| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Willkürlich öffnen von Tabs bei jeglichem BrowserWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
25.01.2017, 14:43
| #1 |
| |  Willkürlich öffnen von Tabs bei jeglichem Browser Hi zusammen, wie im Thema schon geschrieben habe ich bei jeder Seite die ich öffne mehrere Tabs mit Werbung/Spielen/etc., die sich öffnen. Meine Virenscanner (Windows Defender, Kaspersky) haben nichts gefunden. Mein PC ist auf Win10 und ich habe Chrome, Firefox und Microsoft Edge ausprobiert. Gibt bei jedem Browser das gleiche Problem. Für jegliche Hilfe bin ich sehr Dankbar! Viele Grüße Jannik Senger |
|
25.01.2017, 20:28
| #2 |
| /// TB-Ausbilder   | Willkürlich öffnen von Tabs bei jeglichem Browser Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Danke für deine Mitarbeit! Zur ersten Analyse bitte FRST und TDSS-Killer ausführen: Schritt 1 Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
Schritt 2 Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
Bitte poste mit deiner nächsten Antwort
|
|
25.01.2017, 21:35
| #3 |
| | Willkürlich öffnen von Tabs bei jeglichem Browser Hi Matthias,
__________________vielen Dank für die schnelle Antwort und deine Hilfe! FRST.txt: FRST Logfile: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 25-01-2017 01
durchgeführt von Melli (Administrator) auf LAPTOP-9PNHF3HP (25-01-2017 21:02:56)
Gestartet von C:\Users\Melli\Downloads
Geladene Profile: Melli (Verfügbare Profile: Melli)
Platform: Windows 10 Home Version 1607 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Edge)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(pdfforge GmbH) C:\Program Files\PDF Architect 4\creator-ws.exe
(© pdfforge GmbH.) C:\ProgramData\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA System Driver\RMService.exe
() C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\System Setting\TCrdMain_Win8.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
() C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TosWififind.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
==================== Registry (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3873000 2016-06-02] (ELAN Microelectronics Corp.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [599384 2015-06-05] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc.)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [180016 2015-06-08] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [354144 2013-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\Toshiba\System Setting\TCrdMain_Win8.exe [511280 2015-06-23] (TOSHIBA Corporation)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-12-05] (Microsoft Corporation)
HKLM-x32\...\Run: [isa] => C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [330240 2015-02-26] ()
HKU\S-1-5-21-3558395630-511898349-2301767398-1001\...\Run: [Security Utility] => C:\Users\Melli\AppData\Local\\securityutility\\securityutility\\2.1.0.2\securityutility.exe [321136 2016-03-31] (TODO: <Company name>)
HKU\S-1-5-21-3558395630-511898349-2301767398-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Ribbons.scr [151040 2016-07-16] (Microsoft Corporation)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\Parameters: [NameServer] 82.163.143.176 82.163.142.178
Tcpip\..\Interfaces\{1117ff53-f7c2-4264-94ce-1f627bb7fde2}: [NameServer] 82.163.143.176 82.163.142.178
Tcpip\..\Interfaces\{1117ff53-f7c2-4264-94ce-1f627bb7fde2}: [DhcpNameServer] 82.163.143.176
Tcpip\..\Interfaces\{61c17897-e7de-4697-a754-9f685be40562}: [NameServer] 82.163.143.176 82.163.142.178
Tcpip\..\Interfaces\{61c17897-e7de-4697-a754-9f685be40562}: [DhcpNameServer] 82.163.143.176
Tcpip\..\Interfaces\{9ca7ae57-853d-498e-91ba-4b9a73378b81}: [NameServer] 82.163.143.176 82.163.142.178
Tcpip\..\Interfaces\{9ca7ae57-853d-498e-91ba-4b9a73378b81}: [DhcpNameServer] 82.163.143.176
Tcpip\..\Interfaces\{ccde9c92-c960-4d1a-bcaf-9d566ec72b1f}: [NameServer] 82.163.143.157 82.163.142.159
Tcpip\..\Interfaces\{ccde9c92-c960-4d1a-bcaf-9d566ec72b1f}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3558395630-511898349-2301767398-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba15.msn.com/?pc=TBTE
HKU\S-1-5-21-3558395630-511898349-2301767398-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://toshiba.eu/symbaloo_10c1
SearchScopes: HKU\S-1-5-21-3558395630-511898349-2301767398-1001 -> DefaultScope {01591CF5-AB81-471F-869D-36766194D1FA} URL =
SearchScopes: HKU\S-1-5-21-3558395630-511898349-2301767398-1001 -> {01591CF5-AB81-471F-869D-36766194D1FA} URL =
SearchScopes: HKU\S-1-5-21-3558395630-511898349-2301767398-1001 -> {23271351-2D9D-4A2B-A8F2-38264E8DFE3A} URL = hxxp://go.web.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-3558395630-511898349-2301767398-1001 -> {97EDA06C-14DF-4A18-AF00-1EAAF8BB712D} URL = hxxp://go.mail.com/tb/en-us/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-3558395630-511898349-2301767398-1001 -> {B34F777D-09F5-4F64-8BA5-B547462BE510} URL = hxxp://go.gmx.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-3558395630-511898349-2301767398-1001 -> {DFC28538-8785-4C0D-852B-C86B0E5C91E9} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-12-28] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-12-28] (Microsoft Corporation)
BHO-x32: PDF Architect 4 Helper -> {38279E1A-7019-40C1-B579-E99DFB3312E8} -> C:\Program Files (x86)\PDF Architect 4\creator-ie-helper.dll [2016-08-05] (pdfforge GmbH)
Toolbar: HKLM-x32 - PDF Architect 4 Toolbar - {23FD9C33-A9E1-48A1-8404-E5925CF1C8E1} - C:\Program Files (x86)\PDF Architect 4\creator-ie-plugin.dll [2016-08-05] (pdfforge GmbH)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-3558395630-511898349-2301767398-1001 -> hxxp://go.gmx.net/tb/ie_startpage
FireFox:
========
FF ProfilePath: C:\Users\Melli\AppData\Roaming\Mozilla\Firefox\Profiles\67hoppzq.default [2017-01-07]
FF HKLM\...\Firefox\Extensions: [pdf_architect_4_conv@pdfarchitect.org] - C:\Program Files\PDF Architect 4\resources\pdfarchitect4firefoxextension
FF Extension: (PDF Architect 4 Creator) - C:\Program Files\PDF Architect 4\resources\pdfarchitect4firefoxextension [2016-12-14] [ist nicht signiert]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\TXE Components\IPT\npIntelWebAPIIPT.dll [2014-07-01] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\TXE Components\IPT\npIntelWebAPIUpdater.dll [2014-07-01] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-12-28] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-23] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-23] (Google Inc.)
FF Plugin-x32: PDF Architect 4 -> C:\Program Files (x86)\PDF Architect 4\np-previewer.dll [2016-08-05] (pdfforge GmbH)
Chrome:
=======
CHR StartupUrls: Default -> "hxxp://google.de/"
CHR Profile: C:\Users\Melli\AppData\Local\Google\Chrome\User Data\Default [2017-01-25]
CHR Extension: (Google Präsentationen) - C:\Users\Melli\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-03-31]
CHR Extension: (Google Docs) - C:\Users\Melli\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-31]
CHR Extension: (Google Drive) - C:\Users\Melli\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-31]
CHR Extension: (YouTube) - C:\Users\Melli\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-31]
CHR Extension: (Google Tabellen) - C:\Users\Melli\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-31]
CHR Extension: (Google Docs Offline) - C:\Users\Melli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-31]
CHR Extension: (MapsGalaxy) - C:\Users\Melli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn [2016-11-27]
CHR Extension: (Cath Kidston) - C:\Users\Melli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlpkmaeinmnbiadacenijnhlolneopm [2016-04-03]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Melli\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-23]
CHR Extension: (Google Mail) - C:\Users\Melli\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-31]
CHR Extension: (Chrome Media Router) - C:\Users\Melli\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-23]
==================== Dienste (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3699904 2016-12-28] (Microsoft Corporation)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [144608 2016-06-02] (ELAN Microelectronics Corp.)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [382440 2016-08-19] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
S3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [330240 2015-02-26] () [Datei ist nicht signiert]
R2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-02-26] () [Datei ist nicht signiert]
R2 jhi_service; C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe [174368 2015-04-21] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-06-12] ()
S3 PDF Architect 4; C:\Program Files\PDF Architect 4\ws.exe [2438880 2016-08-05] (pdfforge GmbH)
S3 PDF Architect 4 CrashHandler; C:\Program Files\PDF Architect 4\crash-handler-ws.exe [1038048 2016-08-05] (pdfforge GmbH)
R2 PDF Architect 4 Creator; C:\Program Files\PDF Architect 4\creator-ws.exe [851168 2016-08-05] (pdfforge GmbH)
R2 PDF Architect 4 Manager; C:\ProgramData\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe [959248 2015-10-05] (© pdfforge GmbH.)
R3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [120392 2015-11-17] (Toshiba Europe GmbH)
R2 TOSRMService; C:\Program Files (x86)\TOSHIBA\TOSHIBA System Driver\RMService.exe [326960 2015-06-24] (TOSHIBA)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3831200 2015-06-12] (Intel® Corporation)
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
S3 klvssbrigde64; "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\vssbridge64.exe" [X]
===================== Treiber (Nicht auf der Ausnahmeliste) ======================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 ETDSMBus; C:\WINDOWS\System32\drivers\ETDSMBus.sys [31832 2016-06-02] (ELAN Microelectronic Corp.)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [230144 2016-11-11] (Intel Corporation)
R3 igfxLP; C:\WINDOWS\system32\DRIVERS\igdkmd64lp.sys [7401968 2016-08-19] (Intel Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw02.sys [3776792 2015-06-21] (Intel Corporation)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-24] (Realtek Semiconductor Corp.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [895256 2016-03-31] (Realtek )
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [45720 2015-06-13] (Toshiba Corporation)
R3 TXEIx64; C:\WINDOWS\System32\drivers\TXEIx64.sys [146232 2015-06-26] (Intel Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-01-25 21:02 - 2017-01-25 21:03 - 00017329 _____ C:\Users\Melli\Downloads\FRST.txt
2017-01-25 21:02 - 2017-01-25 21:02 - 00000000 ____D C:\FRST
2017-01-25 21:00 - 2017-01-25 21:02 - 02420736 _____ (Farbar) C:\Users\Melli\Downloads\FRST64.exe
2017-01-25 14:38 - 2016-12-21 08:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-01-25 14:38 - 2016-12-21 05:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2017-01-25 14:28 - 2017-01-25 14:28 - 00003972 _____ C:\WINDOWS\System32\Tasks\{02E17B1C-B54A-CCB7-4AC8-5E103AF43BDE}
2017-01-25 14:28 - 2017-01-25 14:28 - 00000000 ____D C:\ProgramData\{A25F479B-15F4-F030-6C0B-9BC1C0B7360A}
2017-01-25 14:27 - 2017-01-25 14:28 - 00000000 ____D C:\ProgramData\48f6a211-5805-0
2017-01-25 14:27 - 2017-01-25 14:27 - 00003972 _____ C:\WINDOWS\System32\Tasks\{10668AF7-A7CD-3D5C-9CB1-AF35A6CAF2E3}
2017-01-25 14:27 - 2017-01-25 14:27 - 00000000 ____D C:\ProgramData\48f6a211-6f71-1
2017-01-25 14:27 - 2017-01-25 14:27 - 00000000 ____D C:\ProgramData\{34703C29-83DB-8B82-F86E-D7BDA9328C51}
2017-01-24 21:06 - 2017-01-24 21:06 - 00003972 _____ C:\WINDOWS\System32\Tasks\{DEA6D0C3-690D-6768-CC5D-CCAA6F0AA319}
2017-01-24 21:06 - 2017-01-24 21:06 - 00003972 _____ C:\WINDOWS\System32\Tasks\{D2495F22-65E2-E889-6BC5-AE08620FC339}
2017-01-24 21:06 - 2017-01-24 21:06 - 00000000 ____D C:\ProgramData\48f6a211-18d1-0
2017-01-24 21:06 - 2017-01-24 21:06 - 00000000 ____D C:\ProgramData\48f6a211-1861-1
2017-01-24 21:06 - 2017-01-24 21:06 - 00000000 ____D C:\ProgramData\{20F84C3F-9753-FB94-0F1C-4C630F861C95}
2017-01-24 21:06 - 2017-01-24 21:06 - 00000000 ____D C:\ProgramData\{0674E02B-B1DF-5780-52CD-06F38E18EF72}
2017-01-24 15:06 - 2017-01-24 15:06 - 00003972 _____ C:\WINDOWS\System32\Tasks\{FE808FC9-492B-3862-F3D5-A654104E41DA}
2017-01-24 15:06 - 2017-01-24 15:06 - 00003972 _____ C:\WINDOWS\System32\Tasks\{18067DA9-AFAD-CA02-9C9A-97317578930F}
2017-01-24 15:06 - 2017-01-24 15:06 - 00000000 ____D C:\ProgramData\48f6a211-7b55-0
2017-01-24 15:06 - 2017-01-24 15:06 - 00000000 ____D C:\ProgramData\48f6a211-71e7-1
2017-01-24 15:06 - 2017-01-24 15:06 - 00000000 ____D C:\ProgramData\{E79A6FF2-5031-D859-A552-DA7DDA015338}
2017-01-24 15:06 - 2017-01-24 15:06 - 00000000 ____D C:\ProgramData\{59AAFBBF-EE01-4C14-EFE3-8DFFB0B4A813}
2017-01-23 17:04 - 2017-01-23 17:04 - 00002347 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-01-23 17:04 - 2017-01-23 17:04 - 00002335 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-01-23 17:03 - 2017-01-23 17:09 - 00003628 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-01-23 17:03 - 2017-01-23 17:09 - 00003504 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-01-23 17:03 - 2017-01-23 17:03 - 01065376 _____ (Google Inc.) C:\Users\Melli\Downloads\ChromeSetup (1).exe
2017-01-23 15:19 - 2017-01-23 15:19 - 00003972 _____ C:\WINDOWS\System32\Tasks\{CAB6B406-7D1D-03AD-311A-825DDC8142D7}
2017-01-23 15:19 - 2017-01-23 15:19 - 00003972 _____ C:\WINDOWS\System32\Tasks\{8529BCC1-3282-0B6A-8E18-E168A642A72C}
2017-01-23 15:19 - 2017-01-23 15:19 - 00000000 ____D C:\ProgramData\{D9002656-6EAB-91FD-CF63-34BC7EB6828B}
2017-01-23 15:19 - 2017-01-23 15:19 - 00000000 ____D C:\ProgramData\{0161CDE3-B6CA-7A48-ED3D-EBE52ACB2E37}
2017-01-23 15:18 - 2017-01-23 15:19 - 00000000 ____D C:\ProgramData\48f6a211-47f7-0
2017-01-23 15:18 - 2017-01-23 15:19 - 00000000 ____D C:\ProgramData\48f6a211-3ae3-1
2017-01-23 13:12 - 2017-01-23 13:08 - 00485032 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-01-23 13:01 - 2017-01-23 13:01 - 00003972 _____ C:\WINDOWS\System32\Tasks\{CB661BB0-7CCD-AC1B-5432-AFC40FCA0A4E}
2017-01-23 13:01 - 2017-01-23 13:01 - 00003972 _____ C:\WINDOWS\System32\Tasks\{6D13B7B2-DAB8-0019-D6F4-B3B05E852C02}
2017-01-23 13:01 - 2017-01-23 13:01 - 00000000 ____D C:\ProgramData\{E0373FAC-579C-8807-1EA6-5707BD295BFB}
2017-01-23 13:01 - 2017-01-23 13:01 - 00000000 ____D C:\ProgramData\{6A2E2DCA-DD85-9A61-C8A1-DB29CA65B0C8}
2017-01-23 13:01 - 2017-01-23 13:01 - 00000000 ____D C:\ProgramData\{66cd0c70-512c-0}
2017-01-23 13:01 - 2017-01-23 13:01 - 00000000 ____D C:\ProgramData\{64d07dc9-612c-1}
2017-01-23 13:01 - 2017-01-23 13:01 - 00000000 ____D C:\ProgramData\{33535ac2-112c-0}
2017-01-23 13:01 - 2017-01-23 13:01 - 00000000 ____D C:\ProgramData\{0bf6422b-412c-1}
2017-01-21 15:06 - 2017-01-21 15:06 - 00003972 _____ C:\WINDOWS\System32\Tasks\{B0FFCEEF-0754-7944-37E3-D26EAC37AB7D}
2017-01-21 15:06 - 2017-01-21 15:06 - 00003972 _____ C:\WINDOWS\System32\Tasks\{9810C86B-2FBB-7FC0-3DEF-5011F5ADA336}
2017-01-21 15:06 - 2017-01-21 15:06 - 00000000 ____D C:\ProgramData\48f6a211-48f5-0
2017-01-21 15:06 - 2017-01-21 15:06 - 00000000 ____D C:\ProgramData\48f6a211-03c1-1
2017-01-21 15:06 - 2017-01-21 15:06 - 00000000 ____D C:\ProgramData\{682543FF-DF8E-F454-95D8-5D13905EAAF7}
2017-01-21 15:06 - 2017-01-21 15:06 - 00000000 ____D C:\ProgramData\{24CE4055-9365-F7FE-019C-ECAE350D0B80}
2017-01-17 17:59 - 2017-01-23 13:01 - 00000000 ____D C:\ProgramData\{421348e2-012c-1}
2017-01-17 17:59 - 2017-01-23 13:01 - 00000000 ____D C:\ProgramData\{251b1a31-512c-0}
2017-01-17 17:59 - 2017-01-17 17:59 - 00003972 _____ C:\WINDOWS\System32\Tasks\{FF479D5A-48EC-2AF1-DB72-0F0588A003A0}
2017-01-17 17:59 - 2017-01-17 17:59 - 00003972 _____ C:\WINDOWS\System32\Tasks\{EADAD293-5D71-6538-F37C-40EB7F326117}
2017-01-17 17:59 - 2017-01-17 17:59 - 00003972 _____ C:\WINDOWS\System32\Tasks\{C8DAED5C-7F71-5AF7-6AC6-39900CB94DE0}
2017-01-17 17:59 - 2017-01-17 17:59 - 00003972 _____ C:\WINDOWS\System32\Tasks\{B0552A73-07FE-9DD8-3455-7DDAABD0CBFC}
2017-01-17 17:59 - 2017-01-17 17:59 - 00003972 _____ C:\WINDOWS\System32\Tasks\{183EC251-AF95-75FA-E064-9FB267E18B8C}
2017-01-17 17:59 - 2017-01-17 17:59 - 00003972 _____ C:\WINDOWS\System32\Tasks\{06DBF5B1-B170-421A-F079-F7369AF01B36}
2017-01-17 17:59 - 2017-01-17 17:59 - 00000000 ____D C:\ProgramData\{F16D16C0-46C6-A16B-9321-025151356DDF}
2017-01-17 17:59 - 2017-01-17 17:59 - 00000000 ____D C:\ProgramData\{D8D6C3DF-6F7D-7474-AD15-F032E08564C6}
2017-01-17 17:59 - 2017-01-17 17:59 - 00000000 ____D C:\ProgramData\{6B90CD55-DC3B-7AFE-6F9D-56B6E77FA85B}
2017-01-17 17:59 - 2017-01-17 17:59 - 00000000 ____D C:\ProgramData\{46CAEE9E-F161-5935-4119-D0A11C1D9B1D}
2017-01-17 17:59 - 2017-01-17 17:59 - 00000000 ____D C:\ProgramData\{426AB606-F5C1-01AD-D1B7-41A561505EE8}
2017-01-17 17:59 - 2017-01-17 17:59 - 00000000 ____D C:\ProgramData\{2F7FBBA9-98D4-0C02-B353-AEB8D3192D17}
2017-01-12 10:50 - 2016-12-21 08:43 - 04130440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-01-12 10:50 - 2016-12-21 08:43 - 01454504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2017-01-12 10:50 - 2016-12-21 08:42 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-01-12 10:50 - 2016-12-21 08:42 - 01702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-01-12 10:50 - 2016-12-21 08:42 - 01300600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-01-12 10:50 - 2016-12-21 08:06 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-01-12 10:50 - 2016-12-21 07:53 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-01-12 10:50 - 2016-12-21 07:51 - 05611008 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-01-12 10:50 - 2016-12-21 05:22 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-01-12 10:50 - 2016-12-14 06:41 - 01235296 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-01-12 10:50 - 2016-12-14 05:38 - 17188864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-01-12 10:50 - 2016-12-14 05:23 - 03134976 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2017-01-12 10:49 - 2016-12-21 09:08 - 00245600 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2017-01-12 10:49 - 2016-12-21 09:08 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2017-01-12 10:49 - 2016-12-21 08:49 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2017-01-12 10:49 - 2016-12-21 08:46 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-01-12 10:49 - 2016-12-21 08:43 - 01071736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-01-12 10:49 - 2016-12-21 08:43 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-01-12 10:49 - 2016-12-21 08:42 - 22224480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-01-12 10:49 - 2016-12-21 08:41 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-01-12 10:49 - 2016-12-21 08:15 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-01-12 10:49 - 2016-12-21 08:14 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2017-01-12 10:49 - 2016-12-21 08:09 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneBackupHandler.dll
2017-01-12 10:49 - 2016-12-21 08:09 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2017-01-12 10:49 - 2016-12-21 08:08 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-01-12 10:49 - 2016-12-21 08:08 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2017-01-12 10:49 - 2016-12-21 08:08 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-01-12 10:49 - 2016-12-21 08:08 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-01-12 10:49 - 2016-12-21 08:07 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-01-12 10:49 - 2016-12-21 08:06 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2017-01-12 10:49 - 2016-12-21 08:06 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-01-12 10:49 - 2016-12-21 08:06 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-01-12 10:49 - 2016-12-21 08:05 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-01-12 10:49 - 2016-12-21 08:05 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2017-01-12 10:49 - 2016-12-21 08:05 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2017-01-12 10:49 - 2016-12-21 08:01 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-01-12 10:49 - 2016-12-21 08:00 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
2017-01-12 10:49 - 2016-12-21 07:59 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-01-12 10:49 - 2016-12-21 07:59 - 00883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2017-01-12 10:49 - 2016-12-21 07:58 - 23678464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-01-12 10:49 - 2016-12-21 07:57 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhsettingsprovider.dll
2017-01-12 10:49 - 2016-12-21 07:56 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2017-01-12 10:49 - 2016-12-21 07:56 - 00936960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2017-01-12 10:49 - 2016-12-21 07:55 - 08129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-01-12 10:49 - 2016-12-21 07:55 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-01-12 10:49 - 2016-12-21 07:54 - 05511680 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2017-01-12 10:49 - 2016-12-21 07:53 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-01-12 10:49 - 2016-12-21 07:51 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-01-12 10:49 - 2016-12-21 07:50 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-01-12 10:49 - 2016-12-21 07:49 - 04149248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-01-12 10:49 - 2016-12-21 07:49 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-01-12 10:49 - 2016-12-21 07:49 - 01062912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-01-12 10:49 - 2016-12-21 07:47 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-01-12 10:49 - 2016-12-21 06:59 - 00218976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2017-01-12 10:49 - 2016-12-21 06:09 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2017-01-12 10:49 - 2016-12-21 06:02 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-01-12 10:49 - 2016-12-21 06:02 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-01-12 10:49 - 2016-12-21 06:02 - 01360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2017-01-12 10:49 - 2016-12-21 06:02 - 01277344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-01-12 10:49 - 2016-12-21 06:02 - 01201872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-01-12 10:49 - 2016-12-21 06:02 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-01-12 10:49 - 2016-12-21 06:01 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-01-12 10:49 - 2016-12-21 05:46 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2017-01-12 10:49 - 2016-12-21 05:43 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-01-12 10:49 - 2016-12-21 05:41 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2017-01-12 10:49 - 2016-12-21 05:41 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-01-12 10:49 - 2016-12-21 05:40 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-01-12 10:49 - 2016-12-21 05:40 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2017-01-12 10:49 - 2016-12-21 05:40 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
2017-01-12 10:49 - 2016-12-21 05:40 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-01-12 10:49 - 2016-12-21 05:39 - 01300480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-01-12 10:49 - 2016-12-21 05:39 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-01-12 10:49 - 2016-12-21 05:38 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2017-01-12 10:49 - 2016-12-21 05:35 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-01-12 10:49 - 2016-12-21 05:35 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2017-01-12 10:49 - 2016-12-21 05:34 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-01-12 10:49 - 2016-12-21 05:33 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-01-12 10:49 - 2016-12-21 05:32 - 19417600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-01-12 10:49 - 2016-12-21 05:30 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2017-01-12 10:49 - 2016-12-21 05:30 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-01-12 10:49 - 2016-12-21 05:27 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2017-01-12 10:49 - 2016-12-21 05:26 - 01155072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2017-01-12 10:49 - 2016-12-21 05:25 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-01-12 10:49 - 2016-12-21 05:25 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-01-12 10:49 - 2016-12-21 05:24 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-01-12 10:49 - 2016-12-14 06:41 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-01-12 10:49 - 2016-12-14 06:34 - 02482280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2017-01-12 10:49 - 2016-12-14 06:33 - 01356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2017-01-12 10:49 - 2016-12-14 06:23 - 00404832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-01-12 10:49 - 2016-12-14 06:21 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2017-01-12 10:49 - 2016-12-14 06:19 - 00584544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-01-12 10:49 - 2016-12-14 06:18 - 00715104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-01-12 10:49 - 2016-12-14 06:17 - 00319288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2017-01-12 10:49 - 2016-12-14 06:14 - 01694712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-01-12 10:49 - 2016-12-14 06:14 - 00418952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2017-01-12 10:49 - 2016-12-14 06:14 - 00089416 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2017-01-12 10:49 - 2016-12-14 06:01 - 01557808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-01-12 10:49 - 2016-12-14 06:01 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2017-01-12 10:49 - 2016-12-14 06:01 - 00076984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2017-01-12 10:49 - 2016-12-14 05:48 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-01-12 10:49 - 2016-12-14 05:46 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-01-12 10:49 - 2016-12-14 05:46 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-01-12 10:49 - 2016-12-14 05:43 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-01-12 10:49 - 2016-12-14 05:42 - 00352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2017-01-12 10:49 - 2016-12-14 05:42 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2017-01-12 10:49 - 2016-12-14 05:42 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-12 10:49 - 2016-12-14 05:42 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2017-01-12 10:49 - 2016-12-14 05:41 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-01-12 10:49 - 2016-12-14 05:40 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-01-12 10:49 - 2016-12-14 05:40 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-01-12 10:49 - 2016-12-14 05:40 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-01-12 10:49 - 2016-12-14 05:39 - 00837632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-01-12 10:49 - 2016-12-14 05:39 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-01-12 10:49 - 2016-12-14 05:39 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.CredDialogController.dll
2017-01-12 10:49 - 2016-12-14 05:38 - 13869056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-01-12 10:49 - 2016-12-14 05:38 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-01-12 10:49 - 2016-12-14 05:38 - 00213504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.CredDialogController.dll
2017-01-12 10:49 - 2016-12-14 05:37 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-01-12 10:49 - 2016-12-14 05:36 - 01002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-01-12 10:49 - 2016-12-14 05:36 - 00539648 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-01-12 10:49 - 2016-12-14 05:36 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-01-12 10:49 - 2016-12-14 05:35 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-01-12 10:49 - 2016-12-14 05:35 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-01-12 10:49 - 2016-12-14 05:35 - 00600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
2017-01-12 10:49 - 2016-12-14 05:35 - 00553984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptui.dll
2017-01-12 10:49 - 2016-12-14 05:32 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2017-01-12 10:49 - 2016-12-14 05:26 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-01-12 10:49 - 2016-12-14 05:26 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-01-12 10:49 - 2016-12-14 05:25 - 02009600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2017-01-12 10:49 - 2016-12-14 05:24 - 01005568 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2017-01-12 10:49 - 2016-12-14 05:24 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-01-12 10:49 - 2016-12-14 05:23 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-01-12 10:49 - 2016-12-14 05:22 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2017-01-12 10:49 - 2016-12-14 05:22 - 02317824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-01-12 10:49 - 2016-12-14 05:22 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-01-12 10:49 - 2016-12-14 05:22 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-01-12 10:49 - 2016-12-14 05:21 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-01-12 10:48 - 2016-12-21 09:04 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-01-12 10:48 - 2016-12-21 08:42 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-01-12 10:48 - 2016-12-21 08:37 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-01-12 10:48 - 2016-12-21 08:13 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2017-01-12 10:48 - 2016-12-21 08:12 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2017-01-12 10:48 - 2016-12-21 08:10 - 00234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2017-01-12 10:48 - 2016-12-21 08:08 - 01292288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-01-12 10:48 - 2016-12-21 08:08 - 00349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-01-12 10:48 - 2016-12-21 07:53 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-01-12 10:48 - 2016-12-21 07:51 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-01-12 10:48 - 2016-12-21 05:24 - 05061120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-01-12 10:48 - 2016-12-21 05:24 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-01-12 10:48 - 2016-12-21 05:24 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-01-12 10:48 - 2016-12-21 05:22 - 00860672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-01-12 10:48 - 2016-12-14 06:18 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2017-01-12 10:48 - 2016-12-14 06:08 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-01-12 10:48 - 2016-12-14 06:06 - 00509792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-01-12 10:48 - 2016-12-14 05:45 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2017-01-12 10:48 - 2016-12-14 05:40 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2017-01-12 10:48 - 2016-12-14 05:40 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-12 10:48 - 2016-12-14 05:32 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2017-01-12 10:48 - 2016-12-14 05:22 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-01-12 10:48 - 2016-12-14 05:22 - 00707584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-01-11 15:06 - 2017-01-11 15:06 - 00003972 _____ C:\WINDOWS\System32\Tasks\{D1383311-6693-84BA-535D-5BD0761ABE94}
2017-01-11 15:06 - 2017-01-11 15:06 - 00003972 _____ C:\WINDOWS\System32\Tasks\{C8B2F0B8-7F19-4713-9699-138B1D25F962}
2017-01-11 15:06 - 2017-01-11 15:06 - 00000000 ____D C:\ProgramData\48f6a211-7525-0
2017-01-11 15:06 - 2017-01-11 15:06 - 00000000 ____D C:\ProgramData\48f6a211-4ae3-1
2017-01-11 15:06 - 2017-01-11 15:06 - 00000000 ____D C:\ProgramData\{E042D4C0-57E9-636B-D53A-FB5737843EA3}
2017-01-11 15:06 - 2017-01-11 15:06 - 00000000 ____D C:\ProgramData\{743C0486-C397-B32D-B361-9D19EAFDF3EA}
2017-01-11 15:01 - 2017-01-17 17:59 - 00000000 ____D C:\ProgramData\{7f47397b-312c-0}
2017-01-11 15:01 - 2017-01-17 17:59 - 00000000 ____D C:\ProgramData\{6610530b-312c-1}
2017-01-11 15:01 - 2017-01-17 17:59 - 00000000 ____D C:\ProgramData\{5e1f367f-712c-1}
2017-01-11 15:01 - 2017-01-17 17:59 - 00000000 ____D C:\ProgramData\{4c317c30-512c-1}
2017-01-11 15:01 - 2017-01-17 17:59 - 00000000 ____D C:\ProgramData\{3e6206ec-712c-0}
2017-01-11 15:01 - 2017-01-17 17:59 - 00000000 ____D C:\ProgramData\{0b367ff5-012c-0}
2017-01-11 15:01 - 2017-01-11 15:01 - 00003972 _____ C:\WINDOWS\System32\Tasks\{EEC51353-596E-A4F8-404B-5A4476333711}
2017-01-11 15:01 - 2017-01-11 15:01 - 00003972 _____ C:\WINDOWS\System32\Tasks\{C46A13C6-73C1-A46D-1423-0C76773F9448}
2017-01-11 15:01 - 2017-01-11 15:01 - 00003972 _____ C:\WINDOWS\System32\Tasks\{995AB752-2EF1-00F9-97E7-5C51F082050E}
2017-01-11 15:01 - 2017-01-11 15:01 - 00003972 _____ C:\WINDOWS\System32\Tasks\{40E56021-F74E-D78A-1810-152107E0CB73}
2017-01-11 15:01 - 2017-01-11 15:01 - 00003972 _____ C:\WINDOWS\System32\Tasks\{18751D79-AFDE-AAD2-B3EC-2F63C1444386}
2017-01-11 15:01 - 2017-01-11 15:01 - 00003882 _____ C:\WINDOWS\System32\Tasks\{817398AC-51DD-4E1E-11A2-F6488E93014A}
2017-01-11 15:01 - 2017-01-11 15:01 - 00000000 ____D C:\ProgramData\48f6a211-2d21-0
2017-01-11 15:01 - 2017-01-11 15:01 - 00000000 ____D C:\ProgramData\{F653D896-41F8-6F3D-D834-3F905DDF9E7E}
2017-01-11 15:01 - 2017-01-11 15:01 - 00000000 ____D C:\ProgramData\{EB61D9F5-5CCA-6E5E-CF1A-7B7B9B7035C2}
2017-01-11 15:01 - 2017-01-11 15:01 - 00000000 ____D C:\ProgramData\{E36A5D4D-54C1-EAE6-21FE-8FAF966D9483}
2017-01-11 15:01 - 2017-01-11 15:01 - 00000000 ____D C:\ProgramData\{96FB75E2-2150-C249-A68F-BA19C1DEA2BB}
2017-01-11 15:01 - 2017-01-11 15:01 - 00000000 ____D C:\ProgramData\{0EB02E88-B91B-9923-E1D8-9801D1DF56EF}
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-01-25 20:49 - 2016-07-16 23:51 - 00463122 _____ C:\WINDOWS\system32\perfh007.dat
2017-01-25 20:49 - 2016-07-16 23:51 - 00081848 _____ C:\WINDOWS\system32\perfc007.dat
2017-01-25 20:49 - 2016-03-16 14:44 - 01384056 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-01-25 20:46 - 2016-12-05 16:44 - 00000000 ____D C:\Users\Melli
2017-01-25 20:46 - 2016-12-05 16:38 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-01-25 20:46 - 2016-03-31 14:57 - 00000000 __SHD C:\Users\Melli\IntelGraphicsProfiles
2017-01-25 20:45 - 2016-12-07 19:11 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-25 20:45 - 2016-12-05 16:30 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-01-25 20:40 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-01-25 19:43 - 2016-03-31 15:03 - 01388432 _____ C:\Users\Public\VOIP.dat
2017-01-25 14:48 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-25 14:31 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-01-25 14:31 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-01-24 18:47 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\rescache
2017-01-23 17:04 - 2016-03-31 15:02 - 00000000 ____D C:\Program Files (x86)\Google
2017-01-23 14:10 - 2016-05-26 14:22 - 00000000 ____D C:\Users\Melli\Desktop\Musik Moritz
2017-01-23 13:07 - 2016-07-16 07:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-01-18 14:08 - 2016-07-16 12:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-01-18 14:07 - 2016-03-16 15:48 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-01-18 13:46 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF
2017-01-17 19:25 - 2016-03-31 14:36 - 00000000 ____D C:\Users\Melli\AppData\Local\Packages
2017-01-17 18:01 - 2016-12-11 10:54 - 00003290 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-01-17 18:01 - 2016-03-31 14:48 - 00002394 _____ C:\Users\Melli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-01-17 18:01 - 2016-03-31 14:47 - 00000000 ___RD C:\Users\Melli\OneDrive
2017-01-17 17:58 - 2016-02-13 18:30 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-01-17 17:53 - 2016-12-05 16:29 - 00330480 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-01-12 13:27 - 2016-07-16 07:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-01-12 13:26 - 2016-07-16 12:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-01-12 13:26 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-01-12 13:26 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-01-12 13:26 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-01-12 13:26 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\Provisioning
2017-01-12 12:04 - 2016-03-31 15:32 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-01-12 12:00 - 2016-03-31 15:31 - 135657872 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-01-11 15:01 - 2016-12-18 15:32 - 00000000 ____D C:\ProgramData\{6c626518-612c-1}
2017-01-11 15:01 - 2016-12-18 15:32 - 00000000 ____D C:\ProgramData\{5be93bbd-512c-1}
2017-01-11 15:01 - 2016-12-18 15:32 - 00000000 ____D C:\ProgramData\{51686ff6-412c-0}
2017-01-11 15:01 - 2016-12-18 15:32 - 00000000 ____D C:\ProgramData\{4e9e48d7-612c-0}
2017-01-11 15:01 - 2016-04-21 16:51 - 00000000 ____D C:\ProgramData\453af114
2017-01-07 11:56 - 2016-06-04 18:12 - 00000000 ____D C:\Users\Melli\Documents\CyberLink
2017-01-07 11:56 - 2016-03-16 15:26 - 00000000 ____D C:\Users\Public\CyberLink
2017-01-07 11:56 - 2016-03-16 15:24 - 00000000 ____D C:\ProgramData\CyberLink
2017-01-07 11:56 - 2016-03-16 14:52 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-01-07 11:36 - 2016-07-16 12:47 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2017-01-07 11:36 - 2016-04-13 08:56 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2017-01-07 11:35 - 2016-12-05 10:44 - 00000000 ____D C:\Program Files\Common Files\AV
2017-01-07 11:21 - 2016-11-27 17:49 - 00000000 ____D C:\Users\Melli\AppData\LocalLow\Mozilla
2017-01-07 11:12 - 2016-08-09 17:26 - 00000000 ____D C:\ProgramData\48f6a211-0fe1-1
2017-01-07 11:12 - 2016-08-09 17:26 - 00000000 ____D C:\ProgramData\48f6a211-00c7-0
Dateien, die verschoben oder gelöscht werden sollten:
====================
C:\Users\Public\VOIP.dat
Einige Dateien in TEMP:
====================
2016-12-12 12:11 - 2016-12-12 12:11 - 0012305 _____ () C:\Users\Melli\AppData\Local\Temp\SIntf16.dll
2016-12-12 12:11 - 2016-12-12 12:11 - 0020016 _____ () C:\Users\Melli\AppData\Local\Temp\SIntf32.dll
2016-12-12 12:11 - 2016-12-12 12:11 - 0024744 _____ () C:\Users\Melli\AppData\Local\Temp\SIntfNT.dll
==================== Bamital & volsnap ======================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2017-01-24 12:42
==================== Ende von FRST.txt ============================
[/CODE] Addition.txt: Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 25-01-2017 01
durchgeführt von Melli (25-01-2017 21:04:43)
Gestartet von C:\Users\Melli\Downloads
Windows 10 Home Version 1607 (X64) (2016-12-07 18:39:12)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-3558395630-511898349-2301767398-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3558395630-511898349-2301767398-503 - Limited - Disabled)
Gast (S-1-5-21-3558395630-511898349-2301767398-501 - Limited - Disabled)
Melli (S-1-5-21-3558395630-511898349-2301767398-1001 - Administrator - Enabled) => C:\Users\Melli
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Adobe Flash Player 24 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
ALDI Bestellsoftware (HKLM-x32\...\ALDI Bestellsoftware) (Version: 5.2.2. - ORWO_Net)
Bluetooth(R) Link (HKLM\...\{3F3DCC8C-2C93-4082-A6DE-BBDC74804FA0}) (Version: 4.3.03 - Toshiba Corporation)
Canon MP550 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP550_series) (Version: - Canon Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.66.8.52 - Conexant)
ELAN Touchpad 15.8.12.5_X64_WHQL (HKLM\...\Elantech) (Version: 15.8.12.5 - ELAN Microelectronic Corp.)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 17.3.24.20160418 - Landesfinanzdirektion Thüringen)
Get Dropbox (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 1.0.8.0 - Dropbox, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Intel(R) Chipset Device Software (x32 Version: 10.1.1.7 - Intel(R) Corporation) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4214 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 2.0.0.1067 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{FD46588A-DB19-4C43-B657-EA898E280812}) (Version: 17.1.1524.1353 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{d9e230c1-06bb-4b78-a9f1-c1ddce14e6fc}) (Version: 18.11.0 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{84DB01CB-7EB7-4261-9249-99A32768D991}) (Version: 1.0.0.523 - Intel Corporation)
Manager (x32 Version: 4.0.1.25166 - 2015 pdfforge GmbH. All rights reserved) Hidden
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 16.0.7571.2109 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3558395630-511898349-2301767398-1001\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
PDF Architect 4 (HKLM-x32\...\PDF Architect 4) (Version: 4.0.34.26215 - pdfforge GmbH)
PDF Architect 4 Create Module (Version: 4.1.5.29097 - pdfforge GmbH) Hidden
PDF Architect 4 Edit Module (Version: 4.1.5.29097 - pdfforge GmbH) Hidden
PDF Architect 4 View Module (Version: 4.1.5.29097 - pdfforge GmbH) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.3.0 - pdfforge GmbH)
Security Utility (HKU\S-1-5-21-3558395630-511898349-2301767398-1001\...\Security Utility) (Version: - Securityutility)
TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 3.0.3.0 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{72EFCFA8-3923-451D-AF52-7CE9D87BC2A1}) (Version: 3.0.0.6406 - Toshiba Corporation)
TOSHIBA Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.20 - TOSHIBA)
TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{26BB68BB-CF93-4A12-BC6D-A3B6F53AC8D9}) (Version: 8.1.1.0 - Toshiba Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{B507386D-1F61-4E55-B05B-F56ACB0086B3}) (Version: 5.01.02.6400 - Toshiba Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.3.00.8003 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{55C30C5F-BDA9-459E-984D-BDD31BAA8CCF}) (Version: 3.1.2.0 - Toshiba Corporation)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 2.00.0005 - Toshiba Corporation)
TOSHIBA System Settings (HKLM\...\{B040D5C9-C9AA-430A-A44E-696656012E61}) (Version: 3.0.0.6406 - Toshiba Corporation)
Toshiba TEMPRO (HKLM-x32\...\{E4C7D9D7-19D4-4623-AF0C-EA313C466411}) (Version: 5.0.0 - Toshiba Europe GmbH)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {004E856B-B138-468D-AE5F-044FDB6AABF7} - System32\Tasks\BTSchedulerTask => C:\Program Files (x86)\TOSHIBA\Toshiba Bluetooth Device Profile Utility\TosBt_NotificationScheduler.exe [2015-07-08] (Toshiba Corporation)
Task: {0ABBC8DD-5439-43AC-9854-635993C68B38} - System32\Tasks\{61BECC28-D615-7B83-1A12-F3F9E66907AF} => C:\ProgramData\{0012C459-B7B9-73F2-17C2-8C18CA06FE50}\AA944A14-1D3F-FDBF-8E65-41C201693C18.exe [2016-12-18] () <==== ACHTUNG
Task: {14E45553-0131-4769-9A2C-6C3CE64E07E0} - System32\Tasks\{DEA6D0C3-690D-6768-CC5D-CCAA6F0AA319} => C:\ProgramData\{20F84C3F-9753-FB94-0F1C-4C630F861C95}\93E3B1FD-2448-0656-C491-9651B394DBB3.exe [2017-01-24] () <==== ACHTUNG
Task: {2B44A666-DE95-4AF6-B4A2-B2A8DE5DCA6F} - System32\Tasks\{CB661BB0-7CCD-AC1B-5432-AFC40FCA0A4E} => C:\ProgramData\{6A2E2DCA-DD85-9A61-C8A1-DB29CA65B0C8}\2BA70AB2-9C0C-BD19-2456-92B1E8A8010F.exe [2017-01-23] () <==== ACHTUNG
Task: {2E1E2BA7-5B4D-4D32-9393-39609D01C22B} - System32\Tasks\{B0552A73-07FE-9DD8-3455-7DDAABD0CBFC} => C:\ProgramData\{D8D6C3DF-6F7D-7474-AD15-F032E08564C6}\5B4DFCC0-ECE6-4B6B-C78A-A0DD6FB00A3E.exe [2017-01-17] () <==== ACHTUNG
Task: {30F2B9B1-6AD7-4C4D-944A-027FEAA2BBB6} - System32\Tasks\{C8B2F0B8-7F19-4713-9699-138B1D25F962} => C:\ProgramData\{743C0486-C397-B32D-B361-9D19EAFDF3EA}\83CF4383-3464-F428-E32B-EDD02E94BE13.exe [2017-01-11] () <==== ACHTUNG
Task: {35D0CD06-B95E-47BA-A9C9-F51F22F24E1A} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashUtil32_24_0_0_186_pepper.exe [2016-12-18] (Adobe Systems Incorporated)
Task: {421C0C7D-FF2F-4618-BCAF-17BA112EF8A9} - System32\Tasks\{18751D79-AFDE-AAD2-B3EC-2F63C1444386} => C:\ProgramData\{EB61D9F5-5CCA-6E5E-CF1A-7B7B9B7035C2}\FDAAE47A-4A01-53D1-0FD5-C2DAC6EFDD7A.exe [2017-01-11] () <==== ACHTUNG
Task: {491F696B-4D15-4DDB-AEA0-B85687A80B6B} - System32\Tasks\{EEC51353-596E-A4F8-404B-5A4476333711} => C:\ProgramData\{F653D896-41F8-6F3D-D834-3F905DDF9E7E}\1D81C99B-AA2A-7E30-1890-AF9DBEE4677A.exe [2017-01-11] () <==== ACHTUNG
Task: {4F3F906A-7199-402E-B036-7F4A2806B050} - System32\Tasks\{8529BCC1-3282-0B6A-8E18-E168A642A72C} => C:\ProgramData\{0161CDE3-B6CA-7A48-ED3D-EBE52ACB2E37}\DBE3D63C-6C48-6197-A0BF-B86F63F31402.exe [2017-01-23] () <==== ACHTUNG
Task: {58313419-BD58-434F-8B34-9D18D7FFAA14} - System32\Tasks\Toshiba\CommonNotifier => C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe [2015-11-17] (Toshiba Europe GmbH)
Task: {5BE02E80-A635-4B6C-8885-051256BC7ADF} - System32\Tasks\{EADAD293-5D71-6538-F37C-40EB7F326117} => C:\ProgramData\{46CAEE9E-F161-5935-4119-D0A11C1D9B1D}\7F5C0C0C-C8F7-BBA7-184E-5C6B6D6EE57F.exe [2017-01-17] () <==== ACHTUNG
Task: {5CDA5C7E-0629-4EFE-A97E-F3EC45EB82F5} - System32\Tasks\{10668AF7-A7CD-3D5C-9CB1-AF35A6CAF2E3} => C:\ProgramData\{34703C29-83DB-8B82-F86E-D7BDA9328C51}\4B94CB96-FC3F-7C3D-F0E1-30D00C237563.exe [2017-01-25] () <==== ACHTUNG
Task: {600F7DAE-D293-4B26-9E37-226308B10BEA} - System32\Tasks\{474B4B9A-F0E0-FC31-97AF-6F236F805ADB} => C:\ProgramData\{F64EEC7D-41E5-5BD6-3FD5-11A4003D59EF}\3A84C1A9-8D2F-7602-484E-A039946E3181.exe [2016-12-18] () <==== ACHTUNG
Task: {619EFBCF-51A0-48C5-A09D-805272032FE3} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
Task: {67299D63-2F71-4782-B9BC-6884A06A630F} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2015-05-29] ()
Task: {684F733E-F958-4F1E-9953-F5CA44A37C57} - System32\Tasks\{ADDAB964-1A71-0ECF-A1FE-D3097EC256F5} => C:\ProgramData\{BFAFC87F-0804-7FD4-0075-45004890FEFE}\DC91E7BA-6B3A-5011-B6C4-FFF35090BCF5.exe [2016-12-18] () <==== ACHTUNG
Task: {74892F59-E383-4CA5-B7CE-AA0D41067E3D} - System32\Tasks\{45B83A7A-F213-8DD1-90C7-CE5AC68EA8F6} => C:\ProgramData\{732E2D74-C485-9ADF-A261-14EE1856C113}\5CEC0069-EB47-B7C2-0801-2C2FBF1C9162.exe [2016-12-18] () <==== ACHTUNG
Task: {7864DA87-9CD7-4C92-B16D-DE979B972808} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-23] (Google Inc.)
Task: {793160BE-969C-48CC-BA35-7B049B55285A} - System32\Tasks\{D2495F22-65E2-E889-6BC5-AE08620FC339} => C:\ProgramData\{0674E02B-B1DF-5780-52CD-06F38E18EF72}\0097BE07-B73C-09AC-42EB-BB0633CBB71B.exe [2017-01-24] () <==== ACHTUNG
Task: {7F40E98B-B7EA-4228-9FB6-8051D6BEB4FA} - System32\Tasks\{817398AC-51DD-4E1E-11A2-F6488E93014A} => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\453af114\67839f4d.dll" <==== ACHTUNG
Task: {8586E4C8-F610-4428-9B0A-8A5D7221EA8B} - System32\Tasks\Security Utility Updater => C:\Users\Melli\AppData\Local\\securityutility\\securityutility\\2.1.0.2\Security Utilityupdt.exe [2016-03-31] () <==== ACHTUNG
Task: {89375875-B1A2-4515-A88E-F9BA304198EE} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
Task: {8CCE5623-69FA-4CA4-AB91-4E6184D8956B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-23] (Google Inc.)
Task: {8EED8283-C757-4498-9707-E15BB66ED97C} - System32\Tasks\{18067DA9-AFAD-CA02-9C9A-97317578930F} => C:\ProgramData\{59AAFBBF-EE01-4C14-EFE3-8DFFB0B4A813}\DC63EE02-6BC8-59A9-FB15-E28770AF761A.exe [2017-01-24] () <==== ACHTUNG
Task: {8F7C7E5F-4D43-4C43-9104-7323774C6242} - System32\Tasks\{995AB752-2EF1-00F9-97E7-5C51F082050E} => C:\ProgramData\{96FB75E2-2150-C249-A68F-BA19C1DEA2BB}\21520E6D-96F9-B9C6-CF2C-4643D6D4D8CD.exe [2017-01-11] () <==== ACHTUNG
Task: {9460956E-85E3-46AF-B4EF-E49BEBD2A919} - System32\Tasks\{F1B0C035-461B-779E-E041-B077D1AC3C8E} => C:\ProgramData\{A4D47D3F-137F-CA94-E534-2B856533BE41}\A013830B-17B8-34A0-20B8-B8F94BD644C8.exe [2016-12-18] () <==== ACHTUNG
Task: {95437E85-D792-4974-B440-74B8BC85BCF5} - System32\Tasks\{C46A13C6-73C1-A46D-1423-0C76773F9448} => C:\ProgramData\{E36A5D4D-54C1-EAE6-21FE-8FAF966D9483}\F1E93857-4642-8FFC-C78C-5C0961222103.exe [2017-01-11] () <==== ACHTUNG
Task: {964D0699-EA46-4C8B-BDD7-5EA3D889BDFA} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Melli\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {995CDE15-7C38-4C12-96FA-F913CC635560} - System32\Tasks\{06DBF5B1-B170-421A-F079-F7369AF01B36} => C:\ProgramData\{6B90CD55-DC3B-7AFE-6F9D-56B6E77FA85B}\940BA93E-23A0-1E95-1114-9375D94849CE.exe [2017-01-17] () <==== ACHTUNG
Task: {A3B9D0A8-A55D-4BE5-B963-9D8B4BA28810} - System32\Tasks\{D1383311-6693-84BA-535D-5BD0761ABE94} => C:\ProgramData\{E042D4C0-57E9-636B-D53A-FB5737843EA3}\9AF3F354-2D58-44FF-56BE-CAE06BEED9D9.exe [2017-01-11] () <==== ACHTUNG
Task: {A4172680-E833-44BC-8A73-A01717F23458} - System32\Tasks\{C8DAED5C-7F71-5AF7-6AC6-39900CB94DE0} => C:\ProgramData\{2F7FBBA9-98D4-0C02-B353-AEB8D3192D17}\C92A3985-7E81-8E2E-95E3-E66BF9893FFA.exe [2017-01-17] () <==== ACHTUNG
Task: {ADBC0DE2-430D-4777-819C-3F10D9EE5059} - System32\Tasks\{CAB6B406-7D1D-03AD-311A-825DDC8142D7} => C:\ProgramData\{D9002656-6EAB-91FD-CF63-34BC7EB6828B}\5F07CC39-E8AC-7B92-88CB-76098FE09339.exe [2017-01-23] () <==== ACHTUNG
Task: {B092A958-BA8F-4A4C-82C4-B1B2B13F0AE1} - System32\Tasks\{FE808FC9-492B-3862-F3D5-A654104E41DA} => C:\ProgramData\{E79A6FF2-5031-D859-A552-DA7DDA015338}\D801707C-6FAA-C7D7-6B1D-54760F670D37.exe [2017-01-24] () <==== ACHTUNG
Task: {B1034846-55EE-4D1C-954F-6D14BF46F215} - System32\Tasks\{6D13B7B2-DAB8-0019-D6F4-B3B05E852C02} => C:\ProgramData\{E0373FAC-579C-8807-1EA6-5707BD295BFB}\F68D90AD-4126-2706-E6B9-C511C0F8BB33.exe [2017-01-23] () <==== ACHTUNG
Task: {B838031F-1C27-4622-B824-6F6E6EA27DB8} - System32\Tasks\{183EC251-AF95-75FA-E064-9FB267E18B8C} => C:\ProgramData\{426AB606-F5C1-01AD-D1B7-41A561505EE8}\41E4B039-F64F-0792-61A9-D73527FE90D4.exe [2017-01-17] () <==== ACHTUNG
Task: {BE64BC58-41ED-4CC0-96D8-0BE5A990AB53} - System32\Tasks\{B0FFCEEF-0754-7944-37E3-D26EAC37AB7D} => C:\ProgramData\{24CE4055-9365-F7FE-019C-ECAE350D0B80}\BDE28835-0A49-3F9E-55BC-2963CB0E7380.exe [2017-01-21] () <==== ACHTUNG
Task: {BFA70ED2-0793-464A-866B-1AB97A278994} - System32\Tasks\{B6B2FC32-0119-4B99-C585-7CAD748D4D3B} => C:\ProgramData\{12B25416-A519-E3BD-594C-A72E402DD61C}\44B06354-F31B-D4FF-A679-68ECF2071349.exe [2016-12-18] () <==== ACHTUNG
Task: {D038DA7C-F5E8-4DEB-9583-655499D66EA4} - System32\Tasks\{40E56021-F74E-D78A-1810-152107E0CB73} => C:\ProgramData\{0EB02E88-B91B-9923-E1D8-9801D1DF56EF}\72D13C30-C57A-8B9B-B420-6882757915E2.exe [2017-01-11] () <==== ACHTUNG
Task: {D316C4F3-228B-4820-B5F7-5C87EF24A7D2} - System32\Tasks\{9810C86B-2FBB-7FC0-3DEF-5011F5ADA336} => C:\ProgramData\{682543FF-DF8E-F454-95D8-5D13905EAAF7}\2198E78D-9633-5026-1495-A47B4E80B052.exe [2017-01-21] () <==== ACHTUNG
Task: {DCA5C4BF-7ECC-4294-8CC3-DC7BF36DE755} - System32\Tasks\{BA1AA638-0DB1-1193-BC04-3958DBA282AD} => C:\ProgramData\{F5B843C4-4213-F46F-EFD1-18A3D3884AA7}\32D83837-8573-8F9C-6F3E-040FAE28474A.exe <==== ACHTUNG
Task: {DD5A1A74-C964-4AFF-9B30-4E2AEA8D40C9} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2015-07-30] (TOSHIBA Corporation)
Task: {E7170484-15A7-4049-B182-EE0E6F433450} - System32\Tasks\{02E17B1C-B54A-CCB7-4AC8-5E103AF43BDE} => C:\ProgramData\{A25F479B-15F4-F030-6C0B-9BC1C0B7360A}\006F2067-B7C4-97CC-ECAE-5FCD0DFD93B1.exe [2017-01-25] () <==== ACHTUNG
Task: {E851B5DD-E48C-412B-A69C-4FDE5A36B888} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-12-29] (Microsoft Corporation)
Task: {EB092A70-683F-4067-AD1A-601B4C344F32} - System32\Tasks\{54C9F273-E362-45D8-87E4-EA2DA69A3613} => C:\ProgramData\{9007E8DD-27AC-5F76-252F-EADB756B197B}\F32426DB-448F-9170-9C4B-800F82371A16.exe [2016-12-18] () <==== ACHTUNG
Task: {EBDA6888-6D99-4160-AC2C-CF1C93DDC972} - System32\Tasks\{FF479D5A-48EC-2AF1-DB72-0F0588A003A0} => C:\ProgramData\{F16D16C0-46C6-A16B-9321-025151356DDF}\98A332B4-2F08-851F-F379-71085F83CAB3.exe [2017-01-17] () <==== ACHTUNG
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashUtil32_24_0_0_186_pepper.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-14 15:06 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-02-26 10:12 - 2015-02-26 10:12 - 00007680 _____ () C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
2016-12-14 15:06 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-08-19 01:36 - 2016-08-19 01:36 - 00410600 _____ () C:\WINDOWS\system32\igfxTray.exe
2016-12-05 16:10 - 2016-12-05 16:10 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-12 10:49 - 2016-12-21 08:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-12 10:49 - 2016-12-21 08:08 - 00693248 _____ () C:\Windows\ShellExperiences\MtcUvc.dll
2017-01-12 10:49 - 2016-12-21 07:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-12 10:48 - 2016-12-21 07:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-12 10:48 - 2016-12-21 07:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-12 10:48 - 2016-12-21 07:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-12 10:48 - 2016-12-21 07:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-12 10:48 - 2016-12-21 07:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2012-07-18 18:38 - 2012-07-18 18:38 - 00020904 _____ () C:\Program Files\TOSHIBA\System Setting\SmoothView.dll
2015-02-26 10:12 - 2015-02-26 10:12 - 00330240 _____ () C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
2017-01-23 17:04 - 2016-12-08 09:03 - 02412888 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libglesv2.dll
2017-01-23 17:04 - 2016-12-08 09:03 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libegl.dll
2016-03-31 14:45 - 2016-03-31 14:45 - 00889456 _____ () C:\Users\Melli\AppData\Local\securityutility\securityutility\2.1.0.2\Security Utilityupdt.exe
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2015-07-10 12:04 - 2015-07-10 12:02 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-3558395630-511898349-2301767398-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Melli\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{47c758ca-e009-4135-8ab5-98e8daa6cf82}.jpg
DNS Servers: 82.163.143.157 - 82.163.142.159
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
HKLM\...\StartupApproved\Run: => "SmartAudio"
HKU\S-1-5-21-3558395630-511898349-2301767398-1001\...\StartupApproved\Run: => "Security Utility"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [{FEE48EDB-238C-4377-92A2-A6BC8E2023C9}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3F3583D9-B6BC-4775-8F24-0777D9760D2A}] => C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{06417D24-1C84-4D26-A2D7-35B85CB0C265}] => C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{112A85F0-8492-495F-8EEA-1C70A2656D08}] => C:\Program Files (x86)\Spotify\Spotify.exe
FirewallRules: [{9A265003-1992-40FF-BAE3-14280A761083}] => C:\Program Files (x86)\Spotify\Spotify.exe
FirewallRules: [{029EE2F2-BDBB-49B2-9BFB-E72AE31EB606}] => C:\Program Files (x86)\Spotify\SpotifyWebHelper.exe
FirewallRules: [{0129A0E3-3318-410E-A25F-F80C9F680710}] => C:\Program Files (x86)\Spotify\SpotifyWebHelper.exe
FirewallRules: [{22F9CC10-E313-4640-AAE8-79F4684A36FF}] => C:\Program Files (x86)\Spotify\SpotifyCrashService.exe
FirewallRules: [{C60B9ED5-2F74-489E-9448-92AA92AB7202}] => C:\Program Files (x86)\Spotify\SpotifyCrashService.exe
FirewallRules: [{5436F213-85DF-48C5-8922-43EEAECCB82B}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Wiederherstellungspunkte =========================
07-01-2017 11:57:02 Removed DTS Sound.
12-01-2017 11:58:00 Windows Update
12-01-2017 11:59:42 Windows Update
24-01-2017 13:47:42 Geplanter Prüfpunkt
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (01/25/2017 08:42:29 PM) (Source: Microsoft-Windows-EFS) (EventID: 4401) (User: LAPTOP-9PNHF3HP)
Description: 7.488: Der EFS-Dienst*konnte keinen Benutzer für „Unternehmensdatenschutz“ bereitstellen. Fehlercode: 0x80070005.
Error: (01/25/2017 03:32:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: TCrdMain_Win8.exe, Version: 2.1.3.4, Zeitstempel: 0x55895a9d
Name des fehlerhaften Moduls: ntdll.dll, Version: 10.0.14393.479, Zeitstempel: 0x5825887f
Ausnahmecode: 0xc0000374
Fehleroffset: 0x00000000000f8283
ID des fehlerhaften Prozesses: 0x10cc
Startzeit der fehlerhaften Anwendung: 0x01d2761e3c5fc446
Pfad der fehlerhaften Anwendung: C:\Program Files\TOSHIBA\System Setting\TCrdMain_Win8.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\SYSTEM32\ntdll.dll
Berichtskennung: 1e5042b1-0b66-420b-be74-5c35ae11d04b
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (01/25/2017 02:45:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: TPCHSrv.exe, Version: 2.0.0.10, Zeitstempel: 0x55adeb4c
Name des fehlerhaften Moduls: TPCHSrv.exe, Version: 2.0.0.10, Zeitstempel: 0x55adeb4c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000052927
ID des fehlerhaften Prozesses: 0x2708
Startzeit der fehlerhaften Anwendung: 0x01d275bf9405d6a6
Pfad der fehlerhaften Anwendung: C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
Pfad des fehlerhaften Moduls: C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
Berichtskennung: dcc70301-d2c5-4202-9e95-3a7abb1010ac
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (01/25/2017 02:27:39 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm chrome.exe, Version 55.0.2883.87 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 148c
Startzeit: 01d2761e8db12e62
Beendigungszeit: 4294967295
Anwendungspfad: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Berichts-ID: ffde3427-e301-11e6-9be3-b46d83ffa8c4
Vollständiger Name des fehlerhaften Pakets:
Auf das fehlerhafte Paket bezogene Anwendungs-ID:
Error: (01/24/2017 04:32:08 PM) (Source: COM) (EventID: 18221) (User: NT-AUTORITÄT)
Description: Beim Herstellen der Verbindung mit dem RPCSS-Dienst wurde dem Benutzer "Nicht verfügbar\Nicht verfügbar" (SID: S-1-5-18) der Zugriff auf die COM-Serveranwendung "C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe" im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) verweigert. Wahrscheinlichste Ursache: Dem Benutzer oder der Anwendung werden aufgrund der computerweiten Zugriffslimits keine lokalen Zugriffsberechtigungen gewährt. Die Zugriffslimits können mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (01/24/2017 04:22:08 PM) (Source: COM) (EventID: 18221) (User: NT-AUTORITÄT)
Description: Beim Herstellen der Verbindung mit dem RPCSS-Dienst wurde dem Benutzer "Nicht verfügbar\Nicht verfügbar" (SID: S-1-5-18) der Zugriff auf die COM-Serveranwendung "C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe" im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) verweigert. Wahrscheinlichste Ursache: Dem Benutzer oder der Anwendung werden aufgrund der computerweiten Zugriffslimits keine lokalen Zugriffsberechtigungen gewährt. Die Zugriffslimits können mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (01/24/2017 01:47:59 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.
System Error:
Zugriff verweigert
.
Error: (01/24/2017 09:45:17 AM) (Source: Microsoft-Windows-EFS) (EventID: 4401) (User: LAPTOP-9PNHF3HP)
Description: 7.488: Der EFS-Dienst*konnte keinen Benutzer für „Unternehmensdatenschutz“ bereitstellen. Fehlercode: 0x80070005.
Error: (01/24/2017 01:00:03 AM) (Source: COM) (EventID: 18221) (User: NT-AUTORITÄT)
Description: Beim Herstellen der Verbindung mit dem RPCSS-Dienst wurde dem Benutzer "Nicht verfügbar\Nicht verfügbar" (SID: S-1-5-18) der Zugriff auf die COM-Serveranwendung "C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe" im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) verweigert. Wahrscheinlichste Ursache: Dem Benutzer oder der Anwendung werden aufgrund der computerweiten Zugriffslimits keine lokalen Zugriffsberechtigungen gewährt. Die Zugriffslimits können mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (01/23/2017 10:24:40 PM) (Source: Microsoft-Windows-EFS) (EventID: 4401) (User: LAPTOP-9PNHF3HP)
Description: 7.488: Der EFS-Dienst*konnte keinen Benutzer für „Unternehmensdatenschutz“ bereitstellen. Fehlercode: 0x80070005.
Systemfehler:
=============
Error: (01/25/2017 08:46:17 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Lokaler Dienst" (SID: S-1-5-19) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
und der APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (01/25/2017 08:46:17 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Lokaler Dienst" (SID: S-1-5-19) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
und der APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (01/25/2017 08:46:14 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
und der APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (01/25/2017 08:45:31 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 25.01.2017 um 19:51:46 unerwartet heruntergefahren.
Error: (01/25/2017 08:42:30 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Lokaler Dienst" (SID: S-1-5-19) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
und der APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (01/25/2017 08:42:30 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Lokaler Dienst" (SID: S-1-5-19) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
und der APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (01/25/2017 08:40:42 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
und der APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (01/25/2017 08:25:35 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT-AUTORITÄT)
Description: Bei der automatischen WLAN-Konfiguration wurde eine eingeschränkte Konnektivität erkannt, "Reset/Recover.adapter" wird ausgeführt.
Code: 8 0x0 0x0
Error: (01/25/2017 08:25:33 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT-AUTORITÄT)
Description: Bei der automatischen WLAN-Konfiguration wurde eine eingeschränkte Konnektivität erkannt, "Reset/Recover.adapter" wird ausgeführt.
Code: 2 0xdeaddeed 0xeeec
Error: (01/25/2017 08:25:33 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT-AUTORITÄT)
Description: Bei der automatischen WLAN-Konfiguration wurde eine eingeschränkte Konnektivität erkannt, "Reset/Recover.adapter" wird ausgeführt.
Code: 1 0xc 0x4
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Pentium(R) CPU N3700 @ 1.60GHz
Prozentuale Nutzung des RAM: 48%
Installierter physikalischer RAM: 4008.28 MB
Verfügbarer physikalischer RAM: 2045.24 MB
Summe virtueller Speicher: 5096.28 MB
Verfügbarer virtueller Speicher: 2993 MB
==================== Laufwerke ================================
Drive c: (TIH0043200A) (Fixed) (Total:921.59 GB) (Free:771.65 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 00000000)
Partition: GPT.
==================== Ende von Addition.txt ============================
|
|
25.01.2017, 21:40
| #4 |
| | Willkürlich öffnen von Tabs bei jeglichem Browser TDSSKiller 1. Teil: Code:
ATTFilter
21:17:00.0784 0x0f94 TDSS rootkit removing tool 3.1.0.12 Nov 7 2016 07:10:01
21:17:00.0785 0x0f94 UEFI system
21:17:07.0719 0x0f94 ============================================================
21:17:07.0719 0x0f94 Current date / time: 2017/01/25 21:17:07.0719
21:17:07.0736 0x0f94 SystemInfo:
21:17:07.0736 0x0f94
21:17:07.0736 0x0f94 OS Version: 10.0.14393 ServicePack: 0.0
21:17:07.0736 0x0f94 Product type: Workstation
21:17:07.0736 0x0f94 ComputerName: LAPTOP-9PNHF3HP
21:17:07.0737 0x0f94 UserName: Melli
21:17:07.0737 0x0f94 Windows directory: C:\WINDOWS
21:17:07.0737 0x0f94 System windows directory: C:\WINDOWS
21:17:07.0737 0x0f94 Running under WOW64
21:17:07.0737 0x0f94 Processor architecture: Intel x64
21:17:07.0737 0x0f94 Number of processors: 4
21:17:07.0737 0x0f94 Page size: 0x1000
21:17:07.0737 0x0f94 Boot type: Normal boot
21:17:07.0737 0x0f94 CodeIntegrityOptions = 0x00000001
21:17:07.0737 0x0f94 ============================================================
21:17:08.0291 0x0f94 KLMD registered as C:\WINDOWS\system32\drivers\86707203.sys
21:17:08.0292 0x0f94 KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 14393.693, osProperties = 0x19
21:17:09.0826 0x0f94 System UUID: {C872D38D-9AC1-B60A-58D2-B780C66F5245}
21:17:11.0015 0x0f94 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:17:11.0036 0x0f94 ============================================================
21:17:11.0036 0x0f94 \Device\Harddisk0\DR0:
21:17:11.0036 0x0f94 GPT partitions:
21:17:11.0036 0x0f94 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {472C11BE-ACB9-4CE6-BD41-046000682C9B}, Name: EFI system partition, StartLBA 0x800, BlocksNum 0x82000
21:17:11.0036 0x0f94 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {053D3AC1-9FCA-41FD-A418-680B92B7CED2}, Name: Microsoft reserved partition, StartLBA 0x82800, BlocksNum 0x8000
21:17:11.0037 0x0f94 \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {6E144EF6-F50C-465B-834E-D519A4F8BC37}, Name: Basic data partition, StartLBA 0x8A800, BlocksNum 0x7332F000
21:17:11.0037 0x0f94 \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {6F28114E-E853-4BBF-8582-D380E3955267}, Name: Basic data partition, StartLBA 0x733B9800, BlocksNum 0xE6000
21:17:11.0037 0x0f94 \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {EA2FE590-32A5-4E5F-B7E3-05DCF24C2571}, Name: Basic data partition, StartLBA 0x7349F800, BlocksNum 0x1267000
21:17:11.0037 0x0f94 MBR partitions:
21:17:11.0037 0x0f94 ============================================================
21:17:11.0059 0x0f94 C: <-> \Device\Harddisk0\DR0\Partition3
21:17:11.0059 0x0f94 ============================================================
21:17:11.0059 0x0f94 Initialize success
21:17:11.0059 0x0f94 ============================================================
21:17:21.0097 0x1288 ============================================================
21:17:21.0097 0x1288 Scan started
21:17:21.0097 0x1288 Mode: Manual;
21:17:21.0097 0x1288 ============================================================
21:17:21.0097 0x1288 KSN ping started
21:17:21.0444 0x1288 KSN ping finished: true
21:17:24.0130 0x1288 ================ Scan system memory ========================
21:17:24.0130 0x1288 System memory - ok
21:17:24.0132 0x1288 ================ Scan services =============================
21:17:24.0572 0x1288 [ A7901875F89D011C38CF52C98ACF5B29, 782141AB1DD7ACDE6EA08B5BAFDE8BADD05B81D38C18E097D6D9C46102056EB1 ] 1394ohci C:\WINDOWS\System32\drivers\1394ohci.sys
21:17:24.0580 0x1288 1394ohci - ok
21:17:24.0640 0x1288 [ EE1CCC54F75C24727A218F98FC5349DA, 0B0D26640BFA0F551B7087027E572D0BF2C5EAF50A4187C5A7D839180B7FF589 ] 3ware C:\WINDOWS\system32\drivers\3ware.sys
21:17:24.0644 0x1288 3ware - ok
21:17:24.0795 0x1288 [ 73C73E1AA0D4D727A04AAAB120B7F56A, 5D311F11022994410DF5C67914D38B1F0D813EFD181EA234750286A272D67A1A ] ACPI C:\WINDOWS\system32\drivers\ACPI.sys
21:17:24.0817 0x1288 ACPI - ok
21:17:24.0871 0x1288 [ 0935496EF9624B46B935CB35ECE1F205, A22A2A29195505A65E8626D60B00C86C23E0CABC1EB8345EA5ED523516CC21C0 ] AcpiDev C:\WINDOWS\System32\drivers\AcpiDev.sys
21:17:24.0873 0x1288 AcpiDev - ok
21:17:25.0080 0x1288 [ D6794C31F4077B71433988787BAA926E, F16365C2F195AAE94D4740E6C3DF4C0CECEC6393CAD65425DCCD28CDBA6EC51A ] acpiex C:\WINDOWS\system32\Drivers\acpiex.sys
21:17:25.0084 0x1288 acpiex - ok
21:17:25.0116 0x1288 [ FE5F656D6B35089DA39112E74EC6A85A, 5D81EE63998232A5B36DE47FE15B9D04D5BD02234CA133A2462AECA8C60A22ED ] acpipagr C:\WINDOWS\System32\drivers\acpipagr.sys
21:17:25.0118 0x1288 acpipagr - ok
21:17:25.0148 0x1288 [ 2F242941E4DFF69B883D77A16F039557, 45C388365317C720654A659A9326B2BC0E9D84929C704654985597D5D620101C ] AcpiPmi C:\WINDOWS\System32\drivers\acpipmi.sys
21:17:25.0149 0x1288 AcpiPmi - ok
21:17:25.0188 0x1288 [ C247E35A21682DA8D0DC3AF9F025FCC5, 455415EE3166B3043AD8A4DD50B688DB74242267FB555642441251EFA823E971 ] acpitime C:\WINDOWS\System32\drivers\acpitime.sys
21:17:25.0189 0x1288 acpitime - ok
21:17:25.0271 0x1288 [ 49B9DB97AFC85DCCBDACDAB2E90085B7, 2A6C2A09F74EA15044F442CCFB54A0F24F105ADB915E5C78F02F59652DC29152 ] ADP80XX C:\WINDOWS\system32\drivers\ADP80XX.SYS
21:17:25.0305 0x1288 ADP80XX - ok
21:17:25.0371 0x1288 [ 323AA1953ED9C01E23F740FA891FE064, 4CED6E3D61749316CDE28965C913E7ED462539DAAD637A29484F62AF47AD650D ] AFD C:\WINDOWS\system32\drivers\afd.sys
21:17:25.0389 0x1288 AFD - ok
21:17:25.0447 0x1288 [ 23522E5D581F7722B1B5B86737CAE39C, FB81ABD304376A1E87B65F5E1B34477B628CEDB2091C5D754DE97464B6050C5B ] ahcache C:\WINDOWS\system32\DRIVERS\ahcache.sys
21:17:25.0454 0x1288 ahcache - ok
21:17:25.0477 0x1288 [ D0905D4A945D01D4B28DB9E1BD5985F7, CF389CBCD3B99D1BAE34A42F723F1005C32213A394F691978076D3DF1727715C ] AJRouter C:\WINDOWS\System32\AJRouter.dll
21:17:25.0479 0x1288 AJRouter - ok
21:17:25.0510 0x1288 [ 8FD51B3B35707A66080D7C8CB05E792D, FE52F3DC280D208FDDC75F6E3294B8D601E0D86F9BD3DB1ACC8FC296AC74C23B ] ALG C:\WINDOWS\System32\alg.exe
21:17:25.0514 0x1288 ALG - ok
21:17:25.0553 0x1288 [ DF21E05E41E5AC3F13F304D91457649A, 7F48F2AD1DBE89A261113C76D7C23AD7D87D5599BCC31F8A558A8A10B81BF521 ] AmdK8 C:\WINDOWS\System32\drivers\amdk8.sys
21:17:25.0557 0x1288 AmdK8 - ok
21:17:25.0577 0x1288 [ 45D0AA4BB90B821DF92E8F19ABED0C5E, EA87A6E98DB3C5A88A844C04C6934E870B7004E783AA5211722115382A211B90 ] AmdPPM C:\WINDOWS\System32\drivers\amdppm.sys
21:17:25.0581 0x1288 AmdPPM - ok
21:17:25.0598 0x1288 [ 74FFBC43B4B899C9A8CA06A892F2CE73, 8D599363C7F3D373F1859BAA4D06DD0F40BE78B56BE52B74DE6EA6EF99452004 ] amdsata C:\WINDOWS\system32\drivers\amdsata.sys
21:17:25.0601 0x1288 amdsata - ok
21:17:25.0636 0x1288 [ AAB0F1D8D7E54761ABAB13AF161F1680, CF847990EFFA2828F5B1DB1A68F08A6C2C918E9612EDFFCF95C36BCABBBEA272 ] amdsbs C:\WINDOWS\system32\drivers\amdsbs.sys
21:17:25.0644 0x1288 amdsbs - ok
21:17:25.0660 0x1288 [ F91BAAC4237C40352A807000F3B716F9, F7EFA08E5067C3D419C9D21EDB880BA08883A80DDF35F8B42EC3AB293FE5E03E ] amdxata C:\WINDOWS\system32\drivers\amdxata.sys
21:17:25.0662 0x1288 amdxata - ok
21:17:25.0690 0x1288 [ BC121C099C6C659126AD2102AFDFF8CF, 42B5EE293BDD7ADCE48173A01B30D8452564B9DA225EAF25E9292FE77C0FCF3E ] AppID C:\WINDOWS\system32\drivers\appid.sys
21:17:25.0696 0x1288 AppID - ok
21:17:25.0722 0x1288 [ 74A24CF946279111D7F203B36569EC02, FD67D36804744B4FE3E20BA891852575E6C2DA6515643B2F4B4210118B0FCCDA ] AppIDSvc C:\WINDOWS\System32\appidsvc.dll
21:17:25.0727 0x1288 AppIDSvc - ok
21:17:25.0772 0x1288 [ 73FAA5517CCD1332F00192A303CF2026, 75636222BFF381A3EECA010752DF7DC1603A395B91FF7FBF92127B5CA8EFFEE5 ] Appinfo C:\WINDOWS\System32\appinfo.dll
21:17:25.0777 0x1288 Appinfo - ok
21:17:25.0792 0x1288 [ 68190E2BADF23BD782344970E5B5DE9E, 95D30EC12C7FDF5822CED8BC2F17669A6687A2FB262B4F0D15C8DCFF4E9AB33D ] applockerfltr C:\WINDOWS\system32\drivers\applockerfltr.sys
21:17:25.0793 0x1288 applockerfltr - ok
21:17:25.0851 0x1288 [ A0746EF6C5AB7A17A67BC167167499C1, 1D2154D3AFC5219293EDD508C7726E7756FB72BF04F73861C575D1FE5C553411 ] AppReadiness C:\WINDOWS\system32\AppReadiness.dll
21:17:25.0868 0x1288 AppReadiness - ok
21:17:26.0046 0x1288 [ D70B1453ADA82A92E76EAE72D936A0F6, 439DBC5818025887343D4B5B509C7D2C97ED0FFA4641A5178EA5719C50E5013F ] AppXSvc C:\WINDOWS\system32\appxdeploymentserver.dll
21:17:26.0113 0x1288 AppXSvc - ok
21:17:26.0146 0x1288 [ E6AB1F0B4C3D4E0D2A88332D76FECD03, 0D3003EB979DA4546DCDD055011E24F13E34F683F02C9801CAC564D1809F11D2 ] arcsas C:\WINDOWS\system32\drivers\arcsas.sys
21:17:26.0151 0x1288 arcsas - ok
21:17:26.0170 0x1288 [ 61C5A480C43E7E8E49C42869F49D0D3E, E610F0E4315ABA1D90AD4A1D7A68ABA2ACBB7FCA89E9D1798470365D52592D55 ] AsyncMac C:\WINDOWS\System32\drivers\asyncmac.sys
21:17:26.0172 0x1288 AsyncMac - ok
21:17:26.0228 0x1288 [ A10F989A812B57B9695F6C305907C9C6, E2B292610079AA1A10696138DE8130905A8A834B75A8DED7EBF8B6732B77A0F4 ] atapi C:\WINDOWS\system32\drivers\atapi.sys
21:17:26.0230 0x1288 atapi - ok
21:17:26.0304 0x1288 [ 2DC3D53FFA0D10EB8C911AE2DB7BF4CF, 8E0A4B5D610D487A216E70396A99ACC1BEA12C46A6681B1A39CD0FD01EDD406A ] AudioEndpointBuilder C:\WINDOWS\System32\AudioEndpointBuilder.dll
21:17:26.0315 0x1288 AudioEndpointBuilder - ok
21:17:26.0389 0x1288 [ 7B993290E7691C446C16A56A431669BA, 004551934E27E9FC1A939C9BD1DEB850A216CBED9B18CB3317920F5656D9F6BF ] Audiosrv C:\WINDOWS\System32\Audiosrv.dll
21:17:26.0418 0x1288 Audiosrv - ok
21:17:26.0485 0x1288 [ 6D90FDA2DC364B8EA1420F2F81585CC3, 10E6F23A213CFE49BE04BB7D366ADD4028D61D7114FEC67C30B5467DF6B36D4F ] AxInstSV C:\WINDOWS\System32\AxInstSV.dll
21:17:26.0489 0x1288 AxInstSV - ok
21:17:26.0558 0x1288 [ 61BAC67048CA5C1D08C48FCC8012B613, 71B2A466FC38DA1029B471FBD2541D8FE359751A7B212AE0F420DB3645916450 ] b06bdrv C:\WINDOWS\system32\drivers\bxvbda.sys
21:17:26.0574 0x1288 b06bdrv - ok
21:17:26.0594 0x1288 [ 68F72B05EBC6D1779C0D60A147C7CA0B, AA1C857BEE34865C6B901157FC22570D4CF45D950708BAD7AA333F120F2B474C ] BasicDisplay C:\WINDOWS\System32\drivers\BasicDisplay.sys
21:17:26.0596 0x1288 BasicDisplay - ok
21:17:26.0618 0x1288 [ 23156E7EDAF613D839E2839746B168D3, CAEF8F9C7D3A338BD747AC9D5BFBE730D77B911E87BCF532EBB75E1F80916AFA ] BasicRender C:\WINDOWS\System32\drivers\BasicRender.sys
21:17:26.0621 0x1288 BasicRender - ok
21:17:26.0643 0x1288 [ 3F5523DCEFE42B385659C5CB46A6B810, CA24A3DF002B19E7BDEDE9B5EB60623F299D0E78B2E4F58DCFC028D76DEFE52D ] bcmfn C:\WINDOWS\System32\drivers\bcmfn.sys
21:17:26.0644 0x1288 bcmfn - ok
21:17:26.0660 0x1288 [ 0B750A6A6D847E73CA48ADD7A0F5A393, 6A43020F23846EFB1AFA3C070465B0059E9DF60DEB16899E09559462DF30939F ] bcmfn2 C:\WINDOWS\System32\drivers\bcmfn2.sys
21:17:26.0661 0x1288 bcmfn2 - ok
21:17:26.0712 0x1288 [ 2B4D3AEAAD02954F8C191BC2D67949AD, 8237C9AD556CFAF7442FF60F78608104BC17CE3134C89D986D49C38CC60B1518 ] BDESVC C:\WINDOWS\System32\bdesvc.dll
21:17:26.0724 0x1288 BDESVC - ok
21:17:26.0759 0x1288 [ 0A508274355745EEF01C6BE3198D02C4, E2DB08AEE2368FA95FDB357BB31EA4EBF31679C3E72E109DB3D7CD1B5F7B828E ] Beep C:\WINDOWS\system32\drivers\Beep.sys
21:17:26.0760 0x1288 Beep - ok
21:17:26.0836 0x1288 [ 5125CBB61AC81168366BEB290399CB8E, B2A3095D45E2114DE2BD0E5A3AE20B3CE95EE517A35B9E1EAD05E231F38DBDCF ] BFE C:\WINDOWS\System32\bfe.dll
21:17:26.0860 0x1288 BFE - ok
21:17:27.0033 0x1288 [ D876C567AB767258036F05E4766189FD, DE8BA67325CB64495BD454B8F9DDCAE82636253844FC68B360C7E1CF5D51DD0E ] BITS C:\WINDOWS\System32\qmgr.dll
21:17:27.0067 0x1288 BITS - ok
21:17:27.0153 0x1288 [ 9CD2A4821DE379305CACB2E99AD8953A, 89D700DFC3C59ACBBADB48954A28C0EBF8D6A11A9E63837689DD891868E43188 ] bowser C:\WINDOWS\system32\DRIVERS\bowser.sys
21:17:27.0156 0x1288 bowser - ok
21:17:27.0222 0x1288 [ 2447BD15B41298622CC662249CD0F496, 013A326D2E3BF68D654BBABE2F1E5DF0FF0A153A4B95D570EE28F9BC0F5A78C3 ] BrokerInfrastructure C:\WINDOWS\System32\bisrv.dll
21:17:27.0246 0x1288 BrokerInfrastructure - ok
21:17:27.0282 0x1288 [ B3F32C630DD3F2F6A6091B89CFF13641, 7A9C53EF9AB9FF1DC392FD711B194A101DB36CA5BC799E817BEB446741089B76 ] Browser C:\WINDOWS\System32\browser.dll
21:17:27.0287 0x1288 Browser - ok
21:17:27.0311 0x1288 [ 722036C26D2C4E50EC2A2EC5FD678846, 999468038AE01F0FF6881F4B2A2CB67BC636641188E95F10729E08ADBC3CB3DE ] BthAvrcpTg C:\WINDOWS\System32\drivers\BthAvrcpTg.sys
21:17:27.0313 0x1288 BthAvrcpTg - ok
21:17:27.0357 0x1288 [ 77630A51FAF6A07922FEE835F4DED8F6, E096A9DC12885FD19575346A9693A66D0DDFF96C3155AD2040F2BF4249D1D609 ] BthEnum C:\WINDOWS\System32\drivers\BthEnum.sys
21:17:27.0361 0x1288 BthEnum - ok
21:17:27.0385 0x1288 [ C2E31BE025D46D189E38DD1EDF07837A, 656528DCAAAF485EC57EE5C3021E96736634DE3B9C39CBCD2728E055ABD4C0A5 ] BthHFEnum C:\WINDOWS\System32\drivers\bthhfenum.sys
21:17:27.0388 0x1288 BthHFEnum - ok
21:17:27.0407 0x1288 [ F7CD605FC0B0B22F3F6F247595E3A655, 1CD9140DE5415DDBEACD8667E63E5C95FD64D693B56302A0474E693E578BEAB0 ] bthhfhid C:\WINDOWS\System32\drivers\BthHFHid.sys
21:17:27.0409 0x1288 bthhfhid - ok
21:17:27.0447 0x1288 [ B157D72BDA6A6DD6E9DC6BF338CD0CF8, B2AC26AE214151E5AD93DED78256BC0295DBF0133C854E7DEE4CD776D9C9A349 ] BthHFSrv C:\WINDOWS\System32\BthHFSrv.dll
21:17:27.0457 0x1288 BthHFSrv - ok
21:17:27.0504 0x1288 [ 0AB691736D4D4029444AF62DE59CFD37, C1C22EFBF67331B87AB261BBF9813009257437BA02F728EC2DFA1A49ECC5FABF ] BthLEEnum C:\WINDOWS\system32\DRIVERS\BthLEEnum.sys
21:17:27.0513 0x1288 BthLEEnum - ok
21:17:27.0546 0x1288 [ 535DC41A33630AE4C262406F9E981C03, 599332589AA28D04189E19B87A4AE6FEEB60B40A7BC6E3B11240DA363A981C29 ] BTHMODEM C:\WINDOWS\System32\drivers\bthmodem.sys
21:17:27.0548 0x1288 BTHMODEM - ok
21:17:27.0567 0x1288 [ 224BA1CB1F3C702F0D001D2AFC9793B1, F139F6F78C716E1167E16530AE31E4A26C2A69467BCB08A9A52A101B31DF7771 ] BthPan C:\WINDOWS\System32\drivers\bthpan.sys
21:17:27.0572 0x1288 BthPan - ok
21:17:27.0654 0x1288 [ 851ED52AE3E62CD5374BD4BBFF7A9DAB, 381281CB7D8FC4026092330B06E24BC84EEF79EE3C97E21900D950D7D9AB2FC3 ] BTHPORT C:\WINDOWS\System32\drivers\BTHport.sys
21:17:27.0683 0x1288 BTHPORT - ok
21:17:27.0717 0x1288 [ 96932F631F5CB9F5D1C8F99A71568EF3, 5E4C8955A2EE9DC76B4EBC383653EB753D76D6B017E1A5DD553AC16094D7F12A ] bthserv C:\WINDOWS\system32\bthserv.dll
21:17:27.0722 0x1288 bthserv - ok
21:17:27.0761 0x1288 [ DC5955E589C55E2313D69B64E1A183F3, 06D703246D0813DE53D62885C8B7381135783673FF4BDDD5CC38FEB54901BB76 ] BTHUSB C:\WINDOWS\System32\drivers\BTHUSB.sys
21:17:27.0764 0x1288 BTHUSB - ok
21:17:27.0804 0x1288 [ 23F9EF739F685E07482116425E7879AA, 0EBDF96A49A319C0BCF6F51FB6C8C392C017E1738B950C19C91FF43E14D73143 ] buttonconverter C:\WINDOWS\System32\drivers\buttonconverter.sys
21:17:27.0806 0x1288 buttonconverter - ok
21:17:27.0838 0x1288 [ 60EB6A4CE3E21887D302350631C16F26, 4270EFA22285C1A9336CF1220761E416950D2DA9C6A40D1D8452686CD5040DAB ] CapImg C:\WINDOWS\System32\drivers\capimg.sys
21:17:27.0843 0x1288 CapImg - ok
21:17:27.0883 0x1288 [ F8FB51B9EF6372610E9B31A1D86B62FC, 7461584A8B39AC549AD7BAFFA509D4CD81EEE542808BC8EFC285863A0AE6432D ] cdfs C:\WINDOWS\system32\DRIVERS\cdfs.sys
21:17:27.0887 0x1288 cdfs - ok
21:17:27.0964 0x1288 [ 2E6612376D257F74781F2EF1F869D8C3, 908B0DECB9F098F7F11B029A03C06C67FB52E5E8BEA42033A2B579D3B3686AB8 ] CDPSvc C:\WINDOWS\System32\CDPSvc.dll
21:17:27.0977 0x1288 CDPSvc - ok
21:17:28.0016 0x1288 [ A93C9B9EBE2FDE5A536000D72CC17F7F, 9793CFAE8BE8C6B5B39A1D276577965FBB2CE131325A410B7C68BD23492ADAAF ] CDPUserSvc C:\WINDOWS\System32\CDPUserSvc.dll
21:17:28.0027 0x1288 CDPUserSvc - ok
21:17:28.0098 0x1288 [ 613D0137C269187FA298A157E3D14A18, 84BC268525F14BB27202CE242BF94D9E83BC91B50A0335908574F31B29A2F04D ] cdrom C:\WINDOWS\System32\drivers\cdrom.sys
21:17:28.0104 0x1288 cdrom - ok
21:17:28.0176 0x1288 [ C1B5EE58E759C53F9939581709DC70BB, 85095ABC9459A766832373BC3839E573E9A73C967F8427D6B7CAB972551C3191 ] CertPropSvc C:\WINDOWS\System32\certprop.dll
21:17:28.0184 0x1288 CertPropSvc - ok
21:17:28.0226 0x1288 [ 0AED948DA8D5F08B3D6F12E4E2089736, 95E538E81DDBC83492C5F3820C82C78F050B4D74ACF12D7970EC84F93581AE29 ] cht4iscsi C:\WINDOWS\system32\drivers\cht4sx64.sys
21:17:28.0237 0x1288 cht4iscsi - ok
21:17:28.0331 0x1288 [ 0002A0FDE087C1657AB31CE73077539C, 4DD6210B67E9633AB3240371590869DC833A4C986C74FC12A5D4FFFFD361848A ] cht4vbd C:\WINDOWS\System32\drivers\cht4vx64.sys
21:17:28.0394 0x1288 cht4vbd - ok
21:17:28.0432 0x1288 [ 6B4F90A287D75CCD78694F6790C911B2, 73D7C31E9F475FA3FD568FCA9A953F968729AA114F63C06F38BF5198DAD67BD8 ] circlass C:\WINDOWS\System32\drivers\circlass.sys
21:17:28.0434 0x1288 circlass - ok
21:17:28.0499 0x1288 [ B72D26074E72A757D788FB1BEF8B2F2E, 36847C5315AFB9A5EC66AD3EF2A09C24C0FAF669FDF0831F78600F4609352CB4 ] CLFS C:\WINDOWS\system32\drivers\CLFS.sys
21:17:28.0511 0x1288 CLFS - ok
21:17:28.0756 0x1288 [ ACFB2A62301C6A903FA6A97DB84E9C31, 7A3089812330B605D2F545374A1A916B6DBA188186EC88DA3348814A95C791F0 ] ClickToRunSvc C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
21:17:28.0865 0x1288 ClickToRunSvc - ok
21:17:28.0930 0x1288 [ E133CFCBFABB3CB517BE9F42FEA5887C, DA699CDD5F3CC427354540C907BD24CCA7BAC3112C53918EB611CB4EEC7611DA ] ClipSVC C:\WINDOWS\System32\ClipSVC.dll
21:17:28.0953 0x1288 ClipSVC - ok
21:17:28.0980 0x1288 [ EEC3A4A98AE1A337E3CD1483AD6F2E15, 764DA329984A95E092F5C15116DA34FA7FC27216C0862365D4BF10ADC97EC5C5 ] clreg C:\WINDOWS\System32\drivers\registry.sys
21:17:28.0983 0x1288 clreg - ok
21:17:29.0027 0x1288 [ 429623E266EF067A44E8CF148E9DFB9B, A48AA85ACC52C7AD73DB2D6148B3F9FB5EAC33C8F8C5BB6D7D0A9D84B7C08E11 ] CmBatt C:\WINDOWS\System32\drivers\CmBatt.sys
21:17:29.0029 0x1288 CmBatt - ok
21:17:29.0091 0x1288 [ 90C07EB909C42316982E753BDAA7860D, 438581FD3468FAF01D35529672201A920E8821EC80E30E59A43645DA57738F21 ] CNG C:\WINDOWS\system32\Drivers\cng.sys
21:17:29.0110 0x1288 CNG - ok
21:17:29.0135 0x1288 [ 3DB10C59405931E2C72EFB82C1AF97D1, 100B5450A70988DB1C1F8A5FDBB3553AF1A0D47B42A5AC71460DB92E26010CE6 ] cnghwassist C:\WINDOWS\system32\DRIVERS\cnghwassist.sys
21:17:29.0137 0x1288 cnghwassist - ok
21:17:29.0270 0x1288 [ E99400672BEC343AE5B2AF363A006105, 6D427D38AB98DF9C85AA0593BC4A6F59345A9089495D44BC8321E1E45ED9BCA8 ] CnxtHdAudService C:\WINDOWS\system32\drivers\CHDRT64.sys
21:17:29.0316 0x1288 CnxtHdAudService - ok
21:17:29.0395 0x1288 [ 34C935AF2A414572B412B3556586D783, 912981B88B0796576ECCD5EBE0C4728EC02D5D6A96B039447DCBA59B2583F25E ] CompositeBus C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys
21:17:29.0397 0x1288 CompositeBus - ok
21:17:29.0406 0x1288 COMSysApp - ok
21:17:29.0439 0x1288 [ 44EEEB2382F566999287E13F2067693C, 53A4A0C85EAD38030FF2078C67465E3710ECD03A08FF34E1E67B2E3E1CC70043 ] condrv C:\WINDOWS\system32\drivers\condrv.sys
21:17:29.0441 0x1288 condrv - ok
21:17:29.0511 0x1288 [ 5DE2049D5F57C1D142F36FA9CE443693, E6C2807C0B1EF90C11EB39634693B76EACE6CC675777776112835212A334F328 ] CoreMessagingRegistrar C:\WINDOWS\system32\coremessaging.dll
21:17:29.0556 0x1288 CoreMessagingRegistrar - ok
21:17:29.0651 0x1288 [ 880F4CB90764D5AE32062B38592444AE, CDC1D363FDE55BBAADBD185918B1249AA12A0670DAB7712EB68F2B61B0B8CF82 ] cphs C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
21:17:29.0662 0x1288 cphs - ok
21:17:29.0694 0x1288 [ 5F06CAC4B09250CDDDD0180A08162924, A2EB0A57225E65FC264CFC9FAD858D8B54A015CDAE3DC904B1C4E9AAB40B1F06 ] CryptSvc C:\WINDOWS\system32\cryptsvc.dll
21:17:29.0698 0x1288 CryptSvc - ok
21:17:29.0736 0x1288 [ 5FCABDE89AC62A8818C803646FCEE23E, 070B110A0D4C93086472A3E582AA0B4E0EFAB05651EE30BD06E75D113D446BAA ] CxAudMsg C:\Windows\system32\CxAudMsg64.exe
21:17:29.0744 0x1288 CxAudMsg - ok
21:17:29.0787 0x1288 [ 039B5A8CBD5C75D1C46DF15F7C74D136, A5C8A41F2D406D37E147939F2058373ED091BFCC00CA7E829F887638CD3A2F64 ] dam C:\WINDOWS\system32\drivers\dam.sys
21:17:29.0790 0x1288 dam - ok
21:17:29.0847 0x1288 [ 7BD259FC59CF9C2AE1B979564B374CC6, 299832FCE304A85080C80ABFE820A6093AC15A7C1E7C89D8C946708E955A2909 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
21:17:29.0892 0x1288 DcomLaunch - ok
21:17:29.0942 0x1288 [ AE9F09F87755C18904656CB4F59F351D, B352A43B3B68B497D87B49C302AF3F37F36D56D49878AE3785C3D43597E5DC57 ] DcpSvc C:\WINDOWS\system32\dcpsvc.dll
21:17:29.0949 0x1288 DcpSvc - ok
21:17:29.0991 0x1288 [ ABBD3EE724117242E28D31F19FBCFF03, 68EA91A969DD80A5DE28B0A8EAEB308837183713559C2C2FAEF991858C971393 ] defragsvc C:\WINDOWS\System32\defragsvc.dll
21:17:30.0009 0x1288 defragsvc - ok
21:17:30.0071 0x1288 [ DD74F18227ACC837D9856E24282D446D, 6A760E44CD897952538CDFA8895FE11263D51AAA79CFF24C01F3862E919DA478 ] DeviceAssociationService C:\WINDOWS\system32\das.dll
21:17:30.0088 0x1288 DeviceAssociationService - ok
21:17:30.0117 0x1288 [ FEA494AC3A1BAE63C1F2AF267D49F1DB, 0722FEA2481740B53EF26B1CA59166C63C157A5C708AC93DF3FBB74A27266C9C ] DeviceInstall C:\WINDOWS\system32\umpnpmgr.dll
21:17:30.0125 0x1288 DeviceInstall - ok
21:17:30.0151 0x1288 [ CDF1B1B5C5951111791C236B2696C7F8, BF6C4BA545C8827B40DB69890DB4D2B2F9C583C5E3CFBDFD370B05891141458D ] DevQueryBroker C:\WINDOWS\system32\DevQueryBroker.dll
21:17:30.0154 0x1288 DevQueryBroker - ok
21:17:30.0189 0x1288 [ 0D1D392ED2597F295956D058D33BD7C3, 2F7FE5A06D880F9E2A46C9803DD249DC40C2898C04E946D14E7EECCCC9F2B24F ] Dfsc C:\WINDOWS\system32\Drivers\dfsc.sys
21:17:30.0195 0x1288 Dfsc - ok
21:17:30.0230 0x1288 [ 9593475FBC857A05D93BFF4FA7323C2B, D2A958AF5EFDC6136A6ABB7F8D5FE1F84C967E79BEA96C5BE3661A0145DEB907 ] dg_ssudbus C:\WINDOWS\system32\DRIVERS\ssudbus.sys
21:17:30.0237 0x1288 dg_ssudbus - ok
21:17:30.0283 0x1288 [ F0D4400BA0F08610D9A551B15BF10B76, 83EB8FB272FC2DD2CC0659C2FB90AD0DAE88A88AB3951E03BCD933A25B601E10 ] Dhcp C:\WINDOWS\system32\dhcpcore.dll
21:17:30.0297 0x1288 Dhcp - ok
21:17:30.0394 0x1288 [ CA7FEDDFCF61EF15A09C54DA2C07C49F, 346EF7709BA9E6BD48592B86FA46F9D956C847EF91F4980EEAD98269D0F0EF67 ] diagnosticshub.standardcollector.service C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
21:17:30.0398 0x1288 diagnosticshub.standardcollector.service - ok
21:17:30.0516 0x1288 [ CAD14E0AD1F03397E9B1C8733D76BEF4, 0035EF35F6520B1DF0E599C8A06D4163C52576BCE0976BF729B44DECDC506627 ] DiagTrack C:\WINDOWS\system32\diagtrack.dll
21:17:30.0607 0x1288 DiagTrack - ok
21:17:30.0655 0x1288 [ 35B9D46560339A5A7F0CAC6ED702C817, F70480B01533B7029F90E2DE297E9E829660300DDE7A7D009B0AC2684E7691A7 ] disk C:\WINDOWS\system32\drivers\disk.sys
21:17:30.0659 0x1288 disk - ok
21:17:30.0745 0x1288 [ 09CF47A74BFB480B8262FCEE222004B6, F5CD0ACA04BCB95984595CC2E17BC9E92865091A0A3BCAD4B06438A1570E7696 ] DmEnrollmentSvc C:\WINDOWS\system32\Windows.Internal.Management.dll
21:17:30.0763 0x1288 DmEnrollmentSvc - ok
21:17:30.0784 0x1288 [ 815F45161A4571C2C44491564F3D5968, 32E7AE8414A178CE429C0CDFCF718E3C11C705FB3155EA5CA0EAD48AAE507B01 ] dmvsc C:\WINDOWS\System32\drivers\dmvsc.sys
21:17:30.0786 0x1288 dmvsc - ok
21:17:30.0811 0x1288 [ 6E5EE6E420FECD64DE463C5F01CBFE71, F173C56895E80AA03D70CD78B3AB659C2EEAACFF43BE3B6EF3939D6F4AD4F62D ] dmwappushservice C:\WINDOWS\system32\dmwappushsvc.dll
21:17:30.0815 0x1288 dmwappushservice - ok
21:17:30.0848 0x1288 [ 7F8A3ABF7750326E18CE953CCE262670, 5DBD159E8A455A42764FC73CF7DCAC849B5896848C5589B00BD36697804C0A3B ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
21:17:30.0858 0x1288 Dnscache - ok
21:17:30.0894 0x1288 [ 8F46B4C3F9BA19C26A26D0A11137B20B, BA0A66DBA98D77FD85A7CD2D4593F2B2A1A3B4D32BBECBCFFBEB5A54DCB0D8ED ] dot3svc C:\WINDOWS\System32\dot3svc.dll
21:17:30.0904 0x1288 dot3svc - ok
21:17:30.0931 0x1288 [ CA09EAEE92C6FDDC6B05057F11A0372D, 14DB5C186B69644AA93C445BF31CC9670204F95A47B77B6EACB19B4A316378AD ] DPS C:\WINDOWS\system32\dps.dll
21:17:30.0938 0x1288 DPS - ok
21:17:30.0972 0x1288 [ AE6BD4C879A8C849E53947C92DF3B3A0, 8C29774CB2D30D901C54AAC0C8ACE709351EE40E5C8FB9951B2A18B4A03F28B7 ] drmkaud C:\WINDOWS\system32\DRIVERS\drmkaud.sys
21:17:30.0973 0x1288 drmkaud - ok
21:17:31.0014 0x1288 [ 7433474BE77F065D2FA628671FE31A3E, 063ADDC68F48036749E6EC7B2F66284DB29F90F62E9468D16B4EF5A0FDC45E35 ] DsmSvc C:\WINDOWS\System32\DeviceSetupManager.dll
21:17:31.0022 0x1288 DsmSvc - ok
21:17:31.0055 0x1288 [ 5FCA45C24501DA7390065D3706A9FC3F, 093FD840F1502ECC6F05B9723CA523B3F15CF39A5D2B9106E1267739B3F2C52C ] DsSvc C:\WINDOWS\System32\DsSvc.dll
21:17:31.0062 0x1288 DsSvc - ok
21:17:31.0182 0x1288 [ 19F2B54EE8861D90579BD0E3AE5182F9, FDD4F091C61C8C20550C8F68375ABD7ED718A733F680F0F0367D4796C302BA14 ] DXGKrnl C:\WINDOWS\System32\drivers\dxgkrnl.sys
21:17:31.0272 0x1288 DXGKrnl - ok
21:17:31.0310 0x1288 [ 9FCE4EF7D5E274F862D9A2526B5F4779, 81D42D5475C2801C8E0C233A0BA827569D8A70590017C91C665C8B232D9BFAA9 ] EapHost C:\WINDOWS\System32\eapsvc.dll
21:17:31.0316 0x1288 EapHost - ok
21:17:31.0485 0x1288 [ 7EC6FC0266D74BD47ABB130A328B70EC, 3856790AF967AB03B1A89F97328DC4D5A6854ACDA6169681A9AFB03D7CF791F9 ] ebdrv C:\WINDOWS\system32\drivers\evbda.sys
21:17:31.0620 0x1288 ebdrv - ok
21:17:31.0669 0x1288 [ 6F8E95716C1A27FF2FE96D30B147F1C1, 9403E9FE8B13EE294CFBBD96649BBD54CF723CF5872E3E03DA4380379D677983 ] EFS C:\WINDOWS\System32\lsass.exe
21:17:31.0674 0x1288 EFS - ok
21:17:31.0698 0x1288 [ 8D74B8B5D6F7C5BC4C525BAF2B083FF1, DA5656F745B3911F96871887FDFDC40F4D9C820622A0AA27EFE4BA93662833CA ] EhStorClass C:\WINDOWS\system32\drivers\EhStorClass.sys
21:17:31.0701 0x1288 EhStorClass - ok
21:17:31.0747 0x1288 [ 2A9817B5A9260D8F60D52E36BEF10443, AC1A0203221AFAF584C71317FA07AA1B6E61BE619E918B3B1E4AD57CCED1CF03 ] EhStorTcgDrv C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys
21:17:31.0752 0x1288 EhStorTcgDrv - ok
21:17:31.0790 0x1288 [ 80A7999DE02CE678B865832E1CE78CD6, 2576EBB6E4D630A906DE724F125099E52A962B5B68B9F9BCA849A7B29D8C8689 ] embeddedmode C:\WINDOWS\System32\embeddedmodesvc.dll
21:17:31.0797 0x1288 embeddedmode - ok
21:17:31.0841 0x1288 [ 3CE2B6AECB9AF8BC159299EEC46A35CA, E933B28BB6E4D01FCCDF8FBBB134C244B28DA3ECBDFA13333F0D4C24B2551780 ] EntAppSvc C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
21:17:31.0863 0x1288 EntAppSvc - ok
21:17:31.0894 0x1288 [ 77B60DEC7DCB4233E4A69D3F52E5DB24, 3A5C905E37A93899051497C90E5BA8E1D003B56C6906CADFD2F1CDF52052D248 ] ErrDev C:\WINDOWS\System32\drivers\errdev.sys
21:17:31.0895 0x1288 ErrDev - ok
21:17:31.0952 0x1288 [ A61885BDC6BF3FCB078751DB0E659DEA, 839FB64F620FA12AC834E7E2FDFCA7F3C8917F4EBCAC9066098CBC944061BA6F ] ETD C:\WINDOWS\system32\DRIVERS\ETD.sys
21:17:31.0981 0x1288 ETD - ok
21:17:32.0036 0x1288 [ 7C217E0797442804A0D1A6B08671C285, B703F58097642C1EB436B1B987BC9188F8C7D4CFA2C5B108A9661257C3507DE1 ] ETDService C:\Program Files\Elantech\ETDService.exe
21:17:32.0042 0x1288 ETDService - ok
21:17:32.0097 0x1288 [ 546098BE6C845D943C73755FFCE2F9B7, 6BF8ED49C696FC44E370AFB2B9805C30BF53495E94E067B1B8AE1ED692A2D9EA ] ETDSMBus C:\WINDOWS\System32\drivers\ETDSMBus.sys
21:17:32.0100 0x1288 ETDSMBus - ok
21:17:32.0158 0x1288 [ F89083AB8B9F51C0031C1CBD0A9A7E35, 9EE973A25134960E62D1A6A1E34AD9B3F7690E71C1AD31A23FA2081A73438754 ] EventSystem C:\WINDOWS\system32\es.dll
21:17:32.0173 0x1288 EventSystem - ok
21:17:32.0267 0x1288 [ 8828725F79A93611CB4AB80B65DEC4F9, C208641DAD2EEBB07BAC489352CED7D6B3C7574836DD9D3158BB58089185C7C0 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
21:17:32.0300 0x1288 EvtEng - ok
21:17:32.0341 0x1288 [ FCD2C63754C2E739A8EEAD9BC63F9DDC, C57A72ABA4C0BD71F914B9C8FF965DCFF585A205498F19A4584A4BAF7674839D ] exfat C:\WINDOWS\system32\drivers\exfat.sys
21:17:32.0364 0x1288 exfat - ok
21:17:32.0410 0x1288 [ FA918EC296EB410FF02867D008D02421, 23D164A24CB0D212778FA9592A046B6BA1F3628003E04181744A1F891B5B3E5A ] fastfat C:\WINDOWS\system32\drivers\fastfat.sys
21:17:32.0423 0x1288 fastfat - ok
21:17:32.0483 0x1288 [ 77CE56471AF984800F318F3734D768C7, 72D540072374A56C2C497F0532A50705D3F0637F2C0C96B1D715F2EDFCA3AA2D ] Fax C:\WINDOWS\system32\fxssvc.exe
21:17:32.0517 0x1288 Fax - ok
21:17:32.0536 0x1288 [ 99598ECA5E41996E005D5B9D9FF1EFA2, 91345CD50EF02431B69093505C1C5F5DC6A1AA6BF192EE9392ED4D5626B60462 ] fdc C:\WINDOWS\System32\drivers\fdc.sys
21:17:32.0538 0x1288 fdc - ok
21:17:32.0575 0x1288 [ EF0DD43A4CBAB367BCA1AFBDC9971E4F, 73E161C45D63FDDE71EE2438137913724DC513860539D1E7F6BD861F5D1B33F3 ] fdPHost C:\WINDOWS\system32\fdPHost.dll
21:17:32.0578 0x1288 fdPHost - ok
21:17:32.0593 0x1288 [ 34DAC585994CD3B4E910DE11C584EF3D, A6C6A4CB5413EA61F1A54E2D3AD71A311CEA2C26218544D2D2D4A5CFEC52DE8C ] FDResPub C:\WINDOWS\system32\fdrespub.dll
21:17:32.0596 0x1288 FDResPub - ok
21:17:32.0621 0x1288 [ B68DA1FE3CA2311AFD38DD6905CA7F71, 4B395DFB1B47D2507CA4D9DC996A70D0A3BDB1A245CD6DA6C42B2A299AFCCF37 ] fhsvc C:\WINDOWS\system32\fhsvc.dll
21:17:32.0627 0x1288 fhsvc - ok
21:17:32.0655 0x1288 [ F44F666B0EACC3181544FFCF8CA0FFC7, 83F771CF9DAE1C504B30731EEC55355EA1253174252DA2192ADF1D228B3735C3 ] FileCrypt C:\WINDOWS\system32\drivers\filecrypt.sys
21:17:32.0660 0x1288 FileCrypt - ok
21:17:32.0679 0x1288 [ 78A210DDFDF2C9EC884631D2DAA573F0, 5D39C6EF4AC690A9749EEDBE2478FFF15A22877A2861EDA103C7BF1607B0C1BD ] FileInfo C:\WINDOWS\system32\drivers\fileinfo.sys
21:17:32.0683 0x1288 FileInfo - ok
21:17:32.0706 0x1288 [ 1A97DB5E701A186989F3795223C3BE39, F7982220D4DF7E104955E63CACE352394E2577DEF49506EA126127F820EB62DF ] Filetrace C:\WINDOWS\system32\drivers\filetrace.sys
21:17:32.0708 0x1288 Filetrace - ok
21:17:32.0729 0x1288 [ 46626665F0E5906E45619B4EFD6186B8, 37FDD3B8AD49FD29E54DA5567EA77F28A53498AE56348F7A2628E5E5549D638B ] flpydisk C:\WINDOWS\System32\drivers\flpydisk.sys
21:17:32.0731 0x1288 flpydisk - ok
21:17:32.0770 0x1288 [ FDA72ACA14D516D18C33AFCD0FD9260F, 6509612DEC82EA74614B5C9A7B432305A1A468C97B88BED9E141DF2929B621B1 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
21:17:32.0784 0x1288 FltMgr - ok
21:17:32.0898 0x1288 [ 49BF5C8182C3D2D6CD9F7EEDF1CFDB66, 0977EBE86B57FC370D27CA69D58122397D5D5369AF0C8DBCC492AE7AD55CBA2B ] FontCache C:\WINDOWS\system32\FntCache.dll
21:17:32.0978 0x1288 FontCache - ok
21:17:33.0058 0x1288 [ 8B52024D3A5C3A12F1C4D75D30A976C5, 982F1C783966C9A6D255AA7DBAB6D225EBE0050A36176B8DE85E8ADBFE17FDF1 ] FrameServer C:\WINDOWS\system32\FrameServer.dll
21:17:33.0091 0x1288 FrameServer - ok
21:17:33.0117 0x1288 [ D152CCBFC8251670BF0AAFE00D6BC782, 9DE82D8FC4E1DAF8FF23EE08C0B7CB5051A9224E64544D262CFA4996A41B04E1 ] FsDepends C:\WINDOWS\system32\drivers\FsDepends.sys
21:17:33.0121 0x1288 FsDepends - ok
21:17:33.0135 0x1288 [ 6D6BB5C7363CD35FA715E826F3D029EE, C214F791EB39E8B25CE57ED9D6C1D56EE1AF6021BCB380980BD42A6338A6C9F7 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:17:33.0137 0x1288 Fs_Rec - ok
21:17:33.0197 0x1288 [ 8EEC4925C03E375C4EC496E45C44139A, 06C5C7BCC28D3E435675F0759A09CAB726E971DF4BFC1DC3DCF503EABCDCCCC6 ] fvevol C:\WINDOWS\system32\DRIVERS\fvevol.sys
21:17:33.0231 0x1288 fvevol - ok
21:17:33.0275 0x1288 [ EF78034773CE506323655A868C949144, DF195BEEE6704FBCC6D2D9E1BF6723E52ED502A1459F495B7D18481E6A79B5BC ] gencounter C:\WINDOWS\System32\drivers\vmgencounter.sys
21:17:33.0276 0x1288 gencounter - ok
21:17:33.0307 0x1288 [ B55FEBC6A00DAA1FE074F020B6907516, 67071FBAC2ABA47AB71358A5F08E92E034A55343878F00137E90B3B1F7362976 ] genericusbfn C:\WINDOWS\System32\drivers\genericusbfn.sys
21:17:33.0309 0x1288 genericusbfn - ok
21:17:33.0356 0x1288 [ DDD8A8CDDC7F13EF57D1DAAE71865936, 9D472A8689F72F24D40D5B94849690F53C67849FDF6162A94EF4FB330A3DA566 ] GPIOClx0101 C:\WINDOWS\system32\Drivers\msgpioclx.sys
21:17:33.0363 0x1288 GPIOClx0101 - ok
21:17:33.0452 0x1288 [ 713A176494CEC107E663CAD6C2B27F77, 76871D8CFBA8FCD8CFF96208AE84C658EBEC60270D978898B90EE9451AA1BCE1 ] gpsvc C:\WINDOWS\System32\gpsvc.dll
21:17:33.0520 0x1288 gpsvc - ok
21:17:33.0537 0x1288 [ 7ACD8F69B5D6EC97E6D2C006E19BED88, FC69214C9308EA64B88EF4C3C95800586DDBB44C8540846B79A161BAD8203B6E ] GpuEnergyDrv C:\WINDOWS\system32\drivers\gpuenergydrv.sys
21:17:33.0539 0x1288 GpuEnergyDrv - ok
21:17:33.0619 0x1288 [ A8FD9222E4D72596BB37DA8BE95C0BA4, 52FC3AA9F704300041E486E57FE863218E4CDF4C8EEE05CA6B99A296EFEE5737 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:17:33.0626 0x1288 gupdate - ok
21:17:33.0637 0x1288 [ A8FD9222E4D72596BB37DA8BE95C0BA4, 52FC3AA9F704300041E486E57FE863218E4CDF4C8EEE05CA6B99A296EFEE5737 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:17:33.0642 0x1288 gupdatem - ok
21:17:33.0678 0x1288 [ 10E3515FE5DBA6656FA62C29342EC4A1, 2051F10F74ED712B1766EB61E87FADE25AB3D0970BABFD320600D1B0D6377F26 ] HDAudBus C:\WINDOWS\System32\drivers\HDAudBus.sys
21:17:33.0682 0x1288 HDAudBus - ok
21:17:33.0699 0x1288 [ B90D284B97CD4CA9DE7430AAAD887A56, 2F14F985C39B7801ED64590979CF2114924E9547F5B11D2B37A74DBFFDD9E7C5 ] HidBatt C:\WINDOWS\System32\drivers\HidBatt.sys
21:17:33.0701 0x1288 HidBatt - ok
21:17:33.0728 0x1288 [ B2FE11643CC6ACDEE6C247DD36018FDB, 5796613C7DBF8B2A9E860E006FF1A245B6BE7D10E3F6685AD142B48E5C237B8C ] HidBth C:\WINDOWS\System32\drivers\hidbth.sys
21:17:33.0732 0x1288 HidBth - ok
21:17:33.0760 0x1288 [ D24355488A2D4D2323518EC1AC7A6D9E, ED2176A2093726087EDDA25B86E9CDD4BA35F4E748E3A6DE0B15C4C97646B5C7 ] hidi2c C:\WINDOWS\System32\drivers\hidi2c.sys
21:17:33.0763 0x1288 hidi2c - ok
21:17:33.0785 0x1288 [ 0AF9ABBA4F3F55C6C803890D64BC3C29, D3DE6FA308F8E7CD4F16387F46AE4B2F7EC9BBA07BF87652B660A0D645710571 ] hidinterrupt C:\WINDOWS\System32\drivers\hidinterrupt.sys
21:17:33.0788 0x1288 hidinterrupt - ok
21:17:33.0813 0x1288 [ CDBCF8E9AB06D88A1E1191D32F320C5D, F76963AB7CF2BAB3A220013879AECD3976BFD851CFB66B5A69A9EA2541048861 ] HidIr C:\WINDOWS\System32\drivers\hidir.sys
21:17:33.0816 0x1288 HidIr - ok
21:17:33.0845 0x1288 [ C900FE0DD6A1E2220084B8F1C427790C, 802194EBEDA1A50EDA300078B0888AAC1F17A42E67147B7B3B9C50AD8D4E5C89 ] hidserv C:\WINDOWS\system32\hidserv.dll
21:17:33.0849 0x1288 hidserv - ok
21:17:33.0879 0x1288 [ D8536CB438CC4CCDAE047B768EED22B2, 4F666BFA3554F9ACA6B9D436BFA64474D5F30FB3E78F4E66068CCDF283D9867F ] HidUsb C:\WINDOWS\System32\drivers\hidusb.sys
21:17:33.0881 0x1288 HidUsb - ok
21:17:33.0929 0x1288 [ 0AC1BD5A28FAA371EF34859FE703E515, 1DD1C33AF8D6EBE7C36FCD051F066E4039D2B47ABAECF7C68BC3933D567930B2 ] HomeGroupListener C:\WINDOWS\system32\ListSvc.dll
21:17:33.0951 0x1288 HomeGroupListener - ok
21:17:33.0988 0x1288 [ 86161A89F16851728802590EC7C92608, 3A3B05BB4E115410D27063B30C0EF3F18295F542050F329F1E466C81A9E23A46 ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll
21:17:34.0006 0x1288 HomeGroupProvider - ok
21:17:34.0032 0x1288 [ F5CA18197B4646E04DB9EB2D6642CC4D, 5BA3342DDF1BCB67E4156169FE9A33E7BC2641C729E9F1A80C0E80953C6AB114 ] HpSAMD C:\WINDOWS\system32\drivers\HpSAMD.sys
21:17:34.0036 0x1288 HpSAMD - ok
21:17:34.0120 0x1288 [ A10C7C1E69FC90620C7BF2E51302A01F, D725AEAE38255CED73F4922A10F226215528706580B06D01C228488F93AC0397 ] HTTP C:\WINDOWS\system32\drivers\HTTP.sys
21:17:34.0163 0x1288 HTTP - ok
21:17:34.0191 0x1288 [ 0C84C250F80EAEC2C9768464CC1A9626, 212E1003B78F9B98FEB084FD1FDB59B26A9DE4C9120F24D4361FBBF0F3C035E7 ] HvHost C:\WINDOWS\System32\hvhostsvc.dll
21:17:34.0195 0x1288 HvHost - ok
21:17:34.0231 0x1288 [ 74FC79C52395B10FFD0B55CF22CF88FC, 94D977DA2092EE8C2A598AC48758A84BB22CB6378BD114C2D3B4172A07A9CACC ] hvservice C:\WINDOWS\system32\drivers\hvservice.sys
21:17:34.0235 0x1288 hvservice - ok
21:17:34.0254 0x1288 [ 771EDDA9830A3079F996F34D681FB6E5, F452AD656872A1C8B2D6DCE232CE01EBD456C46F4934A7601E78470F2A2CBF38 ] hwpolicy C:\WINDOWS\system32\drivers\hwpolicy.sys
21:17:34.0256 0x1288 hwpolicy - ok
21:17:34.0282 0x1288 [ 3B9F315E7FA72CC25228EB097DD9C694, B26F1E494428EF197A0C97645C05BB3CA093827A005D35C987F1D6778BC4E52C ] hyperkbd C:\WINDOWS\System32\drivers\hyperkbd.sys
21:17:34.0283 0x1288 hyperkbd - ok
21:17:34.0319 0x1288 [ B54B30992620C97230013A74461C8517, CAF09BDCDD6DE2A39CB8AE2C65E6F8FE12D8E93D84BBEF6C6A98F872BF54A4E3 ] i8042prt C:\WINDOWS\System32\drivers\i8042prt.sys
21:17:34.0324 0x1288 i8042prt - ok
21:17:34.0339 0x1288 [ C6B8743B213F06AA60943D8366FE968F, 758954F70B810063914B243115B2C753B2BCE40190F95C30ACBA0BF04EBD5B33 ] iagpio C:\WINDOWS\System32\drivers\iagpio.sys
21:17:34.0341 0x1288 iagpio - ok
21:17:34.0372 0x1288 [ 9A2A2F3C69B9A30B6E78536F6D258BAD, 5E28E132A7300E6F5E0C6439D6BA00F1AEF66D729FF671FDA91274A25A921463 ] iai2c C:\WINDOWS\System32\drivers\iai2c.sys
21:17:34.0376 0x1288 iai2c - ok
21:17:34.0398 0x1288 [ 5A0E850F8CD17791A3E6A3CF81D0CA28, 10A965A49D53360DD250E0758B6BB142872298A21C732EB026ACB93492C5C6CF ] iaLPSS2i_GPIO2 C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys
21:17:34.0401 0x1288 iaLPSS2i_GPIO2 - ok
21:17:34.0421 0x1288 [ 7508F1096803385D6376BFD0BD473AC4, 1F32EC23CDC94DCB9710E6663B5C3BD83568545DDC2C741CFC13550A4E4DD2BE ] iaLPSS2i_I2C C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys
21:17:34.0428 0x1288 iaLPSS2i_I2C - ok
21:17:34.0443 0x1288 [ 16A10CCEDCF5AC4CAAE43DC9FC40392F, F77696AE55B992154A3B35F7660BD73E0AB35A6ECEEC1931C0D35748CFA605C0 ] iaLPSSi_GPIO C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys
21:17:34.0446 0x1288 iaLPSSi_GPIO - ok
21:17:34.0468 0x1288 [ EB82A11613326691508D9ED9A4FE29E7, 8445E41BAB21964C7F014742795E462BDDC6C37A261990B3D6BF4E637A719547 ] iaLPSSi_I2C C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys
21:17:34.0472 0x1288 iaLPSSi_I2C - ok
21:17:34.0517 0x1288 [ 97E553D03219D3D51705C7235D9EAEBD, 5D4578C8804AF32D1DC0868E34D6538138DC15F9568CA7E21051B1C82C0D8D55 ] iaStorAV C:\WINDOWS\system32\drivers\iaStorAV.sys
21:17:34.0552 0x1288 iaStorAV - ok
21:17:34.0593 0x1288 [ 8350FE3BCDE3428BC040877BB7E9EAEB, 77F9456351CA640C6B7862907C0580627E761EC807B551976A95657EB4D6CC20 ] iaStorV C:\WINDOWS\system32\drivers\iaStorV.sys
21:17:34.0616 0x1288 iaStorV - ok
21:17:34.0653 0x1288 [ 3BA03F7C7700DDF4C383DDE9252F5817, 3E90F69D0010E7764349D9AE865D577E431FEBC67DA554B400BC808DD286E203 ] ibbus C:\WINDOWS\System32\drivers\ibbus.sys
21:17:34.0687 0x1288 ibbus - ok
21:17:34.0696 0x1288 ibtsiva - ok
21:17:34.0739 0x1288 [ EAD6C953C40FC06E8E56182D9C27C480, E1DF45FF871B0A777A37702A5EF2379164DDD646D294F4520379979B7BD23B3F ] ibtusb C:\WINDOWS\system32\DRIVERS\ibtusb.sys
21:17:34.0748 0x1288 ibtusb - ok
21:17:34.0781 0x1288 [ 937AC47F7356554DA05D9722C356EB55, 9EABC9F19B4E1193B669D2674967F5C6F03FAD348EDF0615E3F78554FF9A83CC ] icssvc C:\WINDOWS\System32\tetheringservice.dll
21:17:34.0792 0x1288 icssvc - ok
21:17:34.0848 0x1288 [ CE443384CDC5D187A48F16E8830E8A50, ACB2879DFB6E0053BD393388C378F4C3F912FEA710A14B58FCAC428A19EA855F ] igfxCUIService2.0.0.0 C:\WINDOWS\system32\igfxCUIService.exe
21:17:34.0863 0x1288 igfxCUIService2.0.0.0 - ok
21:17:35.0201 0x1288 [ 6EC540C253CF70F82118339EDA94BE50, 17D9CACCE91378B8A60D1BDCB79942B26BE9AA7C6AEC2F72962E9E7B033C3953 ] igfxLP C:\WINDOWS\system32\DRIVERS\igdkmd64lp.sys
21:17:35.0494 0x1288 igfxLP - ok
21:17:35.0617 0x1288 [ F2934208C0E50C0B971A7981AB90BED2, B936BFBBD71E731CC2CDB8B47D262F2EF09726FF921C2DA0841910CA2401423D ] IKEEXT C:\WINDOWS\System32\ikeext.dll
21:17:35.0662 0x1288 IKEEXT - ok
21:17:35.0696 0x1288 [ 2A01C96DF5802D3434634E55C91232D8, A3ABEF36E2FD2CF5C371ADBF92566A09669A1D990ABE4677370F57F2EEAF8121 ] IndirectKmd C:\WINDOWS\System32\drivers\IndirectKmd.sys
21:17:35.0698 0x1288 IndirectKmd - ok
21:17:35.0750 0x1288 [ E300D1E37B737ED14F7A08CD5604E5D9, 5C1135081E29D7F4A97D5CAA2C8FBE1DD04EC7A3D8E648E69F2AA9EBDD88EBBB ] IntcDAud C:\WINDOWS\system32\DRIVERS\IntcDAud.sys
21:17:35.0768 0x1288 IntcDAud - ok
21:17:35.0852 0x1288 [ B63CF22D1AD2ABDC39D85851B2BEAA6D, 37E9043BABB5895BFD2B59AFB60C438B992C6EAA1B5FDE5B3445314343F4C406 ] Intel(R) Capability Licensing Service TCP IP Interface C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe
21:17:35.0897 0x1288 Intel(R) Capability Licensing Service TCP IP Interface - ok
21:17:35.0943 0x1288 [ DF8DBBD8F5342C7BA598C606602B6352, FAF603820007A97898A56E62423B137E743A8A9CED0099532514E2F15BAAE334 ] Intel(R) Security Assist C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
21:17:35.0954 0x1288 Intel(R) Security Assist - ok
21:17:36.0023 0x1288 [ 9F7E87F6595D065A8A200A291043045E, 6944F72F73EADC6C9B7691F2C1C6DF1898F22C88EFA78EC0BA8CB5FFD9CE057B ] intelide C:\WINDOWS\system32\drivers\intelide.sys
21:17:36.0024 0x1288 intelide - ok
21:17:36.0050 0x1288 [ A6BD2E20AE1BC5CB2776C87C28E4F4CA, BD8BE67CED9A4982D785CE9ECBEFE868C3A2E37DF7F9592B9F9049B807A1554B ] intelpep C:\WINDOWS\system32\drivers\intelpep.sys
21:17:36.0053 0x1288 intelpep - ok
21:17:36.0076 0x1288 [ 2A48DA39542636DB0FA3BA915385D1B3, 6CA0916F5F4B1E81AE6A6233276320599BFA7C129267177703E3BB6468FB4683 ] intelppm C:\WINDOWS\System32\drivers\intelppm.sys
21:17:36.0082 0x1288 intelppm - ok
21:17:36.0125 0x1288 [ DB32758F3A7F6CCE81A5430080A2EA65, 36A26BAA884E96804F8EA0B12BB3E81BBE6D4EE704809904091445F36CAB5A29 ] iorate C:\WINDOWS\system32\drivers\iorate.sys
21:17:36.0128 0x1288 iorate - ok
21:17:36.0168 0x1288 [ FE85D0A86CA7A5A99CF8CD04DE7F80AE, 544C01FC01EE728EB5667158207E5F4418FE77A88BA318192A834722DB766F4E ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:17:36.0173 0x1288 IpFilterDriver - ok
21:17:36.0339 0x1288 [ EF1BB0EF8A12C32DD88C409706B8145E, 7AEDE717C258C29592CC8AEC40F61617E5382646E5141E1C0941882ACE5C5758 ] iphlpsvc C:\WINDOWS\System32\iphlpsvc.dll
21:17:36.0395 0x1288 iphlpsvc - ok
21:17:36.0425 0x1288 [ 450DBDD716C7911F83E05F78EE18BFA2, 43C0DA172F632131898F315A53DEDD1AE99FB0620AB32B3A5B99FEC498C9AAE5 ] IPMIDRV C:\WINDOWS\System32\drivers\IPMIDrv.sys
21:17:36.0429 0x1288 IPMIDRV - ok
21:17:36.0461 0x1288 [ F1DAECC3B3D6399875D4F10529D6A77C, 6533D2F858816BE6570C998510919FCA2904EC6EF806F61C1FD325E88133111B ] IPNAT C:\WINDOWS\system32\drivers\ipnat.sys
21:17:36.0469 0x1288 IPNAT - ok
21:17:36.0495 0x1288 [ 7475A2903BB704B446AA6309E34D3362, C94643A1626A9716015EBA7041A1224098501EB7DAA704CBFCAD3DC6F3CFC6AF ] irda C:\WINDOWS\system32\drivers\irda.sys
21:17:36.0500 0x1288 irda - ok
21:17:36.0513 0x1288 [ 9725E7F0C64CE9916A5CDABE8D6E13C3, 04AF9E48FEF208A2850DF28352E8FDCBF4018982C72C0F67EE12C048C4070116 ] IRENUM C:\WINDOWS\system32\drivers\irenum.sys
21:17:36.0515 0x1288 IRENUM - ok
21:17:36.0551 0x1288 [ 8C604213A2E73088BFFE6CD2E6F1AE53, B4C4FEE4D398A29F72EC27D5668071D7E68CD943FFFC38624DD5DF5BEBDF46D3 ] irmon C:\WINDOWS\System32\irmon.dll
21:17:36.0555 0x1288 irmon - ok
21:17:36.0576 0x1288 [ D5FE3C0671B4A73F928FBA3F76559DD8, 0F32C522F97866A0BC2C24D951E58B4F78C90598498AE262896EB1DD441BCCD0 ] isaHelperSvc C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
21:17:36.0577 0x1288 isaHelperSvc - ok
21:17:36.0599 0x1288 [ 58040898883A96160D41739C80328BBF, 7F85C91C905811416E266A263DDEFCDCB0B45376AAE51B551AB636C16577DB9F ] isapnp C:\WINDOWS\system32\drivers\isapnp.sys
21:17:36.0601 0x1288 isapnp - ok
21:17:36.0634 0x1288 [ C9FD02D62E09337B67B0C61EC8CA38CC, DC77E935ECC8474BE9018F0937CB11C137073582B20A0EE107CE247FD9E1F9C1 ] iScsiPrt C:\WINDOWS\System32\drivers\msiscsi.sys
21:17:36.0645 0x1288 iScsiPrt - ok
21:17:36.0676 0x1288 [ F1D3A377ED9BA1CA449824C41CAF104C, EA0E90D5D827664CFDB644753C6DC134C3F8F852F24175EC8328A9FA925B25BF ] iwdbus C:\WINDOWS\System32\drivers\iwdbus.sys
21:17:36.0679 0x1288 iwdbus - ok
21:17:36.0720 0x1288 [ DCEABCDB2EAF57CEDEF5FD5D017ABE1D, 49F3B46BB5F2C5626D07F8F83CF8A9409F473398EB6ED2D11A894C6D6D395A74 ] jhi_service C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe
21:17:36.0727 0x1288 jhi_service - ok
21:17:36.0783 0x1288 [ 210808437570BDDEE71A43535E3A2D30, EF5DE6EE4FF58F44CDE4D4E7F298ABBC9086EC05CC3AE4903060DA878115AC1E ] kbdclass C:\WINDOWS\System32\drivers\kbdclass.sys
21:17:36.0786 0x1288 kbdclass - ok
21:17:36.0834 0x1288 [ 0B779E9FC426CA2268D28181FA6C222F, 83292023A688C3044D096F22242EB954B7F7511BE8341D45FF0AFBD9CB9BCB4E ] kbdhid C:\WINDOWS\System32\drivers\kbdhid.sys
21:17:36.0836 0x1288 kbdhid - ok
21:17:36.0854 0x1288 [ 813BA3EB2CE038F2A5382DDD75CAD60B, 99FA444027CAC247B54317730D54AB0C4C000AE076B97E47470FDA9834594312 ] kdnic C:\WINDOWS\System32\drivers\kdnic.sys
21:17:36.0856 0x1288 kdnic - ok
21:17:36.0869 0x1288 [ 6F8E95716C1A27FF2FE96D30B147F1C1, 9403E9FE8B13EE294CFBBD96649BBD54CF723CF5872E3E03DA4380379D677983 ] KeyIso C:\WINDOWS\system32\lsass.exe
21:17:36.0874 0x1288 KeyIso - ok
21:17:36.0879 0x1288 klvssbrigde64 - ok
21:17:36.0919 0x1288 [ 705C0F8BCCEF6E7CB704CCB454192D7E, FC608C708E2C3BF7A66E57B95E19E71E5F5C87EF359D8BC1A817500B45DF9338 ] KSecDD C:\WINDOWS\system32\Drivers\ksecdd.sys
21:17:36.0925 0x1288 KSecDD - ok
21:17:36.0960 0x1288 [ 55AD13E2BAFC5AB53A10F8C271F5D242, 058BEF14DCB95574BCAB985F04737BA89483937E8D8A74F7B4CEAFB7400C2397 ] KSecPkg C:\WINDOWS\system32\Drivers\ksecpkg.sys
21:17:36.0967 0x1288 KSecPkg - ok
21:17:36.0990 0x1288 [ 4ED115CD1A1099705F56B5E0FFF97CC6, 9CC49DF2CD6AAAE405BA661D13EFC1E05111D1DE3D1E50C39C425AF1F075610B ] ksthunk C:\WINDOWS\system32\drivers\ksthunk.sys
21:17:36.0993 0x1288 ksthunk - ok
21:17:37.0032 0x1288 [ 8125BDF7ADC261F75EF0CAD92456E350, 184797AA1D58C4FF743BA60D48590B88B781EE7779205E45E0679DEC79F3E185 ] KtmRm C:\WINDOWS\system32\msdtckrm.dll
21:17:37.0048 0x1288 KtmRm - ok
21:17:37.0087 0x1288 [ 8CCAB08815B50AD78B823DB3F96C8604, 265E6D582EB7207B5CC577D61CB7BC3646F613047F168CD69BB776C37780EBF5 ] LanmanServer C:\WINDOWS\system32\srvsvc.dll
21:17:37.0102 0x1288 LanmanServer - ok
21:17:37.0150 0x1288 [ 33DBBCF71F68EA97D9FD34E4C9AB5AC6, 104F04A1560E75EB224A3825707CE51E8798ABD764F5CC3B854FFFC93A39AF60 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
21:17:37.0166 0x1288 LanmanWorkstation - ok
21:17:37.0210 0x1288 [ F8EBAA1FE6D3BF84752931DE1BFA0E2A, 2F3C512712BA709BBBBD779D9E792DBE324876C402CDCEF0345B8B7ABE1D232A ] lfsvc C:\WINDOWS\System32\lfsvc.dll
21:17:37.0214 0x1288 lfsvc - ok
21:17:37.0271 0x1288 [ 5A23E4BE0CCF49663C4CF7EB74C20278, 9DF91014B13B7CED1C3D409F90858FD03EFC5C4347C98901B4DF0AFF2B77845D ] LicenseManager C:\WINDOWS\system32\LicenseManagerSvc.dll
21:17:37.0275 0x1288 LicenseManager - ok
21:17:37.0306 0x1288 [ 5933A6673F00D8255C52957E40C2D601, 0AA1281F8B3F97E360592D1B35EE7D3D614F1AB46007F9884CFFB1C5E647575E ] lltdio C:\WINDOWS\system32\drivers\lltdio.sys
21:17:37.0309 0x1288 lltdio - ok
21:17:37.0355 0x1288 [ 88A3C935725FA6EA1A228DCC26CF9C6F, 9B1F70644EEFA1EE7CE151A8A970430087339B7A6345F2E0252370929D4AFAC6 ] lltdsvc C:\WINDOWS\System32\lltdsvc.dll
21:17:37.0367 0x1288 lltdsvc - ok
21:17:37.0401 0x1288 [ 3F858E28AEE6545FA1B64134DFD5C2CE, FFD7B4FB0A7B61BC6B76A172134673842F2CF00E96FA3ED4A8273DC525B6BB92 ] lmhosts C:\WINDOWS\System32\lmhsvc.dll
21:17:37.0405 0x1288 lmhosts - ok
21:17:37.0450 0x1288 [ 8E1B0946948CCC0BC1FA3CB70374A795, 0B894C129A35E223FF9594725AC90916CBD597FAD2211A18FC2AE03EA8679597 ] LSI_SAS C:\WINDOWS\system32\drivers\lsi_sas.sys
21:17:37.0454 0x1288 LSI_SAS - ok
21:17:37.0487 0x1288 [ 4F68163FC04C973500DC4DA0946917B0, DF060C29109EB3978CEDFE781999B0C4C1E8C0FDB133428058D8400C53315EEC ] LSI_SAS2i C:\WINDOWS\system32\drivers\lsi_sas2i.sys
21:17:37.0491 0x1288 LSI_SAS2i - ok
21:17:37.0538 0x1288 [ E5AC5F2815938651CDCC27F425474673, 3AF0598982153C36A766506FA088F7B84333CC96FEBB050402547AFC613AF9F7 ] LSI_SAS3i C:\WINDOWS\system32\drivers\lsi_sas3i.sys
21:17:37.0543 0x1288 LSI_SAS3i - ok
21:17:37.0578 0x1288 [ CCF6EC9FB9B8F18E05B4253E81013E48, EBE8D77FEE8B99BD8C29702404774D554673C96DF3FDF3DCEA9C99E22C2709FC ] LSI_SSS C:\WINDOWS\system32\drivers\lsi_sss.sys
21:17:37.0582 0x1288 LSI_SSS - ok
21:17:37.0654 0x1288 [ D5EFC0BAEC21EDE6FE03D377D403B421, 41BE71AF7C896FD4C51EF7E3871AAB769164DFB8050DA43E48C7A100711414B4 ] LSM C:\WINDOWS\System32\lsm.dll
21:17:37.0689 0x1288 LSM - ok
21:17:37.0716 0x1288 [ C9579D32219E5B936AC3A48D470117EC, E61A77191B6BA25D29B1221FEBBE826BBC11F825C0E35A72B4CEFFF8B7FE59A8 ] luafv C:\WINDOWS\system32\drivers\luafv.sys
21:17:37.0722 0x1288 luafv - ok
21:17:37.0768 0x1288 [ CAAF0CD70FEE7C5110B1E62804E41B17, 48482A6C8D2296C4DC613304637C8DBB7DD1DB39326F27650EBCA6FD2793BCFD ] MapsBroker C:\WINDOWS\System32\moshost.dll
21:17:37.0774 0x1288 MapsBroker - ok
21:17:37.0807 0x1288 [ C3CDCCF07486BD2616A7B82946E07AC0, 1EF95DAB2DA856BC7D7573B2EB2D9006DF337F827F0B56A161D0C97F45DB755E ] megasas C:\WINDOWS\system32\drivers\megasas.sys
21:17:37.0810 0x1288 megasas - ok
21:17:37.0841 0x1288 [ 2CF0CB2A0ED68C5455371E84C16F9627, 1C9166B52140145F1968E83E52BFF041250811B23C770FE181A18A4BA060CA81 ] megasas2i C:\WINDOWS\system32\drivers\MegaSas2i.sys
21:17:37.0844 0x1288 megasas2i - ok
21:17:37.0883 0x1288 [ FADB2FE017E69EECE0E1BA78661C2E8C, BE99B49031D8B4B670B6F6B6E829E54406779CF6F1D8AFE8AB79A73E6764AB2F ] megasr C:\WINDOWS\system32\drivers\megasr.sys
21:17:37.0918 0x1288 megasr - ok
21:17:37.0952 0x1288 [ 55A417C3E41F2A98666CF929EC19108E, A38C262B2863C87E4151525BF26D6AC16E7982D370E2C6998EB15C88C4BC8254 ] MessagingService C:\WINDOWS\System32\MessagingService.dll
21:17:37.0957 0x1288 MessagingService - ok
21:17:38.0035 0x1288 [ FD60818B66B2E8A5415EA840E99A9D8F, 5D2F22909354534B821D958FBEF6A40EB4F642F53C7B509D00949096EF716F36 ] mlx4_bus C:\WINDOWS\System32\drivers\mlx4_bus.sys
21:17:38.0069 0x1288 mlx4_bus - ok
21:17:38.0101 0x1288 [ 68F6977F1CFBAAC770D940A8C0326FA1, 90EE1E7DAC680EAA5AD50E9B0B9FD8FCE8DD6A02D5EF941B5AA5084CBD40BB80 ] MMCSS C:\WINDOWS\system32\drivers\mmcss.sys
21:17:38.0103 0x1288 MMCSS - ok
21:17:38.0148 0x1288 [ 0D50B3F3AB32D416786B58D4553859CE, 9DA4D7A30982E8B31C45BDB721AEF5240EAD9DA6839CF34FDDBCF123BF104F2C ] Modem C:\WINDOWS\system32\drivers\modem.sys
21:17:38.0150 0x1288 Modem - ok
21:17:38.0165 0x1288 [ 9CCCB7FC3EDADEBA461D78615A6011A6, C120B58F25E8CCFD971EB78645C0682F367AD56DC15F2D8C1980CE75B04719DF ] monitor C:\WINDOWS\System32\drivers\monitor.sys
21:17:38.0167 0x1288 monitor - ok
21:17:38.0197 0x1288 [ 27A07B2FB2E3057DA8DAEA4F25D843C7, 09D2B39E6B9AAEC879E5871DD6BCFF2AEF0B894F3B44649665A685F8B3CA6F27 ] mouclass C:\WINDOWS\System32\drivers\mouclass.sys
21:17:38.0200 0x1288 mouclass - ok
21:17:38.0221 0x1288 [ 7BD6E7F7C9001AB21B8362CFFEE80B25, C470C3363EEF3A60409A5934988BFB9B72AE7C2BB63CC2C2D006D7EB1C797F6A ] mouhid C:\WINDOWS\System32\drivers\mouhid.sys
21:17:38.0223 0x1288 mouhid - ok
21:17:38.0243 0x1288 [ F5BDAEE4B7D369D4C74668DCFBA3FF10, 100F39288E56AFE0D39D1CC235BDC9F3727C873CD3114E092DA7A08810BD3EB2 ] mountmgr C:\WINDOWS\system32\drivers\mountmgr.sys
21:17:38.0248 0x1288 mountmgr - ok
21:17:38.0263 0x1288 [ 30844BD376F9D01E62C820BEF446F1F8, 910D672EDB544A20AEB4450B4D89830F46EDD28CE0021156176315C5D068A1B4 ] mpsdrv C:\WINDOWS\system32\drivers\mpsdrv.sys
21:17:38.0267 0x1288 mpsdrv - ok
21:17:38.0326 0x1288 [ 779CFDB17EA07A6D26FEBBAC95B65772, 74D9542E8DCCD07396A45A45D2F500AA6F9DCC1DB785A6153EB3067E42F576A4 ] MpsSvc C:\WINDOWS\system32\mpssvc.dll
21:17:38.0372 0x1288 MpsSvc - ok
21:17:38.0415 0x1288 [ 25D32BE04FE0A23FDF57FD5382757672, 64E39E3E21D9173FB1116B989D80C244C49DA827698A05AF5CC5CD1C6AE155DE ] MRxDAV C:\WINDOWS\system32\drivers\mrxdav.sys
21:17:38.0420 0x1288 MRxDAV - ok
21:17:38.0476 0x1288 [ E671EDAB0726E05ECEF4058B4CD73C4D, 9F4C50E635CE2204E3291C8D3D7F658A969E80722B8B6F0304228D9B434C20EA ] mrxsmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:17:38.0492 0x1288 mrxsmb - ok
21:17:38.0541 0x1288 [ D4D12BC29DE0F09280868FDCA65B3474, A6FE89ABD52087FEE52FDF31DDF4CB627ED400E94FDA86BEBF1D4763F1E42518 ] mrxsmb10 C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys
21:17:38.0552 0x1288 mrxsmb10 - ok
21:17:38.0601 0x1288 [ 93A77008A8932FC84A173C4E97E52874, B7510CF7998C538D68BD2ECDC512A0BFC7CB7362F598EE4110F728427AFF0F5A ] mrxsmb20 C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys
21:17:38.0610 0x1288 mrxsmb20 - ok
21:17:38.0646 0x1288 [ 74C9D21523DAE0C18F413C196DF0058A, 3DB4B8CA368D9DD82FAE2C2BC828A21142C8D29780A7C8667188C447519FF702 ] MsBridge C:\WINDOWS\system32\drivers\bridge.sys
21:17:38.0650 0x1288 MsBridge - ok
21:17:38.0691 0x1288 [ 308F08347923DEEDE7BC03EC7D485841, 72DB45CA11FE635DF9F8273C38CBEFB8DF5362ADA0CBF6D2B1E570365DC700C0 ] MSDTC C:\WINDOWS\System32\msdtc.exe
21:17:38.0719 0x1288 MSDTC - ok
21:17:38.0750 0x1288 [ F01B849D9D4A8CEAF32D4FDBD0B83C92, D2473AC4C6E6C03DEF13EA73EC78FB878BDC95C047651BF79A16C9DEA82AD046 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
21:17:38.0752 0x1288 Msfs - ok
21:17:38.0781 0x1288 [ 22ECD8F5D1DFADF2011BBB1700CB871D, 8F9EFF51137394EFA5471B8A29C541710063B65806B075B4925A84D5B6BC3BBB ] msgpiowin32 C:\WINDOWS\System32\drivers\msgpiowin32.sys
21:17:38.0784 0x1288 msgpiowin32 - ok
21:17:38.0799 0x1288 [ FD870F6968A145E4D2BA8A8842686B03, 34B8F601F3B5E42B4D0A41E2AF7DB4EB4E5B627DA8DA9A2A2D46B153AF23AEB1 ] mshidkmdf C:\WINDOWS\System32\drivers\mshidkmdf.sys
21:17:38.0801 0x1288 mshidkmdf - ok
21:17:38.0827 0x1288 [ 30364757963A028CE5DF0FBAAC270173, C72588A6A52FF8E418A15D2C407A4DB7EA768585423720145F8253D5CA519DC2 ] mshidumdf C:\WINDOWS\System32\drivers\mshidumdf.sys
21:17:38.0829 0x1288 mshidumdf - ok
21:17:38.0874 0x1288 [ 6BB0FEDDAE7135FA37FFAFF4D9E0E876, B41A3C0FFDFC493D6325ED493445AFCED04EC9DFF2B38125616FC5419AD1ACC4 ] msisadrv C:\WINDOWS\system32\drivers\msisadrv.sys
21:17:38.0876 0x1288 msisadrv - ok
21:17:38.0902 0x1288 [ 07E3E54734B14F43A4A95A849C0A0DE2, 314AA02EA84D267B32DBAEBEA6C1AC1A266DED1E8D35A17B41D1D2AC75E8049E ] MSiSCSI C:\WINDOWS\system32\iscsiexe.dll
21:17:38.0909 0x1288 MSiSCSI - ok
21:17:38.0917 0x1288 msiserver - ok
21:17:38.0947 0x1288 [ 13D614E6B51ECF36746C48CE829FA7F6, CAD63C0A4F7110093F84C58252C5803F14E3FC46584B79DA17EC86D49FEAEA64 ] MSKSSRV C:\WINDOWS\system32\DRIVERS\MSKSSRV.sys
21:17:38.0949 0x1288 MSKSSRV - ok
21:17:38.0985 0x1288 [ 642CDE46351D5D2D90311E77072AB46D, B2D3033E607BA2F6E6B9CFB1CBF154CD0CE910EA473C56343EC81B9B94044CCA ] MsLldp C:\WINDOWS\system32\drivers\mslldp.sys
21:17:38.0988 0x1288 MsLldp - ok
21:17:39.0032 0x1288 [ F2302A5CE63CA7673200FAFCEEEDB6AF, B8C44FC2DC0332183DE325CDBF511101F3307225295EDD428CE575A8DE15C223 ] MSPCLOCK C:\WINDOWS\system32\DRIVERS\MSPCLOCK.sys
21:17:39.0033 0x1288 MSPCLOCK - ok
21:17:39.0061 0x1288 [ 6114512EA26E835BA522C63635429DB5, 0F91CE41B4555316A79AEF3047C152D538CC9C7C329987C9FD0E3D961AFC87C8 ] MSPQM C:\WINDOWS\system32\DRIVERS\MSPQM.sys
21:17:39.0062 0x1288 MSPQM - ok
21:17:39.0096 0x1288 [ AA538E16E644D00E3BA5349BBA9598EC, 64A68B06883FE7ED34E04AB119BA819753F1222923EDD4E802C35D402B89D075 ] MsRPC C:\WINDOWS\system32\drivers\MsRPC.sys
21:17:39.0109 0x1288 MsRPC - ok
21:17:39.0132 0x1288 [ 0543BEFD41EC4D25C7F7CF36409CEC7D, 631622CFEC49952C0470531B23FFFFF483DC0EFFEF7A97B1179A600392C05DDD ] mssmbios C:\WINDOWS\System32\drivers\mssmbios.sys
21:17:39.0135 0x1288 mssmbios - ok
21:17:39.0157 0x1288 [ C1569E4DB8EFE3617847BF041A3C842F, 99ADE5E7F50E04CAEC737F7F90741CCA8EE628996BA5EB6C6BC62184884429B6 ] MSTEE C:\WINDOWS\system32\DRIVERS\MSTEE.sys
21:17:39.0159 0x1288 MSTEE - ok
21:17:39.0167 0x1288 [ 130B16970154BA9876B09E5C4BAC63BE, BE3AF8FC5A26AB9C9DBA9C015C2E1FD3C4CD9CB423A2BBDABA91428BF8620553 ] MTConfig C:\WINDOWS\System32\drivers\MTConfig.sys
21:17:39.0169 0x1288 MTConfig - ok
21:17:39.0190 0x1288 [ 15D987C8F6CCD4AC94E070C5986762CB, 452FB0C48B86C7F8F53794CC2DDBF2B900B03A0383B2DE8F6A830F8CB0AFBAD8 ] Mup C:\WINDOWS\system32\Drivers\mup.sys
21:17:39.0195 0x1288 Mup - ok
21:17:39.0209 0x1288 [ 3D2C5B4995CA0751D32DEA0DE9FDFE44, A26958785FD9E05E2CA97078C9BB277CD44222BF5F7D9E8DC2F3F6AAAFFC6483 ] mvumis C:\WINDOWS\system32\drivers\mvumis.sys
21:17:39.0213 0x1288 mvumis - ok
21:17:39.0251 0x1288 [ F41102EEE5B1D6001CD003CED1D63812, 1A879823FAF5240A6CFAEBE999EB4097284C2D5541E4499B6D87CA6C214DD9CE ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
21:17:39.0261 0x1288 MyWiFiDHCPDNS - ok
21:17:39.0312 0x1288 [ DB31EBB04C871F422C36A0962DA7D38B, B1BC2344744F537FB2C7D07B415F860195B7795E185253F05C0817A3764FEC10 ] NativeWifiP C:\WINDOWS\system32\DRIVERS\nwifi.sys
21:17:39.0346 0x1288 NativeWifiP - ok
21:17:39.0387 0x1288 [ C3D9870E680D9D843B18F4626C3858FE, 43596CAC9FB488F810FBA954C52BC4D13F7D32028C40ACFE33DFD7EE36A65C17 ] NcaSvc C:\WINDOWS\System32\ncasvc.dll
21:17:39.0396 0x1288 NcaSvc - ok
21:17:39.0427 0x1288 [ 04CE2C0F0759EACD886BA4B658B60D5D, E34D0976FC5936C8629800D826DB127072D1DFC3D350EFACA3AA1B8119551762 ] NcbService C:\WINDOWS\System32\ncbservice.dll
21:17:39.0442 0x1288 NcbService - ok
21:17:39.0468 0x1288 [ E6094065008FE423377294050E7CEA2D, 86E200227256407530E2C28243DEFBC3CB6E9497644404D9AD79DA242286DF7B ] NcdAutoSetup C:\WINDOWS\System32\NcdAutoSetup.dll
21:17:39.0474 0x1288 NcdAutoSetup - ok
21:17:39.0511 0x1288 [ 629CB21AC49C8867E0F29DF1C16DB7B4, 20663E68C69D0A1A2FE99A0C2A9DEFABF49786A1DC8F7F4E1699458AF57D7E79 ] ndfltr C:\WINDOWS\System32\drivers\ndfltr.sys
21:17:39.0515 0x1288 ndfltr - ok
21:17:39.0580 0x1288 [ D5564FC81350458ED570528C4E3B1CCF, DD3C5012492EF9BCE3BE635BBB3AA40B3C5F5FDBD795A76B327D9C994102AC2B ] NDIS C:\WINDOWS\system32\drivers\ndis.sys
21:17:39.0625 0x1288 NDIS - ok
21:17:39.0648 0x1288 [ 6DD605338FAAF6BA17662AA874E0D162, 636607829F5D7C3B7A4683C0A2DD594360D72F2AA3F8710153BE32575AE34A15 ] NdisCap C:\WINDOWS\system32\drivers\ndiscap.sys
21:17:39.0651 0x1288 NdisCap - ok
21:17:39.0702 0x1288 [ E34196F285F8B8879E1FF36C31F7179E, 77A4F24F995D4C0689C43F9956E08DCEC62517E4F8B1B9EAA1852B5293DB5B9A ] NdisImPlatform C:\WINDOWS\system32\drivers\NdisImPlatform.sys
21:17:39.0707 0x1288 NdisImPlatform - ok
21:17:39.0722 0x1288 [ 1FAD2398673F30CEC616B89C46B7DCBA, 70302049E6AE2BC6B3A7A9DE54D3F940AD6A9771CC2EBCCEC65994E67A25ECB5 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:17:39.0724 0x1288 NdisTapi - ok
21:17:39.0750 0x1288 [ AEB8ECBE66CC46854066CB1F5623E179, 2F650A85A9DAE38887610C0B876621035616CEDB65D4BBBD7F1405616D218AAF ] Ndisuio C:\WINDOWS\system32\drivers\ndisuio.sys
21:17:39.0753 0x1288 Ndisuio - ok
21:17:39.0772 0x1288 [ 7340104C2BF2F126714F7CDE85E63610, 45B64EC6F3A4C43F7D74806789067658C6EF0D44D36B841F4D26E1EBC95AF66C ] NdisVirtualBus C:\WINDOWS\System32\drivers\NdisVirtualBus.sys
21:17:39.0774 0x1288 NdisVirtualBus - ok
21:17:39.0798 0x1288 [ 07ADC1F8DCBEB8104D75129B11584B8C, CB51A294D9FD4E210DBEEF05A1E60A96CE52D6D138EF62A54E1F608F90FED300 ] NdisWan C:\WINDOWS\System32\drivers\ndiswan.sys
21:17:39.0805 0x1288 NdisWan - ok
21:17:39.0821 0x1288 [ 07ADC1F8DCBEB8104D75129B11584B8C, CB51A294D9FD4E210DBEEF05A1E60A96CE52D6D138EF62A54E1F608F90FED300 ] ndiswanlegacy C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:17:39.0828 0x1288 ndiswanlegacy - ok
21:17:39.0854 0x1288 [ 78A12E3DF035B5D054986949B19BE43C, AD9B34F89B9F27D473BD5FCE6694A40FCCB808B61ABEDD6F70F1AF6C7E73ABF8 ] ndproxy C:\WINDOWS\system32\DRIVERS\NDProxy.sys
21:17:39.0857 0x1288 ndproxy - ok
21:17:39.0878 0x1288 [ 04C8859355C1DC9C0FA198D1894D71C2, E7C67E73009341B5D402470C686781B3C7BBE2531CE26665E08E711B990B1A77 ] Ndu C:\WINDOWS\system32\drivers\Ndu.sys
21:17:39.0883 0x1288 Ndu - ok
21:17:39.0929 0x1288 [ 6C76780A01FC2B885BD6E957B5C36B02, DB7834F03A765F65C773E772D8051AFADB22CA4B5074180AA397857A0C47A068 ] NetAdapterCx C:\WINDOWS\system32\drivers\NetAdapterCx.sys
21:17:39.0933 0x1288 NetAdapterCx - ok
21:17:39.0959 0x1288 [ 5D1513BD6430307C9DB86C6E351372ED, D2AB709CF7CFA5B857B084AFC821914A975B7DDDCE154229981F19448973BD6D ] NetBIOS C:\WINDOWS\system32\drivers\netbios.sys
21:17:39.0962 0x1288 NetBIOS - ok
21:17:39.0996 0x1288 [ 6FEBB0A847FFD5F057B9AC8889F1B9A7, 558BCC64C59079E6569F61CCE1219A124B3313FC4E6CB5CBCC94124D202FF19D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
21:17:40.0006 0x1288 NetBT - ok
21:17:40.0025 0x1288 [ 6F8E95716C1A27FF2FE96D30B147F1C1, 9403E9FE8B13EE294CFBBD96649BBD54CF723CF5872E3E03DA4380379D677983 ] Netlogon C:\WINDOWS\system32\lsass.exe
21:17:40.0029 0x1288 Netlogon - ok
21:17:40.0115 0x1288 [ D3BF2DA9216A4CF22A97820A50A67EFF, D00CBE0A7ECFB449D9B48967A01EE56141404EBE229893D5A1710781AD5F2551 ] Netman C:\WINDOWS\System32\netman.dll
21:17:40.0127 0x1288 Netman - ok
21:17:40.0175 0x1288 [ F2645D51DD8AABC8BC72358409410437, 8CB97628923D6CEA6EFAD7E666BE92C154060BD108C28D46287A520A14B18ADA ] netprofm C:\WINDOWS\System32\netprofmsvc.dll
21:17:40.0226 0x1288 netprofm - ok
21:17:40.0277 0x1288 [ D65F295A049473E6A39EA9A0EA76CA32, 274FC0BA044EB2D14093AB0E561F7FACEE06A3F433C81343C8B926FA2F9BD251 ] NetSetupSvc C:\WINDOWS\System32\NetSetupSvc.dll
21:17:40.0311 0x1288 NetSetupSvc - ok
21:17:40.0442 0x1288 [ EFA857E2B0CC7C9DFEF48A2187B910F7, 424475568CD70237F056838388A5F7BDCD1B09349085498644C75940B12E8EAF ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:17:40.0447 0x1288 NetTcpPortSharing - ok
21:17:40.0614 0x1288 [ 387ADDE3084B0E98CD2943705377F9C8, CC29F396277518CED5453870E08653BE95BF0E0BD7DD94DF9E84A35FFE80CDAB ] NETwNb64 C:\WINDOWS\System32\drivers\Netwbw02.sys
21:17:40.0761 0x1288 NETwNb64 - ok
21:17:40.0818 0x1288 [ B996DE26A2E16053C9485F5905B05320, 30EB2CEB466A4F05A44F7CBFCDFD8CC3C27B5FCF1269C1B9410C48AB362D2A75 ] NgcCtnrSvc C:\WINDOWS\System32\NgcCtnrSvc.dll
21:17:40.0831 0x1288 NgcCtnrSvc - ok
21:17:40.0903 0x1288 [ 54C31C2B815E2E26BB8158022F837C9C, CED660D1A58F635C6452F82FCB2EF8ACEEB7785E31617B2ADFD9EE69A2BDF2B8 ] NgcSvc C:\WINDOWS\system32\ngcsvc.dll
21:17:40.0949 0x1288 NgcSvc - ok
21:17:41.0006 0x1288 [ 9B9F520C72EE33EAEC857124BB800243, DFA9386B272F4D86F3E4BE861A2FC4617261E1AA40576DDA610FC24AB4961A63 ] NlaSvc C:\WINDOWS\System32\nlasvc.dll
21:17:41.0022 0x1288 NlaSvc - ok
21:17:41.0051 0x1288 [ 001CBD7A2CD45C4EB39C01C3C677EF73, F4AAF4D60DB1232921C7811A62287B55C7C098B7A1FF9A40D88AF58A5ABECBA2 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
21:17:41.0055 0x1288 Npfs - ok
21:17:41.0076 0x1288 [ 90F5DC9802AAA00CD0B6E2AD9E7FFADC, 71C0777829299DECA6ACD42F38802DBE3C29A42CFBD8A396F39DFA44D1F55B6C ] npsvctrig C:\WINDOWS\System32\drivers\npsvctrig.sys
21:17:41.0078 0x1288 npsvctrig - ok
21:17:41.0104 0x1288 [ 1993C85962692EF7024501E7FE92D466, F5BCAA8308495EBF8BB061C2015E07C202A779668D171364D7E312975BC18B10 ] nsi C:\WINDOWS\system32\nsisvc.dll
21:17:41.0109 0x1288 nsi - ok
21:17:41.0130 0x1288 [ 0C6218321A09A7B51BA7FFAFBA4CCB21, 330B3FA793A78410B28DFC8250BBF24442E3BB80434A7938BB96F02337614E0D ] nsiproxy C:\WINDOWS\system32\drivers\nsiproxy.sys
21:17:41.0132 0x1288 nsiproxy - ok
21:17:41.0244 0x1288 [ DB69C6DA8B3DDFDC547D455CA23A8250, AE495CEB18924C8B21F7F150FF17CD00880F2E222D7B5155661798E0535D63C4 ] NTFS C:\WINDOWS\system32\drivers\NTFS.sys
21:17:41.0334 0x1288 NTFS - ok
21:17:41.0357 0x1288 [ 6E6DD6F9DD2A034CF85E94047DBDB992, 63D0A0756F551B7668D1CBAB24B29FD462C706E8A81690BC248D6C92061FE215 ] Null C:\WINDOWS\system32\drivers\Null.sys
21:17:41.0359 0x1288 Null - ok
21:17:41.0384 0x1288 [ D261DF41F0840F734856A2B4F5E072C7, 2E703556D0C919375D0B7770513456844B13362190643D5524663EC8546E0FF5 ] nvraid C:\WINDOWS\system32\drivers\nvraid.sys
21:17:41.0390 0x1288 nvraid - ok
21:17:41.0419 0x1288 [ 23B702B555EB0436B9DAA0BC63DA65CE, D454F80D9657CFEC852F022C12D7B2C1A2D7D247ECC591EDB07B9369DFD8C99E ] nvstor C:\WINDOWS\system32\drivers\nvstor.sys
21:17:41.0426 0x1288 nvstor - ok
21:17:41.0474 0x1288 [ 17997DC2441F7E29CDFC6458E0392764, 636CCE2DA1EF8195B33F8D6D5C8CC151D58EBF08DC9AD8ACCCE7ABD41A69639F ] OneSyncSvc C:\WINDOWS\System32\APHostService.dll
21:17:41.0487 0x1288 OneSyncSvc - ok
21:17:41.0580 0x1288 [ AC0F1B7B71D9D435EC33456F7EDF6FF1, 8FEFF5F99F1AFF21CF9415D4BF26936EF3A7347DA06F30ADD1DD1B14916F2585 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:17:41.0588 0x1288 ose - ok
21:17:41.0658 0x1288 [ 4578ECA1FCEF4E7C787D84F78625143B, F5FE84D6D7412A4C037772593C434253D590E476B0B7498987A1697BED86A510 ] p2pimsvc C:\WINDOWS\system32\pnrpsvc.dll
21:17:41.0674 0x1288 p2pimsvc - ok
21:17:41.0741 0x1288 [ 2BBCED66D7AFC968BDBB0E4D8524DF0A, 762D916390F9DE69B3EA1D31244224F910645F8E5CEF4C505B76B215BFDFCD9A ] p2psvc C:\WINDOWS\system32\p2psvc.dll
21:17:41.0759 0x1288 p2psvc - ok
21:17:41.0805 0x1288 [ 6B81BF7853D161DB8AC62CD8B9C2DE6B, B2DC06D135FD2501217DDA7349556EB873309E02188D4C3901807BA24FAB30C7 ] Parport C:\WINDOWS\System32\drivers\parport.sys
21:17:41.0809 0x1288 Parport - ok
21:17:41.0858 0x1288 [ CDBD029BAEC8D09F6FBD404632D9AF28, 71F4401150CD4C9C6BBF2DA854CF07EA2F8C9BBE900833858F49134DDAF14414 ] partmgr C:\WINDOWS\system32\drivers\partmgr.sys
21:17:41.0863 0x1288 partmgr - ok
21:17:41.0913 0x1288 [ CDD8EDF4C35BE6D6137112F5CC7A70DA, 80EECA6BC2E668E5652A5CA9B119CCCE2A2E421F0EED1FD0EAC20C42E77C02ED ] PcaSvc C:\WINDOWS\System32\pcasvc.dll
21:17:41.0933 0x1288 PcaSvc - ok
21:17:41.0969 0x1288 [ 29AF16726F4DD84376ECA85AB6AFF2C6, BEF9EA10637065365ED343C4EBA51191B9BEADD8F1F3362D3EFE75F40BE9A027 ] pci C:\WINDOWS\system32\drivers\pci.sys
21:17:41.0992 0x1288 pci - ok
21:17:42.0033 0x1288 [ 214DCC87E3898F738075D1341252A552, E721FBBC3510DDB848A8CAEA3B6031EE988F42252DBC3BF7BDB6ABD9A0D9FABD ] pciide C:\WINDOWS\system32\drivers\pciide.sys
21:17:42.0035 0x1288 pciide - ok
21:17:42.0104 0x1288 [ AED76A3333B3A31536E430020E0226FC, EC255B79B0908E3C142D92E35B79D90A3F2594BA012CA2B1B04A6A8745153430 ] pcmcia C:\WINDOWS\system32\drivers\pcmcia.sys
21:17:42.0110 0x1288 pcmcia - ok
21:17:42.0135 0x1288 [ E63FB38B6E75B39467492FBAD2CD512A, DB406C92BA2460C833A49B98EB5BD58348E868F643A0123B0C9B5315FFC6A124 ] pcw C:\WINDOWS\system32\drivers\pcw.sys
21:17:42.0139 0x1288 pcw - ok
21:17:42.0184 0x1288 [ 9EA203A07EFA6D74F07F32EF0DAB5CA6, D851F1CC748B4CD0E263931668FFF2FE20D5778267F4FF2237D565CFC171B5AF ] pdc C:\WINDOWS\system32\drivers\pdc.sys
21:17:42.0189 0x1288 pdc - ok
21:17:42.0340 0x1288 [ 87B3DE5B911F767C388D5A56A73D9E93, 7C845A6E9D706BC7CDFD32F9BDEA52BF2FD3D90D45BCF2D48CE704D58F00D23D ] PDF Architect 4 C:\Program Files\PDF Architect 4\ws.exe
21:17:42.0439 0x1288 PDF Architect 4 - ok
21:17:42.0505 0x1288 [ 9049B0504C1CB438C0154F72FD7ABC28, 882141B00074CB2EDD3CB7DA745DF4347DA62A90A7E104719DBC13A8BA56B253 ] PDF Architect 4 CrashHandler C:\Program Files\PDF Architect 4\crash-handler-ws.exe
21:17:42.0550 0x1288 PDF Architect 4 CrashHandler - ok
21:17:42.0609 0x1288 [ 5F83EDC4A22BC7CC9507E43335C3524E, E349816313DA261C1787159085D920CE975B122DB9FEEBAA132D6593B6DD03EC ] PDF Architect 4 Creator C:\Program Files\PDF Architect 4\creator-ws.exe
21:17:42.0654 0x1288 PDF Architect 4 Creator - ok
21:17:42.0733 0x1288 [ 08DAD53D89403158FC493FABAE217773, 833BF76818B984FE26A87A8DB75BA15A1143C9FCC0BBB5A8708656C7C09D6A28 ] PDF Architect 4 Manager C:\ProgramData\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe
21:17:42.0780 0x1288 PDF Architect 4 Manager - ok
21:17:42.0849 0x1288 [ 1509A77F840AA9E72CF8247D0CF2FBDE, 2D47AD4D8F5C2D871E603FB6D72D25EFD0E63FA3A542DAADAB9D82ED074C0E0B ] PEAUTH C:\WINDOWS\system32\drivers\peauth.sys
21:17:42.0914 0x1288 PEAUTH - ok
21:17:42.0953 0x1288 [ 540116170E2135FCD5DDE77702166B67, CBEC51C2D47532F1781B3255040F303263420B204C2F8BB2B5D1EC342F57B285 ] percsas2i C:\WINDOWS\system32\drivers\percsas2i.sys
21:17:42.0957 0x1288 percsas2i - ok
21:17:42.0977 0x1288 [ 8356F87553BF49C703CF382033815898, 245EB941566D848F134629690BF271B1CBEAB6440771D3D8D7AED3756835354E ] percsas3i C:\WINDOWS\system32\drivers\percsas3i.sys
21:17:42.0981 0x1288 percsas3i - ok
21:17:43.0064 0x1288 [ CB5343FF52A702A9ACFAAE6BE972FE09, EAA5362D91D05D382DF4EBBAA3FD575456F23CAD531CC6F1270F8254892DBF02 ] PerfHost C:\WINDOWS\SysWow64\perfhost.exe
21:17:43.0068 0x1288 PerfHost - ok
21:17:43.0154 0x1288 [ D0D57322ABC7473E54472D8374169CC5, BD14A13D6908C8669E56EF9401FD8A3D7C618E8B6556B36E634864E733BCA4B2 ] PhoneSvc C:\WINDOWS\System32\PhoneService.dll
21:17:43.0199 0x1288 PhoneSvc - ok
21:17:43.0253 0x1288 [ B4AB2C0177715FFAED88A1223212043A, 1920792ADC78DD51EF98B6A9634D686EAED0848FB7EF74A0DCD3AEBA5AF41EC6 ] PimIndexMaintenanceSvc C:\WINDOWS\System32\PimIndexMaintenance.dll
21:17:43.0263 0x1288 PimIndexMaintenanceSvc - ok
21:17:43.0377 0x1288 [ F931F21E4287FE3ECCF09B54A232BBA2, CEB7AB3236E5F30214027092B7B695ED35F7A1E007DF4046797D1E4DFEF49EC8 ] pla C:\WINDOWS\system32\pla.dll
21:17:43.0446 0x1288 pla - ok
21:17:43.0474 0x1288 [ FEA494AC3A1BAE63C1F2AF267D49F1DB, 0722FEA2481740B53EF26B1CA59166C63C157A5C708AC93DF3FBB74A27266C9C ] PlugPlay C:\WINDOWS\system32\umpnpmgr.dll
21:17:43.0483 0x1288 PlugPlay - ok
21:17:43.0510 0x1288 [ 56D7A89423325121C4A9BD5C326414F3, 649048C23D1973C3504E26B35362AC99DFE9BF31FFE73F45B43306A212AEA34C ] PNRPAutoReg C:\WINDOWS\system32\pnrpauto.dll
21:17:43.0515 0x1288 PNRPAutoReg - ok
21:17:43.0570 0x1288 [ 4578ECA1FCEF4E7C787D84F78625143B, F5FE84D6D7412A4C037772593C434253D590E476B0B7498987A1697BED86A510 ] PNRPsvc C:\WINDOWS\system32\pnrpsvc.dll
21:17:43.0587 0x1288 PNRPsvc - ok
21:17:43.0635 0x1288 [ F70CAC34B455D05EAA04B2F8FB58E1CB, 295BFFB3DA03C5CE5462C11D3240024B68AC06E8DEA9062A739BE2CCEE19EB5D ] PolicyAgent C:\WINDOWS\System32\ipsecsvc.dll
21:17:43.0655 0x1288 PolicyAgent - ok
21:17:43.0691 0x1288 [ 60C8376B48BA96F07AEA536527433D44, EB988C119C3E71169B91ED2A744C71933DD35447DC4A8249E80EC24E9E7077D4 ] Power C:\WINDOWS\system32\umpo.dll
21:17:43.0700 0x1288 Power - ok
21:17:43.0729 0x1288 [ 5645B9D9788CCA2C88B9534996ED2D6D, 4988942DF163DB5B9B1A08CE6B628D2C47C2E2EAA30AEAE4EFE21C8CF4C8DC5D ] PptpMiniport C:\WINDOWS\System32\drivers\raspptp.sys
21:17:43.0734 0x1288 PptpMiniport - ok
21:17:44.0029 0x1288 [ 7196D3C2E2E3129814C8DAB91F9A7D1E, 6763E4BF8E846B597E78778E520F5BADC95608BAA4EA0AC84971384B5D976DD7 ] PrintNotify C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
21:17:44.0227 0x1288 PrintNotify - ok
21:17:44.0284 0x1288 [ 372913E12677A8CBBBABDD8311894F9D, A5233D95A0D22D2A9DB214E7CB79A99D389B67189FF6A87D0AD4610A333A637F ] Processor C:\WINDOWS\System32\drivers\processr.sys
21:17:44.0291 0x1288 Processor - ok
21:17:44.0359 0x1288 [ 1F115AF75EFBAC28479B4F94A3F8D4A3, BE8D8C50D985F6AF9DDC0F13BDBE2D55D600E1F5E344982536538B14EC484AA6 ] ProfSvc C:\WINDOWS\system32\profsvc.dll
21:17:44.0382 0x1288 ProfSvc - ok
21:17:44.0405 0x1288 [ FC98407B85A31161851FDE245517574F, 2CCD706CF243934FCDA32B24CE0C385EA2E67F206E0306FA584496F583A20CD1 ] Psched C:\WINDOWS\system32\drivers\pacer.sys
21:17:44.0411 0x1288 Psched - ok
21:17:44.0434 0x1288 [ 3EB2E97049C14B05D9218009BAF05ED6, 39234A35B54D4006D45125E139E1B795054B029DF1BAC5931CA229ABCAF7F7C2 ] QIOMem C:\WINDOWS\System32\drivers\QIOMem.sys
21:17:44.0437 0x1288 QIOMem - ok
21:17:44.0480 0x1288 [ 7A68710BAC9B6809314B86C0CB1CBC4A, C02D97993D1F6FE6EFBA5B1366B3A4FE8CE1136A95F3A2DA07BA59554C163501 ] QWAVE C:\WINDOWS\system32\qwave.dll
21:17:44.0494 0x1288 QWAVE - ok
21:17:44.0528 0x1288 [ 819602BBBFDB0BD46DEA3715BF0DD452, D4007FF1E5296316B53436CA3598D6B1CF4F60AB77D5B02F3E595081EDD5D879 ] QWAVEdrv C:\WINDOWS\system32\drivers\qwavedrv.sys
21:17:44.0531 0x1288 QWAVEdrv - ok
21:17:44.0569 0x1288 [ CDF47037A0939F56D11F699629C276AD, A63F2A3FE80FB8084E3870E907505694B79EE1D9E56E292C01D481FEFD2534B0 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:17:44.0572 0x1288 RasAcd - ok
21:17:44.0608 0x1288 [ 28C2EA278070EE12701D0EDF8CB0EC36, F10288C1C6835840026DB30285345EF892DE989F43C948E7F4760B8895FF675F ] RasAgileVpn C:\WINDOWS\System32\drivers\AgileVpn.sys
21:17:44.0613 0x1288 RasAgileVpn - ok
21:17:44.0646 0x1288 [ 7B82197BF35CC3BE59AEF8B706AB8A16, AB0216164A548A48CD21F5F035E57E867584A96890B9887EC08F8DABDD89F990 ] RasAuto C:\WINDOWS\System32\rasauto.dll
21:17:44.0655 0x1288 RasAuto - ok
21:17:44.0680 0x1288 [ 17E565710172ED71B8531D8822E1C5D1, 0CA39ABD9E544DDAD9D9D7D1FC50444274C31E18F9BF73069051D9F62833698F ] Rasl2tp C:\WINDOWS\System32\drivers\rasl2tp.sys
21:17:44.0686 0x1288 Rasl2tp - ok
21:17:44.0758 0x1288 [ F79BFB5588B777C71734C1D1EC129D07, 9B9D70EC8978AAC19B2B94694EE1B9957C13DFDDFCBE8AA82C5F0D0EA04CDBDF ] RasMan C:\WINDOWS\System32\rasmans.dll
21:17:44.0796 0x1288 RasMan - ok
21:17:44.0844 0x1288 [ 9387DF155233D45D4E010F4F2FB52A57, CABC25DA4E512809AED0085767BDD94BF3C1DA792BFF8A009B5465D9110E7060 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:17:44.0849 0x1288 RasPppoe - ok
21:17:44.0878 0x1288 [ F0F4EEDEEBEE7A4244FAFB96A16B5712, F64717E601BD5EB674003009507B8CDD6F69F00E8670D6895EC64786166A0E8D ] RasSstp C:\WINDOWS\System32\drivers\rassstp.sys
21:17:44.0882 0x1288 RasSstp - ok
21:17:44.0924 0x1288 [ AF6963414B820B7C45578ED3300438A7, C00F60FD72608E6983D32642768AECE891DD816FADFA7B872BA88091C16B95D7 ] rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:17:44.0944 0x1288 rdbss - ok
21:17:44.0983 0x1288 [ 79A415E6FA915EFC00297DAB16EC2635, 47BB49F6D756214193D38A4AB182B541AAC180381C3111FF7F9B0AD4C44D8733 ] rdpbus C:\WINDOWS\System32\drivers\rdpbus.sys
21:17:44.0987 0x1288 rdpbus - ok
21:17:45.0015 0x1288 [ 7135785C21CA79D270D11037C43D3F19, 654A3C65CF891ED8C82A740D10CF607FC7D709185E664DE03288CEB5B25F03A6 ] RDPDR C:\WINDOWS\system32\drivers\rdpdr.sys
21:17:45.0025 0x1288 RDPDR - ok
21:17:45.0081 0x1288 [ 97A61A3CB2B5CB4FC32B3224EF333448, E4F2E8BCEE3639BE57BBC8A8E67FDE42C3A5158F1204684B0ECD216F4AA044A3 ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys
21:17:45.0083 0x1288 RdpVideoMiniport - ok
21:17:45.0117 0x1288 [ 69BB204AE07EE84ECFAB1BF13C4BD04B, 1CA832CBF4AE4821EEA2A19F9519C2D1D00406B8CCE2A86FE3B33A5F293DB218 ] rdyboost C:\WINDOWS\system32\drivers\rdyboost.sys
21:17:45.0129 0x1288 rdyboost - ok
21:17:45.0189 0x1288 [ 940D6F5A2B0A61EE4170DF84F6C95C20, F8EE846DC8015EDFE7CB5BEEDC977EAA9C586BAC2216DE69D8ECCBDBC7408649 ] ReFSv1 C:\WINDOWS\system32\drivers\ReFSv1.sys
21:17:45.0234 0x1288 ReFSv1 - ok
21:17:45.0294 0x1288 [ 0060A50F5E3A397E1F84B0C8F5F9898B, 685452985AF6BF68A63A8A306E7BFA4051B0E8C41CA67EE74D506E6F560FF5DD ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
21:17:45.0300 0x1288 RegSrvc - ok
21:17:45.0363 0x1288 [ 13F6B64235C60167052364BF7D99E4CA, BC12EE00775F7456FB922FBD684BF3F0CFABA5BEBB6E162C23B41DED5C20A978 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
21:17:45.0387 0x1288 RemoteAccess - ok
21:17:45.0438 0x1288 [ 3183B161B1F05333F6C325577FEF3596, D6A89B2A021377B6F371E5B9EFC36FF018822B28F0ED41F8CD2F00C5C8605707 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
21:17:45.0448 0x1288 RemoteRegistry - ok
21:17:45.0501 0x1288 [ 0660F4A14F9D2A2F59B26B1D74F1A6D0, A9443B6B7ED1ECA22AC960A2C6A2BE18C0BA58CD7BCF60E7AA617CD3662D122D ] RetailDemo C:\WINDOWS\system32\RDXService.dll
21:17:45.0560 0x1288 RetailDemo - ok
21:17:45.0594 0x1288 [ E82F3B1918C6A5FE6EB761CDF1E772AF, 0C993FCB7BFD6E01B70A1821E0DEAFA2CB241AF8C2E6D4CC120F59C1B5F6FF5F ] RFCOMM C:\WINDOWS\System32\drivers\rfcomm.sys
21:17:45.0603 0x1288 RFCOMM - ok
21:17:45.0636 0x1288 [ 5DAA644F17780FC4E3F4820A46D38FEC, 32C27FFA0A4608B164F4E709CD0D998AB73CA9713BE3E47F9DBC7B3D1B6C7453 ] RmSvc C:\WINDOWS\System32\RMapi.dll
21:17:45.0646 0x1288 RmSvc - ok
21:17:45.0690 0x1288 [ 672724C8B21B7DC56646045DE4D5B860, 79986E80A92C949C543959F1E35647A9788DAB2892AC20B6DEA5C0BBC0CEDE9E ] RpcEptMapper C:\WINDOWS\System32\RpcEpMap.dll
21:17:45.0698 0x1288 RpcEptMapper - ok
21:17:45.0747 0x1288 [ 109C1D609951E886D3643B15C1EDD1C2, 347D8E7C50EC7F96217C7421D9BC8A42C9DF50B94169CB58DCF857A63C33C2EA ] RpcLocator C:\WINDOWS\system32\locator.exe
21:17:45.0751 0x1288 RpcLocator - ok
21:17:45.0817 0x1288 [ 7BD259FC59CF9C2AE1B979564B374CC6, 299832FCE304A85080C80ABFE820A6093AC15A7C1E7C89D8C946708E955A2909 ] RpcSs C:\WINDOWS\system32\rpcss.dll
21:17:45.0874 0x1288 RpcSs - ok
21:17:45.0918 0x1288 [ 189EE2B924193F144329B72014B4BC50, A31FA0F4BA18014A5DF446E3DADF7F12C5B788FD119738C02278E8A5A0E5D512 ] RSP2STOR C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys
21:17:45.0932 0x1288 RSP2STOR - ok
21:17:45.0963 0x1288 [ 5FF28F097C9699097B473F8FC7C1AA7D, 695560F1DBD85073F3D6CB1FF16F16504CA044EA62E940E463A16BBA8B86E2FA ] rspndr C:\WINDOWS\system32\drivers\rspndr.sys
21:17:45.0967 0x1288 rspndr - ok
21:17:46.0036 0x1288 [ FA00B16D06217288AFD700223DA131BA, 90688C3A8403FEF2A90550781CBA932A522125B47D71F3F0AF73E21E43BC5564 ] rt640x64 C:\WINDOWS\System32\drivers\rt640x64.sys
21:17:46.0091 0x1288 rt640x64 - ok
21:17:46.0119 0x1288 [ B5DAEE69BACA64D2BB004568E22D8756, C0072CF6B438ED756435A182D55AC55F3AD356ACBD483DE06A94893D3CA8CCC5 ] s3cap C:\WINDOWS\System32\drivers\vms3cap.sys
21:17:46.0121 0x1288 s3cap - ok
21:17:46.0171 0x1288 [ 6F8E95716C1A27FF2FE96D30B147F1C1, 9403E9FE8B13EE294CFBBD96649BBD54CF723CF5872E3E03DA4380379D677983 ] SamSs C:\WINDOWS\system32\lsass.exe
21:17:46.0175 0x1288 SamSs - ok
21:17:46.0212 0x1288 [ 5E73FB63E2DBC75FE0C17DEB0010CE0E, 9DAC47486262397D03BC01F7438CAB62CF33BD7B5283F5B9548C770A3D6D0ADC ] sbp2port C:\WINDOWS\system32\drivers\sbp2port.sys
21:17:46.0217 0x1288 sbp2port - ok
21:17:46.0262 0x1288 [ 3CD0130FFDEAEACF0905B482F3934EA3, 1EC355B63135FD2563093EBB206741C0C4CCE0551A662F6DC86C875146A88B06 ] SCardSvr C:\WINDOWS\System32\SCardSvr.dll
21:17:46.0275 0x1288 SCardSvr - ok
21:17:46.0314 0x1288 [ 5E8ECCE130A72107B6DFDBE26185A7FB, 811E2CE485BC14161FF629069BCCF53B2B8C6F8B1E1A6B3A3C86DBE4F85A5577 ] ScDeviceEnum C:\WINDOWS\System32\ScDeviceEnum.dll
21:17:46.0336 0x1288 ScDeviceEnum - ok
21:17:46.0372 0x1288 [ 3D9A82B03C92D1FEC42CB171D6F57778, DC027F02F5EB5F1D10DB6F405FB0C15D4D5C922445F5F3C916624113278AF072 ] scfilter C:\WINDOWS\system32\DRIVERS\scfilter.sys
21:17:46.0376 0x1288 scfilter - ok
21:17:46.0445 0x1288 [ D4DB6B318A0A0C74A90260725A228C0B, 57BA2EF9D880488C785C806ABF9EE753A48E589129442D72F815CD6EFFA07B22 ] Schedule C:\WINDOWS\system32\schedsvc.dll
21:17:46.0506 0x1288 Schedule - ok
21:17:46.0556 0x1288 [ 9055ADDFBA4C8B914C914CE693B55C0A, DB213AC36E14D856B81D2AFE46815402537A2ABEEA15032A9FF436F953129441 ] scmbus C:\WINDOWS\system32\drivers\scmbus.sys
21:17:46.0561 0x1288 scmbus - ok
|
|
25.01.2017, 21:43
| #5 |
| | Willkürlich öffnen von Tabs bei jeglichem Browser TDSSKiller 2. Teil: Code:
ATTFilter
21:17:46.0593 0x1288 [ B6F2363584E62960846F7C3F00124A4F, 252189FF9D623CF69BF415FF7C7FE74B0BBF756B632420578BFAFF6595616CF7 ] scmdisk0101 C:\WINDOWS\System32\drivers\scmdisk0101.sys
21:17:46.0599 0x1288 scmdisk0101 - ok
21:17:46.0646 0x1288 [ C1B5EE58E759C53F9939581709DC70BB, 85095ABC9459A766832373BC3839E573E9A73C967F8427D6B7CAB972551C3191 ] SCPolicySvc C:\WINDOWS\System32\certprop.dll
21:17:46.0655 0x1288 SCPolicySvc - ok
21:17:46.0702 0x1288 [ 7C3D10BEC8B0DBA00A78C78EB10B3AE2, A671C9CB97977613576D70607E106C7A29B9EA9E875C7C5AF293EE5903D7AD0A ] sdbus C:\WINDOWS\System32\drivers\sdbus.sys
21:17:46.0717 0x1288 sdbus - ok
21:17:46.0756 0x1288 [ F3714DBAA42C15F78FFCDFE4273214EB, 2D018970B92C5F0744FAE10A2FC298F3DCEA5C2EDEB760F4F0651337B9878ABF ] SDRSVC C:\WINDOWS\System32\SDRSVC.dll
21:17:46.0765 0x1288 SDRSVC - ok
21:17:46.0800 0x1288 [ 120DFCB71D6C502613A9E2D50E16850C, 2C294010AD1C9C380CD5221A37720544178B7358C8C8553AF44055E4CEE5DAF5 ] sdstor C:\WINDOWS\System32\drivers\sdstor.sys
21:17:46.0805 0x1288 sdstor - ok
21:17:46.0825 0x1288 [ EFD644DD091E1D94555FC3BBC95EA66D, FBDDA6680BEC378CCF12A32D9186020E884DA15A1E789D1531B1E687FC7B54B1 ] seclogon C:\WINDOWS\system32\seclogon.dll
21:17:46.0830 0x1288 seclogon - ok
21:17:46.0885 0x1288 [ F48535714BED7DD784853889B4594B26, 9B4AB7E7293E79A8F6CC46C84F23E62AD3BD6E958FCE078CDBB125A69FAC7E50 ] SENS C:\WINDOWS\System32\sens.dll
21:17:46.0893 0x1288 SENS - ok
21:17:46.0980 0x1288 [ 2B4E090D06C60853C5C00CF255F9E02A, 4D4DBA7B04519622612BD4A4F28318CA2F5646C84CAFF8C5ACC9BF4C6031894E ] SensorDataService C:\WINDOWS\System32\SensorDataService.exe
21:17:47.0069 0x1288 SensorDataService - ok
21:17:47.0125 0x1288 [ C09A42163878A082C3F0D0A3DFE95714, 8033DC38D0EDED3758DA6BF8C1955BE5FFE48863C079C589660B37D0E461300F ] SensorService C:\WINDOWS\system32\SensorService.dll
21:17:47.0143 0x1288 SensorService - ok
21:17:47.0189 0x1288 [ E6F00415DADCEEC860E7AB42BFD19A65, 274CAF22F93D43B6DB6953730E3DF8DA94776B24EEE74B80AB4CD780BC1366A9 ] SensrSvc C:\WINDOWS\system32\sensrsvc.dll
21:17:47.0199 0x1288 SensrSvc - ok
21:17:47.0221 0x1288 [ 401D706DDC0A7AF18C3DD228ADF74551, 27C0B38D7C2E3F6FF06201124E63483931F6071954B2B99EC0143C464238C0B7 ] SerCx C:\WINDOWS\system32\drivers\SerCx.sys
21:17:47.0225 0x1288 SerCx - ok
21:17:47.0266 0x1288 [ 7084D11083F0CDCA8B5C76F9846ABF5D, F639920882B0E784D8CFAF0D4C0F0C411937B6831E5DD99B0ABFBFE06BA4742F ] SerCx2 C:\WINDOWS\system32\drivers\SerCx2.sys
21:17:47.0273 0x1288 SerCx2 - ok
21:17:47.0317 0x1288 [ 3FF478A8ED32A83C36581425F6282B6C, 787646A17098EA7CF36064D0A950C1D470D4A280C8C5AC40023D566E53860EAE ] Serenum C:\WINDOWS\System32\drivers\serenum.sys
21:17:47.0320 0x1288 Serenum - ok
21:17:47.0364 0x1288 [ 92509187AA171A80521528B36F753E1D, FE0DA272B8A155ECC161E99586C4AE7EE17B1C84BC330DA1566C83B8E03FA825 ] Serial C:\WINDOWS\System32\drivers\serial.sys
21:17:47.0368 0x1288 Serial - ok
21:17:47.0390 0x1288 [ 433D38FF6D08B993847EA2A10EB8CB52, 29BA75DB6D1AC761BBDFB5AC8874FC7D763E1CD10D290E369063B34CE951270F ] sermouse C:\WINDOWS\System32\drivers\sermouse.sys
21:17:47.0392 0x1288 sermouse - ok
21:17:47.0451 0x1288 [ 82CF273F0E8F243789683DEB40757569, 5433D93A41C4BF04494E6158931C6AC3154888F7CD3A417253EC02FF7EA6D00E ] SessionEnv C:\WINDOWS\system32\sessenv.dll
21:17:47.0469 0x1288 SessionEnv - ok
21:17:47.0504 0x1288 [ 697D3EE0740AEAB62B66ABCA1C83D13B, FCF54A0071ED04AD3FC8551C67FE5FD49089DC0510F753052CAC5972A65C9E3D ] sfloppy C:\WINDOWS\System32\drivers\sfloppy.sys
21:17:47.0506 0x1288 sfloppy - ok
21:17:47.0564 0x1288 [ 832E933AA8DB9FD4733B96D8B6484D3F, 3A8E3D7ECA192EEE154CB568073B7211FDA06078EFC3BC7E961563A1BFDD0CAA ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
21:17:47.0617 0x1288 SharedAccess - ok
21:17:47.0700 0x1288 [ 482E6BE8A07832E824080D352075ACA1, 4123A76C8E805AF4FE229C53E9C174095C0937913BA81A63FE9B45C44AA5B15F ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
21:17:47.0738 0x1288 ShellHWDetection - ok
21:17:47.0799 0x1288 [ CF3BDF9EAD8D3EF671E9339B44B185BA, C17EC6D5B00F49D9C8B5B6C262A85F34ED71C58450659F006B3632AA84F68E23 ] shpamsvc C:\WINDOWS\system32\Windows.SharedPC.AccountManager.dll
21:17:47.0809 0x1288 shpamsvc - ok
21:17:47.0842 0x1288 [ A34CE1830E45DA98932295FDE4B7908A, FC553ECF4D64B4B10B7FDE5352707785517A18D487A80665BAFC7261E3F35CDC ] SiSRaid2 C:\WINDOWS\system32\drivers\SiSRaid2.sys
21:17:47.0845 0x1288 SiSRaid2 - ok
21:17:47.0868 0x1288 [ A7B5C670770E908DA5FEF5BF1136E933, 8D3BB6FF65E631C34BE8EA766481B2FDB2E1E916A4FD67F86705A8975A136E6C ] SiSRaid4 C:\WINDOWS\system32\drivers\sisraid4.sys
21:17:47.0872 0x1288 SiSRaid4 - ok
21:17:47.0924 0x1288 [ D233EAE2A9D48485321816486ED635EF, 03AB49BE9CF15EB7EDC50C400E673B4DF0E5BFDA9A7811E157F2AF2F3CF38D49 ] smphost C:\WINDOWS\System32\smphost.dll
21:17:47.0930 0x1288 smphost - ok
21:17:47.0990 0x1288 [ 0B217141AC1283655402CDB356577735, 6EFA4CA46CFC8B7156CE7E5CA89B7F7073E16D66C2FC13F4DB95FEB78CCF698F ] SmsRouter C:\WINDOWS\system32\SmsRouterSvc.dll
21:17:48.0023 0x1288 SmsRouter - ok
21:17:48.0061 0x1288 [ 6F4CE07D420FB657B5936F71101ABD41, CEC52984C56E578E0FFE12BE1B8148335F788B7D1751F2D0E79B944A41113C20 ] SNMPTRAP C:\WINDOWS\System32\snmptrap.exe
21:17:48.0066 0x1288 SNMPTRAP - ok
21:17:48.0140 0x1288 [ C994DF90427103CCB80F893FFD2B1CE8, 7E4B08095C77E68D337A3425EEA38F8FEC4D103CA7661E34FD96BF518DFB4BCB ] spaceport C:\WINDOWS\system32\drivers\spaceport.sys
21:17:48.0163 0x1288 spaceport - ok
21:17:48.0202 0x1288 [ E03264C4C25B568F92ED1656AD541E64, D42942BFFBC7213D204FAF84F4FE015FC23A6ACB29B5E752834EDBC17A3AC20D ] SpbCx C:\WINDOWS\system32\drivers\SpbCx.sys
21:17:48.0206 0x1288 SpbCx - ok
21:17:48.0315 0x1288 [ 79DCE27E8C4CF6701BFE49EC2446BBF6, F51CBB7A45C3C878F41653FD5FBDC93CC302712B7725DAAB4D3475A1F4771E3D ] Spooler C:\WINDOWS\System32\spoolsv.exe
21:17:48.0361 0x1288 Spooler - ok
21:17:48.0625 0x1288 [ 23529A00195CE71252FEBF647E56E27D, 8ADF7A1C96DAE005E9A974D90BE8954F88D49B6848252B88513C49E0A3BD9774 ] sppsvc C:\WINDOWS\system32\sppsvc.exe
21:17:48.0865 0x1288 sppsvc - ok
21:17:48.0992 0x1288 [ E83830BB74AE8CBECEA0ECD94DE436F9, 4A34569A34260324EBD629039E1BF45A3527FC75B22D9A3DB6360A6EB365483A ] srv C:\WINDOWS\system32\DRIVERS\srv.sys
21:17:49.0007 0x1288 srv - ok
21:17:49.0068 0x1288 [ 55CA5329D1ADEB8F8034045930147AE4, D4F31BC82700D166564C7F9CDCEA3ABAB4A37B55137C34572768DF46FDA9320A ] srv2 C:\WINDOWS\system32\DRIVERS\srv2.sys
21:17:49.0102 0x1288 srv2 - ok
21:17:49.0149 0x1288 [ F13EE0DB1FB1D6946AC3228D7EFCFC8F, 109A809F0338FAB0F4045FA5EE33C6F0A994A9F586B2FBD8920A6AABA0E0EF66 ] srvnet C:\WINDOWS\system32\DRIVERS\srvnet.sys
21:17:49.0160 0x1288 srvnet - ok
21:17:49.0201 0x1288 [ 44758105AB3EA34E815D4B6CA1153311, 7F223A20D2538C123BAC6F75BE0E126876A116F09502FD980C05B8916E26E1B7 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
21:17:49.0213 0x1288 SSDPSRV - ok
21:17:49.0244 0x1288 [ B97C7EC07218A8002323718202BF5E77, 39D3254383E3F49FD3E2DFF8212F4B5744D8D5E0A6BB320516C5EE525AD211EB ] SstpSvc C:\WINDOWS\system32\sstpsvc.dll
21:17:49.0255 0x1288 SstpSvc - ok
21:17:49.0282 0x1288 [ 592FF34A2FD6C6351B8A3AA76B2C0A9E, 152B7472DE531AC45492F562DD470B2CE33F1EEF13BC78F26046AE5ABF54E32F ] ssudmdm C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
21:17:49.0289 0x1288 ssudmdm - ok
21:17:49.0580 0x1288 [ 4E330AD1EED4A5D582EE415FD55953A2, 2C02E1F45F74D250110BA5117AA942495CB2EBAC7F2CCECC284B4FB8F47B13E1 ] StateRepository C:\WINDOWS\system32\windows.staterepository.dll
21:17:49.0767 0x1288 StateRepository - ok
21:17:49.0805 0x1288 [ 29D26E1347AE1BBD4201014E19880B2C, 9E2153AD96CE4F189EEE43BB02515532C619FB1CA02D8F6DEF517AC3347AAA14 ] stexstor C:\WINDOWS\system32\drivers\stexstor.sys
21:17:49.0808 0x1288 stexstor - ok
21:17:49.0861 0x1288 [ 91CB95B35481155BFE29C217CD237F27, CA66957DF1441D991453BEF02D768D44E5D9A484BC23C8874E8A7AC20904CB06 ] stisvc C:\WINDOWS\System32\wiaservc.dll
21:17:49.0896 0x1288 stisvc - ok
21:17:49.0945 0x1288 [ 53EB8CE34B55A1EE63424C8DB7388BFC, 5AB59117BA8A2844EB8693CCC19B217AE039B28C87519F96E1C845FE9BF456C2 ] storahci C:\WINDOWS\system32\drivers\storahci.sys
21:17:49.0950 0x1288 storahci - ok
21:17:49.0967 0x1288 [ C5E0ACE4771F5575D9D5B457ABF3AD03, 365880BC5AC313F25C313EFB7758301F98D9B2BF4C5FC9499F98C2B7F8407D96 ] storflt C:\WINDOWS\system32\drivers\vmstorfl.sys
21:17:49.0970 0x1288 storflt - ok
21:17:49.0989 0x1288 [ B66D8C75C9BC59D637177AB3B1C569A6, 76252A631F03EEBF5FDC7693F6B0A5E73838CDBE3157114CC96B8BBE88B476BF ] stornvme C:\WINDOWS\system32\drivers\stornvme.sys
21:17:49.0993 0x1288 stornvme - ok
21:17:50.0009 0x1288 [ BEBF85EB4D90E6996047DA027D0ED26E, DF109CF0F07CDD1B9B702C2A076D4DD5366DAAD971CC9359AF0358E79981706F ] storqosflt C:\WINDOWS\system32\drivers\storqosflt.sys
21:17:50.0014 0x1288 storqosflt - ok
21:17:50.0069 0x1288 [ B91FBE7CB4633FEB32AFBD0B48576396, 9EFDD92E8096CE5555F8DC3C870864E5515469603C2373B99B3607234633CA66 ] StorSvc C:\WINDOWS\system32\storsvc.dll
21:17:50.0086 0x1288 StorSvc - ok
21:17:50.0104 0x1288 [ 8E73037A6F8938475692FFCC26EBF385, F78C5CD1A3CD17AA831EEC82426B14006B4DDBC9085A4814E04E8C37FD6B05F7 ] storufs C:\WINDOWS\system32\drivers\storufs.sys
21:17:50.0106 0x1288 storufs - ok
21:17:50.0140 0x1288 [ 9D9DED47DA10E845EFF2DD57C94C809B, 520D0CE7A867051B80C8141E351FE5A5BCE3C99776093F234DB77D3407B1F104 ] storvsc C:\WINDOWS\system32\drivers\storvsc.sys
21:17:50.0142 0x1288 storvsc - ok
21:17:50.0181 0x1288 [ 224C92E442B1B8C20C274332F1ACF00D, CDE5DCFB7A21089464A6E2ABB29BBE08B184C3433C218756AA5902A8F67C0B2C ] svsvc C:\WINDOWS\system32\svsvc.dll
21:17:50.0186 0x1288 svsvc - ok
21:17:50.0203 0x1288 [ 505E0C40B5D0ADDCBB414640F59BD2E0, DF4B5E65FE6FF2224F298A2A2FAC9B648C082DFF8463148633647580A9FAD34D ] swenum C:\WINDOWS\System32\drivers\swenum.sys
21:17:50.0206 0x1288 swenum - ok
21:17:50.0240 0x1288 [ 2EE27411B5904C63D723BEA391819F58, C88C11D460E90398E16011B8A2CED5EE5626084F24790EA6115532F8F70060C6 ] swprv C:\WINDOWS\System32\swprv.dll
21:17:50.0259 0x1288 swprv - ok
21:17:50.0309 0x1288 [ 32F46FB0F290D16DAA452B289C985795, 73F88AAAA6026DB4C27F1D054145216DCC3F1960946FB2A7A90518DD1D5737CB ] Synth3dVsc C:\WINDOWS\System32\drivers\Synth3dVsc.sys
21:17:50.0313 0x1288 Synth3dVsc - ok
21:17:50.0366 0x1288 [ FED48B19D6F55D7A3AB498D85729D1BA, FA5E0E02BC2E2DE108C55991E3B063CC947072228B53539F42F922661510DE7C ] SysMain C:\WINDOWS\system32\sysmain.dll
21:17:50.0411 0x1288 SysMain - ok
21:17:50.0455 0x1288 [ D9FEA79BF6AF136F8E656AE045C2FEC8, E6F08A93348E035185F0F1C6B6277E636F4F25D1136E3ACCA63488DAEEC7114B ] SystemEventsBroker C:\WINDOWS\System32\SystemEventsBrokerServer.dll
21:17:50.0471 0x1288 SystemEventsBroker - ok
21:17:50.0508 0x1288 [ 86E7FD5C8DBEC1EB51C4368561402B75, 86EE61414CD5854E39E33F67BF5DA4377B569B3ED4D18882C470BC6784891DA1 ] TabletInputService C:\WINDOWS\System32\TabSvc.dll
21:17:50.0517 0x1288 TabletInputService - ok
21:17:50.0550 0x1288 [ 3929C8FC134AC672C4F3F85160956257, CD3195CA58BA6F55EA0DDA2BE6AB58280AD1CA488D7AAA1539DD05FB99374F36 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
21:17:50.0565 0x1288 TapiSrv - ok
21:17:50.0696 0x1288 [ 4F25E481124059CC593B4C68BC485640, 2814D2BA4E83D3B0F7569E6C6EE0C763D9801BC505D8ED84675D19C8573834DB ] Tcpip C:\WINDOWS\system32\drivers\tcpip.sys
21:17:50.0799 0x1288 Tcpip - ok
21:17:50.0918 0x1288 [ 4F25E481124059CC593B4C68BC485640, 2814D2BA4E83D3B0F7569E6C6EE0C763D9801BC505D8ED84675D19C8573834DB ] Tcpip6 C:\WINDOWS\system32\drivers\tcpip.sys
21:17:50.0994 0x1288 Tcpip6 - ok
21:17:51.0033 0x1288 [ 8DBB1BE20C36E6D19BCC89EEA00B953C, 8B97A7E53E1D77363AFF6A5AAEAD89EBAE28DCB8D82753C804FD7CD5646500AF ] tcpipreg C:\WINDOWS\system32\drivers\tcpipreg.sys
21:17:51.0036 0x1288 tcpipreg - ok
21:17:51.0078 0x1288 [ 9D2DD64A0B51C56285512DC9454340F6, ABB90CE6A55269F71AFB08E04969CF9A4EFD93F7A7189AF920EEE3E005214DDD ] tdx C:\WINDOWS\system32\DRIVERS\tdx.sys
21:17:51.0083 0x1288 tdx - ok
21:17:51.0144 0x1288 [ D8420B070D035C30CC890981E3C4B567, C51C3B3F148097CCBD14B1D2F4E4DF2DA246B3B242701F2319E83B1C14675984 ] TemproMonitoringService C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
21:17:51.0149 0x1288 TemproMonitoringService - ok
21:17:51.0186 0x1288 [ 06130AFFECEB94525FC2352936576B70, 10EBE2C8FDC087D29E2FFB328F0F7905A5374AB8CC9FAE8699E7676DBC8CBF91 ] terminpt C:\WINDOWS\System32\drivers\terminpt.sys
21:17:51.0188 0x1288 terminpt - ok
21:17:51.0253 0x1288 [ FB68E5F02316C42BE7282DA492351C6F, AC31D841FEA58B776127E138DB20F8D48E26FD8C00CE2FA9695EA14EBF159A0A ] TermService C:\WINDOWS\System32\termsrv.dll
21:17:51.0299 0x1288 TermService - ok
21:17:51.0335 0x1288 [ 2AF438EC0D361A7BBB70E604A686602C, 4BE6A0461EB2CB94288614434A1CEC81C2ED46241721FD5BBD8ABE0680F7C804 ] Themes C:\WINDOWS\system32\themeservice.dll
21:17:51.0342 0x1288 Themes - ok
21:17:51.0369 0x1288 [ 07C4E732255CA3666DC89BC15D6BBB6B, 811C458725D60C8747022BE57D22AE3E3F47F21EA5924D54BF2F2999ABA2D588 ] Thotkey C:\WINDOWS\System32\drivers\Thotkey.sys
21:17:51.0372 0x1288 Thotkey - ok
21:17:51.0411 0x1288 [ 1482B8ED5CACA87992A882B853B83CEE, 613247F0E362A109090E8563D977DECC50C64D45D6962905FA84A2D59329045C ] TieringEngineService C:\WINDOWS\system32\TieringEngineService.exe
21:17:51.0424 0x1288 TieringEngineService - ok
21:17:51.0464 0x1288 [ 3B3C607C3C62DFBEF61938DA2CAB94DF, E5EEA7F45A7BBFDF6F0003CD77E39958C451DD1B4B401876B5619A3C20F5C370 ] tiledatamodelsvc C:\WINDOWS\system32\tileobjserver.dll
21:17:51.0498 0x1288 tiledatamodelsvc - ok
21:17:51.0514 0x1288 [ C1F8CBE2D4843E0CCC3EFEA2EC60D4AB, 9D07527D982066922318C77AECE99280DE55034C375ACE145E827A6BEB5C3B70 ] TimeBrokerSvc C:\WINDOWS\System32\TimeBrokerServer.dll
21:17:51.0524 0x1288 TimeBrokerSvc - ok
21:17:51.0575 0x1288 [ 7421BB9A1B8C093B809FE1B0547F4A5D, 763C6AAC39D9FEF168A9C49057A2A14612903EE462DFD39EA52ED93C13D72FDB ] TMachInfo C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
21:17:51.0577 0x1288 TMachInfo - ok
21:17:51.0629 0x1288 [ 33313DB622F80FBC799529045C14540D, 716D267F535D9C4B82CE152FF331597A76C1171250691B285B48CE108DBBC1D3 ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\Teco\TecoService.exe
21:17:51.0640 0x1288 TOSHIBA eco Utility Service - ok
21:17:51.0677 0x1288 [ 3D69A41021DEA17019CBC8AE6271DD47, 161DE6766D617936296F56B5D2409B374C4F951DF5CA0685FC9AE39E71F05144 ] tosrfec C:\WINDOWS\System32\drivers\tosrfec.sys
21:17:51.0680 0x1288 tosrfec - ok
21:17:51.0742 0x1288 [ 3A3493585DEC6EC8E003F0A81C5E2474, 6CF6039C6212AB4917307969BE8E3E8E36521BC0F3F14806FF3795474496F3DC ] TOSRMService C:\Program Files (x86)\TOSHIBA\TOSHIBA System Driver\RMService.exe
21:17:51.0754 0x1288 TOSRMService - ok
21:17:51.0824 0x1288 [ 341B683B22CF56462CC500A0A86FA5E5, 0610B813769045E9DA35DABDB16EA9DE6BC2E628A94B9A235E1218E15DBB7C8B ] TPCHSrv C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
21:17:51.0869 0x1288 TPCHSrv - ok
21:17:51.0920 0x1288 [ 46171262D0E806779DEEDFCAB2F830CC, 7F4A4658B8BA217D99E5B5C0E01600C20DC96ECBCA32A5BA7FBE17D2A7B8BFD8 ] TPM C:\WINDOWS\System32\drivers\tpm.sys
21:17:51.0928 0x1288 TPM - ok
21:17:51.0962 0x1288 [ 3B91F35089240F6187AD681A5EC28BDE, 3D035CB73BC8E7831DCD0FB7D9DAD91CE51D3D0F9D9C8B866A0009BD508B6702 ] TrkWks C:\WINDOWS\System32\trkwks.dll
21:17:51.0970 0x1288 TrkWks - ok
21:17:52.0010 0x1288 [ 09440FA30C020B4443391FAFCF4876E3, 208C7725F70C75D8C96CCAF5B22F83B8B1C66D8C9FFF48465B1C9F4A77425569 ] TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe
21:17:52.0015 0x1288 TrustedInstaller - ok
21:17:52.0042 0x1288 [ A6F4025664C9D4BC2A9EDAB4092706D7, 89808A1679C0E716F86F06EE7701DCC289200894F0FA1F120DA2AC3A45FDB312 ] tsusbflt C:\WINDOWS\system32\drivers\TsUsbFlt.sys
21:17:52.0046 0x1288 tsusbflt - ok
21:17:52.0061 0x1288 [ 37A96AD493E110C0BF1EE0AC0F9E7DBD, F2A6894A4AEE18DF2B92222CDB0801A13AEEB7212071F0431430788339B30E23 ] TsUsbGD C:\WINDOWS\System32\drivers\TsUsbGD.sys
21:17:52.0063 0x1288 TsUsbGD - ok
21:17:52.0095 0x1288 [ 79E264287F17D56D768440B0270466DE, ABF9DC95C5E939B30BFD9BF9EDFDB3BD78A9DFCB055B945965303B6A60E6D7A7 ] tunnel C:\WINDOWS\System32\drivers\tunnel.sys
21:17:52.0101 0x1288 tunnel - ok
21:17:52.0135 0x1288 [ 6A2A692F6A987D8C3BF758CA5A225BD1, 015A09D702277B6B79642227062D53ACA572E258E0C7FF6573A0E043C27531AD ] TVALZ C:\WINDOWS\system32\drivers\TVALZ_O.SYS
21:17:52.0138 0x1288 TVALZ - ok
21:17:52.0155 0x1288 [ 6A606227DE13B850DCD28AD0F4112506, 6E65A79635BFD0F739479ED1C9C44075F774F9B4C9B98750A99E6FC780EE1000 ] TXEIx64 C:\WINDOWS\System32\drivers\TXEIx64.sys
21:17:52.0161 0x1288 TXEIx64 - ok
21:17:52.0203 0x1288 [ F723552F65D44FE693DB1A383825B3A8, EF8C343C4EB5EEA4EC830378EF576CCD6CD4EEDEDD486C0F29697044E8C71F45 ] tzautoupdate C:\WINDOWS\system32\tzautoupdate.dll
21:17:52.0210 0x1288 tzautoupdate - ok
21:17:52.0244 0x1288 [ AA65954F512BA097DD190790876DD991, C1BB2B8F54F064D01190327B5E7949EBBDA21D6FC6F94D9FCD20F685C2F855FA ] UASPStor C:\WINDOWS\System32\drivers\uaspstor.sys
21:17:52.0247 0x1288 UASPStor - ok
21:17:52.0271 0x1288 [ AB6268022C3A5B529075A39C33904DA6, 2717F1704640201F2681711543EA39A74C3E89C7DB232EC5DD89FD8AA6F07846 ] UcmCx0101 C:\WINDOWS\system32\Drivers\UcmCx.sys
21:17:52.0275 0x1288 UcmCx0101 - ok
21:17:52.0298 0x1288 [ 7ED2EDA43D21C7A5F589A7960E265C52, 7DB8A595236FBB8A264D7AB155201357212855050ABB5B1036EF32F1223FDCC2 ] UcmTcpciCx0101 C:\WINDOWS\system32\Drivers\UcmTcpciCx.sys
21:17:52.0304 0x1288 UcmTcpciCx0101 - ok
21:17:52.0325 0x1288 [ 169351463039B45F5CDED9768879F712, 990C8C4AEF9ED7FF6BCEAE67F7BDAA037777B142B8D96A74F8715C941A5C63C6 ] UcmUcsi C:\WINDOWS\System32\drivers\UcmUcsi.sys
21:17:52.0329 0x1288 UcmUcsi - ok
21:17:52.0376 0x1288 [ 08A9E3AD29B215484FBB68CDC175DF3A, 3EFFF99C3BC4A1454E3D2B5177AE587ED3041AB4CE2A95BA7E28A2124E38E1E5 ] Ucx01000 C:\WINDOWS\system32\drivers\ucx01000.sys
21:17:52.0384 0x1288 Ucx01000 - ok
21:17:52.0429 0x1288 [ DA70AEE267491AA56BC63AA0C0C96CA2, 0A0AADB27607F9292BB3CE000CFDDB19BD4CA09EAAD926C4925CB43B17817AD9 ] UdeCx C:\WINDOWS\system32\drivers\udecx.sys
21:17:52.0432 0x1288 UdeCx - ok
21:17:52.0466 0x1288 [ FBC5ECF6D5A868D0B116C2DBB02B8168, 945AA76C60ABAD6075B5C8F9172C018F75BCF393A1CB8B329F5E68E664627775 ] udfs C:\WINDOWS\system32\DRIVERS\udfs.sys
21:17:52.0522 0x1288 udfs - ok
21:17:52.0552 0x1288 [ B918E40FAA9CD118CCA4AD388B748C98, 4B539B7B656F02C5E5BAEE52A677757B05CC11C5500D619850A564C28FAB8115 ] UEFI C:\WINDOWS\System32\drivers\UEFI.sys
21:17:52.0555 0x1288 UEFI - ok
21:17:52.0589 0x1288 [ 0FD75222C1AD2687AB365BEBEA400DD4, AD10DBCA59EB7D34FD8F963CE267F36774A9BC613F8D637903B12AC88C328E8A ] Ufx01000 C:\WINDOWS\system32\drivers\ufx01000.sys
21:17:52.0599 0x1288 Ufx01000 - ok
21:17:52.0621 0x1288 [ C1A78C53E01C641AE41BFA65797819F5, 0B9FE1BD724B3315199A1B1DA2F03255E4FE744DA3CE6CD0F77699A8E42E9359 ] UfxChipidea C:\WINDOWS\System32\drivers\UfxChipidea.sys
21:17:52.0626 0x1288 UfxChipidea - ok
21:17:52.0649 0x1288 [ 767307212110EBEFB93EC9A5BE9E85B9, 368797400FE54802CE74F34B773CE2AF09EB8DEA6C035B55419A52F0B5A6FAD0 ] ufxsynopsys C:\WINDOWS\System32\drivers\ufxsynopsys.sys
21:17:52.0655 0x1288 ufxsynopsys - ok
21:17:52.0698 0x1288 [ 8578F83EC5175920F2D8586FFF9DCE47, 049A16AC87F93E761150C8286633FFCA62EE85F5645DDE77D36BD0EB6481FF83 ] UI0Detect C:\WINDOWS\system32\UI0Detect.exe
21:17:52.0703 0x1288 UI0Detect - ok
21:17:52.0723 0x1288 [ DC460AAA18CA2342FBBFB2DF9B044472, 14D45E059C596AE97506D26705F248CA1C2269160B31A60341060E8A93146CBD ] umbus C:\WINDOWS\System32\drivers\umbus.sys
21:17:52.0727 0x1288 umbus - ok
21:17:52.0749 0x1288 [ C3CF0377917ECE6D65D7623E1E61568F, 4909695E04CBC86BFCFFBC15F332C367521054B7B4D3C141C7CA6B2E40E090B9 ] UmPass C:\WINDOWS\System32\drivers\umpass.sys
21:17:52.0751 0x1288 UmPass - ok
21:17:52.0789 0x1288 [ 640CF093C1CF16D5FD317616CA348F31, BEC34D1AACA83BF5A84CE01F6A668E3CA5A33C56A446DC42EFFF7C43D22E1AE6 ] UmRdpService C:\WINDOWS\System32\umrdp.dll
21:17:52.0802 0x1288 UmRdpService - ok
21:17:52.0871 0x1288 [ B8272BB8D4982C496FDC704809C38E02, F93855D932FB1DBBCC86E82C0FE0DC9ECF93BBD629D2CA9D0BE7E075E114B7FF ] UnistoreSvc C:\WINDOWS\System32\unistore.dll
21:17:52.0929 0x1288 UnistoreSvc - ok
21:17:52.0975 0x1288 [ 6CDA3536F6BAB7896A57EAB7DC07F379, 8FBE6457ECD1ABB518D9800EBA8A017774FFAA8EABD2EDC0825181A12FE9AEF6 ] upnphost C:\WINDOWS\System32\upnphost.dll
21:17:52.0997 0x1288 upnphost - ok
21:17:53.0026 0x1288 [ 6B46FC140C9AF68E6E7697D66D59CB4D, F018B4784D65F1A8140A6EA69C35D6A7ECE01738694052FD54AFD2B81A8F2FF8 ] UrsChipidea C:\WINDOWS\System32\drivers\urschipidea.sys
21:17:53.0028 0x1288 UrsChipidea - ok
21:17:53.0052 0x1288 [ B4402E7F0923F660270442CE76877ABE, 1C2DD26EAB71F75EA576E8DAABAF71FD7DC3DF807CF025617C774CEF33C0B718 ] UrsCx01000 C:\WINDOWS\system32\drivers\urscx01000.sys
21:17:53.0056 0x1288 UrsCx01000 - ok
21:17:53.0080 0x1288 [ 9DD431F1B94789CFB527E5D19261F124, 8F5A249A97C5B14B282E3147DD21951D2AD34B651E762814C12F4C26D74EC70C ] UrsSynopsys C:\WINDOWS\System32\drivers\urssynopsys.sys
21:17:53.0083 0x1288 UrsSynopsys - ok
21:17:53.0110 0x1288 [ C87E32B90F085970D9637FBAD45EF6FE, C180EACD2EE479277DA5DBF39E43B428BD7945141B2451CB3946B0C1E495E76F ] usbccgp C:\WINDOWS\System32\drivers\usbccgp.sys
21:17:53.0117 0x1288 usbccgp - ok
21:17:53.0154 0x1288 [ 0B663856474AC41924D9E9112203858F, 9E09F2A6279B48CAC09F8C7AA1F1BE02864D540C2ED1460CBA9FABCF0A546A1E ] usbcir C:\WINDOWS\System32\drivers\usbcir.sys
21:17:53.0159 0x1288 usbcir - ok
21:17:53.0182 0x1288 [ F83D2250256203AC5DA5E8601C1AFDD7, AC0D90E2DB3051798B9D287CF3D0E92FED4000822E65A82775A29CF896B76F04 ] usbehci C:\WINDOWS\System32\drivers\usbehci.sys
21:17:53.0187 0x1288 usbehci - ok
21:17:53.0225 0x1288 [ 7FFD26742321919590ED77FCA556D65F, F7FAB63C36F8519F5A7B9091C507F3CB580C390322FAF9155CCE7F66C965B968 ] usbhub C:\WINDOWS\System32\drivers\usbhub.sys
21:17:53.0245 0x1288 usbhub - ok
21:17:53.0292 0x1288 [ 7A749B2863B5561BE34B39E8E249AD8F, E5B67DFAF5407007FD0CC408D6B4BA19DF59584819FC715E9F9E0FBF3EA00AAB ] USBHUB3 C:\WINDOWS\System32\drivers\UsbHub3.sys
21:17:53.0328 0x1288 USBHUB3 - ok
21:17:53.0350 0x1288 [ D2109F1F4FEBF1DAC415CDC5DE876479, C8A871EBD0E5EF004BA622A73DAC36C03608CD317FDCD0A6A98608DF4CC10D55 ] usbohci C:\WINDOWS\System32\drivers\usbohci.sys
21:17:53.0354 0x1288 usbohci - ok
21:17:53.0377 0x1288 [ 29C9572F2D061CFC3C0BD48A3163E343, 2527DCC9E6D421F5DC40051C787A5270EB077746785465C9AA2A2AEEF47307D5 ] usbprint C:\WINDOWS\System32\drivers\usbprint.sys
21:17:53.0380 0x1288 usbprint - ok
21:17:53.0417 0x1288 [ 2EC7B2C8123236B1233A77281D378DF7, D97DB59C9CAE2B8B33C707E8CEA7A65BF88712842CC715D270F7432A99D21BB6 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:17:53.0420 0x1288 usbscan - ok
21:17:53.0441 0x1288 [ 429477D6DEF3321FF7D3EF23CAAADA00, BB7D2AFE99736AAFFA8B0B2DABF7D6A6D5CB9563B1DE6A7E86CE7DC9D27F31C0 ] usbser C:\WINDOWS\System32\drivers\usbser.sys
21:17:53.0444 0x1288 usbser - ok
21:17:53.0476 0x1288 [ 0CC16F7B91C57AE9A4E44425A295FDAA, 7CEE11955E5742DA390601F565412C14A7481B8747C495CCD246696C56B426DC ] USBSTOR C:\WINDOWS\System32\drivers\USBSTOR.SYS
21:17:53.0482 0x1288 USBSTOR - ok
21:17:53.0503 0x1288 [ C917D09064CDBD18F75ADC9B2C48F847, A7F6223346CCD7E84186CD0C0715014F8E3A4398298925A43290224678620D23 ] usbuhci C:\WINDOWS\System32\drivers\usbuhci.sys
21:17:53.0506 0x1288 usbuhci - ok
21:17:53.0557 0x1288 [ B4F448F2424492F99F83D3676A453553, 42F1396616EA93BF91EA847B185C321B189F1A5138CA19D22397E8DB6D576973 ] usbvideo C:\WINDOWS\System32\Drivers\usbvideo.sys
21:17:53.0566 0x1288 usbvideo - ok
21:17:53.0603 0x1288 [ 95BCCEFBC40D06484CF16144FE79B8A5, 8ABA73C5FFEDD319FB96B807AD08716698E557522478DF1A2C5D662675636AE0 ] USBXHCI C:\WINDOWS\System32\drivers\USBXHCI.SYS
21:17:53.0620 0x1288 USBXHCI - ok
21:17:53.0716 0x1288 [ 4CC81AB9D380A6264FF4C0C1512CF965, 76C33053D1C9155B0F3F8392FF982AD4EABEE2BBBEE89EA41DBFE8E436973EB0 ] UserDataSvc C:\WINDOWS\System32\userdataservice.dll
21:17:53.0801 0x1288 UserDataSvc - ok
21:17:53.0895 0x1288 [ AA24C61D88E36BA1144072227922173D, 2EBBC827E740F72EA2E75745E585378189BC0DEE91CACD7FA31BDBC5EFCF8733 ] UserManager C:\WINDOWS\System32\usermgr.dll
21:17:53.0939 0x1288 UserManager - ok
21:17:53.0995 0x1288 [ EBF9E40845362DBE2AD0DB3077269488, A6363006350D097F95B03A2F44E1D3FBD3BC40048BE57C715CD7CBC22D1EE70B ] UsoSvc C:\WINDOWS\system32\usocore.dll
21:17:54.0029 0x1288 UsoSvc - ok
21:17:54.0049 0x1288 [ 6F8E95716C1A27FF2FE96D30B147F1C1, 9403E9FE8B13EE294CFBBD96649BBD54CF723CF5872E3E03DA4380379D677983 ] VaultSvc C:\WINDOWS\system32\lsass.exe
21:17:54.0054 0x1288 VaultSvc - ok
21:17:54.0076 0x1288 [ 0CBDE344FB48E42D78E29469F202ADBC, A1C3FBA5409DD3BBEAF1D3CE2583D6C8A621C0E4F534155EC540AFD67BC9E8CA ] vdrvroot C:\WINDOWS\system32\drivers\vdrvroot.sys
21:17:54.0079 0x1288 vdrvroot - ok
21:17:54.0125 0x1288 [ 0783EDE1FA94649ED7F3CEF6A734041A, 1A13A613EF6B67459031C7994FFC6F32F73E02E0F123A171618E4F011C635684 ] vds C:\WINDOWS\System32\vds.exe
21:17:54.0159 0x1288 vds - ok
21:17:54.0192 0x1288 [ 723195568C8755CAD57F7933C5F2C5C2, 5C403799F67223605F825BC16D217C1EF5E1A0DDF00AC6380FE8976339B67D9B ] VerifierExt C:\WINDOWS\system32\drivers\VerifierExt.sys
21:17:54.0200 0x1288 VerifierExt - ok
21:17:54.0262 0x1288 [ 3BB8D153A9A514EC9FFCB586251A1925, 5E4B46511F9791699826DC63B35528544347166BDE9981FB93F1F7F2A09599C7 ] vhdmp C:\WINDOWS\System32\drivers\vhdmp.sys
21:17:54.0296 0x1288 vhdmp - ok
21:17:54.0320 0x1288 [ 7929228F0E8B0C2FA0495A17A4FC27F6, 1F1667B10A96B1D85ED165F62A5C0EF28C37F828B8280EA08BFCC1BAC03F2C90 ] vhf C:\WINDOWS\System32\drivers\vhf.sys
21:17:54.0322 0x1288 vhf - ok
21:17:54.0346 0x1288 [ AEE432ED868831B1F068E373598F6D93, BAE91F47B0CB94B826CA010B490AD924D7B715911DF3FCE62F9165F3B571105C ] vmbus C:\WINDOWS\system32\drivers\vmbus.sys
21:17:54.0350 0x1288 vmbus - ok
21:17:54.0369 0x1288 [ 9444B23FC694B5F90F21B0FC7F10D8DD, 86F92856F5C985DD8E5993B51E85E1F47EF8C9B2FB37468998C94266963BB4BD ] VMBusHID C:\WINDOWS\System32\drivers\VMBusHID.sys
21:17:54.0372 0x1288 VMBusHID - ok
21:17:54.0409 0x1288 [ 4D0287F566B36536DD812A54C015FC4A, 01D6508CA59CF04A47902B1F7C202FD14A81240E0B447588D919DD1072B040CF ] vmgid C:\WINDOWS\System32\drivers\vmgid.sys
21:17:54.0411 0x1288 vmgid - ok
21:17:54.0463 0x1288 [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmicguestinterface C:\WINDOWS\System32\icsvc.dll
21:17:54.0478 0x1288 vmicguestinterface - ok
21:17:54.0500 0x1288 [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmicheartbeat C:\WINDOWS\System32\icsvc.dll
21:17:54.0514 0x1288 vmicheartbeat - ok
21:17:54.0537 0x1288 [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmickvpexchange C:\WINDOWS\System32\icsvc.dll
21:17:54.0549 0x1288 vmickvpexchange - ok
21:17:54.0584 0x1288 [ 0F621B52259D88A719AA20C6D04E3D72, 80B0528CCDE6E1B6F092787E1C0769C649698B196602859A5855134F0ECCBAE5 ] vmicrdv C:\WINDOWS\System32\icsvcext.dll
21:17:54.0601 0x1288 vmicrdv - ok
21:17:54.0628 0x1288 [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmicshutdown C:\WINDOWS\System32\icsvc.dll
21:17:54.0640 0x1288 vmicshutdown - ok
21:17:54.0661 0x1288 [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmictimesync C:\WINDOWS\System32\icsvc.dll
21:17:54.0673 0x1288 vmictimesync - ok
21:17:54.0694 0x1288 [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmicvmsession C:\WINDOWS\System32\icsvc.dll
21:17:54.0706 0x1288 vmicvmsession - ok
21:17:54.0734 0x1288 [ 0F621B52259D88A719AA20C6D04E3D72, 80B0528CCDE6E1B6F092787E1C0769C649698B196602859A5855134F0ECCBAE5 ] vmicvss C:\WINDOWS\System32\icsvcext.dll
21:17:54.0747 0x1288 vmicvss - ok
21:17:54.0775 0x1288 [ 29075915F9BDC3437F8BED71C067D399, 2C7718080C11DFDD4C9A2085537F78F5633369B4A27D9C64168F0249594A4AA2 ] volmgr C:\WINDOWS\system32\drivers\volmgr.sys
21:17:54.0779 0x1288 volmgr - ok
21:17:54.0815 0x1288 [ 6BDB6CE6D2D9E3D3F28F1C97E12B62E2, 5E77D7AF858D7B90FF395F39B86D6F96413D1DDEA28BC9FB40C5524A4DF6DAD0 ] volmgrx C:\WINDOWS\system32\drivers\volmgrx.sys
21:17:54.0832 0x1288 volmgrx - ok
21:17:54.0859 0x1288 [ BF2546583BB75F01DDA60A7921DFB230, 579BD0BC55F4F03CD8D1FCDAC3975A1649C688820F2F7FC1AD354132D9E3BEE9 ] volsnap C:\WINDOWS\system32\drivers\volsnap.sys
21:17:54.0876 0x1288 volsnap - ok
21:17:54.0908 0x1288 [ AC2E20A74D09D24485BE8396CE04F07B, 23FCE8BEE01B89E5CDCA536D75DBA6DCE3E92E13178A66836CEB7829310A89D1 ] volume C:\WINDOWS\system32\drivers\volume.sys
21:17:54.0910 0x1288 volume - ok
21:17:54.0945 0x1288 [ 92F6E3E6D3F1795263EB34B37F74AEF7, 33AB1ECCA1216AF1995E1DB4F11E48156FF62391D7C176C8A4CC1037B9CB3A27 ] vpci C:\WINDOWS\System32\drivers\vpci.sys
21:17:54.0949 0x1288 vpci - ok
21:17:54.0976 0x1288 [ FD9BCB8920973CEAD4D49DC7A6D8A618, 34AB4A485FB40DF737600006D8323BE927FB0BDA2BC170F4C123BE775EAE7CC8 ] vsmraid C:\WINDOWS\system32\drivers\vsmraid.sys
21:17:54.0983 0x1288 vsmraid - ok
21:17:55.0074 0x1288 [ 01FFD5AF533F2CFDF26DDDC9313731C1, BFF0F2E57CD2358AC8F519F6F5692A46D97EC4E9B763D47101CEF31712FD4738 ] VSS C:\WINDOWS\system32\vssvc.exe
21:17:55.0179 0x1288 VSS - ok
21:17:55.0212 0x1288 [ 0C111F220798CCE80484026E06822379, B98A5E44D3ABA67E6DE99E18BF3C2C606923E6269E262665C721F672ACBBED2A ] VSTXRAID C:\WINDOWS\system32\drivers\vstxraid.sys
21:17:55.0235 0x1288 VSTXRAID - ok
21:17:55.0271 0x1288 [ 607639716E9DB1CEF4E18B5B229293B4, 1D997177093F907EFE8A04AD10443BB9C355C0D7657DBD449E7EE7FCABC3ECBC ] vwifibus C:\WINDOWS\System32\drivers\vwifibus.sys
21:17:55.0275 0x1288 vwifibus - ok
21:17:55.0290 0x1288 [ B1ED64E628763148BF84FBE23F2AD711, 6182A39675E6049BC3DD353694720795A8E3D0331509AA8ABA4883D5C569AD5E ] vwififlt C:\WINDOWS\system32\drivers\vwififlt.sys
21:17:55.0294 0x1288 vwififlt - ok
21:17:55.0310 0x1288 [ 59920894C38A827091A06AF559834E47, 8B40FE0B1BA3B2A79BFF70803D039DB921F85C978724722E5E5AFF188FA75471 ] vwifimp C:\WINDOWS\System32\drivers\vwifimp.sys
21:17:55.0314 0x1288 vwifimp - ok
21:17:55.0378 0x1288 [ 76C1CC611352499326001F25A3ED15F8, 228BFA8A01BB1B3868576D509A2EA6F3D37FEDC8F12D4DC4E0A84CE926C6D1B1 ] W32Time C:\WINDOWS\system32\w32time.dll
21:17:55.0415 0x1288 W32Time - ok
21:17:55.0439 0x1288 [ 55D00B785A7587F4263D125817871283, B92400B229099C1E243F2B149881A1423A2E9C8CA2D77D868B9B923BFDEC7FF2 ] WacomPen C:\WINDOWS\System32\drivers\wacompen.sys
21:17:55.0442 0x1288 WacomPen - ok
21:17:55.0489 0x1288 [ 1483BE4D0135C378CB61D3CD73AB3E03, B7309C9E4F370860C507BF52D17234CDF4A7FAE95D2D822714E07EF5DEC0249B ] WalletService C:\WINDOWS\system32\WalletService.dll
21:17:55.0508 0x1288 WalletService - ok
21:17:55.0546 0x1288 [ CEF3D306C09BEC1A800E9B4A06F859F6, 75D21F97E9F94FA97024F945AF512FEC94F88DD8073F3FAD92A6E0A9FDC586DB ] wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:17:55.0552 0x1288 wanarp - ok
21:17:55.0566 0x1288 [ CEF3D306C09BEC1A800E9B4A06F859F6, 75D21F97E9F94FA97024F945AF512FEC94F88DD8073F3FAD92A6E0A9FDC586DB ] wanarpv6 C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:17:55.0571 0x1288 wanarpv6 - ok
21:17:55.0675 0x1288 [ 30B8286F8FE1AE90A583100D45E02247, 3C86A4A5E21F9A1267EA231B20914E0A162BA4C25FE8917AD3AB6D504DA5BE0C ] wbengine C:\WINDOWS\system32\wbengine.exe
21:17:55.0764 0x1288 wbengine - ok
21:17:55.0840 0x1288 [ 8C521D161445C3E1F38A494E7649E70D, F00990B2FE1FB52C74A2057E6480C5EBF2BDBC32955CC03C6B63360F20A49A18 ] WbioSrvc C:\WINDOWS\System32\wbiosrvc.dll
21:17:55.0887 0x1288 WbioSrvc - ok
21:17:55.0936 0x1288 [ E330144B97D493AA886000DCAAA8DAF5, ED86F46F5A76FD8F06CA98BD61B174ADB9AD4B065394356872708DF8B614E4F9 ] wcifs C:\WINDOWS\system32\drivers\wcifs.sys
21:17:55.0942 0x1288 wcifs - ok
21:17:56.0004 0x1288 [ 32960EA9CF836D7DD77767DCB68CE230, 679446A4FAB0331C181D2716CAEA225267C6164BB9867E360C5B3D6AB1083195 ] Wcmsvc C:\WINDOWS\System32\wcmsvc.dll
21:17:56.0050 0x1288 Wcmsvc - ok
21:17:56.0090 0x1288 [ D50645235A507B0546B1B5CF7D0B8849, 19F5FE10C953B8EE8EEDA9A9F7F2E97AA193BB085E7FC364066686089ADD1C9F ] wcncsvc C:\WINDOWS\System32\wcncsvc.dll
21:17:56.0112 0x1288 wcncsvc - ok
21:17:56.0145 0x1288 [ AEA1093B751339267D8C8C1EF3D669CF, 8F3325E7FB16BD856A0593C36F2E3E018909038C52CD5F92E116E0C1366F31CB ] wcnfs C:\WINDOWS\system32\drivers\wcnfs.sys
21:17:56.0149 0x1288 wcnfs - ok
21:17:56.0163 0x1288 [ D520B1B849B6D4D707AB31722B952C2D, 149BABB7BD63C1F212ADD9306C84FFB2A5CE6DC435BD3213EAB787E9B222C61F ] WdBoot C:\WINDOWS\system32\drivers\WdBoot.sys
21:17:56.0167 0x1288 WdBoot - ok
21:17:56.0216 0x1288 [ 5030C76047D756263093A47B82970868, E772F15973F6DE36851DD230F1F4190746CD81CA1E7284DC074711C4BF45CAF0 ] Wdf01000 C:\WINDOWS\system32\drivers\Wdf01000.sys
21:17:56.0262 0x1288 Wdf01000 - ok
21:17:56.0292 0x1288 [ 29FF9199EDEB4F5470BB134D1A2563D2, 94713F98A6EA6042203D5DD0DE6758F5F0F331F7D4BB05E91EF20CEEEBD6780F ] WdFilter C:\WINDOWS\system32\drivers\WdFilter.sys
21:17:56.0314 0x1288 WdFilter - ok
21:17:56.0338 0x1288 [ E7A7E8803E66B7CCED95D327A4DBC135, 401ECD953D4014A95C9022822D9ACEC1A68C917281DBA2365503A473FC6D9507 ] WdiServiceHost C:\WINDOWS\system32\wdi.dll
21:17:56.0346 0x1288 WdiServiceHost - ok
21:17:56.0355 0x1288 [ E7A7E8803E66B7CCED95D327A4DBC135, 401ECD953D4014A95C9022822D9ACEC1A68C917281DBA2365503A473FC6D9507 ] WdiSystemHost C:\WINDOWS\system32\wdi.dll
21:17:56.0362 0x1288 WdiSystemHost - ok
21:17:56.0429 0x1288 [ 8CB606A3057355FD5A9DBDD1A0AC94EF, 6DD0B4A2270633086EBB569A00B87430EE6EF173525E341404B15845B57BE86D ] wdiwifi C:\WINDOWS\system32\DRIVERS\wdiwifi.sys
21:17:56.0475 0x1288 wdiwifi - ok
21:17:56.0502 0x1288 [ 17CF416CFF408190F5A4CBD79AB12E55, E376C8865C7EA633AE20D2CF940E4C7584AC783BAAF7941780FB6C4C84802F33 ] WdNisDrv C:\WINDOWS\system32\Drivers\WdNisDrv.sys
21:17:56.0508 0x1288 WdNisDrv - ok
21:17:56.0558 0x1288 WdNisSvc - ok
21:17:56.0588 0x1288 [ 3570C4E14F85CE0B537D126727ACA91C, A474C9E6B6E4E5945C63367C1D3D24D4782C4A4FEB00FAE15DFED099D8283078 ] WebClient C:\WINDOWS\System32\webclnt.dll
21:17:56.0611 0x1288 WebClient - ok
21:17:56.0632 0x1288 [ 1785F9C96A0BDEC1F6E0C79EF412F342, D6D4EDA69457BEDDA69C2F60FC4C2FAC97D46CD8E9C1804CCD68F169383583E3 ] Wecsvc C:\WINDOWS\system32\wecsvc.dll
21:17:56.0644 0x1288 Wecsvc - ok
21:17:56.0661 0x1288 [ B9175D63527B05131F2FA504CF0265F2, 1E43A17788F1B6A29E2889C81E0BE100D64BD3A9DEE7C154D9581F01D2D7D05F ] WEPHOSTSVC C:\WINDOWS\system32\wephostsvc.dll
21:17:56.0667 0x1288 WEPHOSTSVC - ok
21:17:56.0687 0x1288 [ 5C58EC0C9D4DE04DCDE56F6DCEA62080, 8ED386EDF4C39C339CE0BB2AC7E199C38705E5A6B3F56A4987B9A8ABD19BB59F ] wercplsupport C:\WINDOWS\System32\wercplsupport.dll
21:17:56.0694 0x1288 wercplsupport - ok
21:17:56.0723 0x1288 [ F899B355CC95AF26AB36E84E8A0DD685, C400F2F80FFF6473FEF066943C4A2AFF0FFE988A4F755757A2E5005C2A10DAD8 ] WerSvc C:\WINDOWS\System32\WerSvc.dll
21:17:56.0733 0x1288 WerSvc - ok
21:17:56.0755 0x1288 [ E1785942AC51FEE6826CDF02075C5AA9, 56FE7017684086F4F9C3A2C0D3AC00369BA0938BA3987EEBEE9A75B8E3CA0AE1 ] WFPLWFS C:\WINDOWS\system32\drivers\wfplwfs.sys
21:17:56.0762 0x1288 WFPLWFS - ok
21:17:56.0780 0x1288 [ B154618505A6A9026EFA6AB8C4123BF1, 713648D71AA027B4472E7E75B942630DBE7383687984B02A5E99C9E4192C95EB ] WiaRpc C:\WINDOWS\System32\wiarpc.dll
21:17:56.0789 0x1288 WiaRpc - ok
21:17:56.0822 0x1288 [ 0CF79A0EACFFBB75A50A469A27696D02, E112BF7B5A8D0B0AD2EA0E7B9FD4E8CFEC9371C8E94A60248292D688AFE715C4 ] WIMMount C:\WINDOWS\system32\drivers\wimmount.sys
21:17:56.0825 0x1288 WIMMount - ok
21:17:56.0831 0x1288 WinDefend - ok
21:17:56.0884 0x1288 [ 0DE131733317EB4BE67028366B0CAAC6, AC7DADBF03A3752B4D33CA19F03DBCEDD6F56893C2DA25C98B0AB07063D990E3 ] WindowsTrustedRT C:\WINDOWS\system32\drivers\WindowsTrustedRT.sys
21:17:56.0920 0x1288 WindowsTrustedRT - ok
21:17:56.0960 0x1288 [ 92EB5D38BDF10C790450F3E46BF93A0E, 0FC027398DBD43EDC1F7D703C0B6DB20294DF34E67C9288442039B1A5663CE1B ] WindowsTrustedRTProxy C:\WINDOWS\system32\drivers\WindowsTrustedRTProxy.sys
21:17:56.0962 0x1288 WindowsTrustedRTProxy - ok
21:17:57.0151 0x1288 [ C2A3B07F0118D61086C99BDCBAB6A6A3, 04D646BEF1C6F427503C594F0ECBB33140C3991A3A7AFB66B2C9581E358F9FD2 ] WinHttpAutoProxySvc C:\WINDOWS\system32\winhttp.dll
21:17:57.0180 0x1288 WinHttpAutoProxySvc - ok
21:17:57.0209 0x1288 [ F95DE20312ACCA7761446DE152BD1F7C, F6C5ACA500C2182437F4A7402BD81C3A2B77C0BBD78BA31FB574DC1997FCBFE6 ] WinMad C:\WINDOWS\System32\drivers\winmad.sys
21:17:57.0212 0x1288 WinMad - ok
21:17:57.0270 0x1288 [ CD49CA8E3280ACEEC5ECF431A59F5EFD, 75F48EFC6DEE9E06B490703EE47602AFDEA51505285B02D2CF884601E71857CC ] Winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
21:17:57.0279 0x1288 Winmgmt - ok
21:17:57.0430 0x1288 [ B8C0D620219ECAA23A2AC841EAF454D1, FB527C4D36929D7FAE2A837727C557B7823A72069EBCAB7D16C49E8B21E8D952 ] WinRM C:\WINDOWS\system32\WsmSvc.dll
21:17:57.0548 0x1288 WinRM - ok
21:17:57.0598 0x1288 [ 4EFB346BFDAEEB29316AA52BBB9852B1, 4BC5554F44BD9549D0A929D77BD410FA3EB502A7D0170303D369268672505494 ] WINUSB C:\WINDOWS\System32\drivers\WinUSB.SYS
21:17:57.0601 0x1288 WINUSB - ok
21:17:57.0626 0x1288 [ 8B9AFF5F08E66A6F1F1063DEC9457FB6, 98F2AF6988D125521FD34CAA48B9652922F0C8ECFAE9B0C1DF4B3CE6B9CF500F ] WinVerbs C:\WINDOWS\System32\drivers\winverbs.sys
21:17:57.0630 0x1288 WinVerbs - ok
21:17:57.0692 0x1288 [ ECD999D8412A3473C26B118F89DB9908, 5FB9B93E4B5482CCFF01D805DFA386FD8D3441BC81E7BD5DF89EE3078FD724F3 ] wisvc C:\WINDOWS\system32\flightsettings.dll
21:17:57.0726 0x1288 wisvc - ok
21:17:57.0882 0x1288 [ 7671078AEF4C0203B053A9642C401FF7, BBFADA89CD31F20ADDBFAFAD2E492C72D82BF2F8B823BB6773F04D229B62534C ] WlanSvc C:\WINDOWS\System32\wlansvc.dll
21:17:58.0013 0x1288 WlanSvc - ok
21:17:58.0165 0x1288 [ E15711970C5BE05E8D70B294D0AFF621, 30670CFC4DA57B4A3E0E895E4111100D847BB8041A258A303524CD96DC566482 ] wlidsvc C:\WINDOWS\system32\wlidsvc.dll
21:17:58.0264 0x1288 wlidsvc - ok
21:17:58.0295 0x1288 [ 6F4F4F5A007D1710BD76FB311DA97C07, FC0FEA4364F6BA4E31DBC82735D09D429CA3BE9AFCFF5D5E1263D8B27FC2CE3E ] WmiAcpi C:\WINDOWS\System32\drivers\wmiacpi.sys
21:17:58.0297 0x1288 WmiAcpi - ok
21:17:58.0333 0x1288 [ 3CDDFF6CAD962C5EF1C52FD667C358B6, F6F09145E9461EB17172988D26749FCF36920A1A683459334D04A6D072B31A92 ] wmiApSrv C:\WINDOWS\system32\wbem\WmiApSrv.exe
21:17:58.0341 0x1288 wmiApSrv - ok
21:17:58.0369 0x1288 WMPNetworkSvc - ok
21:17:58.0402 0x1288 [ 43C8D087B31C592163B33A4BDA540E40, 3A6C4E5E56931B29321DCC723585F2F0E804EF4DCDEAB2A8687F30FC3AE70E43 ] Wof C:\WINDOWS\system32\drivers\Wof.sys
21:17:58.0410 0x1288 Wof - ok
21:17:58.0521 0x1288 [ 909CB4BBF7B08E78C363000E09E79A6F, 217205D1B5EE03274AFF9405AED6D2A5665CBA4C3876E84B53DA44920CDF9CB1 ] workfolderssvc C:\WINDOWS\system32\workfolderssvc.dll
21:17:58.0598 0x1288 workfolderssvc - ok
21:17:58.0629 0x1288 [ F02930EB91596042F2221397D60AFCE5, 10E2AB0993B67CBAA9E11C68280608965064EC9F7E0C570F5B453FACADB8AB5D ] WPDBusEnum C:\WINDOWS\system32\wpdbusenum.dll
21:17:58.0638 0x1288 WPDBusEnum - ok
21:17:58.0663 0x1288 [ 75A9284F01FE7CB1A7D5EAE5C1EB4F33, 390EF23AEA06D8711555F7979FF8BE0620B53C1A551638C4EC6FB7C6678965B3 ] WpdUpFltr C:\WINDOWS\system32\drivers\WpdUpFltr.sys
21:17:58.0665 0x1288 WpdUpFltr - ok
21:17:58.0696 0x1288 [ 60E2EB3E7B7F15C25E02462159F90707, D8344B529EEC0D4922CAC3E6897CC9F191ACF1376017BE38ED6BF6019F1ED181 ] WpnService C:\WINDOWS\system32\WpnService.dll
21:17:58.0709 0x1288 WpnService - ok
21:17:58.0727 0x1288 [ C7C91FB86A3C6CD7619725A88ED1884C, 132C43C518F37BF303D768BD5FB0AB835F693C43FE693937D804A34E940D770F ] WpnUserService C:\WINDOWS\System32\WpnUserService.dll
21:17:58.0735 0x1288 WpnUserService - ok
21:17:58.0775 0x1288 [ 36D7B73ADC3E10607ED6EC874AFB5D1E, 1737B3E4D2CA76BB27903BF460E4960E6A0BC32D35069AC7C5E4B07F625F3282 ] ws2ifsl C:\WINDOWS\system32\drivers\ws2ifsl.sys
21:17:58.0777 0x1288 ws2ifsl - ok
21:17:58.0819 0x1288 [ 9A0E0B836413EB0BC885532D2A5389D6, AFEE4A0578D5581E4D72999A33C0DEA6253BD891F611AFF9AFDE4160A60105F3 ] wscsvc C:\WINDOWS\System32\wscsvc.dll
21:17:58.0841 0x1288 wscsvc - ok
21:17:58.0849 0x1288 WSearch - ok
21:17:58.0971 0x1288 [ DDB7E452A99E0E5244105C6D2CF4BC9E, 1364B03AFFD20D339A2EBA303575BCCBC2D122D89810B1E3593CC55F93F9B79A ] wuauserv C:\WINDOWS\system32\wuaueng.dll
21:17:59.0074 0x1288 wuauserv - ok
21:17:59.0107 0x1288 [ AED7FE551E8672B824A56324076183EB, FFE543AAEFDEFFE6B20C244DB141A9425BDA88ED36F4870F0B70FEC433BDF0C1 ] WudfPf C:\WINDOWS\system32\drivers\WudfPf.sys
21:17:59.0112 0x1288 WudfPf - ok
21:17:59.0137 0x1288 [ CEFAB17FD7DFCFA515626C306262E89D, 9D2B728DDD478580987E2DB7AA4DA81D77F3362F536AC1CADED20EB6ECEBB55D ] WUDFRd C:\WINDOWS\system32\drivers\WudfRd.sys
21:17:59.0145 0x1288 WUDFRd - ok
21:17:59.0190 0x1288 [ 47F6450F28BAA32B2AB0D6BE00996249, C8A47D6ADF89AD613AB685C6224B9099DCEFDCD8ABCF703542AFDC356404116E ] wudfsvc C:\WINDOWS\System32\WUDFSvc.dll
21:17:59.0198 0x1288 wudfsvc - ok
21:17:59.0215 0x1288 [ CEFAB17FD7DFCFA515626C306262E89D, 9D2B728DDD478580987E2DB7AA4DA81D77F3362F536AC1CADED20EB6ECEBB55D ] WUDFWpdFs C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
21:17:59.0222 0x1288 WUDFWpdFs - ok
21:17:59.0236 0x1288 [ CEFAB17FD7DFCFA515626C306262E89D, 9D2B728DDD478580987E2DB7AA4DA81D77F3362F536AC1CADED20EB6ECEBB55D ] WUDFWpdMtp C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
21:17:59.0243 0x1288 WUDFWpdMtp - ok
21:17:59.0324 0x1288 [ E231728BC515A4B85543AF74A1FEDFCB, 5D250D7D789B5BB56BFA2E7A109BCEB3686B7636C54D89F4E9804101D145C955 ] WwanSvc C:\WINDOWS\System32\wwansvc.dll
21:17:59.0383 0x1288 WwanSvc - ok
21:17:59.0466 0x1288 [ F39D6915451D9226AC9A5E7AE70E2ABA, E05D678DC0423A4D0EB8B3BB5A942721BB4F3B0BED22748252DBD6053FE956F1 ] XblAuthManager C:\WINDOWS\System32\XblAuthManager.dll
21:17:59.0521 0x1288 XblAuthManager - ok
21:17:59.0600 0x1288 [ 765FF96467A26C4C03281ECA426EC2D9, 2526B03C518D72F429C29BA4D4F11707AF277BF71520A1A92238A932950AE161 ] XblGameSave C:\WINDOWS\System32\XblGameSave.dll
21:17:59.0657 0x1288 XblGameSave - ok
21:17:59.0706 0x1288 [ 9627BBAA50878F6833A6A7843EE3B1D9, 637566BB56501C4D11E3B6E6AC1C602D880C9D357CCE3DF1DF74EE672744F2B7 ] xboxgip C:\WINDOWS\System32\drivers\xboxgip.sys
21:17:59.0716 0x1288 xboxgip - ok
21:17:59.0772 0x1288 [ 335E6F2BE58523B295945C840C185B00, 94ED7E2CB212A3D55B8A2CB90CD1D02A6AF92DC0DDD487CB5B7CAC9883343460 ] XboxNetApiSvc C:\WINDOWS\system32\XboxNetApiSvc.dll
21:17:59.0830 0x1288 XboxNetApiSvc - ok
21:17:59.0858 0x1288 [ 63088A3361D9A308F328F11E9099DD87, E03FDB932FC57F199C8F8A8EADA338BDF7D2F9C6CB8FAB679A92B48B1E5AFE8A ] xinputhid C:\WINDOWS\System32\drivers\xinputhid.sys
21:17:59.0861 0x1288 xinputhid - ok
21:18:00.0101 0x1288 [ 8BA550098E9A09FA934C05F0CF9D5857, EF105D2A1FEEF7F3253810F0CF4694E2668CE9964BD528F10BBCCE02CA7F3485 ] ZeroConfigService C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
21:18:00.0248 0x1288 ZeroConfigService - ok
21:18:00.0258 0x1288 ================ Scan global ===============================
21:18:00.0298 0x1288 [ 0C710DB449712EE13ACE733695DB7780, BBC7875B38D318CE4E88979D083AC72E8993254A466A8A6882DDE9E0C3B687A3 ] C:\WINDOWS\system32\basesrv.dll
21:18:00.0340 0x1288 [ 4C08BF958476A137C78B62B22B5F90A4, 11DDD033896C96F8F7F1A1EDD0F4E0F07AFBB3202DC8A2E5E3ADB51C4D0700D4 ] C:\WINDOWS\system32\winsrv.dll
21:18:00.0375 0x1288 [ 1EE06E957B0B2CA52D26DA7861E160EF, 4B743A1C7010138F5F6684BBCF7CAD6FD05F49920BDD3FDB776347AA6B44AB94 ] C:\WINDOWS\system32\sxssrv.dll
21:18:00.0436 0x1288 [ 3C69CC28665854F1AAB4B4005005FA31, 2750F5ECCD448C07E3402AA64EA625D27C6BC1D000A3FFE57C03D62428BB46C4 ] C:\WINDOWS\system32\services.exe
21:18:00.0453 0x1288 [ Global ] - ok
21:18:00.0454 0x1288 ================ Scan MBR ==================================
21:18:00.0464 0x1288 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
21:18:00.0477 0x1288 \Device\Harddisk0\DR0 - ok
21:18:00.0478 0x1288 ================ Scan VBR ==================================
21:18:00.0494 0x1288 [ 98B9ED1E35AB2A606BF2EFC309AC9C1B ] \Device\Harddisk0\DR0\Partition1
21:18:00.0496 0x1288 \Device\Harddisk0\DR0\Partition1 - ok
21:18:00.0520 0x1288 [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition2
21:18:00.0521 0x1288 \Device\Harddisk0\DR0\Partition2 - ok
21:18:00.0532 0x1288 [ D166B3F51E3A9F512747DFF447D5FB6C ] \Device\Harddisk0\DR0\Partition3
21:18:00.0535 0x1288 \Device\Harddisk0\DR0\Partition3 - ok
21:18:00.0563 0x1288 [ 276DAC0457E1246E6A0E3124BA451CAF ] \Device\Harddisk0\DR0\Partition4
21:18:00.0654 0x1288 \Device\Harddisk0\DR0\Partition4 - ok
21:18:00.0695 0x1288 [ 53714206A595758A243DF8B71D338F73 ] \Device\Harddisk0\DR0\Partition5
21:18:00.0696 0x1288 \Device\Harddisk0\DR0\Partition5 - ok
21:18:00.0697 0x1288 ================ Scan generic autorun ======================
21:18:00.0697 0x1288 ETDCtrl - ok
21:18:00.0781 0x1288 [ E0663A72DFA1F4F5845B63EB7C81AD48, 75A18A21FE25D3DE5B0018E250D71E5D6AE5438D4C9554E8E5A967028FE6DD3E ] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
21:18:00.0819 0x1288 cAudioFilterAgent - ok
21:18:00.0921 0x1288 [ 4F8B94EC4D4FFA0712CCADF8145F28D1, 6CED9332100CA71FB17930AAC4ED1798E6F3A83CEBEE0A3412EFA01F6F1A6F22 ] C:\Program Files\CONEXANT\SAII\SACpl.exe
21:18:01.0011 0x1288 SmartAudio - ok
21:18:01.0047 0x1288 [ 3B0AE1CCD1BE6A0A118331044DAA94AA, 2DB8F614B72B65BF8BB3C8B17AAE204615C047B2A061D1B16A161D9D2599567E ] C:\Program Files\TOSHIBA\Teco\TecoResident.exe
21:18:01.0053 0x1288 TecoResident - ok
21:18:01.0055 0x1288 TosWaitSrv - ok
21:18:01.0106 0x1288 [ E965FC6B83B1F7C291536D2D5F7E3C03, CF7E761824F89742AD9734572A12B1071FF3F65CC9402C3531BC1BEC6EFA49C9 ] C:\Program Files\Toshiba\System Setting\TCrdMain_Win8.exe
21:18:01.0128 0x1288 TCrdMain - ok
21:18:01.0130 0x1288 WindowsDefender - ok
21:18:01.0190 0x1288 [ DF8DBBD8F5342C7BA598C606602B6352, FAF603820007A97898A56E62423B137E743A8A9CED0099532514E2F15BAAE334 ] C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
21:18:01.0212 0x1288 isa - ok
21:18:01.0629 0x1288 [ 1496120E3867FD75AE5D4EAD6E618E7A, 8D8A2FD43D33A3F7A177783921BB7E50FECBAEF1E09CD42BCDC851375F3294D1 ] C:\Windows\SysWOW64\OneDriveSetup.exe
21:18:01.0992 0x1288 OneDriveSetup - ok
21:18:02.0391 0x1288 [ 1496120E3867FD75AE5D4EAD6E618E7A, 8D8A2FD43D33A3F7A177783921BB7E50FECBAEF1E09CD42BCDC851375F3294D1 ] C:\Windows\SysWOW64\OneDriveSetup.exe
21:18:02.0751 0x1288 OneDriveSetup - ok
21:18:02.0870 0x1288 [ 24FB6B5C21CCC69EF75AA6A87DE8ABFE, 024465DA4509989C354315C747B0B0E181ABEFE2F23DA9F4CAD037ADED25A7F3 ] C:\Users\Melli\AppData\Local\\securityutility\\securityutility\\2.1.0.2\securityutility.exe
21:18:02.0892 0x1288 Security Utility - ok
21:18:02.0995 0x1288 [ CD7DC286D2FDFACB965C3E10967B2199, 30FFB133E70D694BE6968E86E999C797EE7349DCC4E9ACFB338412C039374388 ] C:\Users\Melli\AppData\Local\Microsoft\OneDrive\OneDrive.exe
21:18:03.0061 0x1288 OneDrive - ok
21:18:03.0066 0x1288 Waiting for KSN requests completion. In queue: 226
21:18:04.0067 0x1288 Waiting for KSN requests completion. In queue: 226
21:18:05.0067 0x1288 Waiting for KSN requests completion. In queue: 226
21:18:06.0094 0x1288 AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.10.14393.187 ), 0x61100 ( enabled : updated )
21:18:06.0147 0x1288 Win FW state via NFP2: enabled ( trusted )
21:18:06.0388 0x1288 ============================================================
21:18:06.0388 0x1288 Scan finished
21:18:06.0388 0x1288 ============================================================
21:18:06.0411 0x14e0 Detected object count: 0
21:18:06.0411 0x14e0 Actual detected object count: 0
21:18:59.0387 0x10d8 Deinitialize success
|
|
26.01.2017, 16:04
| #6 |
| /// TB-Ausbilder | Willkürlich öffnen von Tabs bei jeglichem Browser Servus, stell dich schon mal auf eine "Materialschlacht" ein...  Lauter Adware auf deinem PC...  Wir starten erst mal so: Schritt 1 Downloade Dir bitte AdwCleaner auf deinen Desktop.
Schritt 2 Downloade Dir bitte Malwarebytes Anti-Malware
Schritt 3 Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Schritt 4
Bitte poste mit deiner nächsten Antwort
|
|
29.01.2017, 10:41
| #7 |
| /// TB-Ausbilder | Willkürlich öffnen von Tabs bei jeglichem Browser Fehlende Rückmeldung Dieses Thema wurde aus den Abos gelöscht. Somit bekomme ich keine Benachrichtigung über neue Antworten. PM an mich falls Du denoch weiter machen willst. Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist. Jeder andere bitte hier klicken und einen eigenen Thread erstellen! |
|
15.05.2017, 10:39
| #8 |
| | Willkürlich öffnen von Tabs bei jeglichem Browser Hi Matthias, sorry für die lange Abwesenheit. Hier jetzt aber die Logfiles: AdwCleaner: AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v6.046 - Bericht erstellt am 15/05/2017 um 10:19:31
# Aktualisiert am 24/04/2017 von Malwarebytes
# Datenbank : 2017-05-14.2 [Server]
# Betriebssystem : Windows 10 Home (X64)
# Benutzername : Melli - LAPTOP-9PNHF3HP
# Gestartet von : C:\Users\Melli\Downloads\AdwCleaner_6.046.exe
# Modus: Löschen
# Unterstützung : https://www.malwarebytes.com/support
***** [ Dienste ] *****
***** [ Ordner ] *****
[-] Ordner gelöscht: C:\ProgramData\453af114
[-] Ordner gelöscht: C:\ProgramData\48f6a211-00c7-0
[-] Ordner gelöscht: C:\ProgramData\48f6a211-03c1-1
[-] Ordner gelöscht: C:\ProgramData\48f6a211-0915-0
[-] Ordner gelöscht: C:\ProgramData\48f6a211-0bf5-0
[-] Ordner gelöscht: C:\ProgramData\48f6a211-0fe1-1
[-] Ordner gelöscht: C:\ProgramData\48f6a211-1861-1
[-] Ordner gelöscht: C:\ProgramData\48f6a211-18a7-0
[-] Ordner gelöscht: C:\ProgramData\48f6a211-18d1-0
[-] Ordner gelöscht: C:\ProgramData\48f6a211-1981-0
[-] Ordner gelöscht: C:\ProgramData\48f6a211-1c81-0
[-] Ordner gelöscht: C:\ProgramData\48f6a211-1ce7-0
[-] Ordner gelöscht: C:\ProgramData\48f6a211-1fb7-0
[-] Ordner gelöscht: C:\ProgramData\48f6a211-2bc7-0
[-] Ordner gelöscht: C:\ProgramData\48f6a211-2d21-0
[-] Ordner gelöscht: C:\ProgramData\48f6a211-3ae3-1
[-] Ordner gelöscht: C:\ProgramData\48f6a211-3f41-1
[-] Ordner gelöscht: C:\ProgramData\48f6a211-47f7-0
[-] Ordner gelöscht: C:\ProgramData\48f6a211-48f5-0
[-] Ordner gelöscht: C:\ProgramData\48f6a211-4ae3-1
[-] Ordner gelöscht: C:\ProgramData\48f6a211-4d65-0
[-] Ordner gelöscht: C:\ProgramData\48f6a211-4e57-1
[-] Ordner gelöscht: C:\ProgramData\48f6a211-5213-1
[-] Ordner gelöscht: C:\ProgramData\48f6a211-57f1-1
[-] Ordner gelöscht: C:\ProgramData\48f6a211-5805-0
[-] Ordner gelöscht: C:\ProgramData\48f6a211-6f71-1
[-] Ordner gelöscht: C:\ProgramData\48f6a211-71b5-1
[-] Ordner gelöscht: C:\ProgramData\48f6a211-71e7-1
[-] Ordner gelöscht: C:\ProgramData\48f6a211-7525-0
[-] Ordner gelöscht: C:\ProgramData\48f6a211-7b55-0
[-] Ordner gelöscht: C:\ProgramData\c84f268f-3f73-1
[-] Ordner gelöscht: C:\ProgramData\c84f268f-77f5-0
[-] Ordner gelöscht: C:\ProgramData\{018239a2-112c-0}
[-] Ordner gelöscht: C:\ProgramData\{0351b4a2-312c-1}
[-] Ordner gelöscht: C:\ProgramData\{055046fa-512c-0}
[-] Ordner gelöscht: C:\ProgramData\{0971ac38-212c-1}
[-] Ordner gelöscht: C:\ProgramData\{0b367ff5-012c-0}
[-] Ordner gelöscht: C:\ProgramData\{0bf6422b-412c-1}
[-] Ordner gelöscht: C:\ProgramData\{0f0899b3-112c-1}
[-] Ordner gelöscht: C:\ProgramData\{1a95d704-412c-0}
[-] Ordner gelöscht: C:\ProgramData\{1b8fcaf8-512c-1}
[-] Ordner gelöscht: C:\ProgramData\{1ba26e4c-412c-1}
[-] Ordner gelöscht: C:\ProgramData\{251b1a31-512c-0}
[-] Ordner gelöscht: C:\ProgramData\{28fe2601-112c-0}
[-] Ordner gelöscht: C:\ProgramData\{33535ac2-112c-0}
[-] Ordner gelöscht: C:\ProgramData\{3e6206ec-712c-0}
[-] Ordner gelöscht: C:\ProgramData\{3fbb7104-712c-0}
[-] Ordner gelöscht: C:\ProgramData\{421348e2-012c-1}
[-] Ordner gelöscht: C:\ProgramData\{4c317c30-512c-1}
[-] Ordner gelöscht: C:\ProgramData\{4e9e48d7-612c-0}
[-] Ordner gelöscht: C:\ProgramData\{51686ff6-412c-0}
[-] Ordner gelöscht: C:\ProgramData\{5be93bbd-512c-1}
[-] Ordner gelöscht: C:\ProgramData\{5e1f367f-712c-1}
[-] Ordner gelöscht: C:\ProgramData\{64d07dc9-612c-1}
[-] Ordner gelöscht: C:\ProgramData\{6610530b-312c-1}
[-] Ordner gelöscht: C:\ProgramData\{66cd0c70-512c-0}
[-] Ordner gelöscht: C:\ProgramData\{6a470bc3-412c-0}
[-] Ordner gelöscht: C:\ProgramData\{6c626518-612c-1}
[-] Ordner gelöscht: C:\ProgramData\{7f47397b-312c-0}
[-] Ordner gelöscht: C:\Users\Melli\AppData\Local\SecurityUtility
[-] Ordner gelöscht: C:\Users\Melli\AppData\Roaming\BandwidthStat
[-] Ordner gelöscht: C:\Users\Melli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BandwidthStat
[-] Ordner gelöscht: C:\ProgramData\Booking.com
[-] Ordner gelöscht: C:\Users\Public\Pokki
[-] Ordner gelöscht: C:\Users\Melli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn
***** [ Dateien ] *****
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Verknüpfungen ] *****
***** [ Aufgabenplanung ] *****
[-] Aufgabe gelöscht: Security Utility Updater
***** [ Registrierungsdatenbank ] *****
[-] Schlüssel gelöscht: HKU\S-1-5-21-3558395630-511898349-2301767398-1001\Software\System Healer
[-] Schlüssel gelöscht: HKU\S-1-5-21-3558395630-511898349-2301767398-1001\Software\BandwidthStat
[-] Schlüssel gelöscht: HKU\S-1-5-21-3558395630-511898349-2301767398-1001\Software\Super PC Cleaner
[-] Schlüssel gelöscht: HKU\S-1-5-21-3558395630-511898349-2301767398-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\Security utility
[#] Schlüssel mit Neustart gelöscht: HKCU\Software\System Healer
[#] Schlüssel mit Neustart gelöscht: HKCU\Software\BandwidthStat
[#] Schlüssel mit Neustart gelöscht: HKCU\Software\Super PC Cleaner
[#] Schlüssel mit Neustart gelöscht: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Security utility
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\System Healer
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\BandwidthStat
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\Super PC Cleaner
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Security utility
[-] Daten wiederhergestellt: HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{1117ff53-f7c2-4264-94ce-1f627bb7fde2} [NameServer]
[-] Daten wiederhergestellt: HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{61c17897-e7de-4697-a754-9f685be40562} [NameServer]
[-] Daten wiederhergestellt: HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{9ca7ae57-853d-498e-91ba-4b9a73378b81} [NameServer]
[-] Daten wiederhergestellt: HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{ccde9c92-c960-4d1a-bcaf-9d566ec72b1f} [NameServer]
[-] Daten wiederhergestellt: [x64] HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{1117ff53-f7c2-4264-94ce-1f627bb7fde2} [NameServer]
[-] Daten wiederhergestellt: [x64] HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{61c17897-e7de-4697-a754-9f685be40562} [NameServer]
[-] Daten wiederhergestellt: [x64] HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{9ca7ae57-853d-498e-91ba-4b9a73378b81} [NameServer]
[-] Daten wiederhergestellt: [x64] HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{ccde9c92-c960-4d1a-bcaf-9d566ec72b1f} [NameServer]
[-] Schlüssel gelöscht: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\cmptch.com
[-] Schlüssel gelöscht: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\re-markit.co
[-] Schlüssel gelöscht: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\static.cmptch.com
[-] Schlüssel gelöscht: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\static.re-markit00.re-markit.co
[-] Schlüssel gelöscht: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\cmptch.com
[-] Schlüssel gelöscht: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\re-markit.co
[-] Schlüssel gelöscht: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\static.cmptch.com
[-] Schlüssel gelöscht: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\static.re-markit00.re-markit.co
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\cmptch.com
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\re-markit.co
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\static.cmptch.com
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\static.re-markit00.re-markit.co
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\cmptch.com
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\re-markit.co
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\static.cmptch.com
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\static.re-markit00.re-markit.co
[-] Wert gelöscht: HKU\S-1-5-21-3558395630-511898349-2301767398-1001\Software\Microsoft\Windows\CurrentVersion\Run [Security Utility]
[-] Wert gelöscht: HKU\S-1-5-21-3558395630-511898349-2301767398-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Security Utility]
[#] Wert mit Neustart gelöscht: HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Security Utility]
[#] Wert mit Neustart gelöscht: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Security Utility]
[-] Schlüssel gelöscht: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E
[-] Schlüssel gelöscht: HKCU\Software\Classes\Applications\bandwidthstat.exe
[-] Schlüssel gelöscht: HKLM\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\e24b7131-d039-43cb-9e6f-ad4be601ec1f
[-] Schlüssel gelöscht: HKLM\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\04262113-2a31-48e1-b4bb-3b42174bea0f
[#] Schlüssel mit Neustart gelöscht: HKLM\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\e24b7131-d039-43cb-9e6f-ad4be601ec1f
[#] Schlüssel mit Neustart gelöscht: HKLM\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\04262113-2a31-48e1-b4bb-3b42174bea0f
***** [ Browser ] *****
[-] [C:\Users\Melli\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Gelöscht: homepage-web.com
[-] [C:\Users\Melli\AppData\Local\Google\Chrome\User Data\Default] [extension] Gelöscht: ijjnmdphpnlnelhbhefnfmimenjgbfcn
*************************
:: "Tracing" Schlüssel gelöscht
:: Winsock Einstellungen zurückgesetzt
:: "Image File Execution Options" Schlüssel gelöscht
:: "Prefetch" Dateien gelöscht
:: Proxy Einstellungen zurückgesetzt
:: Internet Explorer Richtlinien gelöscht
:: Chrome Richtlinien gelöscht
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [12428 Bytes] - [15/05/2017 10:19:31]
C:\AdwCleaner\AdwCleaner[S0].txt - [11911 Bytes] - [15/05/2017 10:14:54]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [12576 Bytes] ##########
[/CODE] MBAM Code:
ATTFilter
Malwarebytes
www.malwarebytes.com
-Protokolldetails-
Scan-Datum: 15.05.17
Scan-Zeit: 10:39
Protokolldatei: mbam.txt
Administrator: Ja
-Softwaredaten-
Version: 3.1.2.1733
Komponentenversion: 1.0.122
Version des Aktualisierungspakets: 1.0.1942
Lizenz: Testversion
-Systemdaten-
Betriebssystem: Windows 10
CPU: x64
Dateisystem: NTFS
Benutzer: LAPTOP-9PNHF3HP\Melli
-Scan-Übersicht-
Scan-Typ: Bedrohungs-Scan
Ergebnis: Abgeschlossen
Gescannte Objekte: 373019
Erkannte Bedrohungen: 84
In die Quarantäne verschobene Bedrohungen: 84
Abgelaufene Zeit: 9 Min., 51 Sek.
-Scan-Optionen-
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
-Scan-Details-
Prozess: 0
(keine bösartigen Elemente erkannt)
Modul: 0
(keine bösartigen Elemente erkannt)
Registrierungsschlüssel: 1
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{453af114}, In Quarantäne, [28], [260250],1.0.1942
Registrierungswert: 1
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{453af114}|1, In Quarantäne, [28], [260250],1.0.1942
Registrierungsdaten: 12
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|NAMESERVER, Ersetzt, [6330], [293494],1.0.1942
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|NameServer, Ersetzt, [6330], [-1],0.0.0
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|DhcpNameServer, Ersetzt, [6330], [-1],0.0.0
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{1117ff53-f7c2-4264-94ce-1f627bb7fde2}|NameServer, Ersetzt, [6330], [-1],0.0.0
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{1117ff53-f7c2-4264-94ce-1f627bb7fde2}|DhcpNameServer, Ersetzt, [6330], [-1],0.0.0
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{26b11a49-585f-4b43-a90c-9af3c3d7b25b}|NameServer, Ersetzt, [6330], [-1],0.0.0
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{61c17897-e7de-4697-a754-9f685be40562}|NameServer, Ersetzt, [6330], [-1],0.0.0
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{61c17897-e7de-4697-a754-9f685be40562}|DhcpNameServer, Ersetzt, [6330], [-1],0.0.0
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{9ca7ae57-853d-498e-91ba-4b9a73378b81}|NameServer, Ersetzt, [6330], [-1],0.0.0
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{9ca7ae57-853d-498e-91ba-4b9a73378b81}|DhcpNameServer, Ersetzt, [6330], [-1],0.0.0
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{ccde9c92-c960-4d1a-bcaf-9d566ec72b1f}|NameServer, Ersetzt, [6330], [-1],0.0.0
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{ccde9c92-c960-4d1a-bcaf-9d566ec72b1f}|DhcpNameServer, Ersetzt, [6330], [-1],0.0.0
Daten-Stream: 0
(keine bösartigen Elemente erkannt)
Ordner: 34
PUP.Optional.InternetMonitor, C:\Users\Melli\AppData\Local\CrashRpt\UnsentCrashReports\BandwidthStat_342\Logs, In Quarantäne, [12766], [182462],1.0.1942
PUP.Optional.InternetMonitor, C:\USERS\MELLI\APPDATA\LOCAL\CRASHRPT\UNSENTCRASHREPORTS\BandwidthStat_342, In Quarantäne, [12766], [182462],1.0.1942
Adware.Agent.Generic, C:\PROGRAMDATA\{0012C459-B7B9-73F2-17C2-8C18CA06FE50}, In Quarantäne, [1402], [331038],1.0.1942
Adware.Agent.Generic, C:\PROGRAMDATA\{F64EEC7D-41E5-5BD6-3FD5-11A4003D59EF}, In Quarantäne, [1402], [331038],1.0.1942
Adware.Agent.Generic, C:\PROGRAMDATA\{732E2D74-C485-9ADF-A261-14EE1856C113}, In Quarantäne, [1402], [331038],1.0.1942
Adware.Agent.Generic, C:\PROGRAMDATA\{9007E8DD-27AC-5F76-252F-EADB756B197B}, In Quarantäne, [1402], [331038],1.0.1942
Adware.Agent.Generic, C:\PROGRAMDATA\{BFAFC87F-0804-7FD4-0075-45004890FEFE}, In Quarantäne, [1402], [331038],1.0.1942
Adware.Agent.Generic, C:\PROGRAMDATA\{12B25416-A519-E3BD-594C-A72E402DD61C}, In Quarantäne, [1402], [331038],1.0.1942
Adware.Agent.Generic, C:\PROGRAMDATA\{A25F479B-15F4-F030-6C0B-9BC1C0B7360A}, In Quarantäne, [1402], [331038],1.0.1942
Adware.Agent.Generic, C:\PROGRAMDATA\{34703C29-83DB-8B82-F86E-D7BDA9328C51}, In Quarantäne, [1402], [331038],1.0.1942
Adware.Agent.Generic, C:\PROGRAMDATA\{A4D47D3F-137F-CA94-E534-2B856533BE41}, In Quarantäne, [1402], [331038],1.0.1942
Adware.Agent.Generic, C:\PROGRAMDATA\{0161CDE3-B6CA-7A48-ED3D-EBE52ACB2E37}, In Quarantäne, [1402], [331038],1.0.1942
Adware.Agent.Generic, C:\PROGRAMDATA\{0674E02B-B1DF-5780-52CD-06F38E18EF72}, In Quarantäne, [1402], [331038],1.0.1942
Adware.Agent.Generic, C:\PROGRAMDATA\{0EB02E88-B91B-9923-E1D8-9801D1DF56EF}, In Quarantäne, [1402], [331038],1.0.1942
Adware.Agent.Generic, C:\PROGRAMDATA\{20F84C3F-9753-FB94-0F1C-4C630F861C95}, In Quarantäne, [1402], [331038],1.0.1942
Adware.Agent.Generic, C:\PROGRAMDATA\{24CE4055-9365-F7FE-019C-ECAE350D0B80}, In Quarantäne, [1402], [331038],1.0.1942
Adware.Agent.Generic, C:\PROGRAMDATA\{2F7FBBA9-98D4-0C02-B353-AEB8D3192D17}, In Quarantäne, [1402], [331038],1.0.1942
Adware.Agent.Generic, C:\PROGRAMDATA\{426AB606-F5C1-01AD-D1B7-41A561505EE8}, In Quarantäne, [1402], [331038],1.0.1942
Adware.Agent.Generic, C:\PROGRAMDATA\{46CAEE9E-F161-5935-4119-D0A11C1D9B1D}, In Quarantäne, [1402], [331038],1.0.1942
Adware.Agent.Generic, C:\PROGRAMDATA\{59AAFBBF-EE01-4C14-EFE3-8DFFB0B4A813}, In Quarantäne, [1402], [331038],1.0.1942
Adware.Agent.Generic, C:\PROGRAMDATA\{682543FF-DF8E-F454-95D8-5D13905EAAF7}, In Quarantäne, [1402], [331038],1.0.1942
Adware.Agent.Generic, C:\PROGRAMDATA\{6A2E2DCA-DD85-9A61-C8A1-DB29CA65B0C8}, In Quarantäne, [1402], [331038],1.0.1942
Adware.Agent.Generic, C:\PROGRAMDATA\{6B90CD55-DC3B-7AFE-6F9D-56B6E77FA85B}, In Quarantäne, [1402], [331038],1.0.1942
Adware.Agent.Generic, C:\PROGRAMDATA\{743C0486-C397-B32D-B361-9D19EAFDF3EA}, In Quarantäne, [1402], [331038],1.0.1942
Adware.Agent.Generic, C:\PROGRAMDATA\{96FB75E2-2150-C249-A68F-BA19C1DEA2BB}, In Quarantäne, [1402], [331038],1.0.1942
Adware.Agent.Generic, C:\PROGRAMDATA\{D8D6C3DF-6F7D-7474-AD15-F032E08564C6}, In Quarantäne, [1402], [331038],1.0.1942
Adware.Agent.Generic, C:\PROGRAMDATA\{D9002656-6EAB-91FD-CF63-34BC7EB6828B}, In Quarantäne, [1402], [331038],1.0.1942
Adware.Agent.Generic, C:\PROGRAMDATA\{E0373FAC-579C-8807-1EA6-5707BD295BFB}, In Quarantäne, [1402], [331038],1.0.1942
Adware.Agent.Generic, C:\PROGRAMDATA\{E042D4C0-57E9-636B-D53A-FB5737843EA3}, In Quarantäne, [1402], [331038],1.0.1942
Adware.Agent.Generic, C:\PROGRAMDATA\{E36A5D4D-54C1-EAE6-21FE-8FAF966D9483}, In Quarantäne, [1402], [331038],1.0.1942
Adware.Agent.Generic, C:\PROGRAMDATA\{E79A6FF2-5031-D859-A552-DA7DDA015338}, In Quarantäne, [1402], [331038],1.0.1942
Adware.Agent.Generic, C:\PROGRAMDATA\{EB61D9F5-5CCA-6E5E-CF1A-7B7B9B7035C2}, In Quarantäne, [1402], [331038],1.0.1942
Adware.Agent.Generic, C:\PROGRAMDATA\{F16D16C0-46C6-A16B-9321-025151356DDF}, In Quarantäne, [1402], [331038],1.0.1942
Adware.Agent.Generic, C:\PROGRAMDATA\{F653D896-41F8-6F3D-D834-3F905DDF9E7E}, In Quarantäne, [1402], [331038],1.0.1942
Datei: 36
Adware.Agent.Generic, C:\PROGRAMDATA\{0012C459-B7B9-73F2-17C2-8C18CA06FE50}\AA944A14-1D3F-FDBF-8E65-41C201693C18.EXE, In Quarantäne, [1402], [331038],1.0.1942
Adware.Hicosmea, C:\PROGRAMDATA\{24CE4055-9365-F7FE-019C-ECAE350D0B80}\BDE28835-0A49-3F9E-55BC-2963CB0E7380.EXE, In Quarantäne, [1081], [367962],1.0.1942
Adware.Hicosmea, C:\PROGRAMDATA\{682543FF-DF8E-F454-95D8-5D13905EAAF7}\2198E78D-9633-5026-1495-A47B4E80B052.EXE, In Quarantäne, [1081], [367962],1.0.1942
Adware.Hicosmea, C:\PROGRAMDATA\{96FB75E2-2150-C249-A68F-BA19C1DEA2BB}\21520E6D-96F9-B9C6-CF2C-4643D6D4D8CD.EXE, In Quarantäne, [1081], [367962],1.0.1942
Adware.Hicosmea, C:\PROGRAMDATA\{0EB02E88-B91B-9923-E1D8-9801D1DF56EF}\72D13C30-C57A-8B9B-B420-6882757915E2.EXE, In Quarantäne, [1081], [367962],1.0.1942
Adware.Hicosmea, C:\PROGRAMDATA\{20F84C3F-9753-FB94-0F1C-4C630F861C95}\93E3B1FD-2448-0656-C491-9651B394DBB3.EXE, In Quarantäne, [1081], [367962],1.0.1942
Adware.Hicosmea, C:\PROGRAMDATA\{0161CDE3-B6CA-7A48-ED3D-EBE52ACB2E37}\DBE3D63C-6C48-6197-A0BF-B86F63F31402.EXE, In Quarantäne, [1081], [367962],1.0.1942
Adware.Hicosmea, C:\PROGRAMDATA\{E0373FAC-579C-8807-1EA6-5707BD295BFB}\F68D90AD-4126-2706-E6B9-C511C0F8BB33.EXE, In Quarantäne, [1081], [367962],1.0.1942
Adware.Hicosmea, C:\PROGRAMDATA\{426AB606-F5C1-01AD-D1B7-41A561505EE8}\41E4B039-F64F-0792-61A9-D73527FE90D4.EXE, In Quarantäne, [1081], [367962],1.0.1942
Adware.Hicosmea, C:\PROGRAMDATA\{2F7FBBA9-98D4-0C02-B353-AEB8D3192D17}\C92A3985-7E81-8E2E-95E3-E66BF9893FFA.EXE, In Quarantäne, [1081], [367962],1.0.1942
Adware.Hicosmea, C:\PROGRAMDATA\{59AAFBBF-EE01-4C14-EFE3-8DFFB0B4A813}\DC63EE02-6BC8-59A9-FB15-E28770AF761A.EXE, In Quarantäne, [1081], [367962],1.0.1942
Adware.Agent.Generic, C:\PROGRAMDATA\{F64EEC7D-41E5-5BD6-3FD5-11A4003D59EF}\3A84C1A9-8D2F-7602-484E-A039946E3181.EXE, In Quarantäne, [1402], [331038],1.0.1942
Adware.Agent.Generic, C:\PROGRAMDATA\{732E2D74-C485-9ADF-A261-14EE1856C113}\5CEC0069-EB47-B7C2-0801-2C2FBF1C9162.EXE, In Quarantäne, [1402], [331038],1.0.1942
Adware.Agent.Generic, C:\PROGRAMDATA\{9007E8DD-27AC-5F76-252F-EADB756B197B}\F32426DB-448F-9170-9C4B-800F82371A16.EXE, In Quarantäne, [1402], [331038],1.0.1942
Adware.Hicosmea, C:\PROGRAMDATA\{6A2E2DCA-DD85-9A61-C8A1-DB29CA65B0C8}\2BA70AB2-9C0C-BD19-2456-92B1E8A8010F.EXE, In Quarantäne, [1081], [367962],1.0.1942
Adware.Agent.Generic, C:\PROGRAMDATA\{BFAFC87F-0804-7FD4-0075-45004890FEFE}\DC91E7BA-6B3A-5011-B6C4-FFF35090BCF5.EXE, In Quarantäne, [1402], [331038],1.0.1942
Adware.Agent.Generic, C:\PROGRAMDATA\{12B25416-A519-E3BD-594C-A72E402DD61C}\44B06354-F31B-D4FF-A679-68ECF2071349.EXE, In Quarantäne, [1402], [331038],1.0.1942
Adware.Agent.Generic, C:\PROGRAMDATA\{A25F479B-15F4-F030-6C0B-9BC1C0B7360A}\006F2067-B7C4-97CC-ECAE-5FCD0DFD93B1.EXE, In Quarantäne, [1402], [331038],1.0.1942
Adware.Hicosmea, C:\PROGRAMDATA\{D9002656-6EAB-91FD-CF63-34BC7EB6828B}\5F07CC39-E8AC-7B92-88CB-76098FE09339.EXE, In Quarantäne, [1081], [367962],1.0.1942
Adware.Hicosmea, C:\PROGRAMDATA\{0674E02B-B1DF-5780-52CD-06F38E18EF72}\0097BE07-B73C-09AC-42EB-BB0633CBB71B.EXE, In Quarantäne, [1081], [367962],1.0.1942
Adware.Hicosmea, C:\PROGRAMDATA\{E79A6FF2-5031-D859-A552-DA7DDA015338}\D801707C-6FAA-C7D7-6B1D-54760F670D37.EXE, In Quarantäne, [1081], [367962],1.0.1942
Adware.Hicosmea, C:\PROGRAMDATA\{46CAEE9E-F161-5935-4119-D0A11C1D9B1D}\7F5C0C0C-C8F7-BBA7-184E-5C6B6D6EE57F.EXE, In Quarantäne, [1081], [367962],1.0.1942
Adware.Agent.Generic, C:\PROGRAMDATA\{34703C29-83DB-8B82-F86E-D7BDA9328C51}\4B94CB96-FC3F-7C3D-F0E1-30D00C237563.EXE, In Quarantäne, [1402], [331038],1.0.1942
Adware.Hicosmea, C:\PROGRAMDATA\{E042D4C0-57E9-636B-D53A-FB5737843EA3}\9AF3F354-2D58-44FF-56BE-CAE06BEED9D9.EXE, In Quarantäne, [1081], [367962],1.0.1942
Adware.Hicosmea, C:\PROGRAMDATA\{F16D16C0-46C6-A16B-9321-025151356DDF}\98A332B4-2F08-851F-F379-71085F83CAB3.EXE, In Quarantäne, [1081], [367962],1.0.1942
Adware.Hicosmea, C:\PROGRAMDATA\{743C0486-C397-B32D-B361-9D19EAFDF3EA}\83CF4383-3464-F428-E32B-EDD02E94BE13.EXE, In Quarantäne, [1081], [367962],1.0.1942
Adware.Hicosmea, C:\PROGRAMDATA\{6B90CD55-DC3B-7AFE-6F9D-56B6E77FA85B}\940BA93E-23A0-1E95-1114-9375D94849CE.EXE, In Quarantäne, [1081], [367962],1.0.1942
Adware.Hicosmea, C:\PROGRAMDATA\{F653D896-41F8-6F3D-D834-3F905DDF9E7E}\1D81C99B-AA2A-7E30-1890-AF9DBEE4677A.EXE, In Quarantäne, [1081], [367962],1.0.1942
Adware.Agent.Generic, C:\PROGRAMDATA\{A4D47D3F-137F-CA94-E534-2B856533BE41}\A013830B-17B8-34A0-20B8-B8F94BD644C8.EXE, In Quarantäne, [1402], [331038],1.0.1942
Adware.Hicosmea, C:\PROGRAMDATA\{D8D6C3DF-6F7D-7474-AD15-F032E08564C6}\5B4DFCC0-ECE6-4B6B-C78A-A0DD6FB00A3E.EXE, In Quarantäne, [1081], [367962],1.0.1942
Adware.Hicosmea, C:\PROGRAMDATA\{E36A5D4D-54C1-EAE6-21FE-8FAF966D9483}\F1E93857-4642-8FFC-C78C-5C0961222103.EXE, In Quarantäne, [1081], [367962],1.0.1942
Adware.Hicosmea, C:\PROGRAMDATA\{EB61D9F5-5CCA-6E5E-CF1A-7B7B9B7035C2}\FDAAE47A-4A01-53D1-0FD5-C2DAC6EFDD7A.EXE, In Quarantäne, [1081], [367962],1.0.1942
PUP.Optional.CrossRider, C:\USERS\MELLI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\https_d19tqk5t6qcjac.cloudfront.net_0.localstorage, In Quarantäne, [237], [256629],1.0.1942
PUP.Optional.CrossRider, C:\USERS\MELLI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\https_d19tqk5t6qcjac.cloudfront.net_0.localstorage-journal, In Quarantäne, [237], [256629],1.0.1942
PUP.Optional.Yontoo, C:\USERS\MELLI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_static.coupontime00.coupontime.co_0.localstorage, In Quarantäne, [51], [304355],1.0.1942
PUP.Optional.Yontoo, C:\USERS\MELLI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_static.coupontime00.coupontime.co_0.localstorage-journal, In Quarantäne, [51], [304355],1.0.1942
Physischer Sektor: 0
(keine bösartigen Elemente erkannt)
(end)
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 10 Home x64
Ran by Melli (Administrator) on 15.05.2017 at 11:01:34,44
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 2
Failed to delete: C:\ProgramData\pdfforge (Folder)
Successfully deleted: C:\Program Files (x86)\GUT2078.tmp (File)
Registry: 2
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{01591CF5-AB81-471F-869D-36766194D1FA} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{23FD9C33-A9E1-48A1-8404-E5925CF1C8E1} (Registry Value)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15.05.2017 at 11:11:14,65
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 14-05-2017
durchgeführt von Melli (Administrator) auf LAPTOP-9PNHF3HP (15-05-2017 11:13:23)
Gestartet von C:\Users\Melli\Downloads
Geladene Profile: Melli & (Verfügbare Profile: Melli)
Platform: Windows 10 Home Version 1607 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Edge)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(pdfforge GmbH) C:\Program Files\PDF Architect 4\creator-ws.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(© pdfforge GmbH.) C:\ProgramData\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe
(TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA System Driver\RMService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\System Setting\TCrdMain_Win8.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.693_none_42ff55c9655f38bf\TiWorker.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TosWififind.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
==================== Registry (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3873000 2016-06-02] (ELAN Microelectronics Corp.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [599384 2015-06-05] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc.)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [180016 2015-06-08] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [354144 2013-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\Toshiba\System Setting\TCrdMain_Win8.exe [511280 2015-06-23] (TOSHIBA Corporation)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-12-05] (Microsoft Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [isa] => C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [330240 2015-02-26] ()
HKU\S-1-5-21-3558395630-511898349-2301767398-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Ribbons.scr [151040 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-21-3558395630-511898349-2301767398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05152017105434738\...\RunOnce: [Uninstall 17.3.6798.0207\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Melli\AppData\Local\Microsoft\OneDrive\17.3.6798.0207\amd64"
HKU\S-1-5-21-3558395630-511898349-2301767398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05152017105434738\...\RunOnce: [Uninstall 17.3.6798.0207] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Melli\AppData\Local\Microsoft\OneDrive\17.3.6798.0207"
HKU\S-1-5-21-3558395630-511898349-2301767398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05152017105434738\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Ribbons.scr [151040 2016-07-16] (Microsoft Corporation)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{1117ff53-f7c2-4264-94ce-1f627bb7fde2}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{1117ff53-f7c2-4264-94ce-1f627bb7fde2}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{26b11a49-585f-4b43-a90c-9af3c3d7b25b}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{61c17897-e7de-4697-a754-9f685be40562}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{61c17897-e7de-4697-a754-9f685be40562}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{8066449a-baff-11e6-9b1c-806e6f6e6963}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{9ca7ae57-853d-498e-91ba-4b9a73378b81}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{9ca7ae57-853d-498e-91ba-4b9a73378b81}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{ccde9c92-c960-4d1a-bcaf-9d566ec72b1f}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{ccde9c92-c960-4d1a-bcaf-9d566ec72b1f}: [DhcpNameServer] 192.168.2.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3558395630-511898349-2301767398-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba15.msn.com/?pc=TBTE
HKU\S-1-5-21-3558395630-511898349-2301767398-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://toshiba.eu/symbaloo_10c1
HKU\S-1-5-21-3558395630-511898349-2301767398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05152017105434738\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba15.msn.com/?pc=TBTE
HKU\S-1-5-21-3558395630-511898349-2301767398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05152017105434738\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://toshiba.eu/symbaloo_10c1
SearchScopes: HKU\S-1-5-21-3558395630-511898349-2301767398-1001 -> DefaultScope {01591CF5-AB81-471F-869D-36766194D1FA} URL =
SearchScopes: HKU\S-1-5-21-3558395630-511898349-2301767398-1001 -> {23271351-2D9D-4A2B-A8F2-38264E8DFE3A} URL = hxxp://go.web.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-3558395630-511898349-2301767398-1001 -> {97EDA06C-14DF-4A18-AF00-1EAAF8BB712D} URL = hxxp://go.mail.com/tb/en-us/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-3558395630-511898349-2301767398-1001 -> {B34F777D-09F5-4F64-8BA5-B547462BE510} URL = hxxp://go.gmx.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-3558395630-511898349-2301767398-1001 -> {DFC28538-8785-4C0D-852B-C86B0E5C91E9} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-3558395630-511898349-2301767398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05152017105434738 -> DefaultScope {01591CF5-AB81-471F-869D-36766194D1FA} URL =
SearchScopes: HKU\S-1-5-21-3558395630-511898349-2301767398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05152017105434738 -> {01591CF5-AB81-471F-869D-36766194D1FA} URL =
SearchScopes: HKU\S-1-5-21-3558395630-511898349-2301767398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05152017105434738 -> {23271351-2D9D-4A2B-A8F2-38264E8DFE3A} URL = hxxp://go.web.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-3558395630-511898349-2301767398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05152017105434738 -> {97EDA06C-14DF-4A18-AF00-1EAAF8BB712D} URL = hxxp://go.mail.com/tb/en-us/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-3558395630-511898349-2301767398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05152017105434738 -> {B34F777D-09F5-4F64-8BA5-B547462BE510} URL = hxxp://go.gmx.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-3558395630-511898349-2301767398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05152017105434738 -> {DFC28538-8785-4C0D-852B-C86B0E5C91E9} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-05-15] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-05-15] (Microsoft Corporation)
BHO-x32: PDF Architect 4 Helper -> {38279E1A-7019-40C1-B579-E99DFB3312E8} -> C:\Program Files (x86)\PDF Architect 4\creator-ie-helper.dll [2016-08-05] (pdfforge GmbH)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-15] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-15] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-15] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-15] (Microsoft Corporation)
Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-3558395630-511898349-2301767398-1001 -> hxxp://go.gmx.net/tb/ie_startpage
FireFox:
========
FF ProfilePath: C:\Users\Melli\AppData\Roaming\Mozilla\Firefox\Profiles\67hoppzq.default [2017-01-07]
FF HKLM\...\Firefox\Extensions: [pdf_architect_4_conv@pdfarchitect.org] - C:\Program Files\PDF Architect 4\resources\pdfarchitect4firefoxextension
FF Extension: (PDF Architect 4 Creator) - C:\Program Files\PDF Architect 4\resources\pdfarchitect4firefoxextension [2016-12-14] [ist nicht signiert]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\TXE Components\IPT\npIntelWebAPIIPT.dll [2014-07-01] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\TXE Components\IPT\npIntelWebAPIUpdater.dll [2014-07-01] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-05-15] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-23] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-23] (Google Inc.)
FF Plugin-x32: PDF Architect 4 -> C:\Program Files (x86)\PDF Architect 4\np-previewer.dll [2016-08-05] (pdfforge GmbH)
Chrome:
=======
CHR StartupUrls: Default -> "hxxp://google.de/"
CHR Profile: C:\Users\Melli\AppData\Local\Google\Chrome\User Data\Default [2017-05-15]
CHR Extension: (Google Präsentationen) - C:\Users\Melli\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-03-31]
CHR Extension: (Google Docs) - C:\Users\Melli\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-31]
CHR Extension: (Google Drive) - C:\Users\Melli\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-31]
CHR Extension: (YouTube) - C:\Users\Melli\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-31]
CHR Extension: (Google Tabellen) - C:\Users\Melli\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-31]
CHR Extension: (Google Docs Offline) - C:\Users\Melli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-31]
CHR Extension: (Cath Kidston) - C:\Users\Melli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlpkmaeinmnbiadacenijnhlolneopm [2016-04-03]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Melli\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-04-03]
CHR Extension: (Google Mail) - C:\Users\Melli\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-31]
CHR Extension: (Chrome Media Router) - C:\Users\Melli\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-15]
==================== Dienste (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3801280 2017-04-19] (Microsoft Corporation)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [144608 2016-06-02] (ELAN Microelectronics Corp.)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [382440 2016-08-19] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
S3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [330240 2015-02-26] () [Datei ist nicht signiert]
R2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-02-26] () [Datei ist nicht signiert]
R2 jhi_service; C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe [174368 2015-04-21] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-06-12] ()
S3 PDF Architect 4; C:\Program Files\PDF Architect 4\ws.exe [2438880 2016-08-05] (pdfforge GmbH)
S3 PDF Architect 4 CrashHandler; C:\Program Files\PDF Architect 4\crash-handler-ws.exe [1038048 2016-08-05] (pdfforge GmbH)
R2 PDF Architect 4 Creator; C:\Program Files\PDF Architect 4\creator-ws.exe [851168 2016-08-05] (pdfforge GmbH)
R2 PDF Architect 4 Manager; C:\ProgramData\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe [959248 2015-10-05] (© pdfforge GmbH.)
R3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [120392 2015-11-17] (Toshiba Europe GmbH)
R2 TOSRMService; C:\Program Files (x86)\TOSHIBA\TOSHIBA System Driver\RMService.exe [326960 2015-06-24] (TOSHIBA)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3831200 2015-06-12] (Intel® Corporation)
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
S3 klvssbrigde64; "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\vssbridge64.exe" [X]
===================== Treiber (Nicht auf der Ausnahmeliste) ======================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77440 2017-05-09] ()
R3 ETDSMBus; C:\WINDOWS\System32\drivers\ETDSMBus.sys [31832 2016-06-02] (ELAN Microelectronic Corp.)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [230144 2016-11-11] (Intel Corporation)
R3 igfxLP; C:\WINDOWS\system32\DRIVERS\igdkmd64lp.sys [7401968 2016-08-19] (Intel Corporation)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [187320 2017-05-15] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [113592 2017-05-15] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-05-15] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [251832 2017-05-15] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [93624 2017-05-15] (Malwarebytes)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw02.sys [3776792 2015-06-22] (Intel Corporation)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-24] (Realtek Semiconductor Corp.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [895256 2016-03-31] (Realtek )
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [45720 2015-06-13] (Toshiba Corporation)
R3 TXEIx64; C:\WINDOWS\System32\drivers\TXEIx64.sys [146232 2015-06-26] (Intel Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-05-15 11:13 - 2017-05-15 11:13 - 00000000 ____D C:\Users\Melli\Downloads\FRST-OlderVersion
2017-05-15 11:11 - 2017-05-15 11:11 - 00000941 _____ C:\Users\Melli\Desktop\JRT.txt
2017-05-15 10:59 - 2017-05-15 10:59 - 00013350 _____ C:\Users\Melli\Desktop\mbam.txt
2017-05-15 10:38 - 2017-05-15 10:54 - 00251832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-05-15 10:38 - 2017-05-15 10:54 - 00113592 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-05-15 10:38 - 2017-05-15 10:54 - 00093624 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-05-15 10:38 - 2017-05-15 10:54 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-05-15 10:38 - 2017-05-15 10:38 - 00187320 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-05-15 10:37 - 2017-05-15 10:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-05-15 10:37 - 2017-05-15 10:37 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-05-15 10:37 - 2017-05-15 10:37 - 00000000 ____D C:\Program Files\Malwarebytes
2017-05-15 10:37 - 2017-05-09 16:37 - 00077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-05-15 10:33 - 2017-05-15 10:34 - 00000000 ____D C:\Users\Melli\Desktop\Neuer Ordner
2017-05-15 10:26 - 2017-05-15 10:26 - 00012727 _____ C:\Users\Melli\Desktop\AdwCleaner[C0].txt
2017-05-15 10:11 - 2017-05-15 10:12 - 00000000 ____D C:\Program Files (x86)\GUM2068.tmp
2017-05-15 10:10 - 2017-05-15 10:19 - 00000000 ____D C:\AdwCleaner
2017-05-15 10:07 - 2017-05-15 11:01 - 01663672 _____ (Malwarebytes) C:\Users\Melli\Downloads\JRT.exe
2017-05-15 10:06 - 2017-05-15 10:35 - 63035592 _____ (Malwarebytes ) C:\Users\Melli\Downloads\mb3-setup-consumer-3.1.2.1733.exe
2017-05-15 10:06 - 2017-05-15 10:10 - 04102600 _____ C:\Users\Melli\Downloads\AdwCleaner_6.046.exe
2017-04-19 02:17 - 2017-04-19 02:17 - 00395520 _____ (Microsoft Corporation) C:\WINDOWS\system32\vccorlib140.dll
2017-04-19 02:17 - 2017-04-19 02:17 - 00243992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\concrt140.dll
2017-04-19 02:17 - 2017-04-19 02:17 - 00087792 _____ (Microsoft Corporation) C:\WINDOWS\system32\vcruntime140.dll
2017-04-19 02:14 - 2017-04-19 02:14 - 00633072 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp140.dll
2017-04-19 02:14 - 2017-04-19 02:14 - 00440048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp140.dll
2017-04-19 02:14 - 2017-04-19 02:14 - 00267520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vccorlib140.dll
2017-04-19 02:13 - 2017-04-19 02:13 - 00333592 _____ (Microsoft Corporation) C:\WINDOWS\system32\concrt140.dll
2017-04-19 02:13 - 2017-04-19 02:13 - 00083696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vcruntime140.dll
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-05-15 11:13 - 2017-01-25 22:02 - 00019385 _____ C:\Users\Melli\Downloads\FRST.txt
2017-05-15 11:13 - 2017-01-25 22:02 - 00000000 ____D C:\FRST
2017-05-15 11:13 - 2017-01-25 22:00 - 02429952 _____ (Farbar) C:\Users\Melli\Downloads\FRST64.exe
2017-05-15 11:10 - 2016-07-16 13:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-05-15 11:00 - 2016-07-17 00:51 - 00513408 _____ C:\WINDOWS\system32\perfh007.dat
2017-05-15 11:00 - 2016-07-17 00:51 - 00095516 _____ C:\WINDOWS\system32\perfc007.dat
2017-05-15 11:00 - 2016-03-16 15:44 - 01475286 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-05-15 10:59 - 2016-07-16 13:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-05-15 10:56 - 2016-12-05 17:38 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-05-15 10:56 - 2016-03-31 15:57 - 00000000 __SHD C:\Users\Melli\IntelGraphicsProfiles
2017-05-15 10:54 - 2016-03-16 16:48 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-05-15 10:53 - 2016-12-07 20:11 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-05-15 10:53 - 2016-07-16 08:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-05-15 10:43 - 2016-12-05 17:30 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-05-15 10:28 - 2016-12-11 11:54 - 00003290 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-05-15 10:28 - 2016-03-31 15:48 - 00002394 _____ C:\Users\Melli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-05-15 10:28 - 2016-03-31 15:47 - 00000000 ___RD C:\Users\Melli\OneDrive
2017-05-15 10:17 - 2017-01-23 14:12 - 00532136 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-05-15 10:16 - 2016-07-16 13:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-05-15 10:16 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-05-15 10:15 - 2017-01-23 18:03 - 00003628 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-05-15 10:15 - 2017-01-23 18:03 - 00003504 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-05-05 18:25 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-04-15 22:41 - 2017-04-04 11:16 - 00000000 ____D C:\Users\Melli\AppData\Roaming\vlc
Dateien, die verschoben oder gelöscht werden sollten:
====================
C:\Users\Public\VOIP.dat
Einige Dateien in TEMP:
====================
2016-12-12 13:11 - 2016-12-12 13:11 - 0012305 _____ () C:\Users\Melli\AppData\Local\Temp\SIntf16.dll
2016-12-12 13:11 - 2016-12-12 13:11 - 0020016 _____ () C:\Users\Melli\AppData\Local\Temp\SIntf32.dll
2016-12-12 13:11 - 2016-12-12 13:11 - 0024744 _____ () C:\Users\Melli\AppData\Local\Temp\SIntfNT.dll
==================== Bamital & volsnap ======================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2017-04-05 00:00
==================== Ende von FRST.txt ============================
[/CODE] Addition.txt Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 14-05-2017
durchgeführt von Melli (15-05-2017 11:17:32)
Gestartet von C:\Users\Melli\Downloads
Windows 10 Home Version 1607 (X64) (2016-12-07 18:39:12)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-3558395630-511898349-2301767398-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3558395630-511898349-2301767398-503 - Limited - Disabled)
Gast (S-1-5-21-3558395630-511898349-2301767398-501 - Limited - Disabled)
Melli (S-1-5-21-3558395630-511898349-2301767398-1001 - Administrator - Enabled) => C:\Users\Melli
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Adobe Flash Player 24 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
ALDI Bestellsoftware (HKLM-x32\...\ALDI Bestellsoftware) (Version: 5.2.2. - ORWO_Net)
Bluetooth(R) Link (HKLM\...\{3F3DCC8C-2C93-4082-A6DE-BBDC74804FA0}) (Version: 4.3.03 - Toshiba Corporation)
Canon MP550 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP550_series) (Version: - Canon Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.66.8.52 - Conexant)
ELAN Touchpad 15.8.12.5_X64_WHQL (HKLM\...\Elantech) (Version: 15.8.12.5 - ELAN Microelectronic Corp.)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 17.3.24.20160418 - Landesfinanzdirektion Thüringen)
Get Dropbox (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 1.0.8.0 - Dropbox, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
Intel(R) Chipset Device Software (x32 Version: 10.1.1.7 - Intel(R) Corporation) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4214 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 2.0.0.1067 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{FD46588A-DB19-4C43-B657-EA898E280812}) (Version: 17.1.1524.1353 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{d9e230c1-06bb-4b78-a9f1-c1ddce14e6fc}) (Version: 18.11.0 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{84DB01CB-7EB7-4261-9249-99A32768D991}) (Version: 1.0.0.523 - Intel Corporation)
Malwarebytes Version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Manager (x32 Version: 4.0.1.25166 - 2015 pdfforge GmbH. All rights reserved) Hidden
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 16.0.7967.2139 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3558395630-511898349-2301767398-1001\...\OneDriveSetup.exe) (Version: 17.3.6799.0327 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3558395630-511898349-2301767398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05152017105434738\...\OneDriveSetup.exe) (Version: 17.3.6799.0327 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7967.2139 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7967.2139 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7967.2139 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7668.2066 - Microsoft Corporation) Hidden
PDF Architect 4 (HKLM-x32\...\PDF Architect 4) (Version: 4.0.34.26215 - pdfforge GmbH)
PDF Architect 4 Create Module (Version: 4.1.5.29097 - pdfforge GmbH) Hidden
PDF Architect 4 Edit Module (Version: 4.1.5.29097 - pdfforge GmbH) Hidden
PDF Architect 4 View Module (Version: 4.1.5.29097 - pdfforge GmbH) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.3.0 - pdfforge GmbH)
TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 3.0.3.0 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{72EFCFA8-3923-451D-AF52-7CE9D87BC2A1}) (Version: 3.0.0.6406 - Toshiba Corporation)
TOSHIBA Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.20 - TOSHIBA)
TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{26BB68BB-CF93-4A12-BC6D-A3B6F53AC8D9}) (Version: 8.1.1.0 - Toshiba Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{B507386D-1F61-4E55-B05B-F56ACB0086B3}) (Version: 5.01.02.6400 - Toshiba Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.3.00.8003 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{55C30C5F-BDA9-459E-984D-BDD31BAA8CCF}) (Version: 3.1.2.0 - Toshiba Corporation)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 2.00.0005 - Toshiba Corporation)
TOSHIBA System Settings (HKLM\...\{B040D5C9-C9AA-430A-A44E-696656012E61}) (Version: 3.0.0.6406 - Toshiba Corporation)
Toshiba TEMPRO (HKLM-x32\...\{E4C7D9D7-19D4-4623-AF0C-EA313C466411}) (Version: 5.0.0 - Toshiba Europe GmbH)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {004E856B-B138-468D-AE5F-044FDB6AABF7} - System32\Tasks\BTSchedulerTask => C:\Program Files (x86)\TOSHIBA\Toshiba Bluetooth Device Profile Utility\TosBt_NotificationScheduler.exe [2015-07-08] (Toshiba Corporation)
Task: {0ABBC8DD-5439-43AC-9854-635993C68B38} - System32\Tasks\{61BECC28-D615-7B83-1A12-F3F9E66907AF} => C:\ProgramData\{0012C459-B7B9-73F2-17C2-8C18CA06FE50}\AA944A14-1D3F-FDBF-8E65-41C201693C18.exe <==== ACHTUNG
Task: {14E45553-0131-4769-9A2C-6C3CE64E07E0} - System32\Tasks\{DEA6D0C3-690D-6768-CC5D-CCAA6F0AA319} => C:\ProgramData\{20F84C3F-9753-FB94-0F1C-4C630F861C95}\93E3B1FD-2448-0656-C491-9651B394DBB3.exe <==== ACHTUNG
Task: {2B44A666-DE95-4AF6-B4A2-B2A8DE5DCA6F} - System32\Tasks\{CB661BB0-7CCD-AC1B-5432-AFC40FCA0A4E} => C:\ProgramData\{6A2E2DCA-DD85-9A61-C8A1-DB29CA65B0C8}\2BA70AB2-9C0C-BD19-2456-92B1E8A8010F.exe <==== ACHTUNG
Task: {2E1E2BA7-5B4D-4D32-9393-39609D01C22B} - System32\Tasks\{B0552A73-07FE-9DD8-3455-7DDAABD0CBFC} => C:\ProgramData\{D8D6C3DF-6F7D-7474-AD15-F032E08564C6}\5B4DFCC0-ECE6-4B6B-C78A-A0DD6FB00A3E.exe <==== ACHTUNG
Task: {30F2B9B1-6AD7-4C4D-944A-027FEAA2BBB6} - System32\Tasks\{C8B2F0B8-7F19-4713-9699-138B1D25F962} => C:\ProgramData\{743C0486-C397-B32D-B361-9D19EAFDF3EA}\83CF4383-3464-F428-E32B-EDD02E94BE13.exe <==== ACHTUNG
Task: {35D0CD06-B95E-47BA-A9C9-F51F22F24E1A} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashUtil32_24_0_0_186_pepper.exe [2016-12-18] (Adobe Systems Incorporated)
Task: {421C0C7D-FF2F-4618-BCAF-17BA112EF8A9} - System32\Tasks\{18751D79-AFDE-AAD2-B3EC-2F63C1444386} => C:\ProgramData\{EB61D9F5-5CCA-6E5E-CF1A-7B7B9B7035C2}\FDAAE47A-4A01-53D1-0FD5-C2DAC6EFDD7A.exe <==== ACHTUNG
Task: {491F696B-4D15-4DDB-AEA0-B85687A80B6B} - System32\Tasks\{EEC51353-596E-A4F8-404B-5A4476333711} => C:\ProgramData\{F653D896-41F8-6F3D-D834-3F905DDF9E7E}\1D81C99B-AA2A-7E30-1890-AF9DBEE4677A.exe <==== ACHTUNG
Task: {4F3F906A-7199-402E-B036-7F4A2806B050} - System32\Tasks\{8529BCC1-3282-0B6A-8E18-E168A642A72C} => C:\ProgramData\{0161CDE3-B6CA-7A48-ED3D-EBE52ACB2E37}\DBE3D63C-6C48-6197-A0BF-B86F63F31402.exe <==== ACHTUNG
Task: {58313419-BD58-434F-8B34-9D18D7FFAA14} - System32\Tasks\Toshiba\CommonNotifier => C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe [2015-11-17] (Toshiba Europe GmbH)
Task: {5BE02E80-A635-4B6C-8885-051256BC7ADF} - System32\Tasks\{EADAD293-5D71-6538-F37C-40EB7F326117} => C:\ProgramData\{46CAEE9E-F161-5935-4119-D0A11C1D9B1D}\7F5C0C0C-C8F7-BBA7-184E-5C6B6D6EE57F.exe <==== ACHTUNG
Task: {5CD74435-EEE5-48D1-895E-8A4C6F9DFE27} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-04-19] (Microsoft Corporation)
Task: {5CDA5C7E-0629-4EFE-A97E-F3EC45EB82F5} - System32\Tasks\{10668AF7-A7CD-3D5C-9CB1-AF35A6CAF2E3} => C:\ProgramData\{34703C29-83DB-8B82-F86E-D7BDA9328C51}\4B94CB96-FC3F-7C3D-F0E1-30D00C237563.exe <==== ACHTUNG
Task: {600F7DAE-D293-4B26-9E37-226308B10BEA} - System32\Tasks\{474B4B9A-F0E0-FC31-97AF-6F236F805ADB} => C:\ProgramData\{F64EEC7D-41E5-5BD6-3FD5-11A4003D59EF}\3A84C1A9-8D2F-7602-484E-A039946E3181.exe <==== ACHTUNG
Task: {67299D63-2F71-4782-B9BC-6884A06A630F} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2015-05-29] ()
Task: {684F733E-F958-4F1E-9953-F5CA44A37C57} - System32\Tasks\{ADDAB964-1A71-0ECF-A1FE-D3097EC256F5} => C:\ProgramData\{BFAFC87F-0804-7FD4-0075-45004890FEFE}\DC91E7BA-6B3A-5011-B6C4-FFF35090BCF5.exe <==== ACHTUNG
Task: {74892F59-E383-4CA5-B7CE-AA0D41067E3D} - System32\Tasks\{45B83A7A-F213-8DD1-90C7-CE5AC68EA8F6} => C:\ProgramData\{732E2D74-C485-9ADF-A261-14EE1856C113}\5CEC0069-EB47-B7C2-0801-2C2FBF1C9162.exe <==== ACHTUNG
Task: {7864DA87-9CD7-4C92-B16D-DE979B972808} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-23] (Google Inc.)
Task: {793160BE-969C-48CC-BA35-7B049B55285A} - System32\Tasks\{D2495F22-65E2-E889-6BC5-AE08620FC339} => C:\ProgramData\{0674E02B-B1DF-5780-52CD-06F38E18EF72}\0097BE07-B73C-09AC-42EB-BB0633CBB71B.exe <==== ACHTUNG
Task: {7F40E98B-B7EA-4228-9FB6-8051D6BEB4FA} - System32\Tasks\{817398AC-51DD-4E1E-11A2-F6488E93014A} => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\453af114\67839f4d.dll" <==== ACHTUNG
Task: {8CCE5623-69FA-4CA4-AB91-4E6184D8956B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-23] (Google Inc.)
Task: {8EED8283-C757-4498-9707-E15BB66ED97C} - System32\Tasks\{18067DA9-AFAD-CA02-9C9A-97317578930F} => C:\ProgramData\{59AAFBBF-EE01-4C14-EFE3-8DFFB0B4A813}\DC63EE02-6BC8-59A9-FB15-E28770AF761A.exe <==== ACHTUNG
Task: {8F7C7E5F-4D43-4C43-9104-7323774C6242} - System32\Tasks\{995AB752-2EF1-00F9-97E7-5C51F082050E} => C:\ProgramData\{96FB75E2-2150-C249-A68F-BA19C1DEA2BB}\21520E6D-96F9-B9C6-CF2C-4643D6D4D8CD.exe <==== ACHTUNG
Task: {9460956E-85E3-46AF-B4EF-E49BEBD2A919} - System32\Tasks\{F1B0C035-461B-779E-E041-B077D1AC3C8E} => C:\ProgramData\{A4D47D3F-137F-CA94-E534-2B856533BE41}\A013830B-17B8-34A0-20B8-B8F94BD644C8.exe <==== ACHTUNG
Task: {95437E85-D792-4974-B440-74B8BC85BCF5} - System32\Tasks\{C46A13C6-73C1-A46D-1423-0C76773F9448} => C:\ProgramData\{E36A5D4D-54C1-EAE6-21FE-8FAF966D9483}\F1E93857-4642-8FFC-C78C-5C0961222103.exe <==== ACHTUNG
Task: {964D0699-EA46-4C8B-BDD7-5EA3D889BDFA} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Melli\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {995CDE15-7C38-4C12-96FA-F913CC635560} - System32\Tasks\{06DBF5B1-B170-421A-F079-F7369AF01B36} => C:\ProgramData\{6B90CD55-DC3B-7AFE-6F9D-56B6E77FA85B}\940BA93E-23A0-1E95-1114-9375D94849CE.exe <==== ACHTUNG
Task: {A3B9D0A8-A55D-4BE5-B963-9D8B4BA28810} - System32\Tasks\{D1383311-6693-84BA-535D-5BD0761ABE94} => C:\ProgramData\{E042D4C0-57E9-636B-D53A-FB5737843EA3}\9AF3F354-2D58-44FF-56BE-CAE06BEED9D9.exe <==== ACHTUNG
Task: {A4172680-E833-44BC-8A73-A01717F23458} - System32\Tasks\{C8DAED5C-7F71-5AF7-6AC6-39900CB94DE0} => C:\ProgramData\{2F7FBBA9-98D4-0C02-B353-AEB8D3192D17}\C92A3985-7E81-8E2E-95E3-E66BF9893FFA.exe <==== ACHTUNG
Task: {ADBC0DE2-430D-4777-819C-3F10D9EE5059} - System32\Tasks\{CAB6B406-7D1D-03AD-311A-825DDC8142D7} => C:\ProgramData\{D9002656-6EAB-91FD-CF63-34BC7EB6828B}\5F07CC39-E8AC-7B92-88CB-76098FE09339.exe <==== ACHTUNG
Task: {B092A958-BA8F-4A4C-82C4-B1B2B13F0AE1} - System32\Tasks\{FE808FC9-492B-3862-F3D5-A654104E41DA} => C:\ProgramData\{E79A6FF2-5031-D859-A552-DA7DDA015338}\D801707C-6FAA-C7D7-6B1D-54760F670D37.exe <==== ACHTUNG
Task: {B1034846-55EE-4D1C-954F-6D14BF46F215} - System32\Tasks\{6D13B7B2-DAB8-0019-D6F4-B3B05E852C02} => C:\ProgramData\{E0373FAC-579C-8807-1EA6-5707BD295BFB}\F68D90AD-4126-2706-E6B9-C511C0F8BB33.exe <==== ACHTUNG
Task: {B838031F-1C27-4622-B824-6F6E6EA27DB8} - System32\Tasks\{183EC251-AF95-75FA-E064-9FB267E18B8C} => C:\ProgramData\{426AB606-F5C1-01AD-D1B7-41A561505EE8}\41E4B039-F64F-0792-61A9-D73527FE90D4.exe <==== ACHTUNG
Task: {BE64BC58-41ED-4CC0-96D8-0BE5A990AB53} - System32\Tasks\{B0FFCEEF-0754-7944-37E3-D26EAC37AB7D} => C:\ProgramData\{24CE4055-9365-F7FE-019C-ECAE350D0B80}\BDE28835-0A49-3F9E-55BC-2963CB0E7380.exe <==== ACHTUNG
Task: {BFA70ED2-0793-464A-866B-1AB97A278994} - System32\Tasks\{B6B2FC32-0119-4B99-C585-7CAD748D4D3B} => C:\ProgramData\{12B25416-A519-E3BD-594C-A72E402DD61C}\44B06354-F31B-D4FF-A679-68ECF2071349.exe <==== ACHTUNG
Task: {D038DA7C-F5E8-4DEB-9583-655499D66EA4} - System32\Tasks\{40E56021-F74E-D78A-1810-152107E0CB73} => C:\ProgramData\{0EB02E88-B91B-9923-E1D8-9801D1DF56EF}\72D13C30-C57A-8B9B-B420-6882757915E2.exe <==== ACHTUNG
Task: {D316C4F3-228B-4820-B5F7-5C87EF24A7D2} - System32\Tasks\{9810C86B-2FBB-7FC0-3DEF-5011F5ADA336} => C:\ProgramData\{682543FF-DF8E-F454-95D8-5D13905EAAF7}\2198E78D-9633-5026-1495-A47B4E80B052.exe <==== ACHTUNG
Task: {DCA5C4BF-7ECC-4294-8CC3-DC7BF36DE755} - System32\Tasks\{BA1AA638-0DB1-1193-BC04-3958DBA282AD} => C:\ProgramData\{F5B843C4-4213-F46F-EFD1-18A3D3884AA7}\32D83837-8573-8F9C-6F3E-040FAE28474A.exe <==== ACHTUNG
Task: {DD5A1A74-C964-4AFF-9B30-4E2AEA8D40C9} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2015-07-30] (TOSHIBA Corporation)
Task: {E7170484-15A7-4049-B182-EE0E6F433450} - System32\Tasks\{02E17B1C-B54A-CCB7-4AC8-5E103AF43BDE} => C:\ProgramData\{A25F479B-15F4-F030-6C0B-9BC1C0B7360A}\006F2067-B7C4-97CC-ECAE-5FCD0DFD93B1.exe <==== ACHTUNG
Task: {E851B5DD-E48C-412B-A69C-4FDE5A36B888} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-05-15] (Microsoft Corporation)
Task: {EB092A70-683F-4067-AD1A-601B4C344F32} - System32\Tasks\{54C9F273-E362-45D8-87E4-EA2DA69A3613} => C:\ProgramData\{9007E8DD-27AC-5F76-252F-EADB756B197B}\F32426DB-448F-9170-9C4B-800F82371A16.exe <==== ACHTUNG
Task: {EBDA6888-6D99-4160-AC2C-CF1C93DDC972} - System32\Tasks\{FF479D5A-48EC-2AF1-DB72-0F0588A003A0} => C:\ProgramData\{F16D16C0-46C6-A16B-9321-025151356DDF}\98A332B4-2F08-851F-F379-71085F83CAB3.exe <==== ACHTUNG
Task: {EDF72D6E-09A5-4AB6-9BB3-CAEFC70C3A84} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-04-19] (Microsoft Corporation)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashUtil32_24_0_0_186_pepper.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2016-07-16 13:42 - 2016-07-16 13:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-14 16:06 - 2016-12-09 12:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-02-26 11:12 - 2015-02-26 11:12 - 00007680 _____ () C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
2017-05-15 10:37 - 2017-05-09 16:38 - 02270672 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2016-12-14 16:06 - 2016-12-09 12:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2017-01-12 11:49 - 2016-12-21 08:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-12 11:48 - 2016-12-21 08:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-12 11:48 - 2016-12-21 08:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-12 11:48 - 2016-12-21 08:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-12 11:48 - 2016-12-21 08:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-12 11:48 - 2016-12-21 08:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2012-07-18 19:38 - 2012-07-18 19:38 - 00020904 _____ () C:\Program Files\TOSHIBA\System Setting\SmoothView.dll
2016-12-05 17:10 - 2016-12-05 17:10 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-12 11:49 - 2016-12-21 09:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2015-07-10 13:04 - 2015-07-10 13:02 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05152017105434519\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05152017105434629\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-3558395630-511898349-2301767398-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Melli\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{47c758ca-e009-4135-8ab5-98e8daa6cf82}.jpg
HKU\S-1-5-21-3558395630-511898349-2301767398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05152017105434738\Control Panel\Desktop\\Wallpaper -> C:\Users\Melli\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{47c758ca-e009-4135-8ab5-98e8daa6cf82}.jpg
DNS Servers: 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
HKLM\...\StartupApproved\Run: => "SmartAudio"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [{FEE48EDB-238C-4377-92A2-A6BC8E2023C9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3F3583D9-B6BC-4775-8F24-0777D9760D2A}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{06417D24-1C84-4D26-A2D7-35B85CB0C265}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{112A85F0-8492-495F-8EEA-1C70A2656D08}] => (Allow) C:\Program Files (x86)\Spotify\Spotify.exe
FirewallRules: [{9A265003-1992-40FF-BAE3-14280A761083}] => (Allow) C:\Program Files (x86)\Spotify\Spotify.exe
FirewallRules: [{029EE2F2-BDBB-49B2-9BFB-E72AE31EB606}] => (Allow) C:\Program Files (x86)\Spotify\SpotifyWebHelper.exe
FirewallRules: [{0129A0E3-3318-410E-A25F-F80C9F680710}] => (Allow) C:\Program Files (x86)\Spotify\SpotifyWebHelper.exe
FirewallRules: [{22F9CC10-E313-4640-AAE8-79F4684A36FF}] => (Allow) C:\Program Files (x86)\Spotify\SpotifyCrashService.exe
FirewallRules: [{C60B9ED5-2F74-489E-9448-92AA92AB7202}] => (Allow) C:\Program Files (x86)\Spotify\SpotifyCrashService.exe
FirewallRules: [{1DF7617F-1D79-4AAC-8541-5384C4D1D518}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Wiederherstellungspunkte =========================
27-02-2017 23:17:49 Geplanter Prüfpunkt
07-03-2017 13:59:45 Geplanter Prüfpunkt
15-03-2017 14:03:20 Geplanter Prüfpunkt
15-05-2017 11:01:41 JRT Pre-Junkware Removal
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (05/15/2017 11:02:29 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.
System Error:
Zugriff verweigert
.
Error: (05/15/2017 10:28:32 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP-9PNHF3HP)
Description: Bei der Aktivierung der App „Microsoft.Windows.Photos_8wekyb3d8bbwe!App“ ist folgender Fehler aufgetreten: -2144927142. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (05/15/2017 10:14:31 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP-9PNHF3HP)
Description: Bei der Aktivierung der App „Microsoft.BingWeather_8wekyb3d8bbwe!App“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (05/15/2017 10:03:12 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
Error: (04/15/2017 12:30:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: TPCHSrv.exe, Version: 2.0.0.10, Zeitstempel: 0x55adeb4c
Name des fehlerhaften Moduls: TPCHSrv.exe, Version: 2.0.0.10, Zeitstempel: 0x55adeb4c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000051930
ID des fehlerhaften Prozesses: 0xd8c
Startzeit der fehlerhaften Anwendung: 0x01d2b55d1309440b
Pfad der fehlerhaften Anwendung: C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
Pfad des fehlerhaften Moduls: C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
Berichtskennung: 528ee5fa-fbcf-4b28-a769-469d84f4c60e
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (04/05/2017 11:41:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: TCrdMain_Win8.exe, Version: 2.1.3.4, Zeitstempel: 0x55895a9d
Name des fehlerhaften Moduls: ntdll.dll, Version: 10.0.14393.479, Zeitstempel: 0x5825887f
Ausnahmecode: 0xc0000374
Fehleroffset: 0x00000000000f8283
ID des fehlerhaften Prozesses: 0x1f3c
Startzeit der fehlerhaften Anwendung: 0x01d2ad23d77c9be9
Pfad der fehlerhaften Anwendung: C:\Program Files\TOSHIBA\System Setting\TCrdMain_Win8.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\SYSTEM32\ntdll.dll
Berichtskennung: fee7a147-1f61-4220-aef8-c593bd8f966e
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (04/05/2017 12:00:04 AM) (Source: COM) (EventID: 18221) (User: NT-AUTORITÄT)
Description: Beim Herstellen der Verbindung mit dem RPCSS-Dienst wurde dem Benutzer "Nicht verfügbar\Nicht verfügbar" (SID: S-1-5-18) der Zugriff auf die COM-Serveranwendung "C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe" im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) verweigert. Wahrscheinlichste Ursache: Dem Benutzer oder der Anwendung werden aufgrund der computerweiten Zugriffslimits keine lokalen Zugriffsberechtigungen gewährt. Die Zugriffslimits können mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (04/05/2017 12:00:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: TPCHSrv.exe, Version: 2.0.0.10, Zeitstempel: 0x55adeb4c
Name des fehlerhaften Moduls: TPCHDISK.dll, Version: 1.0.0.4, Zeitstempel: 0x55a5ed89
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000002470
ID des fehlerhaften Prozesses: 0x1650
Startzeit der fehlerhaften Anwendung: 0x01d2ad244315c6fd
Pfad der fehlerhaften Anwendung: C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
Pfad des fehlerhaften Moduls: C:\Program Files\TOSHIBA\TPHM\TPCHDISK.dll
Berichtskennung: fd5f9a74-f8e9-40e9-9abe-5d859501b347
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (04/03/2017 09:38:52 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
Error: (04/03/2017 09:32:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: TPCHSrv.exe, Version: 2.0.0.10, Zeitstempel: 0x55adeb4c
Name des fehlerhaften Moduls: TPCHSrv.exe, Version: 2.0.0.10, Zeitstempel: 0x55adeb4c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000051930
ID des fehlerhaften Prozesses: 0x9ec
Startzeit der fehlerhaften Anwendung: 0x01d2a7f6848f493c
Pfad der fehlerhaften Anwendung: C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
Pfad des fehlerhaften Moduls: C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
Berichtskennung: d18a9f71-acd2-4796-9c0f-daa62b845432
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Systemfehler:
=============
Error: (05/15/2017 10:56:30 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Lokaler Dienst" (SID: S-1-5-19) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
und der APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (05/15/2017 10:56:30 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Lokaler Dienst" (SID: S-1-5-19) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
und der APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (05/15/2017 10:51:56 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
und der APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (05/15/2017 10:26:00 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-9PNHF3HP)
Description: Der Server "{21F282D1-A881-49E1-9A3A-26E44E39B86C}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (05/15/2017 10:23:59 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Lokaler Dienst" (SID: S-1-5-19) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
und der APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (05/15/2017 10:23:59 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Lokaler Dienst" (SID: S-1-5-19) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
und der APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (05/15/2017 10:21:31 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.
Modulpfad: C:\WINDOWS\System32\IWMSSvc.dll
Error: (05/15/2017 10:21:31 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.
Modulpfad: C:\WINDOWS\System32\IWMSSvc.dll
Error: (05/15/2017 10:21:23 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.
Modulpfad: C:\WINDOWS\System32\IWMSSvc.dll
Error: (05/15/2017 10:21:21 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
und der APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Pentium(R) CPU N3700 @ 1.60GHz
Prozentuale Nutzung des RAM: 49%
Installierter physikalischer RAM: 4008.28 MB
Verfügbarer physikalischer RAM: 2029.08 MB
Summe virtueller Speicher: 4776.28 MB
Verfügbarer virtueller Speicher: 2544.3 MB
==================== Laufwerke ================================
Drive c: (TIH0043200A) (Fixed) (Total:921.59 GB) (Free:768.87 GB) NTFS
Drive f: () (Removable) (Total:29.71 GB) (Free:27.77 GB) FAT32
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 00000000)
Partition: GPT.
========================================================
Disk: 1 (Size: 29.7 GB) (Disk ID: 00000000)
Partition: GPT.
==================== Ende von Addition.txt ============================
|
|
| Themen zu Willkürlich öffnen von Tabs bei jeglichem Browser |
| browse, browser, chrome, dankbar, defender, firefox, gefunde, hilfe, jegliche, kaspersky, microsoft, microsoft edge, nichts, scan, scanner, seite, thema, virenscan, virenscanner, willkürlich, win10, windows, windows defender, zusammen, öffnen |
Linear-Darstellung
