HTML/Infected.WebPage.Gen2 von Avira in Quarantäne verschoben

BLaDe. · 02.11.2017, 16:14

Hallo zusammen,

heute morgen ist mir beim Surfen über den Internet Explorer ein Werbefenster aufgeploppt. Sah schon verdächtig nach einem Virus aus da es eine angebliche Computersperre sein sollte, wo man anrufen müsste um sich freizuschalten etc. Logisch direkt geschlossen und Browser zugemacht.
Avira hatte im selben Moment den HTML/Infected.WebPage.Gen2 in Quarantäne verschoben, habe es dann direkt gelöscht.
Habe dann Avira komplett durchlaufen lassen, nichts gefunden und ADWCleaner und Malwarebytes haben auch nichts gefunden.
Jetzt im nachhinein bin ich mir doch etwas unsicher ob ich nicht etwas eingefangen habe? Der Rechner ist schon wichtig und da dürfte keine Malware drauf sein.

Könnt ihr mir weiter helfen was ich noch unternehmen kann?

MFG

BLaDe.

M-K-D-B · 02.11.2017, 17:35

Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.

Um die Bereinigung möchlichst effektiv und schnell gestalten zu können, bitte ich um Beachtung der folgenden Hinweise:

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
Lies dir meine Anleitungen immer sorgfältig durch, arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste immer alle Logdateien (auch wenn nichts gefunden wurde). Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo. Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
Außerdem bitte ich dich, nicht eigenmächtig irgendwelche Sicherheitsprogramme auszuführen und damit deinen Rechner zu überprüfen/bereinigen, da ich so leicht den Überblick verlieren kann.
Zudem hättest du dir das Eröffnen eines Themas in diesem Fall auch gleich sparen können, wenn du dann doch wieder alleine rumhantierst.
Bitte beachten: Download bei filepony.de: So ladet Ihr unsere Tools richtig!
Alle zu verwendenen Programme sind auf dem Desktop ( C:\users\dein Benutzername\Desktop\ ) abzuspeichern und von dort als Administrator zu starten!
Einige Programme, die wir hier verwenden, können unter Umständen von deinem Antiviren- oder Anti-Malwareprogramm fälschlicherweise als Bedrohung eingestuft werden. Die Sicherheitsprogramme können aufgrund eines bestimmten Programmverhaltens nicht zwischen "gut" oder "böse" unterscheiden und schlagen Alarm. Dabei handelt es sich um Fehlalarme, welche du getrost ignorieren kannst. Gegebenenfalls musst du deine Sicherheitssoftware vor der Ausführung eines Programms deaktivieren, damit unsere Bereinigungsvorgänge nicht beeinträchtigt werden.
Sollten die Logdateien einmal die zulässige Länge (~ 120.000 Zeichen) überschreiten, so teile die Logdateien auf mehrere Posts auf.
Zur Not kannst du die Logdateien dann auch zippen (in ein .zip Archiv packen) und als Anhang hochladen.
Bitte arbeite so lange mit mir zusammen, bis ich dir sage, dass wir fertig sind und dein Rechner "sauber" ist. Das vorzeitige Verschwinden von Symptomen heißt nicht automatisch, dass dein Rechner bereits vollständig sauber ist.
In der Regel antworte ich dir innerhalb von 24 Stunden, oft sogar wesentlich schneller.
Jedoch habe auch ich einen normalen Beruf und Familie. Ich bin daher nicht jeden Tag stundenlag hier im Forum unterwegs. Es kann unter Umständen bis zu 2 Tage dauern, bis du eine Antwort von mir erhältst. Sollte diese Zeit überschritten sein, so kannst du mir gerne eine PM als Erinnerung schicken.

Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke aauf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Danke für deine Mitarbeit!

Schritt 1
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Schritt 2
Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Bitte poste mit deiner nächsten Antwort

die Logdatei von TDSS-Killer,
die beiden neuen Logdateien von FRST.

BLaDe. · 02.11.2017, 18:23

Hallo Matthias, danke dir im Vorraus schon für deine Hilfe!

FRST-LOG

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 01-11-2017
durchgeführt von Anisimov (Administrator) auf EUGEN (02-11-2017 18:15:25)
Gestartet von C:\Users\Anisimov\Desktop
Geladene Profile: Anisimov &  (Verfügbare Profile: Anisimov)
Platform: Windows 8.1 (Update) (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Blizzard\Bonjour Service\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Sony) C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Sony) C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanionAgent.exe
(Spotify Ltd) C:\Users\Anisimov\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(SteelSeries ApS) C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Dropbox, Inc.) C:\Users\Anisimov\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dropbox, Inc.) C:\Users\Anisimov\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dropbox, Inc.) C:\Users\Anisimov\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2013-06-17] (Hewlett-Packard )
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1702912 2013-06-17] (IDT, Inc.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
HKU\S-1-5-21-2170353134-3406697385-2337659682-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2860832 2016-10-13] (Valve Corporation)
HKU\S-1-5-21-2170353134-3406697385-2337659682-1001\...\Run: [XperiaCompanionAgent] => C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanionAgent.exe [2105728 2017-05-31] (Sony)
HKU\S-1-5-21-2170353134-3406697385-2337659682-1001\...\Run: [Spotify Web Helper] => C:\Users\Anisimov\AppData\Roaming\Spotify\SpotifyWebHelper.exe [777840 2017-10-28] (Spotify Ltd)
HKU\S-1-5-21-2170353134-3406697385-2337659682-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10021040 2017-10-18] (Piriform Ltd)
HKU\S-1-5-21-2170353134-3406697385-2337659682-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2860832 2016-10-13] (Valve Corporation)
HKU\S-1-5-21-2170353134-3406697385-2337659682-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [XperiaCompanionAgent] => C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanionAgent.exe [2105728 2017-05-31] (Sony)
HKU\S-1-5-21-2170353134-3406697385-2337659682-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spotify Web Helper] => C:\Users\Anisimov\AppData\Roaming\Spotify\SpotifyWebHelper.exe [777840 2017-10-28] (Spotify Ltd)
HKU\S-1-5-21-2170353134-3406697385-2337659682-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11022017111054718\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2860832 2016-10-13] (Valve Corporation)
HKU\S-1-5-21-2170353134-3406697385-2337659682-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11022017111054718\...\Run: [XperiaCompanionAgent] => C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanionAgent.exe [2105728 2017-05-31] (Sony)
HKU\S-1-5-21-2170353134-3406697385-2337659682-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11022017111054718\...\Run: [Spotify Web Helper] => C:\Users\Anisimov\AppData\Roaming\Spotify\SpotifyWebHelper.exe [777840 2017-10-28] (Spotify Ltd)
HKU\S-1-5-21-2170353134-3406697385-2337659682-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11022017142951722\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2860832 2016-10-13] (Valve Corporation)
HKU\S-1-5-21-2170353134-3406697385-2337659682-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11022017142951722\...\Run: [XperiaCompanionAgent] => C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanionAgent.exe [2105728 2017-05-31] (Sony)
HKU\S-1-5-21-2170353134-3406697385-2337659682-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11022017142951722\...\Run: [Spotify Web Helper] => C:\Users\Anisimov\AppData\Roaming\Spotify\SpotifyWebHelper.exe [777840 2017-10-28] (Spotify Ltd)
HKU\S-1-5-21-2170353134-3406697385-2337659682-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11022017142951722\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10021040 2017-10-18] (Piriform Ltd)
HKU\S-1-5-21-2170353134-3406697385-2337659682-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11022017161502191\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2860832 2016-10-13] (Valve Corporation)
HKU\S-1-5-21-2170353134-3406697385-2337659682-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11022017161502191\...\Run: [XperiaCompanionAgent] => C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanionAgent.exe [2105728 2017-05-31] (Sony)
HKU\S-1-5-21-2170353134-3406697385-2337659682-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11022017161502191\...\Run: [Spotify Web Helper] => C:\Users\Anisimov\AppData\Roaming\Spotify\SpotifyWebHelper.exe [777840 2017-10-28] (Spotify Ltd)
HKU\S-1-5-21-2170353134-3406697385-2337659682-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11022017161502191\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10021040 2017-10-18] (Piriform Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2016-09-22]
ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (SteelSeries ApS)
Startup: C:\Users\Anisimov\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2017-10-19]
ShortcutTarget: Dropbox.lnk -> C:\Users\Anisimov\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Anisimov\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2013-02-25]
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{A47D5692-4115-42F4-B1CC-ECD8FA3F6C56}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK13/4
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK13/4
HKU\S-1-5-21-2170353134-3406697385-2337659682-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-2170353134-3406697385-2337659682-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK13/4
HKU\S-1-5-21-2170353134-3406697385-2337659682-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-2170353134-3406697385-2337659682-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK13/4
HKU\S-1-5-21-2170353134-3406697385-2337659682-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11022017111054718\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-2170353134-3406697385-2337659682-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11022017111054718\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK13/4
HKU\S-1-5-21-2170353134-3406697385-2337659682-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11022017142951722\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-2170353134-3406697385-2337659682-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11022017142951722\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK13/4
HKU\S-1-5-21-2170353134-3406697385-2337659682-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11022017161502191\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-2170353134-3406697385-2337659682-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11022017161502191\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK13/4
SearchScopes: HKLM -> {5E2F7575-7A8C-4B3F-8552-EC35ED018D6F} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope Wert fehlt
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = 
SearchScopes: HKU\S-1-5-21-2170353134-3406697385-2337659682-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-2170353134-3406697385-2337659682-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-2170353134-3406697385-2337659682-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11022017111054718 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-2170353134-3406697385-2337659682-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11022017142951722 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-2170353134-3406697385-2337659682-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11022017161502191 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-11-02] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-11-02] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)

FireFox:
========
FF ProfilePath: C:\Users\Anisimov\AppData\Roaming\Mozilla\Firefox\Profiles\zlxvbsd8.default-1478202631929 [2017-11-02]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_183.dll [2017-10-25] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_183.dll [2017-10-25] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-07-18] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-07-18] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-11-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-11-02] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-08-18] (Adobe Systems Inc.)

Chrome: 
=======
CHR DefaultProfile: Default
CHR DefaultSearchURL: Default -> hxxps://www.playgwent.com/favicons/favicon-16x16.29.png
CHR Profile: C:\Users\Anisimov\AppData\Local\Google\Chrome\User Data\Default [2017-11-02]
CHR Extension: (Google Drive) - C:\Users\Anisimov\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-27]
CHR Extension: (YouTube) - C:\Users\Anisimov\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-27]
CHR Extension: (GWENT®: The Witcher Card Game) - C:\Users\Anisimov\AppData\Local\Google\Chrome\User Data\Default\Extensions\fghemfndncinlmhdlioncfefhmcehgab [2017-05-28]
CHR Extension: (Google Maps) - C:\Users\Anisimov\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2016-05-27]
CHR Extension: (mobiFlip.de » News & Testberichte aus...) - C:\Users\Anisimov\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndaembfpkfblmkegiklkdkmmpikjifij [2017-05-25]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Anisimov\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Google Mail) - C:\Users\Anisimov\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-27]
CHR Extension: (Chrome Media Router) - C:\Users\Anisimov\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-27]
CHR Profile: C:\Users\Anisimov\AppData\Local\Google\Chrome\User Data\System Profile [2017-11-02]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [1128432 2017-10-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [490968 2017-10-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [490968 2017-10-19] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1525240 2017-10-19] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [407408 2017-10-26] (Avira Operations GmbH & Co. KG)
R2 Bonjour Service; C:\Program Files (x86)\Blizzard\Bonjour Service\mDNSResponder.exe [390504 2017-07-09] (Apple Inc.)
S3 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [536128 2017-10-19] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [8256576 2017-10-11] (GOG.com)
R2 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35232 2012-08-29] (Hewlett-Packard)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [332800 2013-06-17] (IDT, Inc.) [Datei ist nicht signiert]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
R2 XperiaCompanionService; C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe [2205568 2017-05-31] (Sony)

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdW86.sys [98472 2012-07-03] (Advanced Micro Devices)
R2 atksgt; C:\WINDOWS\System32\DRIVERS\atksgt.sys [314016 2013-04-28] ()
R0 avdevprot; C:\WINDOWS\System32\DRIVERS\avdevprot.sys [60920 2017-06-18] (Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [176224 2017-09-20] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [167464 2017-09-01] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [44488 2017-03-02] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [88488 2017-03-02] (Avira Operations GmbH & Co. KG)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 ggsomc; C:\WINDOWS\System32\drivers\ggsomc.sys [30424 2017-06-07] (Sony Mobile Communications)
R2 lirsgt; C:\WINDOWS\System32\DRIVERS\lirsgt.sys [43680 2013-04-28] ()
R3 ssdevfactory; C:\WINDOWS\System32\drivers\ssdevfactory.sys [40576 2016-06-14] (SteelSeries ApS)
R3 sshid; C:\WINDOWS\System32\drivers\sshid.sys [52952 2016-08-30] (SteelSeries ApS)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-11-02 18:15 - 2017-11-02 18:15 - 000022894 _____ C:\Users\Anisimov\Desktop\FRST.txt
2017-11-02 18:15 - 2017-11-02 18:15 - 000000000 ____D C:\FRST
2017-11-02 18:00 - 2017-11-02 18:00 - 004922400 _____ (AO Kaspersky Lab) C:\Users\Anisimov\Desktop\tdsskiller.exe
2017-11-02 17:58 - 2017-11-02 17:58 - 002403328 _____ (Farbar) C:\Users\Anisimov\Desktop\FRST64.exe
2017-11-02 16:17 - 2017-11-02 16:17 - 000001417 _____ C:\Users\Anisimov\Desktop\ss.txt
2017-11-02 12:02 - 2017-11-02 12:02 - 010427120 _____ (Piriform Ltd) C:\Users\Anisimov\Downloads\ccsetup536.exe
2017-11-02 12:02 - 2017-11-02 12:02 - 000003872 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2017-11-02 11:07 - 2017-11-02 11:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-11-02 11:07 - 2017-11-02 11:07 - 000000000 ____D C:\ProgramData\MB2Migration
2017-11-02 11:07 - 2017-11-02 11:07 - 000000000 ____D C:\Program Files\Malwarebytes
2017-11-02 11:07 - 2017-10-04 13:15 - 000077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-10-19 21:17 - 2017-10-19 21:17 - 000000000 ____D C:\Users\Anisimov\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-10-11 16:03 - 2017-10-11 16:03 - 126925120 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-10-11 15:48 - 2017-09-14 20:30 - 007439704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-10-11 15:48 - 2017-09-14 20:30 - 001737600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-10-11 15:48 - 2017-09-14 20:29 - 001502000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-10-11 15:48 - 2017-09-14 02:18 - 001384216 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2017-10-11 15:48 - 2017-09-14 02:14 - 001124384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2017-10-11 15:48 - 2017-09-13 14:32 - 000445952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2017-10-11 15:48 - 2017-09-13 14:31 - 000445952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2017-10-11 15:48 - 2017-09-13 14:27 - 000384000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlansec.dll
2017-10-11 15:48 - 2017-09-09 19:53 - 022361864 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-10-11 15:48 - 2017-09-09 18:55 - 019790760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-10-11 15:48 - 2017-09-09 18:38 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\TabSvc.dll
2017-10-11 15:48 - 2017-09-09 17:10 - 003631616 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-10-11 15:48 - 2017-09-09 16:49 - 002749952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-10-11 15:48 - 2017-09-09 16:47 - 014466560 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-10-11 15:48 - 2017-09-09 16:21 - 012879360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-10-11 15:48 - 2017-09-09 14:13 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll
2017-10-11 15:48 - 2017-09-09 14:13 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-10-11 15:48 - 2017-09-09 14:13 - 000008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
2017-10-11 15:48 - 2017-09-09 04:50 - 002013016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-10-11 15:48 - 2017-09-09 04:50 - 001364552 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2017-10-11 15:48 - 2017-09-08 19:21 - 004168192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-10-11 15:48 - 2017-09-08 19:15 - 000148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2017-10-11 15:48 - 2017-09-08 18:39 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2017-10-11 15:48 - 2017-09-08 17:57 - 001084928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2017-10-11 15:48 - 2017-09-07 22:33 - 000686592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-10-11 15:48 - 2017-09-07 22:33 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-10-11 15:48 - 2017-09-07 22:32 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2017-10-11 15:48 - 2017-09-07 22:32 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2017-10-11 15:48 - 2017-09-07 22:17 - 000576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-10-11 15:48 - 2017-09-07 22:17 - 000088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-10-11 15:48 - 2017-09-07 22:15 - 002902528 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-10-11 15:48 - 2017-09-07 22:08 - 025729536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-10-11 15:48 - 2017-09-07 22:00 - 000817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-10-11 15:48 - 2017-09-07 21:40 - 005982208 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-10-11 15:48 - 2017-09-07 21:32 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-10-11 15:48 - 2017-09-07 21:31 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-10-11 15:48 - 2017-09-07 21:29 - 000315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-10-11 15:48 - 2017-09-07 21:21 - 001033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2017-10-11 15:48 - 2017-09-07 21:13 - 000262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-10-11 15:48 - 2017-09-07 21:11 - 000380416 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-10-11 15:48 - 2017-09-07 21:10 - 000807936 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-10-11 15:48 - 2017-09-07 21:10 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-10-11 15:48 - 2017-09-07 21:08 - 002134528 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-10-11 15:48 - 2017-09-07 21:08 - 000656896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2017-10-11 15:48 - 2017-09-07 20:54 - 000329216 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2017-10-11 15:48 - 2017-09-07 20:44 - 015262720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-10-11 15:48 - 2017-09-07 20:40 - 003240960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-10-11 15:48 - 2017-09-07 20:27 - 001548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-10-11 15:48 - 2017-09-07 20:17 - 000800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-10-11 15:48 - 2017-09-07 20:10 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-10-11 15:48 - 2017-09-07 20:09 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2017-10-11 15:48 - 2017-09-07 20:04 - 020267008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-10-11 15:48 - 2017-09-07 20:03 - 002292736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-10-11 15:48 - 2017-09-07 19:58 - 000663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-10-11 15:48 - 2017-09-07 19:39 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-10-11 15:48 - 2017-09-07 19:38 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-10-11 15:48 - 2017-09-07 19:37 - 000279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-10-11 15:48 - 2017-09-07 19:33 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2017-10-11 15:48 - 2017-09-07 19:29 - 004547072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-10-11 15:48 - 2017-09-07 19:29 - 000230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-10-11 15:48 - 2017-09-07 19:27 - 000331776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-10-11 15:48 - 2017-09-07 19:26 - 000694784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-10-11 15:48 - 2017-09-07 19:25 - 002058752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-10-11 15:48 - 2017-09-07 19:24 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2017-10-11 15:48 - 2017-09-07 19:17 - 013677568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-10-11 15:48 - 2017-09-07 19:01 - 002767872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-10-11 15:48 - 2017-09-07 18:57 - 001316864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-10-11 15:48 - 2017-09-07 18:57 - 000710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-10-11 15:48 - 2017-08-13 20:48 - 000202592 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2017-10-11 15:48 - 2017-08-13 18:52 - 000174944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2017-10-11 15:48 - 2017-08-13 18:10 - 000277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2017-10-11 15:48 - 2017-08-13 17:33 - 000252416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2017-10-11 15:48 - 2017-08-11 03:54 - 000445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2017-10-11 15:48 - 2017-08-11 03:22 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2017-10-11 15:48 - 2017-08-11 03:20 - 001436672 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-10-11 15:48 - 2017-08-11 03:16 - 000275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2017-10-11 15:48 - 2017-08-11 02:57 - 000180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2017-10-11 15:48 - 2017-08-06 22:50 - 001080320 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2017-10-11 15:48 - 2017-08-06 22:20 - 000542720 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2017-10-11 15:48 - 2017-08-06 22:13 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2017-10-11 15:48 - 2017-08-06 08:08 - 000561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2017-10-11 15:48 - 2017-08-02 03:19 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2017-10-11 15:48 - 2017-08-01 09:25 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
2017-10-04 14:32 - 2017-10-04 14:32 - 000056446 _____ C:\Users\Anisimov\Downloads\Konto_11342235-Auszug_2017_010.PDF

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-11-02 18:14 - 2016-11-18 21:58 - 000000000 ____D C:\Users\Anisimov\AppData\LocalLow\Mozilla
2017-11-02 17:53 - 2016-11-04 21:38 - 000001248 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2170353134-3406697385-2337659682-1001UA.job
2017-11-02 17:22 - 2013-02-18 18:41 - 000003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2170353134-3406697385-2337659682-1001
2017-11-02 17:09 - 2015-06-17 20:06 - 000000000 ____D C:\Users\Anisimov\AppData\Local\Dropbox
2017-11-02 17:08 - 2013-11-21 22:41 - 000000000 ____D C:\Users\Anisimov\AppData\Local\Battle.net
2017-11-02 15:58 - 2013-11-21 22:41 - 000000000 ____D C:\Program Files (x86)\Battle.net
2017-11-02 15:56 - 2014-01-26 22:47 - 000000000 ____D C:\ProgramData\Oracle
2017-11-02 15:52 - 2016-08-14 21:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-11-02 15:52 - 2016-08-14 21:57 - 000000000 ____D C:\Program Files (x86)\Java
2017-11-02 15:51 - 2016-08-14 21:57 - 000097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2017-11-02 15:21 - 2013-09-06 16:21 - 000000000 ____D C:\AdwCleaner
2017-11-02 15:09 - 2016-03-21 22:05 - 000003930 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{D049AA5D-D5A3-4EEF-9306-C1F9E5842D35}
2017-11-02 14:46 - 2017-05-30 16:55 - 000000000 ____D C:\Users\Anisimov\Desktop\Ogame
2017-11-02 14:45 - 2016-03-19 23:06 - 000000000 ____D C:\Users\Anisimov\OneDrive
2017-11-02 14:23 - 2017-05-30 16:54 - 000000000 ____D C:\Users\Anisimov\Desktop\PC-Tools
2017-11-02 12:05 - 2013-08-22 14:36 - 000000000 ____D C:\WINDOWS\Inf
2017-11-02 12:02 - 2016-08-03 16:56 - 000000000 ____D C:\Program Files\CCleaner
2017-11-02 11:07 - 2016-10-27 15:28 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-11-02 11:07 - 2016-10-27 15:28 - 000000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2017-11-02 10:51 - 2016-03-17 16:44 - 000003176 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForAnisimov
2017-11-02 10:51 - 2016-03-17 16:44 - 000000356 _____ C:\WINDOWS\Tasks\HPCeeScheduleForAnisimov.job
2017-11-02 10:50 - 2014-11-21 04:35 - 001983678 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-11-02 10:50 - 2014-11-21 03:45 - 000842224 _____ C:\WINDOWS\system32\perfh007.dat
2017-11-02 10:50 - 2014-11-21 03:45 - 000191896 _____ C:\WINDOWS\system32\perfc007.dat
2017-11-02 10:45 - 2016-11-18 18:22 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-11-02 10:45 - 2016-11-03 20:47 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-11-02 10:45 - 2013-08-22 15:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-11-02 10:44 - 2013-08-22 14:25 - 000262144 ___SH C:\WINDOWS\system32\config\BBI
2017-11-02 09:40 - 2015-01-25 17:20 - 000000000 ____D C:\Program Files (x86)\Heroes of the Storm
2017-11-01 21:53 - 2015-07-19 21:16 - 000001196 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2170353134-3406697385-2337659682-1001Core1d0c25fccb150b4.job
2017-11-01 15:18 - 2016-01-10 15:49 - 000000000 ____D C:\Program Files (x86)\Warcraft III
2017-11-01 14:33 - 2014-03-09 13:13 - 000000000 ____D C:\Users\Anisimov\AppData\Local\Spotify
2017-11-01 14:13 - 2014-03-09 13:13 - 000000000 ____D C:\Users\Anisimov\AppData\Roaming\Spotify
2017-10-31 14:21 - 2017-06-13 18:01 - 000001371 _____ C:\Users\Public\Desktop\Gwent.lnk
2017-10-31 14:21 - 2017-05-30 15:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gwent [GOG.com]
2017-10-30 00:24 - 2014-08-15 08:56 - 000000000 ____D C:\ProgramData\Package Cache
2017-10-30 00:24 - 2013-02-19 11:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-10-25 22:06 - 2016-08-14 21:55 - 000004342 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-10-25 22:06 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-10-25 22:06 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-10-19 21:17 - 2013-02-18 20:30 - 000000000 ____D C:\Users\Anisimov\AppData\Roaming\Dropbox
2017-10-19 18:39 - 2017-05-28 21:16 - 000000000 ____D C:\Program Files (x86)\GOG Galaxy
2017-10-19 16:53 - 2013-11-21 22:42 - 000000000 ____D C:\Program Files (x86)\Hearthstone
2017-10-18 16:25 - 2012-07-26 08:59 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-10-12 23:25 - 2016-11-10 16:10 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-10-12 23:25 - 2016-11-10 16:10 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-10-12 15:35 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\rescache
2017-10-12 15:01 - 2013-08-22 15:44 - 000381240 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-10-11 23:01 - 2013-08-22 16:36 - 000000000 ___RD C:\WINDOWS\ToastData
2017-10-11 16:06 - 2013-07-20 12:49 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-10-11 16:02 - 2013-02-19 21:51 - 126925120 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-10-03 17:02 - 2013-02-18 20:37 - 000000000 ___RD C:\Users\Anisimov\Dropbox

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2013-02-18 19:31 - 2016-03-21 18:20 - 000007599 _____ () C:\Users\Anisimov\AppData\Local\Resmon.ResmonCfg
2013-02-18 18:35 - 2013-02-18 18:35 - 000000141 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc

Einige Dateien in TEMP:
====================
2017-11-02 15:51 - 2017-11-02 15:51 - 001856576 _____ (Oracle Corporation) C:\Users\Anisimov\AppData\Local\Temp\jre-8u151-windows-au.exe

==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2017-11-02 11:05

==================== Ende von FRST.txt ============================

Code:

ATTFilter

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 01-11-2017
durchgeführt von Anisimov (02-11-2017 18:16:05)
Gestartet von C:\Users\Anisimov\Desktop
Windows 8.1 (Update) (X64) (2016-03-19 22:02:38)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-2170353134-3406697385-2337659682-500 - Administrator - Disabled)
Anisimov (S-1-5-21-2170353134-3406697385-2337659682-1001 - Administrator - Enabled) => C:\Users\Anisimov
Gast (S-1-5-21-2170353134-3406697385-2337659682-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2170353134-3406697385-2337659682-1003 - Limited - Enabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.183 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.22) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.22 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{BF821093-CFD3-EC1B-B357-6817EE34E5C7}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
Avira (HKLM-x32\...\{bd94e862-c44b-4f68-98ca-b35ddf9dbbfc}) (Version: 1.2.98.37213 - Avira Operations GmbH & Co. KG)
Avira (HKLM-x32\...\{D03EC4B7-E520-4A6F-974C-4F48533838EC}) (Version: 1.2.98.37213 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.32.12 - Avira Operations GmbH & Co. KG)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
CCleaner (HKLM\...\CCleaner) (Version: 5.36 - Piriform)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5510 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3109 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1902 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.1.4319 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-2170353134-3406697385-2337659682-1001\...\Dropbox) (Version: 37.4.29 - Dropbox, Inc.)
Dropbox (HKU\S-1-5-21-2170353134-3406697385-2337659682-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Dropbox) (Version: 37.4.29 - Dropbox, Inc.)
Dropbox (HKU\S-1-5-21-2170353134-3406697385-2337659682-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11022017111054718\...\Dropbox) (Version: 37.4.29 - Dropbox, Inc.)
Dropbox (HKU\S-1-5-21-2170353134-3406697385-2337659682-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11022017142951722\...\Dropbox) (Version: 37.4.29 - Dropbox, Inc.)
Dropbox (HKU\S-1-5-21-2170353134-3406697385-2337659682-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11022017161502191\...\Dropbox) (Version: 37.4.29 - Dropbox, Inc.)
Free YouTube to MP3 Converter version 3.12.59.505 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.59.505 - DVDVideoSoft Ltd.)
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version:  - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Gwent (HKLM-x32\...\1971477531_is1) (Version: 0.9.12 public beta - GOG.com)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
Hewlett-Packard ACLM.NET v1.2.0.0 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Connected Remote (HKLM-x32\...\{F243A34B-AB7F-4065-B770-B85B767C247C}) (Version: 1.0.1206 - Hewlett-Packard)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{FF27F674-821E-4BA2-985B-DDF539C2CD03}) (Version: 7.0.33.6 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
HydraVision (HKLM-x32\...\{3199A409-EE9A-E445-2270-5789FB461DA9}) (Version: 4.2.236.0 - Advanced Micro Devices, Inc.) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6457.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Java 8 Update 151 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
Malwarebytes Version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Mozilla Firefox 56.0.2 (x64 de) (HKLM\...\Mozilla Firefox 56.0.2 (x64 de)) (Version: 56.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 56.0.2.6506 - Mozilla)
NVIDIA PhysX (HKLM-x32\...\{46ED2B64-85C7-4E1F-920C-A555B21F2E4C}) (Version: 9.11.1111 - NVIDIA Corporation)
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Recovery Manager (HKLM-x32\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.0.5530 - CyberLink Corp.) Hidden
Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.17.8.201705241559 - Sony Mobile Communications Inc.)
Spotify (HKU\S-1-5-21-2170353134-3406697385-2337659682-1001\...\Spotify) (Version: 1.0.66.478.g1296534d - Spotify AB)
Spotify (HKU\S-1-5-21-2170353134-3406697385-2337659682-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Spotify) (Version: 1.0.66.478.g1296534d - Spotify AB)
Spotify (HKU\S-1-5-21-2170353134-3406697385-2337659682-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11022017111054718\...\Spotify) (Version: 1.0.66.478.g1296534d - Spotify AB)
Spotify (HKU\S-1-5-21-2170353134-3406697385-2337659682-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11022017142951722\...\Spotify) (Version: 1.0.66.478.g1296534d - Spotify AB)
Spotify (HKU\S-1-5-21-2170353134-3406697385-2337659682-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11022017161502191\...\Spotify) (Version: 1.0.66.478.g1296534d - Spotify AB)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SteelSeries Engine 3.8.5 (HKLM\...\SteelSeries Engine 3) (Version: 3.8.5 - SteelSeries ApS)
TI xHCI Filter Driver 1.0.0.4 (HKLM-x32\...\TI xHCI Filter Driver) (Version: 1.0.0.4 - Texas Instruments Inc.)
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
w3arena.net Launcher 1.8.7 (HKLM-x32\...\{56AF84FB-F466-4DF1-8CC3-19F4CFCDF8C8}) (Version: 1.8.7 - w3arena)
Warcraft III (HKLM-x32\...\Warcraft III) (Version:  - Blizzard Entertainment)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Xperia Companion (HKLM-x32\...\{058506CE-4E1C-4087-878E-61D8B5F8F47A}) (Version: 1.7.2.0 - Sony) Hidden
Xperia Companion (HKLM-x32\...\{65415473-2761-4ee3-85c1-5fdf086444c6}) (Version: 1.7.2.0 - Sony)
Xperia Companion Service (HKLM\...\{86C9336F-6376-4E86-A09A-EA7177DEC3D5}) (Version: 1.7.2.0 - Sony) Hidden

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-2170353134-3406697385-2337659682-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Anisimov\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2170353134-3406697385-2337659682-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Anisimov\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2170353134-3406697385-2337659682-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Anisimov\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2170353134-3406697385-2337659682-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Anisimov\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2170353134-3406697385-2337659682-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Anisimov\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2170353134-3406697385-2337659682-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Anisimov\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2170353134-3406697385-2337659682-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Anisimov\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2170353134-3406697385-2337659682-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Anisimov\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2170353134-3406697385-2337659682-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Anisimov\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2170353134-3406697385-2337659682-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Anisimov\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2170353134-3406697385-2337659682-1001_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Anisimov\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2170353134-3406697385-2337659682-1001_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Anisimov\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2170353134-3406697385-2337659682-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Anisimov\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Anisimov\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Anisimov\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Anisimov\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Anisimov\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Anisimov\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Anisimov\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Anisimov\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2017-10-17] (Dropbox, Inc.)
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2012-07-10] (Cyberlink)
ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\AntiVir Desktop\shlext64.dll [2017-10-19] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2012-07-10] (Cyberlink)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2014-07-04] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\AntiVir Desktop\shlext64.dll [2017-10-19] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers1_S-1-5-21-2170353134-3406697385-2337659682-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Anisimov\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2017-10-17] (Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-2170353134-3406697385-2337659682-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Anisimov\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2017-10-17] (Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-2170353134-3406697385-2337659682-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Anisimov\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2017-10-17] (Dropbox, Inc.)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {0276E897-FA30-4BCC-A324-6D503E6D50B6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-10-11] (HP Inc.)
Task: {048878B1-2193-4E7F-8DF4-26688465D9E8} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-10-25] (Adobe Systems Incorporated)
Task: {0857EBCE-1496-4773-9FC4-953D999D8823} - System32\Tasks\{503D7BD9-A68A-4382-89A4-05F69B080AF0} => C:\WINDOWS\system32\pcalua.exe -a "c:\program files (x86)\bethesda.net launcher\bethesdanetlauncher.exe" -c bethesdanet://uninstall/5
Task: {2FEDD0D2-8819-4C39-A37C-06515E8C0A6B} - System32\Tasks\{EC5A488E-11C3-4CB1-A866-8338248E085B} => C:\WINDOWS\system32\pcalua.exe -a "c:\program files\bethesda.net launcher\bethesdanetlauncher.exe" -c bethesdanet://uninstall/5
Task: {3AA143BF-50C6-4489-90CC-74D415EAAA13} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-15] (Hewlett-Packard Company)
Task: {3B0F3CF9-5FA4-4740-8067-A1B5F201C844} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-15] (Hewlett-Packard Company)
Task: {3ED80AE5-8E01-4540-94E2-F997C119D903} - System32\Tasks\Avira SystrayStartTrigger => Avira.SystrayStartTrigger.exe
Task: {49CF4342-664A-4063-9348-18A573BA0F36} - System32\Tasks\{5CF28AFA-13A8-495F-8B53-F70E847F430B} => C:\WINDOWS\system32\pcalua.exe -a "c:\program files (x86)\bethesda.net launcher\bethesdanetlauncher.exe" -c bethesdanet://uninstall/5
Task: {5548780A-B137-4A9A-9C78-C7C561F1C67A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFReport.exe [2016-02-18] (Hewlett-Packard)
Task: {5E33E593-9C21-4ACC-92FD-CC537820BF80} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2170353134-3406697385-2337659682-1001Core1d0c25fccb150b4 => C:\Users\Anisimov\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)
Task: {8292A6D0-DCAD-4586-A2CE-53F7C7E927E5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-27] (Google Inc.)
Task: {8420435A-B8CC-4622-AA71-F497F29053F4} - \AdobeFlashPlayerUpdate -> Keine Datei <==== ACHTUNG
Task: {88548007-C136-440A-A6A8-6BE9E4EA916F} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2017-10-19] (Avira Operations GmbH & Co. KG)
Task: {8951227A-8C30-4585-BA18-4C755B8EC028} - \AdobeFlashPlayerUpdate 2 -> Keine Datei <==== ACHTUNG
Task: {A70CDC78-3262-48B8-872A-537DF0003835} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2170353134-3406697385-2337659682-1001UA => C:\Users\Anisimov\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)
Task: {AEE22C75-D94A-41CE-80B0-5F3E05C80497} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-10-18] (Piriform Ltd)
Task: {CD1F7DAD-E1D9-4C4A-AEF3-8387565F90F4} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-10-18] (Piriform Ltd)
Task: {CEADCBB8-18D9-4829-8B4C-A9B1E575CF02} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {D10A6F03-C2B9-40BE-9C3C-9429E2D98946} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {D519AB2B-AF0D-4BEF-A3C8-B8B006A09157} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-27] (Google Inc.)
Task: {DA9CAFD9-C893-4048-9BD5-53C686A65D5E} - System32\Tasks\HPCeeScheduleForAnisimov => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {E17CBF67-C83C-4C1B-838D-6DDECC77624B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-09-25] (HP Inc.)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2170353134-3406697385-2337659682-1001Core1d0c25fccb150b4.job => C:\Users\Anisimov\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2170353134-3406697385-2337659682-1001UA.job => C:\Users\Anisimov\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForAnisimov.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Verknüpfungen & WMI ========================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)


==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2017-09-27 15:10 - 2017-09-21 08:29 - 004022616 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libglesv2.dll
2017-09-27 15:10 - 2017-09-21 08:29 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libegl.dll
2013-01-02 12:30 - 2012-07-18 09:50 - 001198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-01-02 12:38 - 2012-06-08 04:34 - 000627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 12:34 - 2012-06-08 12:34 - 000016400 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2017-10-19 21:17 - 2017-10-17 16:48 - 000771904 _____ () C:\Users\Anisimov\AppData\Roaming\Dropbox\bin\dropbox_watchdog.dll
2017-10-19 21:17 - 2017-10-17 16:48 - 001804608 _____ () C:\Users\Anisimov\AppData\Roaming\Dropbox\bin\dropbox_crashpad.dll
2015-12-11 13:55 - 2017-10-17 16:47 - 000100296 _____ () C:\Users\Anisimov\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2015-12-11 13:55 - 2017-10-17 16:47 - 000018888 _____ () C:\Users\Anisimov\AppData\Roaming\Dropbox\bin\select.pyd
2015-12-11 13:55 - 2017-10-17 16:50 - 000020800 _____ () C:\Users\Anisimov\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2015-12-11 13:55 - 2017-10-17 16:47 - 000035792 _____ () C:\Users\Anisimov\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2015-12-11 13:55 - 2017-10-17 16:47 - 000694224 _____ () C:\Users\Anisimov\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2017-10-19 21:17 - 2017-10-17 16:49 - 000021848 _____ () C:\Users\Anisimov\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2015-12-11 13:55 - 2017-10-17 16:47 - 000130512 _____ () C:\Users\Anisimov\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2017-10-19 21:17 - 2017-10-17 16:49 - 001856848 _____ () C:\Users\Anisimov\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2017-10-19 21:17 - 2017-10-17 16:49 - 000022864 _____ () C:\Users\Anisimov\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2017-10-19 21:17 - 2017-10-17 16:47 - 000145864 _____ () C:\Users\Anisimov\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2017-10-19 21:17 - 2017-10-17 16:48 - 000116688 _____ () C:\Users\Anisimov\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2015-12-11 13:55 - 2017-10-17 16:47 - 000105928 _____ () C:\Users\Anisimov\AppData\Roaming\Dropbox\bin\win32api.pyd
2016-08-03 20:52 - 2017-10-17 16:50 - 000022864 _____ () C:\Users\Anisimov\AppData\Roaming\Dropbox\bin\winffi.crt.compiled._winffi_crt.pyd
2017-10-19 21:17 - 2017-10-17 16:49 - 000062784 _____ () C:\Users\Anisimov\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2015-12-11 13:55 - 2017-10-17 16:47 - 000024528 _____ () C:\Users\Anisimov\AppData\Roaming\Dropbox\bin\win32event.pyd
2017-10-19 21:17 - 2017-10-17 16:49 - 000040248 _____ () C:\Users\Anisimov\AppData\Roaming\Dropbox\bin\fastpath.pyd
2017-10-19 21:17 - 2017-10-17 16:47 - 000020936 _____ () C:\Users\Anisimov\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2015-12-11 13:55 - 2017-10-17 16:47 - 000124880 _____ () C:\Users\Anisimov\AppData\Roaming\Dropbox\bin\win32file.pyd
2015-12-11 13:55 - 2017-10-17 16:47 - 000116176 _____ () C:\Users\Anisimov\AppData\Roaming\Dropbox\bin\win32security.pyd
2017-10-19 21:17 - 2017-10-17 16:48 - 000392656 _____ () C:\Users\Anisimov\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2015-12-11 13:55 - 2017-10-17 16:50 - 000392512 _____ () C:\Users\Anisimov\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2016-08-03 20:52 - 2017-10-17 16:50 - 000026456 _____ () C:\Users\Anisimov\AppData\Roaming\Dropbox\bin\winffi.kernel32.compiled._winffi_kernel32.pyd
2015-12-11 13:55 - 2017-10-17 16:47 - 000024016 _____ () C:\Users\Anisimov\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2015-12-11 13:55 - 2017-10-17 16:47 - 000175560 _____ () C:\Users\Anisimov\AppData\Roaming\Dropbox\bin\win32gui.pyd
2015-12-11 13:55 - 2017-10-17 16:47 - 000030160 _____ () C:\Users\Anisimov\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2015-12-11 13:55 - 2017-10-17 16:47 - 000043472 _____ () C:\Users\Anisimov\AppData\Roaming\Dropbox\bin\win32process.pyd
2017-09-21 21:53 - 2017-10-17 16:47 - 000026056 _____ () C:\Users\Anisimov\AppData\Roaming\Dropbox\bin\win32job.pyd
2015-12-11 13:55 - 2017-10-17 16:47 - 000048592 _____ () C:\Users\Anisimov\AppData\Roaming\Dropbox\bin\win32service.pyd
2015-12-11 13:55 - 2017-10-17 16:47 - 000057808 _____ () C:\Users\Anisimov\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2017-10-19 21:17 - 2017-10-17 16:49 - 000021824 _____ () C:\Users\Anisimov\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2017-09-08 19:48 - 2017-10-17 16:50 - 000023368 _____ () C:\Users\Anisimov\AppData\Roaming\Dropbox\bin\winshell.compiled._winshell.pyd
2017-10-19 21:17 - 2017-10-17 16:49 - 000022856 _____ () C:\Users\Anisimov\AppData\Roaming\Dropbox\bin\crashpad.compiled._Crashpad.pyd
2017-05-17 21:09 - 2017-10-17 16:50 - 000066392 _____ () C:\Users\Anisimov\AppData\Roaming\Dropbox\bin\winenumhandles.compiled._WinEnumHandles.pyd
2017-10-19 21:17 - 2017-10-17 16:49 - 001796920 _____ () C:\Users\Anisimov\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2015-12-11 13:55 - 2017-10-17 16:47 - 000084424 _____ () C:\Users\Anisimov\AppData\Roaming\Dropbox\bin\sip.pyd
2017-10-19 21:17 - 2017-10-17 16:49 - 001956152 _____ () C:\Users\Anisimov\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2017-10-19 21:17 - 2017-10-17 16:49 - 003859264 _____ () C:\Users\Anisimov\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2017-10-19 21:17 - 2017-10-17 16:49 - 000154440 _____ () C:\Users\Anisimov\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd
2017-10-19 21:17 - 2017-10-17 16:49 - 000521024 _____ () C:\Users\Anisimov\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2017-10-19 21:17 - 2017-10-17 16:49 - 000045888 _____ () C:\Users\Anisimov\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineCore.pyd
2017-10-19 21:17 - 2017-10-17 16:49 - 000042304 _____ () C:\Users\Anisimov\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd
2017-10-19 21:17 - 2017-10-17 16:49 - 000131384 _____ () C:\Users\Anisimov\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2017-10-19 21:17 - 2017-10-17 16:49 - 000218944 _____ () C:\Users\Anisimov\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2017-10-19 21:17 - 2017-10-17 16:49 - 000204096 _____ () C:\Users\Anisimov\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2015-12-11 13:55 - 2017-10-17 16:50 - 000025432 _____ () C:\Users\Anisimov\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2015-12-11 13:55 - 2017-10-17 16:47 - 000060880 _____ () C:\Users\Anisimov\AppData\Roaming\Dropbox\bin\win32print.pyd
2017-02-28 16:31 - 2017-10-17 16:50 - 000054608 _____ () C:\Users\Anisimov\AppData\Roaming\Dropbox\bin\winrpcserver.compiled._RPCServer.pyd
2015-12-11 13:55 - 2017-10-17 16:47 - 000024016 _____ () C:\Users\Anisimov\AppData\Roaming\Dropbox\bin\win32profile.pyd
2017-01-23 23:30 - 2017-10-17 16:50 - 000022864 _____ () C:\Users\Anisimov\AppData\Roaming\Dropbox\bin\winffi.user32.compiled._winffi_user32.pyd
2015-12-11 13:55 - 2017-10-17 16:47 - 000028616 _____ () C:\Users\Anisimov\AppData\Roaming\Dropbox\bin\win32ts.pyd
2017-01-23 23:30 - 2017-10-17 16:50 - 000022360 _____ () C:\Users\Anisimov\AppData\Roaming\Dropbox\bin\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-01-23 23:30 - 2017-10-17 16:50 - 000021848 _____ () C:\Users\Anisimov\AppData\Roaming\Dropbox\bin\winffi.winerror.compiled._winffi_winerror.pyd
2017-01-23 23:30 - 2017-10-17 16:50 - 000022360 _____ () C:\Users\Anisimov\AppData\Roaming\Dropbox\bin\winffi.wininet.compiled._winffi_wininet.pyd
2017-10-19 21:17 - 2017-10-17 16:49 - 000027488 _____ () C:\Users\Anisimov\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
2015-12-11 13:55 - 2017-10-17 16:47 - 000349128 _____ () C:\Users\Anisimov\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2017-10-19 21:17 - 2017-10-17 16:49 - 000101184 _____ () C:\Users\Anisimov\AppData\Roaming\Dropbox\bin\PyQt5.QtWinExtras.pyd
2016-02-19 14:54 - 2017-10-17 16:50 - 000023896 _____ () C:\Users\Anisimov\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
2017-10-19 21:17 - 2017-10-17 16:49 - 000025424 _____ () C:\Users\Anisimov\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2017-10-19 21:17 - 2017-10-17 16:48 - 000036296 _____ () C:\Users\Anisimov\AppData\Roaming\Dropbox\bin\librsync.dll
2017-10-19 21:17 - 2017-10-17 16:49 - 000181056 _____ () C:\Users\Anisimov\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2016-07-11 22:52 - 2017-10-17 16:50 - 000030536 _____ () C:\Users\Anisimov\AppData\Roaming\Dropbox\bin\wind3d11.compiled._wind3d11.pyd
2017-10-19 21:17 - 2017-10-17 16:49 - 000024368 _____ () C:\Users\Anisimov\AppData\Roaming\Dropbox\bin\libEGL.DLL
2017-10-19 21:17 - 2017-10-17 16:49 - 001638200 _____ () C:\Users\Anisimov\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2016-08-03 20:52 - 2017-10-17 16:50 - 000026456 _____ () C:\Users\Anisimov\AppData\Roaming\Dropbox\bin\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-10-19 21:17 - 2017-10-17 16:49 - 000545080 _____ () C:\Users\Anisimov\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2017-10-19 21:17 - 2017-10-17 16:49 - 000359224 _____ () C:\Users\Anisimov\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2017-10-19 21:17 - 2017-10-17 16:49 - 000038208 _____ () C:\Users\Anisimov\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngine.pyd
2017-02-28 16:31 - 2017-10-17 16:50 - 000022864 _____ () C:\Users\Anisimov\AppData\Roaming\Dropbox\bin\winffi.shcore.compiled._winffi_shcore.pyd

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2013-08-22 14:25 - 2013-08-22 14:25 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-2170353134-3406697385-2337659682-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Anisimov\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img_20150521_183759211_hdr.jpg
HKU\S-1-5-21-2170353134-3406697385-2337659682-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Anisimov\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img_20150521_183759211_hdr.jpg
HKU\S-1-5-21-2170353134-3406697385-2337659682-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11022017111054718\Control Panel\Desktop\\Wallpaper -> C:\Users\Anisimov\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img_20150521_183759211_hdr.jpg
HKU\S-1-5-21-2170353134-3406697385-2337659682-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11022017142951722\Control Panel\Desktop\\Wallpaper -> C:\Users\Anisimov\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img_20150521_183759211_hdr.jpg
HKU\S-1-5-21-2170353134-3406697385-2337659682-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11022017161502191\Control Panel\Desktop\\Wallpaper -> C:\Users\Anisimov\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img_20150521_183759211_hdr.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

HKU\S-1-5-21-2170353134-3406697385-2337659682-1001\...\StartupApproved\StartupFolder: => "OpenOffice.org 3.4.1.lnk"
HKU\S-1-5-21-2170353134-3406697385-2337659682-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-2170353134-3406697385-2337659682-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-2170353134-3406697385-2337659682-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\StartupFolder: => "OpenOffice.org 3.4.1.lnk"
HKU\S-1-5-21-2170353134-3406697385-2337659682-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-2170353134-3406697385-2337659682-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-2170353134-3406697385-2337659682-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11022017111054718\...\StartupApproved\StartupFolder: => "OpenOffice.org 3.4.1.lnk"
HKU\S-1-5-21-2170353134-3406697385-2337659682-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11022017111054718\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-2170353134-3406697385-2337659682-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11022017111054718\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-2170353134-3406697385-2337659682-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11022017142951722\...\StartupApproved\StartupFolder: => "OpenOffice.org 3.4.1.lnk"
HKU\S-1-5-21-2170353134-3406697385-2337659682-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11022017142951722\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-2170353134-3406697385-2337659682-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11022017142951722\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-2170353134-3406697385-2337659682-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11022017161502191\...\StartupApproved\StartupFolder: => "OpenOffice.org 3.4.1.lnk"
HKU\S-1-5-21-2170353134-3406697385-2337659682-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11022017161502191\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-2170353134-3406697385-2337659682-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11022017161502191\...\StartupApproved\Run: => "CCleaner Monitoring"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [UDP Query User{05232000-ABE5-4313-AB13-D2FE5011CD28}C:\program files (x86)\warcraft iii\war3.exe] => (Allow) C:\program files (x86)\warcraft iii\war3.exe
FirewallRules: [TCP Query User{518B84EB-D5B3-42AB-BFF0-A999FF0BB9F0}C:\program files (x86)\warcraft iii\war3.exe] => (Allow) C:\program files (x86)\warcraft iii\war3.exe
FirewallRules: [UDP Query User{8046B3A7-878F-43BC-8CF1-15F8FAD1E7DE}C:\program files (x86)\steam\steamapps\common\orcs must die 2\build\game\orcsmustdie2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\orcs must die 2\build\game\orcsmustdie2.exe
FirewallRules: [TCP Query User{66DEB2A6-3755-49B4-9965-BF48CF287307}C:\program files (x86)\steam\steamapps\common\orcs must die 2\build\game\orcsmustdie2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\orcs must die 2\build\game\orcsmustdie2.exe
FirewallRules: [{18016BB9-A12F-4D7A-B4EE-F74F60DAD2E6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Orcs Must Die 2\build\release\OrcsMustDie2.exe
FirewallRules: [{AC79CF41-28D9-495A-BAF5-41190BC1B556}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Orcs Must Die 2\build\release\OrcsMustDie2.exe
FirewallRules: [UDP Query User{487CC6B4-C8D5-409D-8CFA-0AB04407A779}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{6CF27708-03CD-4BDF-9CF0-11791875D18D}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [{44C516DF-EFC9-4B06-812F-83A638F2239D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe
FirewallRules: [{05DCA533-679A-443C-A38D-793755D45545}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe
FirewallRules: [UDP Query User{0E3527E2-622B-489A-B022-234DFA221EB3}C:\users\anisimov\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\anisimov\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{AFF05872-E613-4D21-AE18-FCCC51AD6F88}C:\users\anisimov\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\anisimov\appdata\roaming\spotify\spotify.exe
FirewallRules: [{AEB94A77-DD71-4F0E-8CB0-CDF08FD00E60}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
FirewallRules: [{3704D02C-03ED-43F8-AC67-3E657BA7F330}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
FirewallRules: [UDP Query User{0CE03DF6-6D23-4CF9-B204-20D76FD8B442}C:\users\anisimov\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\anisimov\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{9075B83D-DE7B-4294-A7E4-28681DD8B09D}C:\users\anisimov\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\anisimov\appdata\roaming\spotify\spotify.exe
FirewallRules: [{8F999A5D-CCA2-4527-9391-CF8936228391}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{4CFE74EF-EB3B-4B4F-8672-223DBBFD7F8F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{1924CBFB-E5A0-4762-B81D-B7347756B0C7}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{0D29B8C1-C80A-40A4-BE6E-352B9F5DFA25}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{951836B9-B409-4D0A-A6C7-7356462122C8}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{2EC77B2F-808C-47C8-A3EB-DD99BD1E057B}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{507D563D-C7D4-4660-B1D7-CEAACE5D104C}] => (Allow) LPort=52000
FirewallRules: [{03F585C1-24B5-49D7-A4AD-8D001B9F3FA2}] => (Allow) C:\Users\Anisimov\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{E622ADFC-EAD0-4B48-AF57-8EFC46759739}] => (Allow) C:\Users\Anisimov\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [UDP Query User{6CA45D9D-4401-461C-8ACB-2D9D08160024}C:\users\anisimov\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\anisimov\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{97E210F3-B3C4-4197-B234-8538D5860486}C:\users\anisimov\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\anisimov\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{E8C44B97-AFF2-4447-8370-84CE355C849A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7D7F813C-BB7C-4442-8B07-F85D8022D23A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{2465C3E9-7BF9-4590-9C12-E7FC3537BCBF}] => (Allow) LPort=1900
FirewallRules: [{2A50FADB-0DEE-44BA-BBEA-3005F7185A26}] => (Allow) LPort=2869
FirewallRules: [{C7DB5B39-66ED-40FB-82A9-4D771A9FB642}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{61E5E7BD-8158-4F05-BBD2-DFFDA6884492}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{83901159-7C43-46B0-8186-38817AB9BE89}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [TCP Query User{8365D60C-47B6-4E06-956D-6E847ACDD513}C:\program files (x86)\warcraft iii\war3.exe] => (Allow) C:\program files (x86)\warcraft iii\war3.exe
FirewallRules: [UDP Query User{A03AC0C5-C031-470F-B214-031B99C8BF21}C:\program files (x86)\warcraft iii\war3.exe] => (Allow) C:\program files (x86)\warcraft iii\war3.exe
FirewallRules: [{85D3AE12-AE1A-4FE0-A8F5-E525A21F5B05}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BA8BB69D-03F8-4D67-AE30-E1CBD910B67C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7196F8B5-8C2B-4AAD-A331-94936EC0DE19}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [{689A7303-64C2-478F-85D8-64E72432FD43}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [{102CDD9B-666C-489F-BAC5-569BFD996A29}] => (Allow) C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanion.exe
FirewallRules: [{F52AF80D-7243-49BA-BB64-996A324F9F1F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{AD9AC070-C494-4CA7-8949-4FFD9234B1C8}] => (Allow) LPort=53000
FirewallRules: [{9020C5FE-D48A-4E27-9B11-01BF507D1485}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe

==================== Wiederherstellungspunkte =========================

18-10-2017 16:24:45 Windows Update
28-10-2017 09:41:43 Geplanter Prüfpunkt

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (11/02/2017 01:13:36 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm XMLViewerHPSF.exe, Version 7.2.2.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1054

Startzeit: 01d353d34544708d

Endzeit: 435

Anwendungspfad: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\XMLViewerHPSF.exe

Berichts-ID: 2d3d58af-bfc7-11e7-bef6-10604b5e3adf

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (11/02/2017 10:44:32 AM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: ATI EEU maximum number of session has been surpassed

Error: (11/02/2017 08:41:57 AM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: ATI EEU maximum number of session has been surpassed

Error: (11/02/2017 12:49:07 AM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: ATI EEU maximum number of session has been surpassed

Error: (11/02/2017 12:49:07 AM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: ATI EEU maximum number of session has been surpassed

Error: (11/02/2017 12:49:07 AM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: ATI EEU maximum number of session has been surpassed

Error: (11/02/2017 12:49:07 AM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: ATI EEU maximum number of session has been surpassed

Error: (11/02/2017 12:49:07 AM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: ATI EEU maximum number of session has been surpassed

Error: (11/01/2017 08:40:27 PM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: ATI EEU maximum number of session has been surpassed

Error: (11/01/2017 05:38:18 PM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: ATI EEU maximum number of session has been surpassed


Systemfehler:
=============
Error: (11/02/2017 10:48:07 AM) (Source: Schannel) (EventID: 4102) (User: NT-AUTORITÄT)
Description: Schwerwiegender Fehler beim Zugriff auf den privaten Schlüssel der Anmeldeinformationen Server für SSL. Der vom kryptografischen Modul zurückgegebene Fehlercode lautet 0x8009030d. Der interne Fehlerstatus ist 10001.

Error: (11/02/2017 10:43:35 AM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 20.

Error: (11/01/2017 05:38:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "GalaxyCommunication" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.

Error: (11/01/2017 05:38:18 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst GalaxyCommunication erreicht.

Error: (10/29/2017 03:59:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "GalaxyCommunication" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.

Error: (10/29/2017 03:59:58 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst GalaxyCommunication erreicht.

Error: (10/24/2017 11:10:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "GalaxyCommunication" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.

Error: (10/24/2017 11:10:35 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst GalaxyCommunication erreicht.

Error: (10/22/2017 03:32:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "GalaxyCommunication" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.

Error: (10/22/2017 03:32:41 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst GalaxyCommunication erreicht.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i5-3350P CPU @ 3.10GHz
Prozentuale Nutzung des RAM: 26%
Installierter physikalischer RAM: 8147.34 MB
Verfügbarer physikalischer RAM: 5991.66 MB
Summe virtueller Speicher: 9427.34 MB
Verfügbarer virtueller Speicher: 6393.1 MB

==================== Laufwerke ================================

Drive c: (OS) (Fixed) (Total:918.61 GB) (Free:789.79 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive d: (Recovery Image) (Fixed) (Total:10.98 GB) (Free:1.34 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: E51A657D)

Partition: GPT.

==================== Ende von Addition.txt ============================

Soweit alles richtig?

LG

BLaDe. · 02.11.2017, 18:24

TDSSKILLER

Code:

ATTFilter

18:18:42.0511 0x07c4  TDSS rootkit removing tool 3.1.0.15 Apr 18 2017 11:34:02
18:18:42.0528 0x07c4  UEFI system
18:19:07.0979 0x07c4  ============================================================
18:19:07.0979 0x07c4  Current date / time: 2017/11/02 18:19:07.0979
18:19:07.0979 0x07c4  SystemInfo:
18:19:07.0979 0x07c4  
18:19:07.0979 0x07c4  OS Version: 6.3.9600 ServicePack: 0.0
18:19:07.0979 0x07c4  Product type: Workstation
18:19:07.0979 0x07c4  ComputerName: EUGEN
18:19:07.0979 0x07c4  UserName: Anisimov
18:19:07.0979 0x07c4  Windows directory: C:\WINDOWS
18:19:07.0979 0x07c4  System windows directory: C:\WINDOWS
18:19:07.0979 0x07c4  Running under WOW64
18:19:07.0979 0x07c4  Processor architecture: Intel x64
18:19:07.0979 0x07c4  Number of processors: 4
18:19:07.0979 0x07c4  Page size: 0x1000
18:19:07.0979 0x07c4  Boot type: Normal boot
18:19:07.0979 0x07c4  CodeIntegrityOptions = 0x00000001
18:19:07.0979 0x07c4  ============================================================
18:19:08.0337 0x07c4  KLMD registered as C:\WINDOWS\system32\drivers\70537257.sys
18:19:08.0337 0x07c4  KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 9600.18821, osProperties = 0x19
18:19:08.0585 0x07c4  System UUID: {56F74E02-FAB4-C393-E01D-32E553A0D210}
18:19:09.0019 0x07c4  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:19:09.0050 0x07c4  ============================================================
18:19:09.0050 0x07c4  \Device\Harddisk0\DR0:
18:19:09.0050 0x07c4  GPT partitions:
18:19:09.0050 0x07c4  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {85295B63-59A4-4BC1-A307-9C7E10713A2D}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0x1FF800
18:19:09.0050 0x07c4  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {0831DFC1-F2BB-478E-A35B-D48E60218476}, Name: EFI system partition, StartLBA 0x200000, BlocksNum 0xB4000
18:19:09.0050 0x07c4  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {ABAF7924-89D0-4910-84E9-9F7783D04E42}, Name: Microsoft reserved partition, StartLBA 0x2B4000, BlocksNum 0x40000
18:19:09.0050 0x07c4  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {BDB5DEA8-599B-4F60-BE98-09087957A53A}, Name: Basic data partition, StartLBA 0x2F4000, BlocksNum 0x72D39800
18:19:09.0050 0x07c4  \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {C7DB9DAC-033B-4FF7-B0F1-BD0026FB3B02}, Name: , StartLBA 0x7302D800, BlocksNum 0xE1800
18:19:09.0050 0x07c4  \Device\Harddisk0\DR0\Partition6: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {75893AAB-7734-45B9-8DF4-1E3223B642F2}, Name: Basic data partition, StartLBA 0x7310F000, BlocksNum 0x15F7800
18:19:09.0050 0x07c4  MBR partitions:
18:19:09.0050 0x07c4  ============================================================
18:19:09.0077 0x07c4  C: <-> \Device\Harddisk0\DR0\Partition4
18:19:09.0098 0x07c4  D: <-> \Device\Harddisk0\DR0\Partition6
18:19:09.0098 0x07c4  ============================================================
18:19:09.0098 0x07c4  Initialize success
18:19:09.0098 0x07c4  ============================================================
18:19:33.0072 0x1480  ============================================================
18:19:33.0072 0x1480  Scan started
18:19:33.0072 0x1480  Mode: Manual; SigCheck; TDLFS; 
18:19:33.0072 0x1480  ============================================================
18:19:33.0072 0x1480  KSN ping started
18:19:33.0121 0x1480  KSN ping finished: true
18:19:34.0802 0x1480  ================ Scan system memory ========================
18:19:34.0802 0x1480  System memory - ok
18:19:34.0803 0x1480  ================ Scan services =============================
18:19:34.0967 0x1480  [ E1832BD9FD7E0FC2DC9FA5935DE3E8C1, 41FF7418887AFC8B9C96EF21C5950DD342CC9E3C0D87AFD60A05B988C1D6CC23 ] 1394ohci        C:\WINDOWS\System32\drivers\1394ohci.sys
18:19:35.0014 0x1480  1394ohci - ok
18:19:35.0029 0x1480  [ AD508A1A46EC21B740AB31C28EFDFDB1, 9B1046CF0B80723149BD359B55CC0B8B3ABBEAA9038469F542A4C345C503FB02 ] 3ware           C:\WINDOWS\system32\drivers\3ware.sys
18:19:35.0029 0x1480  3ware - ok
18:19:35.0061 0x1480  [ E796AE43DDD1844281DB4D57294D17C0, 21AE69615044A96041E46476BE814B52C22624B6C7EA6BFC77BB64F69C3C21F5 ] ACPI            C:\WINDOWS\system32\drivers\ACPI.sys
18:19:35.0076 0x1480  ACPI - ok
18:19:35.0092 0x1480  [ AC8279D229398BCF05C3154ADCA86813, 083E86CBE53244D24C334DB1511C77025133AE7875191845764B890A8CA5AFA9 ] acpiex          C:\WINDOWS\system32\Drivers\acpiex.sys
18:19:35.0092 0x1480  acpiex - ok
18:19:35.0107 0x1480  [ A8970D9BF23CD309E0403978A1B58F3F, 9946C8477104EEC7DB197E2222F9905307F101C398CCED4B5FD0F86A5622C791 ] acpipagr        C:\WINDOWS\System32\drivers\acpipagr.sys
18:19:35.0123 0x1480  acpipagr - ok
18:19:35.0123 0x1480  [ 111A89C99C5B4F1A7BCE5F643DD86F65, 41A2E49FF443927D05F7EF638518108227852984E68D4663C8761178C0B84A45 ] AcpiPmi         C:\WINDOWS\System32\drivers\acpipmi.sys
18:19:35.0139 0x1480  AcpiPmi - ok
18:19:35.0139 0x1480  [ 5758387D68A20AE7D3245011B07E36E7, 77832E200E8B0D259552F6F60FE454A887E3EBBB9EA2F3590E6645289A04E293 ] acpitime        C:\WINDOWS\System32\drivers\acpitime.sys
18:19:35.0139 0x1480  acpitime - ok
18:19:35.0223 0x1480  [ 9B112FDA1D5FB7B75627461001AC692A, 2EDF7C8FD59CD5FCD19FA528F60CBD6DDB9A8076AE0280B11D8EA8EAF7D39958 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:19:35.0238 0x1480  AdobeARMservice - ok
18:19:35.0322 0x1480  [ 1E849825D45BF597E82F86D6E99C42D2, 59103BC49849112BF2923E773B85FFA3405DF75589D3F23480B60E70933EFAA5 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:19:35.0337 0x1480  AdobeFlashPlayerUpdateSvc - ok
18:19:35.0368 0x1480  [ 7C1FDF1B48298CBA7CE4BDD4978951AD, 80F4D536E1231B30E836F72ADC8814AE6AA9FEC573FB5F3F965FAC8ABCCAF0F8 ] ADP80XX         C:\WINDOWS\system32\drivers\ADP80XX.SYS
18:19:35.0390 0x1480  ADP80XX - ok
18:19:35.0434 0x1480  [ BCD58DACAA1EAAADC115EDD940478F6D, F31613F583C302F62A00E6766B031531C9E193CAED563689B178BA257715B992 ] AeLookupSvc     C:\WINDOWS\System32\aelupsvc.dll
18:19:35.0447 0x1480  AeLookupSvc - ok
18:19:35.0486 0x1480  [ A460C3AF3755A2A79A3C8EFE72E147B5, 62CEA85DA53D86D3E7B5D79F94095C6126FFF3DEE1427BBF3DEF5EA366B4513B ] AFD             C:\WINDOWS\system32\drivers\afd.sys
18:19:35.0503 0x1480  AFD - ok
18:19:35.0503 0x1480  [ 7DFAEBA9AD62D20102B576D5CAC45EC8, 9FA5207335303D1E8E9A3C9E1FB82C09AD21B04382F69D777A67E48EE91D2093 ] agp440          C:\WINDOWS\system32\drivers\agp440.sys
18:19:35.0519 0x1480  agp440 - ok
18:19:35.0534 0x1480  [ FE14D249D39368CA62D8DA6BC94AC694, E1036E22BFBD3750FD2D3DA6AB939B2DD54E824F4BD3E6539EF0E45AB5453DD1 ] ahcache         C:\WINDOWS\system32\DRIVERS\ahcache.sys
18:19:35.0545 0x1480  ahcache - ok
18:19:35.0564 0x1480  [ 14A45BE6F5678339F0EC5752D9849410, DD0F60E96FAC68FBD5B86382E541408C613BD0F871D0E0A1EF9AB6E7B26E545C ] ALG             C:\WINDOWS\System32\alg.exe
18:19:35.0573 0x1480  ALG - ok
18:19:35.0600 0x1480  [ 6CF81DD5083D7F94A7E76E50429A949C, 19240502A6406924F889D1AFA975B975A300776D8B2D0557181DF13649622E2B ] AMD External Events Utility C:\WINDOWS\system32\atiesrxx.exe
18:19:35.0621 0x1480  AMD External Events Utility - ok
18:19:35.0637 0x1480  [ 7589DE749DB6F71A68489DCE04158729, 5F35EDD50737985595C9D6703237CA2ADE49AA5443331020899698EB5114A0FB ] AmdK8           C:\WINDOWS\System32\drivers\amdk8.sys
18:19:35.0637 0x1480  AmdK8 - ok
18:19:35.0893 0x1480  [ 71F8D8B977ACC5973FA042BF906E709F, 8106C5F5C8E40344CCCDB912845786DF287BDF068D7A6EF9D26B00FA1754C1BC ] amdkmdag        C:\WINDOWS\system32\DRIVERS\atikmdag.sys
18:19:36.0114 0x1480  amdkmdag - ok
18:19:36.0145 0x1480  [ 4AA027F91A8093B1CDF453B5394F6715, E6D15E959637C102A34F73F66BFDC38436575A2FEFFC3976ACF399A472F126A5 ] amdkmdap        C:\WINDOWS\system32\DRIVERS\atikmpag.sys
18:19:36.0161 0x1480  amdkmdap - ok
18:19:36.0176 0x1480  [ B46D2D89AFF8A9490FA8C98C7A5616E3, BE0765B5423B690E0F097FECD9717FAA95BFDFFDC6CF1B93DE5A19A1B7797879 ] AmdPPM          C:\WINDOWS\System32\drivers\amdppm.sys
18:19:36.0192 0x1480  AmdPPM - ok
18:19:36.0207 0x1480  [ D2BF2F94A47D332814910FD47C6BBCD2, FE273D77D119D958676E1197D9EA7B008E3B05C6192B1962A81D4223ED204C35 ] amdsata         C:\WINDOWS\system32\drivers\amdsata.sys
18:19:36.0207 0x1480  amdsata - ok
18:19:36.0223 0x1480  [ A8E04943C7BBA7219AA50400272C3C6E, 794C0BD12DF0392654E9A37AE4A24B5BE2D83F1F24F74DD48A1A0BF3AB8B1FF8 ] amdsbs          C:\WINDOWS\system32\drivers\amdsbs.sys
18:19:36.0223 0x1480  amdsbs - ok
18:19:36.0239 0x1480  [ CEA5F4F27CFC08E3A44D576811B35F50, 89DF64B81BD109BAABAE93A4603C1617241219F38DDAF325EFE6BD35FF6FD717 ] amdxata         C:\WINDOWS\system32\drivers\amdxata.sys
18:19:36.0254 0x1480  amdxata - ok
18:19:36.0342 0x1480  [ BE5AC6251F7CD342384A8E3E3694B6BA, 420C43D24047A81CFC4A2C5BE8C50D4B39A3238EDBF6F106A2F9F9895BC88AC4 ] AntiVirMailService C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
18:19:36.0358 0x1480  AntiVirMailService - ok
18:19:36.0405 0x1480  [ 30230481E43BC868DD46B8C045B43B87, 0A94AD3A11ACEDC1CE54FA886028EC40E33326C5CCE0E9D665DE3F4602CCC7D8 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
18:19:36.0422 0x1480  AntiVirSchedulerService - ok
18:19:36.0444 0x1480  [ 30230481E43BC868DD46B8C045B43B87, 0A94AD3A11ACEDC1CE54FA886028EC40E33326C5CCE0E9D665DE3F4602CCC7D8 ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
18:19:36.0460 0x1480  AntiVirService - ok
18:19:36.0507 0x1480  [ ED4AB79E74D309369EA4B12DCD4F9FA2, 1CF9A18F6FBECDDA0952861A9151677EC48C2EC9508939B01955CF8A456B325C ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
18:19:36.0546 0x1480  AntiVirWebService - ok
18:19:36.0593 0x1480  [ 9DCB42905F1EBF9CEC57EE5DF0BDA965, 4C888AAD0DDE01565FD7FBB6B70A500158CF2E4CECF9ADD4AFD302A993587269 ] AppHostSvc      C:\WINDOWS\system32\inetsrv\apphostsvc.dll
18:19:36.0608 0x1480  AppHostSvc - ok
18:19:36.0624 0x1480  [ 415DD71628795197F7AFC176CBADC74E, 5F0359053A6CD6EE239139E0E6F46E1FA9A73F017C0CE9B7BC052216B2C846EC ] AppID           C:\WINDOWS\system32\drivers\appid.sys
18:19:36.0639 0x1480  AppID - ok
18:19:36.0655 0x1480  [ 942C8297400FCFB13CEE3F3CD89C5CE5, AFD9EC35F6C44D86DD5943A2AB0B99B0C1B1783D70FD966F6467F97F0831403F ] AppIDSvc        C:\WINDOWS\System32\appidsvc.dll
18:19:36.0671 0x1480  AppIDSvc - ok
18:19:36.0686 0x1480  [ 734622FBA766DBD65B1803549B24A04A, 3B6872B87A60D4DA265D3B8AB0561A929CFE2C097419183E93D3843422363C89 ] Appinfo         C:\WINDOWS\System32\appinfo.dll
18:19:36.0702 0x1480  Appinfo - ok
18:19:36.0733 0x1480  [ 35E28923A23ADABAA5A1B43256D0AB58, A5F3AF8BBEE58B2165BAFACC5FF8B167B55B020998D3D1565C2229ED8753B269 ] AppReadiness    C:\WINDOWS\system32\AppReadiness.dll
18:19:36.0764 0x1480  AppReadiness - ok
18:19:36.0804 0x1480  [ E0F846ADE7DED88981D0908DE56FF160, D8F536438091878724A5004849306ADFB96A2778A9D958ED3DCC0CD9E35160BB ] AppXSvc         C:\WINDOWS\system32\appxdeploymentserver.dll
18:19:36.0851 0x1480  AppXSvc - ok
18:19:36.0867 0x1480  [ 65045784366F7EC5FB4E71BCF923187B, 53C215C64FF12E44B097F7CB88E8482438CE0ACBD3C68D8FD38BA0D0D8747FAA ] arcsas          C:\WINDOWS\system32\drivers\arcsas.sys
18:19:36.0867 0x1480  arcsas - ok
18:19:36.0945 0x1480  [ 8637F3119057178364D200F2462E625C, 40CAE47AA6C6B23FEB95961FD06BB3EB075CA63BB91B54CB26215A368371B343 ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
18:19:36.0961 0x1480  aspnet_state - ok
18:19:36.0976 0x1480  [ 3DB7721F06BC2FEDB25029EA23AB27DA, 221861148C66FE53E4D6EE49C6E656479AB5804A2D348A280A1CD8093E8AB788 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:19:36.0992 0x1480  AsyncMac - ok
18:19:37.0008 0x1480  [ 74B14192CF79A72F7536B27CB8814FBD, 0CF6BBB63FFE0C12777664D80B2797923844C8392D0FD81D7962EE5EE2C3C3D9 ] atapi           C:\WINDOWS\system32\drivers\atapi.sys
18:19:37.0008 0x1480  atapi - ok
18:19:37.0039 0x1480  [ 98A9D78AF74B2C7D27465029D389F567, 12EF8D3A7A9F27230A965D44DA4BD5692CF3F0A4183A822E226AC6722A35F4C4 ] AtiHDAudioService C:\WINDOWS\system32\drivers\AtihdW86.sys
18:19:37.0054 0x1480  AtiHDAudioService - ok
18:19:37.0070 0x1480  [ FC0E8778C000291CAF60EB88C011E931, 09BCCA3DE01021AEF76DFB46F01D21BA6FF409E816FA7547E5C3DFBF3A615ED2 ] atksgt          C:\WINDOWS\system32\DRIVERS\atksgt.sys
18:19:37.0086 0x1480  atksgt - ok
18:19:37.0117 0x1480  [ 431FE56F5A2F5937994CB2DA330B47DB, E5AED551529A21494114959251FDF566802DD6D9B9D86A937A0EECE53338CAC7 ] AudioEndpointBuilder C:\WINDOWS\System32\AudioEndpointBuilder.dll
18:19:37.0117 0x1480  AudioEndpointBuilder - ok
18:19:37.0148 0x1480  [ 0F03CC00645D7F841879A048787D6AC7, 3ECD2486157469F2EDB63D4868338D1445F2909153DF0AFFE432083730EEE3F5 ] Audiosrv        C:\WINDOWS\System32\Audiosrv.dll
18:19:37.0164 0x1480  Audiosrv - ok
18:19:37.0195 0x1480  [ 4621EA3385170B087A03F3C90E276B4A, 1513802CF844B1B7A70C820AEF732EDA432D44CD8726560D95F05EB5CA556CD7 ] avdevprot       C:\WINDOWS\system32\DRIVERS\avdevprot.sys
18:19:37.0211 0x1480  avdevprot - ok
18:19:37.0242 0x1480  [ 9C3F66BBFD2AFF843E54CC5E5A5D16BF, 4BC379482202BF32C6DEFA31B15F419DA7C20E1C2BCD238E2DCEEC36711E3A01 ] avgntflt        C:\WINDOWS\system32\DRIVERS\avgntflt.sys
18:19:37.0242 0x1480  avgntflt - ok
18:19:37.0275 0x1480  [ DBF479B12BDAF969745D6A7132465D9E, 0358C419E631BCF548A2AC0EECABDE768435E224EFC888345EEB4DE37D119E62 ] avipbb          C:\WINDOWS\system32\DRIVERS\avipbb.sys
18:19:37.0283 0x1480  avipbb - ok
18:19:37.0346 0x1480  [ DE95D50745E7A3D4CF54D63A32C9CB83, 7125BE1C830EFFDFBB906F62BCDFA107F15987DD2CCC1EB6C5014E48E1373238 ] Avira.ServiceHost C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
18:19:37.0368 0x1480  Avira.ServiceHost - ok
18:19:37.0404 0x1480  [ 2CBA09A7983B1D39531B768BCED08C20, B40968DFE1A648CCB9260033E1EA57B5D496274A335B000354156B0DB740EDE0 ] avkmgr          C:\WINDOWS\system32\DRIVERS\avkmgr.sys
18:19:37.0413 0x1480  avkmgr - ok
18:19:37.0434 0x1480  [ 8D18C6406FF8DC39028177E1E5675182, 44985DEE74F235567FB849350256F342BCE26EF66439D761FA3F6EDA22882092 ] avnetflt        C:\WINDOWS\system32\DRIVERS\avnetflt.sys
18:19:37.0450 0x1480  avnetflt - ok
18:19:37.0458 0x1480  [ 3C6ED74AF41DD1A5585CE5EF3D00915F, A742F576407776634E5A8E49C60023FFDF395DE0B2DE36662A23F85B79405ED2 ] AxInstSV        C:\WINDOWS\System32\AxInstSV.dll
18:19:37.0475 0x1480  AxInstSV - ok
18:19:37.0490 0x1480  [ A4A73F631FE2AA2826FBE4A399B04DEF, 973AACE8DC8DA669D0DF20F17EFDEEABB90AA046AC980948D16A62D39A606A79 ] b06bdrv         C:\WINDOWS\system32\drivers\bxvbda.sys
18:19:37.0510 0x1480  b06bdrv - ok
18:19:37.0552 0x1480  [ 8CC7F7E4AFCBA605921B137ED7992C68, 71406E6D6E9964740A6D90B05329D5492BB90AF40E0630CF2FBF4BA4BA14F2DD ] BasicDisplay    C:\WINDOWS\System32\drivers\BasicDisplay.sys
18:19:37.0561 0x1480  BasicDisplay - ok
18:19:37.0589 0x1480  [ 195BD339B4B782B42C19489DCFB4D110, E63CC0AEF1875D5D127E341CF65117DABC9E376A83E615EC8D01F6AB705DABAD ] BasicRender     C:\WINDOWS\System32\drivers\BasicRender.sys
18:19:37.0598 0x1480  BasicRender - ok
18:19:37.0607 0x1480  [ C1ABB0F7E3BEA48A0417BDF6FF14AB21, 1CAC63A1A0FB9855A27EE977794576A860F6650C9EF7667FFB27F2A2FF721857 ] bcmfn2          C:\WINDOWS\System32\drivers\bcmfn2.sys
18:19:37.0612 0x1480  bcmfn2 - ok
18:19:37.0630 0x1480  [ 174394F4EF93C117BF7BE3878046A1B1, D58E868342D1DAFC4B04384A3713F729DF07F408AA6AE4762E6A4244F976526A ] BDESVC          C:\WINDOWS\System32\bdesvc.dll
18:19:37.0644 0x1480  BDESVC - ok
18:19:37.0673 0x1480  [ EC19013E4CF87609534165DF897274D6, 8ED45537CF2D58D759A587CCBFDADD5580C7447B0C3B172CF19ECC7585E073FC ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
18:19:37.0681 0x1480  Beep - ok
18:19:37.0717 0x1480  [ 5059D93764340D4EAEDF49C47133118F, 26C5779469E04BEAFD290B619CA355648F3911C66D41B22D2C3DCA909FCA0F6E ] BFE             C:\WINDOWS\System32\bfe.dll
18:19:37.0741 0x1480  BFE - ok
18:19:37.0791 0x1480  [ 48554994279BFE17A3D2B00076D0CB1A, 6521B1EC0BC6B01F63976370D89FE7DC2E7404899F68B6FAC37A9173B9C5D489 ] BITS            C:\WINDOWS\System32\qmgr.dll
18:19:37.0822 0x1480  BITS - ok
18:19:37.0838 0x1480  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files (x86)\Blizzard\Bonjour Service\mDNSResponder.exe
18:19:37.0854 0x1480  Bonjour Service - ok
18:19:37.0869 0x1480  [ 4938A9236300A356F97E378491EE4844, 60D892960D48EEF48F8EC4DE4F174EBD0BC0E7B28B6D8723D554CD1979EB55B4 ] bowser          C:\WINDOWS\system32\DRIVERS\bowser.sys
18:19:37.0903 0x1480  bowser - ok
18:19:37.0919 0x1480  [ FA601515FF2B59F25FDD8EDB1D2A1104, 21DFB53241F8E880F7546B9ADF38F47D6AD0782EC7F8F0284ED69DE7CEF7DCB9 ] BrokerInfrastructure C:\WINDOWS\System32\bisrv.dll
18:19:37.0934 0x1480  BrokerInfrastructure - ok
18:19:37.0967 0x1480  [ BC111AADACD0BF59D56547461D13AB6E, 91E3619930C29EE4B2683683888BA7EE3CF6B1DDB0C19A14E0880470CBE40EF4 ] Browser         C:\WINDOWS\System32\browser.dll
18:19:37.0977 0x1480  Browser - ok
18:19:37.0992 0x1480  [ A8F23D453A424FF4DE04989C4727ECC7, AE4A9081395C7379F1C947EF8243F7609F90C843E086B8E77E1A2C06E36D4381 ] BthAvrcpTg      C:\WINDOWS\System32\drivers\BthAvrcpTg.sys
18:19:38.0001 0x1480  BthAvrcpTg - ok
18:19:38.0024 0x1480  [ 272A62B660A48AEF366F8A1836CED19F, 78EFAC6B1B2313482329BBFFBF0DDA6462BD88E5BE3C817C5E8E0EAF3074C925 ] BthHFEnum       C:\WINDOWS\System32\drivers\bthhfenum.sys
18:19:38.0033 0x1480  BthHFEnum - ok
18:19:38.0039 0x1480  [ 71FE2A48E4C93DDB9798C024880B6C07, 8E93DE29C61A5FA64216231228CB3C4A1A693FE87CAA2C070BCAD7BE2D8ED000 ] bthhfhid        C:\WINDOWS\System32\drivers\BthHFHid.sys
18:19:38.0048 0x1480  bthhfhid - ok
18:19:38.0071 0x1480  [ 9307A4B743D277C499CDA8E19E5687AC, 7A01989EC3D54581F292BDEDC9B9445F2ABD50165102617E3089BDD061C63A19 ] BthHFSrv        C:\WINDOWS\System32\BthHFSrv.dll
18:19:38.0085 0x1480  BthHFSrv - ok
18:19:38.0093 0x1480  [ EF4B9E7C9AD88C00C18A12B0D22D1894, 672537E75201E690D86CD65252B8AEF887C76EBD37AB0C419462D69164B350CC ] BTHMODEM        C:\WINDOWS\System32\drivers\bthmodem.sys
18:19:38.0102 0x1480  BTHMODEM - ok
18:19:38.0120 0x1480  [ 043A0F37631BF453F16D478B71320F46, C368296B802984F438852927B8A40EA3F4205724A05828F3173F08EC17228356 ] bthserv         C:\WINDOWS\system32\bthserv.dll
18:19:38.0130 0x1480  bthserv - ok
18:19:38.0155 0x1480  [ 2FA6510E33F7DEFEC03658B74101A9B9, 61C8C8E3F09B427711464C974EE22E1E01C48E10DB54A4EC9901F482FC36C978 ] cdfs            C:\WINDOWS\system32\DRIVERS\cdfs.sys
18:19:38.0155 0x1480  cdfs - ok
18:19:38.0171 0x1480  [ C6796EA22B513E3457514D92DCDB1A3D, 2B893F3950C6B913B934C2089B69F3B0B77F229AE1820907E598455CBB78139C ] cdrom           C:\WINDOWS\System32\drivers\cdrom.sys
18:19:38.0186 0x1480  cdrom - ok
18:19:38.0206 0x1480  [ ACFDC4EE40EC6E4A0AB91D923B8288C8, D31555AB31F504C247049219BE0ECDF26BB18E210BE7C45E8575FD166FD7EE23 ] CertPropSvc     C:\WINDOWS\System32\certprop.dll
18:19:38.0214 0x1480  CertPropSvc - ok
18:19:38.0229 0x1480  [ BE9936EDD3267FAAFF94A7835867F00B, 3CEEF2377D45ED38C7CD3CE4C746EC5EA7277EFEC728A5438F0EF5F62FC7C859 ] circlass        C:\WINDOWS\System32\drivers\circlass.sys
18:19:38.0229 0x1480  circlass - ok
18:19:38.0261 0x1480  [ 39D72BA91AFE3C81C1AB0DE41AA07EF3, E5FCE197700E68D48A1701030AAF33E41C44A929B47D79B5C91C68B86684FFB0 ] CLFS            C:\WINDOWS\system32\drivers\CLFS.sys
18:19:38.0276 0x1480  CLFS - ok
18:19:38.0317 0x1480  [ 075CCE75090786F124573A788C8656E6, AA188CFF2F8EE2D9F50701AB2315D24E15D7715FD84F5054D3FC175D4BD35734 ] CLVirtualDrive  C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys
18:19:38.0317 0x1480  CLVirtualDrive - ok
18:19:38.0333 0x1480  [ EF6EF85DADC3184A10D8F2F7159973CB, 42FCB286CED95A5DEBC5C0C894FCBC4818A2C818BB71087142FB51A08A0BE96B ] CmBatt          C:\WINDOWS\System32\drivers\CmBatt.sys
18:19:38.0349 0x1480  CmBatt - ok
18:19:38.0396 0x1480  [ C8823A6ECE66B997C8E9F413D1D671E7, D739A194BCA4C1979C5B2A71F4B8DAB0BCC1524808C50BA302847B6C82D77250 ] CNG             C:\WINDOWS\system32\Drivers\cng.sys
18:19:38.0423 0x1480  CNG - ok
18:19:38.0438 0x1480  [ 03AAED827C36F35D70900558B8274905, 8E44A23C6013FFAE7769F99CAA3B1D6288DE00A38937F9056903AC265B503AFA ] CompositeBus    C:\WINDOWS\System32\drivers\CompositeBus.sys
18:19:38.0464 0x1480  CompositeBus - ok
18:19:38.0467 0x1480  COMSysApp - ok
18:19:38.0477 0x1480  [ A1FF7DFBFBE164CF92603C651D304DD2, 470ACE5A75E64FC62C950037201199857E974803625DC73BEDBCF6FA4DDD496C ] condrv          C:\WINDOWS\system32\drivers\condrv.sys
18:19:38.0488 0x1480  condrv - ok
18:19:38.0523 0x1480  [ 6324F0D18FB52833BA64BC828E29054C, 04118FA1BDFC512F76E4A81FEF34C78B6BD98429DB1D65123B6802B4A1E30584 ] CryptSvc        C:\WINDOWS\system32\cryptsvc.dll
18:19:38.0526 0x1480  CryptSvc - ok
18:19:38.0557 0x1480  [ 389C998C64319CD97625B0550E52ECFA, DD0EDDD9C8412F78D2D2B648D67DA887C3040E05DF29F48F71299CB68FDDD0F8 ] dam             C:\WINDOWS\system32\drivers\dam.sys
18:19:38.0565 0x1480  dam - ok
18:19:38.0623 0x1480  [ 20CC6E9FE25ACD34BE4FCDDB7B08364D, 295B2BBDC860A4CD65CD09C975D08CA1B8E4FE60AD0CA084CAB149A3E9D64B40 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
18:19:38.0655 0x1480  DcomLaunch - ok
18:19:38.0669 0x1480  [ 95E1ABFB27F8A62ED764805775F0D2F3, 692865DA60C93481E01592883678B2C51FD9AC9A835DFB00A8E3F2DFEE7AB0ED ] defragsvc       C:\WINDOWS\System32\defragsvc.dll
18:19:38.0686 0x1480  defragsvc - ok
18:19:38.0700 0x1480  [ FF086DEF5995558CCB1B5AAC2110195D, CED52FF01F9247BFDAFC5C7EFC538F8638146ED715574A422496EE0F846CB079 ] DeviceAssociationService C:\WINDOWS\system32\das.dll
18:19:38.0716 0x1480  DeviceAssociationService - ok
18:19:38.0726 0x1480  [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] DeviceInstall   C:\WINDOWS\system32\umpnpmgr.dll
18:19:38.0737 0x1480  DeviceInstall - ok
18:19:38.0746 0x1480  [ 4FED6AD69C9EE1EE7FD3C88437138855, 71E0863898F2E3B1F9769C8A9980E2063042961D417FE0C969B2E5B7A0013978 ] Dfsc            C:\WINDOWS\system32\Drivers\dfsc.sys
18:19:38.0756 0x1480  Dfsc - ok
18:19:38.0771 0x1480  [ 3EEAADA3125431980E5804ED7143458A, 381E12C83E3211C255B321D35536F4049D67E31061F8D82155E4D4509E97F43D ] Dhcp            C:\WINDOWS\system32\dhcpcore.dll
18:19:38.0786 0x1480  Dhcp - ok
18:19:38.0837 0x1480  [ 0AC9F83A5508935DE89C447473085EEA, 223782B17BACEFB0A663EB13514B68B919C95EF641CDDA7AC30CB239BC4307EC ] DiagTrack       C:\WINDOWS\system32\diagtrack.dll
18:19:38.0872 0x1480  DiagTrack - ok
18:19:38.0905 0x1480  [ BF6D8575DDF30384939B2D5251F27C1F, 1605530BC61FB726F1095C5B5C8E27B18C06BCE01948550988E9EDCEBBCC0B3D ] disk            C:\WINDOWS\system32\drivers\disk.sys
18:19:38.0914 0x1480  disk - ok
18:19:38.0929 0x1480  [ EB70A894708D1BC176AFD690FF06085F, 0DD2A97F5E1B38D1F7C0D44E50F09EA222B18B3B074CC9C8CD25A7526CB1A112 ] dmvsc           C:\WINDOWS\System32\drivers\dmvsc.sys
18:19:38.0937 0x1480  dmvsc - ok
18:19:38.0949 0x1480  [ D9F407D006C916B7EC167858F88F13EB, 0D0FF69F9C695A2371DF798429EA2AA7B96F1C552EDC70DA4DD61EC8BD5563A3 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
18:19:38.0961 0x1480  Dnscache - ok
18:19:38.0973 0x1480  [ 811EACBCC7C51A03AE11F13CC27B2AB6, FAB94F84950FFB7D3649BAFB8D96D43B880D7FDE8D5B879472AE26C4BC4203B0 ] dot3svc         C:\WINDOWS\System32\dot3svc.dll
18:19:38.0985 0x1480  dot3svc - ok
18:19:38.0999 0x1480  [ B99CB575986789A93A683DCF292A43A1, 6ACEA31C723B74003E106FC8303542FCC6DBC4952B6B523F6590D006BE57238D ] DPS             C:\WINDOWS\system32\dps.dll
18:19:39.0011 0x1480  DPS - ok
18:19:39.0023 0x1480  [ 00C594D5A1DBD22AD8B2902B9F6EFF94, 2920D62B5F7C49A8AFA80FCAD1E834BBAA670AEBDD7E6F21F0496D1D3CCB4E90 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
18:19:39.0030 0x1480  drmkaud - ok
18:19:39.0044 0x1480  [ 263625A4F616538EB867B6306A6590DB, 2A064720C247EAA3446EFDCC9E01D84CBA875905D78DFED0FBD62D1EE422D416 ] DsmSvc          C:\WINDOWS\System32\DeviceSetupManager.dll
18:19:39.0056 0x1480  DsmSvc - ok
18:19:39.0095 0x1480  [ 24C40570BAFEA48E9CB2B87008DCA152, 2D7CCBE5C354667BFBA0B6D6B8F34201AD2992273FB98767C9AD3C72D890A628 ] DXGKrnl         C:\WINDOWS\System32\drivers\dxgkrnl.sys
18:19:39.0120 0x1480  DXGKrnl - ok
18:19:39.0136 0x1480  [ E253530BD5EDE28F1FF6AF93C4D8034D, 787A70C3E946348F066FB8EB81FCE60157217D93FD78ADC631B5835E8D76A253 ] Eaphost         C:\WINDOWS\System32\eapsvc.dll
18:19:39.0152 0x1480  Eaphost - ok
18:19:39.0254 0x1480  [ 114BCFDF367FF37C3F1B0A96AF542E4D, D385BC1D91BC1406091C8C3691C07A90BD60EDE05B1384E5AA3506FCB909C857 ] ebdrv           C:\WINDOWS\system32\drivers\evbda.sys
18:19:39.0330 0x1480  ebdrv - ok
18:19:39.0356 0x1480  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] EFS             C:\WINDOWS\System32\lsass.exe
18:19:39.0364 0x1480  EFS - ok
18:19:39.0371 0x1480  [ 43531A5993380CC5113242C29D265FD9, EE0076D96F7F3CF29884AC7A67C08A429115A7201354A1FB5DE45FD63ABB4960 ] EhStorClass     C:\WINDOWS\system32\drivers\EhStorClass.sys
18:19:39.0380 0x1480  EhStorClass - ok
18:19:39.0393 0x1480  [ 6F8E738A9505A388B1157FDDE7B3101B, 3696CA634102B41EEA11EB9DCA0B24439D8636AED4A7190C138C5E64A2EFB514 ] EhStorTcgDrv    C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys
18:19:39.0402 0x1480  EhStorTcgDrv - ok
18:19:39.0416 0x1480  [ DFFFAE1442BA4076E18EED5E406FA0D3, 329FC6FB8D14BEACDBE2A5D4C496EDEA485E838B1DF27566E278F8F8E0D8E82E ] ErrDev          C:\WINDOWS\System32\drivers\errdev.sys
18:19:39.0424 0x1480  ErrDev - ok
18:19:39.0463 0x1480  [ F00C593994D57C75273F820653440536, 2DC986D9890EC907405FB2045E6F55ACC384169B45F0B56CCB1A953CF71D9A5D ] EventSystem     C:\WINDOWS\system32\es.dll
18:19:39.0480 0x1480  EventSystem - ok
18:19:39.0497 0x1480  [ 7729D294A555C7AEB281ED8E4D0E01E4, 7269E79D72CCE477AC108294D0DDFB59CF533B03C587599C5AB0507C43A0B6D4 ] exfat           C:\WINDOWS\system32\drivers\exfat.sys
18:19:39.0512 0x1480  exfat - ok
18:19:39.0529 0x1480  [ 7C4E0D5900B2A1D11EDD626D6DDB937B, 732F310F8F6016C56F432A81636B13CE0124A802FE8DD91287B618EED22C9A1D ] fastfat         C:\WINDOWS\system32\drivers\fastfat.sys
18:19:39.0540 0x1480  fastfat - ok
18:19:39.0572 0x1480  [ 304B6AEC4639A7CCCCF544C6BA6177B2, B75CDD52FD3890B3008E06C503945D1E36478F0EC5E067C8DBC2822D7935D24B ] Fax             C:\WINDOWS\system32\fxssvc.exe
18:19:39.0590 0x1480  Fax - ok
18:19:39.0601 0x1480  [ 5D8402613E778B3BD45E687A8372710B, EE9EA10805168D309A609B9019AEC5961EE46D18207B5E0EA2DE4064A5770AF8 ] fdc             C:\WINDOWS\System32\drivers\fdc.sys
18:19:39.0610 0x1480  fdc - ok
18:19:39.0629 0x1480  [ 020D2F29009F893ADEFF4405B4B44565, 9F8501064C72933D1442DA00E70392B30D0207EB7D60F50E6648FF363799E6F1 ] fdPHost         C:\WINDOWS\system32\fdPHost.dll
18:19:39.0629 0x1480  fdPHost - ok
18:19:39.0645 0x1480  [ E80D2EDD2F88B6E20076A0A4F5A5A245, E3CD6E0BE152B22E8A7340EFFD10CCDB1B632CD3EDF487E83F697D2E22A7D594 ] FDResPub        C:\WINDOWS\system32\fdrespub.dll
18:19:39.0660 0x1480  FDResPub - ok
18:19:39.0660 0x1480  [ 47AB7D16EDE434B934AA4D661456C2D5, D375A92FB3E4BB0A8DA5270DACC888E53FB9F514516039FE6DAE4D4EF6B9A970 ] fhsvc           C:\WINDOWS\system32\fhsvc.dll
18:19:39.0676 0x1480  fhsvc - ok
18:19:39.0676 0x1480  [ BCFD8B149B3ADF92D0DB1E909CAF0265, 002B085C131473642450176B4B8359F3E5B04350AFB659B9C0F9EB587D1181E7 ] FileInfo        C:\WINDOWS\system32\drivers\fileinfo.sys
18:19:39.0696 0x1480  FileInfo - ok
18:19:39.0705 0x1480  [ A1A66C4FDAFD6B0289523232AFB7D8AF, 0F5832F626BB62190D5F3A088CE6E048D8A400CCF9EA527F06973CAD96D3A81C ] Filetrace       C:\WINDOWS\system32\drivers\filetrace.sys
18:19:39.0715 0x1480  Filetrace - ok
18:19:39.0715 0x1480  [ BE743083CF7063C486A4398E3AEFE59A, 85796D89943DD6FE3932C1ED6CF01470C1B4DFD243C390B07055FFDA3C231551 ] flpydisk        C:\WINDOWS\System32\drivers\flpydisk.sys
18:19:39.0731 0x1480  flpydisk - ok
18:19:39.0747 0x1480  [ C1FB505A73FA2E9019D32444AB33B75A, 765F0635C18295855CA4C0394192E8B94BA2EA1C4D74F86B720358ABA019FFAA ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
18:19:39.0762 0x1480  FltMgr - ok
18:19:39.0794 0x1480  [ 223CD19D2F84B7B42081F4FB530B658F, 4A9D1A6688C3C8F0B866B0FE2715C9FBA62BE66D4ADCC327A8CABF9EA876A664 ] FontCache       C:\WINDOWS\system32\FntCache.dll
18:19:39.0833 0x1480  FontCache - ok
18:19:39.0879 0x1480  [ 1C52387BF5A127F5F3BFB31288F30D93, 90D13F60170CD74304F3036A90D596AA3E1E134455A780310BDF67AC7815F2E7 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:19:39.0895 0x1480  FontCache3.0.0.0 - ok
18:19:39.0895 0x1480  [ A7C31B168F371E8E6796219F23E354DB, C51C9BF568F1E96CBBE57D2432B38F93F40520086DDB6AAAAC48CBCD1691B441 ] FsDepends       C:\WINDOWS\system32\drivers\FsDepends.sys
18:19:39.0919 0x1480  FsDepends - ok
18:19:39.0919 0x1480  [ 09F460AFEDCA03F3BF6E07D1CCC9AC42, B832091BC9B2C2FE38A4BCA132ABB58251E851F21EC6F39636E73777AB9A5791 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:19:39.0934 0x1480  Fs_Rec - ok
18:19:39.0966 0x1480  [ D4AB6EE3D715BC44C00277FD934FAACF, DE8A8B14D7BA73BA1B5A833DE193CA65EDFE512A57D84F4F2CE19D9646D97F4E ] fvevol          C:\WINDOWS\system32\DRIVERS\fvevol.sys
18:19:39.0981 0x1480  fvevol - ok
18:19:39.0981 0x1480  [ 9591D0B9351ED489EAFD9D1CE52A8015, AC64C236C3AE545FCE8ED44A4A87FB86265A453BA60026EC9A4DE2B631E99996 ] FxPPM           C:\WINDOWS\System32\drivers\fxppm.sys
18:19:39.0997 0x1480  FxPPM - ok
18:19:39.0997 0x1480  [ FC3EF65EE20D39F8749C2218DBA681CA, 12980F1DE99B25E6920A33556F3ABDA5EC9BFE4757BE602130B5E939D8D25CE3 ] gagp30kx        C:\WINDOWS\system32\drivers\gagp30kx.sys
18:19:40.0020 0x1480  gagp30kx - ok
18:19:40.0083 0x1480  [ B2B8C836ECA440E01191BD042732BF46, F4AD185CFF77DD872AF5F2C9297716F8011B4497D436D692464DB8CEF8FCA2E3 ] GalaxyClientService C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe
18:19:40.0099 0x1480  GalaxyClientService - ok
18:19:40.0294 0x1480  [ 4C024A3FF148E69092E295144DF81E75, 374874173AD29630677639EE93F36A144ACFA4A07D42D7652D89213CA4D65DD1 ] GalaxyCommunication C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe
18:19:40.0437 0x1480  GalaxyCommunication - ok
18:19:40.0468 0x1480  [ 0BF5CAD281E25F1418E5B8875DC5ADD1, 0929AD8437DD78234553D8B2CDF0D6838FD54ACDE1918AFEBE48684EB32A07A3 ] gencounter      C:\WINDOWS\System32\drivers\vmgencounter.sys
18:19:40.0468 0x1480  gencounter - ok
18:19:40.0484 0x1480  [ A1F556318931B9EA276F4E2DA2C1791C, 1E5564A9B213689C56BFBBEC1A7BBFAD78DF1FB55422171C0680935338C5DE57 ] ggflt           C:\WINDOWS\System32\drivers\ggflt.sys
18:19:40.0484 0x1480  ggflt - ok
18:19:40.0499 0x1480  [ 7F56A3E09A6AD40B07E4EFAD34A40A18, E0EC4293035162E9EFA89A45FFF26B5BC829F7BB7F4D2D5A2CAA5E88AC6DC0C9 ] ggsomc          C:\WINDOWS\System32\drivers\ggsomc.sys
18:19:40.0499 0x1480  ggsomc - ok
18:19:40.0524 0x1480  [ 8DF1254093B5C354CE725EB6B9B0DE19, DE6C5661CC076DA44B8A5D044FDB7280EDCF38D322A98C14FDC82E25586B3014 ] GPIOClx0101     C:\WINDOWS\system32\Drivers\msgpioclx.sys
18:19:40.0534 0x1480  GPIOClx0101 - ok
18:19:40.0586 0x1480  [ 2DAFF4F76A90E3C523C2FE50338537E9, 625745E538208B50E8F5A9A2C09C6CD03D51E424BB16BC6C5B156CBC25373B6D ] gpsvc           C:\WINDOWS\System32\gpsvc.dll
18:19:40.0617 0x1480  gpsvc - ok
18:19:40.0678 0x1480  [ 750446ED76A5D13E902174DDDDA1A62B, F67355A6659E21D8D97E6982B28F22453F8C298E822E27FADDB440DA4A6DE7C0 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:19:40.0695 0x1480  gupdate - ok
18:19:40.0703 0x1480  [ 750446ED76A5D13E902174DDDDA1A62B, F67355A6659E21D8D97E6982B28F22453F8C298E822E27FADDB440DA4A6DE7C0 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:19:40.0716 0x1480  gupdatem - ok
18:19:40.0728 0x1480  [ D4B7ED39C7900384D9E5C1283F1E7926, F93F98858067B40F1C071EAD0F8E85442A78B95342BC692AF4D726540634923F ] HDAudBus        C:\WINDOWS\System32\drivers\HDAudBus.sys
18:19:40.0737 0x1480  HDAudBus - ok
18:19:40.0747 0x1480  [ 10A70BC1871CD955D85CD88372724906, 2480A74854D0A89FF028EE9BA41224D4B2F9B0863066BFC43097920794FEE08D ] HidBatt         C:\WINDOWS\System32\drivers\HidBatt.sys
18:19:40.0755 0x1480  HidBatt - ok
18:19:40.0780 0x1480  [ 42F88B57CAE42FC10059C887B3FCFCEA, 9363AA2B8E839A6935A7C6A36C491938DF78024886DCCE6D29CB18E1D6A6D806 ] HidBth          C:\WINDOWS\System32\drivers\hidbth.sys
18:19:40.0790 0x1480  HidBth - ok
18:19:40.0797 0x1480  [ C241A8BAFBBFC90176EA0F5240EACC17, 571E20B87818618BE9179986177D55739A240F04D1F740B3C1B7809B9427B767 ] hidi2c          C:\WINDOWS\System32\drivers\hidi2c.sys
18:19:40.0805 0x1480  hidi2c - ok
18:19:40.0830 0x1480  [ 9BDDEE26255421017E161CCB9D5EDA95, B766FD5E31708F29384F69418FC33C4BCC6E3064AA553D5B1D30EE0B8B1BFB40 ] HidIr           C:\WINDOWS\System32\drivers\hidir.sys
18:19:40.0838 0x1480  HidIr - ok
18:19:40.0853 0x1480  [ EA85B5093DF7B5C3E80362B053740AE2, 1D4251385402A2ADEE8FA1642F54180304F88337DA74989BDE44025ABB145FE5 ] hidserv         C:\WINDOWS\system32\hidserv.dll
18:19:40.0869 0x1480  hidserv - ok
18:19:40.0869 0x1480  [ 49676FEC898AB2A11B157F848269A56E, 011E6DDEF9570212520F92FEFD205E1F8104F198B57C40D11BE857FCBCC5F68D ] HidUsb          C:\WINDOWS\System32\drivers\hidusb.sys
18:19:40.0885 0x1480  HidUsb - ok
18:19:40.0900 0x1480  [ 93C4315F47F8D635C6DB0DF49FCE10EE, 70C52B8927D54ACD23F27948780B522974250FD5CD81AA9801C3F158C402889F ] hkmsvc          C:\WINDOWS\system32\kmsvc.dll
18:19:40.0916 0x1480  hkmsvc - ok
18:19:40.0932 0x1480  [ AC49522ED106BD4B545D6614D71C2445, 40BD738A301170378ECFC031635EB04E2F812B676376CADDD6607ECABEC9255F ] HomeGroupListener C:\WINDOWS\system32\ListSvc.dll
18:19:40.0947 0x1480  HomeGroupListener - ok
18:19:40.0978 0x1480  [ 99932E30CE0283B73BB6E5019E150394, 1F88C2F56A7B8E1F75E6359281F418F9661DA4FB7B7D7B14FA7F718B15D4DCE0 ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll
18:19:40.0994 0x1480  HomeGroupProvider - ok
18:19:41.0041 0x1480  [ 77E81E788CC63E65272A7D247F441505, EA57947495A6FD5B6FCC06AD396AEEEEE44AA5EB924B1A4D71C81B1265120F7B ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
18:19:41.0057 0x1480  HP Support Assistant Service - ok
18:19:41.0072 0x1480  [ E2550FBBBA31E2D4F9757E0A533689F0, 0AE6B0D89E74E57F87A6431D005BFF4213AC4C98A74A7C796894FC2A8D42E0DD ] HPConnectedRemote c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
18:19:41.0088 0x1480  HPConnectedRemote - ok
18:19:41.0135 0x1480  [ 9B7EDD3FE7C211C36E921D34D18A3A0A, 03A450F85A042F9668D1560FA2B8B89783568C87CDB1A8685CDA2AC9FE3761C3 ] hpqwmiex        C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
18:19:41.0166 0x1480  hpqwmiex - ok
18:19:41.0182 0x1480  [ A6AACEA4C785789BDA5912AD1FEDA80D, D197012A5DA6AB3F76FF298336DF0CF027C07ECC71267BAEF5912DE12893E096 ] HpSAMD          C:\WINDOWS\system32\drivers\HpSAMD.sys
18:19:41.0197 0x1480  HpSAMD - ok
18:19:41.0228 0x1480  [ 61C5D4EF4BE4EA271B90135490C67447, E44027338E1DF863372ECF6EFF02C881F938C7D7751C8810AABDF1E13E33DDC5 ] HTTP            C:\WINDOWS\system32\drivers\HTTP.sys
18:19:41.0260 0x1480  HTTP - ok
18:19:41.0275 0x1480  [ 90656C0B3864804B090434EFC582404F, BDB60050B729AACB9E009AC7129BEBD6298BBD8A9DB14B817D02E8E13669BD6E ] hwpolicy        C:\WINDOWS\system32\drivers\hwpolicy.sys
18:19:41.0291 0x1480  hwpolicy - ok
18:19:41.0291 0x1480  [ 6D6F9E3BF0484967E52F7E846BFF1CA1, C982966BDE6A3E6773D9441ADA7A3B08D13511DFC68D04DF303248B942423F38 ] hyperkbd        C:\WINDOWS\System32\drivers\hyperkbd.sys
18:19:41.0307 0x1480  hyperkbd - ok
18:19:41.0322 0x1480  [ 907C870F8C31F8DDD6F090857B46AB25, 308664A31717383D06185875E76C6612407A9F04E7DB28404F574A5706C6715D ] HyperVideo      C:\WINDOWS\system32\DRIVERS\HyperVideo.sys
18:19:41.0322 0x1480  HyperVideo - ok
18:19:41.0353 0x1480  [ 49EE0AE9E5B64FFBBD06D55C4984B598, 8866627F9241B24A59C81D8BCC67A4DCA87576F589599BA291D0E323F679EB4D ] i8042prt        C:\WINDOWS\System32\drivers\i8042prt.sys
18:19:41.0353 0x1480  i8042prt - ok
18:19:41.0369 0x1480  [ 5D90E32E36CE5D4C535D17CE08AEAF05, 976A463343E8C8308AFBE9E64DF56C430D2241DE002430D00318AB065EB72E4A ] iaLPSSi_GPIO    C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys
18:19:41.0369 0x1480  iaLPSSi_GPIO - ok
18:19:41.0394 0x1480  [ DD05E7E80F52ADE9AEB292819920F32C, E71AB6A50B0F90C8F94569CE89F66F915A0A4A00D4AC091B2E5E750D88CFC334 ] iaLPSSi_I2C     C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys
18:19:41.0401 0x1480  iaLPSSi_I2C - ok
18:19:41.0423 0x1480  [ 08BFE413B0B4AA8DFA4B5684CE06D3DC, 95DEEBB203E12EE6E191F5247A74C04AEC0E16DE981FADDC4D6C42EE41D8D079 ] iaStorAV        C:\WINDOWS\system32\drivers\iaStorAV.sys
18:19:41.0426 0x1480  iaStorAV - ok
18:19:41.0457 0x1480  [ A2200C3033FA4EF249FC096A7A7D02A2, 5819F5C2020DE2EEE339B0C08CD4B1E3490EAFBBEA1277CE649DB5A5150986B0 ] iaStorV         C:\WINDOWS\system32\drivers\iaStorV.sys
18:19:41.0472 0x1480  iaStorV - ok
18:19:41.0472 0x1480  IEEtwCollectorService - ok
18:19:41.0531 0x1480  [ 02211401EFFC4965C014C8F9696539A2, 4C58DA5FF219B25B84A0C351436F07F13FCACEDFECDD7BCC91DE129F11FE36A8 ] IKEEXT          C:\WINDOWS\System32\ikeext.dll
18:19:41.0556 0x1480  IKEEXT - ok
18:19:41.0641 0x1480  [ C99F8E90DE4B8F0C7FE15BB1CBCD29DC, F791EE101EEF8B9F48102B6C63A89B78F7C0041C750C4F4C0D16D54B583B7B5C ] Intel(R) Capability Licensing Service Interface c:\Program Files\Intel\iCLS Client\HeciServer.exe
18:19:41.0657 0x1480  Intel(R) Capability Licensing Service Interface - ok
18:19:41.0673 0x1480  [ 30E9FAC23E2537D82F2836CB81AEE186, 03E5072D43ECED70EF004D2E6E654B4CCCE059825CC3C641C0534E4C0BC0C7E8 ] Intel(R) ME Service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
18:19:41.0688 0x1480  Intel(R) ME Service - ok
18:19:41.0704 0x1480  [ 4E448FCFFD00E8D657CD9E48D3E47157, 4A958CF0BF8DAEAE5E008500BA67CE89B21388592811274331EE39CAC1043A00 ] intelide        C:\WINDOWS\system32\drivers\intelide.sys
18:19:41.0720 0x1480  intelide - ok
18:19:41.0741 0x1480  [ 7AA01AB1C110916825E6E1389F1B9AF2, E2885955AFA0908E194B1BC364C9582249B2B2AFFF93F17F3414F55B1E5F2C42 ] intelpep        C:\WINDOWS\system32\drivers\intelpep.sys
18:19:41.0744 0x1480  intelpep - ok
18:19:41.0760 0x1480  [ 47E74A8E53C7C24DCE38311E1451C1D9, 79B06E37A552C8A847404D4C572CDB8CF525354D8AE3BEBC06892B7C3B330761 ] intelppm        C:\WINDOWS\System32\drivers\intelppm.sys
18:19:41.0776 0x1480  intelppm - ok
18:19:41.0791 0x1480  [ 9DB76D7F9E4E53EFE5DD8C53DE837514, 07BA4EDA9BE9139A689A2C3EFC1D1A4F3D1216625ED145F313398292A2CD5703 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:19:41.0791 0x1480  IpFilterDriver - ok
18:19:41.0822 0x1480  [ B452623C1DE60544054E784D94A7AA47, 57AECDEE0AB2B80DFFE11E43608988D46E9169288CB56D644DDE2CAFED6AFD40 ] iphlpsvc        C:\WINDOWS\System32\iphlpsvc.dll
18:19:41.0857 0x1480  iphlpsvc - ok
18:19:41.0873 0x1480  [ C800DCD904016B2BF6AB541083770A3A, 95A8FB9AB2818A4F44AFCBF2715B0B3024DCE38E1406EA639F2A5ECA105D2290 ] IPMIDRV         C:\WINDOWS\System32\drivers\IPMIDrv.sys
18:19:41.0888 0x1480  IPMIDRV - ok
18:19:41.0904 0x1480  [ B7342B3C58E91107F6E946A93D9D4EFD, D5DA3C02C5C5A343785745EF6983CC9B5FBD3FB8D49FE9B450523E50212D1A32 ] IPNAT           C:\WINDOWS\system32\drivers\ipnat.sys
18:19:41.0904 0x1480  IPNAT - ok
18:19:41.0919 0x1480  [ AE44C526AB5F8A487D941CEB57B10C97, A783A2EAF7A6FF450FB3F189A5930036FA60D125C42171AC44B6FE2E3DBD6F7A ] IRENUM          C:\WINDOWS\system32\drivers\irenum.sys
18:19:41.0919 0x1480  IRENUM - ok
18:19:41.0935 0x1480  [ 8AFEEA3955AA43616A60F133B1D25F21, E99359A4F1D653790133F145CF7C9F97399FD75C5E135AA7E5F989BB660789AF ] isapnp          C:\WINDOWS\system32\drivers\isapnp.sys
18:19:41.0935 0x1480  isapnp - ok
18:19:41.0982 0x1480  [ C378ED678D1316721A40E1F60FB76184, 972900D99BBC02BA3FD664DAE36EFF7D25286912C7DDFD443C8CB37D997D304F ] iScsiPrt        C:\WINDOWS\System32\drivers\msiscsi.sys
18:19:41.0982 0x1480  iScsiPrt - ok
18:19:42.0029 0x1480  [ 3C4002D339491AF73D663FFC7F6E5ECB, 0B53047989BDB781572253BC3AA757912FE54366870C1955E687972CE210C285 ] jhi_service     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
18:19:42.0029 0x1480  jhi_service - ok
18:19:42.0044 0x1480  [ 5917AFE4A3F695A54B99C1849C8207FE, DD57638966F2F0387DCF9DA4BBAEE3CDD8CC6F1A2D49581A0374D46A565BED4F ] kbdclass        C:\WINDOWS\System32\drivers\kbdclass.sys
18:19:42.0065 0x1480  kbdclass - ok
18:19:42.0069 0x1480  [ 8CD840A062F6BDF41DDE3ACB96164B72, AEAE867F3557C1CE6B931E19D7144A3BD3CBABD81B1542667680D54FC24DEBE1 ] kbdhid          C:\WINDOWS\System32\drivers\kbdhid.sys
18:19:42.0077 0x1480  kbdhid - ok
18:19:42.0086 0x1480  [ 813871C7D402A05F2E3A7075F9584A05, FF0C2F87EB083F8CE74C679D80C845CDFBFBBC70BE818F899F3336BBB54A3FFB ] kdnic           C:\WINDOWS\system32\DRIVERS\kdnic.sys
18:19:42.0093 0x1480  kdnic - ok
18:19:42.0093 0x1480  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] KeyIso          C:\WINDOWS\system32\lsass.exe
18:19:42.0109 0x1480  KeyIso - ok
18:19:42.0124 0x1480  [ 304DA394D958BC3B62AF6DF514005B01, 8D17777C82F034E800181E82D30FCED800CBC46CD659AE2E0D972CA1381BD4C2 ] KSecDD          C:\WINDOWS\system32\Drivers\ksecdd.sys
18:19:42.0140 0x1480  KSecDD - ok
18:19:42.0155 0x1480  [ 3D4AE520CD6F6FFE549DD195C1F515BE, 2AD3E07F504CE50956C391FD4633D20B354A854C940B3563A67B79BB6E40218F ] KSecPkg         C:\WINDOWS\system32\Drivers\ksecpkg.sys
18:19:42.0180 0x1480  KSecPkg - ok
18:19:42.0192 0x1480  [ 11AFB527AA370B1DAFD5C36F35F6D45F, 757AD234284467ADB826F7CA0251F58D48866B91995BC867DEA4BAF676947163 ] ksthunk         C:\WINDOWS\system32\drivers\ksthunk.sys
18:19:42.0201 0x1480  ksthunk - ok
18:19:42.0235 0x1480  [ C1591A66028C71147A3E2EAB0B1CCB7E, 82F3D5DCC1614398A144D9791E4BAA814DBA9112677341FD57D5E9834CEDEB41 ] KtmRm           C:\WINDOWS\system32\msdtckrm.dll
18:19:42.0235 0x1480  KtmRm - ok
18:19:42.0267 0x1480  [ B75ADC97905F43C7C946F1465A8697BD, AF50E3F5DBF222DB095B40FD4896650B5F8DD47153CB9A1ADE54D17FCE85C529 ] LanmanServer    C:\WINDOWS\system32\srvsvc.dll
18:19:42.0267 0x1480  LanmanServer - ok
18:19:42.0309 0x1480  [ 3DBD9100745F9B8506B8FEC6FE6CCDE3, C3EF2856A1680AFDE133887E48946CF9CAB6755C3BDC07F0326965DCD4096F62 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
18:19:42.0323 0x1480  LanmanWorkstation - ok
18:19:42.0355 0x1480  [ 8B9F3796EC1762CF255BDB324E5529C8, F73D6BEF19BE20AEB18DA82CB63E9D8B50ACBBE4ED9B646EF0C9F598F6B81F94 ] lfsvc           C:\WINDOWS\System32\GeofenceMonitorService.dll
18:19:42.0371 0x1480  lfsvc - ok
18:19:42.0391 0x1480  [ 156AB2E56DC3CA0B582E3362E07CDED7, 7B03929273861690DC42E4C686E655BE5A1C60136AE5E739D7E62306AFD4AB9A ] lirsgt          C:\WINDOWS\system32\DRIVERS\lirsgt.sys
18:19:42.0396 0x1480  lirsgt - ok
18:19:42.0405 0x1480  [ C09010B3680860131631F53E8FE7BAD8, 35F2A06D5F29478D22ABDCC20DA893EF9D96504C65594A0CEA674D1C21B04FF8 ] lltdio          C:\WINDOWS\system32\DRIVERS\lltdio.sys
18:19:42.0413 0x1480  lltdio - ok
18:19:42.0429 0x1480  [ DAE98CC96C5EE308BF4EA7B18F226CB8, 7A6CC56BF075010707715AB6608764291E358EDF27C806A025532869004C686B ] lltdsvc         C:\WINDOWS\System32\lltdsvc.dll
18:19:42.0445 0x1480  lltdsvc - ok
18:19:42.0460 0x1480  [ 1E2662D847B7D9995C65D90D254A7E0F, AFD4063D2071FFCB6B0EAC0715276D986F42326919C86E525DCE12E1109A93E2 ] lmhosts         C:\WINDOWS\System32\lmhsvc.dll
18:19:42.0460 0x1480  lmhosts - ok
18:19:42.0476 0x1480  [ 4269D44BB47A6DA5D80B11F4C8536458, 7A8FFC8F851DD9E5C43986BE0888831CB71D188138DF3CF7F787DADDA70915B0 ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
18:19:42.0476 0x1480  LMS - ok
18:19:42.0503 0x1480  [ C755AE4635457AA2A11F79C0DF857ABC, E03D1ACAC155287291FE1BD0B653953ADC94279A74D0152088D698FAA796460F ] LSI_SAS         C:\WINDOWS\system32\drivers\lsi_sas.sys
18:19:42.0512 0x1480  LSI_SAS - ok
18:19:42.0521 0x1480  [ ADAC09CBE7A2040B7F68B5E5C9A75141, 7865DA7E91404F3642BC444B97F6B7AA42B9523D5EDD7F6365DA236B8EC3410F ] LSI_SAS2        C:\WINDOWS\system32\drivers\lsi_sas2.sys
18:19:42.0521 0x1480  LSI_SAS2 - ok
18:19:42.0537 0x1480  [ 04D1274BB9BBCCF12BD12374002AA191, 4B9618F8D25F2278DE1610A70ACAADB074D171D162C3AF27D464F5DC800A8E60 ] LSI_SAS3        C:\WINDOWS\system32\drivers\lsi_sas3.sys
18:19:42.0553 0x1480  LSI_SAS3 - ok
18:19:42.0553 0x1480  [ 327469EEF3833D0C584B7E88A76AEC0C, 3D88B5A2D68F93F01B39C6E3D8D5C7A2A20686EFC756086E66AFFF1BC3019B85 ] LSI_SSS         C:\WINDOWS\system32\drivers\lsi_sss.sys
18:19:42.0573 0x1480  LSI_SSS - ok
18:19:42.0597 0x1480  [ 9A7A7E45DAED2E8C2816716D8D28236A, C94787988826E546A8DC752BD6BE4EA7423DC3762B2D371DB297A63F865A95FF ] LSM             C:\WINDOWS\System32\lsm.dll
18:19:42.0628 0x1480  LSM - ok
18:19:42.0644 0x1480  [ DDEE191AB32DFC22C6465002ECDF5EE4, 190C3930A8449118F9FEDF43C482837EF1C255E6D67F9651156E66A1E2BC6553 ] luafv           C:\WINDOWS\system32\drivers\luafv.sys
18:19:42.0644 0x1480  luafv - ok
18:19:42.0845 0x1480  [ FEAF4E98C93BC3512B8108D2F534A3BA, 6D93EF21DB9BFFACC1241E823F9BB7719B9395D64BBF952874CFF015B7930D92 ] MBAMService     C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
18:19:42.0932 0x1480  MBAMService - ok
18:19:42.0963 0x1480  [ EB5C03A070F30D64A6DF80E53B22F53F, 12051B6AEBDEE1E28F24364F25A52BA3A6E282ECF86D6290E34BD38E6D4E066D ] megasas         C:\WINDOWS\system32\drivers\megasas.sys
18:19:42.0979 0x1480  megasas - ok
18:19:43.0003 0x1480  [ F6F13533196DE7A582D422B0241E4363, B3CD9B08937AFFF12141B38634AF3A56F5AC5FF3EF03941802B9841DEC559469 ] megasr          C:\WINDOWS\system32\drivers\megasr.sys
18:19:43.0034 0x1480  megasr - ok
18:19:43.0066 0x1480  [ 772A1DEEDFDBC244183B5C805D1B7D85, 7D821B8DF1F174E5414FFDEAB5207DB687740E9842F7203600AEBA086945AFC9 ] MEIx64          C:\WINDOWS\System32\drivers\HECIx64.sys
18:19:43.0066 0x1480  MEIx64 - ok
18:19:43.0101 0x1480  [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] MMCSS           C:\WINDOWS\system32\mmcss.dll
18:19:43.0104 0x1480  MMCSS - ok
18:19:43.0120 0x1480  [ 8B38C44F69259987C95135C9627E2378, E698B82D4EFFF56D66C7FC9866369BA5736FDBDBE2028CC421C51E70DEA74727 ] Modem           C:\WINDOWS\system32\drivers\modem.sys
18:19:43.0136 0x1480  Modem - ok
18:19:43.0136 0x1480  [ 601589000CC90F0DF8DA2CC254A3CCC9, D1238A386C41B6C368D9A44B7C112C943995B5403E2A5B4B7346B266DDB0C5A0 ] monitor         C:\WINDOWS\System32\drivers\monitor.sys
18:19:43.0151 0x1480  monitor - ok
18:19:43.0167 0x1480  [ 08374E4E5B8914DE6067CBA99F61E930, CBB1390D6523FC968BEDF78FD13699488621ACB2CD1DF55D1606316090548661 ] mouclass        C:\WINDOWS\System32\drivers\mouclass.sys
18:19:43.0190 0x1480  mouclass - ok
18:19:43.0193 0x1480  [ 5FCBAB60598AE119E02B4C27DE6B99EA, 36F30094F700DE41C293047ACB49ED1961DD927BEDAD8DFDAB7023D4D24CB0DE ] mouhid          C:\WINDOWS\System32\drivers\mouhid.sys
18:19:43.0201 0x1480  mouhid - ok
18:19:43.0225 0x1480  [ E5E8665272EBCD87A0A632314F0D221D, 37FDC4CEB8E5FC39C10DE875676863D090CFEA708AC3A8415114DCDD94BD7A1D ] mountmgr        C:\WINDOWS\system32\drivers\mountmgr.sys
18:19:43.0225 0x1480  mountmgr - ok
18:19:43.0271 0x1480  [ 9483990A1D62927147778E2A1C2F5775, 0721E682853D348227FA6E925CC83FC839D9CCD27DBAD81363C471D9B7155132 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:19:43.0287 0x1480  MozillaMaintenance - ok
18:19:43.0303 0x1480  [ 6FC047578785B0435F4E2660946D1ADC, 8AEA5659F01FC2F75160922C69622502DABA39F33CB90D5178DD679A1CDE617D ] mpsdrv          C:\WINDOWS\system32\drivers\mpsdrv.sys
18:19:43.0318 0x1480  mpsdrv - ok
18:19:43.0341 0x1480  [ D1418745A5472F3930A288E05B9E2C05, 95785F0FA7EE239459C0288DB37E9E54648029FD6FE45A61E6343526D67FFA32 ] MpsSvc          C:\WINDOWS\system32\mpssvc.dll
18:19:43.0372 0x1480  MpsSvc - ok
18:19:43.0390 0x1480  [ 3F818C1518DA702C8F10259095C9BDE0, B98C1A6F9A3C01A10503B2B2C45CC89AFF17B346B15990F4DB4820F68BDC62C8 ] MRxDAV          C:\WINDOWS\system32\drivers\mrxdav.sys
18:19:43.0400 0x1480  MRxDAV - ok
18:19:43.0433 0x1480  [ E2FC654EC895E92A022794329BFC53EC, BDEFF410B8A1D213B652A86DBF53774A3EBD58C32CCB9180712F9F3777307688 ] mrxsmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:19:43.0449 0x1480  mrxsmb - ok
18:19:43.0480 0x1480  [ AFE6DC2E57E876175BA074AD2CB5594F, 004873302BA0BF1B1359A90A5399915BE00A9ED800F60E477A5AE4682C70A708 ] mrxsmb10        C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys
18:19:43.0480 0x1480  mrxsmb10 - ok
18:19:43.0516 0x1480  [ B37B58F9F80A51098C42663D5FA5F2BA, 996E2D8344F0095C136D1670D63A476E6B6F6BBA9DD773EEE5F0FD580562B000 ] mrxsmb20        C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys
18:19:43.0526 0x1480  mrxsmb20 - ok
18:19:43.0535 0x1480  [ F3C060444777A59FC63D920719E43CCD, 8766A2746E3DFB0749E902F458141269335CA6F0CEDCA3D5F8C204637C19E783 ] MsBridge        C:\WINDOWS\system32\DRIVERS\bridge.sys
18:19:43.0536 0x1480  MsBridge - ok
18:19:43.0568 0x1480  [ 915747E010A9414B069173284A9B93F4, 8A335C28FE1EF96DD71485877F2E86155D24B5614ACE05468F4B07E2ACD56331 ] MSDTC           C:\WINDOWS\System32\msdtc.exe
18:19:43.0583 0x1480  MSDTC - ok
18:19:43.0583 0x1480  [ D13329FBF8345B28AB30F44CC247DC08, 9C7EC2D4D65E6510EB5B9E61BB0D14F725D7E8FE98D65161C3971E43EF1AB6EB ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
18:19:43.0599 0x1480  Msfs - ok
18:19:43.0615 0x1480  [ C6B474E46F9E543B875981ED3FFE6ADD, E16687E52FB649C23D92159A1F036CB662202C1E58D961EECDAA528AA4FA669A ] msgpiowin32     C:\WINDOWS\System32\drivers\msgpiowin32.sys
18:19:43.0622 0x1480  msgpiowin32 - ok
18:19:43.0625 0x1480  [ 65C92EB9D08DB5C69F28C7FFD4E84E31, D709BA4723225321F665B1157A33A4AE230420752308EF535DA9A41CAC164628 ] mshidkmdf       C:\WINDOWS\System32\drivers\mshidkmdf.sys
18:19:43.0633 0x1480  mshidkmdf - ok
18:19:43.0639 0x1480  [ 52299F086AC2DAFD100DD5DC4A8614BA, B36BE0FC96798E5EB8C193C318970E3906961E3ABC3BFAAD73138C76D9A95B0B ] mshidumdf       C:\WINDOWS\System32\drivers\mshidumdf.sys
18:19:43.0639 0x1480  mshidumdf - ok
18:19:43.0654 0x1480  [ 36D92AF3343C3A3E57FEF11C449AEA4C, ECC85AA1E530DF55B4A4545798219F87F0FCA66DDD2E37BCEF0850D3C9129DD2 ] msisadrv        C:\WINDOWS\system32\drivers\msisadrv.sys
18:19:43.0670 0x1480  msisadrv - ok
18:19:43.0685 0x1480  [ A06142B3850B06972F1C89748FAA2C02, B1CCC5C8D100FEB384FCC85FED2A77F47DA4C9BA5F6889A130F4D73E30ACAA78 ] MSiSCSI         C:\WINDOWS\system32\iscsiexe.dll
18:19:43.0701 0x1480  MSiSCSI - ok
18:19:43.0701 0x1480  msiserver - ok
18:19:43.0701 0x1480  [ A9BBBD2BAE6142253B9195E949AC2E8D, 599D2952D4E0B0B3E02D91E38A30F4900B1ADA330716B887B156A1CB9A3E6EE9 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:19:43.0721 0x1480  MSKSSRV - ok
18:19:43.0733 0x1480  [ 51B3AC0560848CD6D65AC2033E293113, 73A27E88774C6929328E6C9FC9C389F4DF76D4D4D5CBFC4F51651CC308829628 ] MsLldp          C:\WINDOWS\system32\DRIVERS\mslldp.sys
18:19:43.0741 0x1480  MsLldp - ok
18:19:43.0741 0x1480  [ 7B2128EB875DCBC006E6A913211006D6, 97BBD7FF770741FBFC0F181A609AD0954EA926DA203B742E8F08C89AD8FE476E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:19:43.0756 0x1480  MSPCLOCK - ok
18:19:43.0756 0x1480  [ 1E88171579B218115C7A772F8DE04BD8, B9EAA835D0BF8F9C4DF8403D95EF1400E8AE38F28F9DBA87657DE2129FEF02D2 ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
18:19:43.0772 0x1480  MSPQM - ok
18:19:43.0788 0x1480  [ BBE2A455053E63BECBF42C2F9B21FAE0, 7C5DF563499DF59DF9895A1581E47ADF5FD54C94ECEF6C886CDB60E5E95A6DAE ] MsRPC           C:\WINDOWS\system32\drivers\MsRPC.sys
18:19:43.0788 0x1480  MsRPC - ok
18:19:43.0803 0x1480  [ 8D6B7D515C5CBCDB75B928A0B73C3C5E, 1EB4DC3DD21D2627C78EC3F9931D9E5D033169087E43B5D7C17BF1FF2A0028CD ] mssmbios        C:\WINDOWS\System32\drivers\mssmbios.sys
18:19:43.0822 0x1480  mssmbios - ok
18:19:43.0825 0x1480  [ 115019AE01E0EB9C048530D2928AB4A2, 6E2275E85EACF2D0FC784792E0D72A165589D33CBAB3BCFA8E271CA09566C925 ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
18:19:43.0833 0x1480  MSTEE - ok
18:19:43.0843 0x1480  [ 96D604A35070360F0DD4A7A8AF410B5E, F94DD1A3566C7C8D0A76D6E1E2530552A9B7F99C5DA0DE11829325EAB9F8B7ED ] MTConfig        C:\WINDOWS\System32\drivers\MTConfig.sys
18:19:43.0844 0x1480  MTConfig - ok
18:19:43.0875 0x1480  [ 438EA7A2D8D4F9B8AFB64748ACA70BA8, AEEB7B657B645C4006C6D5E8D07ECE581DEE7AD22EA1A587C552574990CF091B ] Mup             C:\WINDOWS\system32\Drivers\mup.sys
18:19:43.0875 0x1480  Mup - ok
18:19:43.0891 0x1480  [ B8C35C94DCB2DFEAF03BB42131F2F77F, F0FCF367CA8F722D6ABCF7F363CD406D890D71452E91C3FC6677B47AD74D6324 ] mvumis          C:\WINDOWS\system32\drivers\mvumis.sys
18:19:43.0891 0x1480  mvumis - ok
18:19:43.0945 0x1480  [ 8DF30698BDD9492A9D45A4B94FB4A82A, 26B1B2D7E785E29B8BCB74C467C66AE4EBDD481ACFF36334F3BDF4506B778244 ] napagent        C:\WINDOWS\system32\qagentRT.dll
18:19:43.0961 0x1480  napagent - ok
18:19:43.0977 0x1480  [ BB78990894F14D725EBD301E1945BF0F, 88B2A23F65E6C3A97B5D00E20D5A64C227BB50063C23561713C2AF9525DC3E44 ] NativeWifiP     C:\WINDOWS\system32\DRIVERS\nwifi.sys
18:19:43.0992 0x1480  NativeWifiP - ok
18:19:44.0035 0x1480  [ BFCE1225D10619029E68946929CEB64C, 499F560331FFBA82E3D673B47F027FDAB7BEE4F2CB5B811D69E0218839F6E6A5 ] NcaSvc          C:\WINDOWS\System32\ncasvc.dll
18:19:44.0045 0x1480  NcaSvc - ok
18:19:44.0047 0x1480  [ 267C97373110B7AFD3B46DF60B6CBB85, CEBB99F71D47634BB9C04DF2836DF6B47F15B3073FEFC237F85526DF01E4E38B ] NcbService      C:\WINDOWS\System32\ncbservice.dll
18:19:44.0062 0x1480  NcbService - ok
18:19:44.0078 0x1480  [ 0813B71EAF097208DC76CE0605B48AF0, A93A2E6A8FB77B58AC4D580E6F8BF307A25BADC9493994F9BE235EBFB0E1DB22 ] NcdAutoSetup    C:\WINDOWS\System32\NcdAutoSetup.dll
18:19:44.0094 0x1480  NcdAutoSetup - ok
18:19:44.0143 0x1480  [ FFAA6C6E798FBA448FA7628A1B277F5C, 9E1F2C848A019CE6397F652A21AE43B76149EF95452BB8353249BD9E28D98083 ] NDIS            C:\WINDOWS\system32\drivers\ndis.sys
18:19:44.0164 0x1480  NDIS - ok
18:19:44.0180 0x1480  [ 8CECC8DA55F3274181FD1EA28AD76664, 188112424CEF97FB926A0FB915260B803555A775DD2E1846725A9C8616300F42 ] NdisCap         C:\WINDOWS\system32\DRIVERS\ndiscap.sys
18:19:44.0180 0x1480  NdisCap - ok
18:19:44.0196 0x1480  [ 269882812E9A68FFF1AFE1283D428322, 50B99EBC42DA9B46A8C2C28C9BADCF58AE3079535CDD1227D0F5C86291C715FF ] NdisImPlatform  C:\WINDOWS\system32\DRIVERS\NdisImPlatform.sys
18:19:44.0211 0x1480  NdisImPlatform - ok
18:19:44.0227 0x1480  [ DC1D9F692C2AD84C214584C28501C1F7, 96FC0D1EC48FED963E02648541A2AAC8E72ED00D797EA8E3D0ED02F5EB4816C5 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:19:44.0227 0x1480  NdisTapi - ok
18:19:44.0247 0x1480  [ B832B35055BA2B7B4181861FF94D8E59, 2E60E5D503E88D27E35ECFEE265D51328E93A9C7B9B931F86D9CBC947636BB00 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:19:44.0250 0x1480  Ndisuio - ok
18:19:44.0250 0x1480  [ 1F58E48EF75F34C35D8E93A0DC535CFE, D65619A6C4B1747F8B05DA08A44EF0E46B5CC384880E04E4755A2BA6CDB3C4EA ] NdisVirtualBus  C:\WINDOWS\System32\drivers\NdisVirtualBus.sys
18:19:44.0266 0x1480  NdisVirtualBus - ok
18:19:44.0282 0x1480  [ C3755FCF9A0B5C6FE8ED9E873B85D3CE, 4D3DAFAFA5FB2930522D6DA536E3A731BABE0C24613C190D2330DB415D1A6515 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:19:44.0282 0x1480  NdisWan - ok
18:19:44.0297 0x1480  [ C3755FCF9A0B5C6FE8ED9E873B85D3CE, 4D3DAFAFA5FB2930522D6DA536E3A731BABE0C24613C190D2330DB415D1A6515 ] NdisWanLegacy   C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:19:44.0297 0x1480  NdisWanLegacy - ok
18:19:44.0313 0x1480  [ 0BBE2FA30BAD58C9ADC01E4F84A3D2A1, 913AEC8A5F735C2EFDCB417E4077AB5A15457C601E6E88A1F4FA52C91E6E0BBF ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
18:19:44.0360 0x1480  NDProxy - ok
18:19:44.0376 0x1480  [ 3083926D1CC5B56EA0786527B557DD1B, 3C3F0CA0D43398576DBE8F677B353ADDA7E8F56829874958CE668E31261C1590 ] Ndu             C:\WINDOWS\system32\drivers\Ndu.sys
18:19:44.0391 0x1480  Ndu - ok
18:19:44.0407 0x1480  [ 42FF4975D032CAE558AE4BB8448F6E5A, 0B8FACF3382443DED79A8004A6AA14C32471A6A1C6BAA543AA9F3FEC52620A6D ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
18:19:44.0422 0x1480  NetBIOS - ok
18:19:44.0455 0x1480  [ 0FE750800DEEE91D22399D081371BA79, 7E1E01A5D5BAE68F975070D1676BD830ADF010E42A8046D4074D17B710230CD9 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
18:19:44.0461 0x1480  NetBT - ok
18:19:44.0461 0x1480  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] Netlogon        C:\WINDOWS\system32\lsass.exe
18:19:44.0477 0x1480  Netlogon - ok
18:19:44.0508 0x1480  [ 8F074B62E66B6117D9598C62A12069C5, 5FDB19045D3E2F6D0F0C5158AC2ECB0D5404CD2AF7A319755D7E3753CA3B7CF3 ] Netman          C:\WINDOWS\System32\netman.dll
18:19:44.0524 0x1480  Netman - ok
18:19:44.0548 0x1480  [ 4A04B1CD5BFB4A978C5F60E86D6C3E45, A946922C1C38ADD3CF9D3B09DDCC301AE4DAC960A081B2F42B32BE1E7095B3FD ] netprofm        C:\WINDOWS\System32\netprofmsvc.dll
18:19:44.0563 0x1480  netprofm - ok
18:19:44.0594 0x1480  [ 10D5997E2F5F16FE3BC3BD1A4BF31EA8, 0DDC4855C00A581A35AB2A11D2AAACC844C460F13F524DD9B92B8F00C31173A7 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:19:44.0610 0x1480  NetTcpPortSharing - ok
18:19:44.0650 0x1480  [ D4DCE03870314D3354F3501F9DDD4123, 5BFE8299B3F72B8C39A4965365CBF5BA151024451F02DD872FAD1CC35CF94CEA ] netvsc          C:\WINDOWS\System32\drivers\netvsc63.sys
18:19:44.0665 0x1480  netvsc - ok
18:19:44.0697 0x1480  [ E94EB2A95D7D016E119C4D6868788831, 3E4A925D23262FBA0A6432DD635FBE94B0CEF76BD9BB323254B66977497FEE2A ] NlaSvc          C:\WINDOWS\System32\nlasvc.dll
18:19:44.0712 0x1480  NlaSvc - ok
18:19:44.0728 0x1480  [ 8F44A2F57C9F1A19AC9C6288C10FB351, 310274DDBAC0FE4BE54ECD3B90C97D82A0F9F5CFCA7A35711A36164DE4B94074 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
18:19:44.0747 0x1480  Npfs - ok
18:19:44.0764 0x1480  [ CBDB4F0871C88DF930FC0E8588CA67FC, 7E4AA3EA81A9D532F236FD7896744F07ED07CA9B37A9F18A9778BCCCC67490F2 ] npsvctrig       C:\WINDOWS\System32\drivers\npsvctrig.sys
18:19:44.0767 0x1480  npsvctrig - ok
18:19:44.0767 0x1480  [ 0F12A72A753CFD7FB0631EE8D08FE983, 860A96471F6CD90DDA9AB3A48E95CEAD826C87D2FA98A00EF91B61C44A4C8B82 ] nsi             C:\WINDOWS\system32\nsisvc.dll
18:19:44.0783 0x1480  nsi - ok
18:19:44.0783 0x1480  [ 018510D88536798852DAE12F9BA6E138, C0D89C36F8737FD139CEA80BED65D1DB4248E667804645FF71C39BA92FEC4109 ] nsiproxy        C:\WINDOWS\system32\drivers\nsiproxy.sys
18:19:44.0799 0x1480  nsiproxy - ok
18:19:44.0865 0x1480  [ E3D85D09B28ABA9DE3F9300BE3E7C9F6, 4E4724DF63CDB8FF63FF3FE1A8AC5663B6609F1C8B591374053C6237F103EAB0 ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
18:19:44.0901 0x1480  Ntfs - ok
18:19:44.0917 0x1480  [ EF1B290FC9F0E47CC0B537292BEE5904, DBC07BBC54EBC2D2E576B23A4CE116B3DA988577AD0D96CB7289A6748A60F9EA ] Null            C:\WINDOWS\system32\drivers\Null.sys
18:19:44.0917 0x1480  Null - ok
18:19:44.0933 0x1480  [ BC6B5942AFF25EBAF62DE43C3807EDF8, CB0FA194084B8C309039D571B5760FDA800E9531B8660C499B4F9977BA5C36D5 ] nvraid          C:\WINDOWS\system32\drivers\nvraid.sys
18:19:44.0948 0x1480  nvraid - ok
18:19:44.0964 0x1480  [ 1F43ABFFAC3D6CA356851D517392966E, 6FD7621F67BA94B0E1D8F43BEC2951DBCDEEA1E848BB265AC169E27C01DA68F2 ] nvstor          C:\WINDOWS\system32\drivers\nvstor.sys
18:19:44.0964 0x1480  nvstor - ok
18:19:44.0979 0x1480  [ 6934A936A7369DFE37B7DBA93F5E5E49, 0900FEEB0CE8D09F0FC60630B5B986034A8BCD3882ED66E47170810C32492892 ] nv_agp          C:\WINDOWS\system32\drivers\nv_agp.sys
18:19:44.0979 0x1480  nv_agp - ok
18:19:45.0026 0x1480  [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] p2pimsvc        C:\WINDOWS\system32\pnrpsvc.dll
18:19:45.0026 0x1480  p2pimsvc - ok
18:19:45.0058 0x1480  [ FD8F61F0D1F64BBB3D835F39A3F979C9, E5C5F86576488EA7F605E26C06EE5AFB36506A446F60C894D55E0A148BF7F02D ] p2psvc          C:\WINDOWS\system32\p2psvc.dll
18:19:45.0073 0x1480  p2psvc - ok
18:19:45.0089 0x1480  [ 57DCE4FB0467986AE78E1C6FC5240D32, F7F3ADD1B48E4D6BB0A664A2FE556F71ED7453054B4FB667A29BE050C845045B ] Parport         C:\WINDOWS\System32\drivers\parport.sys
18:19:45.0104 0x1480  Parport - ok
18:19:45.0120 0x1480  [ BAFF6122CFC9F95CA175AD8C348179A4, 079A912D951DF6A57BC1BDB0D182977EE9592751EC9DDCDA2932BDEDB333850C ] partmgr         C:\WINDOWS\system32\drivers\partmgr.sys
18:19:45.0120 0x1480  partmgr - ok
18:19:45.0151 0x1480  [ 0A2DF1055FEEA30DFF73DAC0DA45FDE4, 497B2AE591ABBCFA8FC571D9C1D750006212F2D2DDF12F5A9E7FFA811CD707A3 ] PcaSvc          C:\WINDOWS\System32\pcasvc.dll
18:19:45.0167 0x1480  PcaSvc - ok
18:19:45.0183 0x1480  [ 91ED124E261EA8FAA1C0FFDF2A71B0C4, 20E41A38067395D03184938983A9BE459717A1941352972DBC28D83D542319EC ] pci             C:\WINDOWS\system32\drivers\pci.sys
18:19:45.0198 0x1480  pci - ok
18:19:45.0214 0x1480  [ 346E38FCC6859A727DD28AFAD1F0AFF4, FF3DA26F79B3BC3A5B8A8AA0B9139B9EF70297F4EA1203B1E68FB5A212C3AA58 ] pciide          C:\WINDOWS\system32\drivers\pciide.sys
18:19:45.0214 0x1480  pciide - ok
18:19:45.0214 0x1480  [ 4D3BDCC1C7B40C9D7B6AD990E6DEC397, 27A7AF2127B699F4579CB77936F38DC102211E26E5E2947DB808756FE06FC98E ] pcmcia          C:\WINDOWS\system32\drivers\pcmcia.sys
18:19:45.0229 0x1480  pcmcia - ok
18:19:45.0229 0x1480  [ BF28771D1436C88BE1D297D3098B0F7D, 5F7630916A76A8CF31289E9C577F522B999C74C39E541CD40E62BD53004BEF74 ] pcw             C:\WINDOWS\system32\drivers\pcw.sys
18:19:45.0245 0x1480  pcw - ok
18:19:45.0261 0x1480  [ E6B3ACBA06BAF48594557FCCBFA66FD2, 44A0FAC6169D9130870456DEFBFFE563FCCC4AD7A9754B455D5A1C1A77F0699D ] pdc             C:\WINDOWS\system32\drivers\pdc.sys
18:19:45.0276 0x1480  pdc - ok
18:19:45.0292 0x1480  [ 0ECEE590F2E2EF969FB74A6FC583A1E6, 1C611D9225C863CF32125F684B324C58BDE1942F4F283F5674133200AC505D44 ] PEAUTH          C:\WINDOWS\system32\drivers\peauth.sys
18:19:45.0323 0x1480  PEAUTH - ok
18:19:45.0386 0x1480  [ 8E3C640FFF5A963F570233AE99C0FFF3, 3DE978B005BF2E88BA858CE37D9E27BD3584642B8412E22C300A1E739743838A ] PerfHost        C:\WINDOWS\SysWow64\perfhost.exe
18:19:45.0386 0x1480  PerfHost - ok
18:19:45.0444 0x1480  [ 70B39E7241F750A248798CE82C44596D, 54A72199EB277EE586611DCBC21654786FD2196F91D5884C4F531297893CC3EC ] pla             C:\WINDOWS\system32\pla.dll
18:19:45.0475 0x1480  pla - ok
18:19:45.0490 0x1480  [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] PlugPlay        C:\WINDOWS\system32\umpnpmgr.dll
18:19:45.0511 0x1480  PlugPlay - ok
18:19:45.0518 0x1480  [ 4570F8A37D221660F3A09D6F4DD4BA94, 0EA190CFFA53DF9CCA2D53A4EF1BCB837BA3F2489A3AC5BD11F6D6ED811D118E ] PNRPAutoReg     C:\WINDOWS\system32\pnrpauto.dll
18:19:45.0523 0x1480  PNRPAutoReg - ok
18:19:45.0523 0x1480  [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] PNRPsvc         C:\WINDOWS\system32\pnrpsvc.dll
18:19:45.0539 0x1480  PNRPsvc - ok
18:19:45.0570 0x1480  [ 0FF8507A8B901B904E98EB36B9E347EE, FE4A9A6159A8490F3155D166656748722EFDEDCDC447C09155A5AD6D9F5D294D ] PolicyAgent     C:\WINDOWS\System32\ipsecsvc.dll
18:19:45.0586 0x1480  PolicyAgent - ok
18:19:45.0602 0x1480  [ C8DD82C3035E60D671B8CC5DF128D3A9, 6AABF632CBEDA9A7B553BC9134FF100CB6FDC88000D499D2883408FCEDD97576 ] Power           C:\WINDOWS\system32\umpo.dll
18:19:45.0602 0x1480  Power - ok
18:19:45.0622 0x1480  [ E075CC071022BD4E9BE7C024717C0E0A, BE65A8C1082AE8DF8C37CA06B2BCC521478AC153EA7388B03F7FAE3913920E75 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:19:45.0638 0x1480  PptpMiniport - ok
18:19:45.0754 0x1480  [ F6EA63145C20A23732AD2CA1EBA65FA1, 0DD1164D37C1500258E9CCCE458778A3DA196D9A65919B2672E3C88383068F52 ] PrintNotify     C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
18:19:45.0801 0x1480  PrintNotify - ok
18:19:45.0816 0x1480  [ ECD373F9571C745894367CC2635EA44F, E08B2A1017DAE1BF10B986DAFAD14BDE20D79703E0EF3A8C700A3753908C1392 ] Processor       C:\WINDOWS\System32\drivers\processr.sys
18:19:45.0832 0x1480  Processor - ok
18:19:45.0863 0x1480  [ 6E409D818C6B342544EAE741B1422B85, B4ADFB7809FC42C432C984C3AC13FAFD1B7AD53BCC7FB16E86371DE4C829DD1A ] ProfSvc         C:\WINDOWS\system32\profsvc.dll
18:19:45.0879 0x1480  ProfSvc - ok
18:19:45.0894 0x1480  [ FC0141B4A5AD6D637D883C1A89FC45C5, DCE8942C02EEDAE7A57707CA60CAC3A8CD6BA68E6571E405CA882D4DD6D69E43 ] Psched          C:\WINDOWS\system32\DRIVERS\pacer.sys
18:19:45.0894 0x1480  Psched - ok
18:19:45.0910 0x1480  [ DAA9DEE0A5D5F238C4EE54C2C7FB67C5, 7EC8C603BD92699AC35BDCD294F13BEE90D5C2C195FD93A3F16928BFCF53CA93 ] QWAVE           C:\WINDOWS\system32\qwave.dll
18:19:45.0926 0x1480  QWAVE - ok
18:19:45.0941 0x1480  [ 83868EB2924E6BC21A54337C65D614D1, 8D1BE01EBD190231153B867C32120DC8FBFBD32050448A778134D435D76A0B07 ] QWAVEdrv        C:\WINDOWS\system32\drivers\qwavedrv.sys
18:19:45.0941 0x1480  QWAVEdrv - ok
18:19:45.0973 0x1480  [ B337B1F1E82A83E20A1743E008E25C0F, A2E8AF041B4CAB78AEE28A2147A189FF0F9D2FCEFB167D60FBBA0A787A5A5BE7 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:19:45.0973 0x1480  RasAcd - ok
18:19:45.0988 0x1480  [ D5ECE7E7F349EB3C4B152AFF3577280D, 3A5D3E440D1ED72D654BBFE30A73667F055C0AD04375C22C202F21BF75B612B2 ] RasAgileVpn     C:\WINDOWS\system32\DRIVERS\AgileVpn.sys
18:19:46.0004 0x1480  RasAgileVpn - ok
18:19:46.0019 0x1480  [ 044638489B4A5FE5334F46C5314A0826, E06CC2A9EF369794DAD69FBB5AFD1676D4283DDAB2AD5E3EFE454C473F62F955 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
18:19:46.0019 0x1480  RasAuto - ok
18:19:46.0035 0x1480  [ 235624C147E3CB4C288D5D3D8E8D64A2, B3F182019DBAD9C761FE9F62EAED34AD5902B41A13A766D814FC3E2EA29D8D92 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:19:46.0051 0x1480  Rasl2tp - ok
18:19:46.0082 0x1480  [ 0A655DD285E4E1E2975CEAB8FDE75295, 023B73A71CB48578702548F8F1096BDF72BE09D836F2D324DDA869E4F0354133 ] RasMan          C:\WINDOWS\System32\rasmans.dll
18:19:46.0098 0x1480  RasMan - ok
18:19:46.0113 0x1480  [ 5247F308C4103CDC4FE12AE1D235800A, E567CD33CA1897D53795E071B7AFBAF98B2C8F725F8BED0BA90F5EF611520E48 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:19:46.0113 0x1480  RasPppoe - ok
18:19:46.0129 0x1480  [ 41F631007A158FEBB67F0E2AD1601BBA, EB5EA7277F4178BC27E55BF850AEBCD84B6BED80B2383CFB29548824AAFED135 ] RasSstp         C:\WINDOWS\system32\DRIVERS\rassstp.sys
18:19:46.0144 0x1480  RasSstp - ok
18:19:46.0160 0x1480  [ D67ED4AB59D1EF66B05AD1A81AC28B26, 72E750A9A6B484D8BEDE52FA6DABEF4D95765DE491152E1F6C856D0590B50C28 ] rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:19:46.0176 0x1480  rdbss - ok
18:19:46.0191 0x1480  [ 6B21EBF892CD8CACB71669B35AB5DE32, 0AD8E14FEF16FB2559F5FC8AFBC9D49E4E24F43CF65F480DBF9FAB593269B419 ] rdpbus          C:\WINDOWS\System32\drivers\rdpbus.sys
18:19:46.0191 0x1480  rdpbus - ok
18:19:46.0223 0x1480  [ 680C1DAE268B6FB67FA21B389A8B79EF, 856911F77BDD8830C3D683EBE8AF399FB3A54C7D8D0B34EA37D903377F0A39BD ] RDPDR           C:\WINDOWS\system32\drivers\rdpdr.sys
18:19:46.0238 0x1480  RDPDR - ok
18:19:46.0254 0x1480  [ BC8A79C625568DDB7DCA49D0C2741A64, AB0A7ED9EC2282EC0356D27EA4F70515943E41C2112428B787636B8BEC278933 ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys
18:19:46.0269 0x1480  RdpVideoMiniport - ok
18:19:46.0285 0x1480  [ A26AEC49F318FEE141DDDB2C5F99B3E6, 246AD79FF27E79DEDCB0AAA7C22A8EA6349DEDAC863413A1E378E68FD94C9C4F ] rdyboost        C:\WINDOWS\system32\drivers\rdyboost.sys
18:19:46.0301 0x1480  rdyboost - ok
18:19:46.0348 0x1480  [ 2D39BCFA4DD1081B8F282B623456B858, DD8C433B66B6661F4DBD1784CBD334441B508BE84932DD443F7AD51CEA192BA9 ] ReFS            C:\WINDOWS\system32\drivers\ReFS.sys
18:19:46.0379 0x1480  ReFS - ok
18:19:46.0394 0x1480  [ DF78648AC3C8DC9D70E6714AF785382F, 56E104939ED0AB5B26AE07BAB1BBB7D15828DBD3A2AD35361423D7ADDA4BA551 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
18:19:46.0410 0x1480  RemoteAccess - ok
18:19:46.0410 0x1480  [ AC8785B53F8436058C90450DA1840AE7, CC1FFC2713910211F8A6AD532DBB9253ACD188CBD784F1BE6613DF382825A3C1 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
18:19:46.0426 0x1480  RemoteRegistry - ok
18:19:46.0441 0x1480  [ 65B9FDE300A6DECC03BA44C4616DCAD6, CAD992982733DD20282A3453DC4E554AE1FC077C35479C0CA4E8BC3A9DCD3BB0 ] RpcEptMapper    C:\WINDOWS\System32\RpcEpMap.dll
18:19:46.0441 0x1480  RpcEptMapper - ok
18:19:46.0457 0x1480  [ A737B433ABAF3F2DCB2BD7B4CC582B26, 3B5706B0CF0969A9F82060FD4DCC745F2D83C066B663FE8A4F0F493B64032C9C ] RpcLocator      C:\WINDOWS\system32\locator.exe
18:19:46.0473 0x1480  RpcLocator - ok
18:19:46.0519 0x1480  [ 20CC6E9FE25ACD34BE4FCDDB7B08364D, 295B2BBDC860A4CD65CD09C975D08CA1B8E4FE60AD0CA084CAB149A3E9D64B40 ] RpcSs           C:\WINDOWS\system32\rpcss.dll
18:19:46.0551 0x1480  RpcSs - ok
18:19:46.0566 0x1480  [ 2D05A5508F4685412F2B89E8C2189ABC, 82F12B4E0E73411A121EFD35FBD3B44CBBC0AE96ACFBB45D8C3C3777E2EA320D ] rspndr          C:\WINDOWS\system32\DRIVERS\rspndr.sys
18:19:46.0566 0x1480  rspndr - ok
18:19:46.0607 0x1480  [ 19764658C1468C2C0CEF133D28414A6B, 87AD4056F6C67052433A366B200B75613148B69B9B9D502AD926A7F7F037B8DE ] RTL8168         C:\WINDOWS\system32\DRIVERS\Rt630x64.sys
18:19:46.0623 0x1480  RTL8168 - ok
18:19:46.0623 0x1480  [ 1A063730F221B2746FF00457AE17E4F0, 39A3C258CBFE3BC566C63528C9020A3BC9409736AE5289C08A7BA471D8409263 ] s3cap           C:\WINDOWS\System32\drivers\vms3cap.sys
18:19:46.0639 0x1480  s3cap - ok
18:19:46.0654 0x1480  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] SamSs           C:\WINDOWS\system32\lsass.exe
18:19:46.0654 0x1480  SamSs - ok
18:19:46.0654 0x1480  [ C624A1B32211C3166EDB3F4AB02A30B7, 6B2A4607DB52D74242787ED9DF9067058983D310431D8612D2B0236E6201E681 ] sbp2port        C:\WINDOWS\system32\drivers\sbp2port.sys
18:19:46.0670 0x1480  sbp2port - ok
18:19:46.0686 0x1480  [ 74A3B67F03877D06B09B1B40C5ED582E, A8FF9BF416F0BF365BFB4E1796859825C811A74B5E54DDDCE8345193BEEBE206 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.dll
18:19:46.0702 0x1480  SCardSvr - ok
18:19:46.0725 0x1480  [ 92D2FA1870F4EB4A9BA767DB6E0DEF6F, AB019E17D5F330CBB7F7CAF8CEB01F3F3DBBB181CDE19E4C2354AF51E66C8291 ] ScDeviceEnum    C:\WINDOWS\System32\ScDeviceEnum.dll
18:19:46.0740 0x1480  ScDeviceEnum - ok
18:19:46.0756 0x1480  [ FA7ABD857DEB0FE3C94CC39A4C845E66, ACD551F75E00C4EB9CFDA73B04051D0BF5FF0BA67C716E1989A21683D8777A41 ] scfilter        C:\WINDOWS\system32\DRIVERS\scfilter.sys
18:19:46.0772 0x1480  scfilter - ok
18:19:46.0827 0x1480  [ 3151A020E03DDE31AAC49F35C5EFB4DB, 5ABB1103009979F86C862357E28F37C2744979F2C99F7CF6ABB4EB1B8416B3F6 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
18:19:46.0859 0x1480  Schedule - ok
18:19:46.0908 0x1480  [ ACFDC4EE40EC6E4A0AB91D923B8288C8, D31555AB31F504C247049219BE0ECDF26BB18E210BE7C45E8575FD166FD7EE23 ] SCPolicySvc     C:\WINDOWS\System32\certprop.dll
18:19:46.0914 0x1480  SCPolicySvc - ok
18:19:46.0946 0x1480  [ C54B6B2170BF628FD42F799A66956D75, BCF460A124CAA6F1F1A9A7BCBDCC2D5E39B0404D96B7C9FFAC806E041782B91E ] sdbus           C:\WINDOWS\System32\drivers\sdbus.sys
18:19:46.0961 0x1480  sdbus - ok
18:19:46.0992 0x1480  [ 0B1E929D11A8E358106955603FAC65E8, A5EC91BFC0873EC6AB1D0DB4E91654BD35339BD680E7E82DA2DC64996B4AE515 ] sdstor          C:\WINDOWS\System32\drivers\sdstor.sys
18:19:47.0008 0x1480  sdstor - ok
18:19:47.0016 0x1480  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\WINDOWS\system32\drivers\secdrv.sys
18:19:47.0017 0x1480  secdrv - ok
18:19:47.0048 0x1480  [ 6627154693B6C2B8A59727F5B38728E8, F08251EE3436400295F120D48F3763E6F11BBF4132D674AD3E8112B6B3538455 ] seclogon        C:\WINDOWS\system32\seclogon.dll
18:19:47.0048 0x1480  seclogon - ok
18:19:47.0064 0x1480  [ 81FE9A81EDF8016816C9E91FBFBF7D35, 87FB92A3D15F312F0B9C423EF851061A944B013E5668D8C9A441B4DC0EB690AF ] SENS            C:\WINDOWS\System32\sens.dll
18:19:47.0064 0x1480  SENS - ok
18:19:47.0080 0x1480  [ 6E4012AE67F09F867EF620C8D5524C0B, 63933E51F8E413E63481369CE2F9FD224560550FBD3BD2B4573E9F4AD88708A2 ] SensrSvc        C:\WINDOWS\system32\sensrsvc.dll
18:19:47.0095 0x1480  SensrSvc - ok
18:19:47.0115 0x1480  [ DB2FF24CE0BDD15FE75870AFE312BA89, 7DB0D978C92CD0A0A81F7AB46FE323B4929CEA01585B0F330921E6DFA7DE1B85 ] SerCx           C:\WINDOWS\system32\drivers\SerCx.sys
18:19:47.0119 0x1480  SerCx - ok
18:19:47.0134 0x1480  [ 0044B31F93946D5D41982314381FE431, 95B8A94BA9EF770F29ACD5B23D447EC2B6CF1CB3D0030343BA1550AC31F6E2A5 ] SerCx2          C:\WINDOWS\system32\drivers\SerCx2.sys
18:19:47.0134 0x1480  SerCx2 - ok
18:19:47.0150 0x1480  [ 1F0135949A6AD6025F363F80FE268251, DB2D503863143F2251E589F7B0B3E9FBF997D7333D54C55856590B5080B5513D ] Serenum         C:\WINDOWS\System32\drivers\serenum.sys
18:19:47.0166 0x1480  Serenum - ok
18:19:47.0166 0x1480  [ 81633C87B42B63BA484A6177179AC750, A22BA40E9EC74E88D8098CBDC954E1D63B832FCB789E3C7B731DE5DA39BEE2CA ] Serial          C:\WINDOWS\System32\drivers\serial.sys
18:19:47.0181 0x1480  Serial - ok
18:19:47.0215 0x1480  [ 148195AE95D9BC7375A08846439FDAC1, 3A2F78FD18AA7A6D659921E19335E943894530874AC5AB5E7219CEF28FA54F7A ] sermouse        C:\WINDOWS\System32\drivers\sermouse.sys
18:19:47.0220 0x1480  sermouse - ok
18:19:47.0252 0x1480  [ 624BB76941938B9F5776DEA56004D33E, D4EE7A23665D71646622D477CA962335B4C17BAC931A728122DF8C112CD5A560 ] SessionEnv      C:\WINDOWS\system32\sessenv.dll
18:19:47.0267 0x1480  SessionEnv - ok
18:19:47.0283 0x1480  [ 472B7A5AC181C050888DB454663DD764, C950A8615D57BFD455E18880398350642B2E1D6B951EC9754FD8D429F3418835 ] sfloppy         C:\WINDOWS\System32\drivers\sfloppy.sys
18:19:47.0283 0x1480  sfloppy - ok
18:19:47.0314 0x1480  [ 8081FF3DAE8159FE8956B09BC29CE983, AC0F305AEE8B1AB2E1275F1D33EC1D2F3E23F234F831BD9D41F415A94A19D3AB ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
18:19:47.0330 0x1480  SharedAccess - ok
18:19:47.0392 0x1480  [ 7FD9A61A3523A61FC135D61D6E160314, 409E1CF7A62FD90CBC31AEAFBB7230B02DBEC6CFCA2D266D221A7643FAEBA13B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
18:19:47.0408 0x1480  ShellHWDetection - ok
18:19:47.0424 0x1480  [ 2F518D13DD6F3053837FE606F1A2EA1F, 64109296CE95BD233525688A350D575CF97B9464659AA07CF78B307B6ADBC835 ] SiSRaid2        C:\WINDOWS\system32\drivers\SiSRaid2.sys
18:19:47.0424 0x1480  SiSRaid2 - ok
18:19:47.0439 0x1480  [ 1AC9A200A9C49C4508F04AAFFCA34A3F, 972BCB2A39169155F74111FAC74ACCD8F50E34EADCF087833B0980827627BBF4 ] SiSRaid4        C:\WINDOWS\system32\drivers\sisraid4.sys
18:19:47.0439 0x1480  SiSRaid4 - ok
18:19:47.0470 0x1480  [ 3C84DCCE5B322F745A75CA8BA3A0F6B3, 1FB94A8A1C63D6FDB82E28ED5B696B3CB1F64183A89A3B5153B266C292CB7815 ] smphost         C:\WINDOWS\System32\smphost.dll
18:19:47.0486 0x1480  smphost - ok
18:19:47.0502 0x1480  [ 961507DB02D7AC0B7A7828D457143B8E, F423BE6287C65960A955EBB3BFBAC047313BEB2F54920A6E57E51FCCE855F5E0 ] SNMPTRAP        C:\WINDOWS\System32\snmptrap.exe
18:19:47.0517 0x1480  SNMPTRAP - ok
18:19:47.0549 0x1480  [ F6AF6499C3788105EA7AF1DA27769A77, F847789B0AD498CC9C985F334F7BA0906ACB41FB356CC2EF2A00C62C75D94A79 ] spaceport       C:\WINDOWS\system32\drivers\spaceport.sys
18:19:47.0580 0x1480  spaceport - ok
18:19:47.0580 0x1480  [ F337BE11071818FC3F5DC2940B6BDE34, D5CFF00E5DF37045F71AEE101AC9B270EBB29F372F404757B58600E9966C7E4D ] SpbCx           C:\WINDOWS\system32\drivers\SpbCx.sys
18:19:47.0594 0x1480  SpbCx - ok
18:19:47.0631 0x1480  [ 2E3976C857D7230EC8D2B2276E688255, C0A6A84369CB3E709A6FFEBED2B38AB62D731B79D052D6D6FA8EF855BC428778 ] Spooler         C:\WINDOWS\System32\spoolsv.exe
18:19:47.0653 0x1480  Spooler - ok
18:19:47.0791 0x1480  [ F264662C057A54AA2DE41B3C7551712F, 2C123C6ACD967CDF1AD2855187CF3D8357B16A4FD9C2F18AE54CFA384165FA11 ] sppsvc          C:\WINDOWS\system32\sppsvc.exe
18:19:47.0928 0x1480  sppsvc - ok
18:19:47.0962 0x1480  [ 3D0CA97EA01210E0BC032EB6FDCCF03D, 2FA90A54B77E7F6C08873CB72E20AFED30862270D7DA23D0480E72AC1077CD7E ] srv             C:\WINDOWS\system32\DRIVERS\srv.sys
18:19:47.0977 0x1480  srv - ok
18:19:48.0013 0x1480  [ FD4A645C5BA587257A97D7AC46212F4A, 93D028A6917D8E02EDEEF63DCAC4137DCC0AD27586A478656174ECBF03127120 ] srv2            C:\WINDOWS\system32\DRIVERS\srv2.sys
18:19:48.0045 0x1480  srv2 - ok
18:19:48.0045 0x1480  [ D3EAE998706531157CBEA3F5218435BC, F5BA622BDAE25E0060007A27C9708A6F082AAAD4745852B1197C7A29B1BD286F ] srvnet          C:\WINDOWS\system32\DRIVERS\srvnet.sys
18:19:48.0064 0x1480  srvnet - ok
18:19:48.0080 0x1480  [ D01F015391E27C8CB721008F12002BD0, 928D1A0DE80A374E80BFB4E928C49FB19AAC244B4CBFEBA0EDFFBF7EC5E35135 ] ssdevfactory    C:\WINDOWS\System32\drivers\ssdevfactory.sys
18:19:48.0087 0x1480  ssdevfactory - ok
18:19:48.0099 0x1480  [ CF6C3037839CF78421A94F9060C2886F, CA98C180AE03F5BE8FEFFBA75BD98DEE2AD4FA975E1EF83215C9CD2476946811 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
18:19:48.0099 0x1480  SSDPSRV - ok
18:19:48.0115 0x1480  [ 63221003C50027DE54FB4D22CC824C79, C0107F4B6D7B746C4E58759141EE92399E70A46A3CDDC044CDFFA8F427E455DF ] sshid           C:\WINDOWS\System32\drivers\sshid.sys
18:19:48.0130 0x1480  sshid - ok
18:19:48.0162 0x1480  [ 198A737DBA666F4808D62E9A8277A6B7, 90B6E5E2ACE95D850C913A3A1DA1F966C44955C530004C228FA93B2A536F5C27 ] SstpSvc         C:\WINDOWS\system32\sstpsvc.dll
18:19:48.0162 0x1480  SstpSvc - ok
18:19:48.0240 0x1480  [ 6955A1EE65ED72A263C7F4EDBB8D80ED, 2ACCAA04197D8ABD965DA1937568DD8E775656C6A9970AE5869AA3CF6D76928A ] STacSV          C:\Program Files\IDT\WDM\STacSV64.exe
18:19:48.0255 0x1480  STacSV - detected UnsignedFile.Multi.Generic ( 1 )
18:19:48.0416 0x1480  Detect skipped due to KSN trusted
18:19:48.0417 0x1480  STacSV - ok
18:19:48.0522 0x1480  [ 90E22D7CDE08E07446D238A569BCAB7C, 3D4F413D0B0C9CF28D06E0476F24AC6441C8678DF786D9971B39C91C9F9B8020 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
18:19:48.0552 0x1480  Steam Client Service - ok
18:19:48.0565 0x1480  [ 366DEA74BBA65B362BCCFC6FC2ADFD8B, 4D28122AB9D8DAB724021E6513B4474BD34FCEDF47769B1D27AC7551FCA002F8 ] stexstor        C:\WINDOWS\system32\drivers\stexstor.sys
18:19:48.0572 0x1480  stexstor - ok
18:19:48.0607 0x1480  [ 1F509093A44E75A4649A541613531D94, 922A378D3AE98400A646D74106C44E12E14B6D74F690284991D2A7068B916FB7 ] STHDA           C:\WINDOWS\system32\DRIVERS\stwrt64.sys
18:19:48.0625 0x1480  STHDA - ok
18:19:48.0646 0x1480  [ 63E9CE568CF1192771A5F0460DE7D2B9, C27B21FD2C14AD41A59EF62EB8AC95C08EB13CCB1CEECD8378B8CDD4DC352E69 ] stisvc          C:\WINDOWS\System32\wiaservc.dll
18:19:48.0655 0x1480  stisvc - ok
18:19:48.0671 0x1480  [ 0ED2E318ABB68C1A35A8B8038BDB4C90, 5C3ABC245F4BCFE64E646D9C0E2F5E211244956C84D03084C71FF6A7E0CDED30 ] storahci        C:\WINDOWS\system32\drivers\storahci.sys
18:19:48.0671 0x1480  storahci - ok
18:19:48.0687 0x1480  [ 8B9486B64E5FC17FB9CC04CA10B77A34, C1EAC9D27DC83E4C56B890D97988C3CCFAE3877309610601F2E3FFFE97686D43 ] storflt         C:\WINDOWS\system32\drivers\vmstorfl.sys
18:19:48.0687 0x1480  storflt - ok
18:19:48.0718 0x1480  [ 1D5A045F59D216448FCDE3A8D69970E2, CEDEB0843D93339D10FE4BC209CCFCB6E12C6064FD62694DA7675082E8B8C915 ] stornvme        C:\WINDOWS\system32\drivers\stornvme.sys
18:19:48.0718 0x1480  stornvme - ok
18:19:48.0735 0x1480  [ A45F5AC9D8069D0EC66E3CA73103073B, 996788F1C58E016E8E5CF3FD1D220A3C40AFFD6C21361A34636415DB12E0D381 ] StorSvc         C:\WINDOWS\system32\storsvc.dll
18:19:48.0744 0x1480  StorSvc - ok
18:19:48.0751 0x1480  [ 548759755BC73DAD663250239D7E0B9F, D31A05A8CE800B539420B6E545F1F4BF6E4B02EAF8366DE89CAF13A83C6CA48D ] storvsc         C:\WINDOWS\system32\drivers\storvsc.sys
18:19:48.0759 0x1480  storvsc - ok
18:19:48.0773 0x1480  [ E395BE02F80A79A6CF973BA38DBB8135, 4C6F85B0EB8E7725BA720F9742561D229726C0D7C17505D1E79F19A5626F6325 ] svsvc           C:\WINDOWS\system32\svsvc.dll
18:19:48.0781 0x1480  svsvc - ok
18:19:48.0794 0x1480  [ 65454187E0F8B6C0DCECB0287D06EC43, 87550000CF5B3C1DF3E69633934AFE8554AE40B6638F190D3185AD63F1D7A2EE ] swenum          C:\WINDOWS\System32\drivers\swenum.sys
18:19:48.0801 0x1480  swenum - ok
18:19:48.0820 0x1480  [ 1C71D72D4997A284128FBEE770726330, 21682BDE74A1108FED1124FB1EA35A03CBFA94ABE1B89CC0FADB4DD82596C43E ] swprv           C:\WINDOWS\System32\swprv.dll
18:19:48.0841 0x1480  swprv - ok
18:19:48.0884 0x1480  [ 7E85DB0463AD2403AE84AD162B162279, 996C42ECAFC6E24C623068AFAFCC0A2612526333AF9315F7536C6D40C2570632 ] SysMain         C:\WINDOWS\system32\sysmain.dll
18:19:48.0913 0x1480  SysMain - ok
18:19:48.0942 0x1480  [ D73DBBB96CEE90C2856164AAD8543425, D11ADB5D4C5DD355314CA656D375D0062CAE7462E866F94F1B26D5803F65DCB2 ] SystemEventsBroker C:\WINDOWS\System32\SystemEventsBrokerServer.dll
18:19:48.0956 0x1480  SystemEventsBroker - ok
18:19:48.0967 0x1480  [ 54A1F83B166F1062000A0D816CB3B43A, 8A104B2141546984CFB988CC178EB1910F6B42A19CB75A30F4E74D5EE67901EB ] TabletInputService C:\WINDOWS\System32\TabSvc.dll
18:19:48.0978 0x1480  TabletInputService - ok
18:19:48.0994 0x1480  [ 5A5BAB1CA9621E73E25EE4744B67CDA6, 479EBD7BAE1E2AD431153FDC016742F7A8D824716EAB1A4CA87EBBD21D61DECD ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
18:19:49.0008 0x1480  TapiSrv - ok
18:19:49.0081 0x1480  [ 4C58B60C1E6A2946D6E3D67A36E5E03E, 30952D48B96BB5B858B48194B6C6D1BB64880D3801D46F8CB5CD81CC77B63EDD ] Tcpip           C:\WINDOWS\system32\drivers\tcpip.sys
18:19:49.0137 0x1480  Tcpip - ok
18:19:49.0188 0x1480  [ 4C58B60C1E6A2946D6E3D67A36E5E03E, 30952D48B96BB5B858B48194B6C6D1BB64880D3801D46F8CB5CD81CC77B63EDD ] TCPIP6          C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:19:49.0228 0x1480  TCPIP6 - ok
18:19:49.0259 0x1480  [ 41CF802064F72E55F50CA0A221FD36D4, 70ABCDF9E96611E8C83042C581575E26649FE479475E8E118CD3FF6CB1C84C3F ] tcpipreg        C:\WINDOWS\system32\drivers\tcpipreg.sys
18:19:49.0280 0x1480  tcpipreg - ok
18:19:49.0305 0x1480  [ 576FA545FAB846B06E79B324160DE25C, 14F1FD2769E7F5362E6452CA061564EF3DEBFDF6BC8EFF0CD4E22068A460A727 ] tdx             C:\WINDOWS\system32\DRIVERS\tdx.sys
18:19:49.0321 0x1480  tdx - ok
18:19:49.0331 0x1480  [ 232D185D2337F141311D0CF1983E1431, 02EB56D3F26174AF1741C1A444CE30DE84D5BAF583C1A52C7A953BCC52445547 ] terminpt        C:\WINDOWS\System32\drivers\terminpt.sys
18:19:49.0339 0x1480  terminpt - ok
18:19:49.0372 0x1480  [ 76938862B2674EFED79E814CD36E6A08, 911C0B419AC68EC535E0BEFAD1612A840AA22745215834DF421F10041B4ADA27 ] TermService     C:\WINDOWS\System32\termsrv.dll
18:19:49.0398 0x1480  TermService - ok
18:19:49.0411 0x1480  [ 2180DBCE75B914E5E5BBFFFAAE97AA21, 8000AECC8855903DB50ABA7E304396D1FCEAE8DC9ADD4FC50275CF24B4D914DE ] Themes          C:\WINDOWS\system32\themeservice.dll
18:19:49.0421 0x1480  Themes - ok
18:19:49.0443 0x1480  [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] THREADORDER     C:\WINDOWS\system32\mmcss.dll
18:19:49.0453 0x1480  THREADORDER - ok
18:19:49.0463 0x1480  [ B5ED9CC61798C7D44BD535D40B89EFB5, 1BDCEAA9AF2096381870D92129C748F4EE06A1167ABA9367B9DD43BAF27E3F5B ] TimeBroker      C:\WINDOWS\System32\TimeBrokerServer.dll
18:19:49.0476 0x1480  TimeBroker - ok
18:19:49.0505 0x1480  [ 80A2FC1A089A71F2DBE5D8394FFB009F, DEA30E751F6EA42E43E16869713FC7E37832B15DAFA0062B1798DFA476981385 ] TPM             C:\WINDOWS\system32\drivers\tpm.sys
18:19:49.0515 0x1480  TPM - ok
18:19:49.0531 0x1480  [ 884113C2BB703FE806C8608B75F34831, 24DE5750CA4363455412BABB0B1FAB08497153E8F158ED44958F100410F93506 ] TrkWks          C:\WINDOWS\System32\trkwks.dll
18:19:49.0542 0x1480  TrkWks - ok
18:19:49.0581 0x1480  [ 44A94FB4C76528D2382FFE04B05827C3, B0BCDF7CD1D65E61A9061D539D83527A89B69583958F8A26C6BF9766C1B61E0C ] TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe
18:19:49.0590 0x1480  TrustedInstaller - ok
18:19:49.0605 0x1480  [ BF8F54CA37E9C9D6582C31C5761F8C93, 337C566792F6FB9B7FD5D1D4384B767CFE4CF5DBB2E4688CCC36CBB018A0DD0F ] TsUsbFlt        C:\WINDOWS\system32\drivers\tsusbflt.sys
18:19:49.0613 0x1480  TsUsbFlt - ok
18:19:49.0626 0x1480  [ 20185BEB7512EDE4EFECDFA148AC9F99, 6F539478493C0F87F3DDF67A4A6D4D41E9474EEF21434E856350CE149A34EA9F ] TsUsbGD         C:\WINDOWS\System32\drivers\TsUsbGD.sys
18:19:49.0634 0x1480  TsUsbGD - ok
18:19:49.0664 0x1480  [ E85916632CD3B9E9B546968DB950BF42, DECE3852C763CC6293C7D1B772296C43A0AE1E47BBCC4979C96B3B2AD70413F3 ] tunnel          C:\WINDOWS\system32\DRIVERS\tunnel.sys
18:19:49.0682 0x1480  tunnel - ok
18:19:49.0692 0x1480  [ F6EEAD052943B5A3104C1405BB856C54, FE422813E6C1012E9F392EFF2AE4C6D3A4DBD9CB2BD5E6A5CAB57D4E89A29468 ] uagp35          C:\WINDOWS\system32\drivers\uagp35.sys
18:19:49.0701 0x1480  uagp35 - ok
18:19:49.0716 0x1480  [ FE6067B1FD4E63650C667B33D080565B, 2C330ED00E49BA55E25564230E0DFB8A35F2B5320EB18D4AF7CAACFA9A449044 ] UASPStor        C:\WINDOWS\System32\drivers\uaspstor.sys
18:19:49.0725 0x1480  UASPStor - ok
18:19:49.0740 0x1480  [ 807F8CF3E973305FC435C61CBBEE2A49, 43CDEAC2BFC5091C11DFC0E7F7171AF9A598AE56CB056C3CF382AE7807F79EF0 ] UCX01000        C:\WINDOWS\System32\drivers\ucx01000.sys
18:19:49.0750 0x1480  UCX01000 - ok
18:19:49.0770 0x1480  [ C61EAF8E1E4B2F62BA4FDF457440B2C6, 961F76A789925234AC27F56AAE34556FA06088D71580B42C24B0BC209EAFD67E ] udfs            C:\WINDOWS\system32\DRIVERS\udfs.sys
18:19:49.0786 0x1480  udfs - ok
18:19:49.0802 0x1480  [ 9578691F297E1B1F519970FE6D47CB21, 080C352AAF22A16A4F3C4AB4DCEA5BFA656457C73F735CEBA30516FDACCF6301 ] UEFI            C:\WINDOWS\System32\drivers\UEFI.sys
18:19:49.0802 0x1480  UEFI - ok
18:19:49.0833 0x1480  [ A867F0F978EE64C87FADC3B100869EE4, 2686BE85F963D0D0BB275E92E5B543280D8742CF10772303E3189D0719B6A277 ] UI0Detect       C:\WINDOWS\system32\UI0Detect.exe
18:19:49.0849 0x1480  UI0Detect - ok
18:19:49.0849 0x1480  [ 5EAB5117DDB24FC4D39E6FFFCF1837B9, 2BC709240867F161E94BE6625A04F478EAAA3EEE7BC7C37ED0DFA9EEA5928E98 ] uliagpkx        C:\WINDOWS\system32\drivers\uliagpkx.sys
18:19:49.0864 0x1480  uliagpkx - ok
18:19:49.0864 0x1480  [ DA34C39A18E60E7C3FA0630566408034, 2F162504214053894C72760D9933D01DBF3578609FE5E2376C3272818599FE32 ] umbus           C:\WINDOWS\System32\drivers\umbus.sys
18:19:49.0880 0x1480  umbus - ok
18:19:49.0880 0x1480  [ AE8294875E5446E359B1E8035D40C05E, AE0357BAB47C07C3576BC76951CD258C009BC5A1B93259D2122A841BD9CDA8FA ] UmPass          C:\WINDOWS\System32\drivers\umpass.sys
18:19:49.0895 0x1480  UmPass - ok
18:19:49.0911 0x1480  [ 87743CF5FF2FB3F2B424F0D8DFF8FD8C, C14C979612426D4449274C109FCF25D3BE170DC5CD7EF8E230C7E8D5681904D3 ] UmRdpService    C:\WINDOWS\System32\umrdp.dll
18:19:49.0927 0x1480  UmRdpService - ok
18:19:49.0958 0x1480  [ DBE2E6388379D5CC78099650541E9566, 1914BC929F109A49FB18ED31F239A9813A010B0A3914BC8CD0D6A94A67A072D7 ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
18:19:49.0958 0x1480  UNS - ok
18:19:49.0989 0x1480  [ C98493DD8E6A50154FAC75C15E1C36BB, CECD1C826C8F7AF05468871BF6A0ACDBB6B0202F4F87F48C6D367E5BD699E800 ] upnphost        C:\WINDOWS\System32\upnphost.dll
18:19:50.0005 0x1480  upnphost - ok
18:19:50.0005 0x1480  [ FF78D053A05E5A394F4E3C1816CC65A8, 5DAE02414271231F5FDBB751AFEB99874779B467947020815D4AE54432D4269D ] usbccgp         C:\WINDOWS\System32\drivers\usbccgp.sys
18:19:50.0020 0x1480  usbccgp - ok
18:19:50.0036 0x1480  [ 0139248F6B95CF0D837B5B46A2722D40, 38E3E704E0364F07732DB418AEBD126B040FB3CDB7D78EA36E8605D50D528A80 ] usbcir          C:\WINDOWS\System32\drivers\usbcir.sys
18:19:50.0036 0x1480  usbcir - ok
18:19:50.0067 0x1480  [ C996CBEF922B5653A01E3F50DDCE2F86, 231EB5A36E7EE242197E796D3B4AB12F945D2C8570587BC8D57D45530A0C59B4 ] usbehci         C:\WINDOWS\System32\drivers\usbehci.sys
18:19:50.0083 0x1480  usbehci - ok
18:19:50.0099 0x1480  [ CD81683F4553677B9BF5163A922153EB, 6B304B0D68B9BFF0245EC755CDAAF9DF59DF3A081727E32CB66672929F0DBC50 ] usbhub          C:\WINDOWS\System32\drivers\usbhub.sys
18:19:50.0114 0x1480  usbhub - ok
18:19:50.0145 0x1480  [ 5C90D5379B53590FBB24BBAD4FA682EE, DC036340510C1C0999AB1CB845F8E6EB8B7696BAC9BBE6E936454C0000D1E9D4 ] USBHUB3         C:\WINDOWS\System32\drivers\UsbHub3.sys
18:19:50.0161 0x1480  USBHUB3 - ok
18:19:50.0177 0x1480  [ A0F0484C97D6441ED6A75D7426ECCC9E, FF928ADE1C5464E581BF929F7383D5762D110EA6C7E31A6F0887EA7357ADBEFE ] usbohci         C:\WINDOWS\System32\drivers\usbohci.sys
18:19:50.0177 0x1480  usbohci - ok
18:19:50.0192 0x1480  [ 4D655E3B684BE9B0F7FFD8A2935C348C, 3A7FC1748C5AEA8CFE0E7C22ADC77E3DCA475455FC16D9C6A5C16EB5E949A516 ] usbprint        C:\WINDOWS\System32\drivers\usbprint.sys
18:19:50.0192 0x1480  usbprint - ok
18:19:50.0224 0x1480  [ 9D168BFA334D47BE404367EB58D4E130, 23279CBE6ACBD074E7B268BA2EDA14E2255C41F8117173B2BBE653D8259ECFA2 ] USBSTOR         C:\WINDOWS\System32\drivers\USBSTOR.SYS
18:19:50.0239 0x1480  USBSTOR - ok
18:19:50.0255 0x1480  [ FC974B03C8B87455F44F734C8F31A3C8, D69F6EE8030F7DF96FF151D9EAA6AE65417ACAC5A267C7DB96E9611D5BC42D2C ] usbuhci         C:\WINDOWS\System32\drivers\usbuhci.sys
18:19:50.0255 0x1480  usbuhci - ok
18:19:50.0302 0x1480  [ 44603DA5A87FB491EF59C889EBBB4DDB, 59AA9B6B0B5D66F9312CD3F999D0D9F12F1A2C5D230365AD7287CD71FD86961C ] USBXHCI         C:\WINDOWS\System32\drivers\USBXHCI.SYS
18:19:50.0302 0x1480  USBXHCI - ok
18:19:50.0317 0x1480  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] VaultSvc        C:\WINDOWS\system32\lsass.exe
18:19:50.0317 0x1480  VaultSvc - ok
18:19:50.0333 0x1480  [ FEB26E3B8345A7E8D62F945C4AE86562, 3AAFE87C402FC8E92542DFE60EC9540559863065F88D429A16D7B1BF829223FF ] vdrvroot        C:\WINDOWS\system32\drivers\vdrvroot.sys
18:19:50.0333 0x1480  vdrvroot - ok
18:19:50.0364 0x1480  [ 8A4D808D1EC7C1C47B2C8BF488A9A07A, 63C07312ADB6F8A8BDE93361C30AC63DAB4DE1141AF54630EEF11E54B0BF983D ] vds             C:\WINDOWS\System32\vds.exe
18:19:50.0396 0x1480  vds - ok
18:19:50.0411 0x1480  [ A026EDEAA5EECAE0B08E2748B616D4BD, 2525A54DC7F49DDFBB999C22BF3FAB6D9E9F70C0806E58D81E90AC59F9F46089 ] VerifierExt     C:\WINDOWS\system32\drivers\VerifierExt.sys
18:19:50.0427 0x1480  VerifierExt - ok
18:19:50.0458 0x1480  [ 8ABB4BABF59F092DF0B43778D8FD1884, 94C2100CE86448543A8DD586AD4A128AB9EB37959238D70F33EF59202270AC6C ] vhdmp           C:\WINDOWS\System32\drivers\vhdmp.sys
18:19:50.0474 0x1480  vhdmp - ok
18:19:50.0474 0x1480  [ 06D38968028E9AB19DE9B618C7B6D199, 62022297A47F440D1C82CA0B0E57C0C8E9D5033D83DD3B40492B218DF65EBF68 ] viaide          C:\WINDOWS\system32\drivers\viaide.sys
18:19:50.0489 0x1480  viaide - ok
18:19:50.0489 0x1480  [ 511AD3FF957A0127E6BD336FF6F89C38, 55325BFD0857A1204F7F6F8ED8C91C07B0E20A50402105708E7365ECD9E25A21 ] vmbus           C:\WINDOWS\system32\drivers\vmbus.sys
18:19:50.0489 0x1480  vmbus - ok
18:19:50.0505 0x1480  [ DA40BEA0A863CE768C940CA9723BF81F, 567C0C3F422325635808B0CF76E05D3B6187F96845C33F85F92F98C9FE53A5B8 ] VMBusHID        C:\WINDOWS\System32\drivers\VMBusHID.sys
18:19:50.0521 0x1480  VMBusHID - ok
18:19:50.0536 0x1480  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicguestinterface C:\WINDOWS\System32\ICSvc.dll
18:19:50.0552 0x1480  vmicguestinterface - ok
18:19:50.0567 0x1480  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicheartbeat   C:\WINDOWS\System32\ICSvc.dll
18:19:50.0583 0x1480  vmicheartbeat - ok
18:19:50.0599 0x1480  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmickvpexchange C:\WINDOWS\System32\ICSvc.dll
18:19:50.0620 0x1480  vmickvpexchange - ok
18:19:50.0624 0x1480  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicrdv         C:\WINDOWS\System32\ICSvc.dll
18:19:50.0640 0x1480  vmicrdv - ok
18:19:50.0655 0x1480  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicshutdown    C:\WINDOWS\System32\ICSvc.dll
18:19:50.0671 0x1480  vmicshutdown - ok
18:19:50.0671 0x1480  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmictimesync    C:\WINDOWS\System32\ICSvc.dll
18:19:50.0687 0x1480  vmictimesync - ok
18:19:50.0702 0x1480  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicvss         C:\WINDOWS\System32\ICSvc.dll
18:19:50.0725 0x1480  vmicvss - ok
18:19:50.0741 0x1480  [ 436E1A724E7E683F6B612D3D58F04241, 939B5EF0090DF3759295F88402FD0EA33F499DDA9F89E5D0E90D1F9AED65D491 ] volmgr          C:\WINDOWS\system32\drivers\volmgr.sys
18:19:50.0757 0x1480  volmgr - ok
18:19:50.0757 0x1480  [ 7DD4EAE2E680948D9AFF3E1B5234C1D3, 7B893CEF2B72458F5C716C811A24E4A8856E12E2AC9F551606A64B59C9DCF272 ] volmgrx         C:\WINDOWS\system32\drivers\volmgrx.sys
18:19:50.0772 0x1480  volmgrx - ok
18:19:50.0804 0x1480  [ 17F7B0F2298D97F4B6C7A69511033D3D, 5BDFC225F31553786726808FB7952940FC05CA72B3977D684056F42AFAA59565 ] volsnap         C:\WINDOWS\system32\drivers\volsnap.sys
18:19:50.0804 0x1480  volsnap - ok
18:19:50.0827 0x1480  [ DAC438FB5FF85A9E72806E2341D5D732, B1D1EFCA8C588A6BF53CEC941CC59702C366F15C7D5943431736EC857E57C0A2 ] vpci            C:\WINDOWS\System32\drivers\vpci.sys
18:19:50.0843 0x1480  vpci - ok
18:19:50.0843 0x1480  [ 4539F45F9F4C9757A86A56C949421E07, DEC362314B2C66414F39354AFE79C02B18BF4EEF90787FB58307F6EB62237E2C ] vsmraid         C:\WINDOWS\system32\drivers\vsmraid.sys
18:19:50.0858 0x1480  vsmraid - ok
18:19:50.0921 0x1480  [ D0CBA7B3531CCF2ADB985856D5F92434, 7FCBBCAF1AA85DCE8D75FB38DC4848AE12E8DD913CEBBC37BCD3D0123F0A3CAB ] VSS             C:\WINDOWS\system32\vssvc.exe
18:19:50.0945 0x1480  VSS - ok
18:19:50.0960 0x1480  [ 0849B7260F26FE05EA56DED0672E2F4B, 7EAC0E7988F45CB4133A15932955B7B03CE715C967A3BAC9999D81543EBCAEC5 ] VSTXRAID        C:\WINDOWS\system32\drivers\vstxraid.sys
18:19:50.0976 0x1480  VSTXRAID - ok
18:19:50.0991 0x1480  [ 71066FF95C487327E44C8AF1B72EBE8B, EA2729126B452CAE0C80D07501779D804B08E47F1217B61D53277B40869FEC25 ] vwifibus        C:\WINDOWS\System32\drivers\vwifibus.sys
18:19:51.0007 0x1480  vwifibus - ok
18:19:51.0046 0x1480  [ DC821E811EFBB65CDD77FBB8B6ECA385, B7C8AACDF81DBA298F2F384983D36B269876C31F0398D89BF9070217A069B96F ] W32Time         C:\WINDOWS\system32\w32time.dll
18:19:51.0062 0x1480  W32Time - ok
18:19:51.0109 0x1480  [ A22546B0093EBBDE03C52E56C3391373, 0C28D5C6A4E4EF12ABF0195409CAED17E07DEA22FB330D99FEEF847CBBC04A4E ] w3logsvc        C:\WINDOWS\system32\inetsrv\w3logsvc.dll
18:19:51.0133 0x1480  w3logsvc - ok
18:19:51.0133 0x1480  [ 0910AB9ED404C1434E2D0376C2AD5D8B, 62585CA5F1375BDA440D28D5DF1ADDC9DE3DDFA196D49BBFF3456A5A09EE1C6B ] WacomPen        C:\WINDOWS\System32\drivers\wacompen.sys
18:19:51.0149 0x1480  WacomPen - ok
18:19:51.0180 0x1480  [ B41F3E5780D97CFD44A717153AD9CF2C, 6133104D9E5BCFDCDF55E3C52AA701766102A8F86D3F2667BBBF7168E3B3E2AB ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:19:51.0180 0x1480  Wanarp - ok
18:19:51.0196 0x1480  [ B41F3E5780D97CFD44A717153AD9CF2C, 6133104D9E5BCFDCDF55E3C52AA701766102A8F86D3F2667BBBF7168E3B3E2AB ] Wanarpv6        C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:19:51.0196 0x1480  Wanarpv6 - ok
18:19:51.0228 0x1480  [ 9A476AA8F78384678349BBC16502F4C4, C89A47C97EDF8BD09407C9BBE9BDC4FBFE8A54CA9AB4E1B82E8E0BAD6C18339B ] WAS             C:\WINDOWS\system32\inetsrv\iisw3adm.dll
18:19:51.0235 0x1480  WAS - ok
18:19:51.0282 0x1480  [ 841345442390953CBC8801B95D3D0540, FD4F9FD2C4C60A1A580177FFF2E9035009AC6A38E78D4236B0ED4773E3B263EE ] wbengine        C:\WINDOWS\system32\wbengine.exe
18:19:51.0313 0x1480  wbengine - ok
18:19:51.0344 0x1480  [ 0F1DFA2FED73FA78B8C3CDE332A870F6, 1089F6F585F5350D349A640EBD3117832DF6B3657EB6667CB00AE217E04ACA17 ] WbioSrvc        C:\WINDOWS\System32\wbiosrvc.dll
18:19:51.0360 0x1480  WbioSrvc - ok
18:19:51.0391 0x1480  [ 0EAEC313B24837613621B4A2536ED382, 61C194ED7FA7D65BBE61A546D5FCA52F52AB08324E084D3EC23C9706E9BF0175 ] Wcmsvc          C:\WINDOWS\System32\wcmsvc.dll
18:19:51.0407 0x1480  Wcmsvc - ok
18:19:51.0422 0x1480  [ F6B4C2280FF7C7156AC8A4687B9DA35E, 1899D584D7469BB49355D84080051E2575B033E6312009D9C6C1DD3F7F9AA4C5 ] wcncsvc         C:\WINDOWS\System32\wcncsvc.dll
18:19:51.0438 0x1480  wcncsvc - ok
18:19:51.0438 0x1480  [ B7BF1D783F5B2484E8CE1C0C78257F16, 468601199FCCF63DBAE86EE6B8825EA85B2A1EE177413353FFA2CC9CA5249FCD ] WcsPlugInService C:\WINDOWS\System32\WcsPlugInService.dll
18:19:51.0453 0x1480  WcsPlugInService - ok
18:19:51.0485 0x1480  [ F2E08D1C067FEFC3A42D21FD4810F1D3, A8AD114094D9AE3BC6F76940EF873FD21CCF130DE7F8712950F1962DCE25F1B3 ] WdBoot          C:\WINDOWS\system32\drivers\WdBoot.sys
18:19:51.0485 0x1480  WdBoot - ok
18:19:51.0516 0x1480  [ CB6C63FF8342B467E2EF76E98D5B934D, BE017CE91E3BAB293DE6ECF143797CCE3F33CC63024437472B4E38C6961AD884 ] Wdf01000        C:\WINDOWS\system32\drivers\Wdf01000.sys
18:19:51.0532 0x1480  Wdf01000 - ok
18:19:51.0547 0x1480  [ E234820E6B84ABA5E84E00227F505AE8, 645B809B883D8F678F2535B575AA1D595F27EBFCE0A16433E9A54CC266BD74F2 ] WdFilter        C:\WINDOWS\system32\drivers\WdFilter.sys
18:19:51.0547 0x1480  WdFilter - ok
18:19:51.0572 0x1480  [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiServiceHost  C:\WINDOWS\system32\wdi.dll
18:19:51.0583 0x1480  WdiServiceHost - ok
18:19:51.0587 0x1480  [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiSystemHost   C:\WINDOWS\system32\wdi.dll
18:19:51.0596 0x1480  WdiSystemHost - ok
18:19:51.0611 0x1480  [ A74AD6D80AC26E1B5DD276FC927F2BAC, F73F090D46BB2AAA6A8D148C658B2EA8C07B16201BB800A9283F4017DC249809 ] WdNisDrv        C:\WINDOWS\system32\Drivers\WdNisDrv.sys
18:19:51.0611 0x1480  WdNisDrv - ok
18:19:51.0643 0x1480  WdNisSvc - ok
18:19:51.0658 0x1480  [ A70CAF5EA36CBA5FCA24244306D4D5C6, 76C3E20B62B89D9699A1E817377FAD70B144B877BCC5C850A5B64CC68184D8DA ] WebClient       C:\WINDOWS\System32\webclnt.dll
18:19:51.0686 0x1480  WebClient - ok
18:19:51.0696 0x1480  [ 384E1D04FE20845B2559D292F17A9FA1, AD3B0B2B2219691AC30FEEC8AFDB3BBB74B51BB7D02038AE2B4DEA514E245315 ] Wecsvc          C:\WINDOWS\system32\wecsvc.dll
18:19:51.0708 0x1480  Wecsvc - ok
18:19:51.0709 0x1480  [ 455014F4E48B67EBE0F032E2B0E06BF2, A36435784A034B27056A0E606683A20C69F1B0AB2B6BAEDEAEAA190F6287CAEF ] WEPHOSTSVC      C:\WINDOWS\system32\wephostsvc.dll
18:19:51.0724 0x1480  WEPHOSTSVC - ok
18:19:51.0724 0x1480  [ F13DBA57CEA9B7074B95EDCA6AD2635E, 1D9BA4841EF1343A5D9096B5FE27FC65DC1901D6683DD13516171638549666B5 ] wercplsupport   C:\WINDOWS\System32\wercplsupport.dll
18:19:51.0740 0x1480  wercplsupport - ok
18:19:51.0756 0x1480  [ FD7E58B6AA3EABF2D12B9762A20E11E4, 4C5E2E246C5C70074866BB3DBC2AAF483ECE4345004CCB8D1FE285047268685D ] WerSvc          C:\WINDOWS\System32\WerSvc.dll
18:19:51.0771 0x1480  WerSvc - ok
18:19:51.0794 0x1480  [ 715ABA3DD164D06457A2A3C92F6EA9D5, E6F8269D2FFC4A548B65724C0A3F53756ED15E47229861FBD40B656EE40FE166 ] WFPLWFS         C:\WINDOWS\system32\DRIVERS\wfplwfs.sys
18:19:51.0803 0x1480  WFPLWFS - ok
18:19:51.0809 0x1480  [ 8C840E1FD7584E74BD0CC1EA581EC187, 148E534A94B4882E7396B13FABE17407802292E7890713540080D03D5629C81D ] WiaRpc          C:\WINDOWS\System32\wiarpc.dll
18:19:51.0809 0x1480  WiaRpc - ok
18:19:51.0825 0x1480  [ 5F66B7BB330AA80067FC66149A692620, 92C5D7115A168A23108B65EEEB5FBA8FA43D781855355792596D2419160263C2 ] WIMMount        C:\WINDOWS\system32\drivers\wimmount.sys
18:19:51.0840 0x1480  WIMMount - ok
18:19:51.0840 0x1480  WinDefend - ok
18:19:51.0871 0x1480  [ 0E70990EC2E5D2331AA5E88DB0CFB826, 79DFF565C3FCBC691E8FEB669CEC00E340FD2A2AFA4488D23A7CC63A2A98A5C1 ] WinHttpAutoProxySvc C:\WINDOWS\system32\winhttp.dll
18:19:51.0887 0x1480  WinHttpAutoProxySvc - ok
18:19:51.0934 0x1480  [ FC8BD690321216C32BB58B035B6D5674, D61698DB19D9DB2593B60B6BA13F7B7735667206F41D751D507135469D6D3CDD ] Winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
18:19:51.0950 0x1480  Winmgmt - ok
18:19:52.0043 0x1480  [ B56BFFFB740D76E634DB7B4802E36E4E, 2AA84756DE882463AE4C7BA0DCDEE3E5501DDF673ADD3F37B2B814FB0342E61F ] WinRM           C:\WINDOWS\system32\WsmSvc.dll
18:19:52.0090 0x1480  WinRM - ok
18:19:52.0116 0x1480  [ 3AF1FA17F1C4ACBDB660D8F98B1A9C13, 99B0851410B462685F6705EBF832D10943FB9634030B02D15BF5D0C66F26F2C2 ] WinUsb          C:\WINDOWS\system32\DRIVERS\WinUsb.sys
18:19:52.0131 0x1480  WinUsb - ok
18:19:52.0178 0x1480  [ F6F13FB009D43CE75FDBC35A5A46F9BB, 8F993BB0579129373F9B1A1EEAC1DA18A22B4E6089CAFA7BCAE4D12D1C2A9A03 ] WlanSvc         C:\WINDOWS\System32\wlansvc.dll
18:19:52.0209 0x1480  WlanSvc - ok
18:19:52.0256 0x1480  [ 06BF5897949A8F24893F792E876B71F5, 9D3719492A86BF52A56E2EA798FD6FDB5862A03F6D360FCC4B0CEA9BE9792AE4 ] wlidsvc         C:\WINDOWS\system32\wlidsvc.dll
18:19:52.0288 0x1480  wlidsvc - ok
18:19:52.0303 0x1480  [ 2834D9D3B4F554A39C72F00EA3F0E128, D10124343C67FE9A0B711AD569BB8080495FCEA0ECEF9AC3F3FBD6865F436A44 ] WmiAcpi         C:\WINDOWS\System32\drivers\wmiacpi.sys
18:19:52.0303 0x1480  WmiAcpi - ok
18:19:52.0319 0x1480  [ B96F7A1236C3F21212DE2C40A3DDB005, 5A29EBB6DA036E303611EB1304192655021405BB05452FD37886DDE604FF0D9D ] wmiApSrv        C:\WINDOWS\system32\wbem\WmiApSrv.exe
18:19:52.0319 0x1480  wmiApSrv - ok
18:19:52.0334 0x1480  WMPNetworkSvc - ok
18:19:52.0350 0x1480  [ 7FC5667DF73D4B04AA457CC3A4180E09, CB7B014945DCA16B6D120DBE0E5876C4C867A4ACD3C3536AEADC14B908613D4E ] Wof             C:\WINDOWS\system32\drivers\Wof.sys
18:19:52.0350 0x1480  Wof - ok
18:19:52.0397 0x1480  [ EDFA5CEDBE174FAAA4A09A6B297AEA42, 5998FE15462E4AD9C7B1444E5E2C17BD470DA3A5D474A0A118E02E47DADC678A ] workfolderssvc  C:\WINDOWS\system32\workfolderssvc.dll
18:19:52.0438 0x1480  workfolderssvc - ok
18:19:52.0469 0x1480  [ A2468CC3509394A33C4C32F99563D845, 62690C7D41F382DF74B8F4B942647842858E37DE35FF2DE028192E4D09ABB2C5 ] wpcfltr         C:\WINDOWS\system32\DRIVERS\wpcfltr.sys
18:19:52.0469 0x1480  wpcfltr - ok
18:19:52.0469 0x1480  [ 19F4DF69876DA7E9C4965351560FE6B7, 127247A7964F55EE3AF842D25120F5ACD387632BEE2BF3D28FAC05840CEA19BA ] WPCSvc          C:\WINDOWS\System32\wpcsvc.dll
18:19:52.0485 0x1480  WPCSvc - ok
18:19:52.0516 0x1480  [ 25BE82B325AC22FE563A58A1AC29F4C1, 4247BAA9A44C964446F81ED44F18B28F1F730F46851EC2B756BAC57FB9D86700 ] WPDBusEnum      C:\WINDOWS\system32\wpdbusenum.dll
18:19:52.0541 0x1480  WPDBusEnum - ok
18:19:52.0541 0x1480  [ 9F2904B55F6CECCD1A8D986B5CE2609A, E19ED4DD3CEF3A22C058FC324824604FB3FC98A029C94E6C2A3389F938D680B6 ] WpdUpFltr       C:\WINDOWS\system32\drivers\WpdUpFltr.sys
18:19:52.0556 0x1480  WpdUpFltr - ok
18:19:52.0572 0x1480  [ AE072B0339D0A18E455DC21666CAD572, AB1DAEA25E2C7AD610818D4B4783F6D4190D85EBB3963BBAD410E8CEA7899EDB ] ws2ifsl         C:\WINDOWS\system32\drivers\ws2ifsl.sys
18:19:52.0587 0x1480  ws2ifsl - ok
18:19:52.0635 0x1480  [ 501D5EFAB9711039479AE48401386D2B, C8C1184DE93E9D2C4E8A60E4E9980745C4E5470E5DA9B59165D18705330ADEFE ] wscsvc          C:\WINDOWS\System32\wscsvc.dll
18:19:52.0643 0x1480  wscsvc - ok
18:19:52.0659 0x1480  WSearch - ok
18:19:52.0745 0x1480  [ 6B2D71124C1EA86B74412F414C42431D, 078CC6C9667EF6BDA3E6900BC26A5A5B030CAA66928A6BBB7B7DC43C5C199EDC ] WSService       C:\WINDOWS\System32\WSService.dll
18:19:52.0807 0x1480  WSService - ok
18:19:52.0893 0x1480  [ F8AAE8C41092D195C470EE7EF2D0BB01, D02B608244D084669632F60CC977BA10A9A5F7CEA73F15A8ADE6BF9EFE8C4052 ] wuauserv        C:\WINDOWS\system32\wuaueng.dll
18:19:52.0948 0x1480  wuauserv - ok
18:19:52.0963 0x1480  [ 481286719402E4BAEFEA0604AB1B5113, F3CF65DF2AB39F79AE4C1335831408418E40726706E0242677E8B96B0FAD988F ] WudfPf          C:\WINDOWS\system32\drivers\WudfPf.sys
18:19:52.0979 0x1480  WudfPf - ok
18:19:52.0995 0x1480  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFRd          C:\WINDOWS\System32\drivers\WUDFRd.sys
18:19:52.0995 0x1480  WUDFRd - ok
18:19:53.0010 0x1480  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFSensorLP    C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
18:19:53.0010 0x1480  WUDFSensorLP - ok
18:19:53.0026 0x1480  [ 51D28F7F1F888DDCF2C67DCF3B79A5D3, 74FF2936AFCEB9A36175D5B00EB91A5AD614B52BE3FB3FA9B994A025A484D2B7 ] wudfsvc         C:\WINDOWS\System32\WUDFSvc.dll
18:19:53.0026 0x1480  wudfsvc - ok
18:19:53.0046 0x1480  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdFs       C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
18:19:53.0049 0x1480  WUDFWpdFs - ok
18:19:53.0049 0x1480  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdMtp      C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
18:19:53.0065 0x1480  WUDFWpdMtp - ok
18:19:53.0081 0x1480  [ A0900F8F628B5AF6841414EB3CF11E50, 8A531F2472FF4B4D895D469D28C215C834ECADBEF539894B8F3F606079A86184 ] WwanSvc         C:\WINDOWS\System32\wwansvc.dll
18:19:53.0096 0x1480  WwanSvc - ok
18:19:53.0183 0x1480  [ D7B04F68BC4AC96F3B7A8234B6BC7368, 2BD9882DB79AE4AF2CCFDBBE0CB881F564F962E9B919043A70D11FB5B8ABFDEF ] XperiaCompanionService C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe
18:19:53.0214 0x1480  XperiaCompanionService - ok
18:19:53.0214 0x1480  ================ Scan global ===============================
18:19:53.0253 0x1480  [ 3500AF0BA2EF095BF313EEB75D2366C6, C755E57B02BFA82151A182DF964349859575570EA5C3FBA81F747B8D2134A4D0 ] C:\WINDOWS\system32\basesrv.dll
18:19:53.0269 0x1480  [ EAB311B0A7A8EA0346F14F08D4BC8F46, 11168E4074679F8A69DA714C0ABD0C68BA49D171B379343F14783C9C563202CA ] C:\WINDOWS\system32\winsrv.dll
18:19:53.0285 0x1480  [ 3600ED7EA8AED849E20700551C0BD63B, 4A8C346C1646E80B58EF93F87F915A41E05CA2E993BB1C96955AE62A0669AF66 ] C:\WINDOWS\system32\sxssrv.dll
18:19:53.0316 0x1480  [ E0C7813A97CA7947FF5C18A8F3B61A45, 083BB4F3B20419C87DB656F1465E5F782ACDE76838CDE6207F26AAD035C69DE0 ] C:\WINDOWS\system32\services.exe
18:19:53.0332 0x1480  [ Global ] - ok
18:19:53.0332 0x1480  ================ Scan MBR ==================================
18:19:53.0350 0x1480  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
18:19:53.0455 0x1480  \Device\Harddisk0\DR0 - ok
18:19:53.0455 0x1480  ================ Scan VBR ==================================
18:19:53.0473 0x1480  [ 301635311E3100386A7047DDC6C2D2B4 ] \Device\Harddisk0\DR0\Partition1
18:19:53.0473 0x1480  \Device\Harddisk0\DR0\Partition1 - ok
18:19:53.0489 0x1480  [ C7A44BB1F679E7DC76EEEE15A4AA689A ] \Device\Harddisk0\DR0\Partition2
18:19:53.0489 0x1480  \Device\Harddisk0\DR0\Partition2 - ok
18:19:53.0504 0x1480  [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition3
18:19:53.0504 0x1480  \Device\Harddisk0\DR0\Partition3 - ok
18:19:53.0520 0x1480  [ 3E261BBFA6256344FAD9A7FD6DBBFDB0 ] \Device\Harddisk0\DR0\Partition4
18:19:53.0520 0x1480  \Device\Harddisk0\DR0\Partition4 - ok
18:19:53.0536 0x1480  [ 78B787A9710F450983921D01E302066F ] \Device\Harddisk0\DR0\Partition5
18:19:53.0551 0x1480  \Device\Harddisk0\DR0\Partition5 - ok
18:19:53.0558 0x1480  [ BC197A77EFDA1C3A7563CF4EC9C49E0F ] \Device\Harddisk0\DR0\Partition6
18:19:53.0560 0x1480  \Device\Harddisk0\DR0\Partition6 - ok
18:19:53.0560 0x1480  ================ Scan generic autorun ======================
18:19:53.0591 0x1480  [ 96A1D93D16F959C6F5A63E749A9F2EF7, 9EDD4EEC5C625ECF4A1C82318ED6B74404E63A3D43312B53E4F627D76D47658C ] C:\Program Files\IDT\WDM\beats64.exe
18:19:53.0607 0x1480  BeatsOSDApp - detected UnsignedFile.Multi.Generic ( 1 )
18:19:53.0679 0x1480  Detect skipped due to KSN trusted
18:19:53.0679 0x1480  BeatsOSDApp - ok
18:19:53.0742 0x1480  [ 24A1C2C585F21D4FB11684930B464640, 5BB2E053DA5F9E9D5B1142B450719D28896A731ED7E7033CA7496CA3974FC70A ] C:\Program Files\IDT\WDM\sttray64.exe
18:19:53.0765 0x1480  SysTrayApp - detected UnsignedFile.Multi.Generic ( 1 )
18:19:53.0828 0x1480  Detect skipped due to KSN trusted
18:19:53.0828 0x1480  SysTrayApp - ok
18:19:53.0921 0x1480  [ 724CB7A116F7E1A67009D751BCF86586, F0C4BE7451C5573AD584F5EF125C0702841E30D928909B5B3EA702831EF2FD9B ] c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
18:19:53.0953 0x1480  CLMLServer_For_P2G8 - ok
18:19:54.0031 0x1480  [ 73F1B07CF82235B25BCC3E9A7522ACCB, 47221B8DFF5A44050AFB0AB5A249FEECE36BE2E000D6529E099128EEDFA647DA ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe
18:19:54.0046 0x1480  StartCCC - ok
18:19:54.0078 0x1480  [ AC581685C4CC890B42E9E9700014543D, 642DEB7AF6576D07C8D8019135338E4B45B2B17329BF376C4605E912F0CBD034 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
18:19:54.0093 0x1480  SunJavaUpdateSched - ok
18:19:54.0203 0x1480  [ D2CE6EA0E9F641D7153462D40C6B4193, 3AAE5239F951E29497D759326BDC23E19644B763DC5661CA4E4980418195C37D ] C:\Program Files (x86)\Steam\steam.exe
18:19:54.0265 0x1480  Steam - ok
18:19:54.0375 0x1480  [ 6D7BB3495CCCD5BAA304037548D60224, A039741AE7462B65E80473FDCC9583976E149424A3C886D79CBD06398C467586 ] C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanionAgent.exe
18:19:54.0422 0x1480  XperiaCompanionAgent - ok
18:19:54.0531 0x1480  [ D59EAE9E96242B08B3FD4927DAB1F6BC, 5E9E1751F969CCE7FB9C848BFAA5A61CDBBFC154B2039C95B2E04CB6F33257E4 ] C:\Users\Anisimov\AppData\Roaming\Spotify\SpotifyWebHelper.exe
18:19:54.0562 0x1480  Spotify Web Helper - ok
18:19:54.0769 0x1480  [ ED5DEE709F009CB1F9B35ACCAAE2AF0D, C3C38BE49DC8939CEDFF89B852632094F13AD2E569C65363BEC9039C2D2382FB ] C:\Program Files\CCleaner\CCleaner64.exe
18:19:54.0941 0x1480  CCleaner Monitoring - ok
18:19:54.0941 0x1480  Waiting for KSN requests completion. In queue: 133
18:19:55.0952 0x1480  Waiting for KSN requests completion. In queue: 133
18:19:56.0083 0x06d4  Object required for P2P: [ ED5DEE709F009CB1F9B35ACCAAE2AF0D ] C:\Program Files\CCleaner\CCleaner64.exe
18:19:56.0297 0x06d4  Object send P2P result: true
18:19:56.0967 0x1480  AV detected via SS2: Avira Antivirus, C:\Program Files (x86)\Avira\AntiVir Desktop\WindowsSecurityCenter.exe ( 15.0.32.11 ), 0x41000 ( enabled : updated )
18:19:56.0968 0x1480  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.10.209.0 ), 0x60100 ( disabled : updated )
18:19:56.0968 0x1480  AV detected via SS2: Malwarebytes, C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe ( 3.0.0.143 ), 0x60000 ( disabled : updated )
18:19:56.0972 0x1480  Win FW state via NFP2: enabled ( trusted )
18:19:57.0103 0x1480  ============================================================
18:19:57.0103 0x1480  Scan finished
18:19:57.0103 0x1480  ============================================================
18:19:57.0103 0x1188  Detected object count: 0
18:19:57.0103 0x1188  Actual detected object count: 0

M-K-D-B · 02.11.2017, 21:51

Servus,

wir kontrollieren nochmal alles.

Hinweis: Der Suchlauf mit ESET kann länger dauern.

Schritt 1
Downloade dir die passende Version von HitmanPro auf deinen Desktop: HitmanPro - 32 Bit | HitmanPro - 64 Bit.

Starte die HitmanPro.exe
Klicke auf
Entferne den Haken bei
Klicke auf
und
Akzeptiere die Lizenzbedingungen und klicke auf
Klicke auf

und auf
Wenn der Scan beendet wurde, nichts löschen lassen etc. sondern wähle unten links auf der Button-Leiste
und speichere die Logdatei auf Deinem Desktop.
Schließe HitmanPro und poste mir das Log.

Schritt 2
Downloade Dir bitte ESET Online Scanner (Bebilderte Anleitung)

Starte die Installationsdatei.
Akzeptiere die Nutzungsbedingungen.
Wähle Erkennung evtl. unerwünschter Anwendungen aktivieren aus und klicke auf Scannen.
Zuerst werden die notwendigen Signaturen heruntergeladen, anschließend startet ESET automatisch den Suchlauf.
Am Ende des Suchlaufs werden gegebenenfalls die gefundenen Elemente aufgelistet.
Wähle In Textdatei speichern... aus und speichere die Datei als eset.txt auf deinem Desktop ab.
Füge den Inhalt der eset.txt mit deiner nächsten Antwort hinzu.
Sollte ESET nichts finden, so kann auch keine Logdatei erstellt werden. Teile uns das dann unbedingt mit.
Schließe den ESET Online Scanner rechts oben [ X ] und klicke anschließend auf Schließen.

Bitte poste mit deiner nächsten Antwort

die Logdatei von HitmanPro,
die Logdatei von ESET.

BLaDe. · 03.11.2017, 10:10

Hallo, alles klar. Hier dann mal die Logs

Hitman

Code:

ATTFilter


	Code: 

 ATTFilter

  
	HitmanPro 3.7.20.286
www.hitmanpro.com

   Computer name . . . . : EUGEN
   Windows . . . . . . . : 6.3.0.9600.X64/4
   User name . . . . . . : EUGEN\Anisimov
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2017-11-03 08:42:21
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 4m 45s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 16

   Objects scanned . . . : 1.905.158
   Files scanned . . . . : 63.547
   Remnants scanned  . . : 579.339 files / 1.262.272 keys

Suspicious files ____________________________________________________________

   C:\Users\Anisimov\Desktop\FRST64.exe
      Size . . . . . . . : 2.403.328 bytes
      Age  . . . . . . . : 0.6 days (2017-11-02 17:58:56)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 0AF9E15774EB98DE5E89662BC939177586FAA9138192B1C1EDD8228B95259A90
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.


Potential Unwanted Programs _________________________________________________

   HKU\S-1-5-21-2170353134-3406697385-2337659682-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975} (Claro)
   HKU\S-1-5-21-2170353134-3406697385-2337659682-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Approved Extensions\{98889811-442D-49DD-99D7-DC866BE87DBC} (Claro)
   HKU\S-1-5-21-2170353134-3406697385-2337659682-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\TabbedBrowsing\bProtectNewTabPageShow (22Find)
   HKU\S-1-5-21-2170353134-3406697385-2337659682-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11022017111054718\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975} (Claro)
   HKU\S-1-5-21-2170353134-3406697385-2337659682-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11022017111054718\Software\Microsoft\Internet Explorer\Approved Extensions\{98889811-442D-49DD-99D7-DC866BE87DBC} (Claro)
   HKU\S-1-5-21-2170353134-3406697385-2337659682-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11022017111054718\Software\Microsoft\Internet Explorer\TabbedBrowsing\bProtectNewTabPageShow (22Find)
   HKU\S-1-5-21-2170353134-3406697385-2337659682-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11022017142951722\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975} (Claro)
   HKU\S-1-5-21-2170353134-3406697385-2337659682-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11022017142951722\Software\Microsoft\Internet Explorer\Approved Extensions\{98889811-442D-49DD-99D7-DC866BE87DBC} (Claro)
   HKU\S-1-5-21-2170353134-3406697385-2337659682-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11022017142951722\Software\Microsoft\Internet Explorer\TabbedBrowsing\bProtectNewTabPageShow (22Find)
   HKU\S-1-5-21-2170353134-3406697385-2337659682-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11022017161502191\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975} (Claro)
   HKU\S-1-5-21-2170353134-3406697385-2337659682-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11022017161502191\Software\Microsoft\Internet Explorer\Approved Extensions\{98889811-442D-49DD-99D7-DC866BE87DBC} (Claro)
   HKU\S-1-5-21-2170353134-3406697385-2337659682-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11022017161502191\Software\Microsoft\Internet Explorer\TabbedBrowsing\bProtectNewTabPageShow (22Find)
   HKU\S-1-5-21-2170353134-3406697385-2337659682-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975} (Claro)
   HKU\S-1-5-21-2170353134-3406697385-2337659682-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{98889811-442D-49DD-99D7-DC866BE87DBC} (Claro)
   HKU\S-1-5-21-2170353134-3406697385-2337659682-1001\Software\Microsoft\Internet Explorer\TabbedBrowsing\bProtectNewTabPageShow (22Find)

ESET

Code:

ATTFilter

C:\AdwCleaner\Quarantine\C\Program Files (x86)\delta\delta\1.8.16.16\deltaEng.dll.vir	Variante von Win32/Toolbar.Montiera.A eventuell unerwünschte Anwendung	
C:\AdwCleaner\Quarantine\C\Program Files (x86)\delta\delta\1.8.16.16\deltasrv.exe.vir	Variante von Win32/Toolbar.Montiera.A eventuell unerwünschte Anwendung	
C:\AdwCleaner\Quarantine\C\Program Files (x86)\delta\delta\1.8.16.16\uninstall.exe.vir	Win32/Toolbar.Montiera.B eventuell unerwünschte Anwendung	
C:\AdwCleaner\Quarantine\C\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\bprotector.js.vir	Win32/bProtector.F eventuell unerwünschte Anwendung	
C:\AdwCleaner\Quarantine\C\Users\Anisimov\AppData\Roaming\BabSolution\Shared\BabMaint.exe.vir	Win32/Toolbar.Babylon.I eventuell unerwünschte Anwendung	
C:\AdwCleaner\Quarantine\C\Users\Anisimov\AppData\Roaming\BabSolution\Shared\BUSolution.dll.vir	Win32/Toolbar.Babylon.AE eventuell unerwünschte Anwendung	
C:\AdwCleaner\Quarantine\C\Users\Anisimov\AppData\Roaming\OpenCandy\3779538814844F038A332BE95D8F1679\DeltaTB.exe.vir	Variante von Win32/Toolbar.Babylon.C eventuell unerwünschte Anwendung

Danke

M-K-D-B · 03.11.2017, 20:44

Servus,

Reste entfernen

Kopiere den Inhalt der folgenden Code-Box:

Code:

ATTFilter

Start::
DeleteValue: HKU\S-1-5-21-2170353134-3406697385-2337659682-1001\Software\Microsoft\Internet Explorer\Approved Extensions|{4D2D3B0F-69BE-477A-90F5-FDDB05357975}
DeleteValue: HKU\S-1-5-21-2170353134-3406697385-2337659682-1001\Software\Microsoft\Internet Explorer\Approved Extensions|{98889811-442D-49DD-99D7-DC866BE87DBC}
DeleteValue: HKU\S-1-5-21-2170353134-3406697385-2337659682-1001\Software\Microsoft\Internet Explorer\TabbedBrowsing|bProtectNewTabPageShow
Reboot:
End::

Starte nun FRST und klicke direkt den Entfernen Button. Wichtig: Du brauchst den Inhalt der Code-Box nirgends einfügen!
Das Tool führt die gewünschten Schritte aus und erstellt eine fixlog.txt im selben Verzeichnis, in dem sich die FRST/FRST64.exe befindet.
Gegebenenfalls muss dein Rechner dafür neu gestartet werden.
Poste mir den Inhalt der fixlog.txt mit deiner nächsten Antwort.

Dann wären wir durch!
Wenn du keine Probleme mehr mit Malware hast, dann sind wir hier fertig. Deine Logdateien sind sauber.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...

Vielleicht möchtest du das Forum mit einer kleinen Spende unterstützen.

Hinweise:
Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.
Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.

Cleanup
Alle Logs gepostet? Dann lade Dir bitte

DelFix herunter.

Schließe alle offenen Programme.
Starte die delfix.exe mit einem Doppelklick.
Setze vor jede Funktion ein Häkchen.
Klicke auf Start.
Starte deinen Rechner zum Abschluss neu auf.

Hinweis:
DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte deinen Rechner anschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst du diese bedenkenlos löschen.

Virenscanner + Firewall
Vorab sei erwähnt, dass man niemals die Schutzwirkung eines Virenscanners überbewerten darf! Kein Antivirusprogramm erkennt 100% der Schadsoftware.

Sofern du noch unentschieden bist, verwende MAXIMAL EIN EINZIGES der folgenden Antivirusprogramme mit Echtzeitscanner und stets aktueller Signaturendatenbank:

Emsisoft Anti-Malware (kostenpflichtig)
ESET NOD32 Antivirus (kostenpflichtig)
Microsoft Security Essentials (kostenlos)

Microsoft Security Essentials (MSE) / Windows Defender (WD) ist ab Windows 8 fest eingebaut, wenn du also Windows 8, 8.1 oder 10 und dich für MSE/WD entschieden hast, brauchst du nicht extra MSE/WD zu installieren. Bei Windows 7 muss es aber manuell installiert oder über die Windows Updates als optionales Update bezogen werden. Selbstverständlich ist ein legales/aktiviertes Windows Voraussetzung dafür.

Verwende immer nur reine Virenscanner (keine Produkte mit "Suite", "Internet Security", "Endpoint" oder "Total Security" in Namen, denn diese bringen kontraproduktive Firewalls mit - die Windows-Firewall ist alles was benötigt wird)

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware , AdwCleaner und mit dem ESET Online Scanner scannen.
Diese Programme sind alle kostenlos und stören nicht den Betrieb deines Antivirenprogramms.

Absicherungen
Beim Betriebsystem Windows ist es wichtig, die automatischen Updates zu aktivieren.
Auch sicherheitsrelevante Software sollte immer in aktueller Version vorliegen.

Das zeitnahe Einspielen von Updates ist erforderlich, damit Sicherheitslücken geschlossen werden. Sicherheitslücken werden beispielsweise dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.

Besonders aufpassen bzgl. der Aktualität musst du insbesondere bei folgender Software - sofern diese überhaupt benötigt wird:

Browser (Internet Explorer, Edge, Firefox, Chrome, Opera, etc.)
Flash-Player
Java
Adobe Reader

Optionale Browsererweiterungen

Adblock Plus oder uBlock Origin (Firefox - Chrome) - können Banner, Pop-ups, Videowerbung, Tracking und Malware-Seiten blockieren.
NoScript - verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen. NoScript kann gerade bei technisch nicht allzu versierten Nutzern beim Surfen zum Nervfaktor werden; ob das Tool geeignet ist, muss jeder selbst mal ausprobieren und dann für sich entscheiden.

Grundsätzliches

Ändere regelmäßig deine Online-Passwörter und erstelle regelmäßig Backups deiner wichtigen Dateien oder des Systems. Genaueres dazu findest du unten im Lesestoff zu Backups.
Lade keine Software von Chip, Softonic, SourceForge oder VLC.de. Die dort angebotene Software wird häufig mit einem sog. "Installer" verteilt, mit dem man sich nur unerwünschte Software oder Adware installiert.
Lade Software von einem sauberen Portal wie oder direkt beim jeweiligen Hersteller / Entwickler.
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne die Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten bis nicht belegbar. Selbst Microsoft unterstützt sog. Registry-Cleaner nicht.
Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.

Lesestoff:
Backup-/Image-Tools

IMHO sind Wiederherstellungspunkte nix weiter als eine Notlösung, wer sich auf was Funktionierendes verlassen will und muss, kommt um echte Backup/Imaging Software nicht herum. Ich nehme unter Windows immer Drive Snapshot - Disk Image Backup for Windows NT/2000/XP/2003/X64

Damit man sinnvolle Backups hat, muss man regelmäßig (z. B. wöchentlich) ein Image auf eine separate externe Festplatte erstellen. Diese externe Festplatte wird nur dann angeschlossen, wenn man das Backup erstellen will (oder etwas wiederherstellen muss), sonsten bleibt sie aus Sicherheitsgründen sicher im Schrank verwahrt - allein schon aus dem Grund, die Backups vor Krypto-Trojaner zu schützen.

Option 1: Drivesnapshot

Offizielle TB-Anleitung --> http://www.trojaner-board.de/186299-...esnapshot.html

Drive Snapshot - Disk Image Backup for Windows NT/2000/XP/2003/X64
Download (32-Bit) => http://www.drivesnapshot.de/download/snapshot.exe
Download (64-Bit) => http://www.drivesnapshot.de/download/snapshot64.exe

Es gibt da auch leicht abgespeckte Versionen von Acronis TrueImage gratis wenn man Platten von Seagate und/oder Western Digital hat. Vllt sagen diese Programme dir mehr zu. Mein Favorit aber ist das kleine o.g. Drivesnapshot.

Option 2: Seagate DiscWizard
Download => Seagate DiscWizard - Download - Filepony

Screenshots:
http://filepony.de/screenshot/seagate_discwizard5.jpg
http://filepony.de/screenshot/seagate_discwizard4.png
http://filepony.de/screenshot/seagate_discwizard3.jpg

Option 3: Acronis TrueImage WD Edition
Download => Acronis True Image WD Edition - Download - Filepony

Screenshots:
http://filepony.de/screenshot/acroni...d_edition1.jpg
http://filepony.de/screenshot/acroni...d_edition2.jpg

BLaDe. · 03.11.2017, 21:01

Servus,

Code:

ATTFilter

Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version: 02-11-2017
durchgeführt von Anisimov (03-11-2017 20:49:44) Run:1
Gestartet von C:\Users\Anisimov\Desktop
Geladene Profile: Anisimov &  (Verfügbare Profile: Anisimov)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
DeleteValue: HKU\S-1-5-21-2170353134-3406697385-2337659682-1001\Software\Microsoft\Internet Explorer\Approved Extensions|{4D2D3B0F-69BE-477A-90F5-FDDB05357975}
DeleteValue: HKU\S-1-5-21-2170353134-3406697385-2337659682-1001\Software\Microsoft\Internet Explorer\Approved Extensions|{98889811-442D-49DD-99D7-DC866BE87DBC}
DeleteValue: HKU\S-1-5-21-2170353134-3406697385-2337659682-1001\Software\Microsoft\Internet Explorer\TabbedBrowsing|bProtectNewTabPageShow
Reboot:

*****************

HKU\S-1-5-21-2170353134-3406697385-2337659682-1001\Software\Microsoft\Internet Explorer\Approved Extensions\\{4D2D3B0F-69BE-477A-90F5-FDDB05357975} => Wert nicht gefunden.
HKU\S-1-5-21-2170353134-3406697385-2337659682-1001\Software\Microsoft\Internet Explorer\Approved Extensions\\{98889811-442D-49DD-99D7-DC866BE87DBC} => Wert erfolgreich entfernt
HKU\S-1-5-21-2170353134-3406697385-2337659682-1001\Software\Microsoft\Internet Explorer\TabbedBrowsing\\bProtectNewTabPageShow => Wert erfolgreich entfernt


Das System musste neu gestartet werden.

==== Ende von Fixlog 20:49:45 ====

Was genau löscht Delfix ? Hab das nicht ganz verstanden, bevor ich damit loslege

Ansonsten alles top besten dank dir soweit, von Avira wirst du vermutlich auch nicht viel halten?

Kannst mir einen vernünftigen kostenlosen AV empfehlen? Da ich ja Win 8.1 hab, fällt der eine von MS ja weg?

Kann man bedenkenlos mit CCleaner die Registry aufräumen? Oder nicht empfehlenswert?

Vielen Dank im Vorraus

LG

M-K-D-B · 03.11.2017, 21:21

Zitat:

Zitat von BLaDe.

Was genau löscht Delfix ? Hab das nicht ganz verstanden, bevor ich damit loslege

So gut wie alle verwendeten Bereinigungsprogramme, erspart weitestgehend das "manuelle Löschen" der Dateien.

Zitat:

Zitat von BLaDe.

Ansonsten alles top besten dank dir soweit, von Avira wirst du vermutlich auch nicht viel halten?

Nein, weil Avira seit ein paar Jahren mit Ask zusammenarbeitet. Ask ist bekannt für Werbesoftware (Adware, PUP). Wer selbst "Müll" verbreitet, den wir hier in über 75% aller Themen bekämpfen, kann ich das nicht gut heißen.

Zitat:

Zitat von BLaDe.

Kannst mir einen vernünftigen kostenlosen AV empfehlen? Da ich ja Win 8.1 hab, fällt der eine von MS ja weg?

Windows Defender fällt nicht weg... wieso sollte er? Sobald du Avira deinstallierst, aktiviert sich der Windows Defender automatisch... verwende ihn selbst unter Windows 10.

Zitat:

Zitat von BLaDe.

Kann man bedenkenlos mit CCleaner die Registry aufräumen? Oder nicht empfehlenswert?

Hast du meine Tipps nicht genau durchgelesen?
Da steht u. a.:

Zitat:

Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten bis nicht belegbar. Selbst Microsoft unterstützt sog. Registry-Cleaner nicht.

Wir raten dringend davon ab, RegistryCleaner zu verwenden.

Ich bin froh, dass wir helfen konnten

In diesem Forum kannst du eine kurze Rückmeldung zur Bereinigung abgeben, sofern du das möchtest:
Lob, Kritik und Wünsche
Klicke dazu auf den Button "NEUES THEMA" und poste ein kleines Feedback. Vielen Dank!

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM inklusive Link zum Thema.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen.

HTML/Infected.WebPage.Gen2 von Avira in Quarantäne verschoben

Plagegeister aller Art und deren Bekämpfung: HTML/Infected.WebPage.Gen2 von Avira in Quarantäne verschoben