - 2016-11-11 08:06 - 02362880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2016-12-10 10:00 - 2016-11-11 08:06 - 02109952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2016-12-10 10:00 - 2016-11-11 08:05 - 04423680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-12-10 10:00 - 2016-11-11 08:05 - 03370496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2016-12-10 10:00 - 2016-11-11 08:04 - 01992704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-12-10 10:00 - 2016-11-11 08:04 - 00912896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2016-12-10 10:00 - 2016-11-11 08:04 - 00715264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-12-10 10:00 - 2016-11-11 08:03 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-12-10 09:59 - 2016-12-10 09:59 - 00002852 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2016-12-10 09:59 - 2016-12-10 09:59 - 00000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-12-10 09:59 - 2016-12-10 09:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-12-10 09:59 - 2016-12-10 09:59 - 00000000 ____D C:\Program Files\CCleaner
2016-12-10 09:59 - 2016-11-11 11:15 - 00198856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2016-12-10 09:59 - 2016-11-11 11:15 - 00101216 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceReactivation.dll
2016-12-10 09:59 - 2016-11-11 11:14 - 02482280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2016-12-10 09:59 - 2016-11-11 11:14 - 02186896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll
2016-12-10 09:59 - 2016-11-11 11:13 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-12-10 09:59 - 2016-11-11 11:10 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-12-10 09:59 - 2016-11-11 11:09 - 00764392 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2016-12-10 09:59 - 2016-11-11 11:02 - 02828376 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2016-12-10 09:59 - 2016-11-11 11:02 - 00360040 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-12-10 09:59 - 2016-11-11 11:01 - 00637400 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-12-10 09:59 - 2016-11-11 11:00 - 00219488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2016-12-10 09:59 - 2016-11-11 10:57 - 08170048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-12-10 09:59 - 2016-11-11 10:57 - 01473048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-12-10 09:59 - 2016-11-11 10:56 - 01062480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-12-10 09:59 - 2016-11-11 10:56 - 00241496 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2016-12-10 09:59 - 2016-11-11 10:55 - 01600624 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-12-10 09:59 - 2016-11-11 10:55 - 00882680 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2016-12-10 09:59 - 2016-11-11 10:55 - 00743224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-12-10 09:59 - 2016-11-11 10:54 - 01418312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-12-10 09:59 - 2016-11-11 10:51 - 00454592 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2016-12-10 09:59 - 2016-11-11 10:31 - 00366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-12-10 09:59 - 2016-11-11 10:27 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-12-10 09:59 - 2016-11-11 10:27 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpremove.exe
2016-12-10 09:59 - 2016-11-11 10:26 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2016-12-10 09:59 - 2016-11-11 10:26 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2016-12-10 09:59 - 2016-11-11 10:26 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReportingCSP.dll
2016-12-10 09:59 - 2016-11-11 10:26 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\modem.sys
2016-12-10 09:59 - 2016-11-11 10:25 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2016-12-10 09:59 - 2016-11-11 10:24 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2016-12-10 09:59 - 2016-11-11 10:24 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-12-10 09:59 - 2016-11-11 10:24 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2016-12-10 09:59 - 2016-11-11 10:24 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2016-12-10 09:59 - 2016-11-11 10:24 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2016-12-10 09:59 - 2016-11-11 10:23 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2016-12-10 09:59 - 2016-11-11 10:23 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2016-12-10 09:59 - 2016-11-11 10:23 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\EAMProgressHandler.dll
2016-12-10 09:59 - 2016-11-11 10:22 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\EDPCleanup.exe
2016-12-10 09:59 - 2016-11-11 10:20 - 00641024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2016-12-10 09:59 - 2016-11-11 10:20 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
2016-12-10 09:59 - 2016-11-11 10:20 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2016-12-10 09:59 - 2016-11-11 10:20 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2016-12-10 09:59 - 2016-11-11 10:19 - 00620544 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-12-10 09:59 - 2016-11-11 10:19 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2016-12-10 09:59 - 2016-11-11 10:19 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2016-12-10 09:59 - 2016-11-11 10:19 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2016-12-10 09:59 - 2016-11-11 10:18 - 02084352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceFlows.DataModel.dll
2016-12-10 09:59 - 2016-11-11 10:18 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2016-12-10 09:59 - 2016-11-11 10:18 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\netplwiz.dll
2016-12-10 09:59 - 2016-11-11 10:17 - 01220096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2016-12-10 09:59 - 2016-11-11 10:17 - 01002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-12-10 09:59 - 2016-11-11 10:17 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2016-12-10 09:59 - 2016-11-11 10:17 - 00410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-12-10 09:59 - 2016-11-11 10:16 - 01477632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll
2016-12-10 09:59 - 2016-11-11 10:16 - 00560128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2016-12-10 09:59 - 2016-11-11 10:16 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-12-10 09:59 - 2016-11-11 10:16 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2016-12-10 09:59 - 2016-11-11 10:15 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscinterop.dll
2016-12-10 09:59 - 2016-11-11 10:14 - 02104320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-12-10 09:59 - 2016-11-11 10:13 - 00396800 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-12-10 09:59 - 2016-11-11 10:13 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcuiu.dll
2016-12-10 09:59 - 2016-11-11 10:09 - 05111296 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2016-12-10 09:59 - 2016-11-11 10:09 - 01366016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2016-12-10 09:59 - 2016-11-11 10:08 - 00981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2016-12-10 09:59 - 2016-11-11 10:07 - 02510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-12-10 09:59 - 2016-11-11 10:07 - 02009600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-12-10 09:59 - 2016-11-11 10:07 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2016-12-10 09:59 - 2016-11-11 10:07 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2016-12-10 09:59 - 2016-11-11 10:06 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-12-10 09:59 - 2016-11-11 10:06 - 00960000 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-12-10 09:59 - 2016-11-11 10:05 - 04136448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2016-12-10 09:59 - 2016-11-11 10:05 - 02852864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-12-10 09:59 - 2016-11-11 10:05 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-12-10 09:59 - 2016-11-11 10:04 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2016-12-10 09:59 - 2016-11-11 10:04 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-12-10 09:59 - 2016-11-11 10:03 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-12-10 09:59 - 2016-11-11 10:03 - 00717824 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-12-10 09:59 - 2016-11-11 10:03 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2016-12-10 09:59 - 2016-11-11 10:03 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-12-10 09:59 - 2016-11-11 10:03 - 00283648 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkssvc.dll
2016-12-10 09:59 - 2016-11-11 10:03 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-12-10 09:59 - 2016-11-11 10:02 - 03542016 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-12-10 09:59 - 2016-11-11 10:02 - 01726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-12-10 09:59 - 2016-11-11 10:01 - 01107456 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2016-12-10 09:59 - 2016-11-11 09:39 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-12-10 09:59 - 2016-11-11 09:00 - 01706488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-12-10 09:59 - 2016-11-11 08:59 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-12-10 09:59 - 2016-11-11 08:56 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-12-10 09:59 - 2016-11-11 08:49 - 00869848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2016-12-10 09:59 - 2016-11-11 08:49 - 00248480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2016-12-10 09:59 - 2016-11-11 08:47 - 01503032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-12-10 09:59 - 2016-11-11 08:42 - 06668032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-12-10 09:59 - 2016-11-11 08:42 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2016-12-10 09:59 - 2016-11-11 08:42 - 00152416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTWorkQ.dll
2016-12-10 09:59 - 2016-11-11 08:41 - 04311736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-12-10 09:59 - 2016-11-11 08:38 - 01263856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-12-10 09:59 - 2016-11-11 08:28 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2016-12-10 09:59 - 2016-11-11 08:27 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-12-10 09:59 - 2016-11-11 08:26 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2016-12-10 09:59 - 2016-11-11 08:24 - 00519168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
2016-12-10 09:59 - 2016-11-11 08:24 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BcastDVRHelper.dll
2016-12-10 09:59 - 2016-11-11 08:24 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll
2016-12-10 09:59 - 2016-11-11 08:23 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2016-12-10 09:59 - 2016-11-11 08:22 - 00505856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2016-12-10 09:59 - 2016-11-11 08:22 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sendmail.dll
2016-12-10 09:59 - 2016-11-11 08:21 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2016-12-10 09:59 - 2016-11-11 08:19 - 13868544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-12-10 09:59 - 2016-11-11 08:19 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2016-12-10 09:59 - 2016-11-11 08:19 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2016-12-10 09:59 - 2016-11-11 08:18 - 01336320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll
2016-12-10 09:59 - 2016-11-11 08:18 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2016-12-10 09:59 - 2016-11-11 08:18 - 00318464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2016-12-10 09:59 - 2016-11-11 08:17 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2016-12-10 09:59 - 2016-11-11 08:15 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-12-10 09:59 - 2016-11-11 08:14 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2016-12-10 09:59 - 2016-11-11 08:13 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-12-10 09:59 - 2016-11-11 08:10 - 00746496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcprx.dll
2016-12-10 09:59 - 2016-11-11 08:08 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xolehlp.dll
2016-12-10 09:59 - 2016-11-11 08:06 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2016-12-10 09:59 - 2016-11-11 08:06 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2016-12-10 09:59 - 2016-11-11 08:06 - 00400384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2016-12-10 09:59 - 2016-11-11 08:06 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxclu.dll
2016-12-10 09:59 - 2016-11-11 08:04 - 01880576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-12-10 09:59 - 2016-11-11 08:04 - 01595392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-12-10 09:59 - 2016-11-11 08:04 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2016-12-10 09:59 - 2016-11-11 08:03 - 02484736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gameux.dll
2016-12-10 09:59 - 2016-11-11 08:03 - 02256384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-12-10 09:59 - 2016-11-11 08:03 - 01576448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-12-10 09:59 - 2016-11-11 08:03 - 01556480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2016-12-10 09:59 - 2016-11-11 08:03 - 00565248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2016-12-10 09:59 - 2016-11-11 08:02 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2016-12-10 09:59 - 2016-11-11 08:01 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2016-12-10 09:58 - 2016-11-11 11:13 - 02213760 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-12-10 09:58 - 2016-11-11 11:08 - 00142176 _____ (Microsoft Corporation) C:\WINDOWS\system32\migisol.dll
2016-12-10 09:58 - 2016-11-11 11:03 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2016-12-10 09:58 - 2016-11-11 11:01 - 07219672 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-12-10 09:58 - 2016-11-11 11:01 - 02189152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-12-10 09:58 - 2016-11-11 11:01 - 01738048 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-12-10 09:58 - 2016-11-11 11:01 - 00658264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-12-10 09:58 - 2016-11-11 11:01 - 00401760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-12-10 09:58 - 2016-11-11 11:00 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-12-10 09:58 - 2016-11-11 11:00 - 00223584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2016-12-10 09:58 - 2016-11-11 10:59 - 02913136 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-12-10 09:58 - 2016-11-11 10:59 - 01267512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-12-10 09:58 - 2016-11-11 10:59 - 00433504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-12-10 09:58 - 2016-11-11 10:57 - 04130432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-12-10 09:58 - 2016-11-11 10:57 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-12-10 09:58 - 2016-11-11 10:56 - 04673304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-12-10 09:58 - 2016-11-11 10:56 - 01274712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-12-10 09:58 - 2016-11-11 10:56 - 00187520 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudStorageWizard.exe
2016-12-10 09:58 - 2016-11-11 10:56 - 00126568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfaudiocnv.dll
2016-12-10 09:58 - 2016-11-11 10:51 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2016-12-10 09:58 - 2016-11-11 10:31 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-12-10 09:58 - 2016-11-11 10:28 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-12-10 09:58 - 2016-11-11 10:26 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgentc.exe
2016-12-10 09:58 - 2016-11-11 10:25 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\BcastDVRHelper.dll
2016-12-10 09:58 - 2016-11-11 10:25 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-12-10 09:58 - 2016-11-11 10:25 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-12-10 09:58 - 2016-11-11 10:25 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-12-10 09:58 - 2016-11-11 10:24 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-12-10 09:58 - 2016-11-11 10:24 - 00170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-12-10 09:58 - 2016-11-11 10:24 - 00136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\sendmail.dll
2016-12-10 09:58 - 2016-11-11 10:23 - 00567296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2016-12-10 09:58 - 2016-11-11 10:23 - 00380928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2016-12-10 09:58 - 2016-11-11 10:22 - 00489472 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-12-10 09:58 - 2016-11-11 10:22 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-12-10 09:58 - 2016-11-11 10:21 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-12-10 09:58 - 2016-11-11 10:21 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2016-12-10 09:58 - 2016-11-11 10:21 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-12-10 09:58 - 2016-11-11 10:20 - 00657920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2016-12-10 09:58 - 2016-11-11 10:20 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2016-12-10 09:58 - 2016-11-11 10:20 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-12-10 09:58 - 2016-11-11 10:20 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-12-10 09:58 - 2016-11-11 10:20 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-12-10 09:58 - 2016-11-11 10:20 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupugc.exe
2016-12-10 09:58 - 2016-11-11 10:20 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-12-10 09:58 - 2016-11-11 10:19 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-12-10 09:58 - 2016-11-11 10:19 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-12-10 09:58 - 2016-11-11 10:19 - 00388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2016-12-10 09:58 - 2016-11-11 10:19 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2016-12-10 09:58 - 2016-11-11 10:19 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-12-10 09:58 - 2016-11-11 10:18 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-12-10 09:58 - 2016-11-11 10:18 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2016-12-10 09:58 - 2016-11-11 10:17 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvSysprep.dll
2016-12-10 09:58 - 2016-11-11 10:16 - 02716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2016-12-10 09:58 - 2016-11-11 10:16 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
2016-12-10 09:58 - 2016-11-11 10:15 - 00282624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-12-10 09:58 - 2016-11-11 10:15 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManHTTPConfig.exe
2016-12-10 09:58 - 2016-11-11 10:14 - 07654400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-12-10 09:58 - 2016-11-11 10:14 - 03777536 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-12-10 09:58 - 2016-11-11 10:14 - 01589760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2016-12-10 09:58 - 2016-11-11 10:14 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2016-12-10 09:58 - 2016-11-11 10:14 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppnp.dll
2016-12-10 09:58 - 2016-11-11 10:13 - 07812096 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-12-10 09:58 - 2016-11-11 10:12 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcprx.dll
2016-12-10 09:58 - 2016-11-11 10:11 - 23678464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-12-10 09:58 - 2016-11-11 10:11 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2016-12-10 09:58 - 2016-11-11 10:11 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpoext.dll
2016-12-10 09:58 - 2016-11-11 10:10 - 13084160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-12-10 09:58 - 2016-11-11 10:10 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-12-10 09:58 - 2016-11-11 10:09 - 00164352 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialserver.dll
2016-12-10 09:58 - 2016-11-11 10:08 - 08127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-12-10 09:58 - 2016-11-11 10:07 - 03441152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2016-12-10 09:58 - 2016-11-11 10:07 - 02953216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2016-12-10 09:58 - 2016-11-11 10:07 - 01691136 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2016-12-10 09:58 - 2016-11-11 10:07 - 01060864 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-12-10 09:58 - 2016-11-11 10:07 - 00779776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscui.dll
2016-12-10 09:58 - 2016-11-11 10:06 - 03400192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncCenter.dll
2016-12-10 09:58 - 2016-11-11 10:05 - 01779712 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-12-10 09:58 - 2016-11-11 10:05 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-12-10 09:58 - 2016-11-11 10:05 - 01031680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-12-10 09:58 - 2016-11-11 10:04 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2016-12-10 09:58 - 2016-11-11 10:04 - 04746752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-12-10 09:58 - 2016-11-11 10:04 - 02688512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-12-10 09:58 - 2016-11-11 10:04 - 02611200 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll
2016-12-10 09:58 - 2016-11-11 10:04 - 02317312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-12-10 09:58 - 2016-11-11 10:04 - 01709056 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2016-12-10 09:58 - 2016-11-11 10:04 - 00691712 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2016-12-10 09:58 - 2016-11-11 10:04 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2016-12-10 09:58 - 2016-11-11 10:03 - 04708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-12-10 09:58 - 2016-11-11 10:03 - 02669056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-12-10 09:58 - 2016-11-11 10:03 - 02287616 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-12-10 09:58 - 2016-11-11 10:03 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-12-10 09:58 - 2016-11-11 10:03 - 00905216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-12-10 09:58 - 2016-11-11 10:03 - 00632320 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2016-12-10 09:58 - 2016-11-11 10:02 - 00936448 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-12-10 09:58 - 2016-11-11 10:02 - 00730112 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-12-10 09:58 - 2016-11-11 09:01 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2016-12-10 09:58 - 2016-11-11 09:01 - 01969912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hevcdecoder.dll
2016-12-10 09:58 - 2016-11-11 09:01 - 00167848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2016-12-10 09:58 - 2016-11-11 08:54 - 00122208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\migisol.dll
2016-12-10 09:58 - 2016-11-11 08:47 - 05722832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-12-10 09:58 - 2016-11-11 08:47 - 01430720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-12-10 09:58 - 2016-11-11 08:47 - 00861024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-12-10 09:58 - 2016-11-11 08:45 - 02166752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-12-10 09:58 - 2016-11-11 08:45 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-12-10 09:58 - 2016-11-11 08:42 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-12-10 09:58 - 2016-11-11 08:42 - 00959112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-12-10 09:58 - 2016-11-11 08:42 - 00374448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll
2016-12-10 09:58 - 2016-11-11 08:21 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-12-10 09:58 - 2016-11-11 08:20 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-12-10 09:58 - 2016-11-11 08:20 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-12-10 09:58 - 2016-11-11 08:20 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2016-12-10 09:58 - 2016-11-11 08:20 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2016-12-10 09:58 - 2016-11-11 08:19 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-12-10 09:58 - 2016-11-11 08:19 - 00114176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupugc.exe
2016-12-10 09:58 - 2016-11-11 08:17 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2016-12-10 09:58 - 2016-11-11 08:16 - 19415552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-12-10 09:58 - 2016-11-11 08:16 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-12-10 09:58 - 2016-11-11 08:16 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2016-12-10 09:58 - 2016-11-11 08:15 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2016-12-10 09:58 - 2016-11-11 08:14 - 19415552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-12-10 09:58 - 2016-11-11 08:13 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-12-10 09:58 - 2016-11-11 08:12 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcuiu.dll
2016-12-10 09:58 - 2016-11-11 08:10 - 12177920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-12-10 09:58 - 2016-11-11 08:09 - 03196416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2016-12-10 09:58 - 2016-11-11 08:06 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-12-10 09:58 - 2016-11-11 08:06 - 00807424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2016-12-10 09:58 - 2016-11-11 08:05 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-12-10 09:58 - 2016-11-11 08:04 - 00873472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2016-12-10 09:58 - 2016-11-11 08:03 - 00772608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2016-12-10 09:58 - 2016-11-11 08:03 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2016-12-10 09:58 - 2016-11-11 07:40 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2016-12-10 09:57 - 2016-11-11 10:28 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\CbtBackgroundManagerPolicy.dll
2016-12-10 09:57 - 2016-11-11 10:27 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
2016-12-10 09:57 - 2016-11-11 08:27 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetCfgNotifyObjectHost.exe
2016-12-10 09:57 - 2016-11-11 08:26 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgentc.exe
2016-12-10 09:57 - 2016-11-11 08:20 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-12-10 09:57 - 2016-11-11 08:18 - 01196544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2016-12-10 09:57 - 2016-11-11 08:18 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscinterop.dll
2016-12-10 09:49 - 2016-12-10 09:50 - 00000792 _____ C:\Users\Anna\Desktop\Nähen - Verknüpfung.lnk
2016-12-10 09:48 - 2016-12-10 09:48 - 00000855 _____ C:\Users\Anna\Desktop\Tattoo-Vorlagen.lnk
2016-12-10 09:47 - 2016-12-10 09:47 - 00001136 _____ C:\Users\Anna\Desktop\Tagebuch.lnk
2016-12-10 09:47 - 2016-12-10 09:47 - 00000814 _____ C:\Users\Anna\Desktop\Geschenkeaufstellung.lnk
2016-12-10 08:24 - 2016-12-10 09:31 - 00000000 ____D C:\Users\Anna\AppData\Roaming\Ahnenblatt
2016-12-10 08:24 - 2016-12-10 09:29 - 00000000 ____D C:\Users\Anna\Documents\Ahnenblatt
2016-12-10 08:24 - 2016-12-10 08:24 - 00001200 _____ C:\Users\Anna\Desktop\Ahnenblatt.lnk
2016-12-10 08:24 - 2016-12-10 08:24 - 00000000 ____D C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ahnenblatt
2016-12-10 08:24 - 2016-12-10 08:24 - 00000000 ____D C:\Program Files (x86)\Ahnenblatt
2016-11-23 18:03 - 2016-11-23 18:03 - 00020495 _____ C:\Users\Anna\Desktop\Rauchmelderpflicht_Mecklenburg-Vorpommern.pdf
2016-11-12 01:09 - 2016-11-12 01:09 - 05610688 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-12-11 15:58 - 2016-10-08 03:04 - 02105440 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-12-11 15:58 - 2016-07-16 23:51 - 00799858 _____ C:\WINDOWS\system32\perfh007.dat
2016-12-11 15:58 - 2016-07-16 23:51 - 00184276 _____ C:\WINDOWS\system32\perfc007.dat
2016-12-11 15:56 - 2016-08-06 02:33 - 00000000 ____D C:\ProgramData\ASUS Smart Gesture
2016-12-11 15:54 - 2015-01-05 17:18 - 00000000 __SHD C:\Users\Anna\IntelGraphicsProfiles
2016-12-11 15:53 - 2016-10-08 03:24 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-12-11 15:53 - 2016-10-08 03:05 - 00000000 ____D C:\Users\Anna
2016-12-11 15:52 - 2016-07-16 07:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2016-12-11 12:55 - 2016-10-08 02:57 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-12-11 12:06 - 2015-01-06 10:35 - 00000000 ____D C:\ProgramData\KMSAutoS
2016-12-11 11:49 - 2015-01-05 13:12 - 00000000 ____D C:\Users\Anna\AppData\Local\VirtualStore
2016-12-11 10:46 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF
2016-12-11 10:43 - 2016-07-28 11:56 - 00000000 ____D C:\Users\Anna\AppData\Local\MicrosoftEdge
2016-12-11 10:33 - 2016-04-27 06:55 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-12-11 10:26 - 2016-10-08 02:57 - 00224392 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-12-11 10:25 - 2016-07-16 12:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-12-11 10:25 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2016-12-11 10:25 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-12-11 10:25 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-12-11 10:25 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-12-11 10:25 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-12-11 10:25 - 2016-07-16 07:04 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2016-12-11 10:25 - 2016-07-16 07:04 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-12-11 10:25 - 2016-07-16 07:04 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-12-11 10:25 - 2016-07-16 07:04 - 00000000 ____D C:\WINDOWS\servicing
2016-12-11 10:18 - 2015-06-08 19:30 - 00000000 ____D C:\AdwCleaner
2016-12-11 09:44 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-12-10 15:23 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-12-10 12:07 - 2015-01-05 17:52 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-12-10 12:05 - 2015-06-08 17:46 - 00000000 ____D C:\Users\Anna\AppData\LocalLow\Company
2016-12-10 11:58 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2016-12-10 11:58 - 2016-07-06 10:52 - 00000000 ____D C:\Users\Anna\AppData\Local\Packages
2016-12-10 11:56 - 2015-08-17 22:10 - 00000000 ____D C:\Program Files (x86)\PhotoScape
2016-12-10 11:48 - 2015-03-21 23:07 - 00000000 ____D C:\Users\Anna\AppData\Local\Unity
2016-12-10 11:42 - 2015-06-08 19:09 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-12-10 10:02 - 2015-08-17 22:10 - 00000000 ____D C:\Users\Anna\AppData\Roaming\PhotoScape
2016-12-10 10:01 - 2016-10-08 03:56 - 00000000 ___DC C:\WINDOWS\Panther
2016-12-10 10:01 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\ModemLogs
2016-12-10 10:01 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-12-10 09:05 - 2016-07-16 12:42 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-12-09 19:58 - 2015-03-22 15:42 - 00002264 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-12 12:06 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\rescache
2016-11-12 01:09 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-11-12 01:09 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2016-03-02 09:05 - 2016-04-27 17:15 - 0000053 _____ () C:\Users\Anna\AppData\Roaming\LogFile.txt
2015-05-09 12:26 - 2015-05-09 12:27 - 0000000 _____ () C:\Users\Anna\AppData\Local\{95FEA242-C509-4FBE-B712-84D83EE951E4}
2016-10-08 03:00 - 2016-10-08 03:00 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Einige Dateien in TEMP:
====================
C:\Users\Anna\AppData\Local\Temp\libeay32.dll
C:\Users\Anna\AppData\Local\Temp\msvcr120.dll
C:\Users\Anna\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap ======================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2016-12-02 07:39
==================== Ende von FRST.txt ============================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 07-12-2016
durchgeführt von Anna (11-12-2016 16:05:17)
Gestartet von C:\Users\Anna\Downloads
Windows 10 Pro Version 1607 (X64) (2016-10-08 02:29:22)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-3609346958-2387263161-451292197-500 - Administrator - Disabled)
Anna (S-1-5-21-3609346958-2387263161-451292197-1000 - Administrator - Enabled) => C:\Users\Anna
DefaultAccount (S-1-5-21-3609346958-2387263161-451292197-503 - Limited - Disabled)
Gast (S-1-5-21-3609346958-2387263161-451292197-501 - Limited - Disabled)
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
7-Zip 15.14 (HKLM-x32\...\7-Zip) (Version: 15.14 - Igor Pavlov)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 20.0.0.260 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Ahnenblatt 2.96c (HKLM-x32\...\Ahnenblatt_is1) (Version: 2.96.4.2 - Dirk Böttcher)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.12 - ASUS)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.3.2280 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.23 - Piriform)
FreeMind (HKLM-x32\...\B991B020-2968-11D8-AF23-444553540000_is1) (Version: 1.0.1 - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3958 - Intel Corporation)
Malwarebytes Version 3.0.4.1269 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.4.1269 - Malwarebytes)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 39.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 39.0.3 (x86 de)) (Version: 39.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.5 - Mozilla)
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
PDF24 Creator 7.9.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.61.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7571 - Realtek Semiconductor Corp.)
SafeZone Stable 1.51.2220.53 (x32 Version: 1.51.2220.53 - Avast Software) Hidden
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.9.18 - Tweaking.com)
Windows-Treiberpaket - ASUS (ATP) Mouse (11/11/2015 1.0.0.262) (HKLM\...\A044C5901003C24E6891688653ABA1068D04A1A0) (Version: 11/11/2015 1.0.0.262 - ASUS)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-3609346958-2387263161-451292197-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {0106DD71-46A1-41FD-B5BF-297D29F1DF7A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {0EE754E1-277C-4693-A5A6-5FAA7107F5D8} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {10DF1489-7577-43CA-8AC7-A128E9D4D2F8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-11-12] (Adobe Systems Incorporated)
Task: {1217C115-D450-4245-8D26-4C3EAAD07DAF} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {13A053F3-B1DA-41CC-B6F0-CF0A2AA8C49A} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {146AE207-EB77-4B19-A956-D5B325ECBDE5} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-11-10] (Realtek Semiconductor)
Task: {1528EEB2-84BA-4639-A34B-91C709EEACF0} - System32\Tasks\KMSAutoNet => C:\ProgramData\KMSAutoS\KMSAuto Net.exe
Task: {1D544123-6194-4B59-8995-0FB892E6D2F8} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {1F78EBF3-133D-480B-8297-75F4A1A848DE} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {25027A7D-CBF9-4F9A-BA7A-FA96B76410A7} - System32\Tasks\RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-11-10] (Realtek Semiconductor)
Task: {27F3B8FB-FB9A-4720-8C67-3C90FF12465F} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2843D54C-8B7A-4C3E-9C33-A876FE16D75A} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> Keine Datei <==== ACHTUNG
Task: {2B000040-B374-407C-84F0-E0EAA5C2BC23} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {2E36BE16-55B6-4BAA-9924-46AF5297A201} - System32\Tasks\SafeZone scheduled Autoupdate 1468436149 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-08-09] (Avast Software)
Task: {34BAAA21-6C52-4FB6-82F0-15209168358C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {38A8C7DC-9468-40D0-97FE-5B3E009ED471} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2015-11-10] (Realtek Semiconductor)
Task: {3AB77984-B979-4EAF-9159-22EA8F803EE8} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3CFF99B5-2CEE-4F0A-A83A-9BFBEEEF5BE9} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {5050FBE6-8D3A-4FAC-8772-D1242E7470FD} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {5C091646-2875-4A4D-AC43-5104CF90B83D} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {5D0BE2A5-4C42-4D71-97DB-80EAE6E80EE5} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {5D7AE562-CB79-4456-93B3-C0B3E222046B} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {5EF78B89-8FC9-4913-8F12-0DC3F43ADB35} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {6B596D08-2387-49D4-8E8E-F7D768A20EC2} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {7025EB92-FDA3-45E7-8938-DB3B92A54D85} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> Keine Datei <==== ACHTUNG
Task: {709A9B96-636B-4162-9104-3EC008B27555} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {7119D281-F986-4CC0-A28E-7EBD52A54119} - System32\Tasks\{C4C4419C-A748-4716-9B08-BC81D4C5A593} => pcalua.exe -a C:\Users\Anna\AppData\Local\Temp\Temp1_bf1942_sp_demo.zip\Setup.exe <==== ACHTUNG
Task: {7C588ADD-3C3B-4D72-B605-E42468F2AA32} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {7CC8E91A-25F1-4C44-93C1-86AD99EC90DD} - System32\Tasks\{925B9C36-5AB6-4332-B0C2-F89E74C3DFE1} => pcalua.exe -a C:\Users\Anna\AppData\Local\Temp\Temp2_bf1942_sp_demo.zip\Setup.exe <==== ACHTUNG
Task: {801C46EC-6D1B-4E79-8DAC-7D7BDE0DAFDB} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {815A67FE-EDE8-4A0C-B8BE-BE994C634304} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {8F2C2C74-D90E-4A22-8E27-6BA5C716D9FE} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {95777498-A8E2-4E33-8564-A715D2011488} - \Microsoft\Windows\Setup\gwx\rundetector -> Keine Datei <==== ACHTUNG
Task: {A781519A-C6D2-455B-8669-F5B1D839B9E6} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {A83C4200-C2AA-4BB5-9EDA-44BFD1448A60} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {AC970555-22CD-4A59-A765-C677F7A55D7F} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {AFAB9F1B-96E4-4D6C-BF0D-C6FDBD5CF32C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {B0DA4A8F-7D1B-434B-99B3-E781597D5F8F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {B9E4FFE5-CD8C-482C-A5A3-3C98697A9D81} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2015-12-14] (AsusTek)
Task: {C8DF5179-E104-49C3-9A1E-43C8BE9A3AF9} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2015-03-12] (Tweaking.com)
Task: {CCABFD20-906F-434C-BDC0-49DCF371241C} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-09-12] (AVAST Software)
Task: {D010CB5C-3496-44AF-A66C-B1623137FB5B} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> Keine Datei <==== ACHTUNG
Task: {D319123C-BF48-4F40-9085-3B590CB89B25} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D50FAE2B-5B68-4866-974D-ACBB5E4853F6} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {DC9C0E49-60C5-426D-BCE4-527408088E3F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-09-28] (Piriform Ltd)
Task: {E07E192B-E009-473A-B094-0FB0C250FE59} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {E3DDFCF8-D9CF-4FDA-9241-08AE2A213FE0} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {E4540F04-E131-484D-BFC4-49C81DC0B886} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E72A8825-F6E4-4349-83B8-0F5095952C7F} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {EA457486-4A3F-416C-9203-AC6DB7CCB11A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
Task: {F2B84B8E-2597-44CC-BDD6-B64661F9220D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {F4B81186-0D85-427B-9AB2-79445E8088FA} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> Keine Datei <==== ACHTUNG
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-10 09:59 - 2016-11-11 11:10 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-12-10 11:42 - 2016-11-29 06:27 - 02259232 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2016-12-10 11:42 - 2016-11-29 06:27 - 02247632 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2016-12-10 11:42 - 2016-11-29 06:27 - 02813904 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll
2016-10-08 03:37 - 2016-10-08 03:37 - 01864384 _____ () C:\Users\Anna\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\ClientTelemetry.dll
2016-12-10 09:59 - 2016-11-11 11:10 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-10-08 23:04 - 2016-09-07 05:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-12-10 09:58 - 2016-11-11 10:23 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-11-09 20:39 - 2016-11-02 11:21 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-11-09 20:40 - 2016-11-02 11:15 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-11-09 20:40 - 2016-11-02 11:14 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-11-09 20:40 - 2016-11-02 11:15 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-11-09 20:40 - 2016-11-02 11:16 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-11-09 20:40 - 2016-11-02 11:17 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-09-12 15:48 - 2016-09-12 15:48 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-12-11 14:30 - 2016-12-11 14:30 - 03067904 _____ () C:\Program Files\AVAST Software\Avast\defs\16121100\algo.dll
2016-09-12 15:48 - 2016-09-12 15:48 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-07-11 19:54 - 2016-07-11 19:55 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-12-09 19:58 - 2016-12-08 08:29 - 01829208 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libglesv2.dll
2016-12-09 19:58 - 2016-12-08 08:29 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libegl.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
IE trusted site: HKU\S-1-5-21-3609346958-2387263161-451292197-1000\...\localhost -> localhost
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2009-07-14 03:34 - 2015-08-24 07:46 - 00000826 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-3609346958-2387263161-451292197-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Dell\Win7 LtBlue 1920x1200.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
HKLM\...\StartupApproved\Run32: => "PDFPrint"
HKU\S-1-5-21-3609346958-2387263161-451292197-1000\...\StartupApproved\StartupFolder: => "FacebookGamesNotifier.exe.lnk"
HKU\S-1-5-21-3609346958-2387263161-451292197-1000\...\StartupApproved\Run: => "OneDrive"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [MSMQ-In-TCP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => LPort=808
FirewallRules: [{0DA561EC-F79A-493B-B941-2D719F5E8089}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DD99ACD0-F391-41F1-9140-55A501767126}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{E3168949-6DFA-439D-A057-76E72CA61FA0}C:\program files (x86)\mozilla firefox\firefox.exe] => C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{AF81B189-041E-4F2B-8639-B186C6D84C0D}C:\program files (x86)\mozilla firefox\firefox.exe] => C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{8FCBF4CA-6934-4A40-9F67-C0060CFAAF83}C:\program files (x86)\mozilla firefox\plugin-container.exe] => C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{F2E1BAD2-41C2-46C4-B786-26801687AA6C}C:\program files (x86)\mozilla firefox\plugin-container.exe] => C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [{69D7C0AC-5CB9-4F50-94E1-A77F8AD5D454}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Wiederherstellungspunkte =========================
26-11-2016 11:27:03 Geplanter Prüfpunkt
05-12-2016 15:33:28 Geplanter Prüfpunkt
11-12-2016 09:34:00 Windows Update
11-12-2016 11:12:24 Vor dem Löschen der Malware
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (12/11/2016 11:12:46 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.
System Error:
Zugriff verweigert
.
Error: (12/11/2016 10:43:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: microsoftedgecp.exe, Version: 11.0.14393.82, Zeitstempel: 0x57a55786
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000604
Fehleroffset: 0x0000000000000000
ID des fehlerhaften Prozesses: 0x1b20
Startzeit der fehlerhaften Anwendung: 0x01d25392f9dc3ea1
Pfad der fehlerhaften Anwendung: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: 468cc99c-4f1e-4cea-af00-096ff3390aa5
Vollständiger Name des fehlerhaften Pakets: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: MicrosoftEdge
Error: (12/11/2016 10:43:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: microsoftedgecp.exe, Version: 11.0.14393.82, Zeitstempel: 0x57a55786
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000604
Fehleroffset: 0x0000000000000000
ID des fehlerhaften Prozesses: 0x1b20
Startzeit der fehlerhaften Anwendung: 0x01d25392f9dc3ea1
Pfad der fehlerhaften Anwendung: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: fc34c0f7-302f-4595-b539-854ff0baa3ad
Vollständiger Name des fehlerhaften Pakets: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: MicrosoftEdge
Error: (12/11/2016 10:43:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: microsoftedgecp.exe, Version: 11.0.14393.82, Zeitstempel: 0x57a55786
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000604
Fehleroffset: 0x0000000000000000
ID des fehlerhaften Prozesses: 0x1b20
Startzeit der fehlerhaften Anwendung: 0x01d25392f9dc3ea1
Pfad der fehlerhaften Anwendung: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: 94131ce0-99ad-4dee-b1ac-d5f420b077e2
Vollständiger Name des fehlerhaften Pakets: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: MicrosoftEdge
Error: (12/11/2016 10:43:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: microsoftedgecp.exe, Version: 11.0.14393.82, Zeitstempel: 0x57a55786
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000604
Fehleroffset: 0x0000000000000000
ID des fehlerhaften Prozesses: 0x1b20
Startzeit der fehlerhaften Anwendung: 0x01d25392f9dc3ea1
Pfad der fehlerhaften Anwendung: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: 392c81d6-347f-466c-ae86-af099a87f981
Vollständiger Name des fehlerhaften Pakets: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: MicrosoftEdge
Error: (12/11/2016 10:43:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: microsoftedgecp.exe, Version: 11.0.14393.82, Zeitstempel: 0x57a55786
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000604
Fehleroffset: 0x0000000000000000
ID des fehlerhaften Prozesses: 0x1b20
Startzeit der fehlerhaften Anwendung: 0x01d25392f9dc3ea1
Pfad der fehlerhaften Anwendung: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: 04160f5c-eaaf-4812-b95a-dddde330d213
Vollständiger Name des fehlerhaften Pakets: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: MicrosoftEdge
Error: (12/11/2016 10:43:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: microsoftedgecp.exe, Version: 11.0.14393.82, Zeitstempel: 0x57a55786
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000604
Fehleroffset: 0x0000000000000000
ID des fehlerhaften Prozesses: 0x1b20
Startzeit der fehlerhaften Anwendung: 0x01d25392f9dc3ea1
Pfad der fehlerhaften Anwendung: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: 8f4dbb1a-fb7a-472b-ab73-c697eb937757
Vollständiger Name des fehlerhaften Pakets: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: MicrosoftEdge
Error: (12/11/2016 10:43:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: microsoftedgecp.exe, Version: 11.0.14393.82, Zeitstempel: 0x57a55786
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000604
Fehleroffset: 0x0000000000000000
ID des fehlerhaften Prozesses: 0x1b20
Startzeit der fehlerhaften Anwendung: 0x01d25392f9dc3ea1
Pfad der fehlerhaften Anwendung: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: b1c60601-c592-41ec-af94-56faebe1a642
Vollständiger Name des fehlerhaften Pakets: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: MicrosoftEdge
Error: (12/11/2016 10:43:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: microsoftedgecp.exe, Version: 11.0.14393.82, Zeitstempel: 0x57a55786
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000604
Fehleroffset: 0x0000000000000000
ID des fehlerhaften Prozesses: 0x1b20
Startzeit der fehlerhaften Anwendung: 0x01d25392f9dc3ea1
Pfad der fehlerhaften Anwendung: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: babf253d-45a2-40c6-b1d5-6a7e585df170
Vollständiger Name des fehlerhaften Pakets: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: MicrosoftEdge
Error: (12/11/2016 10:43:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: microsoftedgecp.exe, Version: 11.0.14393.82, Zeitstempel: 0x57a55786
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000604
Fehleroffset: 0x0000000000000000
ID des fehlerhaften Prozesses: 0x1b20
Startzeit der fehlerhaften Anwendung: 0x01d25392f9dc3ea1
Pfad der fehlerhaften Anwendung: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: 08b7ae82-67de-4273-b325-4aad7f601ba3
Vollständiger Name des fehlerhaften Pakets: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: MicrosoftEdge
Systemfehler:
=============
Error: (12/11/2016 03:54:04 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Lokaler Dienst" (SID: S-1-5-19) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
und der APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (12/11/2016 03:54:04 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Lokaler Dienst" (SID: S-1-5-19) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
und der APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (12/11/2016 03:53:54 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "NetTcpActivator" ist vom Dienst "NetTcpPortSharing" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
Error: (12/11/2016 10:52:40 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Treiber konnte nicht geladen werden.
Error: (12/11/2016 10:52:40 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Anna\AppData\Local\Temp\ehdrv.sys
Error: (12/11/2016 10:52:39 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Treiber konnte nicht geladen werden.
Error: (12/11/2016 10:52:39 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Anna\AppData\Local\Temp\ehdrv.sys
Error: (12/11/2016 10:52:39 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Treiber konnte nicht geladen werden.
Error: (12/11/2016 10:52:39 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Anna\AppData\Local\Temp\ehdrv.sys
Error: (12/11/2016 10:52:39 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Treiber konnte nicht geladen werden.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Pentium(R) CPU 2117U @ 1.80GHz
Prozentuale Nutzung des RAM: 34%
Installierter physikalischer RAM: 6029.75 MB
Verfügbarer physikalischer RAM: 3965.98 MB
Summe virtueller Speicher: 12173.75 MB
Verfügbarer virtueller Speicher: 10049.5 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:272.78 GB) (Free:229.91 GB) NTFS
Drive d: () (Fixed) (Total:425.2 GB) (Free:401.82 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 77031481)
Partition: GPT.
==================== Ende von Addition.txt ============================
Geändert von cosinus (11.12.2016 um 18:39 Uhr) Grund: CODE-Tags |
|
11.12.2016, 19:42
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | pC sehr langsam, Werbung ploppt auf beim Browseröffnen, nicht löschbare Datei im Downloadordner Bitte die Logs von ESET und adwCleaner posten, sonst kann dir niemmand sagen was auf deiner Kiste loswar
__________________  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit. Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
11.12.2016, 20:21
| #3 |
| | pC sehr langsam, Werbung ploppt auf beim Browseröffnen, nicht löschbare Datei im Downloadordner Hallo, das ist ja mal ne fixe Antwort!
__________________ Ich hatte beide Programme gleich gelöscht, AdwCleaner aus dem Downloadordner und ESET hat es von sich aus vorgeschlagen, daher wusste ich nicht, wie ich die logfiles bereitstellen kann. Hab aber gerade auf C: folgendes gefunden von AdwCleaner. Hilft das? Code:
ATTFilter # AdwCleaner v6.040 - Bericht erstellt am 11/12/2016 um 10:17:26
# Aktualisiert am 02/12/2016 von Malwarebytes
# Datenbank : 2016-12-11.2 [Server]
# Betriebssystem : Windows 10 Pro (X64)
# Benutzername : Anna - DELL-PC
# Gestartet von : C:\Users\Anna\Downloads\adwcleaner_6.040.exe
# Modus: Suchlauf
# Unterstützung : https://www.malwarebytes.com/support
***** [ Dienste ] *****
Keine schädlichen Dienste gefunden.
***** [ Ordner ] *****
Ordner Gefunden: C:\Users\Anna\AppData\Roaming\SparkTrust
Ordner Gefunden: C:\ProgramData\SparkTrust
Ordner Gefunden: C:\ProgramData\7b24ec7cc000461ebe26d116b88142c8
Ordner Gefunden: C:\Program Files (x86)\ControlThis Parental Control
***** [ Dateien ] *****
Datei Gefunden: C:\WINDOWS\SysNative\LavasoftTcpService64.dll
Datei Gefunden: C:\WINDOWS\SysNative\LavasoftTcpServiceOff.ini
Datei Gefunden: C:\WINDOWS\SysWoW64\lavasofttcpservice.dll
Datei Gefunden: C:\WINDOWS\SysWoW64\LavasoftTcpServiceOff.ini
***** [ DLL ] *****
Keine infizierten DLLs gefunden.
***** [ WMI ] *****
Keine schädlichen Schlüssel gefunden.
***** [ Verknüpfungen ] *****
Keine infizierten Verknüpfungen gefunden.
***** [ Aufgabenplanung ] *****
Aufgabe Gefunden: {3CE55452-DFD0-458F-92CD-F3A804E4ACAD}
***** [ Registrierungsdatenbank ] *****
Schlüssel Gefunden: HKLM\SOFTWARE\Classes\CLSID\{A2970C7C-8392-4E6F-8B51-B763CF38E13C}
Schlüssel Gefunden: HKLM\SOFTWARE\Classes\Interface\{A8F7D0A5-7074-40B8-9BDC-1174BDD0A132}
Schlüssel Gefunden: HKLM\SOFTWARE\Classes\Interface\{D14D64BC-A0E4-42E3-BB72-FB41EA43C198}
Schlüssel Gefunden: HKLM\SOFTWARE\Classes\Interface\{DD1F043F-ABC8-4643-8B95-D2C5B22BB019}
Schlüssel Gefunden: HKLM\SOFTWARE\Classes\Interface\{E3F3E8F9-F747-4DD6-BA6B-82A6CE1E0860}
Schlüssel Gefunden: HKLM\SOFTWARE\Classes\Interface\{ED0B64D4-BF27-4521-AD27-190F49BF5EA7}
Schlüssel Gefunden: HKLM\SOFTWARE\Classes\Interface\{023E9EC8-B147-40EB-B0B3-DF90618FB371}
Schlüssel Gefunden: HKLM\SOFTWARE\Classes\Interface\{0522D9A4-4D57-437D-978D-E5B3B6C9005D}
Schlüssel Gefunden: HKLM\SOFTWARE\Classes\Interface\{07F41522-AF7D-4F26-B394-094F059FDB8A}
Schlüssel Gefunden: HKLM\SOFTWARE\Classes\Interface\{0C40F472-7407-4467-8914-1DEA7C326972}
Schlüssel Gefunden: HKLM\SOFTWARE\Classes\Interface\{212E6D43-6062-492A-B8CC-144669FF11ED}
Schlüssel Gefunden: HKLM\SOFTWARE\Classes\Interface\{224FE662-1E6D-4BC0-AEBB-9E2FB4057BE9}
Schlüssel Gefunden: HKLM\SOFTWARE\Classes\Interface\{3A807417-B46D-4D37-8C9A-19AC6DE204F9}
Schlüssel Gefunden: HKLM\SOFTWARE\Classes\Interface\{3CC60715-D6C5-429D-830E-43FA3F86C61D}
Schlüssel Gefunden: HKLM\SOFTWARE\Classes\Interface\{4517D94C-19BA-46FA-BE66-2A30CEAC4A85}
Schlüssel Gefunden: HKLM\SOFTWARE\Classes\Interface\{555D7146-94A8-4C94-AE76-C39CDC7F7705}
Schlüssel Gefunden: HKLM\SOFTWARE\Classes\Interface\{59D188FA-757A-424E-8C93-F58FFD896BD7}
Schlüssel Gefunden: HKLM\SOFTWARE\Classes\Interface\{8120D9D6-785C-4413-9C0C-DF2028C56FAD}
Schlüssel Gefunden: HKLM\SOFTWARE\Classes\Interface\{823AE2EB-E62C-4847-B192-C99B91B92416}
Schlüssel Gefunden: HKLM\SOFTWARE\Classes\Interface\{9B4F7CFE-987D-410E-A8E4-20182E0B3C24}
Schlüssel Gefunden: HKLM\SOFTWARE\Classes\Interface\{9B9A45F4-18FC-484A-BACA-076D78273D8E}
Schlüssel Gefunden: HKLM\SOFTWARE\Classes\Interface\{A6D54287-7939-466A-8579-92546D946C8C}
Schlüssel Gefunden: HKLM\SOFTWARE\Classes\Interface\{A78EDAFB-926F-4D93-AB13-8232D7378EB1}
Schlüssel Gefunden: HKLM\SOFTWARE\Classes\TypeLib\{7D3C47ED-E0BE-4940-9DDA-A7A097AEBD88}
Schlüssel Gefunden: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gefunden: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Wert Gefunden: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}]
Schlüssel Gefunden: HKU\S-1-5-21-3609346958-2387263161-451292197-1000\Software\sparktrust
Schlüssel Gefunden: HKU\S-1-5-21-3609346958-2387263161-451292197-1000\Software\Classes\Software\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}
Schlüssel Gefunden: HKU\S-1-5-21-3609346958-2387263161-451292197-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D01A33E2-0A34-4659-82AA-8A90C51C0D21}
Schlüssel Gefunden: HKCU\Software\sparktrust
Schlüssel Gefunden: HKCU\Software\Classes\Software\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}
Schlüssel Gefunden: HKU\.DEFAULT\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\shopperz
Schlüssel Gefunden: HKLM\SOFTWARE\Lavasoft\Web Companion
Schlüssel Gefunden: HKLM\SOFTWARE\sparktrust
Schlüssel Gefunden: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D01A33E2-0A34-4659-82AA-8A90C51C0D21}
Schlüssel Gefunden: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D01A33E2-0A34-4659-82AA-8A90C51C0D21}
Schlüssel Gefunden: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SU
Schlüssel Gefunden: [x64] HKCU\Software\sparktrust
Schlüssel Gefunden: [x64] HKCU\Software\Classes\Software\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}
Schlüssel Gefunden: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D01A33E2-0A34-4659-82AA-8A90C51C0D21}
Schlüssel Gefunden: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
Schlüssel Gefunden: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
Schlüssel Gefunden: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\eshopcomp.com
Schlüssel Gefunden: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\pstatic.eshopcomp.com
Schlüssel Gefunden: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\re-markable.net
Schlüssel Gefunden: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\static.re-markable00.re-markable.net
Schlüssel Gefunden: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
Schlüssel Gefunden: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
Schlüssel Gefunden: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\eshopcomp.com
Schlüssel Gefunden: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\pstatic.eshopcomp.com
Schlüssel Gefunden: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\re-markable.net
Schlüssel Gefunden: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\static.re-markable00.re-markable.net
Schlüssel Gefunden: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
***** [ Internetbrowser ] *****
Keine schädlichen Elemente in Firefox basierten Browsern gefunden.
Keine schädlichen Elemente in Chrome basierten Browsern gefunden.
*************************
C:\AdwCleaner\AdwCleaner[R0].txt - [17182 Bytes] - [08/06/2015 19:30:42]
C:\AdwCleaner\AdwCleaner[R1].txt - [1041 Bytes] - [08/06/2015 19:36:38]
C:\AdwCleaner\AdwCleaner[R2].txt - [3645 Bytes] - [08/06/2015 20:12:06]
C:\AdwCleaner\AdwCleaner[R3].txt - [1146 Bytes] - [08/06/2015 20:17:12]
C:\AdwCleaner\AdwCleaner[S0].txt - [15059 Bytes] - [08/06/2015 19:32:46]
C:\AdwCleaner\AdwCleaner[S1].txt - [3276 Bytes] - [08/06/2015 20:13:45]
C:\AdwCleaner\AdwCleaner[S2].txt - [7303 Bytes] - [11/12/2016 10:17:26]
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [7376 Bytes] ##########
Code:
ATTFilter # AdwCleaner v6.040 - Bericht erstellt am 11/12/2016 um 10:18:48
# Aktualisiert am 02/12/2016 von Malwarebytes
# Datenbank : 2016-12-11.2 [Server]
# Betriebssystem : Windows 10 Pro (X64)
# Benutzername : Anna - DELL-PC
# Gestartet von : C:\Users\Anna\Downloads\adwcleaner_6.040.exe
# Modus: Löschen
# Unterstützung : https://www.malwarebytes.com/support
***** [ Dienste ] *****
***** [ Ordner ] *****
[-] Ordner gelöscht: C:\Users\Anna\AppData\Roaming\SparkTrust
[-] Ordner gelöscht: C:\ProgramData\SparkTrust
[-] Ordner gelöscht: C:\ProgramData\7b24ec7cc000461ebe26d116b88142c8
[-] Ordner gelöscht: C:\Program Files (x86)\ControlThis Parental Control
***** [ Dateien ] *****
[-] Datei gelöscht: C:\WINDOWS\SysNative\LavasoftTcpService64.dll
[-] Datei gelöscht: C:\WINDOWS\SysNative\LavasoftTcpServiceOff.ini
[-] Datei gelöscht: C:\WINDOWS\SysWoW64\lavasofttcpservice.dll
[-] Datei gelöscht: C:\WINDOWS\SysWoW64\LavasoftTcpServiceOff.ini
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Verknüpfungen ] *****
***** [ Aufgabenplanung ] *****
[-] Aufgabe gelöscht: {3CE55452-DFD0-458F-92CD-F3A804E4ACAD}
***** [ Registrierungsdatenbank ] *****
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\CLSID\{A2970C7C-8392-4E6F-8B51-B763CF38E13C}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{A8F7D0A5-7074-40B8-9BDC-1174BDD0A132}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{D14D64BC-A0E4-42E3-BB72-FB41EA43C198}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{DD1F043F-ABC8-4643-8B95-D2C5B22BB019}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{E3F3E8F9-F747-4DD6-BA6B-82A6CE1E0860}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{ED0B64D4-BF27-4521-AD27-190F49BF5EA7}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{023E9EC8-B147-40EB-B0B3-DF90618FB371}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{0522D9A4-4D57-437D-978D-E5B3B6C9005D}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{07F41522-AF7D-4F26-B394-094F059FDB8A}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{0C40F472-7407-4467-8914-1DEA7C326972}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{212E6D43-6062-492A-B8CC-144669FF11ED}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{224FE662-1E6D-4BC0-AEBB-9E2FB4057BE9}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{3A807417-B46D-4D37-8C9A-19AC6DE204F9}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{3CC60715-D6C5-429D-830E-43FA3F86C61D}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{4517D94C-19BA-46FA-BE66-2A30CEAC4A85}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{555D7146-94A8-4C94-AE76-C39CDC7F7705}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{59D188FA-757A-424E-8C93-F58FFD896BD7}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{8120D9D6-785C-4413-9C0C-DF2028C56FAD}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{823AE2EB-E62C-4847-B192-C99B91B92416}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{9B4F7CFE-987D-410E-A8E4-20182E0B3C24}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{9B9A45F4-18FC-484A-BACA-076D78273D8E}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{A6D54287-7939-466A-8579-92546D946C8C}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{A78EDAFB-926F-4D93-AB13-8232D7378EB1}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\TypeLib\{7D3C47ED-E0BE-4940-9DDA-A7A097AEBD88}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
[-] Wert gelöscht: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}]
[-] Schlüssel gelöscht: HKU\S-1-5-21-3609346958-2387263161-451292197-1000\Software\sparktrust
[-] Schlüssel gelöscht: HKU\S-1-5-21-3609346958-2387263161-451292197-1000\Software\Classes\Software\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}
[-] Schlüssel gelöscht: HKU\S-1-5-21-3609346958-2387263161-451292197-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D01A33E2-0A34-4659-82AA-8A90C51C0D21}
[#] Schlüssel mit Neustart gelöscht: HKCU\Software\sparktrust
[#] Schlüssel mit Neustart gelöscht: HKCU\Software\Classes\Software\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}
[-] Schlüssel gelöscht: HKU\.DEFAULT\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\shopperz
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Lavasoft\Web Companion
[-] Schlüssel gelöscht: HKLM\SOFTWARE\sparktrust
[#] Schlüssel mit Neustart gelöscht: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D01A33E2-0A34-4659-82AA-8A90C51C0D21}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D01A33E2-0A34-4659-82AA-8A90C51C0D21}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SU
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\sparktrust
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\Classes\Software\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D01A33E2-0A34-4659-82AA-8A90C51C0D21}
[-] Schlüssel gelöscht: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[-] Schlüssel gelöscht: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
[-] Schlüssel gelöscht: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\eshopcomp.com
[-] Schlüssel gelöscht: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\pstatic.eshopcomp.com
[-] Schlüssel gelöscht: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\re-markable.net
[-] Schlüssel gelöscht: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\static.re-markable00.re-markable.net
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\eshopcomp.com
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\pstatic.eshopcomp.com
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\re-markable.net
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\static.re-markable00.re-markable.net
[-] Schlüssel gelöscht: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
***** [ Browser ] *****
*************************
:: "Tracing" Schlüssel gelöscht
:: Winsock Einstellungen zurückgesetzt
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [7141 Bytes] - [11/12/2016 10:18:48]
C:\AdwCleaner\AdwCleaner[R0].txt - [17182 Bytes] - [08/06/2015 19:30:42]
C:\AdwCleaner\AdwCleaner[R1].txt - [1041 Bytes] - [08/06/2015 19:36:38]
C:\AdwCleaner\AdwCleaner[R2].txt - [3645 Bytes] - [08/06/2015 20:12:06]
C:\AdwCleaner\AdwCleaner[R3].txt - [1146 Bytes] - [08/06/2015 20:17:12]
C:\AdwCleaner\AdwCleaner[S0].txt - [15059 Bytes] - [08/06/2015 19:32:46]
C:\AdwCleaner\AdwCleaner[S1].txt - [3276 Bytes] - [08/06/2015 20:13:45]
C:\AdwCleaner\AdwCleaner[S2].txt - [7491 Bytes] - [11/12/2016 10:17:26]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [7727 Bytes] ##########
Code:
ATTFilter 10:45:19 # product=EOS
# version=8
# flags=0
# ESETOnlineScanner_DEU.exe=2.0.13.0
# EOSSerial=48fabad8ac6f0a45b31a7c8379168c8b
# end=init
# utc_time=2016-12-11 09:45:18
# local_time=2016-12-11 10:45:18 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# osver=6.2.9200 NT
10:45:27 # product=EOS
# version=8
# flags=0
# ESETOnlineScanner_DEU.exe=2.0.13.0
# EOSSerial=48fabad8ac6f0a45b31a7c8379168c8b
# end=init
# utc_time=2016-12-11 09:45:27
# local_time=2016-12-11 10:45:27 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# osver=6.2.9200 NT
10:46:05 Updating
10:46:05 Update Init
10:46:15 Update Download
10:52:37 esets_scanner_reload returned 0
10:52:37 g_uiModuleBuild: 31697
10:52:37 Update Finalize
10:52:37 Call m_esets_charon_send
10:52:37 Call m_esets_charon_destroy
10:52:38 Updated modules version: 31697
10:52:50 Call m_esets_charon_setup_create
10:52:50 Call m_esets_charon_create
10:52:50 m_esets_charon_create OK
10:52:50 Call m_esets_charon_start_send_thread
10:52:50 Call m_esets_charon_setup_set
10:52:50 m_esets_charon_setup_set OK
10:52:50 Scanner engine: 31697
11:57:50 # product=EOS
# version=8
# flags=0
# ESETOnlineScanner_DEU.exe=2.0.13.0
# EOSSerial=48fabad8ac6f0a45b31a7c8379168c8b
# engine=31697
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# sfx_checked=true
# utc_time=2016-12-11 10:57:49
# local_time=2016-12-11 11:57:49 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 5485385 14258319 0 0
# scanned=2
# found=16
# cleaned=0
# scan_time=3910
sh=B6A38BF3224B1752C2DDDDB4AF2F474F53B62187 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.E evtl. unerwünschte Anwendung,JS/Toolbar.Crossrider.R evtl. unerwünschte Anwendung,JS/Toolbar.Crossrider.G evtl. unerwünschte Anwendung,JS/Toolbar.Crossrider.H evtl. unerwünschte Anwendung,JS/Toolbar.Crossrider.J evtl. unerwünschte Anwendung,JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung,JS/Toolbar.Crossrider.L evtl. unerwünschte Anwendung,JS/Toolbar.Crossrider.K evtl. unerwünschte Anwendung,JS/Toolbar.Crossrider.O evtl. unerwünschte Anwendung,JS/Toolbar.Crossrider.Q evtl. unerwünschte Anwendung,JS/Toolbar.Crossrider.N evtl. unerwünschte Anwendung,JS/Toolbar.Crossrider.P evtl. unerwünschte Anwendung,JS/Toolbar.Crossrider.M evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\BrowserV08.06\328f034e-f83f-4b82-86a2-e770f36be701.crx.vir"
sh=B6A38BF3224B1752C2DDDDB4AF2F474F53B62187 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.E evtl. unerwünschte Anwendung,JS/Toolbar.Crossrider.R evtl. unerwünschte Anwendung,JS/Toolbar.Crossrider.G evtl. unerwünschte Anwendung,JS/Toolbar.Crossrider.H evtl. unerwünschte Anwendung,JS/Toolbar.Crossrider.J evtl. unerwünschte Anwendung,JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung,JS/Toolbar.Crossrider.L evtl. unerwünschte Anwendung,JS/Toolbar.Crossrider.K evtl. unerwünschte Anwendung,JS/Toolbar.Crossrider.O evtl. unerwünschte Anwendung,JS/Toolbar.Crossrider.Q evtl. unerwünschte Anwendung,JS/Toolbar.Crossrider.N evtl. unerwünschte Anwendung,JS/Toolbar.Crossrider.P evtl. unerwünschte Anwendung,JS/Toolbar.Crossrider.M evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\BrowserV08.06\7cbe2f57-b40e-4e5a-a30b-9768e1004f4c.crx.vir"
sh=7F86E907A002DAB9219D27FB0B0142039F96D06B ft=1 fh=0000000000000000 vn="Variante von Win64/Toolbar.Crossrider.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\BrowserV08.06\81c3c611-726d-4144-b83e-d922f36da656.dll.vir"
sh=910A12787C3813F458CBFC5E8E9F042B8D2227A7 ft=1 fh=0000000000000000 vn="Variante von Win32/Toolbar.CrossRider.CU evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\BrowserV08.06\Uninstall.exe.vir"
sh=171D0DFAD4ABC8BFCFC3DE6AD9EB03DBA9CB60AC ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Anna\AppData\Roaming\8tt7Nz8PxmlrSFbTJ17Kth9.vir"
sh=171D0DFAD4ABC8BFCFC3DE6AD9EB03DBA9CB60AC ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Anna\AppData\Roaming\lV39gFR.vir"
sh=C28052B54F49AACF8660C7759B076341257F2241 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Anna\AppData\Roaming\s7m4ap8yv5gIbtSHdfTF.vir"
sh=C28052B54F49AACF8660C7759B076341257F2241 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Anna\AppData\Roaming\VyHeiPjZETA5H0aHKGt59Ki.vir"
sh=BAF990D039E9D3A2783E43671DC94770E624BDFA ft=1 fh=0000000000000000 vn="MSIL/HackKMS.I potenziell unsichere Anwendung" ac=I fn="C:\ProgramData\KMSAutoS\KMSAuto Net.exe"
sh=2223DB794B0CD7032C282841E525E3FA4F5C69D8 ft=1 fh=0000000000000000 vn="Win32/HackKMS.W potenziell unsichere Anwendung" ac=I fn="C:\ProgramData\KMSAutoS\bin\KMSSS.exe"
sh=3222E8DE922C20FC3FB8903E7764AA2EAED0455C ft=1 fh=0000000000000000 vn="MSIL/HackTool.TunMirror.A potenziell unsichere Anwendung" ac=I fn="C:\ProgramData\KMSAutoS\bin\TunMirror.exe"
sh=9287D5212673CA8CD31AA2ED88ADA73184E7E981 ft=1 fh=0000000000000000 vn="Variante von MSIL/HackTool.TunMirror.A potenziell unsichere Anwendung" ac=I fn="C:\ProgramData\KMSAutoS\bin\TunMirror2.exe"
sh=BAF990D039E9D3A2783E43671DC94770E624BDFA ft=1 fh=0000000000000000 vn="MSIL/HackKMS.I potenziell unsichere Anwendung" ac=I fn="C:\Users\All Users\KMSAutoS\KMSAuto Net.exe"
sh=2223DB794B0CD7032C282841E525E3FA4F5C69D8 ft=1 fh=0000000000000000 vn="Win32/HackKMS.W potenziell unsichere Anwendung" ac=I fn="C:\Users\All Users\KMSAutoS\bin\KMSSS.exe"
sh=3222E8DE922C20FC3FB8903E7764AA2EAED0455C ft=1 fh=0000000000000000 vn="MSIL/HackTool.TunMirror.A potenziell unsichere Anwendung" ac=I fn="C:\Users\All Users\KMSAutoS\bin\TunMirror.exe"
sh=9287D5212673CA8CD31AA2ED88ADA73184E7E981 ft=1 fh=0000000000000000 vn="Variante von MSIL/HackTool.TunMirror.A potenziell unsichere Anwendung" ac=I fn="C:\Users\All Users\KMSAutoS\bin\TunMirror2.exe"
12:06:57 Call m_esets_charon_send
12:06:57 Call m_esets_charon_destroy
12:06:59 RecursiveRemoveDirectoryAndAllFiles: C:\Users\Anna\AppData\Local\ESET\ESETOnlineScanner\Quarantine\
16:34:53 # product=EOS
# version=8
# flags=0
# ESETOnlineScanner_DEU.exe=2.0.13.0
# EOSSerial=48fabad8ac6f0a45b31a7c8379168c8b
# end=init
# utc_time=2016-12-11 15:34:52
# local_time=2016-12-11 16:34:52 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# osver=6.2.9200 NT
16:35:00 # product=EOS
# version=8
# flags=0
# ESETOnlineScanner_DEU.exe=2.0.13.0
# EOSSerial=48fabad8ac6f0a45b31a7c8379168c8b
# end=init
# utc_time=2016-12-11 15:35:00
# local_time=2016-12-11 16:35:00 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# osver=6.2.9200 NT
16:35:32 Call m_esets_charon_setup_create
16:35:32 Call m_esets_charon_create
16:35:33 m_esets_charon_create OK
16:35:33 Call m_esets_charon_start_send_thread
16:35:33 Call m_esets_charon_setup_set
16:35:33 m_esets_charon_setup_set OK
16:35:35 Updating
16:35:36 Update Init
16:35:48 Call m_esets_charon_setup_create
16:35:48 Call m_esets_charon_create
16:35:48 m_esets_charon_setup_set ERROR
16:35:48 Update Download
16:36:23 esets_scanner_reload returned 0
16:36:23 g_uiModuleBuild: 31699
16:36:23 Update Finalize
16:36:23 Call m_esets_charon_send
16:36:23 Call m_esets_charon_destroy
16:36:23 Updated modules version: 31699
16:36:35 Call m_esets_charon_setup_create
16:36:35 Call m_esets_charon_create
16:36:35 m_esets_charon_setup_set ERROR
16:36:35 Scanner engine: 31699
17:57:10 # product=EOS
# version=8
# flags=0
# ESETOnlineScanner_DEU.exe=2.0.13.0
# EOSSerial=48fabad8ac6f0a45b31a7c8379168c8b
# engine=31699
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# sfx_checked=true
# utc_time=2016-12-11 16:57:09
# local_time=2016-12-11 17:57:09 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 5506945 14279879 0 0
# scanned=2
# found=0
# cleaned=0
# scan_time=4845
18:02:16 Call m_esets_charon_send
18:02:16 Call m_esets_charon_destroy
18:02:17 RecursiveRemoveDirectoryAndAllFiles: C:\Users\Anna\AppData\Local\ESET\ESETOnlineScanner\Quarantine\
Geändert von Anna Mimi (11.12.2016 um 20:29 Uhr) |
|
11.12.2016, 20:27
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | pC sehr langsam, Werbung ploppt auf beim Browseröffnen, nicht löschbare Datei im Downloadordner
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
11.12.2016, 21:03
| #5 |
| | pC sehr langsam, Werbung ploppt auf beim Browseröffnen, nicht löschbare Datei im Downloadordner Das ist der einzige Logfile von ESET, der zur Verfügung steht... Er ist nicht mehr unter C:\Program Files (x86) gewesen, ich hatte ihn unter C:\users\%userprofile%\appdata\local\temp\log.txt gefunden nach Anweisungen auf Online scanner FAQ?ESET Knowledgebase Code:
ATTFilter 10:45:19 # product=EOS
# version=8
# flags=0
# ESETOnlineScanner_DEU.exe=2.0.13.0
# EOSSerial=48fabad8ac6f0a45b31a7c8379168c8b
# end=init
# utc_time=2016-12-11 09:45:18
# local_time=2016-12-11 10:45:18 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# osver=6.2.9200 NT
10:45:27 # product=EOS
# version=8
# flags=0
# ESETOnlineScanner_DEU.exe=2.0.13.0
# EOSSerial=48fabad8ac6f0a45b31a7c8379168c8b
# end=init
# utc_time=2016-12-11 09:45:27
# local_time=2016-12-11 10:45:27 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# osver=6.2.9200 NT
10:46:05 Updating
10:46:05 Update Init
10:46:15 Update Download
10:52:37 esets_scanner_reload returned 0
10:52:37 g_uiModuleBuild: 31697
10:52:37 Update Finalize
10:52:37 Call m_esets_charon_send
10:52:37 Call m_esets_charon_destroy
10:52:38 Updated modules version: 31697
10:52:50 Call m_esets_charon_setup_create
10:52:50 Call m_esets_charon_create
10:52:50 m_esets_charon_create OK
10:52:50 Call m_esets_charon_start_send_thread
10:52:50 Call m_esets_charon_setup_set
10:52:50 m_esets_charon_setup_set OK
10:52:50 Scanner engine: 31697
11:57:50 # product=EOS
# version=8
# flags=0
# ESETOnlineScanner_DEU.exe=2.0.13.0
# EOSSerial=48fabad8ac6f0a45b31a7c8379168c8b
# engine=31697
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# sfx_checked=true
# utc_time=2016-12-11 10:57:49
# local_time=2016-12-11 11:57:49 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 5485385 14258319 0 0
# scanned=2
# found=16
# cleaned=0
# scan_time=3910
sh=B6A38BF3224B1752C2DDDDB4AF2F474F53B62187 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.E evtl. unerwünschte Anwendung,JS/Toolbar.Crossrider.R evtl. unerwünschte Anwendung,JS/Toolbar.Crossrider.G evtl. unerwünschte Anwendung,JS/Toolbar.Crossrider.H evtl. unerwünschte Anwendung,JS/Toolbar.Crossrider.J evtl. unerwünschte Anwendung,JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung,JS/Toolbar.Crossrider.L evtl. unerwünschte Anwendung,JS/Toolbar.Crossrider.K evtl. unerwünschte Anwendung,JS/Toolbar.Crossrider.O evtl. unerwünschte Anwendung,JS/Toolbar.Crossrider.Q evtl. unerwünschte Anwendung,JS/Toolbar.Crossrider.N evtl. unerwünschte Anwendung,JS/Toolbar.Crossrider.P evtl. unerwünschte Anwendung,JS/Toolbar.Crossrider.M evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\BrowserV08.06\328f034e-f83f-4b82-86a2-e770f36be701.crx.vir"
sh=B6A38BF3224B1752C2DDDDB4AF2F474F53B62187 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.E evtl. unerwünschte Anwendung,JS/Toolbar.Crossrider.R evtl. unerwünschte Anwendung,JS/Toolbar.Crossrider.G evtl. unerwünschte Anwendung,JS/Toolbar.Crossrider.H evtl. unerwünschte Anwendung,JS/Toolbar.Crossrider.J evtl. unerwünschte Anwendung,JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung,JS/Toolbar.Crossrider.L evtl. unerwünschte Anwendung,JS/Toolbar.Crossrider.K evtl. unerwünschte Anwendung,JS/Toolbar.Crossrider.O evtl. unerwünschte Anwendung,JS/Toolbar.Crossrider.Q evtl. unerwünschte Anwendung,JS/Toolbar.Crossrider.N evtl. unerwünschte Anwendung,JS/Toolbar.Crossrider.P evtl. unerwünschte Anwendung,JS/Toolbar.Crossrider.M evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\BrowserV08.06\7cbe2f57-b40e-4e5a-a30b-9768e1004f4c.crx.vir"
sh=7F86E907A002DAB9219D27FB0B0142039F96D06B ft=1 fh=0000000000000000 vn="Variante von Win64/Toolbar.Crossrider.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\BrowserV08.06\81c3c611-726d-4144-b83e-d922f36da656.dll.vir"
sh=910A12787C3813F458CBFC5E8E9F042B8D2227A7 ft=1 fh=0000000000000000 vn="Variante von Win32/Toolbar.CrossRider.CU evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\BrowserV08.06\Uninstall.exe.vir"
sh=171D0DFAD4ABC8BFCFC3DE6AD9EB03DBA9CB60AC ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Anna\AppData\Roaming\8tt7Nz8PxmlrSFbTJ17Kth9.vir"
sh=171D0DFAD4ABC8BFCFC3DE6AD9EB03DBA9CB60AC ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Anna\AppData\Roaming\lV39gFR.vir"
sh=C28052B54F49AACF8660C7759B076341257F2241 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Anna\AppData\Roaming\s7m4ap8yv5gIbtSHdfTF.vir"
sh=C28052B54F49AACF8660C7759B076341257F2241 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Anna\AppData\Roaming\VyHeiPjZETA5H0aHKGt59Ki.vir"
sh=BAF990D039E9D3A2783E43671DC94770E624BDFA ft=1 fh=0000000000000000 vn="MSIL/HackKMS.I potenziell unsichere Anwendung" ac=I fn="C:\ProgramData\KMSAutoS\KMSAuto Net.exe"
sh=2223DB794B0CD7032C282841E525E3FA4F5C69D8 ft=1 fh=0000000000000000 vn="Win32/HackKMS.W potenziell unsichere Anwendung" ac=I fn="C:\ProgramData\KMSAutoS\bin\KMSSS.exe"
sh=3222E8DE922C20FC3FB8903E7764AA2EAED0455C ft=1 fh=0000000000000000 vn="MSIL/HackTool.TunMirror.A potenziell unsichere Anwendung" ac=I fn="C:\ProgramData\KMSAutoS\bin\TunMirror.exe"
sh=9287D5212673CA8CD31AA2ED88ADA73184E7E981 ft=1 fh=0000000000000000 vn="Variante von MSIL/HackTool.TunMirror.A potenziell unsichere Anwendung" ac=I fn="C:\ProgramData\KMSAutoS\bin\TunMirror2.exe"
sh=BAF990D039E9D3A2783E43671DC94770E624BDFA ft=1 fh=0000000000000000 vn="MSIL/HackKMS.I potenziell unsichere Anwendung" ac=I fn="C:\Users\All Users\KMSAutoS\KMSAuto Net.exe"
sh=2223DB794B0CD7032C282841E525E3FA4F5C69D8 ft=1 fh=0000000000000000 vn="Win32/HackKMS.W potenziell unsichere Anwendung" ac=I fn="C:\Users\All Users\KMSAutoS\bin\KMSSS.exe"
sh=3222E8DE922C20FC3FB8903E7764AA2EAED0455C ft=1 fh=0000000000000000 vn="MSIL/HackTool.TunMirror.A potenziell unsichere Anwendung" ac=I fn="C:\Users\All Users\KMSAutoS\bin\TunMirror.exe"
sh=9287D5212673CA8CD31AA2ED88ADA73184E7E981 ft=1 fh=0000000000000000 vn="Variante von MSIL/HackTool.TunMirror.A potenziell unsichere Anwendung" ac=I fn="C:\Users\All Users\KMSAutoS\bin\TunMirror2.exe"
12:06:57 Call m_esets_charon_send
12:06:57 Call m_esets_charon_destroy
12:06:59 RecursiveRemoveDirectoryAndAllFiles: C:\Users\Anna\AppData\Local\ESET\ESETOnlineScanner\Quarantine\
16:34:53 # product=EOS
# version=8
# flags=0
# ESETOnlineScanner_DEU.exe=2.0.13.0
# EOSSerial=48fabad8ac6f0a45b31a7c8379168c8b
# end=init
# utc_time=2016-12-11 15:34:52
# local_time=2016-12-11 16:34:52 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# osver=6.2.9200 NT
16:35:00 # product=EOS
# version=8
# flags=0
# ESETOnlineScanner_DEU.exe=2.0.13.0
# EOSSerial=48fabad8ac6f0a45b31a7c8379168c8b
# end=init
# utc_time=2016-12-11 15:35:00
# local_time=2016-12-11 16:35:00 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# osver=6.2.9200 NT
16:35:32 Call m_esets_charon_setup_create
16:35:32 Call m_esets_charon_create
16:35:33 m_esets_charon_create OK
16:35:33 Call m_esets_charon_start_send_thread
16:35:33 Call m_esets_charon_setup_set
16:35:33 m_esets_charon_setup_set OK
16:35:35 Updating
16:35:36 Update Init
16:35:48 Call m_esets_charon_setup_create
16:35:48 Call m_esets_charon_create
16:35:48 m_esets_charon_setup_set ERROR
16:35:48 Update Download
16:36:23 esets_scanner_reload returned 0
16:36:23 g_uiModuleBuild: 31699
16:36:23 Update Finalize
16:36:23 Call m_esets_charon_send
16:36:23 Call m_esets_charon_destroy
16:36:23 Updated modules version: 31699
16:36:35 Call m_esets_charon_setup_create
16:36:35 Call m_esets_charon_create
16:36:35 m_esets_charon_setup_set ERROR
16:36:35 Scanner engine: 31699
17:57:10 # product=EOS
# version=8
# flags=0
# ESETOnlineScanner_DEU.exe=2.0.13.0
# EOSSerial=48fabad8ac6f0a45b31a7c8379168c8b
# engine=31699
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# sfx_checked=true
# utc_time=2016-12-11 16:57:09
# local_time=2016-12-11 17:57:09 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 5506945 14279879 0 0
# scanned=2
# found=0
# cleaned=0
# scan_time=4845
18:02:16 Call m_esets_charon_send
18:02:16 Call m_esets_charon_destroy
18:02:17 RecursiveRemoveDirectoryAndAllFiles: C:\Users\Anna\AppData\Local\ESET\ESETOnlineScanner\Quarantine\
|
|
11.12.2016, 21:13
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | pC sehr langsam, Werbung ploppt auf beim Browseröffnen, nicht löschbare Datei im Downloadordner+++ WICHTIGER HINWEIS +++ Während der Analyse und Bereinigung nimmst du KEINERLEI Änderungen auf eigene Faust vor, d.h. du installierst oder deinstallierst keine Software ohne Absprache. Auch veränderst du keine Systemeinstellungen, solange wir deinen Fall bearbeiten. Änderungen, Installationen oder Deinstallationen machst du AUSSCHLIESSLICH nur auf Anweisung! Es wird erforderlich sein, deinen Virenscanner zu deaktivieren und in bestimmten Fällen auch zu deinstallieren, damit vernünftig bereinigt werden kann. Dein System ist daher erst wenn wir hier fertig sind wieder für den alltäglichen Gebrauch wie surfen oder mailen von mir freigegeben. Gelesen und verstanden? Bitte Avast deinstallieren. Das Teil können wir einfach nicht mehr guten Gewissens empfehlen. => Antivirensoftware: Schutz Für Ihre Dateien, Aber Auf Kosten Ihrer Privatsphäre? | Emsisoft Blog Auch andere Freewareanbieter wie Avira, AVG oder Panda springen auf diesen oder ähnlichen Zügen rauf, basteln Junkware in die Setups, arbeiten mit ASK zusammen etc; so was ist bei Sicherheitssoftware einfach inakzeptabel. Gib Bescheid wenn Avast weg ist; wenn wir hier durch sind, kannst du auf einen anderen Virenscanner umsteigen, Infos folgen dann im Abschlussposting. Bitte JETZT nix mehr ohne Absprache installieren!
__________________ --> pC sehr langsam, Werbung ploppt auf beim Browseröffnen, nicht löschbare Datei im Downloadordner |
|
11.12.2016, 21:25
| #7 |
| | pC sehr langsam, Werbung ploppt auf beim Browseröffnen, nicht löschbare Datei im Downloadordner Ist erledigt... Avast ist deinstalliert. Werde nichts mehr am PC machen. Nur noch GMail und dieses Thema im Browser offen lassen, damit ich sehe, was von euch kommt. Vielen Dank  |
|
11.12.2016, 21:29
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | pC sehr langsam, Werbung ploppt auf beim Browseröffnen, nicht löschbare Datei im Downloadordner 1. Schritt: Malwarebytes Anti-Rootkit (MBAR) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers 2. Schritt: Kaspersky TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit. Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.12.2016, 22:15
| #9 |
| | pC sehr langsam, Werbung ploppt auf beim Browseröffnen, nicht löschbare Datei im Downloadordner Schritt 1: Code:
ATTFilter ---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001
(c) Malwarebytes Corporation 2011-2012
OS version: 10.0.9200 Windows 10 x64
Account is Administrative
Internet Explorer version: 11.447.14393.0
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.796000 GHz
Memory total: 6322647040, free: 3969232896
Downloaded database version: v2016.12.11.05
Downloaded database version: v2016.11.20.01
Downloaded database version: v2016.11.29.02
Initializing...
======================
------------ Kernel report ------------
12/11/2016 21:35:39
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\System32\drivers\FLTMGR.SYS
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\System32\drivers\ksecdd.sys
\SystemRoot\System32\drivers\clipsp.sys
\SystemRoot\System32\drivers\cmimcext.sys
\SystemRoot\System32\drivers\ntosext.sys
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\cng.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\drivers\intelpep.sys
\SystemRoot\system32\drivers\WindowsTrustedRT.sys
\SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\system32\drivers\CEA.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\storahci.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\system32\drivers\MBAMSwissArmy.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\NTFS.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\drivers\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volume.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\system32\drivers\iorate.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\drivers\filecrypt.sys
\SystemRoot\system32\drivers\tbs.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\drivers\vwififlt.sys
\SystemRoot\System32\drivers\pacer.sys
\SystemRoot\system32\drivers\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\gpuenergydrv.sys
\??\C:\WINDOWS\system32\drivers\mbae64.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys
\SystemRoot\System32\drivers\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\system32\drivers\ucx01000.sys
\SystemRoot\System32\drivers\HECIx64.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\portcls.sys
\SystemRoot\System32\drivers\drmk.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\netr28x.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\system32\DRIVERS\RtsBaStor.sys
\SystemRoot\System32\drivers\Rt630x64.sys
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\System32\drivers\AsusTP.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\CmBatt.sys
\SystemRoot\System32\drivers\BATTC.SYS
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\AsHIDSwitch64.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\iwdbus.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\drivers\m76usb.sys
\SystemRoot\System32\drivers\BTHUSB.sys
\SystemRoot\System32\drivers\bthport.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\drivers\BthLEEnum.sys
\SystemRoot\System32\drivers\rfcomm.sys
\SystemRoot\System32\drivers\BthEnum.sys
\SystemRoot\System32\drivers\bthpan.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_storahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\win32kfull.sys
\SystemRoot\System32\win32kbase.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\drivers\dxgmms2.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\wcifs.sys
\SystemRoot\system32\drivers\mmcss.sys
\SystemRoot\system32\drivers\storqosflt.sys
\SystemRoot\system32\drivers\MBAMChameleon.sys
\SystemRoot\system32\drivers\wcnfs.sys
\SystemRoot\System32\drivers\registry.sys
\SystemRoot\system32\drivers\lltdio.sys
\SystemRoot\system32\drivers\mslldp.sys
\SystemRoot\system32\drivers\rspndr.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\ndisuio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\drivers\vwifimp.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\drivers\mqac.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\drivers\condrv.sys
\??\C:\WINDOWS\system32\drivers\mbam.sys
\??\C:\WINDOWS\system32\drivers\mwac.sys
\??\C:\WINDOWS\system32\drivers\farflt.sys
\SystemRoot\system32\drivers\WdFilter.sys
\SystemRoot\system32\Drivers\WdNisDrv.sys
----------- End -----------
Done!
Scan started
Database versions:
main: v2016.12.11.05
rootkit: v2016.11.20.01
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffff800190ebf060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffff800190ebfae0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffff800190ebf060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffff800190d36e40, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffff800190d39060, DeviceName: \Device\0000002d\, DriverName: \Driver\storahci\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 77031481
GPT Protective MBR Partition information:
Partition 0 type is EFI-GPT (0xee)
Partition is NOT ACTIVE.
Partition starts at LBA: 1 Numsec = 4294967295
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
GPT Partition information:
GPT Header Signature 4546492050415254
GPT Header Revision 65536 Size 92 CRC 213531804
GPT Header CurrentLba = 1 BackupLba 1465149167
GPT Header FirstUsableLba 34 LastUsableLba 1465149134
GPT Header Guid 660d5b56-9a5-42cc-b84a-c1b7101b59ed
GPT Header Contains 128 partition entries starting at LBA 2
GPT Header Partition entry size = 128
Backup GPT header Signature 4546492050415254
Backup GPT header Revision 65536 Size 92 CRC 213531804
Backup GPT header CurrentLba = 1465149167 BackupLba 1
Backup GPT header FirstUsableLba 34 LastUsableLba 1465149134
Backup GPT header Guid 660d5b56-9a5-42cc-b84a-c1b7101b59ed
Backup GPT header Contains 128 partition entries starting at LBA 1465149135
Backup GPT header Partition entry size = 128
Partition 0 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
Partition ID aa7e9c8b-2eaf-48a4-97c9-d242336f58bc
FirstLBA 2048 Last LBA 206847
Attributes 0
Partition Name EFI system partition
GPT Partition 0 is bootable
Partition 1 Type e3c9e316-b5c-4db8-817d-f92df0215ae
Partition ID 26db5bf1-8766-4635-93ee-fae234daf8
FirstLBA 206848 Last LBA 468991
Attributes 0
Partition Name Microsoft reserved partition
Partition 2 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID c8c519ce-e9f6-4f5a-ac6a-f22775a5d0b4
FirstLBA 468992 Last LBA 572520447
Attributes 0
Partition Name Basic data partition
Partition 3 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID 168ca865-c7a-418e-81ee-f567dfeae8
FirstLBA 572520448 Last LBA 573442047
Attributes 1
Partition Name
Partition 4 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID 874b76bd-b5c4-48d6-82f9-81eeb6d59c9b
FirstLBA 573442048 Last LBA 1465147391
Attributes 0
Partition Name Basic data partition
Disk Size: 750156374016 bytes
Sector size: 512 bytes
Done!
File "C:\Users\Anna\AppData\Local\Comms\UnistoreDB\store.vol" is sparse (flags = 32768)
File "C:\Windows\System32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat" is sparse (flags = 32768)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-194ED7CE02A5C785CD1905FAE1023619B290AFB6.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-194ED7CE02A5C785CD1905FAE1023619B290AFB6.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-194ED7CE02A5C785CD1905FAE1023619B290AFB6.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-194ED7CE02A5C785CD1905FAE1023619B290AFB6.bin.7C" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-194ED7CE02A5C785CD1905FAE1023619B290AFB6.bin.83" is compressed (flags = 1)
Scan finished
=======================================
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
Mehr als ein Dank und gute Nacht. LG Anna Mimi Schritt 2: Teil 1 (Code zu lang): Code:
ATTFilter 21:59:49.0958 0x1c74 TDSS rootkit removing tool 3.1.0.12 Nov 7 2016 07:10:01
21:59:49.0958 0x1c74 UEFI system
22:00:29.0330 0x1c74 ============================================================
22:00:29.0330 0x1c74 Current date / time: 2016/12/11 22:00:29.0330
22:00:29.0330 0x1c74 SystemInfo:
22:00:29.0330 0x1c74
22:00:29.0330 0x1c74 OS Version: 10.0.14393 ServicePack: 0.0
22:00:29.0330 0x1c74 Product type: Workstation
22:00:29.0330 0x1c74 ComputerName: DELL-PC
22:00:29.0330 0x1c74 UserName: Anna
22:00:29.0330 0x1c74 Windows directory: C:\WINDOWS
22:00:29.0330 0x1c74 System windows directory: C:\WINDOWS
22:00:29.0330 0x1c74 Running under WOW64
22:00:29.0330 0x1c74 Processor architecture: Intel x64
22:00:29.0330 0x1c74 Number of processors: 2
22:00:29.0330 0x1c74 Page size: 0x1000
22:00:29.0330 0x1c74 Boot type: Normal boot
22:00:29.0330 0x1c74 CodeIntegrityOptions = 0x00000001
22:00:29.0330 0x1c74 ============================================================
22:00:29.0730 0x1c74 KLMD registered as C:\WINDOWS\system32\drivers\47866976.sys
22:00:29.0730 0x1c74 KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 14393.479, osProperties = 0x19
22:00:31.0232 0x1c74 System UUID: {AD70DFB0-0284-30A2-EFBC-6B2054112897}
22:00:32.0597 0x1c74 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 ( 698.64 Gb ), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:00:32.0610 0x1c74 ============================================================
22:00:32.0610 0x1c74 \Device\Harddisk0\DR0:
22:00:32.0610 0x1c74 GPT partitions:
22:00:32.0611 0x1c74 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {AA7E9C8B-2EAF-48A4-97C9-D242336F58BC}, Name: EFI system partition, StartLBA 0x800, BlocksNum 0x32000
22:00:32.0611 0x1c74 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {26DB5BF1-8766-4635-93EE-0FAE2304DAF8}, Name: Microsoft reserved partition, StartLBA 0x32800, BlocksNum 0x40000
22:00:32.0611 0x1c74 \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {C8C519CE-E9F6-4F5A-AC6A-F22775A5D0B4}, Name: Basic data partition, StartLBA 0x72800, BlocksNum 0x2218D000
22:00:32.0611 0x1c74 \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {168CA865-0C7A-418E-81EE-F567DF0E0AE8}, Name: , StartLBA 0x221FF800, BlocksNum 0xE1000
22:00:32.0611 0x1c74 \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {874B76BD-B5C4-48D6-82F9-81EEB6D59C9B}, Name: Basic data partition, StartLBA 0x222E0800, BlocksNum 0x35265800
22:00:32.0611 0x1c74 MBR partitions:
22:00:32.0611 0x1c74 ============================================================
22:00:32.0641 0x1c74 C: <-> \Device\Harddisk0\DR0\Partition3
22:00:32.0663 0x1c74 D: <-> \Device\Harddisk0\DR0\Partition5
22:00:32.0663 0x1c74 ============================================================
22:00:32.0663 0x1c74 Initialize success
22:00:32.0663 0x1c74 ============================================================
22:03:13.0429 0x05f8 ============================================================
22:03:13.0429 0x05f8 Scan started
22:03:13.0429 0x05f8 Mode: Manual; SigCheck; TDLFS;
22:03:13.0429 0x05f8 ============================================================
22:03:13.0429 0x05f8 KSN ping started
22:03:14.0112 0x05f8 KSN ping finished: true
22:03:15.0505 0x05f8 ================ Scan system memory ========================
22:03:15.0505 0x05f8 System memory - ok
22:03:15.0505 0x05f8 ================ Scan services =============================
22:03:15.0674 0x05f8 [ A7901875F89D011C38CF52C98ACF5B29, 782141AB1DD7ACDE6EA08B5BAFDE8BADD05B81D38C18E097D6D9C46102056EB1 ] 1394ohci C:\WINDOWS\System32\drivers\1394ohci.sys
22:03:15.0905 0x05f8 1394ohci - ok
22:03:15.0952 0x05f8 [ EE1CCC54F75C24727A218F98FC5349DA, 0B0D26640BFA0F551B7087027E572D0BF2C5EAF50A4187C5A7D839180B7FF589 ] 3ware C:\WINDOWS\system32\drivers\3ware.sys
22:03:15.0990 0x05f8 3ware - ok
22:03:16.0052 0x05f8 [ 73C73E1AA0D4D727A04AAAB120B7F56A, 5D311F11022994410DF5C67914D38B1F0D813EFD181EA234750286A272D67A1A ] ACPI C:\WINDOWS\system32\drivers\ACPI.sys
22:03:16.0090 0x05f8 ACPI - ok
22:03:16.0121 0x05f8 [ 0935496EF9624B46B935CB35ECE1F205, A22A2A29195505A65E8626D60B00C86C23E0CABC1EB8345EA5ED523516CC21C0 ] AcpiDev C:\WINDOWS\System32\drivers\AcpiDev.sys
22:03:16.0175 0x05f8 AcpiDev - ok
22:03:16.0190 0x05f8 [ D6794C31F4077B71433988787BAA926E, F16365C2F195AAE94D4740E6C3DF4C0CECEC6393CAD65425DCCD28CDBA6EC51A ] acpiex C:\WINDOWS\system32\Drivers\acpiex.sys
22:03:16.0206 0x05f8 acpiex - ok
22:03:16.0237 0x05f8 [ FE5F656D6B35089DA39112E74EC6A85A, 5D81EE63998232A5B36DE47FE15B9D04D5BD02234CA133A2462AECA8C60A22ED ] acpipagr C:\WINDOWS\System32\drivers\acpipagr.sys
22:03:16.0306 0x05f8 acpipagr - ok
22:03:16.0337 0x05f8 [ 2F242941E4DFF69B883D77A16F039557, 45C388365317C720654A659A9326B2BC0E9D84929C704654985597D5D620101C ] AcpiPmi C:\WINDOWS\System32\drivers\acpipmi.sys
22:03:16.0391 0x05f8 AcpiPmi - ok
22:03:16.0406 0x05f8 [ C247E35A21682DA8D0DC3AF9F025FCC5, 455415EE3166B3043AD8A4DD50B688DB74242267FB555642441251EFA823E971 ] acpitime C:\WINDOWS\System32\drivers\acpitime.sys
22:03:16.0453 0x05f8 acpitime - ok
22:03:16.0535 0x05f8 [ C92B0A0957ACAD3CEEF502A2CA10ACB8, 78BF46318B69D9479ECDC83446DD8D454AA2A9A9D94B33C5FC68933DB18AFA3B ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:03:16.0575 0x05f8 AdobeARMservice - ok
22:03:16.0691 0x05f8 [ 9BAF21BA600EC4E5FD9A66AD3E4FF5A6, 5E02E5E80557F6EC870EB7CC2DE95169D4225B87A2FE7E796736205F51C15816 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:03:16.0722 0x05f8 AdobeFlashPlayerUpdateSvc - ok
22:03:16.0775 0x05f8 [ 49B9DB97AFC85DCCBDACDAB2E90085B7, 2A6C2A09F74EA15044F442CCFB54A0F24F105ADB915E5C78F02F59652DC29152 ] ADP80XX C:\WINDOWS\system32\drivers\ADP80XX.SYS
22:03:16.0853 0x05f8 ADP80XX - ok
22:03:16.0891 0x05f8 [ 323AA1953ED9C01E23F740FA891FE064, 4CED6E3D61749316CDE28965C913E7ED462539DAAD637A29484F62AF47AD650D ] AFD C:\WINDOWS\system32\drivers\afd.sys
22:03:16.0938 0x05f8 AFD - ok
22:03:16.0974 0x05f8 [ 23522E5D581F7722B1B5B86737CAE39C, FB81ABD304376A1E87B65F5E1B34477B628CEDB2091C5D754DE97464B6050C5B ] ahcache C:\WINDOWS\system32\DRIVERS\ahcache.sys
22:03:17.0038 0x05f8 ahcache - ok
22:03:17.0075 0x05f8 [ D0905D4A945D01D4B28DB9E1BD5985F7, CF389CBCD3B99D1BAE34A42F723F1005C32213A394F691978076D3DF1727715C ] AJRouter C:\WINDOWS\System32\AJRouter.dll
22:03:17.0116 0x05f8 AJRouter - ok
22:03:17.0147 0x05f8 [ 8FD51B3B35707A66080D7C8CB05E792D, FE52F3DC280D208FDDC75F6E3294B8D601E0D86F9BD3DB1ACC8FC296AC74C23B ] ALG C:\WINDOWS\System32\alg.exe
22:03:17.0236 0x05f8 ALG - ok
22:03:17.0274 0x05f8 [ DF21E05E41E5AC3F13F304D91457649A, 7F48F2AD1DBE89A261113C76D7C23AD7D87D5599BCC31F8A558A8A10B81BF521 ] AmdK8 C:\WINDOWS\System32\drivers\amdk8.sys
22:03:17.0339 0x05f8 AmdK8 - ok
22:03:17.0355 0x05f8 [ 45D0AA4BB90B821DF92E8F19ABED0C5E, EA87A6E98DB3C5A88A844C04C6934E870B7004E783AA5211722115382A211B90 ] AmdPPM C:\WINDOWS\System32\drivers\amdppm.sys
22:03:17.0392 0x05f8 AmdPPM - ok
22:03:17.0423 0x05f8 [ 74FFBC43B4B899C9A8CA06A892F2CE73, 8D599363C7F3D373F1859BAA4D06DD0F40BE78B56BE52B74DE6EA6EF99452004 ] amdsata C:\WINDOWS\system32\drivers\amdsata.sys
22:03:17.0450 0x05f8 amdsata - ok
22:03:17.0476 0x05f8 [ AAB0F1D8D7E54761ABAB13AF161F1680, CF847990EFFA2828F5B1DB1A68F08A6C2C918E9612EDFFCF95C36BCABBBEA272 ] amdsbs C:\WINDOWS\system32\drivers\amdsbs.sys
22:03:17.0508 0x05f8 amdsbs - ok
22:03:17.0523 0x05f8 [ F91BAAC4237C40352A807000F3B716F9, F7EFA08E5067C3D419C9D21EDB880BA08883A80DDF35F8B42EC3AB293FE5E03E ] amdxata C:\WINDOWS\system32\drivers\amdxata.sys
22:03:17.0539 0x05f8 amdxata - ok
22:03:17.0607 0x05f8 [ 5B0F4FB165256DE463A51E3A3127969E, 6751ADFFE95FA671C584427A9624EEB79518DE08132FD7A83148700B75487316 ] AppHostSvc C:\WINDOWS\system32\inetsrv\apphostsvc.dll
22:03:17.0708 0x05f8 AppHostSvc - ok
22:03:17.0755 0x05f8 [ BC121C099C6C659126AD2102AFDFF8CF, 42B5EE293BDD7ADCE48173A01B30D8452564B9DA225EAF25E9292FE77C0FCF3E ] AppID C:\WINDOWS\system32\drivers\appid.sys
22:03:17.0777 0x05f8 AppID - ok
22:03:17.0793 0x05f8 [ 74A24CF946279111D7F203B36569EC02, FD67D36804744B4FE3E20BA891852575E6C2DA6515643B2F4B4210118B0FCCDA ] AppIDSvc C:\WINDOWS\System32\appidsvc.dll
22:03:17.0877 0x05f8 AppIDSvc - ok
22:03:17.0924 0x05f8 [ 73FAA5517CCD1332F00192A303CF2026, 75636222BFF381A3EECA010752DF7DC1603A395B91FF7FBF92127B5CA8EFFEE5 ] Appinfo C:\WINDOWS\System32\appinfo.dll
22:03:18.0009 0x05f8 Appinfo - ok
22:03:18.0024 0x05f8 [ 68190E2BADF23BD782344970E5B5DE9E, 95D30EC12C7FDF5822CED8BC2F17669A6687A2FB262B4F0D15C8DCFF4E9AB33D ] applockerfltr C:\WINDOWS\system32\drivers\applockerfltr.sys
22:03:18.0125 0x05f8 applockerfltr - ok
22:03:18.0142 0x05f8 [ 76A12AC673B0F8A607ACDD0583C247D4, CBC6C0EB82C7A8E3998344280BBB5A697AFA7206CA2BADFDA7ED6E7DD20E3DAC ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
22:03:18.0193 0x05f8 AppMgmt - ok
22:03:18.0256 0x05f8 [ A0746EF6C5AB7A17A67BC167167499C1, 1D2154D3AFC5219293EDD508C7726E7756FB72BF04F73861C575D1FE5C553411 ] AppReadiness C:\WINDOWS\system32\AppReadiness.dll
22:03:18.0363 0x05f8 AppReadiness - ok
22:03:18.0424 0x05f8 [ 6010A920FDE5BFE4EA056F9736FBDC06, F55F68D5AD1F272BC285E716E02090C62FC87476DD6CE7ABA6BE7EF8EF6178DE ] AppVClient C:\WINDOWS\system32\AppVClient.exe
22:03:18.0478 0x05f8 AppVClient - ok
22:03:18.0494 0x05f8 [ B66ED2CB37F7E4696A51612AFBA08834, 70BA67AF7F1290E3145B873B53516F138E50D8AAC80CD00CBA66467ABC6643CB ] AppvStrm C:\WINDOWS\system32\drivers\AppvStrm.sys
22:03:18.0525 0x05f8 AppvStrm - ok
22:03:18.0556 0x05f8 [ 8DC924848E20F890BEFC6B31136D46BE, B7603425B4970F505B5A3EB0F6652A9CDD188059BDC945D6DF2BADC2DF8F4B5D ] AppvVemgr C:\WINDOWS\system32\drivers\AppvVemgr.sys
22:03:18.0594 0x05f8 AppvVemgr - ok
22:03:18.0610 0x05f8 [ 9ADC5A8BEE10E174F95349E9232D8E76, F322991323DCDC51199BB3AB0DA20F6C3CC7EE6E804400B473C610FDB895F0AE ] AppvVfs C:\WINDOWS\system32\drivers\AppvVfs.sys
22:03:18.0641 0x05f8 AppvVfs - ok
22:03:18.0726 0x05f8 [ 6F34FD381EB64ED66A1A34C7F18F1CE2, 530D7913B4E361A6E15ACE09EB2AE7B9B92940C18F7E45776ECB9685719C780D ] AppXSvc C:\WINDOWS\system32\appxdeploymentserver.dll
22:03:18.0925 0x05f8 AppXSvc - ok
22:03:18.0949 0x05f8 [ E6AB1F0B4C3D4E0D2A88332D76FECD03, 0D3003EB979DA4546DCDD055011E24F13E34F683F02C9801CAC564D1809F11D2 ] arcsas C:\WINDOWS\system32\drivers\arcsas.sys
22:03:18.0977 0x05f8 arcsas - ok
22:03:19.0065 0x05f8 [ 5EE26734A882478AF6696092E2E0F352, 6CACFF521B3B839F73EBEB6EFBFDCCA8A8BC319DDB254BE3EFE29A39040B2C26 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
22:03:19.0094 0x05f8 aspnet_state - ok
22:03:19.0164 0x05f8 [ 61C5A480C43E7E8E49C42869F49D0D3E, E610F0E4315ABA1D90AD4A1D7A68ABA2ACBB7FCA89E9D1798470365D52592D55 ] AsyncMac C:\WINDOWS\System32\drivers\asyncmac.sys
22:03:19.0235 0x05f8 AsyncMac - ok
22:03:19.0261 0x05f8 [ A10F989A812B57B9695F6C305907C9C6, E2B292610079AA1A10696138DE8130905A8A834B75A8DED7EBF8B6732B77A0F4 ] atapi C:\WINDOWS\system32\drivers\atapi.sys
22:03:19.0290 0x05f8 atapi - ok
22:03:19.0334 0x05f8 [ F71DEAB9297A5E4E35A08D7544C9E748, 2C685094B36F607173F8B089B0C31C31C806DBD10125EA55075301D4C9B0AC44 ] ATP C:\WINDOWS\System32\drivers\AsusTP.sys
22:03:19.0379 0x05f8 ATP - ok
22:03:19.0426 0x05f8 [ 59F44051BCD479E70446506B7E4E78BB, CB58E55196EC702DC85916F963A3C16D429C141391F9AA7F415BD63E7328C4C6 ] AudioEndpointBuilder C:\WINDOWS\System32\AudioEndpointBuilder.dll
22:03:19.0495 0x05f8 AudioEndpointBuilder - ok
22:03:19.0542 0x05f8 [ 1C986DC8F4FDA1B040AC1176FB24467F, DEDA2FF4D0369348C2A74D29FB08AC86219BBCFDF44C59339BC39A25AE0727EB ] Audiosrv C:\WINDOWS\System32\Audiosrv.dll
22:03:19.0626 0x05f8 Audiosrv - ok
22:03:19.0673 0x05f8 [ 6D90FDA2DC364B8EA1420F2F81585CC3, 10E6F23A213CFE49BE04BB7D366ADD4028D61D7114FEC67C30B5467DF6B36D4F ] AxInstSV C:\WINDOWS\System32\AxInstSV.dll
22:03:19.0711 0x05f8 AxInstSV - ok
22:03:19.0758 0x05f8 [ 61BAC67048CA5C1D08C48FCC8012B613, 71B2A466FC38DA1029B471FBD2541D8FE359751A7B212AE0F420DB3645916450 ] b06bdrv C:\WINDOWS\system32\drivers\bxvbda.sys
22:03:19.0811 0x05f8 b06bdrv - ok
22:03:19.0811 0x05f8 [ 68F72B05EBC6D1779C0D60A147C7CA0B, AA1C857BEE34865C6B901157FC22570D4CF45D950708BAD7AA333F120F2B474C ] BasicDisplay C:\WINDOWS\System32\drivers\BasicDisplay.sys
22:03:19.0858 0x05f8 BasicDisplay - ok
22:03:19.0858 0x05f8 [ 23156E7EDAF613D839E2839746B168D3, CAEF8F9C7D3A338BD747AC9D5BFBE730D77B911E87BCF532EBB75E1F80916AFA ] BasicRender C:\WINDOWS\System32\drivers\BasicRender.sys
22:03:19.0911 0x05f8 BasicRender - ok
22:03:19.0927 0x05f8 [ 3F5523DCEFE42B385659C5CB46A6B810, CA24A3DF002B19E7BDEDE9B5EB60623F299D0E78B2E4F58DCFC028D76DEFE52D ] bcmfn C:\WINDOWS\System32\drivers\bcmfn.sys
22:03:19.0958 0x05f8 bcmfn - ok
22:03:19.0980 0x05f8 [ 0B750A6A6D847E73CA48ADD7A0F5A393, 6A43020F23846EFB1AFA3C070465B0059E9DF60DEB16899E09559462DF30939F ] bcmfn2 C:\WINDOWS\System32\drivers\bcmfn2.sys
22:03:20.0027 0x05f8 bcmfn2 - ok
22:03:20.0058 0x05f8 [ 2B4D3AEAAD02954F8C191BC2D67949AD, 8237C9AD556CFAF7442FF60F78608104BC17CE3134C89D986D49C38CC60B1518 ] BDESVC C:\WINDOWS\System32\bdesvc.dll
22:03:20.0143 0x05f8 BDESVC - ok
22:03:20.0159 0x05f8 [ 0A508274355745EEF01C6BE3198D02C4, E2DB08AEE2368FA95FDB357BB31EA4EBF31679C3E72E109DB3D7CD1B5F7B828E ] Beep C:\WINDOWS\system32\drivers\Beep.sys
22:03:20.0196 0x05f8 Beep - ok
22:03:20.0259 0x05f8 [ 5125CBB61AC81168366BEB290399CB8E, B2A3095D45E2114DE2BD0E5A3AE20B3CE95EE517A35B9E1EAD05E231F38DBDCF ] BFE C:\WINDOWS\System32\bfe.dll
22:03:20.0343 0x05f8 BFE - ok
22:03:20.0412 0x05f8 [ D876C567AB767258036F05E4766189FD, DE8BA67325CB64495BD454B8F9DDCAE82636253844FC68B360C7E1CF5D51DD0E ] BITS C:\WINDOWS\System32\qmgr.dll
22:03:20.0543 0x05f8 BITS - ok
22:03:20.0581 0x05f8 [ 9CD2A4821DE379305CACB2E99AD8953A, 89D700DFC3C59ACBBADB48954A28C0EBF8D6A11A9E63837689DD891868E43188 ] bowser C:\WINDOWS\system32\DRIVERS\bowser.sys
22:03:20.0680 0x05f8 bowser - ok
22:03:20.0728 0x05f8 [ 2447BD15B41298622CC662249CD0F496, 013A326D2E3BF68D654BBABE2F1E5DF0FF0A153A4B95D570EE28F9BC0F5A78C3 ] BrokerInfrastructure C:\WINDOWS\System32\bisrv.dll
22:03:20.0829 0x05f8 BrokerInfrastructure - ok
22:03:20.0860 0x05f8 [ B3F32C630DD3F2F6A6091B89CFF13641, 7A9C53EF9AB9FF1DC392FD711B194A101DB36CA5BC799E817BEB446741089B76 ] Browser C:\WINDOWS\System32\browser.dll
22:03:20.0913 0x05f8 Browser - ok
22:03:20.0960 0x05f8 [ 722036C26D2C4E50EC2A2EC5FD678846, 999468038AE01F0FF6881F4B2A2CB67BC636641188E95F10729E08ADBC3CB3DE ] BthAvrcpTg C:\WINDOWS\System32\drivers\BthAvrcpTg.sys
22:03:21.0044 0x05f8 BthAvrcpTg - ok
22:03:21.0097 0x05f8 [ 77630A51FAF6A07922FEE835F4DED8F6, E096A9DC12885FD19575346A9693A66D0DDFF96C3155AD2040F2BF4249D1D609 ] BthEnum C:\WINDOWS\System32\drivers\BthEnum.sys
22:03:21.0182 0x05f8 BthEnum - ok
22:03:21.0198 0x05f8 [ C2E31BE025D46D189E38DD1EDF07837A, 656528DCAAAF485EC57EE5C3021E96736634DE3B9C39CBCD2728E055ABD4C0A5 ] BthHFEnum C:\WINDOWS\System32\drivers\bthhfenum.sys
22:03:21.0229 0x05f8 BthHFEnum - ok
22:03:21.0245 0x05f8 [ F7CD605FC0B0B22F3F6F247595E3A655, 1CD9140DE5415DDBEACD8667E63E5C95FD64D693B56302A0474E693E578BEAB0 ] bthhfhid C:\WINDOWS\System32\drivers\BthHFHid.sys
22:03:21.0277 0x05f8 bthhfhid - ok
22:03:21.0298 0x05f8 [ B157D72BDA6A6DD6E9DC6BF338CD0CF8, B2AC26AE214151E5AD93DED78256BC0295DBF0133C854E7DEE4CD776D9C9A349 ] BthHFSrv C:\WINDOWS\System32\BthHFSrv.dll
22:03:21.0329 0x05f8 BthHFSrv - ok
22:03:21.0378 0x05f8 [ 0AB691736D4D4029444AF62DE59CFD37, C1C22EFBF67331B87AB261BBF9813009257437BA02F728EC2DFA1A49ECC5FABF ] BthLEEnum C:\WINDOWS\System32\drivers\BthLEEnum.sys
22:03:21.0429 0x05f8 BthLEEnum - ok
22:03:21.0445 0x05f8 [ 535DC41A33630AE4C262406F9E981C03, 599332589AA28D04189E19B87A4AE6FEEB60B40A7BC6E3B11240DA363A981C29 ] BTHMODEM C:\WINDOWS\System32\drivers\bthmodem.sys
22:03:21.0483 0x05f8 BTHMODEM - ok
22:03:21.0516 0x05f8 [ 224BA1CB1F3C702F0D001D2AFC9793B1, F139F6F78C716E1167E16530AE31E4A26C2A69467BCB08A9A52A101B31DF7771 ] BthPan C:\WINDOWS\System32\drivers\bthpan.sys
22:03:21.0583 0x05f8 BthPan - ok
22:03:21.0633 0x05f8 [ 851ED52AE3E62CD5374BD4BBFF7A9DAB, 381281CB7D8FC4026092330B06E24BC84EEF79EE3C97E21900D950D7D9AB2FC3 ] BTHPORT C:\WINDOWS\System32\drivers\BTHport.sys
22:03:21.0719 0x05f8 BTHPORT - ok
22:03:21.0735 0x05f8 [ 96932F631F5CB9F5D1C8F99A71568EF3, 5E4C8955A2EE9DC76B4EBC383653EB753D76D6B017E1A5DD553AC16094D7F12A ] bthserv C:\WINDOWS\system32\bthserv.dll
22:03:21.0804 0x05f8 bthserv - ok
22:03:21.0851 0x05f8 [ DC5955E589C55E2313D69B64E1A183F3, 06D703246D0813DE53D62885C8B7381135783673FF4BDDD5CC38FEB54901BB76 ] BTHUSB C:\WINDOWS\System32\drivers\BTHUSB.sys
22:03:21.0886 0x05f8 BTHUSB - ok
22:03:21.0917 0x05f8 [ 23F9EF739F685E07482116425E7879AA, 0EBDF96A49A319C0BCF6F51FB6C8C392C017E1738B950C19C91FF43E14D73143 ] buttonconverter C:\WINDOWS\System32\drivers\buttonconverter.sys
22:03:21.0986 0x05f8 buttonconverter - ok
22:03:22.0020 0x05f8 [ 60EB6A4CE3E21887D302350631C16F26, 4270EFA22285C1A9336CF1220761E416950D2DA9C6A40D1D8452686CD5040DAB ] CapImg C:\WINDOWS\System32\drivers\capimg.sys
22:03:22.0101 0x05f8 CapImg - ok
22:03:22.0133 0x05f8 [ F8FB51B9EF6372610E9B31A1D86B62FC, 7461584A8B39AC549AD7BAFFA509D4CD81EEE542808BC8EFC285863A0AE6432D ] cdfs C:\WINDOWS\system32\DRIVERS\cdfs.sys
22:03:22.0186 0x05f8 cdfs - ok
22:03:22.0217 0x05f8 [ 2E6612376D257F74781F2EF1F869D8C3, 908B0DECB9F098F7F11B029A03C06C67FB52E5E8BEA42033A2B579D3B3686AB8 ] CDPSvc C:\WINDOWS\System32\CDPSvc.dll
22:03:22.0290 0x05f8 CDPSvc - ok
22:03:22.0306 0x05f8 [ A93C9B9EBE2FDE5A536000D72CC17F7F, 9793CFAE8BE8C6B5B39A1D276577965FBB2CE131325A410B7C68BD23492ADAAF ] CDPUserSvc C:\WINDOWS\System32\CDPUserSvc.dll
22:03:22.0369 0x05f8 CDPUserSvc - ok
22:03:22.0434 0x05f8 [ 613D0137C269187FA298A157E3D14A18, 84BC268525F14BB27202CE242BF94D9E83BC91B50A0335908574F31B29A2F04D ] cdrom C:\WINDOWS\System32\drivers\cdrom.sys
22:03:22.0465 0x05f8 cdrom - ok
22:03:22.0487 0x05f8 [ 9450FA11E9DE6715FCB71A519A8FF90B, B7E341C6E4CE967FCDD0D17A497C07E8A1C6B0AACE8A6E8E5D6C21EF73F13E16 ] CertPropSvc C:\WINDOWS\System32\certprop.dll
22:03:22.0534 0x05f8 CertPropSvc - ok
22:03:22.0565 0x05f8 [ 0AED948DA8D5F08B3D6F12E4E2089736, 95E538E81DDBC83492C5F3820C82C78F050B4D74ACF12D7970EC84F93581AE29 ] cht4iscsi C:\WINDOWS\system32\drivers\cht4sx64.sys
22:03:22.0603 0x05f8 cht4iscsi - ok
22:03:22.0687 0x05f8 [ 0002A0FDE087C1657AB31CE73077539C, 4DD6210B67E9633AB3240371590869DC833A4C986C74FC12A5D4FFFFD361848A ] cht4vbd C:\WINDOWS\System32\drivers\cht4vx64.sys
22:03:22.0788 0x05f8 cht4vbd - ok
22:03:22.0819 0x05f8 [ 6B4F90A287D75CCD78694F6790C911B2, 73D7C31E9F475FA3FD568FCA9A953F968729AA114F63C06F38BF5198DAD67BD8 ] circlass C:\WINDOWS\System32\drivers\circlass.sys
22:03:22.0850 0x05f8 circlass - ok
22:03:22.0887 0x05f8 [ 39591D8510CEC3BA6ED4330EE689B791, E827DEA20AB338308D6E4EEFEF551088088B77CD10BF08C8BE568090E04172E2 ] CLFS C:\WINDOWS\system32\drivers\CLFS.sys
22:03:22.0934 0x05f8 CLFS - ok
22:03:22.0982 0x05f8 [ E133CFCBFABB3CB517BE9F42FEA5887C, DA699CDD5F3CC427354540C907BD24CCA7BAC3112C53918EB611CB4EEC7611DA ] ClipSVC C:\WINDOWS\System32\ClipSVC.dll
22:03:23.0019 0x05f8 ClipSVC - ok
22:03:23.0051 0x05f8 [ EEC3A4A98AE1A337E3CD1483AD6F2E15, 764DA329984A95E092F5C15116DA34FA7FC27216C0862365D4BF10ADC97EC5C5 ] clreg C:\WINDOWS\System32\drivers\registry.sys
22:03:23.0119 0x05f8 clreg - ok
22:03:23.0135 0x05f8 [ 429623E266EF067A44E8CF148E9DFB9B, A48AA85ACC52C7AD73DB2D6148B3F9FB5EAC33C8F8C5BB6D7D0A9D84B7C08E11 ] CmBatt C:\WINDOWS\System32\drivers\CmBatt.sys
22:03:23.0166 0x05f8 CmBatt - ok
22:03:23.0236 0x05f8 [ 3E502EB1701CF54CF237B6250FBE38EA, E63F6F45D3990ACBCA96003F67C83697BA5B74B89F972C5E9CC45F90D05519FF ] CNG C:\WINDOWS\system32\Drivers\cng.sys
22:03:23.0267 0x05f8 CNG - ok
22:03:23.0289 0x05f8 [ 3DB10C59405931E2C72EFB82C1AF97D1, 100B5450A70988DB1C1F8A5FDBB3553AF1A0D47B42A5AC71460DB92E26010CE6 ] cnghwassist C:\WINDOWS\system32\DRIVERS\cnghwassist.sys
22:03:23.0320 0x05f8 cnghwassist - ok
22:03:23.0420 0x05f8 [ 34C935AF2A414572B412B3556586D783, 912981B88B0796576ECCD5EBE0C4728EC02D5D6A96B039447DCBA59B2583F25E ] CompositeBus C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys
22:03:23.0536 0x05f8 CompositeBus - ok
22:03:23.0552 0x05f8 COMSysApp - ok
22:03:23.0552 0x05f8 [ 44EEEB2382F566999287E13F2067693C, 53A4A0C85EAD38030FF2078C67465E3710ECD03A08FF34E1E67B2E3E1CC70043 ] condrv C:\WINDOWS\system32\drivers\condrv.sys
22:03:23.0589 0x05f8 condrv - ok
22:03:23.0636 0x05f8 [ 99F910BE9520B7AED8ED670F1E268CBD, 486920B98DC9B1D6C653141B05F5B26D4BF2C45454B6DEC92EF3419B0A2DF2B1 ] CoreMessagingRegistrar C:\WINDOWS\system32\coremessaging.dll
22:03:23.0690 0x05f8 CoreMessagingRegistrar - ok
22:03:23.0752 0x05f8 [ A28D6FA203CE094BDE7ED8CEC6079E42, 5DCA8BA21F5FD0D9F00620E7592949ABCF3BA202CF7AF3D84F93DF7C13E2D4C9 ] cphs C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
22:03:23.0990 0x05f8 cphs - ok
22:03:24.0037 0x05f8 [ 5F06CAC4B09250CDDDD0180A08162924, A2EB0A57225E65FC264CFC9FAD858D8B54A015CDAE3DC904B1C4E9AAB40B1F06 ] CryptSvc C:\WINDOWS\system32\cryptsvc.dll
22:03:24.0108 0x05f8 CryptSvc - ok
22:03:24.0166 0x05f8 [ 03214883D52FAD46573233852344C72C, 63DCCDD895EB804D205ABB8EA381B34FB0879D09E4D0EB0B28F9B2BB1024BAB7 ] CSC C:\WINDOWS\system32\drivers\csc.sys
22:03:24.0247 0x05f8 CSC - ok
22:03:24.0322 0x05f8 [ BE35D1BAC3F18C9EB1C1CFBA31ED95E3, 4255475D173868A0E5583E844A1884E819E229838C4DEACAC47F1A4DEF388C9D ] CscService C:\WINDOWS\System32\cscsvc.dll
22:03:24.0384 0x05f8 CscService - ok
22:03:24.0407 0x05f8 [ 039B5A8CBD5C75D1C46DF15F7C74D136, A5C8A41F2D406D37E147939F2058373ED091BFCC00CA7E829F887638CD3A2F64 ] dam C:\WINDOWS\system32\drivers\dam.sys
22:03:24.0438 0x05f8 dam - ok
22:03:24.0491 0x05f8 [ 7BD259FC59CF9C2AE1B979564B374CC6, 299832FCE304A85080C80ABFE820A6093AC15A7C1E7C89D8C946708E955A2909 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
22:03:24.0586 0x05f8 DcomLaunch - ok
22:03:24.0607 0x05f8 [ AE9F09F87755C18904656CB4F59F351D, B352A43B3B68B497D87B49C302AF3F37F36D56D49878AE3785C3D43597E5DC57 ] DcpSvc C:\WINDOWS\system32\dcpsvc.dll
22:03:24.0638 0x05f8 DcpSvc - ok
22:03:24.0670 0x05f8 [ ABBD3EE724117242E28D31F19FBCFF03, 68EA91A969DD80A5DE28B0A8EAEB308837183713559C2C2FAEF991858C971393 ] defragsvc C:\WINDOWS\System32\defragsvc.dll
22:03:24.0739 0x05f8 defragsvc - ok
22:03:24.0770 0x05f8 [ DD74F18227ACC837D9856E24282D446D, 6A760E44CD897952538CDFA8895FE11263D51AAA79CFF24C01F3862E919DA478 ] DeviceAssociationService C:\WINDOWS\system32\das.dll
22:03:24.0854 0x05f8 DeviceAssociationService - ok
22:03:24.0870 0x05f8 [ FEA494AC3A1BAE63C1F2AF267D49F1DB, 0722FEA2481740B53EF26B1CA59166C63C157A5C708AC93DF3FBB74A27266C9C ] DeviceInstall C:\WINDOWS\system32\umpnpmgr.dll
22:03:24.0938 0x05f8 DeviceInstall - ok
22:03:24.0969 0x05f8 [ CDF1B1B5C5951111791C236B2696C7F8, BF6C4BA545C8827B40DB69890DB4D2B2F9C583C5E3CFBDFD370B05891141458D ] DevQueryBroker C:\WINDOWS\system32\DevQueryBroker.dll
22:03:25.0007 0x05f8 DevQueryBroker - ok
22:03:25.0054 0x05f8 [ 0D1D392ED2597F295956D058D33BD7C3, 2F7FE5A06D880F9E2A46C9803DD249DC40C2898C04E946D14E7EECCCC9F2B24F ] Dfsc C:\WINDOWS\system32\Drivers\dfsc.sys
22:03:25.0139 0x05f8 Dfsc - ok
22:03:25.0173 0x05f8 [ 9593475FBC857A05D93BFF4FA7323C2B, D2A958AF5EFDC6136A6ABB7F8D5FE1F84C967E79BEA96C5BE3661A0145DEB907 ] dg_ssudbus C:\WINDOWS\system32\DRIVERS\ssudbus.sys
22:03:25.0192 0x05f8 dg_ssudbus - ok
22:03:25.0239 0x05f8 [ F0D4400BA0F08610D9A551B15BF10B76, 83EB8FB272FC2DD2CC0659C2FB90AD0DAE88A88AB3951E03BCD933A25B601E10 ] Dhcp C:\WINDOWS\system32\dhcpcore.dll
22:03:25.0319 0x05f8 Dhcp - ok
22:03:25.0401 0x05f8 [ CA7FEDDFCF61EF15A09C54DA2C07C49F, 346EF7709BA9E6BD48592B86FA46F9D956C847EF91F4980EEAD98269D0F0EF67 ] diagnosticshub.standardcollector.service C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
22:03:25.0465 0x05f8 diagnosticshub.standardcollector.service - ok
22:03:25.0565 0x05f8 [ CAD14E0AD1F03397E9B1C8733D76BEF4, 0035EF35F6520B1DF0E599C8A06D4163C52576BCE0976BF729B44DECDC506627 ] DiagTrack C:\WINDOWS\system32\diagtrack.dll
22:03:25.0704 0x05f8 DiagTrack - ok
22:03:25.0751 0x05f8 [ 35B9D46560339A5A7F0CAC6ED702C817, F70480B01533B7029F90E2DE297E9E829660300DDE7A7D009B0AC2684E7691A7 ] disk C:\WINDOWS\system32\drivers\disk.sys
22:03:25.0767 0x05f8 disk - ok
22:03:25.0851 0x05f8 [ 09CF47A74BFB480B8262FCEE222004B6, F5CD0ACA04BCB95984595CC2E17BC9E92865091A0A3BCAD4B06438A1570E7696 ] DmEnrollmentSvc C:\WINDOWS\system32\Windows.Internal.Management.dll
22:03:25.0966 0x05f8 DmEnrollmentSvc - ok
22:03:25.0966 0x05f8 [ 815F45161A4571C2C44491564F3D5968, 32E7AE8414A178CE429C0CDFCF718E3C11C705FB3155EA5CA0EAD48AAE507B01 ] dmvsc C:\WINDOWS\System32\drivers\dmvsc.sys
22:03:26.0019 0x05f8 dmvsc - ok
22:03:26.0051 0x05f8 [ 6E5EE6E420FECD64DE463C5F01CBFE71, F173C56895E80AA03D70CD78B3AB659C2EEAACFF43BE3B6EF3939D6F4AD4F62D ] dmwappushservice C:\WINDOWS\system32\dmwappushsvc.dll
22:03:26.0120 0x05f8 dmwappushservice - ok
22:03:26.0151 0x05f8 [ 7F8A3ABF7750326E18CE953CCE262670, 5DBD159E8A455A42764FC73CF7DCAC849B5896848C5589B00BD36697804C0A3B ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
22:03:26.0235 0x05f8 Dnscache - ok
22:03:26.0267 0x05f8 [ 8F46B4C3F9BA19C26A26D0A11137B20B, BA0A66DBA98D77FD85A7CD2D4593F2B2A1A3B4D32BBECBCFFBEB5A54DCB0D8ED ] dot3svc C:\WINDOWS\System32\dot3svc.dll
22:03:26.0335 0x05f8 dot3svc - ok
22:03:26.0351 0x05f8 [ CA09EAEE92C6FDDC6B05057F11A0372D, 14DB5C186B69644AA93C445BF31CC9670204F95A47B77B6EACB19B4A316378AD ] DPS C:\WINDOWS\system32\dps.dll
22:03:26.0420 0x05f8 DPS - ok
22:03:26.0435 0x05f8 [ AE6BD4C879A8C849E53947C92DF3B3A0, 8C29774CB2D30D901C54AAC0C8ACE709351EE40E5C8FB9951B2A18B4A03F28B7 ] drmkaud C:\WINDOWS\system32\DRIVERS\drmkaud.sys
22:03:26.0467 0x05f8 drmkaud - ok
22:03:26.0523 0x05f8 [ 7433474BE77F065D2FA628671FE31A3E, 063ADDC68F48036749E6EC7B2F66284DB29F90F62E9468D16B4EF5A0FDC45E35 ] DsmSvc C:\WINDOWS\System32\DeviceSetupManager.dll
22:03:26.0601 0x05f8 DsmSvc - ok
22:03:26.0623 0x05f8 [ 5FCA45C24501DA7390065D3706A9FC3F, 093FD840F1502ECC6F05B9723CA523B3F15CF39A5D2B9106E1267739B3F2C52C ] DsSvc C:\WINDOWS\System32\DsSvc.dll
22:03:26.0654 0x05f8 DsSvc - ok
22:03:26.0755 0x05f8 [ D218D4D333A959F1003D5A57A4B6F34E, F25DD186F97AE5C09DFC13C10B19E590EC6FFCB6BE19C54B25C7FC5FF24A56AE ] DXGKrnl C:\WINDOWS\System32\drivers\dxgkrnl.sys
22:03:26.0855 0x05f8 DXGKrnl - ok
22:03:26.0908 0x05f8 [ 9FCE4EF7D5E274F862D9A2526B5F4779, 81D42D5475C2801C8E0C233A0BA827569D8A70590017C91C665C8B232D9BFAA9 ] EapHost C:\WINDOWS\System32\eapsvc.dll
22:03:26.0955 0x05f8 EapHost - ok
22:03:27.0092 0x05f8 [ 7EC6FC0266D74BD47ABB130A328B70EC, 3856790AF967AB03B1A89F97328DC4D5A6854ACDA6169681A9AFB03D7CF791F9 ] ebdrv C:\WINDOWS\system32\drivers\evbda.sys
22:03:27.0241 0x05f8 ebdrv - ok
22:03:27.0288 0x05f8 [ 6F8E95716C1A27FF2FE96D30B147F1C1, 9403E9FE8B13EE294CFBBD96649BBD54CF723CF5872E3E03DA4380379D677983 ] EFS C:\WINDOWS\System32\lsass.exe
22:03:27.0318 0x05f8 EFS - ok
22:03:27.0333 0x05f8 [ 8D74B8B5D6F7C5BC4C525BAF2B083FF1, DA5656F745B3911F96871887FDFDC40F4D9C820622A0AA27EFE4BA93662833CA ] EhStorClass C:\WINDOWS\system32\drivers\EhStorClass.sys
22:03:27.0359 0x05f8 EhStorClass - ok
22:03:27.0403 0x05f8 [ 2A9817B5A9260D8F60D52E36BEF10443, AC1A0203221AFAF584C71317FA07AA1B6E61BE619E918B3B1E4AD57CCED1CF03 ] EhStorTcgDrv C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys
22:03:27.0425 0x05f8 EhStorTcgDrv - ok
22:03:27.0457 0x05f8 [ 80A7999DE02CE678B865832E1CE78CD6, 2576EBB6E4D630A906DE724F125099E52A962B5B68B9F9BCA849A7B29D8C8689 ] embeddedmode C:\WINDOWS\System32\embeddedmodesvc.dll
22:03:27.0509 0x05f8 embeddedmode - ok
22:03:27.0540 0x05f8 [ 3CE2B6AECB9AF8BC159299EEC46A35CA, E933B28BB6E4D01FCCDF8FBBB134C244B28DA3ECBDFA13333F0D4C24B2551780 ] EntAppSvc C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
22:03:27.0602 0x05f8 EntAppSvc - ok
22:03:27.0609 0x05f8 [ 77B60DEC7DCB4233E4A69D3F52E5DB24, 3A5C905E37A93899051497C90E5BA8E1D003B56C6906CADFD2F1CDF52052D248 ] ErrDev C:\WINDOWS\System32\drivers\errdev.sys
22:03:27.0671 0x05f8 ErrDev - ok
22:03:27.0709 0x05f8 [ 047244823B2EA707E1F6076CA20DEF90, FEC862FA755A2D94306C774E9AE1E79334E5BB31992B78B0DAE8DA41C14DC839 ] ESProtectionDriver C:\WINDOWS\system32\drivers\mbae64.sys
22:03:27.0756 0x05f8 ESProtectionDriver - ok
22:03:27.0809 0x05f8 [ F89083AB8B9F51C0031C1CBD0A9A7E35, 9EE973A25134960E62D1A6A1E34AD9B3F7690E71C1AD31A23FA2081A73438754 ] EventSystem C:\WINDOWS\system32\es.dll
22:03:27.0887 0x05f8 EventSystem - ok
22:03:27.0910 0x05f8 [ FCD2C63754C2E739A8EEAD9BC63F9DDC, C57A72ABA4C0BD71F914B9C8FF965DCFF585A205498F19A4584A4BAF7674839D ] exfat C:\WINDOWS\system32\drivers\exfat.sys
22:03:27.0972 0x05f8 exfat - ok
22:03:28.0025 0x05f8 [ FA918EC296EB410FF02867D008D02421, 23D164A24CB0D212778FA9592A046B6BA1F3628003E04181744A1F891B5B3E5A ] fastfat C:\WINDOWS\system32\drivers\fastfat.sys
22:03:28.0072 0x05f8 fastfat - ok
22:03:28.0114 0x05f8 [ 77CE56471AF984800F318F3734D768C7, 72D540072374A56C2C497F0532A50705D3F0637F2C0C96B1D715F2EDFCA3AA2D ] Fax C:\WINDOWS\system32\fxssvc.exe
22:03:28.0205 0x05f8 Fax - ok
22:03:28.0210 0x05f8 [ 99598ECA5E41996E005D5B9D9FF1EFA2, 91345CD50EF02431B69093505C1C5F5DC6A1AA6BF192EE9392ED4D5626B60462 ] fdc C:\WINDOWS\System32\drivers\fdc.sys
22:03:28.0257 0x05f8 fdc - ok
22:03:28.0292 0x05f8 [ EF0DD43A4CBAB367BCA1AFBDC9971E4F, 73E161C45D63FDDE71EE2438137913724DC513860539D1E7F6BD861F5D1B33F3 ] fdPHost C:\WINDOWS\system32\fdPHost.dll
22:03:28.0326 0x05f8 fdPHost - ok
22:03:28.0326 0x05f8 [ 34DAC585994CD3B4E910DE11C584EF3D, A6C6A4CB5413EA61F1A54E2D3AD71A311CEA2C26218544D2D2D4A5CFEC52DE8C ] FDResPub C:\WINDOWS\system32\fdrespub.dll
22:03:28.0373 0x05f8 FDResPub - ok
22:03:28.0410 0x05f8 [ B68DA1FE3CA2311AFD38DD6905CA7F71, 4B395DFB1B47D2507CA4D9DC996A70D0A3BDB1A245CD6DA6C42B2A299AFCCF37 ] fhsvc C:\WINDOWS\system32\fhsvc.dll
22:03:28.0457 0x05f8 fhsvc - ok
22:03:28.0489 0x05f8 [ F44F666B0EACC3181544FFCF8CA0FFC7, 83F771CF9DAE1C504B30731EEC55355EA1253174252DA2192ADF1D228B3735C3 ] FileCrypt C:\WINDOWS\system32\drivers\filecrypt.sys
22:03:28.0541 0x05f8 FileCrypt - ok
22:03:28.0559 0x05f8 [ 78A210DDFDF2C9EC884631D2DAA573F0, 5D39C6EF4AC690A9749EEDBE2478FFF15A22877A2861EDA103C7BF1607B0C1BD ] FileInfo C:\WINDOWS\system32\drivers\fileinfo.sys
22:03:28.0589 0x05f8 FileInfo - ok
22:03:28.0608 0x05f8 [ 1A97DB5E701A186989F3795223C3BE39, F7982220D4DF7E104955E63CACE352394E2577DEF49506EA126127F820EB62DF ] Filetrace C:\WINDOWS\system32\drivers\filetrace.sys
22:03:28.0642 0x05f8 Filetrace - ok
22:03:28.0676 0x05f8 [ 46626665F0E5906E45619B4EFD6186B8, 37FDD3B8AD49FD29E54DA5567EA77F28A53498AE56348F7A2628E5E5549D638B ] flpydisk C:\WINDOWS\System32\drivers\flpydisk.sys
22:03:28.0710 0x05f8 flpydisk - ok
22:03:28.0726 0x05f8 [ FDA72ACA14D516D18C33AFCD0FD9260F, 6509612DEC82EA74614B5C9A7B432305A1A468C97B88BED9E141DF2929B621B1 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
22:03:28.0773 0x05f8 FltMgr - ok
22:03:28.0857 0x05f8 [ 49BF5C8182C3D2D6CD9F7EEDF1CFDB66, 0977EBE86B57FC370D27CA69D58122397D5D5369AF0C8DBCC492AE7AD55CBA2B ] FontCache C:\WINDOWS\system32\FntCache.dll
22:03:29.0011 0x05f8 FontCache - ok
22:03:29.0111 0x05f8 [ 59241194DBDF30A2B4029E402F377900, 47A92E9CD8494C403B377799D395670A393766647E24CD83B15338CE2AA50266 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:03:29.0158 0x05f8 FontCache3.0.0.0 - ok
22:03:29.0211 0x05f8 [ 8B52024D3A5C3A12F1C4D75D30A976C5, 982F1C783966C9A6D255AA7DBAB6D225EBE0050A36176B8DE85E8ADBFE17FDF1 ] FrameServer C:\WINDOWS\system32\FrameServer.dll
22:03:29.0327 0x05f8 FrameServer - ok
22:03:29.0342 0x05f8 [ D152CCBFC8251670BF0AAFE00D6BC782, 9DE82D8FC4E1DAF8FF23EE08C0B7CB5051A9224E64544D262CFA4996A41B04E1 ] FsDepends C:\WINDOWS\system32\drivers\FsDepends.sys
22:03:29.0373 0x05f8 FsDepends - ok
22:03:29.0389 0x05f8 [ 6D6BB5C7363CD35FA715E826F3D029EE, C214F791EB39E8B25CE57ED9D6C1D56EE1AF6021BCB380980BD42A6338A6C9F7 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:03:29.0411 0x05f8 Fs_Rec - ok
22:03:29.0442 0x05f8 [ 8EEC4925C03E375C4EC496E45C44139A, 06C5C7BCC28D3E435675F0759A09CAB726E971DF4BFC1DC3DCF503EABCDCCCC6 ] fvevol C:\WINDOWS\system32\DRIVERS\fvevol.sys
22:03:29.0489 0x05f8 fvevol - ok
22:03:29.0527 0x05f8 [ EF78034773CE506323655A868C949144, DF195BEEE6704FBCC6D2D9E1BF6723E52ED502A1459F495B7D18481E6A79B5BC ] gencounter C:\WINDOWS\System32\drivers\vmgencounter.sys
22:03:29.0574 0x05f8 gencounter - ok
22:03:29.0611 0x05f8 [ B55FEBC6A00DAA1FE074F020B6907516, 67071FBAC2ABA47AB71358A5F08E92E034A55343878F00137E90B3B1F7362976 ] genericusbfn C:\WINDOWS\System32\drivers\genericusbfn.sys
22:03:29.0658 0x05f8 genericusbfn - ok
22:03:29.0674 0x05f8 [ DDD8A8CDDC7F13EF57D1DAAE71865936, 9D472A8689F72F24D40D5B94849690F53C67849FDF6162A94EF4FB330A3DA566 ] GPIOClx0101 C:\WINDOWS\system32\Drivers\msgpioclx.sys
22:03:29.0711 0x05f8 GPIOClx0101 - ok
22:03:29.0774 0x05f8 [ 713A176494CEC107E663CAD6C2B27F77, 76871D8CFBA8FCD8CFF96208AE84C658EBEC60270D978898B90EE9451AA1BCE1 ] gpsvc C:\WINDOWS\System32\gpsvc.dll
22:03:29.0890 0x05f8 gpsvc - ok
22:03:29.0912 0x05f8 [ 7ACD8F69B5D6EC97E6D2C006E19BED88, FC69214C9308EA64B88EF4C3C95800586DDBB44C8540846B79A161BAD8203B6E ] GpuEnergyDrv C:\WINDOWS\system32\drivers\gpuenergydrv.sys
22:03:29.0974 0x05f8 GpuEnergyDrv - ok
22:03:30.0059 0x05f8 [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:03:30.0074 0x05f8 gupdate - ok
22:03:30.0090 0x05f8 [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:03:30.0111 0x05f8 gupdatem - ok
22:03:30.0128 0x05f8 [ 10E3515FE5DBA6656FA62C29342EC4A1, 2051F10F74ED712B1766EB61E87FADE25AB3D0970BABFD320600D1B0D6377F26 ] HDAudBus C:\WINDOWS\System32\drivers\HDAudBus.sys
22:03:30.0175 0x05f8 HDAudBus - ok
22:03:30.0190 0x05f8 [ B90D284B97CD4CA9DE7430AAAD887A56, 2F14F985C39B7801ED64590979CF2114924E9547F5B11D2B37A74DBFFDD9E7C5 ] HidBatt C:\WINDOWS\System32\drivers\HidBatt.sys
22:03:30.0228 0x05f8 HidBatt - ok
22:03:30.0259 0x05f8 [ B2FE11643CC6ACDEE6C247DD36018FDB, 5796613C7DBF8B2A9E860E006FF1A245B6BE7D10E3F6685AD142B48E5C237B8C ] HidBth C:\WINDOWS\System32\drivers\hidbth.sys
22:03:30.0310 0x05f8 HidBth - ok
22:03:30.0328 0x05f8 [ D24355488A2D4D2323518EC1AC7A6D9E, ED2176A2093726087EDDA25B86E9CDD4BA35F4E748E3A6DE0B15C4C97646B5C7 ] hidi2c C:\WINDOWS\System32\drivers\hidi2c.sys
22:03:30.0359 0x05f8 hidi2c - ok
22:03:30.0375 0x05f8 [ 0AF9ABBA4F3F55C6C803890D64BC3C29, D3DE6FA308F8E7CD4F16387F46AE4B2F7EC9BBA07BF87652B660A0D645710571 ] hidinterrupt C:\WINDOWS\System32\drivers\hidinterrupt.sys
22:03:30.0391 0x05f8 hidinterrupt - ok
22:03:30.0412 0x05f8 [ CDBCF8E9AB06D88A1E1191D32F320C5D, F76963AB7CF2BAB3A220013879AECD3976BFD851CFB66B5A69A9EA2541048861 ] HidIr C:\WINDOWS\System32\drivers\hidir.sys
22:03:30.0460 0x05f8 HidIr - ok
22:03:30.0475 0x05f8 [ C900FE0DD6A1E2220084B8F1C427790C, 802194EBEDA1A50EDA300078B0888AAC1F17A42E67147B7B3B9C50AD8D4E5C89 ] hidserv C:\WINDOWS\system32\hidserv.dll
22:03:30.0528 0x05f8 hidserv - ok
22:03:30.0544 0x05f8 [ 38DA94B6DD8022DA43810E4328608E54, ACE0A36143FF37BC42F136DB7317028540D1C0F21A5FD13F67E1A3DB2426A5EA ] HIDSwitch C:\WINDOWS\System32\drivers\AsHIDSwitch64.sys
22:03:30.0591 0x05f8 HIDSwitch - ok
22:03:30.0628 0x05f8 [ D8536CB438CC4CCDAE047B768EED22B2, 4F666BFA3554F9ACA6B9D436BFA64474D5F30FB3E78F4E66068CCDF283D9867F ] HidUsb C:\WINDOWS\System32\drivers\hidusb.sys
22:03:30.0690 0x05f8 HidUsb - ok
22:03:30.0728 0x05f8 [ 0AC1BD5A28FAA371EF34859FE703E515, 1DD1C33AF8D6EBE7C36FCD051F066E4039D2B47ABAECF7C68BC3933D567930B2 ] HomeGroupListener C:\WINDOWS\system32\ListSvc.dll
22:03:30.0791 0x05f8 HomeGroupListener - ok
22:03:30.0844 0x05f8 [ 86161A89F16851728802590EC7C92608, 3A3B05BB4E115410D27063B30C0EF3F18295F542050F329F1E466C81A9E23A46 ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll
22:03:30.0913 0x05f8 HomeGroupProvider - ok
22:03:30.0929 0x05f8 [ F5CA18197B4646E04DB9EB2D6642CC4D, 5BA3342DDF1BCB67E4156169FE9A33E7BC2641C729E9F1A80C0E80953C6AB114 ] HpSAMD C:\WINDOWS\system32\drivers\HpSAMD.sys
22:03:30.0960 0x05f8 HpSAMD - ok
22:03:31.0013 0x05f8 [ A10C7C1E69FC90620C7BF2E51302A01F, D725AEAE38255CED73F4922A10F226215528706580B06D01C228488F93AC0397 ] HTTP C:\WINDOWS\system32\drivers\HTTP.sys
22:03:31.0076 0x05f8 HTTP - ok
22:03:31.0113 0x05f8 [ 0C84C250F80EAEC2C9768464CC1A9626, 212E1003B78F9B98FEB084FD1FDB59B26A9DE4C9120F24D4361FBBF0F3C035E7 ] HvHost C:\WINDOWS\System32\hvhostsvc.dll
22:03:31.0176 0x05f8 HvHost - ok
22:03:31.0214 0x05f8 [ 74FC79C52395B10FFD0B55CF22CF88FC, 94D977DA2092EE8C2A598AC48758A84BB22CB6378BD114C2D3B4172A07A9CACC ] hvservice C:\WINDOWS\system32\drivers\hvservice.sys
22:03:31.0245 0x05f8 hvservice - ok
22:03:31.0276 0x05f8 [ 771EDDA9830A3079F996F34D681FB6E5, F452AD656872A1C8B2D6DCE232CE01EBD456C46F4934A7601E78470F2A2CBF38 ] hwpolicy C:\WINDOWS\system32\drivers\hwpolicy.sys
22:03:31.0313 0x05f8 hwpolicy - ok
22:03:31.0314 0x05f8 [ 3B9F315E7FA72CC25228EB097DD9C694, B26F1E494428EF197A0C97645C05BB3CA093827A005D35C987F1D6778BC4E52C ] hyperkbd C:\WINDOWS\System32\drivers\hyperkbd.sys
22:03:31.0361 0x05f8 hyperkbd - ok
22:03:31.0392 0x05f8 [ B54B30992620C97230013A74461C8517, CAF09BDCDD6DE2A39CB8AE2C65E6F8FE12D8E93D84BBEF6C6A98F872BF54A4E3 ] i8042prt C:\WINDOWS\System32\drivers\i8042prt.sys
22:03:31.0476 0x05f8 i8042prt - ok
22:03:31.0492 0x05f8 [ C6B8743B213F06AA60943D8366FE968F, 758954F70B810063914B243115B2C753B2BCE40190F95C30ACBA0BF04EBD5B33 ] iagpio C:\WINDOWS\System32\drivers\iagpio.sys
22:03:31.0545 0x05f8 iagpio - ok
22:03:31.0576 0x05f8 [ 9A2A2F3C69B9A30B6E78536F6D258BAD, 5E28E132A7300E6F5E0C6439D6BA00F1AEF66D729FF671FDA91274A25A921463 ] iai2c C:\WINDOWS\System32\drivers\iai2c.sys
22:03:31.0614 0x05f8 iai2c - ok
22:03:31.0646 0x05f8 [ 5A0E850F8CD17791A3E6A3CF81D0CA28, 10A965A49D53360DD250E0758B6BB142872298A21C732EB026ACB93492C5C6CF ] iaLPSS2i_GPIO2 C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys
22:03:31.0692 0x05f8 iaLPSS2i_GPIO2 - ok
22:03:31.0714 0x05f8 [ 7508F1096803385D6376BFD0BD473AC4, 1F32EC23CDC94DCB9710E6663B5C3BD83568545DDC2C741CFC13550A4E4DD2BE ] iaLPSS2i_I2C C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys
22:03:31.0745 0x05f8 iaLPSS2i_I2C - ok
22:03:31.0761 0x05f8 [ 16A10CCEDCF5AC4CAAE43DC9FC40392F, F77696AE55B992154A3B35F7660BD73E0AB35A6ECEEC1931C0D35748CFA605C0 ] iaLPSSi_GPIO C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys
22:03:31.0777 0x05f8 iaLPSSi_GPIO - ok
22:03:31.0792 0x05f8 [ EB82A11613326691508D9ED9A4FE29E7, 8445E41BAB21964C7F014742795E462BDDC6C37A261990B3D6BF4E637A719547 ] iaLPSSi_I2C C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys
22:03:31.0829 0x05f8 iaLPSSi_I2C - ok
22:03:31.0861 0x05f8 [ 97E553D03219D3D51705C7235D9EAEBD, 5D4578C8804AF32D1DC0868E34D6538138DC15F9568CA7E21051B1C82C0D8D55 ] iaStorAV C:\WINDOWS\system32\drivers\iaStorAV.sys
22:03:31.0914 0x05f8 iaStorAV - ok
22:03:31.0945 0x05f8 [ 8350FE3BCDE3428BC040877BB7E9EAEB, 77F9456351CA640C6B7862907C0580627E761EC807B551976A95657EB4D6CC20 ] iaStorV C:\WINDOWS\system32\drivers\iaStorV.sys
22:03:31.0977 0x05f8 iaStorV - ok
22:03:32.0014 0x05f8 [ 3BA03F7C7700DDF4C383DDE9252F5817, 3E90F69D0010E7764349D9AE865D577E431FEBC67DA554B400BC808DD286E203 ] ibbus C:\WINDOWS\System32\drivers\ibbus.sys
22:03:32.0061 0x05f8 ibbus - ok
22:03:32.0092 0x05f8 [ 937AC47F7356554DA05D9722C356EB55, 9EABC9F19B4E1193B669D2674967F5C6F03FAD348EDF0615E3F78554FF9A83CC ] icssvc C:\WINDOWS\System32\tetheringservice.dll
22:03:32.0146 0x05f8 icssvc - ok
22:03:32.0314 0x05f8 [ 9CE4D3A79D3180AC5A141E2F7E7137F4, 1D717D2156B78632895281779D2646AB066619EA1DB293A9505BF7C174F53271 ] igfx C:\WINDOWS\system32\DRIVERS\igdkmd64.sys
22:03:32.0493 0x05f8 igfx - ok
22:03:32.0531 0x05f8 [ 6A9C613D0F5F9676D128F39B63ACE45B, 027B9568C740E336C7CBBE952309E2719E8FFA14E7DFC2B85B49E0C0CE7D2149 ] igfxCUIService1.0.0.0 C:\WINDOWS\system32\igfxCUIService.exe
22:03:32.0631 0x05f8 igfxCUIService1.0.0.0 - ok
22:03:32.0693 0x05f8 [ F2934208C0E50C0B971A7981AB90BED2, B936BFBBD71E731CC2CDB8B47D262F2EF09726FF921C2DA0841910CA2401423D ] IKEEXT C:\WINDOWS\System32\ikeext.dll
22:03:32.0778 0x05f8 IKEEXT - ok
22:03:32.0815 0x05f8 [ 2A01C96DF5802D3434634E55C91232D8, A3ABEF36E2FD2CF5C371ADBF92566A09669A1D990ABE4677370F57F2EEAF8121 ] IndirectKmd C:\WINDOWS\System32\drivers\IndirectKmd.sys
22:03:32.0862 0x05f8 IndirectKmd - ok
22:03:32.0893 0x05f8 [ 41CD73C13FCAEA4942F0CF7608B7530F, 835BF370E6624975E3CB7106D4835488D6F527C545E7B0ECD26A161D36CABABB ] intaud_WaveExtensible C:\WINDOWS\system32\drivers\intelaud.sys
22:03:32.0947 0x05f8 intaud_WaveExtensible - ok
22:03:33.0131 0x05f8 [ A15C6143EED6F615C4BBD28796C6BD49, 5D3E50F29FAA94F9EBCFE675A32E392367C4385CD3594CF37940B41D3F0A2810 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHD64.sys
22:03:33.0294 0x05f8 IntcAzAudAddService - ok
22:03:33.0348 0x05f8 [ 87871AB7AC797F922A6F3D4C874CED96, 2BCD89911E42827CD294DD7D1486A7845D1F98019E51958E0F488384401B2944 ] IntcDAud C:\WINDOWS\system32\DRIVERS\IntcDAud.sys
22:03:33.0379 0x05f8 IntcDAud - ok
22:03:33.0431 0x05f8 [ 9F7E87F6595D065A8A200A291043045E, 6944F72F73EADC6C9B7691F2C1C6DF1898F22C88EFA78EC0BA8CB5FFD9CE057B ] intelide C:\WINDOWS\system32\drivers\intelide.sys
22:03:33.0447 0x05f8 intelide - ok
22:03:33.0463 0x05f8 [ A6BD2E20AE1BC5CB2776C87C28E4F4CA, BD8BE67CED9A4982D785CE9ECBEFE868C3A2E37DF7F9592B9F9049B807A1554B ] intelpep C:\WINDOWS\system32\drivers\intelpep.sys
22:03:33.0494 0x05f8 intelpep - ok
22:03:33.0516 0x05f8 [ 2A48DA39542636DB0FA3BA915385D1B3, 6CA0916F5F4B1E81AE6A6233276320599BFA7C129267177703E3BB6468FB4683 ] intelppm C:\WINDOWS\System32\drivers\intelppm.sys
22:03:33.0563 0x05f8 intelppm - ok
22:03:33.0594 0x05f8 [ DB32758F3A7F6CCE81A5430080A2EA65, 36A26BAA884E96804F8EA0B12BB3E81BBE6D4EE704809904091445F36CAB5A29 ] iorate C:\WINDOWS\system32\drivers\iorate.sys
22:03:33.0632 0x05f8 iorate - ok
22:03:33.0647 0x05f8 [ FE85D0A86CA7A5A99CF8CD04DE7F80AE, 544C01FC01EE728EB5667158207E5F4418FE77A88BA318192A834722DB766F4E ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:03:33.0730 0x05f8 IpFilterDriver - ok
22:03:33.0780 0x05f8 [ EF1BB0EF8A12C32DD88C409706B8145E, 7AEDE717C258C29592CC8AEC40F61617E5382646E5141E1C0941882ACE5C5758 ] iphlpsvc C:\WINDOWS\System32\iphlpsvc.dll
22:03:33.0877 0x05f8 iphlpsvc - ok
22:03:33.0894 0x05f8 [ 450DBDD716C7911F83E05F78EE18BFA2, 43C0DA172F632131898F315A53DEDD1AE99FB0620AB32B3A5B99FEC498C9AAE5 ] IPMIDRV C:\WINDOWS\System32\drivers\IPMIDrv.sys
22:03:33.0916 0x05f8 IPMIDRV - ok
22:03:33.0932 0x05f8 [ F1DAECC3B3D6399875D4F10529D6A77C, 6533D2F858816BE6570C998510919FCA2904EC6EF806F61C1FD325E88133111B ] IPNAT C:\WINDOWS\system32\drivers\ipnat.sys
22:03:33.0963 0x05f8 IPNAT - ok
22:03:33.0994 0x05f8 [ 7475A2903BB704B446AA6309E34D3362, C94643A1626A9716015EBA7041A1224098501EB7DAA704CBFCAD3DC6F3CFC6AF ] irda C:\WINDOWS\system32\drivers\irda.sys
22:03:34.0047 0x05f8 irda - ok
22:03:34.0047 0x05f8 [ 9725E7F0C64CE9916A5CDABE8D6E13C3, 04AF9E48FEF208A2850DF28352E8FDCBF4018982C72C0F67EE12C048C4070116 ] IRENUM C:\WINDOWS\system32\drivers\irenum.sys
22:03:34.0078 0x05f8 IRENUM - ok
22:03:34.0112 0x05f8 [ 8C604213A2E73088BFFE6CD2E6F1AE53, B4C4FEE4D398A29F72EC27D5668071D7E68CD943FFFC38624DD5DF5BEBDF46D3 ] irmon C:\WINDOWS\System32\irmon.dll
22:03:34.0148 0x05f8 irmon - ok
22:03:34.0163 0x05f8 [ 58040898883A96160D41739C80328BBF, 7F85C91C905811416E266A263DDEFCDCB0B45376AAE51B551AB636C16577DB9F ] isapnp C:\WINDOWS\system32\drivers\isapnp.sys
22:03:34.0194 0x05f8 isapnp - ok
22:03:34.0216 0x05f8 [ C9FD02D62E09337B67B0C61EC8CA38CC, DC77E935ECC8474BE9018F0937CB11C137073582B20A0EE107CE247FD9E1F9C1 ] iScsiPrt C:\WINDOWS\System32\drivers\msiscsi.sys
22:03:34.0248 0x05f8 iScsiPrt - ok
22:03:34.0279 0x05f8 [ 48B904D31F2369D7B0122617038D3F5B, 8A43CB37667929CCCC37B6E79E82509BBCA6C8884B44059DC87BCA7C21BE7FE1 ] iwdbus C:\WINDOWS\System32\drivers\iwdbus.sys
22:03:34.0348 0x05f8 iwdbus - ok
22:03:34.0363 0x05f8 [ 210808437570BDDEE71A43535E3A2D30, EF5DE6EE4FF58F44CDE4D4E7F298ABBC9086EC05CC3AE4903060DA878115AC1E ] kbdclass C:\WINDOWS\System32\drivers\kbdclass.sys
22:03:34.0379 0x05f8 kbdclass - ok
22:03:34.0416 0x05f8 [ 0B779E9FC426CA2268D28181FA6C222F, 83292023A688C3044D096F22242EB954B7F7511BE8341D45FF0AFBD9CB9BCB4E ] kbdhid C:\WINDOWS\System32\drivers\kbdhid.sys
22:03:34.0495 0x05f8 kbdhid - ok
22:03:34.0511 0x05f8 [ 813BA3EB2CE038F2A5382DDD75CAD60B, 99FA444027CAC247B54317730D54AB0C4C000AE076B97E47470FDA9834594312 ] kdnic C:\WINDOWS\System32\drivers\kdnic.sys
22:03:34.0533 0x05f8 kdnic - ok
22:03:34.0548 0x05f8 [ 6F8E95716C1A27FF2FE96D30B147F1C1, 9403E9FE8B13EE294CFBBD96649BBD54CF723CF5872E3E03DA4380379D677983 ] KeyIso C:\WINDOWS\system32\lsass.exe
22:03:34.0580 0x05f8 KeyIso - ok
22:03:34.0615 0x05f8 [ 705C0F8BCCEF6E7CB704CCB454192D7E, FC608C708E2C3BF7A66E57B95E19E71E5F5C87EF359D8BC1A817500B45DF9338 ] KSecDD C:\WINDOWS\system32\Drivers\ksecdd.sys
22:03:34.0633 0x05f8 KSecDD - ok
22:03:34.0648 0x05f8 [ 55AD13E2BAFC5AB53A10F8C271F5D242, 058BEF14DCB95574BCAB985F04737BA89483937E8D8A74F7B4CEAFB7400C2397 ] KSecPkg C:\WINDOWS\system32\Drivers\ksecpkg.sys
22:03:34.0680 0x05f8 KSecPkg - ok
22:03:34.0695 0x05f8 [ 4ED115CD1A1099705F56B5E0FFF97CC6, 9CC49DF2CD6AAAE405BA661D13EFC1E05111D1DE3D1E50C39C425AF1F075610B ] ksthunk C:\WINDOWS\system32\drivers\ksthunk.sys
22:03:34.0748 0x05f8 ksthunk - ok
22:03:34.0795 0x05f8 [ 8125BDF7ADC261F75EF0CAD92456E350, 184797AA1D58C4FF743BA60D48590B88B781EE7779205E45E0679DEC79F3E185 ] KtmRm C:\WINDOWS\system32\msdtckrm.dll
22:03:34.0849 0x05f8 KtmRm - ok
22:03:34.0896 0x05f8 [ 8CCAB08815B50AD78B823DB3F96C8604, 265E6D582EB7207B5CC577D61CB7BC3646F613047F168CD69BB776C37780EBF5 ] LanmanServer C:\WINDOWS\system32\srvsvc.dll
22:03:34.0949 0x05f8 LanmanServer - ok
22:03:35.0033 0x05f8 [ 33DBBCF71F68EA97D9FD34E4C9AB5AC6, 104F04A1560E75EB224A3825707CE51E8798ABD764F5CC3B854FFFC93A39AF60 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
22:03:35.0118 0x05f8 LanmanWorkstation - ok
22:03:35.0134 0x05f8 [ F8EBAA1FE6D3BF84752931DE1BFA0E2A, 2F3C512712BA709BBBBD779D9E792DBE324876C402CDCEF0345B8B7ABE1D232A ] lfsvc C:\WINDOWS\System32\lfsvc.dll
22:03:35.0197 0x05f8 lfsvc - ok
22:03:35.0218 0x05f8 [ 5A23E4BE0CCF49663C4CF7EB74C20278, 9DF91014B13B7CED1C3D409F90858FD03EFC5C4347C98901B4DF0AFF2B77845D ] LicenseManager C:\WINDOWS\system32\LicenseManagerSvc.dll
22:03:35.0281 0x05f8 LicenseManager - ok
22:03:35.0296 0x05f8 [ 5933A6673F00D8255C52957E40C2D601, 0AA1281F8B3F97E360592D1B35EE7D3D614F1AB46007F9884CFFB1C5E647575E ] lltdio C:\WINDOWS\system32\drivers\lltdio.sys
22:03:35.0350 0x05f8 lltdio - ok
22:03:35.0381 0x05f8 [ 88A3C935725FA6EA1A228DCC26CF9C6F, 9B1F70644EEFA1EE7CE151A8A970430087339B7A6345F2E0252370929D4AFAC6 ] lltdsvc C:\WINDOWS\System32\lltdsvc.dll
22:03:35.0419 0x05f8 lltdsvc - ok
22:03:35.0450 0x05f8 [ 3F858E28AEE6545FA1B64134DFD5C2CE, FFD7B4FB0A7B61BC6B76A172134673842F2CF00E96FA3ED4A8273DC525B6BB92 ] lmhosts C:\WINDOWS\System32\lmhsvc.dll
22:03:35.0516 0x05f8 lmhosts - ok
22:03:35.0551 0x05f8 [ 8E1B0946948CCC0BC1FA3CB70374A795, 0B894C129A35E223FF9594725AC90916CBD597FAD2211A18FC2AE03EA8679597 ] LSI_SAS C:\WINDOWS\system32\drivers\lsi_sas.sys
22:03:35.0582 0x05f8 LSI_SAS - ok
22:03:35.0598 0x05f8 [ 4F68163FC04C973500DC4DA0946917B0, DF060C29109EB3978CEDFE781999B0C4C1E8C0FDB133428058D8400C53315EEC ] LSI_SAS2i C:\WINDOWS\system32\drivers\lsi_sas2i.sys
22:03:35.0619 0x05f8 LSI_SAS2i - ok
22:03:35.0635 0x05f8 [ E5AC5F2815938651CDCC27F425474673, 3AF0598982153C36A766506FA088F7B84333CC96FEBB050402547AFC613AF9F7 ] LSI_SAS3i C:\WINDOWS\system32\drivers\lsi_sas3i.sys
22:03:35.0666 0x05f8 LSI_SAS3i - ok
22:03:35.0682 0x05f8 [ CCF6EC9FB9B8F18E05B4253E81013E48, EBE8D77FEE8B99BD8C29702404774D554673C96DF3FDF3DCEA9C99E22C2709FC ] LSI_SSS C:\WINDOWS\system32\drivers\lsi_sss.sys
22:03:35.0718 0x05f8 LSI_SSS - ok
22:03:35.0751 0x05f8 [ D5EFC0BAEC21EDE6FE03D377D403B421, 41BE71AF7C896FD4C51EF7E3871AAB769164DFB8050DA43E48C7A100711414B4 ] LSM C:\WINDOWS\System32\lsm.dll
22:03:35.0820 0x05f8 LSM - ok
22:03:35.0851 0x05f8 [ C9579D32219E5B936AC3A48D470117EC, E61A77191B6BA25D29B1221FEBBE826BBC11F825C0E35A72B4CEFFF8B7FE59A8 ] luafv C:\WINDOWS\system32\drivers\luafv.sys
22:03:35.0898 0x05f8 luafv - ok
22:03:35.0935 0x05f8 [ D0DFC736EEDA66CB03D851D1CF470787, 9355EE537E53485C084C6AD6619235BEA77B4BB69640FAEBFD14BA7B4B12B8F3 ] m76usb C:\WINDOWS\System32\drivers\m76usb.sys
22:03:36.0018 0x05f8 m76usb - ok
22:03:36.0052 0x05f8 [ CAAF0CD70FEE7C5110B1E62804E41B17, 48482A6C8D2296C4DC613304637C8DBB7DD1DB39326F27650EBCA6FD2793BCFD ] MapsBroker C:\WINDOWS\System32\moshost.dll
22:03:36.0115 0x05f8 MapsBroker - ok
22:03:36.0136 0x05f8 [ 3BEC6134F1E45AEF5E971F69F0D38510, 245D7CEEB6561166EE0472551D39A9D3CFDDA52A6BF2E924AB243CCA7FBC9009 ] MBAMChameleon C:\WINDOWS\system32\drivers\MBAMChameleon.sys
22:03:36.0167 0x05f8 MBAMChameleon - ok
22:03:36.0236 0x05f8 [ F3960CA85778E5D7611EE0F501972340, 0DE5C8509A9A66C8185B9FAA7EAF69C0FA9C28CD9DE84AA23E128E4FF8E06BF4 ] MBAMFarflt C:\WINDOWS\system32\drivers\farflt.sys
22:03:36.0267 0x05f8 MBAMFarflt - ok
22:03:36.0298 0x05f8 [ 88BD122C3A35DE63D75D382DF75554CE, ABDF59543CAD186A6ED4E66257205D9CF5047732A5DA74A96A28B468B41BC396 ] MBAMProtection C:\WINDOWS\system32\drivers\mbam.sys
22:03:36.0320 0x05f8 MBAMProtection - ok
22:03:36.0521 0x05f8 [ 28E521A6ABA9DE062A3719452816F495, B312A37DA052229DFB19353170CD5828582F8AC6426E857CA7C8ACA0DD91C160 ] MBAMService C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
22:03:36.0721 0x05f8 MBAMService - ok
22:03:36.0753 0x05f8 [ ABB371D9AEF728B0489B0E6872B4A1C0, E9539A4F85FE30F5BAED742778CA74C879995728668ABE6877C37633716D8770 ] MBAMSwissArmy C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
22:03:36.0768 0x05f8 MBAMSwissArmy - ok
22:03:36.0816 0x05f8 [ 205C2D377E1CA85A4465491DB8064DA9, 0C69C6C958D8E26A6C6CCF2254E8B531BE718AD7FCFEB970F6F09426CA6C8C26 ] MBAMWebProtection C:\WINDOWS\system32\drivers\mwac.sys
22:03:36.0821 0x05f8 MBAMWebProtection - ok
22:03:36.0852 0x05f8 [ C3CDCCF07486BD2616A7B82946E07AC0, 1EF95DAB2DA856BC7D7573B2EB2D9006DF337F827F0B56A161D0C97F45DB755E ] megasas C:\WINDOWS\system32\drivers\megasas.sys
22:03:36.0884 0x05f8 megasas - ok
22:03:36.0919 0x05f8 [ 2CF0CB2A0ED68C5455371E84C16F9627, 1C9166B52140145F1968E83E52BFF041250811B23C770FE181A18A4BA060CA81 ] megasas2i C:\WINDOWS\system32\drivers\MegaSas2i.sys
22:03:36.0937 0x05f8 megasas2i - ok
22:03:36.0968 0x05f8 [ FADB2FE017E69EECE0E1BA78661C2E8C, BE99B49031D8B4B670B6F6B6E829E54406779CF6F1D8AFE8AB79A73E6764AB2F ] megasr C:\WINDOWS\system32\drivers\megasr.sys
22:03:37.0000 0x05f8 megasr - ok
22:03:37.0053 0x05f8 [ 772A1DEEDFDBC244183B5C805D1B7D85, 7D821B8DF1F174E5414FFDEAB5207DB687740E9842F7203600AEBA086945AFC9 ] MEIx64 C:\WINDOWS\System32\drivers\HECIx64.sys
22:03:37.0068 0x05f8 MEIx64 - ok
22:03:37.0100 0x05f8 [ 55A417C3E41F2A98666CF929EC19108E, A38C262B2863C87E4151525BF26D6AC16E7982D370E2C6998EB15C88C4BC8254 ] MessagingService C:\WINDOWS\System32\MessagingService.dll
22:03:37.0137 0x05f8 MessagingService - ok
22:03:37.0169 0x05f8 [ FD60818B66B2E8A5415EA840E99A9D8F, 5D2F22909354534B821D958FBEF6A40EB4F642F53C7B509D00949096EF716F36 ] mlx4_bus C:\WINDOWS\System32\drivers\mlx4_bus.sys
22:03:37.0222 0x05f8 mlx4_bus - ok
22:03:37.0269 0x05f8 [ 68F6977F1CFBAAC770D940A8C0326FA1, 90EE1E7DAC680EAA5AD50E9B0B9FD8FCE8DD6A02D5EF941B5AA5084CBD40BB80 ] MMCSS C:\WINDOWS\system32\drivers\mmcss.sys
22:03:37.0337 0x05f8 MMCSS - ok
22:03:37.0368 0x05f8 [ 0D50B3F3AB32D416786B58D4553859CE, 9DA4D7A30982E8B31C45BDB721AEF5240EAD9DA6839CF34FDDBCF123BF104F2C ] Modem C:\WINDOWS\system32\drivers\modem.sys
22:03:37.0437 0x05f8 Modem - ok
22:03:37.0437 0x05f8 [ 9CCCB7FC3EDADEBA461D78615A6011A6, C120B58F25E8CCFD971EB78645C0682F367AD56DC15F2D8C1980CE75B04719DF ] monitor C:\WINDOWS\System32\drivers\monitor.sys
22:03:37.0468 0x05f8 monitor - ok
22:03:37.0486 0x05f8 [ 27A07B2FB2E3057DA8DAEA4F25D843C7, 09D2B39E6B9AAEC879E5871DD6BCFF2AEF0B894F3B44649665A685F8B3CA6F27 ] mouclass C:\WINDOWS\System32\drivers\mouclass.sys
22:03:37.0522 0x05f8 mouclass - ok
22:03:37.0522 0x05f8 [ 7BD6E7F7C9001AB21B8362CFFEE80B25, C470C3363EEF3A60409A5934988BFB9B72AE7C2BB63CC2C2D006D7EB1C797F6A ] mouhid C:\WINDOWS\System32\drivers\mouhid.sys
22:03:37.0584 0x05f8 mouhid - ok
22:03:37.0584 0x05f8 [ F5BDAEE4B7D369D4C74668DCFBA3FF10, 100F39288E56AFE0D39D1CC235BDC9F3727C873CD3114E092DA7A08810BD3EB2 ] mountmgr C:\WINDOWS\system32\drivers\mountmgr.sys
22:03:37.0620 0x05f8 mountmgr - ok
22:03:37.0653 0x05f8 [ 9FC679D10A7377BB04ECC3D0E2E26B53, 24ACD4EC1618A052C29E4463138B28F62C8B78D442DB82F4925E64FC5849A096 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:03:37.0669 0x05f8 MozillaMaintenance - ok
22:03:37.0685 0x05f8 [ 30844BD376F9D01E62C820BEF446F1F8, 910D672EDB544A20AEB4450B4D89830F46EDD28CE0021156176315C5D068A1B4 ] mpsdrv C:\WINDOWS\system32\drivers\mpsdrv.sys
22:03:37.0737 0x05f8 mpsdrv - ok
22:03:37.0821 0x05f8 [ 779CFDB17EA07A6D26FEBBAC95B65772, 74D9542E8DCCD07396A45A45D2F500AA6F9DCC1DB785A6153EB3067E42F576A4 ] MpsSvc C:\WINDOWS\system32\mpssvc.dll
22:03:37.0884 0x05f8 MpsSvc - ok
22:03:37.0939 0x05f8 [ 4FC62380457DE25B69011D3542E954AC, D212DDD2446618A6215CF9FC370FA2634F027BC92D1D4999E019BEF8A86AA6EB ] MQAC C:\WINDOWS\system32\drivers\mqac.sys
22:03:38.0024 0x05f8 MQAC - ok
22:03:38.0056 0x05f8 [ 25D32BE04FE0A23FDF57FD5382757672, 64E39E3E21D9173FB1116B989D80C244C49DA827698A05AF5CC5CD1C6AE155DE ] MRxDAV C:\WINDOWS\system32\drivers\mrxdav.sys
22:03:38.0156 0x05f8 MRxDAV - ok
22:03:38.0202 0x05f8 [ E671EDAB0726E05ECEF4058B4CD73C4D, 9F4C50E635CE2204E3291C8D3D7F658A969E80722B8B6F0304228D9B434C20EA ] mrxsmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:03:38.0240 0x05f8 mrxsmb - ok
22:03:38.0273 0x05f8 [ D4D12BC29DE0F09280868FDCA65B3474, A6FE89ABD52087FEE52FDF31DDF4CB627ED400E94FDA86BEBF1D4763F1E42518 ] mrxsmb10 C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys
22:03:38.0341 0x05f8 mrxsmb10 - ok
22:03:38.0372 0x05f8 [ 93A77008A8932FC84A173C4E97E52874, B7510CF7998C538D68BD2ECDC512A0BFC7CB7362F598EE4110F728427AFF0F5A ] mrxsmb20 C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys
22:03:38.0403 0x05f8 mrxsmb20 - ok
22:03:38.0429 0x05f8 [ 74C9D21523DAE0C18F413C196DF0058A, 3DB4B8CA368D9DD82FAE2C2BC828A21142C8D29780A7C8667188C447519FF702 ] MsBridge C:\WINDOWS\system32\drivers\bridge.sys
22:03:38.0461 0x05f8 MsBridge - ok
22:03:38.0492 0x05f8 [ 308F08347923DEEDE7BC03EC7D485841, 72DB45CA11FE635DF9F8273C38CBEFB8DF5362ADA0CBF6D2B1E570365DC700C0 ] MSDTC C:\WINDOWS\System32\msdtc.exe
22:03:38.0530 0x05f8 MSDTC - ok
22:03:38.0545 0x05f8 [ F01B849D9D4A8CEAF32D4FDBD0B83C92, D2473AC4C6E6C03DEF13EA73EC78FB878BDC95C047651BF79A16C9DEA82AD046 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
22:03:38.0630 0x05f8 Msfs - ok
22:03:38.0646 0x05f8 [ 22ECD8F5D1DFADF2011BBB1700CB871D, 8F9EFF51137394EFA5471B8A29C541710063B65806B075B4925A84D5B6BC3BBB ] msgpiowin32 C:\WINDOWS\System32\drivers\msgpiowin32.sys
22:03:38.0677 0x05f8 msgpiowin32 - ok
22:03:38.0693 0x05f8 [ FD870F6968A145E4D2BA8A8842686B03, 34B8F601F3B5E42B4D0A41E2AF7DB4EB4E5B627DA8DA9A2A2D46B153AF23AEB1 ] mshidkmdf C:\WINDOWS\System32\drivers\mshidkmdf.sys
22:03:38.0730 0x05f8 mshidkmdf - ok
22:03:38.0746 0x05f8 [ 30364757963A028CE5DF0FBAAC270173, C72588A6A52FF8E418A15D2C407A4DB7EA768585423720145F8253D5CA519DC2 ] mshidumdf C:\WINDOWS\System32\drivers\mshidumdf.sys
22:03:38.0808 0x05f8 mshidumdf - ok
22:03:38.0825 0x05f8 [ 6BB0FEDDAE7135FA37FFAFF4D9E0E876, B41A3C0FFDFC493D6325ED493445AFCED04EC9DFF2B38125616FC5419AD1ACC4 ] msisadrv C:\WINDOWS\system32\drivers\msisadrv.sys
22:03:38.0846 0x05f8 msisadrv - ok
22:03:38.0862 0x05f8 [ 07E3E54734B14F43A4A95A849C0A0DE2, 314AA02EA84D267B32DBAEBEA6C1AC1A266DED1E8D35A17B41D1D2AC75E8049E ] MSiSCSI C:\WINDOWS\system32\iscsiexe.dll
22:03:38.0931 0x05f8 MSiSCSI - ok
22:03:38.0931 0x05f8 msiserver - ok
22:03:38.0946 0x05f8 [ 13D614E6B51ECF36746C48CE829FA7F6, CAD63C0A4F7110093F84C58252C5803F14E3FC46584B79DA17EC86D49FEAEA64 ] MSKSSRV C:\WINDOWS\system32\DRIVERS\MSKSSRV.sys
22:03:38.0993 0x05f8 MSKSSRV - ok
22:03:39.0027 0x05f8 [ 642CDE46351D5D2D90311E77072AB46D, B2D3033E607BA2F6E6B9CFB1CBF154CD0CE910EA473C56343EC81B9B94044CCA ] MsLldp C:\WINDOWS\system32\drivers\mslldp.sys
22:03:39.0078 0x05f8 MsLldp - ok
22:03:39.0109 0x05f8 [ F3EF38D07A4ADCDF922EEEAF0FED7D4D, B9D436BFA29AA0A7B00889D96C4F8BC33C1809E19B7A71A69AB2E534E9794BF0 ] MSMQ C:\WINDOWS\system32\mqsvc.exe
22:03:39.0178 0x05f8 MSMQ - ok
22:03:39.0193 0x05f8 [ F2302A5CE63CA7673200FAFCEEEDB6AF, B8C44FC2DC0332183DE325CDBF511101F3307225295EDD428CE575A8DE15C223 ] MSPCLOCK C:\WINDOWS\system32\DRIVERS\MSPCLOCK.sys
22:03:39.0231 0x05f8 MSPCLOCK - ok
22:03:39.0231 0x05f8 [ 6114512EA26E835BA522C63635429DB5, 0F91CE41B4555316A79AEF3047C152D538CC9C7C329987C9FD0E3D961AFC87C8 ] MSPQM C:\WINDOWS\system32\DRIVERS\MSPQM.sys
22:03:39.0278 0x05f8 MSPQM - ok
22:03:39.0294 0x05f8 [ AA538E16E644D00E3BA5349BBA9598EC, 64A68B06883FE7ED34E04AB119BA819753F1222923EDD4E802C35D402B89D075 ] MsRPC C:\WINDOWS\system32\drivers\MsRPC.sys
22:03:39.0331 0x05f8 MsRPC - ok
22:03:39.0363 0x05f8 [ 7ACFE7435317E791FF9EED2F49B402F2, EAF2CE12403A9D975112A22EDBC313EE63B926C070B35E62D515403DD34BD88D ] MsSecFlt C:\WINDOWS\system32\drivers\mssecflt.sys
22:03:39.0394 0x05f8 MsSecFlt - ok
22:03:39.0410 0x05f8 [ 0543BEFD41EC4D25C7F7CF36409CEC7D, 631622CFEC49952C0470531B23FFFFF483DC0EFFEF7A97B1179A600392C05DDD ] mssmbios C:\WINDOWS\System32\drivers\mssmbios.sys
22:03:39.0432 0x05f8 mssmbios - ok
22:03:39.0447 0x05f8 [ C1569E4DB8EFE3617847BF041A3C842F, 99ADE5E7F50E04CAEC737F7F90741CCA8EE628996BA5EB6C6BC62184884429B6 ] MSTEE C:\WINDOWS\system32\DRIVERS\MSTEE.sys
22:03:39.0494 0x05f8 MSTEE - ok
22:03:39.0528 0x05f8 [ 130B16970154BA9876B09E5C4BAC63BE, BE3AF8FC5A26AB9C9DBA9C015C2E1FD3C4CD9CB423A2BBDABA91428BF8620553 ] MTConfig C:\WINDOWS\System32\drivers\MTConfig.sys
22:03:39.0563 0x05f8 MTConfig - ok
22:03:39.0563 0x05f8 [ 15D987C8F6CCD4AC94E070C5986762CB, 452FB0C48B86C7F8F53794CC2DDBF2B900B03A0383B2DE8F6A830F8CB0AFBAD8 ] Mup C:\WINDOWS\system32\Drivers\mup.sys
22:03:39.0594 0x05f8 Mup - ok
22:03:39.0610 0x05f8 [ 3D2C5B4995CA0751D32DEA0DE9FDFE44, A26958785FD9E05E2CA97078C9BB277CD44222BF5F7D9E8DC2F3F6AAAFFC6483 ] mvumis C:\WINDOWS\system32\drivers\mvumis.sys
22:03:39.0632 0x05f8 mvumis - ok
22:03:39.0694 0x05f8 [ DB31EBB04C871F422C36A0962DA7D38B, B1BC2344744F537FB2C7D07B415F860195B7795E185253F05C0817A3764FEC10 ] NativeWifiP C:\WINDOWS\system32\DRIVERS\nwifi.sys
22:03:39.0763 0x05f8 NativeWifiP - ok
22:03:39.0810 0x05f8 [ C3D9870E680D9D843B18F4626C3858FE, 43596CAC9FB488F810FBA954C52BC4D13F7D32028C40ACFE33DFD7EE36A65C17 ] NcaSvc C:\WINDOWS\System32\ncasvc.dll
22:03:39.0879 0x05f8 NcaSvc - ok
22:03:39.0910 0x05f8 [ 04CE2C0F0759EACD886BA4B658B60D5D, E34D0976FC5936C8629800D826DB127072D1DFC3D350EFACA3AA1B8119551762 ] NcbService C:\WINDOWS\System32\ncbservice.dll
22:03:39.0979 0x05f8 NcbService - ok
22:03:39.0994 0x05f8 [ E6094065008FE423377294050E7CEA2D, 86E200227256407530E2C28243DEFBC3CB6E9497644404D9AD79DA242286DF7B ] NcdAutoSetup C:\WINDOWS\System32\NcdAutoSetup.dll
22:03:40.0117 0x05f8 NcdAutoSetup - ok
22:03:40.0136 0x05f8 [ 629CB21AC49C8867E0F29DF1C16DB7B4, 20663E68C69D0A1A2FE99A0C2A9DEFABF49786A1DC8F7F4E1699458AF57D7E79 ] ndfltr C:\WINDOWS\System32\drivers\ndfltr.sys
22:03:40.0167 0x05f8 ndfltr - ok
22:03:40.0236 0x05f8 [ D5564FC81350458ED570528C4E3B1CCF, DD3C5012492EF9BCE3BE635BBB3AA40B3C5F5FDBD795A76B327D9C994102AC2B ] NDIS C:\WINDOWS\system32\drivers\ndis.sys
22:03:40.0299 0x05f8 NDIS - ok
22:03:40.0336 0x05f8 [ 6DD605338FAAF6BA17662AA874E0D162, 636607829F5D7C3B7A4683C0A2DD594360D72F2AA3F8710153BE32575AE34A15 ] NdisCap C:\WINDOWS\system32\drivers\ndiscap.sys
22:03:40.0383 0x05f8 NdisCap - ok
22:03:40.0414 0x05f8 [ E34196F285F8B8879E1FF36C31F7179E, 77A4F24F995D4C0689C43F9956E08DCEC62517E4F8B1B9EAA1852B5293DB5B9A ] NdisImPlatform C:\WINDOWS\system32\drivers\NdisImPlatform.sys
22:03:40.0451 0x05f8 NdisImPlatform - ok
22:03:40.0498 0x05f8 [ 1FAD2398673F30CEC616B89C46B7DCBA, 70302049E6AE2BC6B3A7A9DE54D3F940AD6A9771CC2EBCCEC65994E67A25ECB5 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:03:40.0537 0x05f8 NdisTapi - ok
22:03:40.0552 0x05f8 [ AEB8ECBE66CC46854066CB1F5623E179, 2F650A85A9DAE38887610C0B876621035616CEDB65D4BBBD7F1405616D218AAF ] Ndisuio C:\WINDOWS\system32\drivers\ndisuio.sys
22:03:40.0637 0x05f8 Ndisuio - ok
22:03:40.0637 0x05f8 [ 7340104C2BF2F126714F7CDE85E63610, 45B64EC6F3A4C43F7D74806789067658C6EF0D44D36B841F4D26E1EBC95AF66C ] NdisVirtualBus C:\WINDOWS\System32\drivers\NdisVirtualBus.sys
22:03:40.0668 0x05f8 NdisVirtualBus - ok
22:03:40.0699 0x05f8 [ 07ADC1F8DCBEB8104D75129B11584B8C, CB51A294D9FD4E210DBEEF05A1E60A96CE52D6D138EF62A54E1F608F90FED300 ] NdisWan C:\WINDOWS\System32\drivers\ndiswan.sys
22:03:40.0737 0x05f8 NdisWan - ok
22:03:40.0752 0x05f8 [ 07ADC1F8DCBEB8104D75129B11584B8C, CB51A294D9FD4E210DBEEF05A1E60A96CE52D6D138EF62A54E1F608F90FED300 ] ndiswanlegacy C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:03:40.0799 0x05f8 ndiswanlegacy - ok
22:03:40.0815 0x05f8 [ 78A12E3DF035B5D054986949B19BE43C, AD9B34F89B9F27D473BD5FCE6694A40FCCB808B61ABEDD6F70F1AF6C7E73ABF8 ] ndproxy C:\WINDOWS\system32\DRIVERS\NDProxy.sys
22:03:40.0868 0x05f8 ndproxy - ok
22:03:40.0884 0x05f8 [ 04C8859355C1DC9C0FA198D1894D71C2, E7C67E73009341B5D402470C686781B3C7BBE2531CE26665E08E711B990B1A77 ] Ndu C:\WINDOWS\system32\drivers\Ndu.sys
22:03:40.0933 0x05f8 Ndu - ok
22:03:40.0953 0x05f8 [ 6C76780A01FC2B885BD6E957B5C36B02, DB7834F03A765F65C773E772D8051AFADB22CA4B5074180AA397857A0C47A068 ] NetAdapterCx C:\WINDOWS\system32\drivers\NetAdapterCx.sys
22:03:40.0999 0x05f8 NetAdapterCx - ok
22:03:40.0999 0x05f8 [ 5D1513BD6430307C9DB86C6E351372ED, D2AB709CF7CFA5B857B084AFC821914A975B7DDDCE154229981F19448973BD6D ] NetBIOS C:\WINDOWS\system32\drivers\netbios.sys
22:03:41.0037 0x05f8 NetBIOS - ok
22:03:41.0053 0x05f8 [ 6FEBB0A847FFD5F057B9AC8889F1B9A7, 558BCC64C59079E6569F61CCE1219A124B3313FC4E6CB5CBCC94124D202FF19D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
22:03:41.0099 0x05f8 NetBT - ok
22:03:41.0115 0x05f8 [ 6F8E95716C1A27FF2FE96D30B147F1C1, 9403E9FE8B13EE294CFBBD96649BBD54CF723CF5872E3E03DA4380379D677983 ] Netlogon C:\WINDOWS\system32\lsass.exe
22:03:41.0137 0x05f8 Netlogon - ok
22:03:41.0168 0x05f8 [ D3BF2DA9216A4CF22A97820A50A67EFF, D00CBE0A7ECFB449D9B48967A01EE56141404EBE229893D5A1710781AD5F2551 ] Netman C:\WINDOWS\System32\netman.dll
22:03:41.0237 0x05f8 Netman - ok
22:03:41.0269 0x05f8 [ EFA857E2B0CC7C9DFEF48A2187B910F7, 424475568CD70237F056838388A5F7BDCD1B09349085498644C75940B12E8EAF ] NetMsmqActivator C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:03:41.0300 0x05f8 NetMsmqActivator - ok
22:03:41.0300 0x05f8 [ EFA857E2B0CC7C9DFEF48A2187B910F7, 424475568CD70237F056838388A5F7BDCD1B09349085498644C75940B12E8EAF ] NetPipeActivator C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:03:41.0335 0x05f8 NetPipeActivator - ok
22:03:41.0369 0x05f8 [ F2645D51DD8AABC8BC72358409410437, 8CB97628923D6CEA6EFAD7E666BE92C154060BD108C28D46287A520A14B18ADA ] netprofm C:\WINDOWS\System32\netprofmsvc.dll
22:03:41.0438 0x05f8 netprofm - ok
22:03:41.0538 0x05f8 [ 152E946E60EEF45088D7D1E74D9F1779, A0330BBE51E900F5956BA92BD04C54CC6CB57A611AF1A3FF2454FEB852E105BA ] netr28x C:\WINDOWS\system32\DRIVERS\netr28x.sys
22:03:41.0685 0x05f8 netr28x - ok
22:03:41.0701 0x05f8 [ D65F295A049473E6A39EA9A0EA76CA32, 274FC0BA044EB2D14093AB0E561F7FACEE06A3F433C81343C8B926FA2F9BD251 ] NetSetupSvc C:\WINDOWS\System32\NetSetupSvc.dll
22:03:41.0773 0x05f8 NetSetupSvc - ok
22:03:41.0788 0x05f8 [ EFA857E2B0CC7C9DFEF48A2187B910F7, 424475568CD70237F056838388A5F7BDCD1B09349085498644C75940B12E8EAF ] NetTcpActivator C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:03:41.0804 0x05f8 NetTcpActivator - ok
22:03:41.0819 0x05f8 [ EFA857E2B0CC7C9DFEF48A2187B910F7, 424475568CD70237F056838388A5F7BDCD1B09349085498644C75940B12E8EAF ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:03:41.0842 0x05f8 NetTcpPortSharing - ok
22:03:41.0858 0x05f8 [ B996DE26A2E16053C9485F5905B05320, 30EB2CEB466A4F05A44F7CBFCDFD8CC3C27B5FCF1269C1B9410C48AB362D2A75 ] NgcCtnrSvc C:\WINDOWS\System32\NgcCtnrSvc.dll
22:03:41.0920 0x05f8 NgcCtnrSvc - ok
22:03:41.0989 0x05f8 [ 54C31C2B815E2E26BB8158022F837C9C, CED660D1A58F635C6452F82FCB2EF8ACEEB7785E31617B2ADFD9EE69A2BDF2B8 ] NgcSvc C:\WINDOWS\system32\ngcsvc.dll
22:03:42.0105 0x05f8 NgcSvc - ok
22:03:42.0142 0x05f8 [ 9B9F520C72EE33EAEC857124BB800243, DFA9386B272F4D86F3E4BE861A2FC4617261E1AA40576DDA610FC24AB4961A63 ] NlaSvc C:\WINDOWS\System32\nlasvc.dll
22:03:42.0236 0x05f8 NlaSvc - ok
22:03:42.0275 0x05f8 [ 001CBD7A2CD45C4EB39C01C3C677EF73, F4AAF4D60DB1232921C7811A62287B55C7C098B7A1FF9A40D88AF58A5ABECBA2 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
22:03:42.0306 0x05f8 Npfs - ok
22:03:42.0343 0x05f8 [ 90F5DC9802AAA00CD0B6E2AD9E7FFADC, 71C0777829299DECA6ACD42F38802DBE3C29A42CFBD8A396F39DFA44D1F55B6C ] npsvctrig C:\WINDOWS\System32\drivers\npsvctrig.sys
22:03:42.0421 0x05f8 npsvctrig - ok
22:03:42.0443 0x05f8 [ 1993C85962692EF7024501E7FE92D466, F5BCAA8308495EBF8BB061C2015E07C202A779668D171364D7E312975BC18B10 ] nsi C:\WINDOWS\system32\nsisvc.dll
22:03:42.0505 0x05f8 nsi - ok
22:03:42.0521 0x05f8 [ 0C6218321A09A7B51BA7FFAFBA4CCB21, 330B3FA793A78410B28DFC8250BBF24442E3BB80434A7938BB96F02337614E0D ] nsiproxy C:\WINDOWS\system32\drivers\nsiproxy.sys
22:03:42.0543 0x05f8 nsiproxy - ok
22:03:42.0659 0x05f8 [ DB69C6DA8B3DDFDC547D455CA23A8250, AE495CEB18924C8B21F7F150FF17CD00880F2E222D7B5155661798E0535D63C4 ] NTFS C:\WINDOWS\system32\drivers\NTFS.sys
22:03:42.0744 0x05f8 NTFS - ok
22:03:42.0775 0x05f8 [ 6E6DD6F9DD2A034CF85E94047DBDB992, 63D0A0756F551B7668D1CBAB24B29FD462C706E8A81690BC248D6C92061FE215 ] Null C:\WINDOWS\system32\drivers\Null.sys
22:03:42.0806 0x05f8 Null - ok
22:03:42.0843 0x05f8 [ 786DB821BFD57C0551DBBE4F75384A7D, F956D636F834F2BA5F019E187FDB9CC33940363C75A60E53CD81310A4DB6A6AB ] nusb3hub C:\WINDOWS\system32\drivers\nusb3hub.sys
22:03:42.0944 0x05f8 nusb3hub - ok
22:03:42.0975 0x05f8 [ DAA8005CAF745042BB427A1ED7433354, 3019002F174783B76D5D8AA47F7A465B7FEC7C14235B70E5C9277FE534839226 ] nusb3xhc C:\WINDOWS\system32\drivers\nusb3xhc.sys
22:03:43.0059 0x05f8 nusb3xhc - ok
22:03:43.0075 0x05f8 [ D261DF41F0840F734856A2B4F5E072C7, 2E703556D0C919375D0B7770513456844B13362190643D5524663EC8546E0FF5 ] nvraid C:\WINDOWS\system32\drivers\nvraid.sys
22:03:43.0106 0x05f8 nvraid - ok
22:03:43.0144 0x05f8 [ 23B702B555EB0436B9DAA0BC63DA65CE, D454F80D9657CFEC852F022C12D7B2C1A2D7D247ECC591EDB07B9369DFD8C99E ] nvstor C:\WINDOWS\system32\drivers\nvstor.sys
22:03:43.0160 0x05f8 nvstor - ok
22:03:43.0207 0x05f8 [ 17997DC2441F7E29CDFC6458E0392764, 636CCE2DA1EF8195B33F8D6D5C8CC151D58EBF08DC9AD8ACCCE7ABD41A69639F ] OneSyncSvc C:\WINDOWS\System32\APHostService.dll
22:03:43.0260 0x05f8 OneSyncSvc - ok
22:03:43.0307 0x05f8 [ 4578ECA1FCEF4E7C787D84F78625143B, F5FE84D6D7412A4C037772593C434253D590E476B0B7498987A1697BED86A510 ] p2pimsvc C:\WINDOWS\system32\pnrpsvc.dll
22:03:43.0392 0x05f8 p2pimsvc - ok
22:03:43.0439 0x05f8 [ 2BBCED66D7AFC968BDBB0E4D8524DF0A, 762D916390F9DE69B3EA1D31244224F910645F8E5CEF4C505B76B215BFDFCD9A ] p2psvc C:\WINDOWS\system32\p2psvc.dll
22:03:43.0476 0x05f8 p2psvc - ok
22:03:43.0507 0x05f8 [ 6B81BF7853D161DB8AC62CD8B9C2DE6B, B2DC06D135FD2501217DDA7349556EB873309E02188D4C3901807BA24FAB30C7 ] Parport C:\WINDOWS\System32\drivers\parport.sys
22:03:43.0561 0x05f8 Parport - ok
22:03:43.0576 0x05f8 [ CDBD029BAEC8D09F6FBD404632D9AF28, 71F4401150CD4C9C6BBF2DA854CF07EA2F8C9BBE900833858F49134DDAF14414 ] partmgr C:\WINDOWS\system32\drivers\partmgr.sys
22:03:43.0608 0x05f8 partmgr - ok
22:03:43.0660 0x05f8 [ CDD8EDF4C35BE6D6137112F5CC7A70DA, 80EECA6BC2E668E5652A5CA9B119CCCE2A2E421F0EED1FD0EAC20C42E77C02ED ] PcaSvc C:\WINDOWS\System32\pcasvc.dll
22:03:43.0692 0x05f8 PcaSvc - ok
22:03:43.0745 0x05f8 [ E2DD2E5BDCCD225670831B439826065B, 0153F1CE26D402C03CFC155F428EBA04D6EA8E19A28AF629B1CE347363B7697C ] pci C:\WINDOWS\system32\drivers\pci.sys
22:03:43.0776 0x05f8 pci - ok
22:03:43.0792 0x05f8 [ 214DCC87E3898F738075D1341252A552, E721FBBC3510DDB848A8CAEA3B6031EE988F42252DBC3BF7BDB6ABD9A0D9FABD ] pciide C:\WINDOWS\system32\drivers\pciide.sys
22:03:43.0823 0x05f8 pciide - ok
22:03:43.0842 0x05f8 [ AED76A3333B3A31536E430020E0226FC, EC255B79B0908E3C142D92E35B79D90A3F2594BA012CA2B1B04A6A8745153430 ] pcmcia C:\WINDOWS\system32\drivers\pcmcia.sys
22:03:43.0861 0x05f8 pcmcia - ok
22:03:43.0877 0x05f8 [ E63FB38B6E75B39467492FBAD2CD512A, DB406C92BA2460C833A49B98EB5BD58348E868F643A0123B0C9B5315FFC6A124 ] pcw C:\WINDOWS\system32\drivers\pcw.sys
22:03:43.0908 0x05f8 pcw - ok
22:03:43.0924 0x05f8 [ 9EA203A07EFA6D74F07F32EF0DAB5CA6, D851F1CC748B4CD0E263931668FFF2FE20D5778267F4FF2237D565CFC171B5AF ] pdc C:\WINDOWS\system32\drivers\pdc.sys
22:03:43.0961 0x05f8 pdc - ok
22:03:44.0008 0x05f8 [ 1509A77F840AA9E72CF8247D0CF2FBDE, 2D47AD4D8F5C2D871E603FB6D72D25EFD0E63FA3A542DAADAB9D82ED074C0E0B ] PEAUTH C:\WINDOWS\system32\drivers\peauth.sys
22:03:44.0077 0x05f8 PEAUTH - ok
22:03:44.0162 0x05f8 [ 2B55ACB1727A8E5E7514D2D75AC4EBEB, 5E7449F3EE0B15E400E405DE561ED2D3932259107A9D9320AE42CA1A5C5AB992 ] PeerDistSvc C:\WINDOWS\system32\peerdistsvc.dll
22:03:44.0309 0x05f8 PeerDistSvc - ok
22:03:44.0346 0x05f8 [ 540116170E2135FCD5DDE77702166B67, CBEC51C2D47532F1781B3255040F303263420B204C2F8BB2B5D1EC342F57B285 ] percsas2i
|
|
12.12.2016, 07:30
| #10 |
| | pC sehr langsam, Werbung ploppt auf beim Browseröffnen, nicht löschbare Datei im Downloadordner Schritt 2: Teil 2: Code:
ATTFilter C:\WINDOWS\system32\drivers\percsas2i.sys
22:03:44.0362 0x05f8 percsas2i - ok
22:03:44.0377 0x05f8 [ 8356F87553BF49C703CF382033815898, 245EB941566D848F134629690BF271B1CBEAB6440771D3D8D7AED3756835354E ] percsas3i C:\WINDOWS\system32\drivers\percsas3i.sys
22:03:44.0409 0x05f8 percsas3i - ok
22:03:44.0493 0x05f8 [ CB5343FF52A702A9ACFAAE6BE972FE09, EAA5362D91D05D382DF4EBBAA3FD575456F23CAD531CC6F1270F8254892DBF02 ] PerfHost C:\WINDOWS\SysWow64\perfhost.exe
22:03:44.0547 0x05f8 PerfHost - ok
22:03:44.0596 0x05f8 [ D0D57322ABC7473E54472D8374169CC5, BD14A13D6908C8669E56EF9401FD8A3D7C618E8B6556B36E634864E733BCA4B2 ] PhoneSvc C:\WINDOWS\System32\PhoneService.dll
22:03:44.0694 0x05f8 PhoneSvc - ok
22:03:44.0725 0x05f8 [ B4AB2C0177715FFAED88A1223212043A, 1920792ADC78DD51EF98B6A9634D686EAED0848FB7EF74A0DCD3AEBA5AF41EC6 ] PimIndexMaintenanceSvc C:\WINDOWS\System32\PimIndexMaintenance.dll
22:03:44.0810 0x05f8 PimIndexMaintenanceSvc - ok
22:03:44.0911 0x05f8 [ F931F21E4287FE3ECCF09B54A232BBA2, CEB7AB3236E5F30214027092B7B695ED35F7A1E007DF4046797D1E4DFEF49EC8 ] pla C:\WINDOWS\system32\pla.dll
22:03:45.0028 0x05f8 pla - ok
22:03:45.0065 0x05f8 [ FEA494AC3A1BAE63C1F2AF267D49F1DB, 0722FEA2481740B53EF26B1CA59166C63C157A5C708AC93DF3FBB74A27266C9C ] PlugPlay C:\WINDOWS\system32\umpnpmgr.dll
22:03:45.0096 0x05f8 PlugPlay - ok
22:03:45.0127 0x05f8 [ 56D7A89423325121C4A9BD5C326414F3, 649048C23D1973C3504E26B35362AC99DFE9BF31FFE73F45B43306A212AEA34C ] PNRPAutoReg C:\WINDOWS\system32\pnrpauto.dll
22:03:45.0166 0x05f8 PNRPAutoReg - ok
22:03:45.0181 0x05f8 [ 4578ECA1FCEF4E7C787D84F78625143B, F5FE84D6D7412A4C037772593C434253D590E476B0B7498987A1697BED86A510 ] PNRPsvc C:\WINDOWS\system32\pnrpsvc.dll
22:03:45.0228 0x05f8 PNRPsvc - ok
22:03:45.0265 0x05f8 [ F70CAC34B455D05EAA04B2F8FB58E1CB, 295BFFB3DA03C5CE5462C11D3240024B68AC06E8DEA9062A739BE2CCEE19EB5D ] PolicyAgent C:\WINDOWS\System32\ipsecsvc.dll
22:03:45.0328 0x05f8 PolicyAgent - ok
22:03:45.0351 0x05f8 [ 60C8376B48BA96F07AEA536527433D44, EB988C119C3E71169B91ED2A744C71933DD35447DC4A8249E80EC24E9E7077D4 ] Power C:\WINDOWS\system32\umpo.dll
22:03:45.0397 0x05f8 Power - ok
22:03:45.0413 0x05f8 [ 5645B9D9788CCA2C88B9534996ED2D6D, 4988942DF163DB5B9B1A08CE6B628D2C47C2E2EAA30AEAE4EFE21C8CF4C8DC5D ] PptpMiniport C:\WINDOWS\System32\drivers\raspptp.sys
22:03:45.0466 0x05f8 PptpMiniport - ok
22:03:45.0618 0x05f8 [ 7196D3C2E2E3129814C8DAB91F9A7D1E, 6763E4BF8E846B597E78778E520F5BADC95608BAA4EA0AC84971384B5D976DD7 ] PrintNotify C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
22:03:45.0914 0x05f8 PrintNotify - ok
22:03:45.0930 0x05f8 [ 372913E12677A8CBBBABDD8311894F9D, A5233D95A0D22D2A9DB214E7CB79A99D389B67189FF6A87D0AD4610A333A637F ] Processor C:\WINDOWS\System32\drivers\processr.sys
22:03:45.0967 0x05f8 Processor - ok
22:03:46.0014 0x05f8 [ 1F115AF75EFBAC28479B4F94A3F8D4A3, BE8D8C50D985F6AF9DDC0F13BDBE2D55D600E1F5E344982536538B14EC484AA6 ] ProfSvc C:\WINDOWS\system32\profsvc.dll
22:03:46.0083 0x05f8 ProfSvc - ok
22:03:46.0129 0x05f8 [ FC98407B85A31161851FDE245517574F, 2CCD706CF243934FCDA32B24CE0C385EA2E67F206E0306FA584496F583A20CD1 ] Psched C:\WINDOWS\system32\drivers\pacer.sys
22:03:46.0152 0x05f8 Psched - ok
22:03:46.0183 0x05f8 [ 7A68710BAC9B6809314B86C0CB1CBC4A, C02D97993D1F6FE6EFBA5B1366B3A4FE8CE1136A95F3A2DA07BA59554C163501 ] QWAVE C:\WINDOWS\system32\qwave.dll
22:03:46.0252 0x05f8 QWAVE - ok
22:03:46.0267 0x05f8 [ 819602BBBFDB0BD46DEA3715BF0DD452, D4007FF1E5296316B53436CA3598D6B1CF4F60AB77D5B02F3E595081EDD5D879 ] QWAVEdrv C:\WINDOWS\system32\drivers\qwavedrv.sys
22:03:46.0299 0x05f8 QWAVEdrv - ok
22:03:46.0314 0x05f8 [ CDF47037A0939F56D11F699629C276AD, A63F2A3FE80FB8084E3870E907505694B79EE1D9E56E292C01D481FEFD2534B0 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:03:46.0352 0x05f8 RasAcd - ok
22:03:46.0383 0x05f8 [ 28C2EA278070EE12701D0EDF8CB0EC36, F10288C1C6835840026DB30285345EF892DE989F43C948E7F4760B8895FF675F ] RasAgileVpn C:\WINDOWS\System32\drivers\AgileVpn.sys
22:03:46.0452 0x05f8 RasAgileVpn - ok
22:03:46.0468 0x05f8 [ 7B82197BF35CC3BE59AEF8B706AB8A16, AB0216164A548A48CD21F5F035E57E867584A96890B9887EC08F8DABDD89F990 ] RasAuto C:\WINDOWS\System32\rasauto.dll
22:03:46.0515 0x05f8 RasAuto - ok
22:03:46.0530 0x05f8 [ 17E565710172ED71B8531D8822E1C5D1, 0CA39ABD9E544DDAD9D9D7D1FC50444274C31E18F9BF73069051D9F62833698F ] Rasl2tp C:\WINDOWS\System32\drivers\rasl2tp.sys
22:03:46.0602 0x05f8 Rasl2tp - ok
22:03:46.0652 0x05f8 [ F79BFB5588B777C71734C1D1EC129D07, 9B9D70EC8978AAC19B2B94694EE1B9957C13DFDDFCBE8AA82C5F0D0EA04CDBDF ] RasMan C:\WINDOWS\System32\rasmans.dll
22:03:46.0738 0x05f8 RasMan - ok
22:03:46.0768 0x05f8 [ 9387DF155233D45D4E010F4F2FB52A57, CABC25DA4E512809AED0085767BDD94BF3C1DA792BFF8A009B5465D9110E7060 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:03:46.0804 0x05f8 RasPppoe - ok
22:03:46.0820 0x05f8 [ F0F4EEDEEBEE7A4244FAFB96A16B5712, F64717E601BD5EB674003009507B8CDD6F69F00E8670D6895EC64786166A0E8D ] RasSstp C:\WINDOWS\System32\drivers\rassstp.sys
22:03:46.0876 0x05f8 RasSstp - ok
22:03:46.0905 0x05f8 [ AF6963414B820B7C45578ED3300438A7, C00F60FD72608E6983D32642768AECE891DD816FADFA7B872BA88091C16B95D7 ] rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:03:46.0952 0x05f8 rdbss - ok
22:03:46.0972 0x05f8 [ 79A415E6FA915EFC00297DAB16EC2635, 47BB49F6D756214193D38A4AB182B541AAC180381C3111FF7F9B0AD4C44D8733 ] rdpbus C:\WINDOWS\System32\drivers\rdpbus.sys
22:03:47.0009 0x05f8 rdpbus - ok
22:03:47.0024 0x05f8 [ 7135785C21CA79D270D11037C43D3F19, 654A3C65CF891ED8C82A740D10CF607FC7D709185E664DE03288CEB5B25F03A6 ] RDPDR C:\WINDOWS\system32\drivers\rdpdr.sys
22:03:47.0085 0x05f8 RDPDR - ok
22:03:47.0124 0x05f8 [ 97A61A3CB2B5CB4FC32B3224EF333448, E4F2E8BCEE3639BE57BBC8A8E67FDE42C3A5158F1204684B0ECD216F4AA044A3 ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys
22:03:47.0152 0x05f8 RdpVideoMiniport - ok
22:03:47.0167 0x05f8 [ 69BB204AE07EE84ECFAB1BF13C4BD04B, 1CA832CBF4AE4821EEA2A19F9519C2D1D00406B8CCE2A86FE3B33A5F293DB218 ] rdyboost C:\WINDOWS\system32\drivers\rdyboost.sys
22:03:47.0206 0x05f8 rdyboost - ok
22:03:47.0261 0x05f8 [ 940D6F5A2B0A61EE4170DF84F6C95C20, F8EE846DC8015EDFE7CB5BEEDC977EAA9C586BAC2216DE69D8ECCBDBC7408649 ] ReFSv1 C:\WINDOWS\system32\drivers\ReFSv1.sys
22:03:47.0340 0x05f8 ReFSv1 - ok
22:03:47.0393 0x05f8 [ 13F6B64235C60167052364BF7D99E4CA, BC12EE00775F7456FB922FBD684BF3F0CFABA5BEBB6E162C23B41DED5C20A978 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
22:03:47.0473 0x05f8 RemoteAccess - ok
22:03:47.0515 0x05f8 [ 3183B161B1F05333F6C325577FEF3596, D6A89B2A021377B6F371E5B9EFC36FF018822B28F0ED41F8CD2F00C5C8605707 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
22:03:47.0584 0x05f8 RemoteRegistry - ok
22:03:47.0636 0x05f8 [ 0660F4A14F9D2A2F59B26B1D74F1A6D0, A9443B6B7ED1ECA22AC960A2C6A2BE18C0BA58CD7BCF60E7AA617CD3662D122D ] RetailDemo C:\WINDOWS\system32\RDXService.dll
22:03:47.0724 0x05f8 RetailDemo - ok
22:03:47.0748 0x05f8 [ E82F3B1918C6A5FE6EB761CDF1E772AF, 0C993FCB7BFD6E01B70A1821E0DEAFA2CB241AF8C2E6D4CC120F59C1B5F6FF5F ] RFCOMM C:\WINDOWS\System32\drivers\rfcomm.sys
22:03:47.0800 0x05f8 RFCOMM - ok
22:03:47.0841 0x05f8 [ 5DAA644F17780FC4E3F4820A46D38FEC, 32C27FFA0A4608B164F4E709CD0D998AB73CA9713BE3E47F9DBC7B3D1B6C7453 ] RmSvc C:\WINDOWS\System32\RMapi.dll
22:03:47.0885 0x05f8 RmSvc - ok
22:03:47.0916 0x05f8 [ 672724C8B21B7DC56646045DE4D5B860, 79986E80A92C949C543959F1E35647A9788DAB2892AC20B6DEA5C0BBC0CEDE9E ] RpcEptMapper C:\WINDOWS\System32\RpcEpMap.dll
22:03:47.0968 0x05f8 RpcEptMapper - ok
22:03:47.0985 0x05f8 [ 109C1D609951E886D3643B15C1EDD1C2, 347D8E7C50EC7F96217C7421D9BC8A42C9DF50B94169CB58DCF857A63C33C2EA ] RpcLocator C:\WINDOWS\system32\locator.exe
22:03:48.0022 0x05f8 RpcLocator - ok
22:03:48.0082 0x05f8 [ 7BD259FC59CF9C2AE1B979564B374CC6, 299832FCE304A85080C80ABFE820A6093AC15A7C1E7C89D8C946708E955A2909 ] RpcSs C:\WINDOWS\system32\rpcss.dll
22:03:48.0162 0x05f8 RpcSs - ok
22:03:48.0197 0x05f8 [ 4E7F56B627932B0B325F3BFAF68CEC9F, 790BF8BCD0599EAF2D92C25DE5A8969048D252738913B43D71DC3F7B2A9C7729 ] RSBASTOR C:\WINDOWS\system32\DRIVERS\RtsBaStor.sys
22:03:48.0225 0x05f8 RSBASTOR - ok
22:03:48.0254 0x05f8 [ 5FF28F097C9699097B473F8FC7C1AA7D, 695560F1DBD85073F3D6CB1FF16F16504CA044EA62E940E463A16BBA8B86E2FA ] rspndr C:\WINDOWS\system32\drivers\rspndr.sys
22:03:48.0290 0x05f8 rspndr - ok
22:03:48.0347 0x05f8 [ D9C5260772FDA64AB729C0B4822F11E3, D52B79C4D30D18AD5DE60EFE68BFAF4221C0F4D226F5067312CE546EDE4E89CE ] RTL8168 C:\WINDOWS\System32\drivers\Rt630x64.sys
22:03:48.0419 0x05f8 RTL8168 - ok
22:03:48.0429 0x05f8 [ B5DAEE69BACA64D2BB004568E22D8756, C0072CF6B438ED756435A182D55AC55F3AD356ACBD483DE06A94893D3CA8CCC5 ] s3cap C:\WINDOWS\System32\drivers\vms3cap.sys
22:03:48.0475 0x05f8 s3cap - ok
22:03:48.0513 0x05f8 [ 6F8E95716C1A27FF2FE96D30B147F1C1, 9403E9FE8B13EE294CFBBD96649BBD54CF723CF5872E3E03DA4380379D677983 ] SamSs C:\WINDOWS\system32\lsass.exe
22:03:48.0544 0x05f8 SamSs - ok
22:03:48.0576 0x05f8 [ 5E73FB63E2DBC75FE0C17DEB0010CE0E, 9DAC47486262397D03BC01F7438CAB62CF33BD7B5283F5B9548C770A3D6D0ADC ] sbp2port C:\WINDOWS\system32\drivers\sbp2port.sys
22:03:48.0609 0x05f8 sbp2port - ok
22:03:48.0645 0x05f8 [ 3CD0130FFDEAEACF0905B482F3934EA3, 1EC355B63135FD2563093EBB206741C0C4CCE0551A662F6DC86C875146A88B06 ] SCardSvr C:\WINDOWS\System32\SCardSvr.dll
22:03:48.0692 0x05f8 SCardSvr - ok
22:03:48.0714 0x05f8 [ 9EE060D6560FFBFBDB2ED5D6ED192294, 14387B69CD26D12BE31A23251B6AA8EDFC4D6CDE4FA558F0950DE91D2DD03946 ] ScDeviceEnum C:\WINDOWS\System32\ScDeviceEnum.dll
22:03:48.0745 0x05f8 ScDeviceEnum - ok
22:03:48.0761 0x05f8 [ 3D9A82B03C92D1FEC42CB171D6F57778, DC027F02F5EB5F1D10DB6F405FB0C15D4D5C922445F5F3C916624113278AF072 ] scfilter C:\WINDOWS\system32\DRIVERS\scfilter.sys
22:03:48.0814 0x05f8 scfilter - ok
22:03:48.0861 0x05f8 [ D4DB6B318A0A0C74A90260725A228C0B, 57BA2EF9D880488C785C806ABF9EE753A48E589129442D72F815CD6EFFA07B22 ] Schedule C:\WINDOWS\system32\schedsvc.dll
22:03:48.0930 0x05f8 Schedule - ok
22:03:48.0961 0x05f8 [ 9055ADDFBA4C8B914C914CE693B55C0A, DB213AC36E14D856B81D2AFE46815402537A2ABEEA15032A9FF436F953129441 ] scmbus C:\WINDOWS\system32\drivers\scmbus.sys
22:03:48.0993 0x05f8 scmbus - ok
22:03:49.0014 0x05f8 [ B6F2363584E62960846F7C3F00124A4F, 252189FF9D623CF69BF415FF7C7FE74B0BBF756B632420578BFAFF6595616CF7 ] scmdisk0101 C:\WINDOWS\System32\drivers\scmdisk0101.sys
22:03:49.0130 0x05f8 scmdisk0101 - ok
22:03:49.0161 0x05f8 [ 9450FA11E9DE6715FCB71A519A8FF90B, B7E341C6E4CE967FCDD0D17A497C07E8A1C6B0AACE8A6E8E5D6C21EF73F13E16 ] SCPolicySvc C:\WINDOWS\System32\certprop.dll
22:03:49.0193 0x05f8 SCPolicySvc - ok
22:03:49.0246 0x05f8 [ 7C3D10BEC8B0DBA00A78C78EB10B3AE2, A671C9CB97977613576D70607E106C7A29B9EA9E875C7C5AF293EE5903D7AD0A ] sdbus C:\WINDOWS\System32\drivers\sdbus.sys
22:03:49.0282 0x05f8 sdbus - ok
22:03:49.0316 0x05f8 [ F3714DBAA42C15F78FFCDFE4273214EB, 2D018970B92C5F0744FAE10A2FC298F3DCEA5C2EDEB760F4F0651337B9878ABF ] SDRSVC C:\WINDOWS\System32\SDRSVC.dll
22:03:49.0392 0x05f8 SDRSVC - ok
22:03:49.0417 0x05f8 [ 120DFCB71D6C502613A9E2D50E16850C, 2C294010AD1C9C380CD5221A37720544178B7358C8C8553AF44055E4CEE5DAF5 ] sdstor C:\WINDOWS\System32\drivers\sdstor.sys
22:03:49.0444 0x05f8 sdstor - ok
22:03:49.0469 0x05f8 [ EFD644DD091E1D94555FC3BBC95EA66D, FBDDA6680BEC378CCF12A32D9186020E884DA15A1E789D1531B1E687FC7B54B1 ] seclogon C:\WINDOWS\system32\seclogon.dll
22:03:49.0544 0x05f8 seclogon - ok
22:03:49.0575 0x05f8 [ F48535714BED7DD784853889B4594B26, 9B4AB7E7293E79A8F6CC46C84F23E62AD3BD6E958FCE078CDBB125A69FAC7E50 ] SENS C:\WINDOWS\System32\sens.dll
22:03:49.0627 0x05f8 SENS - ok
22:03:49.0663 0x05f8 Sense - ok
22:03:49.0744 0x05f8 [ 2B4E090D06C60853C5C00CF255F9E02A, 4D4DBA7B04519622612BD4A4F28318CA2F5646C84CAFF8C5ACC9BF4C6031894E ] SensorDataService C:\WINDOWS\System32\SensorDataService.exe
22:03:49.0829 0x05f8 SensorDataService - ok
22:03:49.0876 0x05f8 [ C09A42163878A082C3F0D0A3DFE95714, 8033DC38D0EDED3758DA6BF8C1955BE5FFE48863C079C589660B37D0E461300F ] SensorService C:\WINDOWS\system32\SensorService.dll
22:03:49.0948 0x05f8 SensorService - ok
22:03:49.0979 0x05f8 [ E6F00415DADCEEC860E7AB42BFD19A65, 274CAF22F93D43B6DB6953730E3DF8DA94776B24EEE74B80AB4CD780BC1366A9 ] SensrSvc C:\WINDOWS\system32\sensrsvc.dll
22:03:50.0032 0x05f8 SensrSvc - ok
22:03:50.0048 0x05f8 [ 401D706DDC0A7AF18C3DD228ADF74551, 27C0B38D7C2E3F6FF06201124E63483931F6071954B2B99EC0143C464238C0B7 ] SerCx C:\WINDOWS\system32\drivers\SerCx.sys
22:03:50.0063 0x05f8 SerCx - ok
22:03:50.0094 0x05f8 [ 7084D11083F0CDCA8B5C76F9846ABF5D, F639920882B0E784D8CFAF0D4C0F0C411937B6831E5DD99B0ABFBFE06BA4742F ] SerCx2 C:\WINDOWS\system32\drivers\SerCx2.sys
22:03:50.0117 0x05f8 SerCx2 - ok
22:03:50.0133 0x05f8 [ 3FF478A8ED32A83C36581425F6282B6C, 787646A17098EA7CF36064D0A950C1D470D4A280C8C5AC40023D566E53860EAE ] Serenum C:\WINDOWS\System32\drivers\serenum.sys
22:03:50.0164 0x05f8 Serenum - ok
22:03:50.0180 0x05f8 [ 92509187AA171A80521528B36F753E1D, FE0DA272B8A155ECC161E99586C4AE7EE17B1C84BC330DA1566C83B8E03FA825 ] Serial C:\WINDOWS\System32\drivers\serial.sys
22:03:50.0217 0x05f8 Serial - ok
22:03:50.0233 0x05f8 [ 433D38FF6D08B993847EA2A10EB8CB52, 29BA75DB6D1AC761BBDFB5AC8874FC7D763E1CD10D290E369063B34CE951270F ] sermouse C:\WINDOWS\System32\drivers\sermouse.sys
22:03:50.0280 0x05f8 sermouse - ok
22:03:50.0328 0x05f8 [ 82CF273F0E8F243789683DEB40757569, 5433D93A41C4BF04494E6158931C6AC3154888F7CD3A417253EC02FF7EA6D00E ] SessionEnv C:\WINDOWS\system32\sessenv.dll
22:03:50.0418 0x05f8 SessionEnv - ok
22:03:50.0444 0x05f8 [ 697D3EE0740AEAB62B66ABCA1C83D13B, FCF54A0071ED04AD3FC8551C67FE5FD49089DC0510F753052CAC5972A65C9E3D ] sfloppy C:\WINDOWS\System32\drivers\sfloppy.sys
22:03:50.0476 0x05f8 sfloppy - ok
22:03:50.0542 0x05f8 [ 832E933AA8DB9FD4733B96D8B6484D3F, 3A8E3D7ECA192EEE154CB568073B7211FDA06078EFC3BC7E961563A1BFDD0CAA ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
22:03:50.0619 0x05f8 SharedAccess - ok
22:03:50.0679 0x05f8 [ 482E6BE8A07832E824080D352075ACA1, 4123A76C8E805AF4FE229C53E9C174095C0937913BA81A63FE9B45C44AA5B15F ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
22:03:50.0757 0x05f8 ShellHWDetection - ok
22:03:50.0795 0x05f8 [ CF3BDF9EAD8D3EF671E9339B44B185BA, C17EC6D5B00F49D9C8B5B6C262A85F34ED71C58450659F006B3632AA84F68E23 ] shpamsvc C:\WINDOWS\system32\Windows.SharedPC.AccountManager.dll
22:03:50.0857 0x05f8 shpamsvc - ok
22:03:50.0875 0x05f8 [ A34CE1830E45DA98932295FDE4B7908A, FC553ECF4D64B4B10B7FDE5352707785517A18D487A80665BAFC7261E3F35CDC ] SiSRaid2 C:\WINDOWS\system32\drivers\SiSRaid2.sys
22:03:50.0902 0x05f8 SiSRaid2 - ok
22:03:50.0926 0x05f8 [ A7B5C670770E908DA5FEF5BF1136E933, 8D3BB6FF65E631C34BE8EA766481B2FDB2E1E916A4FD67F86705A8975A136E6C ] SiSRaid4 C:\WINDOWS\system32\drivers\sisraid4.sys
22:03:50.0954 0x05f8 SiSRaid4 - ok
22:03:50.0977 0x05f8 [ D233EAE2A9D48485321816486ED635EF, 03AB49BE9CF15EB7EDC50C400E673B4DF0E5BFDA9A7811E157F2AF2F3CF38D49 ] smphost C:\WINDOWS\System32\smphost.dll
22:03:51.0030 0x05f8 smphost - ok
22:03:51.0087 0x05f8 [ 0B217141AC1283655402CDB356577735, 6EFA4CA46CFC8B7156CE7E5CA89B7F7073E16D66C2FC13F4DB95FEB78CCF698F ] SmsRouter C:\WINDOWS\system32\SmsRouterSvc.dll
22:03:51.0161 0x05f8 SmsRouter - ok
22:03:51.0192 0x05f8 [ 6F4CE07D420FB657B5936F71101ABD41, CEC52984C56E578E0FFE12BE1B8148335F788B7D1751F2D0E79B944A41113C20 ] SNMPTRAP C:\WINDOWS\System32\snmptrap.exe
22:03:51.0232 0x05f8 SNMPTRAP - ok
22:03:51.0279 0x05f8 [ C994DF90427103CCB80F893FFD2B1CE8, 7E4B08095C77E68D337A3425EEA38F8FEC4D103CA7661E34FD96BF518DFB4BCB ] spaceport C:\WINDOWS\system32\drivers\spaceport.sys
22:03:51.0317 0x05f8 spaceport - ok
22:03:51.0333 0x05f8 [ E03264C4C25B568F92ED1656AD541E64, D42942BFFBC7213D204FAF84F4FE015FC23A6ACB29B5E752834EDBC17A3AC20D ] SpbCx C:\WINDOWS\system32\drivers\SpbCx.sys
22:03:51.0364 0x05f8 SpbCx - ok
22:03:51.0418 0x05f8 [ 79DCE27E8C4CF6701BFE49EC2446BBF6, F51CBB7A45C3C878F41653FD5FBDC93CC302712B7725DAAB4D3475A1F4771E3D ] Spooler C:\WINDOWS\System32\spoolsv.exe
22:03:51.0525 0x05f8 Spooler - ok
22:03:51.0759 0x05f8 [ 23529A00195CE71252FEBF647E56E27D, 8ADF7A1C96DAE005E9A974D90BE8954F88D49B6848252B88513C49E0A3BD9774 ] sppsvc C:\WINDOWS\system32\sppsvc.exe
22:03:52.0023 0x05f8 sppsvc - ok
22:03:52.0079 0x05f8 [ E83830BB74AE8CBECEA0ECD94DE436F9, 4A34569A34260324EBD629039E1BF45A3527FC75B22D9A3DB6360A6EB365483A ] srv C:\WINDOWS\system32\DRIVERS\srv.sys
22:03:52.0143 0x05f8 srv - ok
22:03:52.0200 0x05f8 [ 55CA5329D1ADEB8F8034045930147AE4, D4F31BC82700D166564C7F9CDCEA3ABAB4A37B55137C34572768DF46FDA9320A ] srv2 C:\WINDOWS\system32\DRIVERS\srv2.sys
22:03:52.0303 0x05f8 srv2 - ok
22:03:52.0340 0x05f8 [ F13EE0DB1FB1D6946AC3228D7EFCFC8F, 109A809F0338FAB0F4045FA5EE33C6F0A994A9F586B2FBD8920A6AABA0E0EF66 ] srvnet C:\WINDOWS\system32\DRIVERS\srvnet.sys
22:03:52.0399 0x05f8 srvnet - ok
22:03:52.0435 0x05f8 [ 44758105AB3EA34E815D4B6CA1153311, 7F223A20D2538C123BAC6F75BE0E126876A116F09502FD980C05B8916E26E1B7 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
22:03:52.0503 0x05f8 SSDPSRV - ok
22:03:52.0537 0x05f8 [ B97C7EC07218A8002323718202BF5E77, 39D3254383E3F49FD3E2DFF8212F4B5744D8D5E0A6BB320516C5EE525AD211EB ] SstpSvc C:\WINDOWS\system32\sstpsvc.dll
22:03:52.0589 0x05f8 SstpSvc - ok
22:03:52.0628 0x05f8 [ 592FF34A2FD6C6351B8A3AA76B2C0A9E, 152B7472DE531AC45492F562DD470B2CE33F1EEF13BC78F26046AE5ABF54E32F ] ssudmdm C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
22:03:52.0656 0x05f8 ssudmdm - ok
22:03:52.0692 0x05f8 [ 440A795E605B324BCCDBD082770A349C, EED455B9BDF4A56339D4C7E52A97E45DC00219FB3CF1F89B6FB1785929B0552D ] ssudserd C:\WINDOWS\system32\DRIVERS\ssudserd.sys
22:03:52.0720 0x05f8 ssudserd - ok
22:03:52.0880 0x05f8 [ 4E330AD1EED4A5D582EE415FD55953A2, 2C02E1F45F74D250110BA5117AA942495CB2EBAC7F2CCECC284B4FB8F47B13E1 ] StateRepository C:\WINDOWS\system32\windows.staterepository.dll
22:03:53.0119 0x05f8 StateRepository - ok
22:03:53.0162 0x05f8 [ 29D26E1347AE1BBD4201014E19880B2C, 9E2153AD96CE4F189EEE43BB02515532C619FB1CA02D8F6DEF517AC3347AAA14 ] stexstor C:\WINDOWS\system32\drivers\stexstor.sys
22:03:53.0187 0x05f8 stexstor - ok
22:03:53.0254 0x05f8 [ 91CB95B35481155BFE29C217CD237F27, CA66957DF1441D991453BEF02D768D44E5D9A484BC23C8874E8A7AC20904CB06 ] stisvc C:\WINDOWS\System32\wiaservc.dll
22:03:53.0335 0x05f8 stisvc - ok
22:03:53.0377 0x05f8 [ 53EB8CE34B55A1EE63424C8DB7388BFC, 5AB59117BA8A2844EB8693CCC19B217AE039B28C87519F96E1C845FE9BF456C2 ] storahci C:\WINDOWS\system32\drivers\storahci.sys
22:03:53.0399 0x05f8 storahci - ok
22:03:53.0422 0x05f8 [ C5E0ACE4771F5575D9D5B457ABF3AD03, 365880BC5AC313F25C313EFB7758301F98D9B2BF4C5FC9499F98C2B7F8407D96 ] storflt C:\WINDOWS\system32\drivers\vmstorfl.sys
22:03:53.0454 0x05f8 storflt - ok
22:03:53.0469 0x05f8 [ B66D8C75C9BC59D637177AB3B1C569A6, 76252A631F03EEBF5FDC7693F6B0A5E73838CDBE3157114CC96B8BBE88B476BF ] stornvme C:\WINDOWS\system32\drivers\stornvme.sys
22:03:53.0500 0x05f8 stornvme - ok
22:03:53.0519 0x05f8 [ BEBF85EB4D90E6996047DA027D0ED26E, DF109CF0F07CDD1B9B702C2A076D4DD5366DAAD971CC9359AF0358E79981706F ] storqosflt C:\WINDOWS\system32\drivers\storqosflt.sys
22:03:53.0574 0x05f8 storqosflt - ok
22:03:53.0623 0x05f8 [ B91FBE7CB4633FEB32AFBD0B48576396, 9EFDD92E8096CE5555F8DC3C870864E5515469603C2373B99B3607234633CA66 ] StorSvc C:\WINDOWS\system32\storsvc.dll
22:03:53.0670 0x05f8 StorSvc - ok
22:03:53.0701 0x05f8 [ 8E73037A6F8938475692FFCC26EBF385, F78C5CD1A3CD17AA831EEC82426B14006B4DDBC9085A4814E04E8C37FD6B05F7 ] storufs C:\WINDOWS\system32\drivers\storufs.sys
22:03:53.0723 0x05f8 storufs - ok
22:03:53.0739 0x05f8 [ 9D9DED47DA10E845EFF2DD57C94C809B, 520D0CE7A867051B80C8141E351FE5A5BCE3C99776093F234DB77D3407B1F104 ] storvsc C:\WINDOWS\system32\drivers\storvsc.sys
22:03:53.0770 0x05f8 storvsc - ok
22:03:53.0793 0x05f8 [ 224C92E442B1B8C20C274332F1ACF00D, CDE5DCFB7A21089464A6E2ABB29BBE08B184C3433C218756AA5902A8F67C0B2C ] svsvc C:\WINDOWS\system32\svsvc.dll
22:03:53.0823 0x05f8 svsvc - ok
22:03:53.0840 0x05f8 [ 505E0C40B5D0ADDCBB414640F59BD2E0, DF4B5E65FE6FF2224F298A2A2FAC9B648C082DFF8463148633647580A9FAD34D ] swenum C:\WINDOWS\System32\drivers\swenum.sys
22:03:53.0862 0x05f8 swenum - ok
22:03:53.0894 0x05f8 [ 2EE27411B5904C63D723BEA391819F58, C88C11D460E90398E16011B8A2CED5EE5626084F24790EA6115532F8F70060C6 ] swprv C:\WINDOWS\System32\swprv.dll
22:03:53.0947 0x05f8 swprv - ok
22:03:53.0980 0x05f8 [ 32F46FB0F290D16DAA452B289C985795, 73F88AAAA6026DB4C27F1D054145216DCC3F1960946FB2A7A90518DD1D5737CB ] Synth3dVsc C:\WINDOWS\System32\drivers\Synth3dVsc.sys
22:03:54.0030 0x05f8 Synth3dVsc - ok
22:03:54.0078 0x05f8 [ FED48B19D6F55D7A3AB498D85729D1BA, FA5E0E02BC2E2DE108C55991E3B063CC947072228B53539F42F922661510DE7C ] SysMain C:\WINDOWS\system32\sysmain.dll
22:03:54.0170 0x05f8 SysMain - ok
22:03:54.0201 0x05f8 [ D9FEA79BF6AF136F8E656AE045C2FEC8, E6F08A93348E035185F0F1C6B6277E636F4F25D1136E3ACCA63488DAEEC7114B ] SystemEventsBroker C:\WINDOWS\System32\SystemEventsBrokerServer.dll
22:03:54.0255 0x05f8 SystemEventsBroker - ok
22:03:54.0293 0x05f8 [ 86E7FD5C8DBEC1EB51C4368561402B75, 86EE61414CD5854E39E33F67BF5DA4377B569B3ED4D18882C470BC6784891DA1 ] TabletInputService C:\WINDOWS\System32\TabSvc.dll
22:03:54.0339 0x05f8 TabletInputService - ok
22:03:54.0370 0x05f8 [ 3C32FF010F869BC184DF71290477384E, 55CFCEC7F026C6E2E96A2FBE846AB513BB12BB0348735274FE1B71AF019C837B ] tap0901 C:\WINDOWS\System32\drivers\tap0901.sys
22:03:54.0401 0x05f8 tap0901 - ok
22:03:54.0419 0x05f8 [ 3929C8FC134AC672C4F3F85160956257, CD3195CA58BA6F55EA0DDA2BE6AB58280AD1CA488D7AAA1539DD05FB99374F36 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
22:03:54.0470 0x05f8 TapiSrv - ok
22:03:54.0575 0x05f8 [ 4F25E481124059CC593B4C68BC485640, 2814D2BA4E83D3B0F7569E6C6EE0C763D9801BC505D8ED84675D19C8573834DB ] Tcpip C:\WINDOWS\system32\drivers\tcpip.sys
22:03:54.0686 0x05f8 Tcpip - ok
22:03:54.0771 0x05f8 [ 4F25E481124059CC593B4C68BC485640, 2814D2BA4E83D3B0F7569E6C6EE0C763D9801BC505D8ED84675D19C8573834DB ] Tcpip6 C:\WINDOWS\system32\drivers\tcpip.sys
22:03:54.0871 0x05f8 Tcpip6 - ok
22:03:54.0902 0x05f8 [ 8DBB1BE20C36E6D19BCC89EEA00B953C, 8B97A7E53E1D77363AFF6A5AAEAD89EBAE28DCB8D82753C804FD7CD5646500AF ] tcpipreg C:\WINDOWS\system32\drivers\tcpipreg.sys
22:03:54.0956 0x05f8 tcpipreg - ok
22:03:54.0971 0x05f8 [ 9D2DD64A0B51C56285512DC9454340F6, ABB90CE6A55269F71AFB08E04969CF9A4EFD93F7A7189AF920EEE3E005214DDD ] tdx C:\WINDOWS\system32\DRIVERS\tdx.sys
22:03:55.0003 0x05f8 tdx - ok
22:03:55.0040 0x05f8 [ 06130AFFECEB94525FC2352936576B70, 10EBE2C8FDC087D29E2FFB328F0F7905A5374AB8CC9FAE8699E7676DBC8CBF91 ] terminpt C:\WINDOWS\System32\drivers\terminpt.sys
22:03:55.0087 0x05f8 terminpt - ok
22:03:55.0125 0x05f8 [ FB68E5F02316C42BE7282DA492351C6F, AC31D841FEA58B776127E138DB20F8D48E26FD8C00CE2FA9695EA14EBF159A0A ] TermService C:\WINDOWS\System32\termsrv.dll
22:03:55.0225 0x05f8 TermService - ok
22:03:55.0241 0x05f8 [ 2AF438EC0D361A7BBB70E604A686602C, 4BE6A0461EB2CB94288614434A1CEC81C2ED46241721FD5BBD8ABE0680F7C804 ] Themes C:\WINDOWS\system32\themeservice.dll
22:03:55.0288 0x05f8 Themes - ok
22:03:55.0325 0x05f8 [ 1482B8ED5CACA87992A882B853B83CEE, 613247F0E362A109090E8563D977DECC50C64D45D6962905FA84A2D59329045C ] TieringEngineService C:\WINDOWS\system32\TieringEngineService.exe
22:03:55.0388 0x05f8 TieringEngineService - ok
22:03:55.0426 0x05f8 [ 3B3C607C3C62DFBEF61938DA2CAB94DF, E5EEA7F45A7BBFDF6F0003CD77E39958C451DD1B4B401876B5619A3C20F5C370 ] tiledatamodelsvc C:\WINDOWS\system32\tileobjserver.dll
22:03:55.0504 0x05f8 tiledatamodelsvc - ok
22:03:55.0526 0x05f8 [ C1F8CBE2D4843E0CCC3EFEA2EC60D4AB, 9D07527D982066922318C77AECE99280DE55034C375ACE145E827A6BEB5C3B70 ] TimeBrokerSvc C:\WINDOWS\System32\TimeBrokerServer.dll
22:03:55.0557 0x05f8 TimeBrokerSvc - ok
22:03:55.0605 0x05f8 [ 46171262D0E806779DEEDFCAB2F830CC, 7F4A4658B8BA217D99E5B5C0E01600C20DC96ECBCA32A5BA7FBE17D2A7B8BFD8 ] TPM C:\WINDOWS\System32\drivers\tpm.sys
22:03:55.0626 0x05f8 TPM - ok
22:03:55.0642 0x05f8 [ 3B91F35089240F6187AD681A5EC28BDE, 3D035CB73BC8E7831DCD0FB7D9DAD91CE51D3D0F9D9C8B866A0009BD508B6702 ] TrkWks C:\WINDOWS\System32\trkwks.dll
22:03:55.0688 0x05f8 TrkWks - ok
22:03:55.0773 0x05f8 [ 09440FA30C020B4443391FAFCF4876E3, 208C7725F70C75D8C96CCAF5B22F83B8B1C66D8C9FFF48465B1C9F4A77425569 ] TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe
22:03:55.0857 0x05f8 TrustedInstaller - ok
22:03:55.0873 0x05f8 [ A6F4025664C9D4BC2A9EDAB4092706D7, 89808A1679C0E716F86F06EE7701DCC289200894F0FA1F120DA2AC3A45FDB312 ] tsusbflt C:\WINDOWS\system32\drivers\TsUsbFlt.sys
22:03:55.0907 0x05f8 tsusbflt - ok
22:03:55.0926 0x05f8 [ 37A96AD493E110C0BF1EE0AC0F9E7DBD, F2A6894A4AEE18DF2B92222CDB0801A13AEEB7212071F0431430788339B30E23 ] TsUsbGD C:\WINDOWS\System32\drivers\TsUsbGD.sys
22:03:55.0958 0x05f8 TsUsbGD - ok
22:03:55.0989 0x05f8 [ 5A91FDBA4D3FCB56DAEB8C091B3EB8E1, 8AB91F4423125267FA8509A1C3A9AD1CBD642FA6A96D8789F9AB8CB75ABAD58C ] tsusbhub C:\WINDOWS\system32\drivers\tsusbhub.sys
22:03:56.0042 0x05f8 tsusbhub - ok
22:03:56.0073 0x05f8 [ F723552F65D44FE693DB1A383825B3A8, EF8C343C4EB5EEA4EC830378EF576CCD6CD4EEDEDD486C0F29697044E8C71F45 ] tzautoupdate C:\WINDOWS\system32\tzautoupdate.dll
22:03:56.0126 0x05f8 tzautoupdate - ok
22:03:56.0189 0x05f8 [ AA65954F512BA097DD190790876DD991, C1BB2B8F54F064D01190327B5E7949EBBDA21D6FC6F94D9FCD20F685C2F855FA ] UASPStor C:\WINDOWS\System32\drivers\uaspstor.sys
22:03:56.0227 0x05f8 UASPStor - ok
22:03:56.0242 0x05f8 [ AB6268022C3A5B529075A39C33904DA6, 2717F1704640201F2681711543EA39A74C3E89C7DB232EC5DD89FD8AA6F07846 ] UcmCx0101 C:\WINDOWS\system32\Drivers\UcmCx.sys
22:03:56.0291 0x05f8 UcmCx0101 - ok
22:03:56.0327 0x05f8 [ 7ED2EDA43D21C7A5F589A7960E265C52, 7DB8A595236FBB8A264D7AB155201357212855050ABB5B1036EF32F1223FDCC2 ] UcmTcpciCx0101 C:\WINDOWS\system32\Drivers\UcmTcpciCx.sys
22:03:56.0358 0x05f8 UcmTcpciCx0101 - ok
22:03:56.0374 0x05f8 [ 169351463039B45F5CDED9768879F712, 990C8C4AEF9ED7FF6BCEAE67F7BDAA037777B142B8D96A74F8715C941A5C63C6 ] UcmUcsi C:\WINDOWS\System32\drivers\UcmUcsi.sys
22:03:56.0405 0x05f8 UcmUcsi - ok
22:03:56.0426 0x05f8 [ 08A9E3AD29B215484FBB68CDC175DF3A, 3EFFF99C3BC4A1454E3D2B5177AE587ED3041AB4CE2A95BA7E28A2124E38E1E5 ] Ucx01000 C:\WINDOWS\system32\drivers\ucx01000.sys
22:03:56.0458 0x05f8 Ucx01000 - ok
22:03:56.0473 0x05f8 [ DA70AEE267491AA56BC63AA0C0C96CA2, 0A0AADB27607F9292BB3CE000CFDDB19BD4CA09EAAD926C4925CB43B17817AD9 ] UdeCx C:\WINDOWS\system32\drivers\udecx.sys
22:03:56.0527 0x05f8 UdeCx - ok
22:03:56.0558 0x05f8 [ FBC5ECF6D5A868D0B116C2DBB02B8168, 945AA76C60ABAD6075B5C8F9172C018F75BCF393A1CB8B329F5E68E664627775 ] udfs C:\WINDOWS\system32\DRIVERS\udfs.sys
22:03:56.0625 0x05f8 udfs - ok
22:03:56.0643 0x05f8 [ B918E40FAA9CD118CCA4AD388B748C98, 4B539B7B656F02C5E5BAEE52A677757B05CC11C5500D619850A564C28FAB8115 ] UEFI C:\WINDOWS\System32\drivers\UEFI.sys
22:03:56.0659 0x05f8 UEFI - ok
22:03:56.0674 0x05f8 [ 166B17AE1DD24D8BA8CA474C7C31148F, D34E786277093278F58EFAC957279DC4ED43A190538C875B80F5B1E0A0C30381 ] UevAgentDriver C:\WINDOWS\system32\drivers\UevAgentDriver.sys
22:03:56.0705 0x05f8 UevAgentDriver - ok
22:03:56.0759 0x05f8 [ FCA4D901FB9934DAB82ED31C4EE89A11, 8EDF8DD71C13DE77AC83D1086670E9E90C69DE379F1CF768C8B9C789254C04AA ] UevAgentService C:\WINDOWS\system32\AgentService.exe
22:03:56.0906 0x05f8 UevAgentService - ok
22:03:56.0944 0x05f8 [ 0FD75222C1AD2687AB365BEBEA400DD4, AD10DBCA59EB7D34FD8F963CE267F36774A9BC613F8D637903B12AC88C328E8A ] Ufx01000 C:\WINDOWS\system32\drivers\ufx01000.sys
22:03:56.0975 0x05f8 Ufx01000 - ok
22:03:57.0006 0x05f8 [ C1A78C53E01C641AE41BFA65797819F5, 0B9FE1BD724B3315199A1B1DA2F03255E4FE744DA3CE6CD0F77699A8E42E9359 ] UfxChipidea C:\WINDOWS\System32\drivers\UfxChipidea.sys
22:03:57.0028 0x05f8 UfxChipidea - ok
22:03:57.0044 0x05f8 [ 767307212110EBEFB93EC9A5BE9E85B9, 368797400FE54802CE74F34B773CE2AF09EB8DEA6C035B55419A52F0B5A6FAD0 ] ufxsynopsys C:\WINDOWS\System32\drivers\ufxsynopsys.sys
22:03:57.0075 0x05f8 ufxsynopsys - ok
22:03:57.0106 0x05f8 [ 8578F83EC5175920F2D8586FFF9DCE47, 049A16AC87F93E761150C8286633FFCA62EE85F5645DDE77D36BD0EB6481FF83 ] UI0Detect C:\WINDOWS\system32\UI0Detect.exe
22:03:57.0144 0x05f8 UI0Detect - ok
22:03:57.0159 0x05f8 [ DC460AAA18CA2342FBBFB2DF9B044472, 14D45E059C596AE97506D26705F248CA1C2269160B31A60341060E8A93146CBD ] umbus C:\WINDOWS\System32\drivers\umbus.sys
22:03:57.0191 0x05f8 umbus - ok
22:03:57.0206 0x05f8 [ C3CF0377917ECE6D65D7623E1E61568F, 4909695E04CBC86BFCFFBC15F332C367521054B7B4D3C141C7CA6B2E40E090B9 ] UmPass C:\WINDOWS\System32\drivers\umpass.sys
22:03:57.0244 0x05f8 UmPass - ok
22:03:57.0275 0x05f8 [ 640CF093C1CF16D5FD317616CA348F31, BEC34D1AACA83BF5A84CE01F6A668E3CA5A33C56A446DC42EFFF7C43D22E1AE6 ] UmRdpService C:\WINDOWS\System32\umrdp.dll
22:03:57.0329 0x05f8 UmRdpService - ok
22:03:57.0391 0x05f8 [ B8272BB8D4982C496FDC704809C38E02, F93855D932FB1DBBCC86E82C0FE0DC9ECF93BBD629D2CA9D0BE7E075E114B7FF ] UnistoreSvc C:\WINDOWS\System32\unistore.dll
22:03:57.0507 0x05f8 UnistoreSvc - ok
22:03:57.0560 0x05f8 [ 6CDA3536F6BAB7896A57EAB7DC07F379, 8FBE6457ECD1ABB518D9800EBA8A017774FFAA8EABD2EDC0825181A12FE9AEF6 ] upnphost C:\WINDOWS\System32\upnphost.dll
22:03:57.0607 0x05f8 upnphost - ok
22:03:57.0657 0x05f8 [ 6B46FC140C9AF68E6E7697D66D59CB4D, F018B4784D65F1A8140A6EA69C35D6A7ECE01738694052FD54AFD2B81A8F2FF8 ] UrsChipidea C:\WINDOWS\System32\drivers\urschipidea.sys
22:03:57.0672 0x05f8 UrsChipidea - ok
22:03:57.0703 0x05f8 [ B4402E7F0923F660270442CE76877ABE, 1C2DD26EAB71F75EA576E8DAABAF71FD7DC3DF807CF025617C774CEF33C0B718 ] UrsCx01000 C:\WINDOWS\system32\drivers\urscx01000.sys
22:03:57.0729 0x05f8 UrsCx01000 - ok
22:03:57.0745 0x05f8 [ 9DD431F1B94789CFB527E5D19261F124, 8F5A249A97C5B14B282E3147DD21951D2AD34B651E762814C12F4C26D74EC70C ] UrsSynopsys C:\WINDOWS\System32\drivers\urssynopsys.sys
22:03:57.0761 0x05f8 UrsSynopsys - ok
22:03:57.0777 0x05f8 [ C87E32B90F085970D9637FBAD45EF6FE, C180EACD2EE479277DA5DBF39E43B428BD7945141B2451CB3946B0C1E495E76F ] usbccgp C:\WINDOWS\System32\drivers\usbccgp.sys
22:03:57.0808 0x05f8 usbccgp - ok
22:03:57.0829 0x05f8 [ 0B663856474AC41924D9E9112203858F, 9E09F2A6279B48CAC09F8C7AA1F1BE02864D540C2ED1460CBA9FABCF0A546A1E ] usbcir C:\WINDOWS\System32\drivers\usbcir.sys
22:03:57.0861 0x05f8 usbcir - ok
22:03:57.0876 0x05f8 [ F83D2250256203AC5DA5E8601C1AFDD7, AC0D90E2DB3051798B9D287CF3D0E92FED4000822E65A82775A29CF896B76F04 ] usbehci C:\WINDOWS\System32\drivers\usbehci.sys
22:03:57.0892 0x05f8 usbehci - ok
22:03:57.0930 0x05f8 [ 7FFD26742321919590ED77FCA556D65F, F7FAB63C36F8519F5A7B9091C507F3CB580C390322FAF9155CCE7F66C965B968 ] usbhub C:\WINDOWS\System32\drivers\usbhub.sys
22:03:57.0977 0x05f8 usbhub - ok
22:03:58.0008 0x05f8 [ 7A749B2863B5561BE34B39E8E249AD8F, E5B67DFAF5407007FD0CC408D6B4BA19DF59584819FC715E9F9E0FBF3EA00AAB ] USBHUB3 C:\WINDOWS\System32\drivers\UsbHub3.sys
22:03:58.0046 0x05f8 USBHUB3 - ok
22:03:58.0062 0x05f8 [ D2109F1F4FEBF1DAC415CDC5DE876479, C8A871EBD0E5EF004BA622A73DAC36C03608CD317FDCD0A6A98608DF4CC10D55 ] usbohci C:\WINDOWS\System32\drivers\usbohci.sys
22:03:58.0109 0x05f8 usbohci - ok
22:03:58.0128 0x05f8 [ 29C9572F2D061CFC3C0BD48A3163E343, 2527DCC9E6D421F5DC40051C787A5270EB077746785465C9AA2A2AEEF47307D5 ] usbprint C:\WINDOWS\System32\drivers\usbprint.sys
22:03:58.0162 0x05f8 usbprint - ok
22:03:58.0177 0x05f8 [ 429477D6DEF3321FF7D3EF23CAAADA00, BB7D2AFE99736AAFFA8B0B2DABF7D6A6D5CB9563B1DE6A7E86CE7DC9D27F31C0 ] usbser C:\WINDOWS\System32\drivers\usbser.sys
22:03:58.0231 0x05f8 usbser - ok
22:03:58.0246 0x05f8 [ 0CC16F7B91C57AE9A4E44425A295FDAA, 7CEE11955E5742DA390601F565412C14A7481B8747C495CCD246696C56B426DC ] USBSTOR C:\WINDOWS\System32\drivers\USBSTOR.SYS
22:03:58.0262 0x05f8 USBSTOR - ok
22:03:58.0293 0x05f8 [ C917D09064CDBD18F75ADC9B2C48F847, A7F6223346CCD7E84186CD0C0715014F8E3A4398298925A43290224678620D23 ] usbuhci C:\WINDOWS\System32\drivers\usbuhci.sys
22:03:58.0325 0x05f8 usbuhci - ok
22:03:58.0347 0x05f8 [ B4F448F2424492F99F83D3676A453553, 42F1396616EA93BF91EA847B185C321B189F1A5138CA19D22397E8DB6D576973 ] usbvideo C:\WINDOWS\System32\Drivers\usbvideo.sys
22:03:58.0429 0x05f8 usbvideo - ok
22:03:58.0463 0x05f8 [ 95BCCEFBC40D06484CF16144FE79B8A5, 8ABA73C5FFEDD319FB96B807AD08716698E557522478DF1A2C5D662675636AE0 ] USBXHCI C:\WINDOWS\System32\drivers\USBXHCI.SYS
22:03:58.0494 0x05f8 USBXHCI - ok
22:03:58.0578 0x05f8 [ 4CC81AB9D380A6264FF4C0C1512CF965, 76C33053D1C9155B0F3F8392FF982AD4EABEE2BBBEE89EA41DBFE8E436973EB0 ] UserDataSvc C:\WINDOWS\System32\userdataservice.dll
22:03:58.0694 0x05f8 UserDataSvc - ok
22:03:58.0764 0x05f8 [ AA24C61D88E36BA1144072227922173D, 2EBBC827E740F72EA2E75745E585378189BC0DEE91CACD7FA31BDBC5EFCF8733 ] UserManager C:\WINDOWS\System32\usermgr.dll
22:03:58.0864 0x05f8 UserManager - ok
22:03:58.0898 0x05f8 [ C75B1B48BCAADEB0275C1EBE2EAE742D, 19875B87BDB23E5B60D6D3173FDF7A7634E81E43501529A56FFCCEE21B7E3B71 ] UsoSvc C:\WINDOWS\system32\usocore.dll
22:03:58.0996 0x05f8 UsoSvc - ok
22:03:59.0011 0x05f8 [ 6F8E95716C1A27FF2FE96D30B147F1C1, 9403E9FE8B13EE294CFBBD96649BBD54CF723CF5872E3E03DA4380379D677983 ] VaultSvc C:\WINDOWS\system32\lsass.exe
22:03:59.0034 0x05f8 VaultSvc - ok
22:03:59.0065 0x05f8 [ 0CBDE344FB48E42D78E29469F202ADBC, A1C3FBA5409DD3BBEAF1D3CE2583D6C8A621C0E4F534155EC540AFD67BC9E8CA ] vdrvroot C:\WINDOWS\system32\drivers\vdrvroot.sys
22:03:59.0080 0x05f8 vdrvroot - ok
22:03:59.0134 0x05f8 [ 0783EDE1FA94649ED7F3CEF6A734041A, 1A13A613EF6B67459031C7994FFC6F32F73E02E0F123A171618E4F011C635684 ] vds C:\WINDOWS\System32\vds.exe
22:03:59.0212 0x05f8 vds - ok
22:03:59.0233 0x05f8 [ 723195568C8755CAD57F7933C5F2C5C2, 5C403799F67223605F825BC16D217C1EF5E1A0DDF00AC6380FE8976339B67D9B ] VerifierExt C:\WINDOWS\system32\drivers\VerifierExt.sys
22:03:59.0265 0x05f8 VerifierExt - ok
22:03:59.0312 0x05f8 [ 46ADD0CD4473AAEF1C68266A803F704D, D521E46891253884CF8285E864FAE63F2E8E0974AD8D2EB4D910E8A35350844F ] vhdmp C:\WINDOWS\System32\drivers\vhdmp.sys
22:03:59.0365 0x05f8 vhdmp - ok
22:03:59.0396 0x05f8 [ 7929228F0E8B0C2FA0495A17A4FC27F6, 1F1667B10A96B1D85ED165F62A5C0EF28C37F828B8280EA08BFCC1BAC03F2C90 ] vhf C:\WINDOWS\System32\drivers\vhf.sys
22:03:59.0434 0x05f8 vhf - ok
22:03:59.0450 0x05f8 [ AEE432ED868831B1F068E373598F6D93, BAE91F47B0CB94B826CA010B490AD924D7B715911DF3FCE62F9165F3B571105C ] vmbus C:\WINDOWS\system32\drivers\vmbus.sys
22:03:59.0481 0x05f8 vmbus - ok
22:03:59.0497 0x05f8 [ 9444B23FC694B5F90F21B0FC7F10D8DD, 86F92856F5C985DD8E5993B51E85E1F47EF8C9B2FB37468998C94266963BB4BD ] VMBusHID C:\WINDOWS\System32\drivers\VMBusHID.sys
22:03:59.0534 0x05f8 VMBusHID - ok
22:03:59.0550 0x05f8 [ 4D0287F566B36536DD812A54C015FC4A, 01D6508CA59CF04A47902B1F7C202FD14A81240E0B447588D919DD1072B040CF ] vmgid C:\WINDOWS\System32\drivers\vmgid.sys
22:03:59.0581 0x05f8 vmgid - ok
22:03:59.0629 0x05f8 [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmicguestinterface C:\WINDOWS\System32\icsvc.dll
22:03:59.0683 0x05f8 vmicguestinterface - ok
22:03:59.0698 0x05f8 [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmicheartbeat C:\WINDOWS\System32\icsvc.dll
22:03:59.0735 0x05f8 vmicheartbeat - ok
22:03:59.0750 0x05f8 [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmickvpexchange C:\WINDOWS\System32\icsvc.dll
22:03:59.0797 0x05f8 vmickvpexchange - ok
22:03:59.0835 0x05f8 [ 0F621B52259D88A719AA20C6D04E3D72, 80B0528CCDE6E1B6F092787E1C0769C649698B196602859A5855134F0ECCBAE5 ] vmicrdv C:\WINDOWS\System32\icsvcext.dll
22:03:59.0913 0x05f8 vmicrdv - ok
22:03:59.0930 0x05f8 [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmicshutdown C:\WINDOWS\System32\icsvc.dll
22:03:59.0966 0x05f8 vmicshutdown - ok
22:03:59.0982 0x05f8 [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmictimesync C:\WINDOWS\System32\icsvc.dll
22:04:00.0013 0x05f8 vmictimesync - ok
22:04:00.0035 0x05f8 [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmicvmsession C:\WINDOWS\System32\icsvc.dll
22:04:00.0067 0x05f8 vmicvmsession - ok
22:04:00.0098 0x05f8 [ 0F621B52259D88A719AA20C6D04E3D72, 80B0528CCDE6E1B6F092787E1C0769C649698B196602859A5855134F0ECCBAE5 ] vmicvss C:\WINDOWS\System32\icsvcext.dll
22:04:00.0136 0x05f8 vmicvss - ok
22:04:00.0136 0x05f8 [ 29075915F9BDC3437F8BED71C067D399, 2C7718080C11DFDD4C9A2085537F78F5633369B4A27D9C64168F0249594A4AA2 ] volmgr C:\WINDOWS\system32\drivers\volmgr.sys
22:04:00.0167 0x05f8 volmgr - ok
22:04:00.0198 0x05f8 [ 6BDB6CE6D2D9E3D3F28F1C97E12B62E2, 5E77D7AF858D7B90FF395F39B86D6F96413D1DDEA28BC9FB40C5524A4DF6DAD0 ] volmgrx C:\WINDOWS\system32\drivers\volmgrx.sys
22:04:00.0232 0x05f8 volmgrx - ok
22:04:00.0236 0x05f8 [ BF2546583BB75F01DDA60A7921DFB230, 579BD0BC55F4F03CD8D1FCDAC3975A1649C688820F2F7FC1AD354132D9E3BEE9 ] volsnap C:\WINDOWS\system32\drivers\volsnap.sys
22:04:00.0283 0x05f8 volsnap - ok
22:04:00.0283 0x05f8 [ AC2E20A74D09D24485BE8396CE04F07B, 23FCE8BEE01B89E5CDCA536D75DBA6DCE3E92E13178A66836CEB7829310A89D1 ] volume C:\WINDOWS\system32\drivers\volume.sys
22:04:00.0314 0x05f8 volume - ok
22:04:00.0334 0x05f8 [ 92F6E3E6D3F1795263EB34B37F74AEF7, 33AB1ECCA1216AF1995E1DB4F11E48156FF62391D7C176C8A4CC1037B9CB3A27 ] vpci C:\WINDOWS\System32\drivers\vpci.sys
22:04:00.0351 0x05f8 vpci - ok
22:04:00.0382 0x05f8 [ FD9BCB8920973CEAD4D49DC7A6D8A618, 34AB4A485FB40DF737600006D8323BE927FB0BDA2BC170F4C123BE775EAE7CC8 ] vsmraid C:\WINDOWS\system32\drivers\vsmraid.sys
22:04:00.0398 0x05f8 vsmraid - ok
22:04:00.0482 0x05f8 [ 01FFD5AF533F2CFDF26DDDC9313731C1, BFF0F2E57CD2358AC8F519F6F5692A46D97EC4E9B763D47101CEF31712FD4738 ] VSS C:\WINDOWS\system32\vssvc.exe
22:04:00.0599 0x05f8 VSS - ok
22:04:00.0635 0x05f8 [ 0C111F220798CCE80484026E06822379, B98A5E44D3ABA67E6DE99E18BF3C2C606923E6269E262665C721F672ACBBED2A ] VSTXRAID C:\WINDOWS\system32\drivers\vstxraid.sys
22:04:00.0668 0x05f8 VSTXRAID - ok
22:04:00.0699 0x05f8 [ 607639716E9DB1CEF4E18B5B229293B4, 1D997177093F907EFE8A04AD10443BB9C355C0D7657DBD449E7EE7FCABC3ECBC ] vwifibus C:\WINDOWS\System32\drivers\vwifibus.sys
22:04:00.0783 0x05f8 vwifibus - ok
22:04:00.0799 0x05f8 [ B1ED64E628763148BF84FBE23F2AD711, 6182A39675E6049BC3DD353694720795A8E3D0331509AA8ABA4883D5C569AD5E ] vwififlt C:\WINDOWS\system32\drivers\vwififlt.sys
22:04:00.0852 0x05f8 vwififlt - ok
22:04:00.0852 0x05f8 [ 59920894C38A827091A06AF559834E47, 8B40FE0B1BA3B2A79BFF70803D039DB921F85C978724722E5E5AFF188FA75471 ] vwifimp C:\WINDOWS\System32\drivers\vwifimp.sys
22:04:00.0899 0x05f8 vwifimp - ok
22:04:00.0936 0x05f8 [ 76C1CC611352499326001F25A3ED15F8, 228BFA8A01BB1B3868576D509A2EA6F3D37FEDC8F12D4DC4E0A84CE926C6D1B1 ] W32Time C:\WINDOWS\system32\w32time.dll
22:04:01.0037 0x05f8 W32Time - ok
22:04:01.0099 0x05f8 [ 4053FB949F48647A327BC18DFEEA4374, 52511C35854A673ADCD9084FEF9BC6A339BCA0290374B81140A371D67B13A8FB ] w3logsvc C:\WINDOWS\system32\inetsrv\w3logsvc.dll
22:04:01.0200 0x05f8 w3logsvc - ok
22:04:01.0237 0x05f8 [ 85461F6AD65CCE84A7BC6D9F2A5861B3, 0C9A662F1BADF429B1DF62E91F4626DE996F84945D3A42D26A0FA09EC15CC9D7 ] W3SVC C:\WINDOWS\system32\inetsrv\iisw3adm.dll
22:04:01.0332 0x05f8 W3SVC - ok
22:04:01.0353 0x05f8 [ 55D00B785A7587F4263D125817871283, B92400B229099C1E243F2B149881A1423A2E9C8CA2D77D868B9B923BFDEC7FF2 ] WacomPen C:\WINDOWS\System32\drivers\wacompen.sys
22:04:01.0384 0x05f8 WacomPen - ok
22:04:01.0416 0x05f8 [ 1483BE4D0135C378CB61D3CD73AB3E03, B7309C9E4F370860C507BF52D17234CDF4A7FAE95D2D822714E07EF5DEC0249B ] WalletService C:\WINDOWS\system32\WalletService.dll
22:04:01.0485 0x05f8 WalletService - ok
22:04:01.0516 0x05f8 [ CEF3D306C09BEC1A800E9B4A06F859F6, 75D21F97E9F94FA97024F945AF512FEC94F88DD8073F3FAD92A6E0A9FDC586DB ] wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:04:01.0554 0x05f8 wanarp - ok
22:04:01.0554 0x05f8 [ CEF3D306C09BEC1A800E9B4A06F859F6, 75D21F97E9F94FA97024F945AF512FEC94F88DD8073F3FAD92A6E0A9FDC586DB ] wanarpv6 C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:04:01.0601 0x05f8 wanarpv6 - ok
22:04:01.0616 0x05f8 [ 85461F6AD65CCE84A7BC6D9F2A5861B3, 0C9A662F1BADF429B1DF62E91F4626DE996F84945D3A42D26A0FA09EC15CC9D7 ] WAS C:\WINDOWS\system32\inetsrv\iisw3adm.dll
22:04:01.0670 0x05f8 WAS - ok
22:04:01.0754 0x05f8 [ 30B8286F8FE1AE90A583100D45E02247, 3C86A4A5E21F9A1267EA231B20914E0A162BA4C25FE8917AD3AB6D504DA5BE0C ] wbengine C:\WINDOWS\system32\wbengine.exe
22:04:01.0870 0x05f8 wbengine - ok
22:04:01.0932 0x05f8 [ 7C4FAE7A8D55C897E5AE681B245A005F, 7E1E6299579BF02E89C5B828A1C19A43FF4E1F43D46D058F8DC0A8E6421C86A7 ] WbioSrvc C:\WINDOWS\System32\wbiosrvc.dll
22:04:02.0017 0x05f8 WbioSrvc - ok
22:04:02.0055 0x05f8 [ E330144B97D493AA886000DCAAA8DAF5, ED86F46F5A76FD8F06CA98BD61B174ADB9AD4B065394356872708DF8B614E4F9 ] wcifs C:\WINDOWS\system32\drivers\wcifs.sys
22:04:02.0086 0x05f8 wcifs - ok
22:04:02.0117 0x05f8 [ 32960EA9CF836D7DD77767DCB68CE230, 679446A4FAB0331C181D2716CAEA225267C6164BB9867E360C5B3D6AB1083195 ] Wcmsvc C:\WINDOWS\System32\wcmsvc.dll
22:04:02.0186 0x05f8 Wcmsvc - ok
22:04:02.0235 0x05f8 [ D50645235A507B0546B1B5CF7D0B8849, 19F5FE10C953B8EE8EEDA9A9F7F2E97AA193BB085E7FC364066686089ADD1C9F ] wcncsvc C:\WINDOWS\System32\wcncsvc.dll
22:04:02.0286 0x05f8 wcncsvc - ok
22:04:02.0336 0x05f8 [ AEA1093B751339267D8C8C1EF3D669CF, 8F3325E7FB16BD856A0593C36F2E3E018909038C52CD5F92E116E0C1366F31CB ] wcnfs C:\WINDOWS\system32\drivers\wcnfs.sys
22:04:02.0370 0x05f8 wcnfs - ok
22:04:02.0386 0x05f8 [ D520B1B849B6D4D707AB31722B952C2D, 149BABB7BD63C1F212ADD9306C84FFB2A5CE6DC435BD3213EAB787E9B222C61F ] WdBoot C:\WINDOWS\system32\drivers\WdBoot.sys
22:04:02.0417 0x05f8 WdBoot - ok
22:04:02.0471 0x05f8 [ 5030C76047D756263093A47B82970868, E772F15973F6DE36851DD230F1F4190746CD81CA1E7284DC074711C4BF45CAF0 ] Wdf01000 C:\WINDOWS\system32\drivers\Wdf01000.sys
22:04:02.0518 0x05f8 Wdf01000 - ok
22:04:02.0540 0x05f8 [ 29FF9199EDEB4F5470BB134D1A2563D2, 94713F98A6EA6042203D5DD0DE6758F5F0F331F7D4BB05E91EF20CEEEBD6780F ] WdFilter C:\WINDOWS\system32\drivers\WdFilter.sys
22:04:02.0580 0x05f8 WdFilter - ok
22:04:02.0595 0x05f8 [ E7A7E8803E66B7CCED95D327A4DBC135, 401ECD953D4014A95C9022822D9ACEC1A68C917281DBA2365503A473FC6D9507 ] WdiServiceHost C:\WINDOWS\system32\wdi.dll
22:04:02.0640 0x05f8 WdiServiceHost - ok
22:04:02.0640 0x05f8 [ E7A7E8803E66B7CCED95D327A4DBC135, 401ECD953D4014A95C9022822D9ACEC1A68C917281DBA2365503A473FC6D9507 ] WdiSystemHost C:\WINDOWS\system32\wdi.dll
22:04:02.0671 0x05f8 WdiSystemHost - ok
22:04:02.0735 0x05f8 [ 8CB606A3057355FD5A9DBDD1A0AC94EF, 6DD0B4A2270633086EBB569A00B87430EE6EF173525E341404B15845B57BE86D ] wdiwifi C:\WINDOWS\system32\DRIVERS\wdiwifi.sys
22:04:02.0841 0x05f8 wdiwifi - ok
22:04:02.0856 0x05f8 [ 17CF416CFF408190F5A4CBD79AB12E55, E376C8865C7EA633AE20D2CF940E4C7584AC783BAAF7941780FB6C4C84802F33 ] WdNisDrv C:\WINDOWS\system32\Drivers\WdNisDrv.sys
22:04:02.0887 0x05f8 WdNisDrv - ok
22:04:02.0903 0x05f8 WdNisSvc - ok
22:04:02.0940 0x05f8 [ 3570C4E14F85CE0B537D126727ACA91C, A474C9E6B6E4E5945C63367C1D3D24D4782C4A4FEB00FAE15DFED099D8283078 ] WebClient C:\WINDOWS\System32\webclnt.dll
22:04:03.0003 0x05f8 WebClient - ok
22:04:03.0040 0x05f8 [ 1785F9C96A0BDEC1F6E0C79EF412F342, D6D4EDA69457BEDDA69C2F60FC4C2FAC97D46CD8E9C1804CCD68F169383583E3 ] Wecsvc C:\WINDOWS\system32\wecsvc.dll
22:04:03.0119 0x05f8 Wecsvc - ok
22:04:03.0141 0x05f8 [ B9175D63527B05131F2FA504CF0265F2, 1E43A17788F1B6A29E2889C81E0BE100D64BD3A9DEE7C154D9581F01D2D7D05F ] WEPHOSTSVC C:\WINDOWS\system32\wephostsvc.dll
22:04:03.0172 0x05f8 WEPHOSTSVC - ok
22:04:03.0203 0x05f8 [ 5C58EC0C9D4DE04DCDE56F6DCEA62080, 8ED386EDF4C39C339CE0BB2AC7E199C38705E5A6B3F56A4987B9A8ABD19BB59F ] wercplsupport C:\WINDOWS\System32\wercplsupport.dll
22:04:03.0257 0x05f8 wercplsupport - ok
22:04:03.0288 0x05f8 [ F899B355CC95AF26AB36E84E8A0DD685, C400F2F80FFF6473FEF066943C4A2AFF0FFE988A4F755757A2E5005C2A10DAD8 ] WerSvc C:\WINDOWS\System32\WerSvc.dll
22:04:03.0342 0x05f8 WerSvc - ok
22:04:03.0388 0x05f8 [ E1785942AC51FEE6826CDF02075C5AA9, 56FE7017684086F4F9C3A2C0D3AC00369BA0938BA3987EEBEE9A75B8E3CA0AE1 ] WFPLWFS C:\WINDOWS\system32\drivers\wfplwfs.sys
22:04:03.0420 0x05f8 WFPLWFS - ok
22:04:03.0439 0x05f8 [ B154618505A6A9026EFA6AB8C4123BF1, 713648D71AA027B4472E7E75B942630DBE7383687984B02A5E99C9E4192C95EB ] WiaRpc C:\WINDOWS\System32\wiarpc.dll
22:04:03.0488 0x05f8 WiaRpc - ok
22:04:03.0520 0x05f8 [ 0CF79A0EACFFBB75A50A469A27696D02, E112BF7B5A8D0B0AD2EA0E7B9FD4E8CFEC9371C8E94A60248292D688AFE715C4 ] WIMMount C:\WINDOWS\system32\drivers\wimmount.sys
22:04:03.0542 0x05f8 WIMMount - ok
22:04:03.0542 0x05f8 WinDefend - ok
22:04:03.0573 0x05f8 [ 0DE131733317EB4BE67028366B0CAAC6, AC7DADBF03A3752B4D33CA19F03DBCEDD6F56893C2DA25C98B0AB07063D990E3 ] WindowsTrustedRT C:\WINDOWS\system32\drivers\WindowsTrustedRT.sys
22:04:03.0604 0x05f8 WindowsTrustedRT - ok
22:04:03.0620 0x05f8 [ 92EB5D38BDF10C790450F3E46BF93A0E, 0FC027398DBD43EDC1F7D703C0B6DB20294DF34E67C9288442039B1A5663CE1B ] WindowsTrustedRTProxy C:\WINDOWS\system32\drivers\WindowsTrustedRTProxy.sys
22:04:03.0642 0x05f8 WindowsTrustedRTProxy - ok
22:04:03.0704 0x05f8 [ C2A3B07F0118D61086C99BDCBAB6A6A3, 04D646BEF1C6F427503C594F0ECBB33140C3991A3A7AFB66B2C9581E358F9FD2 ] WinHttpAutoProxySvc C:\WINDOWS\system32\winhttp.dll
22:04:03.0789 0x05f8 WinHttpAutoProxySvc - ok
22:04:03.0820 0x05f8 [ F95DE20312ACCA7761446DE152BD1F7C, F6C5ACA500C2182437F4A7402BD81C3A2B77C0BBD78BA31FB574DC1997FCBFE6 ] WinMad C:\WINDOWS\System32\drivers\winmad.sys
22:04:03.0842 0x05f8 WinMad - ok
22:04:03.0905 0x05f8 [ CD49CA8E3280ACEEC5ECF431A59F5EFD, 75F48EFC6DEE9E06B490703EE47602AFDEA51505285B02D2CF884601E71857CC ] Winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
22:04:03.0973 0x05f8 Winmgmt - ok
22:04:04.0120 0x05f8 [ B8C0D620219ECAA23A2AC841EAF454D1, FB527C4D36929D7FAE2A837727C557B7823A72069EBCAB7D16C49E8B21E8D952 ] WinRM C:\WINDOWS\system32\WsmSvc.dll
22:04:04.0304 0x05f8 WinRM - ok
22:04:04.0357 0x05f8 [ 4EFB346BFDAEEB29316AA52BBB9852B1, 4BC5554F44BD9549D0A929D77BD410FA3EB502A7D0170303D369268672505494 ] WINUSB C:\WINDOWS\System32\drivers\WinUSB.SYS
22:04:04.0389 0x05f8 WINUSB - ok
22:04:04.0404 0x05f8 [ 8B9AFF5F08E66A6F1F1063DEC9457FB6, 98F2AF6988D125521FD34CAA48B9652922F0C8ECFAE9B0C1DF4B3CE6B9CF500F ] WinVerbs C:\WINDOWS\System32\drivers\winverbs.sys
22:04:04.0443 0x05f8 WinVerbs - ok
22:04:04.0489 0x05f8 [ ECD999D8412A3473C26B118F89DB9908, 5FB9B93E4B5482CCFF01D805DFA386FD8D3441BC81E7BD5DF89EE3078FD724F3 ] wisvc C:\WINDOWS\system32\flightsettings.dll
22:04:04.0574 0x05f8 wisvc - ok
22:04:04.0674 0x05f8 [ 7671078AEF4C0203B053A9642C401FF7, BBFADA89CD31F20ADDBFAFAD2E492C72D82BF2F8B823BB6773F04D229B62534C ] WlanSvc C:\WINDOWS\System32\wlansvc.dll
22:04:04.0821 0x05f8 WlanSvc - ok
22:04:04.0933 0x05f8 [ E15711970C5BE05E8D70B294D0AFF621, 30670CFC4DA57B4A3E0E895E4111100D847BB8041A258A303524CD96DC566482 ] wlidsvc C:\WINDOWS\system32\wlidsvc.dll
22:04:05.0075 0x05f8 wlidsvc - ok
22:04:05.0107 0x05f8 [ 6F4F4F5A007D1710BD76FB311DA97C07, FC0FEA4364F6BA4E31DBC82735D09D429CA3BE9AFCFF5D5E1263D8B27FC2CE3E ] WmiAcpi C:\WINDOWS\System32\drivers\wmiacpi.sys
22:04:05.0122 0x05f8 WmiAcpi - ok
22:04:05.0172 0x05f8 [ 3CDDFF6CAD962C5EF1C52FD667C358B6, F6F09145E9461EB17172988D26749FCF36920A1A683459334D04A6D072B31A92 ] wmiApSrv C:\WINDOWS\system32\wbem\WmiApSrv.exe
22:04:05.0218 0x05f8 wmiApSrv - ok
22:04:05.0244 0x05f8 WMPNetworkSvc - ok
22:04:05.0275 0x05f8 [ 43C8D087B31C592163B33A4BDA540E40, 3A6C4E5E56931B29321DCC723585F2F0E804EF4DCDEAB2A8687F30FC3AE70E43 ] Wof C:\WINDOWS\system32\drivers\Wof.sys
22:04:05.0307 0x05f8 Wof - ok
22:04:05.0391 0x05f8 [ 909CB4BBF7B08E78C363000E09E79A6F, 217205D1B5EE03274AFF9405AED6D2A5665CBA4C3876E84B53DA44920CDF9CB1 ] workfolderssvc C:\WINDOWS\system32\workfolderssvc.dll
22:04:05.0541 0x05f8 workfolderssvc - ok
22:04:05.0545 0x05f8 [ F02930EB91596042F2221397D60AFCE5, 10E2AB0993B67CBAA9E11C68280608965064EC9F7E0C570F5B453FACADB8AB5D ] WPDBusEnum C:\WINDOWS\system32\wpdbusenum.dll
22:04:05.0608 0x05f8 WPDBusEnum - ok
22:04:05.0644 0x05f8 [ 75A9284F01FE7CB1A7D5EAE5C1EB4F33, 390EF23AEA06D8711555F7979FF8BE0620B53C1A551638C4EC6FB7C6678965B3 ] WpdUpFltr C:\WINDOWS\system32\drivers\WpdUpFltr.sys
22:04:05.0661 0x05f8 WpdUpFltr - ok
22:04:05.0792 0x05f8 [ 60E2EB3E7B7F15C25E02462159F90707, D8344B529EEC0D4922CAC3E6897CC9F191ACF1376017BE38ED6BF6019F1ED181 ] WpnService C:\WINDOWS\system32\WpnService.dll
22:04:05.0876 0x05f8 WpnService - ok
22:04:05.0892 0x05f8 [ C7C91FB86A3C6CD7619725A88ED1884C, 132C43C518F37BF303D768BD5FB0AB835F693C43FE693937D804A34E940D770F ] WpnUserService C:\WINDOWS\System32\WpnUserService.dll
22:04:05.0945 0x05f8 WpnUserService - ok
22:04:06.0008 0x05f8 [ 36D7B73ADC3E10607ED6EC874AFB5D1E, 1737B3E4D2CA76BB27903BF460E4960E6A0BC32D35069AC7C5E4B07F625F3282 ] ws2ifsl C:\WINDOWS\system32\drivers\ws2ifsl.sys
22:04:06.0061 0x05f8 ws2ifsl - ok
22:04:06.0092 0x05f8 [ 9A0E0B836413EB0BC885532D2A5389D6, AFEE4A0578D5581E4D72999A33C0DEA6253BD891F611AFF9AFDE4160A60105F3 ] wscsvc C:\WINDOWS\System32\wscsvc.dll
22:04:06.0161 0x05f8 wscsvc - ok
22:04:06.0161 0x05f8 WSearch - ok
22:04:06.0277 0x05f8 [ 5163F5BABAE1FF8CCC0AFD60B6EDD20A, E4F3FC2D7E9995DD34D6DD392D33B51649077985ECA0BF2AF0552D72DC3DF08E ] wuauserv C:\WINDOWS\system32\wuaueng.dll
22:04:06.0446 0x05f8 wuauserv - ok
22:04:06.0493 0x05f8 [ AED7FE551E8672B824A56324076183EB, FFE543AAEFDEFFE6B20C244DB141A9425BDA88ED36F4870F0B70FEC433BDF0C1 ] WudfPf C:\WINDOWS\system32\drivers\WudfPf.sys
22:04:06.0524 0x05f8 WudfPf - ok
22:04:06.0546 0x05f8 [ CEFAB17FD7DFCFA515626C306262E89D, 9D2B728DDD478580987E2DB7AA4DA81D77F3362F536AC1CADED20EB6ECEBB55D ] WUDFRd C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
22:04:06.0593 0x05f8 WUDFRd - ok
22:04:06.0624 0x05f8 [ 47F6450F28BAA32B2AB0D6BE00996249, C8A47D6ADF89AD613AB685C6224B9099DCEFDCD8ABCF703542AFDC356404116E ] wudfsvc C:\WINDOWS\System32\WUDFSvc.dll
22:04:06.0663 0x05f8 wudfsvc - ok
22:04:06.0663 0x05f8 [ CEFAB17FD7DFCFA515626C306262E89D, 9D2B728DDD478580987E2DB7AA4DA81D77F3362F536AC1CADED20EB6ECEBB55D ] WUDFWpdFs C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
22:04:06.0709 0x05f8 WUDFWpdFs - ok
22:04:06.0725 0x05f8 [ CEFAB17FD7DFCFA515626C306262E89D, 9D2B728DDD478580987E2DB7AA4DA81D77F3362F536AC1CADED20EB6ECEBB55D ] WUDFWpdMtp C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
22:04:06.0762 0x05f8 WUDFWpdMtp - ok
22:04:06.0826 0x05f8 [ E231728BC515A4B85543AF74A1FEDFCB, 5D250D7D789B5BB56BFA2E7A109BCEB3686B7636C54D89F4E9804101D145C955 ] WwanSvc C:\WINDOWS\System32\wwansvc.dll
22:04:06.0943 0x05f8 WwanSvc - ok
22:04:06.0994 0x05f8 [ F39D6915451D9226AC9A5E7AE70E2ABA, E05D678DC0423A4D0EB8B3BB5A942721BB4F3B0BED22748252DBD6053FE956F1 ] XblAuthManager C:\WINDOWS\System32\XblAuthManager.dll
22:04:07.0095 0x05f8 XblAuthManager - ok
22:04:07.0148 0x05f8 [ 765FF96467A26C4C03281ECA426EC2D9, 2526B03C518D72F429C29BA4D4F11707AF277BF71520A1A92238A932950AE161 ] XblGameSave C:\WINDOWS\System32\XblGameSave.dll
22:04:07.0248 0x05f8 XblGameSave - ok
22:04:07.0298 0x05f8 [ 9627BBAA50878F6833A6A7843EE3B1D9, 637566BB56501C4D11E3B6E6AC1C602D880C9D357CCE3DF1DF74EE672744F2B7 ] xboxgip C:\WINDOWS\System32\drivers\xboxgip.sys
22:04:07.0395 0x05f8 xboxgip - ok
22:04:07.0449 0x05f8 [ 335E6F2BE58523B295945C840C185B00, 94ED7E2CB212A3D55B8A2CB90CD1D02A6AF92DC0DDD487CB5B7CAC9883343460 ] XboxNetApiSvc C:\WINDOWS\system32\XboxNetApiSvc.dll
22:04:07.0546 0x05f8 XboxNetApiSvc - ok
22:04:07.0564 0x05f8 [ 63088A3361D9A308F328F11E9099DD87, E03FDB932FC57F199C8F8A8EADA338BDF7D2F9C6CB8FAB679A92B48B1E5AFE8A ] xinputhid C:\WINDOWS\System32\drivers\xinputhid.sys
22:04:07.0627 0x05f8 xinputhid - ok
22:04:07.0627 0x05f8 ================ Scan global ===============================
22:04:07.0680 0x05f8 [ 0C710DB449712EE13ACE733695DB7780, BBC7875B38D318CE4E88979D083AC72E8993254A466A8A6882DDE9E0C3B687A3 ] C:\WINDOWS\system32\basesrv.dll
22:04:07.0695 0x05f8 [ C509CCD23B086DFC9EAF86E280043672, BF431DC1C618BAF0CB67976C5A8BCCDC3F3CB266F83C614D605BA559BA8EDFD8 ] C:\WINDOWS\system32\winsrv.dll
22:04:07.0727 0x05f8 [ 1EE06E957B0B2CA52D26DA7861E160EF, 4B743A1C7010138F5F6684BBCF7CAD6FD05F49920BDD3FDB776347AA6B44AB94 ] C:\WINDOWS\system32\sxssrv.dll
22:04:07.0764 0x05f8 [ 3C69CC28665854F1AAB4B4005005FA31, 2750F5ECCD448C07E3402AA64EA625D27C6BC1D000A3FFE57C03D62428BB46C4 ] C:\WINDOWS\system32\services.exe
22:04:07.0780 0x05f8 [ Global ] - ok
22:04:07.0780 0x05f8 ================ Scan MBR ==================================
22:04:07.0795 0x05f8 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
22:04:07.0880 0x05f8 \Device\Harddisk0\DR0 - ok
22:04:07.0880 0x05f8 ================ Scan VBR ==================================
22:04:07.0911 0x05f8 [ 44DFC96D785AC01368E60A7E5EE904A3 ] \Device\Harddisk0\DR0\Partition1
22:04:07.0911 0x05f8 \Device\Harddisk0\DR0\Partition1 - ok
22:04:07.0926 0x05f8 [ 2D524F05766D084E9BC1747B63390F77 ] \Device\Harddisk0\DR0\Partition2
22:04:07.0926 0x05f8 \Device\Harddisk0\DR0\Partition2 - ok
22:04:07.0926 0x05f8 [ D2F21810D4ECEF8FA48F02734BDDE489 ] \Device\Harddisk0\DR0\Partition3
22:04:07.0945 0x05f8 \Device\Harddisk0\DR0\Partition3 - ok
22:04:07.0964 0x05f8 [ 1A7CB68C1DB7C79DBC8C3189D0F749BC ] \Device\Harddisk0\DR0\Partition4
22:04:07.0964 0x05f8 \Device\Harddisk0\DR0\Partition4 - ok
22:04:07.0979 0x05f8 [ DD58AB44A7EEDA7B577140966C6AB69C ] \Device\Harddisk0\DR0\Partition5
22:04:07.0979 0x05f8 \Device\Harddisk0\DR0\Partition5 - ok
22:04:07.0995 0x05f8 ================ Scan generic autorun ======================
22:04:08.0164 0x05f8 [ 0D907B3A3F181AECC90DF5F7E3FFD5D4, 38689C39183F7E77EAADE529DBCA712613CB544B7DBBDADD8AC25FD465820692 ] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
22:04:08.0380 0x05f8 Malwarebytes TrayApp - ok
22:04:08.0396 0x05f8 WindowsDefender - ok
22:04:08.0449 0x05f8 [ CD0362AEE36CFE1EF5DF973230742E67, 9F1D8AD4E09D16C39CD6A35CB298456468C1808226FFA8AD65BF9562A6ECC07D ] C:\Program Files (x86)\PDF24\pdf24.exe
22:04:08.0527 0x05f8 PDFPrint - ok
22:04:08.0911 0x05f8 [ 1496120E3867FD75AE5D4EAD6E618E7A, 8D8A2FD43D33A3F7A177783921BB7E50FECBAEF1E09CD42BCDC851375F3294D1 ] C:\Windows\SysWOW64\OneDriveSetup.exe
22:04:09.0212 0x05f8 OneDriveSetup - ok
22:04:09.0481 0x05f8 [ 1496120E3867FD75AE5D4EAD6E618E7A, 8D8A2FD43D33A3F7A177783921BB7E50FECBAEF1E09CD42BCDC851375F3294D1 ] C:\Windows\SysWOW64\OneDriveSetup.exe
22:04:09.0751 0x05f8 OneDriveSetup - ok
22:04:09.0951 0x05f8 [ 1D7DD340E13DF9585EABB849CFC3E11B, 31CCD9753402DC030C641214B4ECB48A757BCD9F427A143A88745C62EFF87766 ] C:\Users\Anna\AppData\Local\Microsoft\OneDrive\OneDrive.exe
22:04:09.0998 0x05f8 OneDrive - ok
22:04:10.0381 0x05f8 [ A70E699E0B0DD9C2B3B35E9A8167F903, 6CC7AFFEED646AA9C46C709C8B36751CA9EBCDDC70438ECE1D1328E6C1A02421 ] C:\Program Files\CCleaner\CCleaner64.exe
22:04:10.0640 0x05f8 CCleaner Monitoring - ok
22:04:10.0998 0x05f8 [ 1496120E3867FD75AE5D4EAD6E618E7A, 8D8A2FD43D33A3F7A177783921BB7E50FECBAEF1E09CD42BCDC851375F3294D1 ] C:\Windows\SysWOW64\OneDriveSetup.exe
22:04:11.0261 0x05f8 OneDriveSetup - ok
22:04:11.0498 0x05f8 [ 2781E6EF593909A8B73FE1AD397F778A, E892D6C57F8903E20129E75A9B877690229280FD8106B5C7F96173175EA1AC4E ] C:\Program Files (x86)\Windows Mail\wab.exe
22:04:11.0595 0x05f8 WAB Migrate - ok
22:04:11.0597 0x05f8 Waiting for KSN requests completion. In queue: 234
22:04:12.0663 0x05f8 AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.10.14393.187 ), 0x61100 ( enabled : updated )
22:04:12.0678 0x05f8 Win FW state via NFP2: enabled ( trusted )
22:04:13.0317 0x05f8 ============================================================
22:04:13.0317 0x05f8 Scan finished
22:04:13.0317 0x05f8 ============================================================
22:04:13.0348 0x0928 Detected object count: 0
22:04:13.0348 0x0928 Actual detected object count: 0
Nochmal: Schritt 1: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org
Database version:
main: v2016.12.11.05
rootkit: v2016.11.20.01
Windows 10 x64 NTFS
Internet Explorer 11.447.14393.0
Anna :: DELL-PC [administrator]
11.12.2016 21:35:51
mbar-log-2016-12-11 (21-35-51).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 337513
Time elapsed: 17 minute(s), 30 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
|
|
12.12.2016, 10:24
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | pC sehr langsam, Werbung ploppt auf beim Browseröffnen, nicht löschbare Datei im Downloadordner Adware/Junkware/Toolbars entfernen Alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop! Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren! 1. Schritt: adwCleaner Downloade Dir bitte  AdwCleaner auf deinen Desktop.
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.12.2016, 19:16
| #12 |
| | pC sehr langsam, Werbung ploppt auf beim Browseröffnen, nicht löschbare Datei im Downloadordner Guten und gemütlichen Abend, lieber Cosinus. Ich habe aus Versehen die von mir heruntergeladene Malwarebytes Version gelöscht (ich sollte ja nix auf eigene Faust unternehmen). Hoffe, das ist nicht schlimm. Habe sie im Kopf mit dem AdwCleaner verwechselt.  Windows Defender habe ich ausgemacht. Es läuft also keine Schutzsoftware mehr auf dem Rechner wie besprochen (btw wusste gar nicht, dass ich noch eine andere Schutzsoftware als das bereits deinstallierte Avast hatte). Ich habe keinen JRT auf dem Rechner gehabt und alte Version von AdwCleaner habe ich auch nicht gefunden unter Programme und Features zum deinstallieren. Es gab nur noch einen Ordner auf C:, mit dem ich natürlich nix gemacht habe. Ich hoffe, das war auch so in Ordnung. Hatte jetzt einfach den aktuellen AdwCleaner heruntergeladen und Suchlauf gestartet wie beschrieben. Liebste Grüße Anna Mimi Schritt 1: Code:
ATTFilter # AdwCleaner v6.040 - Bericht erstellt am 12/12/2016 um 18:52:30
# Aktualisiert am 02/12/2016 von Malwarebytes
# Datenbank : 2016-12-11.2 [Server]
# Betriebssystem : Windows 10 Pro (X64)
# Benutzername : Anna - DELL-PC
# Gestartet von : C:\Users\Anna\Downloads\AdwCleaner_6.040.exe
# Modus: Suchlauf
# Unterstützung : https://www.malwarebytes.com/support
***** [ Dienste ] *****
Keine schädlichen Dienste gefunden.
***** [ Ordner ] *****
Keine schädlichen Ordner gefunden.
***** [ Dateien ] *****
Keine schädlichen Dateien gefunden.
***** [ DLL ] *****
Keine infizierten DLLs gefunden.
***** [ WMI ] *****
Keine schädlichen Schlüssel gefunden.
***** [ Verknüpfungen ] *****
Keine infizierten Verknüpfungen gefunden.
***** [ Aufgabenplanung ] *****
Keine schädlichen Aufgaben gefunden.
***** [ Registrierungsdatenbank ] *****
Keine schädlichen Elemente in der Registrierungsdatenbank gefunden.
***** [ Internetbrowser ] *****
Keine schädlichen Elemente in Firefox basierten Browsern gefunden.
Keine schädlichen Elemente in Chrome basierten Browsern gefunden.
*************************
C:\AdwCleaner\AdwCleaner[S0].txt - [1185 Bytes] - [12/12/2016 18:52:30]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1258 Bytes] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.9 (09.30.2016)
Operating System: Windows 10 Pro x64
Ran by Anna (Administrator) on 12.12.2016 at 18:57:00,00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 3
Successfully deleted: C:\ProgramData\pc1data (Folder)
Successfully deleted: C:\Users\Anna\Appdata\LocalLow\company (Folder)
Successfully deleted: C:\WINDOWS\wininit.ini (File)
Deleted the following from C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\3o2q61ea.default\prefs.js
user_pref(browser.search.searchengine.desc, this is my first firefox searchEngine);
user_pref(browser.search.searchengine.ptid, cor);
user_pref(browser.search.searchengine.uid, ST750LM022XHN-M750MBB_S2Y7J9FDB04103);
Registry: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12.12.2016 at 18:59:32,49
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
13.12.2016, 10:18
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | pC sehr langsam, Werbung ploppt auf beim Browseröffnen, nicht löschbare Datei im Downloadordner Dann zeig mal frische FRST Logs. Haken setzen bei addition.txt dann auf Untersuchen klicken
__________________ Logfiles bitte immer in CODE-Tags posten Geändert von cosinus (13.12.2016 um 11:36 Uhr) |
|
13.12.2016, 11:25
| #14 |
| | pC sehr langsam, Werbung ploppt auf beim Browseröffnen, nicht löschbare Datei im Downloadordner Entschuldigung... Den letzten Beitrag verstehe ich nicht... Ich hatte dieselben Anweisungen gestern bekommen und alles erledigt -- siehe Ergebnisse Post Nr. 12. Hab ich was verkehrt gemacht, oder warum das Gleiche nochmal? Was soll ich als nächstes machen? LG Anna Mimi |
|
13.12.2016, 11:36
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | pC sehr langsam, Werbung ploppt auf beim Browseröffnen, nicht löschbare Datei im Downloadordner Hab mich verklickt. Ist korrigiert.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu pC sehr langsam, Werbung ploppt auf beim Browseröffnen, nicht löschbare Datei im Downloadordner |
| .dll, antivirus, avast, bing-suchmaschine, defender, desktop, explorer, flash player, frage, google, hijack, homepage, hängt, infizierte, install.exe, internet, internet explorer, langsam, logfile, mozilla, nicht löschbare datei, popup, prozesse, realtek, usb, werbung, windows |
Linear-Darstellung
