| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Jts\jars\jts4launch-970_1525195389000.dat / Enthält Erkennungsmuster des Exploits EXP/2012-1723.EBWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
18.09.2018, 18:15
| #1 |
 |  Jts\jars\jts4launch-970_1525195389000.dat / Enthält Erkennungsmuster des Exploits EXP/2012-1723.EB Hallo, habe mein PC mit Avira gescannt und folgende Meldung bekommen (s.u.) Ich bin totaler Laie und weiß nicht was das ist? Ich würde mich freuen, wenn mir jemand kurz erklären könnte was da auf meinem PC war? Keylogger, wurde ich ausspioniert oder Virus oder oder? Was hat das ding gemacht? Avira hat es in Quarantäne geschoben und dort habe ich es gelöscht. Gruß und Danke Code:
ATTFilter Beginne mit der Suche in 'C:\' <OS>
C:\Jts\jars\jts4launch-970_1525195389000.dat
[0] Archivtyp: ZIP
--> jbasket/cS.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/2012-1723.EB
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
FP-Server meldet Fehler 0x1F für Datei 'C:\Jts\jars\jts4launch-970_1525195389000.dat'
Versuch 1 für die Datei „C:\Program Files\IrfanView\Plugins\Plugins32\Dicom.dll“. SHA256 = EFA66233F5E4FC742EC23707113F2B7F60D2064C2F7659A634325A043E5F26DA
Versuch 2 für die Datei „C:\Program Files\IrfanView\Plugins\Plugins32\Dicom.dll“. SHA256 = EFA66233F5E4FC742EC23707113F2B7F60D2064C2F7659A634325A043E5F26DA
Versuch 3 für die Datei „C:\Program Files\IrfanView\Plugins\Plugins32\Dicom.dll“. SHA256 = EFA66233F5E4FC742EC23707113F2B7F60D2064C2F7659A634325A043E5F26DA
Versuch 4 für die Datei „C:\Program Files\IrfanView\Plugins\Plugins32\Dicom.dll“. SHA256 = EFA66233F5E4FC742EC23707113F2B7F60D2064C2F7659A634325A043E5F26DA
Der Scan der Datei 'C:\Program Files\IrfanView\Plugins\Plugins32\Dicom.dll' durch Cloud-Sicherheit wurde mit dem Fehlercode 0x490 beendet. SHA256 = EFA66233F5E4FC742EC23707113F2B7F60D2064C2F7659A634325A043E5F26DA
Versuch 1 für die Datei „C:\Program Files\IrfanView\Plugins\Plugins32\Adobe 8BF\PopArt.8bf“. SHA256 = DCC58EF5B5E7759F96CD94DD2948DDA972E88C965BBC8CFF4396E734F7FBA45B
Versuch 2 für die Datei „C:\Program Files\IrfanView\Plugins\Plugins32\Adobe 8BF\PopArt.8bf“. SHA256 = DCC58EF5B5E7759F96CD94DD2948DDA972E88C965BBC8CFF4396E734F7FBA45B
Versuch 3 für die Datei „C:\Program Files\IrfanView\Plugins\Plugins32\Adobe 8BF\PopArt.8bf“. SHA256 = DCC58EF5B5E7759F96CD94DD2948DDA972E88C965BBC8CFF4396E734F7FBA45B
Versuch 4 für die Datei „C:\Program Files\IrfanView\Plugins\Plugins32\Adobe 8BF\PopArt.8bf“. SHA256 = DCC58EF5B5E7759F96CD94DD2948DDA972E88C965BBC8CFF4396E734F7FBA45B
Der Scan der Datei 'C:\Program Files\IrfanView\Plugins\Plugins32\Adobe 8BF\PopArt.8bf' durch Cloud-Sicherheit wurde mit dem Fehlercode 0x490 beendet. SHA256 = DCC58EF5B5E7759F96CD94DD2948DDA972E88C965BBC8CFF4396E734F7FBA45B
Beginne mit der Desinfektion:
C:\Jts\jars\jts4launch-970_1525195389000.dat
[FUND] Enthält Erkennungsmuster des Exploits EXP/2012-1723.EB
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5acf6fa6.qua' verschoben!
Ende des Suchlaufs: Dienstag, 18. September 2018 11:18
Benötigte Zeit: 1:40:14 Stunde(n)
Der Suchlauf wurde vollständig durchgeführt.
43573 Verzeichnisse wurden überprüft
1318311 Dateien wurden geprüft
1 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
1318310 Dateien ohne Befall
4007 Archive wurden durchsucht
1 Warnungen
1 Hinweise
988 Objekte wurden beim Rootkitscan durchsucht
0 Versteckte Objekte wurden gefunden
Geändert von cosinus (18.09.2018 um 20:34 Uhr) Grund: code tags |
|
18.09.2018, 20:34
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Jts\jars\jts4launch-970_1525195389000.dat / Enthält Erkennungsmuster des Exploits EXP/2012-1723.EB Scan mit Farbar's Recovery Scan Tool (FRST)
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit
 Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit. Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
18.09.2018, 21:03
| #3 |
| | Jts\jars\jts4launch-970_1525195389000.dat / Enthält Erkennungsmuster des Exploits EXP/2012-1723.EB Hallo,
__________________hier der Addition: Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 15.09.2018
durchgeführt von _installuser (18-09-2018 21:51:30)
Gestartet von C:\Users\_installuser\Downloads
Windows 7 Professional Service Pack 1 (X64) (2014-12-02 07:09:57)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-2512057628-3289055196-2243051686-500 - Administrator - Disabled)
Gast (S-1-5-21-2512057628-3289055196-2243051686-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2512057628-3289055196-2243051686-1002 - Limited - Enabled)
_installuser (S-1-5-21-2512057628-3289055196-2243051686-1000 - Administrator - Enabled) => C:\Users\_installuser
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
7-Zip 9.38 beta (HKLM-x32\...\7-Zip) (Version: 15.14 - Igor Pavlov)
Adobe Flash Player 31 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 31.0.0.108 - Adobe Systems Incorporated)
Adobe Photoshop 6.0 (HKLM-x32\...\Adobe Photoshop 6.0) (Version: 6.0 - Adobe Systems, Inc.)
Adobe SVG Viewer (HKLM-x32\...\Adobe SVG Viewer) (Version: 1.0 - Adobe Systems, Inc.)
Apple Application Support (32-Bit) (HKLM-x32\...\{D4C80B0C-CF67-43A7-90C3-466853543B54}) (Version: 6.3 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{B2A2E8AF-BC48-4191-B2C4-3846A19835CA}) (Version: 6.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{AA7D90D2-2387-4FA5-A3AF-96811BE49BFD}) (Version: 11.0.5.14 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{19589375-5C58-4AFA-842F-8B34744CCEAD}) (Version: 2.5.0.1 - Apple Inc.)
Avira (HKLM-x32\...\{532da46c-2aa3-4588-a4a2-b02bc641bf95}) (Version: 1.2.119.17994 - Avira Operations GmbH & Co. KG)
Avira (HKLM-x32\...\{9620D4C2-CF5B-4DBE-8103-CC9DAB0871C6}) (Version: 1.2.119.17994 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.40.12 - Avira Operations GmbH & Co. KG)
Bolt PDF Printer (HKLM-x32\...\BoltPDF) (Version: 2.03 - NCH Software)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon Camera WIA Driver (HKLM-x32\...\{652C4ADF-0A29-4B02-9211-EE61675847DE}) (Version: 5.5 - Canon) Hidden
Canon Camera WIA Driver (HKLM-x32\...\{C537C86E-22C0-41CF-8A8E-3B23E986C3D9}) (Version: 5.3 - Canon) Hidden
Canon Camera WIA Driver (HKLM-x32\...\{ED9775A0-383E-4EAA-8DA5-8CC6860D60A3}) (Version: 5.4 - Canon) Hidden
Canon EOS 20D WIA Driver (HKLM-x32\...\InstallShield_{ED9775A0-383E-4EAA-8DA5-8CC6860D60A3}) (Version: 5.4 - Canon)
Canon EOS-1D Mark II WIA Driver (HKLM-x32\...\InstallShield_{C537C86E-22C0-41CF-8A8E-3B23E986C3D9}) (Version: 5.3 - Canon)
Canon EOS-1Ds Mark II WIA Driver (HKLM-x32\...\InstallShield_{652C4ADF-0A29-4B02-9211-EE61675847DE}) (Version: 5.5 - Canon)
Canon Utilities Digital Photo Professional 1.5 (HKLM-x32\...\{48859B06-6074-4ED0-8A1E-5730CD42F9B1}) (Version: 1.5 - Canon) Hidden
Canon Utilities Digital Photo Professional 1.5 (HKLM-x32\...\InstallShield_{48859B06-6074-4ED0-8A1E-5730CD42F9B1}) (Version: 1.5 - Canon)
Canon Utilities EOS Capture 1.2 (HKLM-x32\...\InstallShield_{74BE7519-41A7-45A8-8AA6-78C7907A4808}) (Version: 1.2 - Canon)
Canon Utilities EOS Viewer Utility 1.2 (HKLM-x32\...\InstallShield_{750CF8D7-4B04-404F-AFA2-14C129C42373}) (Version: 1.2.1 - Canon)
Canon Utilities PhotoStitch 3.1 (HKLM-x32\...\InstallShield_{218BBBE3-FE63-4BB2-81A8-7435575A84FA}) (Version: 3.1.14 - Canon)
CCleaner (HKLM\...\CCleaner) (Version: 5.27 - Piriform)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Doxillion Dokumentkonverter (HKLM-x32\...\Doxillion) (Version: 2.66 - NCH Software)
EOS Capture 1.2 (HKLM-x32\...\{74BE7519-41A7-45A8-8AA6-78C7907A4808}) (Version: 1.2 - Canon) Hidden
EOS Viewer Utility 1.2.1 (HKLM-x32\...\{750CF8D7-4B04-404F-AFA2-14C129C42373}) (Version: 1.2.1 - Canon) Hidden
ePUB to PDF Converter (HKLM-x32\...\ePUB to PDF Converter) (Version: 2.1.0.10 - Epubor Inc.)
EquityMonaco (HKLM-x32\...\{E1C892E4-8C73-41CF-8EAF-F31488F8EC60}) (Version: 2.30.0000 - TickQuest Inc.)
Exact Audio Copy 1.1 (HKLM-x32\...\Exact Audio Copy) (Version: 1.1 - Andre Wiethoff)
Express Zip (HKLM-x32\...\ExpressZip) (Version: 2.18 - NCH Software)
FastStone Image Viewer 5.5 (HKLM-x32\...\FastStone Image Viewer) (Version: 5.5 - FastStone Soft)
FastStone Photo Resizer 3.4 (HKLM-x32\...\FastStone Photo Resizer) (Version: 3.4 - FastStone Soft.)
Fotogalerie (HKLM-x32\...\{0FD66C6F-4023-4C74-AF8E-9B8B2053868E}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
GKFX MetaTrader 4 (HKLM-x32\...\GKFX MetaTrader 4) (Version: 4.00 - MetaQuotes Software Corp.)
GKFX MultiTerminal (HKLM-x32\...\GKFX MultiTerminal) (Version: 4.00 - MetaQuotes Software Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 68.0.3440.106 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
Inkscape 0.92.3 (HKLM-x32\...\Inkscape) (Version: 0.92.3 - Inkscape Project)
IrfanView 4.44 (64-bit) (HKLM\...\IrfanView64) (Version: 4.44 - Irfan Skiljan)
iTunes (HKLM\...\{69D24652-4A1D-49C6-AA0C-573A38083F6C}) (Version: 12.7.3.46 - Apple Inc.)
Java 8 Update 161 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
Junk Mail filter update (HKLM-x32\...\{F6F30C28-38AA-4DBA-AE0B-7E30238E61BB}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.04 - )
Malwarebytes Version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
McAfee True Key (HKLM\...\TrueKey) (Version: 5.0.150.1 - McAfee)
Mein CEWE FOTOBUCH (HKLM-x32\...\Mein CEWE FOTOBUCH) (Version: 6.1.5 - CEWE Stiftung u Co. KGaA)
MetaTrader - ActivTrades (HKLM-x32\...\MetaTrader - ActivTrades) (Version: 6.00 - MetaQuotes Software Corp.)
MetaTrader 4 Terminal (HKLM-x32\...\MetaTrader 4 Terminal) (Version: 4.00 - MetaQuotes Software Corp.)
Microsoft .NET Framework 4.7 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-2512057628-3289055196-2243051686-1000\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018113308489\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018113616941\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018113746557\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018113955230\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018114208277\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018123557875\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018163558272\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018183558665\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{45898170-E68C-4F02-AA35-C2186BF347A3}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{6066D3FE-3692-4449-A3C8-D1EAA2C0E9E7}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 62.0 (x64 de) (HKLM\...\Mozilla Firefox 62.0 (x64 de)) (Version: 62.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 62.0.0.6816 - Mozilla)
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
PhotoStage Diashow-Ersteller (HKLM-x32\...\PhotoStage) (Version: 3.28 - NCH Software)
PhotoStitch (HKLM-x32\...\{218BBBE3-FE63-4BB2-81A8-7435575A84FA}) (Version: 3.1.14 - Canon) Hidden
RawTherapee Version 4.2 (HKLM\...\{128459AB-59A7-430A-8BD0-3D8803D50400}_is1) (Version: 4.2 - rawtherapee.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.24.0 - Synaptics Incorporated)
Trader Workstation (HKU\S-1-5-21-2512057628-3289055196-2243051686-1000\...\5889-6375-8446-2021) (Version: latest (972.1m) 20180713 15:59:52 - Interactive Brokers LLC)
Trader Workstation (HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018113308489\...\5889-6375-8446-2021) (Version: latest (972.1m) 20180713 15:59:52 - Interactive Brokers LLC)
Trader Workstation (HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018113616941\...\5889-6375-8446-2021) (Version: latest (972.1m) 20180713 15:59:52 - Interactive Brokers LLC)
Trader Workstation (HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018113746557\...\5889-6375-8446-2021) (Version: latest (972.1m) 20180713 15:59:52 - Interactive Brokers LLC)
Trader Workstation (HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018113955230\...\5889-6375-8446-2021) (Version: latest (972.1m) 20180713 15:59:52 - Interactive Brokers LLC)
Trader Workstation (HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018114208277\...\5889-6375-8446-2021) (Version: latest (972.1m) 20180713 15:59:52 - Interactive Brokers LLC)
Trader Workstation (HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018123557875\...\5889-6375-8446-2021) (Version: latest (972.1m) 20180713 15:59:52 - Interactive Brokers LLC)
Trader Workstation (HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018163558272\...\5889-6375-8446-2021) (Version: latest (972.1m) 20180713 15:59:52 - Interactive Brokers LLC)
Trader Workstation (HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018183558665\...\5889-6375-8446-2021) (Version: latest (972.1m) 20180713 15:59:52 - Interactive Brokers LLC)
Trading (HKU\S-1-5-21-2512057628-3289055196-2243051686-1000\...\5556-0001-2700-0000) (Version: latest (969.2f) 20180213 12:38:50 - IB Exchange Corp.)
Trading (HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018113308489\...\5556-0001-2700-0000) (Version: latest (969.2f) 20180213 12:38:50 - IB Exchange Corp.)
Trading (HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018113616941\...\5556-0001-2700-0000) (Version: latest (969.2f) 20180213 12:38:50 - IB Exchange Corp.)
Trading (HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018113746557\...\5556-0001-2700-0000) (Version: latest (969.2f) 20180213 12:38:50 - IB Exchange Corp.)
Trading (HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018113955230\...\5556-0001-2700-0000) (Version: latest (969.2f) 20180213 12:38:50 - IB Exchange Corp.)
Trading (HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018114208277\...\5556-0001-2700-0000) (Version: latest (969.2f) 20180213 12:38:50 - IB Exchange Corp.)
Trading (HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018123557875\...\5556-0001-2700-0000) (Version: latest (969.2f) 20180213 12:38:50 - IB Exchange Corp.)
Trading (HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018163558272\...\5556-0001-2700-0000) (Version: latest (969.2f) 20180213 12:38:50 - IB Exchange Corp.)
Trading (HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018183558665\...\5556-0001-2700-0000) (Version: latest (969.2f) 20180213 12:38:50 - IB Exchange Corp.)
VdhCoApp 1.1.3 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version: - DownloadHelper)
VirtualDJ 8 (HKLM-x32\...\{415D8B6F-2597-4B84-B677-B4A936C10E37}) (Version: 8.1.2832.0 - Atomix Productions)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-2512057628-3289055196-2243051686-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\_installuser\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2512057628-3289055196-2243051686-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\_installuser\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2512057628-3289055196-2243051686-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\_installuser\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2512057628-3289055196-2243051686-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\_installuser\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)
ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov)
ContextMenuHandlers1-x32: [ExpressZip] -> {8EEA165E-0B8B-4BA7-9796-50214C767171} => C:\Program Files (x86)\NCH Software\ExpressZip\ezcm64.dll [2016-03-06] ()
ContextMenuHandlers1-x32: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2018-09-09] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2012-08-24] (Intel Corporation)
ContextMenuHandlers6-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov)
ContextMenuHandlers6-x32: [ExpressZip] -> {8EEA165E-0B8B-4BA7-9796-50214C767171} => C:\Program Files (x86)\NCH Software\ExpressZip\ezcm64.dll [2016-03-06] ()
ContextMenuHandlers6-x32: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers6-x32: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2018-09-09] (Avira Operations GmbH & Co. KG)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {3BCDA149-C717-4C8A-953D-831E29E88270} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-01] (Google Inc.)
Task: {659FC7C5-04D0-4146-BC8E-D662C2FDEB46} - System32\Tasks\{991A73BB-9CEC-4477-B5FD-0CADD00F0067} => C:\Windows\system32\pcalua.exe -a C:\Users\_installuser\Desktop\Darwins_Walk_Forward_Analyzer\bin\Darwins_Walk_Forward_Analyzer.exe -d C:\Users\_installuser\Desktop\Darwins_Walk_Forward_Analyzer\bin
Task: {70E8F1AB-85CB-4FDD-AB26-198BDC9A4B0A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-02-08] (Piriform Ltd)
Task: {98435194-45CB-43A6-B08B-F1236E04F9F5} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [2018-09-09] (Avira Operations GmbH & Co. KG)
Task: {B87E978A-FF65-4D51-8B12-AE670E83FBAB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-09-18] (Adobe Systems Incorporated)
Task: {C1BB7FC4-CA89-43AB-84B1-6695FA7E97A7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-01] (Google Inc.)
Task: {C7EF744F-3C9E-4BE0-B14B-7B2E85396A65} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-10-12] (Apple Inc.)
Task: {E1D15DC7-E8F1-4321-BA47-B1CCF6E9931E} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_108_Plugin.exe [2018-09-18] (Adobe Systems Incorporated)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
==================== Verknüpfungen & WMI ========================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
Shortcut: C:\Users\_installuser\Favorites\Downloadseite von NCH Software.lnk -> hxxp://www.nchsoftware.com/de/index.htm
Shortcut: C:\Users\_installuser\Favorites\NCH Software Download Site.lnk -> hxxp://www.nchsoftware.com/index.htm
Shortcut: C:\Users\_installuser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\Online Help.lnk -> hxxp://www.virtualdj.com/wiki
Shortcut: C:\Users\_installuser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\www.virtualdj.com.lnk -> hxxp://www.virtualdj.com
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2018-01-05 00:13 - 2018-01-05 00:13 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2018-01-05 00:14 - 2018-01-05 00:14 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-03-06 16:02 - 2016-03-06 16:02 - 000088576 _____ () C:\Program Files (x86)\NCH Software\ExpressZip\ezcm64.dll
2013-12-03 16:34 - 2012-08-24 19:53 - 000094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2018-01-22 03:15 - 2018-01-22 03:15 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll
2018-01-22 03:15 - 2018-01-22 03:15 - 000088888 _____ () C:\Program Files\iTunes\zlib1.dll
2017-02-08 04:52 - 2017-02-08 04:52 - 000065536 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2018-08-25 19:39 - 2018-08-08 02:41 - 004855640 _____ () C:\Program Files (x86)\Google\Chrome\Application\68.0.3440.106\libglesv2.dll
2018-08-25 19:39 - 2018-08-08 02:41 - 000115544 _____ () C:\Program Files (x86)\Google\Chrome\Application\68.0.3440.106\libegl.dll
2018-09-18 11:32 - 2018-07-24 12:32 - 002681424 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-09-18 11:32 - 2018-08-06 14:20 - 002769768 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-08-25 19:47 - 2018-08-25 19:45 - 001204472 _____ () C:\Program Files (x86)\Avira\Antivirus\crypto-42.dll
2018-08-25 19:47 - 2018-08-25 19:45 - 000243352 _____ () C:\Program Files (x86)\Avira\Antivirus\ssl-44.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2009-07-14 04:34 - 2009-06-10 23:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-2512057628-3289055196-2243051686-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\_installuser\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018113308489\Control Panel\Desktop\\Wallpaper -> C:\Users\_installuser\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018113616941\Control Panel\Desktop\\Wallpaper -> C:\Users\_installuser\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018113746557\Control Panel\Desktop\\Wallpaper -> C:\Users\_installuser\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018113955230\Control Panel\Desktop\\Wallpaper -> C:\Users\_installuser\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018114208277\Control Panel\Desktop\\Wallpaper -> C:\Users\_installuser\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018123557875\Control Panel\Desktop\\Wallpaper -> C:\Users\_installuser\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018163558272\Control Panel\Desktop\\Wallpaper -> C:\Users\_installuser\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018183558665\Control Panel\Desktop\\Wallpaper -> C:\Users\_installuser\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{FD417E35-A7B6-4DBB-8004-E5DED3B90A9F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FE790FD8-A88C-4C05-B3F9-84434F8AFD13}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{BB29AC99-C5B4-4E00-8950-81D4CF663549}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{4ED4EA12-B998-4F12-ABD5-CCFB483E3385}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{7A1896D0-C1C0-4D75-8854-2451FFAFE430}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0DE1FBDA-2542-4C2A-AF6A-EE444E6DEF31}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5769BD33-C65D-48FD-98E5-625C705D33AD}] => (Allow) C:\Users\_installuser\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{1FD0B70B-BDED-4CC0-8ADE-481207A23BB1}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{5A5D1BBB-B2C4-4083-A2AA-7FBB8E65A443}] => (Allow) LPort=2869
FirewallRules: [{A984905C-5126-4096-B64F-099BE15A142B}] => (Allow) LPort=1900
FirewallRules: [{B9D86A7E-8A03-479B-ABC2-145A22778A5E}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{FEDDDCC1-D289-46E4-BBD4-B5861C90FFB8}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{E87984C0-597F-4211-9208-63E8ADB40F21}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FC8DA674-B3C6-4B20-9373-3478BA67F75A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{740CFB6B-E13F-4F52-9262-1DDD0394F6FE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{ACA8CA25-8E3C-4C4F-9026-69DAD89E4E84}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{23AF3D85-2FE9-4E43-8E09-9BB8969F0C33}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{65357AFC-CCD8-4559-923E-DE814D3D6F92}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Wiederherstellungspunkte =========================
22-05-2018 15:29:12 Geplanter Prüfpunkt
07-06-2018 13:30:05 Geplanter Prüfpunkt
10-07-2018 17:04:37 Geplanter Prüfpunkt
25-08-2018 19:40:51 Removed OptionsOracle.
08-09-2018 00:21:58 Geplanter Prüfpunkt
18-09-2018 12:15:13 Geplanter Prüfpunkt
==================== Fehlerhafte Geräte im Gerätemanager =============
Name:
Description:
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Intel(R) Corporation
Service:
Problem: : Reinstall the drivers for this device. (Code 18)
Resolution: The drivers for this device must be reinstalled.
Click "Update Driver", which starts the Hardware Update wizard.
Alternately, uninstall the driver, and then click "Scan for hardware changes" to reload the drivers.
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (09/18/2018 09:14:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Avira.ServiceHost.exe, Version: 1.2.119.17994, Zeitstempel: 0x5b76b73f
Name des fehlerhaften Moduls: clr.dll, Version: 4.7.2117.0, Zeitstempel: 0x59cf5105
Ausnahmecode: 0xc0000005
Fehleroffset: 0x001ae6ae
ID des fehlerhaften Prozesses: 0x690
Startzeit der fehlerhaften Anwendung: 0x01d44f1e9fb9788b
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
Pfad des fehlerhaften Moduls: C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
Berichtskennung: 8034dbc7-bb12-11e8-9457-3c77e6edbb80
Error: (09/18/2018 09:14:36 AM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: Anwendung: Avira.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines internen Fehlers in der .NET-Laufzeit beendet. bei IP 6FBCE6AE (6FA20000) mit Exitcode 80131506.
Error: (09/18/2018 09:10:26 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist.
Error: (09/09/2018 10:10:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist.
Error: (09/09/2018 03:14:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist.
Error: (09/07/2018 11:57:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist.
Error: (09/07/2018 10:17:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist.
Error: (08/25/2018 08:01:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist.
Systemfehler:
=============
Error: (09/18/2018 09:14:46 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (09/18/2018 09:10:15 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error: (09/09/2018 10:10:54 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error: (09/09/2018 03:14:57 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error: (09/07/2018 11:57:32 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error: (09/07/2018 11:56:43 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 07.09.2018 um 23:18:17 unerwartet heruntergefahren.
Error: (09/07/2018 10:17:20 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error: (08/25/2018 08:01:25 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i5-3320M CPU @ 2.60GHz
Prozentuale Nutzung des RAM: 75%
Installierter physikalischer RAM: 3791.8 MB
Verfügbarer physikalischer RAM: 944.85 MB
Summe virtueller Speicher: 7581.78 MB
Verfügbarer virtueller Speicher: 4014.6 MB
==================== Laufwerke ================================
Drive c: (OS) (Fixed) (Total:297.99 GB) (Free:126.56 GB) NTFS
\\?\Volume{644ffb43-79f1-11e4-a3c7-806e6f6e6963}\ (System) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 298.1 GB) (Disk ID: 13D36E7F)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)
==================== Ende von Addition.txt ============================
Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 15.09.2018
durchgeführt von _installuser (Administrator) auf OMEGA (18-09-2018 21:50:17)
Gestartet von C:\Users\_installuser\Downloads
Geladene Profile: _installuser & (Verfügbare Profile: _installuser)
Platform: Windows 7 Professional Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(McAfee, LLC.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
(McAfee, LLC.) C:\Program Files\TrueKey\McTkSchedulerService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(McAfee, LLC.) C:\Program Files\TrueKey\MCAFEE~2.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\SnippingTool.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2174760 2010-06-03] (Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-01-22] (Apple Inc.)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [98024 2018-08-17] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2512057628-3289055196-2243051686-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9363672 2017-02-08] (Piriform Ltd)
HKU\S-1-5-21-2512057628-3289055196-2243051686-1000\...\MountPoints2: {042abebb-0749-11e6-a6a7-3c77e6edbb80} - D:\AutoRun.exe
HKU\S-1-5-21-2512057628-3289055196-2243051686-1000\...\MountPoints2: {29787cae-fd45-11e5-8ebe-344b50b7ef3f} - D:\AutoRun.exe
HKU\S-1-5-21-2512057628-3289055196-2243051686-1000\...\MountPoints2: {29787d72-fd45-11e5-8ebe-344b50b7ef3f} - D:\AutoRun.exe
HKU\S-1-5-21-2512057628-3289055196-2243051686-1000\...\MountPoints2: {33849857-fc7c-11e5-a85f-344b50b7ef3f} - D:\AutoRun.exe
HKU\S-1-5-21-2512057628-3289055196-2243051686-1000\...\MountPoints2: {f7bfd870-e117-11e4-b804-3c77e6edbb80} - D:\AutoRun.exe
HKU\S-1-5-21-2512057628-3289055196-2243051686-1000\...\MountPoints2: {f7bfd880-e117-11e4-b804-3c77e6edbb80} - D:\AutoRun.exe
HKU\S-1-5-21-2512057628-3289055196-2243051686-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018113308489\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9363672 2017-02-08] (Piriform Ltd)
HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018113308489\...\MountPoints2: {042abebb-0749-11e6-a6a7-3c77e6edbb80} - D:\AutoRun.exe
HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018113308489\...\MountPoints2: {29787cae-fd45-11e5-8ebe-344b50b7ef3f} - D:\AutoRun.exe
HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018113308489\...\MountPoints2: {29787d72-fd45-11e5-8ebe-344b50b7ef3f} - D:\AutoRun.exe
HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018113308489\...\MountPoints2: {33849857-fc7c-11e5-a85f-344b50b7ef3f} - D:\AutoRun.exe
HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018113308489\...\MountPoints2: {f7bfd870-e117-11e4-b804-3c77e6edbb80} - D:\AutoRun.exe
HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018113308489\...\MountPoints2: {f7bfd880-e117-11e4-b804-3c77e6edbb80} - D:\AutoRun.exe
HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018113308489\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018113616941\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9363672 2017-02-08] (Piriform Ltd)
HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018113616941\...\MountPoints2: {042abebb-0749-11e6-a6a7-3c77e6edbb80} - D:\AutoRun.exe
HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018113616941\...\MountPoints2: {29787cae-fd45-11e5-8ebe-344b50b7ef3f} - D:\AutoRun.exe
HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018113616941\...\MountPoints2: {29787d72-fd45-11e5-8ebe-344b50b7ef3f} - D:\AutoRun.exe
HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018113616941\...\MountPoints2: {33849857-fc7c-11e5-a85f-344b50b7ef3f} - D:\AutoRun.exe
HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018113616941\...\MountPoints2: {f7bfd870-e117-11e4-b804-3c77e6edbb80} - D:\AutoRun.exe
HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018113616941\...\MountPoints2: {f7bfd880-e117-11e4-b804-3c77e6edbb80} - D:\AutoRun.exe
HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018113616941\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018113746557\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9363672 2017-02-08] (Piriform Ltd)
HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018113746557\...\MountPoints2: {042abebb-0749-11e6-a6a7-3c77e6edbb80} - D:\AutoRun.exe
HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018113746557\...\MountPoints2: {29787cae-fd45-11e5-8ebe-344b50b7ef3f} - D:\AutoRun.exe
HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018113746557\...\MountPoints2: {29787d72-fd45-11e5-8ebe-344b50b7ef3f} - D:\AutoRun.exe
HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018113746557\...\MountPoints2: {33849857-fc7c-11e5-a85f-344b50b7ef3f} - D:\AutoRun.exe
HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018113746557\...\MountPoints2: {f7bfd870-e117-11e4-b804-3c77e6edbb80} - D:\AutoRun.exe
HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018113746557\...\MountPoints2: {f7bfd880-e117-11e4-b804-3c77e6edbb80} - D:\AutoRun.exe
HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018113746557\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018113955230\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9363672 2017-02-08] (Piriform Ltd)
HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018113955230\...\MountPoints2: {042abebb-0749-11e6-a6a7-3c77e6edbb80} - D:\AutoRun.exe
HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018113955230\...\MountPoints2: {29787cae-fd45-11e5-8ebe-344b50b7ef3f} - D:\AutoRun.exe
HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018113955230\...\MountPoints2: {29787d72-fd45-11e5-8ebe-344b50b7ef3f} - D:\AutoRun.exe
HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018113955230\...\MountPoints2: {33849857-fc7c-11e5-a85f-344b50b7ef3f} - D:\AutoRun.exe
HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018113955230\...\MountPoints2: {f7bfd870-e117-11e4-b804-3c77e6edbb80} - D:\AutoRun.exe
HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018113955230\...\MountPoints2: {f7bfd880-e117-11e4-b804-3c77e6edbb80} - D:\AutoRun.exe
HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018113955230\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018114208277\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9363672 2017-02-08] (Piriform Ltd)
HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018114208277\...\MountPoints2: {042abebb-0749-11e6-a6a7-3c77e6edbb80} - D:\AutoRun.exe
HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018114208277\...\MountPoints2: {29787cae-fd45-11e5-8ebe-344b50b7ef3f} - D:\AutoRun.exe
HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018114208277\...\MountPoints2: {29787d72-fd45-11e5-8ebe-344b50b7ef3f} - D:\AutoRun.exe
HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018114208277\...\MountPoints2: {33849857-fc7c-11e5-a85f-344b50b7ef3f} - D:\AutoRun.exe
HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018114208277\...\MountPoints2: {f7bfd870-e117-11e4-b804-3c77e6edbb80} - D:\AutoRun.exe
HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018114208277\...\MountPoints2: {f7bfd880-e117-11e4-b804-3c77e6edbb80} - D:\AutoRun.exe
HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018114208277\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018123557875\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9363672 2017-02-08] (Piriform Ltd)
HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018123557875\...\MountPoints2: {042abebb-0749-11e6-a6a7-3c77e6edbb80} - D:\AutoRun.exe
HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018123557875\...\MountPoints2: {29787cae-fd45-11e5-8ebe-344b50b7ef3f} - D:\AutoRun.exe
HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018123557875\...\MountPoints2: {29787d72-fd45-11e5-8ebe-344b50b7ef3f} - D:\AutoRun.exe
HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018123557875\...\MountPoints2: {33849857-fc7c-11e5-a85f-344b50b7ef3f} - D:\AutoRun.exe
HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018123557875\...\MountPoints2: {f7bfd870-e117-11e4-b804-3c77e6edbb80} - D:\AutoRun.exe
HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018123557875\...\MountPoints2: {f7bfd880-e117-11e4-b804-3c77e6edbb80} - D:\AutoRun.exe
HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018123557875\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018163558272\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9363672 2017-02-08] (Piriform Ltd)
HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018163558272\...\MountPoints2: {042abebb-0749-11e6-a6a7-3c77e6edbb80} - D:\AutoRun.exe
HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018163558272\...\MountPoints2: {29787cae-fd45-11e5-8ebe-344b50b7ef3f} - D:\AutoRun.exe
HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018163558272\...\MountPoints2: {29787d72-fd45-11e5-8ebe-344b50b7ef3f} - D:\AutoRun.exe
HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018163558272\...\MountPoints2: {33849857-fc7c-11e5-a85f-344b50b7ef3f} - D:\AutoRun.exe
HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018163558272\...\MountPoints2: {f7bfd870-e117-11e4-b804-3c77e6edbb80} - D:\AutoRun.exe
HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018163558272\...\MountPoints2: {f7bfd880-e117-11e4-b804-3c77e6edbb80} - D:\AutoRun.exe
HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018163558272\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018183558665\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9363672 2017-02-08] (Piriform Ltd)
HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018183558665\...\MountPoints2: {042abebb-0749-11e6-a6a7-3c77e6edbb80} - D:\AutoRun.exe
HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018183558665\...\MountPoints2: {29787cae-fd45-11e5-8ebe-344b50b7ef3f} - D:\AutoRun.exe
HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018183558665\...\MountPoints2: {29787d72-fd45-11e5-8ebe-344b50b7ef3f} - D:\AutoRun.exe
HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018183558665\...\MountPoints2: {33849857-fc7c-11e5-a85f-344b50b7ef3f} - D:\AutoRun.exe
HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018183558665\...\MountPoints2: {f7bfd870-e117-11e4-b804-3c77e6edbb80} - D:\AutoRun.exe
HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018183558665\...\MountPoints2: {f7bfd880-e117-11e4-b804-3c77e6edbb80} - D:\AutoRun.exe
HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018183558665\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk [2016-07-29]
ShortcutTarget: Adobe Gamma Loader.exe.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{8069F9D3-AB99-4DEF-A83B-5EF0EF0AFA02}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{835C47E5-0D0E-4AA3-B8CE-88502822C420}: [DhcpNameServer] 2.152.0.10 2.152.0.12
Tcpip\..\Interfaces\{A872B82D-C82C-4CBF-A0F2-3C305E5572D1}: [DhcpNameServer] 192.168.0.1 192.168.0.1
Tcpip\..\Interfaces\{DFADC35A-EB7C-431B-AF4D-CAF2BAFD6EA1}: [DhcpNameServer] 192.168.42.129
Internet Explorer:
==================
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-02-20] (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-02-20] (Oracle Corporation)
FireFox:
========
FF ProfilePath: C:\Users\_installuser\AppData\Roaming\Mozilla\Firefox\Profiles\m8gs1x8x.default-1488397295641 [2018-09-18]
FF Extension: (Youtube Downloader mp3) - C:\Users\_installuser\AppData\Roaming\Mozilla\Firefox\Profiles\m8gs1x8x.default-1488397295641\Extensions\@youtube_downloader.xpi [2018-09-07]
FF Extension: (Page To PDF) - C:\Users\_installuser\AppData\Roaming\Mozilla\Firefox\Profiles\m8gs1x8x.default-1488397295641\Extensions\page2pdf@epistemex.com.xpi [2018-03-26]
FF Extension: (Video DownloadHelper) - C:\Users\_installuser\AppData\Roaming\Mozilla\Firefox\Profiles\m8gs1x8x.default-1488397295641\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2018-08-25]
FF Extension: (Firefox Monitor) - C:\Users\_installuser\AppData\Roaming\Mozilla\Firefox\Profiles\m8gs1x8x.default-1488397295641\features\{4304403b-d957-4b7c-9cd4-e633c365d765}\fxmonitor@mozilla.org.xpi [2018-09-18]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_31_0_0_108.dll [2018-09-18] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_108.dll [2018-09-18] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-02-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-02-20] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-22] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-22] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin HKU\S-1-5-21-2512057628-3289055196-2243051686-1000: tdameritrade.com/thinkorswim -> C:\Program Files\thinkorswim\npthinkorswim.dll [Keine Datei]
FF Plugin HKU\S-1-5-21-2512057628-3289055196-2243051686-1000: tdameritrade.com/tossc -> C:\Program Files\thinkorswim\nptossc.dll [Keine Datei]
FF Plugin HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018113308489: tdameritrade.com/thinkorswim -> C:\Program Files\thinkorswim\npthinkorswim.dll [Keine Datei]
FF Plugin HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018113308489: tdameritrade.com/tossc -> C:\Program Files\thinkorswim\nptossc.dll [Keine Datei]
FF Plugin HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018113616941: tdameritrade.com/thinkorswim -> C:\Program Files\thinkorswim\npthinkorswim.dll [Keine Datei]
FF Plugin HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018113616941: tdameritrade.com/tossc -> C:\Program Files\thinkorswim\nptossc.dll [Keine Datei]
FF Plugin HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018113746557: tdameritrade.com/thinkorswim -> C:\Program Files\thinkorswim\npthinkorswim.dll [Keine Datei]
FF Plugin HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018113746557: tdameritrade.com/tossc -> C:\Program Files\thinkorswim\nptossc.dll [Keine Datei]
FF Plugin HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018113955230: tdameritrade.com/thinkorswim -> C:\Program Files\thinkorswim\npthinkorswim.dll [Keine Datei]
FF Plugin HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018113955230: tdameritrade.com/tossc -> C:\Program Files\thinkorswim\nptossc.dll [Keine Datei]
FF Plugin HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018114208277: tdameritrade.com/thinkorswim -> C:\Program Files\thinkorswim\npthinkorswim.dll [Keine Datei]
FF Plugin HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018114208277: tdameritrade.com/tossc -> C:\Program Files\thinkorswim\nptossc.dll [Keine Datei]
FF Plugin HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018123557875: tdameritrade.com/thinkorswim -> C:\Program Files\thinkorswim\npthinkorswim.dll [Keine Datei]
FF Plugin HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018123557875: tdameritrade.com/tossc -> C:\Program Files\thinkorswim\nptossc.dll [Keine Datei]
FF Plugin HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018163558272: tdameritrade.com/thinkorswim -> C:\Program Files\thinkorswim\npthinkorswim.dll [Keine Datei]
FF Plugin HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018163558272: tdameritrade.com/tossc -> C:\Program Files\thinkorswim\nptossc.dll [Keine Datei]
FF Plugin HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018183558665: tdameritrade.com/thinkorswim -> C:\Program Files\thinkorswim\npthinkorswim.dll [Keine Datei]
FF Plugin HKU\S-1-5-21-2512057628-3289055196-2243051686-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09182018183558665: tdameritrade.com/tossc -> C:\Program Files\thinkorswim\nptossc.dll [Keine Datei]
Chrome:
=======
CHR Profile: C:\Users\_installuser\AppData\Local\Google\Chrome\User Data\Default [2018-09-18]
CHR Extension: (Präsentationen) - C:\Users\_installuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-01-30]
CHR Extension: (Docs) - C:\Users\_installuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-30]
CHR Extension: (Google Drive) - C:\Users\_installuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-01]
CHR Extension: (YouTube) - C:\Users\_installuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-01]
CHR Extension: (Tabellen) - C:\Users\_installuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-01-30]
CHR Extension: (Avira Browserschutz) - C:\Users\_installuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2018-09-09]
CHR Extension: (Google Docs Offline) - C:\Users\_installuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-09-09]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\_installuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-09-09]
CHR Extension: (Google Mail) - C:\Users\_installuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-01]
CHR Extension: (Chrome Media Router) - C:\Users\_installuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-09-09]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
==================== Dienste (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2016-03-06] (Adobe Systems) [Datei ist nicht signiert]
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [895056 2018-09-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [226000 2018-09-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [226000 2018-09-09] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1148568 2018-09-09] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-01-05] (Apple Inc.)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [436848 2018-08-17] (Avira Operations GmbH & Co. KG)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes)
R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [1000824 2018-05-14] (McAfee, LLC.)
R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16928 2018-05-14] (McAfee, LLC.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [87760 2018-05-14] (McAfee, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ======================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R0 avdevprot; C:\Windows\System32\DRIVERS\avdevprot.sys [73240 2018-08-25] (Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [199920 2018-07-10] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [153040 2018-07-10] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [35328 2017-03-03] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [78600 2017-03-03] (Avira Operations GmbH & Co. KG)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [152688 2018-07-12] (Malwarebytes)
S3 IFCoEMP; C:\Windows\system32\drivers\ifM60x64.sys [388368 2011-11-30] (Intel(R) Corporation)
S3 IFCoEVB; C:\Windows\system32\drivers\ifP60X64.sys [78096 2011-11-30] (Intel(R) Corporation)
S3 iusb3hub; C:\Windows\System32\DRIVERS\iusb3hub.sys [368624 2013-08-15] () [Datei ist nicht signiert]
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193256 2018-09-18] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [117472 2018-09-18] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [52328 2018-09-18] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [259360 2018-09-18] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [98616 2018-09-18] (Malwarebytes)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
S3 qcfilterhp2k; C:\Windows\system32\drivers\qcfilterhp2k.sys [6400 2011-04-29] (QUALCOMM Incorporated)
S3 qcombushp; C:\Windows\system32\drivers\qcombushp.sys [160328 2011-04-29] (MCCI)
S3 qcusbserhp2k; C:\Windows\system32\drivers\qcusbserhp2k.sys [230784 2011-04-29] (QUALCOMM Incorporated)
S3 swg3knmea02; C:\Windows\system32\drivers\swg3knmea02.sys [259200 2011-06-15] (Sierra Wireless Incorporated)
S3 swg3kser02; C:\Windows\system32\drivers\swg3kser02.sys [259200 2011-06-24] (Sierra Wireless Incorporated)
S3 swibus02; C:\Windows\system32\drivers\swibus02.sys [73216 2011-07-06] (Sierra Wireless Inc.)
S3 swibusflt02; C:\Windows\system32\drivers\swibusflt02.sys [73216 2011-07-06] (Sierra Wireless Inc.)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2018-09-18 21:50 - 2018-09-18 21:51 - 000032484 _____ C:\Users\_installuser\Downloads\FRST.txt
2018-09-18 21:49 - 2018-09-18 21:50 - 000000000 ____D C:\FRST
2018-09-18 21:48 - 2018-09-18 21:49 - 002413568 _____ (Farbar) C:\Users\_installuser\Downloads\FRST64.exe
2018-09-18 11:36 - 2018-09-18 18:36 - 000098616 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-09-18 11:36 - 2018-09-18 11:43 - 000000000 ____D C:\Users\_installuser\Desktop\Internet Security
2018-09-18 11:33 - 2018-09-18 11:33 - 000052328 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-09-18 11:33 - 2018-09-18 11:33 - 000000000 ____D C:\Users\_installuser\AppData\Local\mbam
2018-09-18 11:32 - 2018-09-18 11:32 - 000259360 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-09-18 11:32 - 2018-09-18 11:32 - 000193256 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-09-18 11:32 - 2018-09-18 11:32 - 000117472 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-09-18 11:32 - 2018-09-18 11:32 - 000001904 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-09-18 11:32 - 2018-09-18 11:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-09-18 11:32 - 2018-09-18 11:32 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-09-18 11:32 - 2018-09-18 11:32 - 000000000 ____D C:\Program Files\Malwarebytes
2018-09-18 11:32 - 2018-07-12 08:42 - 000152688 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2018-09-18 11:28 - 2018-09-18 11:30 - 081615816 _____ (Malwarebytes ) C:\Users\_installuser\Downloads\mb3-setup-consumer-3.5.1.2522-1.0.441-1.0.6871.exe
2018-09-09 23:02 - 2018-09-09 21:07 - 000001274 _____ C:\Users\_installuser\AppData\Local\recently-used.xbel
2018-09-09 22:38 - 2018-09-09 22:40 - 067623312 _____ (PortableApps.com) C:\Users\_installuser\Downloads\InkscapePortable_0.92.3.paf.exe
2018-09-09 15:55 - 2018-09-09 15:59 - 000077097 _____ C:\Users\_installuser\Monster fluffy template.svg
2018-09-08 00:54 - 2018-09-08 00:54 - 000001643 _____ C:\Users\_installuser\Neues Dokument 1.2018_09_08_00_54_16.0.svg
2018-09-08 00:51 - 2018-09-08 01:11 - 000524987 _____ C:\Users\_installuser\Neues Dokument 1.2018_09_08_00_51_23.0.svg
2018-09-07 22:32 - 2018-09-07 22:32 - 000000000 ____D C:\Users\_installuser\AppData\Roaming\inkscape
2018-09-07 22:30 - 2018-09-07 22:30 - 000000861 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inkscape.lnk
2018-09-07 22:30 - 2018-09-07 22:30 - 000000849 _____ C:\Users\Public\Desktop\Inkscape.lnk
2018-09-07 22:29 - 2018-09-07 22:31 - 000000000 ____D C:\Program Files\Inkscape
2018-09-07 22:28 - 2018-09-07 22:28 - 067460478 _____ (Inkscape project) C:\Users\_installuser\Downloads\inkscape-0.92.3-x64.exe
2018-09-07 22:25 - 2018-09-07 22:25 - 000001163 _____ C:\Users\Public\Desktop\Avira.lnk
2018-08-26 01:25 - 2018-08-26 02:22 - 000010035 _____ C:\Users\_installuser\Downloads\Trump hair.gvdesign
2018-08-26 01:23 - 2018-08-26 01:23 - 000012856 _____ C:\Users\_installuser\Downloads\Graphics.gvdesign
2018-08-26 01:14 - 2018-08-26 01:14 - 000141051 _____ C:\Users\_installuser\Downloads\cartoon-2026566.svg
2018-08-26 01:14 - 2018-08-26 01:14 - 000011402 _____ C:\Users\_installuser\Downloads\donald-trump-2789735.svg
2018-08-26 01:13 - 2018-08-26 01:13 - 000003788 _____ C:\Users\_installuser\Downloads\president-3166216.svg
2018-08-26 00:30 - 2018-08-26 00:30 - 000120211 _____ C:\Users\_installuser\Downloads\donald-trump-2035951.svg
2018-08-26 00:27 - 2018-08-26 00:27 - 000015962 _____ C:\Users\_installuser\Downloads\donald-trump-1967309.svg
2018-08-25 20:51 - 2018-08-26 02:22 - 000000000 ____D C:\Users\_installuser\AppData\Roaming\GravitDesigner
2018-08-25 20:51 - 2018-08-25 20:51 - 000000000 ____D C:\Users\_installuser\AppData\Roaming\gravit
2018-08-25 19:47 - 2018-08-25 19:49 - 093757968 _____ (Gravit GmbH) C:\Users\_installuser\Downloads\GravitDesigner.exe
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2018-09-18 21:19 - 2017-09-27 10:49 - 000003292 _____ C:\Windows\System32\Tasks\Avira_Antivirus_Systray
2018-09-18 12:19 - 2018-04-18 21:36 - 000004524 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-09-18 12:19 - 2017-03-27 18:26 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-09-18 12:19 - 2017-03-27 18:26 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-09-18 12:19 - 2017-03-27 18:26 - 000004378 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-09-18 12:19 - 2017-03-27 18:26 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-09-18 12:19 - 2017-03-27 18:26 - 000000000 ____D C:\Windows\system32\Macromed
2018-09-18 11:48 - 2017-03-09 22:14 - 000000000 ____D C:\Users\_installuser\AppData\LocalLow\Mozilla
2018-09-18 11:44 - 2017-09-18 21:22 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-09-18 11:44 - 2015-03-28 00:45 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-09-18 11:30 - 2009-07-14 06:45 - 000021504 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-09-18 11:30 - 2009-07-14 06:45 - 000021504 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-09-18 09:09 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-09-09 22:36 - 2010-11-21 08:50 - 000699682 _____ C:\Windows\system32\perfh007.dat
2018-09-09 22:36 - 2010-11-21 08:50 - 000149790 _____ C:\Windows\system32\perfc007.dat
2018-09-09 22:36 - 2009-07-14 07:13 - 001620684 _____ C:\Windows\system32\PerfStringBackup.INI
2018-09-09 22:36 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2018-09-09 17:27 - 2014-12-02 09:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2018-09-09 15:55 - 2014-12-02 09:10 - 000000000 ____D C:\Users\_installuser
2018-09-07 22:25 - 2014-12-02 09:23 - 000000000 ____D C:\ProgramData\Package Cache
2018-08-25 19:46 - 2017-07-10 16:24 - 000073240 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avdevprot.sys
2018-08-25 19:42 - 2015-05-05 13:24 - 000000000 ____D C:\TickDataDownloader
2018-08-25 19:41 - 2016-02-02 15:00 - 000000000 ____D C:\Windows\system32\appmgmt
2018-08-25 19:39 - 2017-03-01 21:47 - 000002259 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-08-25 19:39 - 2017-03-01 21:47 - 000002218 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-08-25 19:39 - 2016-04-01 12:40 - 000000000 ____D C:\Program Files (x86)\AmiBroker
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2015-01-04 12:19 - 2016-04-01 12:36 - 001513472 _____ () C:\Program Files\7z938-x64.msi
2015-01-04 12:19 - 2016-04-01 12:36 - 001182190 _____ () C:\Program Files\7z938.exe
2018-09-09 23:02 - 2018-09-09 21:07 - 000001274 _____ () C:\Users\_installuser\AppData\Local\recently-used.xbel
2016-01-29 08:16 - 2016-01-29 08:16 - 000007602 _____ () C:\Users\_installuser\AppData\Local\Resmon.ResmonCfg
==================== Bamital & volsnap ======================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2018-09-18 12:08
==================== Ende von FRST.txt ============================
|
|
18.09.2018, 21:11
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Jts\jars\jts4launch-970_1525195389000.dat / Enthält Erkennungsmuster des Exploits EXP/2012-1723.EB Avira bitte komplett deinstallieren Von Avira wird hier schon lange abgeraten, außerdem will ich für eine Analyse und Bereinigung so wenig Störquellen wie nur möglich. Zum Abschluss gibt es Hinweise zur Absicherung deines Windows-Systems. Wir deinstallieren dann am besten auch gleich weiteren unnötigen oder veralteten Krempel. Lade Dir bitte von hier  Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Gib Bescheid wenn das weg ist; wenn wir hier durch sind, kannst du auf einen anderen Virenscanner umsteigen, Infos folgen dann im Abschlussposting. Bitte JETZT nix mehr ohne Absprache installieren!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
18.09.2018, 22:33
| #5 |
| | Jts\jars\jts4launch-970_1525195389000.dat / Enthält Erkennungsmuster des Exploits EXP/2012-1723.EB Hi, Habe Avira u.a. nun entfernt, wobei ich glaube das mit dem letzten Schritt "Reste löschen" falsch gemacht habe. Den Schritt habe ich leider nur nach dem letzten Programm gemacht. Gruß |
|
18.09.2018, 22:40
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Jts\jars\jts4launch-970_1525195389000.dat / Enthält Erkennungsmuster des Exploits EXP/2012-1723.EB Schädlinge suchen mit Kaspersky TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit. Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ --> Jts\jars\jts4launch-970_1525195389000.dat / Enthält Erkennungsmuster des Exploits EXP/2012-1723.EB |
|
18.09.2018, 23:00
| #7 |
| | Jts\jars\jts4launch-970_1525195389000.dat / Enthält Erkennungsmuster des Exploits EXP/2012-1723.EB Hier der Log file: Code:
ATTFilter 23:51:15.0723 0x09c8 TDSS rootkit removing tool 3.1.0.17 Apr 20 2018 12:12:17
23:51:20.0778 0x09c8 ============================================================
23:51:20.0778 0x09c8 Current date / time: 2018/09/18 23:51:20.0778
23:51:20.0778 0x09c8 SystemInfo:
23:51:20.0778 0x09c8
23:51:20.0778 0x09c8 OS Version: 6.1.7601 ServicePack: 1.0
23:51:20.0778 0x09c8 Product type: Workstation
23:51:20.0778 0x09c8 ComputerName: OMEGA
23:51:20.0778 0x09c8 UserName: _installuser
23:51:20.0778 0x09c8 Windows directory: C:\Windows
23:51:20.0778 0x09c8 System windows directory: C:\Windows
23:51:20.0778 0x09c8 Running under WOW64
23:51:20.0778 0x09c8 Processor architecture: Intel x64
23:51:20.0778 0x09c8 Number of processors: 4
23:51:20.0778 0x09c8 Page size: 0x1000
23:51:20.0778 0x09c8 Boot type: Normal boot
23:51:20.0778 0x09c8 CodeIntegrityOptions = 0x00000001
23:51:20.0778 0x09c8 ============================================================
23:51:22.0291 0x09c8 KLMD registered as C:\Windows\system32\drivers\00637315.sys
23:51:22.0291 0x09c8 KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 7601.23915, osProperties = 0x1
23:51:22.0540 0x09c8 System UUID: {D9091150-185C-0C7C-9EB8-7AA26D5FE8EB}
23:51:22.0821 0x09c8 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:51:22.0837 0x09c8 ============================================================
23:51:22.0837 0x09c8 \Device\Harddisk0\DR0:
23:51:22.0837 0x09c8 MBR partitions:
23:51:22.0837 0x09c8 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
23:51:22.0837 0x09c8 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x253FB800
23:51:22.0837 0x09c8 ============================================================
23:51:22.0852 0x09c8 C: <-> \Device\Harddisk0\DR0\Partition2
23:51:22.0852 0x09c8 ============================================================
23:51:22.0852 0x09c8 Initialize success
23:51:22.0852 0x09c8 ============================================================
23:53:30.0917 0x0fa0 ============================================================
23:53:30.0917 0x0fa0 Scan started
23:53:30.0917 0x0fa0 Mode: Manual; SigCheck; TDLFS;
23:53:30.0917 0x0fa0 ============================================================
23:53:30.0917 0x0fa0 KSN ping started
23:53:31.0042 0x0fa0 KSN ping finished: true
23:53:31.0760 0x0fa0 ================ Scan system memory ========================
23:53:31.0760 0x0fa0 System memory - ok
23:53:31.0760 0x0fa0 ================ Scan services =============================
23:53:31.0900 0x0fa0 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
23:53:31.0978 0x0fa0 1394ohci - ok
23:53:32.0009 0x0fa0 [ 5C368F4B04ED2A923E6AFCA2D37BAFF5, C3CC58D636B18DF77C4C4B384AD1DE78418716A0606E564DBC63782D5EA02905 ] Accelerometer C:\Windows\system32\drivers\Accelerometer.sys
23:53:32.0056 0x0fa0 Accelerometer - ok
23:53:32.0087 0x0fa0 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
23:53:32.0103 0x0fa0 ACPI - ok
23:53:32.0134 0x0fa0 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
23:53:32.0181 0x0fa0 AcpiPmi - ok
23:53:32.0243 0x0fa0 [ 8B46D5A1D3EF08232C04D0EAFB871FB2, 5306F8452EF675851CB0015F9E5C5EB750137D6D65C9CB7E47F8EF5B10A44D10 ] Adobe LM Service C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
23:53:32.0274 0x0fa0 Adobe LM Service - detected UnsignedFile.Multi.Generic ( 1 )
23:53:32.0352 0x0fa0 Detect skipped due to KSN trusted
23:53:32.0352 0x0fa0 Adobe LM Service - ok
23:53:32.0415 0x0fa0 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
23:53:32.0446 0x0fa0 adp94xx - ok
23:53:32.0477 0x0fa0 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\drivers\adpahci.sys
23:53:32.0493 0x0fa0 adpahci - ok
23:53:32.0524 0x0fa0 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
23:53:32.0540 0x0fa0 adpu320 - ok
23:53:32.0571 0x0fa0 [ 262D7C87D0AC20B96EF9877D3CA478A0, 54F7E5A5F8991C5525500C1ECCF3D3135D13F48866C366E52DF1D052DB2EE15B ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
23:53:32.0680 0x0fa0 AeLookupSvc - ok
23:53:32.0742 0x0fa0 [ 0DC2A9882540DEA4A55B08785E09D8FC, 69B15724B0034F9915AACE109A6C596D6AF2DA350FC18C9A0CD98C81CB7EDEE3 ] AFD C:\Windows\system32\drivers\afd.sys
23:53:32.0805 0x0fa0 AFD - ok
23:53:32.0820 0x0fa0 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
23:53:32.0836 0x0fa0 agp440 - ok
23:53:32.0867 0x0fa0 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
23:53:32.0883 0x0fa0 ALG - ok
23:53:32.0930 0x0fa0 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
23:53:32.0961 0x0fa0 aliide - ok
23:53:32.0976 0x0fa0 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
23:53:32.0992 0x0fa0 amdide - ok
23:53:33.0023 0x0fa0 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
23:53:33.0039 0x0fa0 AmdK8 - ok
23:53:33.0039 0x0fa0 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
23:53:33.0070 0x0fa0 AmdPPM - ok
23:53:33.0101 0x0fa0 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
23:53:33.0132 0x0fa0 amdsata - ok
23:53:33.0148 0x0fa0 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
23:53:33.0164 0x0fa0 amdsbs - ok
23:53:33.0179 0x0fa0 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
23:53:33.0195 0x0fa0 amdxata - ok
23:53:33.0242 0x0fa0 [ C16B5B379A2A79702CC5FF923EAAE3FD, FD6A1E3C46282CF77AFA9FB4B4ACE2DB6295DFB0C69EA07BE7160538041CDB2F ] AppID C:\Windows\system32\drivers\appid.sys
23:53:33.0288 0x0fa0 AppID - ok
23:53:33.0304 0x0fa0 [ 5152D6B29C61EF59537DBDA92BFE2978, 6D426A0FEE016A8899ADE864DD84BE019C5B5DB7E1DB295ED720239877FCB3EF ] AppIDSvc C:\Windows\System32\appidsvc.dll
23:53:33.0320 0x0fa0 AppIDSvc - ok
23:53:33.0366 0x0fa0 [ DE23E052E557580674785CDF45B613F3, A955ADC6CC7D816BA7CE1065F911E7A3295A1908C22BE0A3C506C38CFEE8DE0D ] Appinfo C:\Windows\System32\appinfo.dll
23:53:33.0413 0x0fa0 Appinfo - ok
23:53:33.0491 0x0fa0 [ 7EB4548BA1B9ECD1D77A7512E4C3777F, CCCF4B4BC5526A3256C6E3D7FE4592B623FD2C05DD90CEBC0300A1245A9C68B0 ] Apple Mobile Device Service C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:53:33.0522 0x0fa0 Apple Mobile Device Service - ok
23:53:33.0569 0x0fa0 [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt C:\Windows\System32\appmgmts.dll
23:53:33.0632 0x0fa0 AppMgmt - ok
23:53:33.0663 0x0fa0 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\drivers\arc.sys
23:53:33.0694 0x0fa0 arc - ok
23:53:33.0725 0x0fa0 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\drivers\arcsas.sys
23:53:33.0741 0x0fa0 arcsas - ok
23:53:33.0850 0x0fa0 [ 8637F3119057178364D200F2462E625C, 40CAE47AA6C6B23FEB95961FD06BB3EB075CA63BB91B54CB26215A368371B343 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
23:53:33.0881 0x0fa0 aspnet_state - ok
23:53:33.0912 0x0fa0 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
23:53:34.0022 0x0fa0 AsyncMac - ok
23:53:34.0068 0x0fa0 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
23:53:34.0084 0x0fa0 atapi - ok
23:53:34.0162 0x0fa0 [ 67C717EC24FCAAE7B518D9E06AD036AB, F08550E4FCEC2899FACEF2A18CEE3D068D5911FFD2FF5534E4921E56FB0AEF59 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:53:34.0193 0x0fa0 AudioEndpointBuilder - ok
23:53:34.0209 0x0fa0 [ 67C717EC24FCAAE7B518D9E06AD036AB, F08550E4FCEC2899FACEF2A18CEE3D068D5911FFD2FF5534E4921E56FB0AEF59 ] AudioSrv C:\Windows\System32\Audiosrv.dll
23:53:34.0224 0x0fa0 AudioSrv - ok
23:53:34.0256 0x0fa0 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
23:53:34.0302 0x0fa0 AxInstSV - ok
23:53:34.0334 0x0fa0 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
23:53:34.0380 0x0fa0 b06bdrv - ok
23:53:34.0412 0x0fa0 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
23:53:34.0443 0x0fa0 b57nd60a - ok
23:53:34.0474 0x0fa0 [ 455EB0128FD08E07EACE0C6F754A3AAD, E14237655F64B1576A67CC6A323933F13A5104003B53D46A650420F0279E8ADD ] bcbtums C:\Windows\system32\drivers\bcbtums.sys
23:53:34.0505 0x0fa0 bcbtums - ok
23:53:34.0505 0x0fa0 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
23:53:34.0552 0x0fa0 BDESVC - ok
23:53:34.0568 0x0fa0 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
23:53:34.0599 0x0fa0 Beep - ok
23:53:34.0692 0x0fa0 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
23:53:34.0739 0x0fa0 BFE - ok
23:53:34.0770 0x0fa0 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll
23:53:34.0833 0x0fa0 BITS - ok
23:53:34.0848 0x0fa0 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
23:53:34.0880 0x0fa0 blbdrive - ok
23:53:34.0942 0x0fa0 [ B5C2F92EE1106DFE7BB1CCE4D35B6037, E399C390687589194D8AAD385055F0CFA7D52AD9E837D8FF95008B8EB2B34E50 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
23:53:34.0989 0x0fa0 Bonjour Service - ok
23:53:35.0020 0x0fa0 [ ABA3984C822E4D3F889699912D85D6C5, 2251FA135CC290DA13DAE4743F393C7CC9E6A737C054707CB8D72C369D1FFACB ] bowser C:\Windows\system32\DRIVERS\bowser.sys
23:53:35.0036 0x0fa0 bowser - ok
23:53:35.0067 0x0fa0 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
23:53:35.0082 0x0fa0 BrFiltLo - ok
23:53:35.0098 0x0fa0 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
23:53:35.0129 0x0fa0 BrFiltUp - ok
23:53:35.0176 0x0fa0 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
23:53:35.0207 0x0fa0 Browser - ok
23:53:35.0223 0x0fa0 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
23:53:35.0270 0x0fa0 Brserid - ok
23:53:35.0285 0x0fa0 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
23:53:35.0316 0x0fa0 BrSerWdm - ok
23:53:35.0316 0x0fa0 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
23:53:35.0348 0x0fa0 BrUsbMdm - ok
23:53:35.0379 0x0fa0 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
23:53:35.0394 0x0fa0 BrUsbSer - ok
23:53:35.0441 0x0fa0 [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
23:53:35.0488 0x0fa0 BthEnum - ok
23:53:35.0504 0x0fa0 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
23:53:35.0535 0x0fa0 BTHMODEM - ok
23:53:35.0613 0x0fa0 [ 5A8951D195AFEF979C4AB02A129EBC37, 48FD4A921E51B6DD306A1248EB9A1A6AEC5F59E49528423BF2F40600B3AF1D08 ] BthPan C:\Windows\system32\drivers\bthpan.sys
23:53:35.0675 0x0fa0 BthPan - ok
23:53:35.0691 0x0fa0 [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
23:53:35.0722 0x0fa0 BTHPORT - ok
23:53:35.0738 0x0fa0 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
23:53:35.0800 0x0fa0 bthserv - ok
23:53:35.0800 0x0fa0 [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
23:53:35.0816 0x0fa0 BTHUSB - ok
23:53:35.0847 0x0fa0 [ 858B305ADE425732CFF9DED182F94FB8, 1D2996BCB98BCAA6E76DE9C9E06939DB700B16D0BE97B37E63463A5932820696 ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
23:53:35.0862 0x0fa0 btwavdt - ok
23:53:35.0878 0x0fa0 [ 3BD876387D6C538690300F9EC198856B, 7BF57ACEF64907706A13AE42A66DB0A08AE0B7770F1D11AFBDC83EAEF1A0F7F7 ] btwrchid C:\Windows\system32\drivers\btwrchid.sys
23:53:35.0878 0x0fa0 btwrchid - ok
23:53:35.0894 0x0fa0 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
23:53:35.0940 0x0fa0 cdfs - ok
23:53:35.0972 0x0fa0 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
23:53:35.0987 0x0fa0 cdrom - ok
23:53:36.0003 0x0fa0 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
23:53:36.0034 0x0fa0 CertPropSvc - ok
23:53:36.0050 0x0fa0 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\drivers\circlass.sys
23:53:36.0081 0x0fa0 circlass - ok
23:53:36.0128 0x0fa0 [ 3963FEC1892368DD500E6ED1F5C286CE, A04689CB07AF1C1B4B1032B0ACAD88DA3EB03D89A575C59FE602A65E8C246138 ] CLFS C:\Windows\system32\CLFS.sys
23:53:36.0159 0x0fa0 CLFS - ok
23:53:36.0221 0x0fa0 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:53:36.0252 0x0fa0 clr_optimization_v2.0.50727_32 - ok
23:53:36.0299 0x0fa0 [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:53:36.0330 0x0fa0 clr_optimization_v2.0.50727_64 - ok
23:53:36.0393 0x0fa0 [ 2BA609641FA64BAB02ACD3C0095672F5, FD1FE403864F0564CA4A2F1D7415649B8FFE16F8ED33C4B44ACB21767118AD5F ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:53:36.0424 0x0fa0 clr_optimization_v4.0.30319_32 - ok
23:53:36.0471 0x0fa0 [ 7C7502CD2A2CFAB399D0D8DA95DB03E7, 4AE53B468CF597FCFD912A6EEE27E87EE4D9BC73F2A794FB5DF5DA46C1DD1289 ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:53:36.0502 0x0fa0 clr_optimization_v4.0.30319_64 - ok
23:53:36.0533 0x0fa0 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
23:53:36.0564 0x0fa0 CmBatt - ok
23:53:36.0580 0x0fa0 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
23:53:36.0596 0x0fa0 cmdide - ok
23:53:36.0642 0x0fa0 [ A98CED39AD91B445E2E442A9BD67E8B4, B4189DEEF1C0EE22AE983119047B1A40FFDD8F3E163DFFABD7C2706231B0B1B0 ] CNG C:\Windows\system32\Drivers\cng.sys
23:53:36.0674 0x0fa0 CNG - ok
23:53:36.0689 0x0fa0 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
23:53:36.0705 0x0fa0 Compbatt - ok
23:53:36.0736 0x0fa0 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
23:53:36.0752 0x0fa0 CompositeBus - ok
23:53:36.0752 0x0fa0 COMSysApp - ok
23:53:36.0830 0x0fa0 [ E5C29CE3C4D94286DDB050D182D868C9, CC015B7213909DC43F18F1F0997CBDFDD793EB44E2CC8B4B83134FF4CA6BD780 ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe
23:53:36.0876 0x0fa0 cphs - ok
23:53:36.0892 0x0fa0 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
23:53:36.0908 0x0fa0 crcdisk - ok
23:53:36.0954 0x0fa0 [ 48FEDBE324F1EA9417BA1D62AE863011, 2C3D84F0842237A3BF2838DDB4126807977EB36588FA669B1E6671077584EF18 ] CryptSvc C:\Windows\system32\cryptsvc.dll
23:53:37.0017 0x0fa0 CryptSvc - ok
23:53:37.0048 0x0fa0 [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC C:\Windows\system32\drivers\csc.sys
23:53:37.0095 0x0fa0 CSC - ok
23:53:37.0110 0x0fa0 [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService C:\Windows\System32\cscsvc.dll
23:53:37.0157 0x0fa0 CscService - ok
23:53:37.0220 0x0fa0 [ 3F1A199859B4F3F8357B2A0AF5666A54, B0ACE9384088B7D0E54CF82BF48D4FEAA518BDEF98A294BA8F5A37DFF0E45328 ] DcomLaunch C:\Windows\system32\rpcss.dll
23:53:37.0251 0x0fa0 DcomLaunch - ok
23:53:37.0282 0x0fa0 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
23:53:37.0313 0x0fa0 defragsvc - ok
23:53:37.0376 0x0fa0 [ 9B38580063D281A99E68EF5813022A5F, D91676B0E0A8E2A090E3E5DD340ABCFC20AE0F55B4C82869D6CFB34239BD27DA ] DfsC C:\Windows\system32\Drivers\dfsc.sys
23:53:37.0407 0x0fa0 DfsC - ok
23:53:37.0438 0x0fa0 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
23:53:37.0485 0x0fa0 Dhcp - ok
23:53:37.0594 0x0fa0 [ EE9954237F15BE4DD9304D12E4D305ED, F295C9BAF20F0E669B673AFCC16B4969EE31B6A3808980DAB93D9B0F167DA3C0 ] DiagTrack C:\Windows\system32\diagtrack.dll
23:53:37.0656 0x0fa0 DiagTrack - ok
23:53:37.0703 0x0fa0 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
23:53:37.0734 0x0fa0 discache - ok
23:53:37.0797 0x0fa0 [ 616387BBD83372220B09DE95F4E67BBC, 5E2D5280BB775576E7CDE3FA6BDE494E183123635E5908CF7EBF1FF52966D07D ] Disk C:\Windows\system32\drivers\disk.sys
23:53:37.0828 0x0fa0 Disk - ok
23:53:37.0859 0x0fa0 [ 5DB085A8A6600BE6401F2B24EECB5415, 5FC5C7C1B4DB7BF6EFD0992E91DB41FD047E90D1ABA0B8F868CB72557F88FB13 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
23:53:37.0890 0x0fa0 dmvsc - ok
23:53:37.0953 0x0fa0 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
23:53:38.0015 0x0fa0 Dnscache - ok
23:53:38.0062 0x0fa0 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
23:53:38.0109 0x0fa0 dot3svc - ok
23:53:38.0124 0x0fa0 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
23:53:38.0156 0x0fa0 DPS - ok
23:53:38.0187 0x0fa0 [ 26FE888505E5A945B0536AF9A2A27A6F, A6B16ED498BAFE300E1F0E0A241E3D62F7A1C5973EE775904ED14F33A2BC08A6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
23:53:38.0218 0x0fa0 drmkaud - ok
23:53:38.0280 0x0fa0 [ 5CEF80AE869336376F550ECAE91E424A, 49152AC35556A5629AE7A4A762FDB2112FAD1C9CDB91E6196172809F74A3149A ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
23:53:38.0296 0x0fa0 DXGKrnl - ok
23:53:38.0343 0x0fa0 [ 03F4C5C12FC1C69F838DA723475EF650, 7D80623ED1060F904AF85B87620DF8DC153504FABC0E447C1D3A07D0372D7B9F ] e1cexpress C:\Windows\system32\DRIVERS\e1c62x64.sys
23:53:38.0374 0x0fa0 e1cexpress - ok
23:53:38.0421 0x0fa0 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
23:53:38.0468 0x0fa0 EapHost - ok
23:53:38.0577 0x0fa0 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\drivers\evbda.sys
23:53:38.0655 0x0fa0 ebdrv - ok
23:53:38.0702 0x0fa0 [ 62056ADD38513A86C4866E912371B56B, 9465E65EB4303BF87483B9621D402E848A50E6D22B05846A621A2761B9516A57 ] EFS C:\Windows\System32\lsass.exe
23:53:38.0733 0x0fa0 EFS - ok
23:53:38.0811 0x0fa0 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
23:53:38.0858 0x0fa0 ehRecvr - ok
23:53:38.0873 0x0fa0 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
23:53:38.0889 0x0fa0 ehSched - ok
23:53:38.0951 0x0fa0 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\drivers\elxstor.sys
23:53:38.0998 0x0fa0 elxstor - ok
23:53:39.0014 0x0fa0 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
23:53:39.0029 0x0fa0 ErrDev - ok
23:53:39.0076 0x0fa0 [ 082F9D1ADB6DF9E5DB30EB52A34FCF0A, DC62F2E7D81B4D3C266855A64A575563A31D894B19F23E841B6C8A552FAF81CC ] ESProtectionDriver C:\Windows\system32\drivers\mbae64.sys
23:53:39.0092 0x0fa0 ESProtectionDriver - ok
23:53:39.0138 0x0fa0 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
23:53:39.0185 0x0fa0 EventSystem - ok
23:53:39.0232 0x0fa0 [ 7E45F8B117419ABA3BB26579F6E70324, 03FE86519860153E1BE571F10ACC9BA58FFB5A661C5C3EBDF3B77973BCD96C84 ] exfat C:\Windows\system32\drivers\exfat.sys
23:53:39.0279 0x0fa0 exfat - ok
23:53:39.0279 0x0fa0 [ 6EDFA237D25433C03F42FBFDB16BDD24, A30F89A40F7AFC475D3C2D3591FB9AFC06AE3FEBC915FDCB24ED77946FBA4E2C ] fastfat C:\Windows\system32\drivers\fastfat.sys
23:53:39.0310 0x0fa0 fastfat - ok
23:53:39.0357 0x0fa0 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
23:53:39.0404 0x0fa0 Fax - ok
23:53:39.0419 0x0fa0 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\drivers\fdc.sys
23:53:39.0450 0x0fa0 fdc - ok
23:53:39.0466 0x0fa0 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
23:53:39.0513 0x0fa0 fdPHost - ok
23:53:39.0528 0x0fa0 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
23:53:39.0560 0x0fa0 FDResPub - ok
23:53:39.0575 0x0fa0 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
23:53:39.0591 0x0fa0 FileInfo - ok
23:53:39.0606 0x0fa0 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
23:53:39.0684 0x0fa0 Filetrace - ok
23:53:39.0716 0x0fa0 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
23:53:39.0716 0x0fa0 flpydisk - ok
23:53:39.0731 0x0fa0 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
23:53:39.0747 0x0fa0 FltMgr - ok
23:53:39.0809 0x0fa0 [ 785F474FB5E67E448E1931C98E8D0ABC, 911697D580CBF508A6F4A52D4F95A6976CF9A0EC3549076A8D0B5C8BD947C989 ] FontCache C:\Windows\system32\FntCache.dll
23:53:39.0856 0x0fa0 FontCache - ok
23:53:39.0903 0x0fa0 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:53:39.0934 0x0fa0 FontCache3.0.0.0 - ok
23:53:39.0950 0x0fa0 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
23:53:39.0965 0x0fa0 FsDepends - ok
23:53:40.0012 0x0fa0 [ B3EB502D2C3F47C47415F85387DFAEF1, 5240D4281BB9FBFBFEB98522D12F0C006BE063C084C2E6E23DACB6606CDC25AE ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
23:53:40.0012 0x0fa0 fssfltr - ok
23:53:40.0121 0x0fa0 [ B6AB40819ECEC4BA07266EC0EBBC85A7, 71D385043720B622305FD64BD1187C6FFD7191C30794F95629CF6BFDC0A25BA2 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
23:53:40.0168 0x0fa0 fsssvc - ok
23:53:40.0215 0x0fa0 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
23:53:40.0230 0x0fa0 Fs_Rec - ok
23:53:40.0277 0x0fa0 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
23:53:40.0324 0x0fa0 fvevol - ok
23:53:40.0340 0x0fa0 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
23:53:40.0371 0x0fa0 gagp30kx - ok
23:53:40.0402 0x0fa0 [ E4AE497857409127ED57562AF913A903, 262ADD713B1FBF6200550967D1F8635B55D01BBD8FA2E753536E71A4EC87867B ] gpsvc C:\Windows\System32\gpsvc.dll
23:53:40.0464 0x0fa0 gpsvc - ok
23:53:40.0574 0x0fa0 [ 2D8BBF6C7241AAD9EDE7708EBB7B43A4, 51AF8150C6CF738AF14F502E6BDAD1035773DD45980770E06393814B75259EF8 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:53:40.0605 0x0fa0 gupdate - ok
23:53:40.0620 0x0fa0 [ 2D8BBF6C7241AAD9EDE7708EBB7B43A4, 51AF8150C6CF738AF14F502E6BDAD1035773DD45980770E06393814B75259EF8 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:53:40.0636 0x0fa0 gupdatem - ok
23:53:40.0652 0x0fa0 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
23:53:40.0683 0x0fa0 hcw85cir - ok
23:53:40.0745 0x0fa0 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:53:40.0761 0x0fa0 HdAudAddService - ok
23:53:40.0792 0x0fa0 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
23:53:40.0808 0x0fa0 HDAudBus - ok
23:53:40.0839 0x0fa0 [ 6EA2F13DEAF130753F6FC19AFFFF94A8, ADA5BA2DBCD58372918FD278834B2E13FE0F73E200A2E747AB7B123C31E46825 ] HECIx64 C:\Windows\system32\drivers\HECIx64.sys
23:53:40.0839 0x0fa0 HECIx64 - ok
23:53:40.0870 0x0fa0 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
23:53:40.0886 0x0fa0 HidBatt - ok
23:53:40.0901 0x0fa0 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\drivers\hidbth.sys
23:53:40.0917 0x0fa0 HidBth - ok
23:53:40.0948 0x0fa0 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\drivers\hidir.sys
23:53:40.0964 0x0fa0 HidIr - ok
23:53:41.0010 0x0fa0 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
23:53:41.0073 0x0fa0 hidserv - ok
23:53:41.0104 0x0fa0 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
23:53:41.0120 0x0fa0 HidUsb - ok
23:53:41.0135 0x0fa0 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
23:53:41.0166 0x0fa0 hkmsvc - ok
23:53:41.0198 0x0fa0 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
23:53:41.0229 0x0fa0 HomeGroupListener - ok
23:53:41.0244 0x0fa0 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
23:53:41.0260 0x0fa0 HomeGroupProvider - ok
23:53:41.0291 0x0fa0 [ 4E0BEC0F78096FFD6D3314B497FC49D3, 15B545815D0C80102963FFF13B6643CC9A74717137C1CBA45345B18912E72DB6 ] hpdskflt C:\Windows\system32\drivers\hpdskflt.sys
23:53:41.0307 0x0fa0 hpdskflt - ok
23:53:41.0338 0x0fa0 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
23:53:41.0354 0x0fa0 HpSAMD - ok
23:53:41.0416 0x0fa0 [ CF5C9BD985120781200D35FD445D0BD5, 91B37F595A196542458CBBCDAD80779721D228A7030A34E55995DDBB06649248 ] HTTP C:\Windows\system32\drivers\HTTP.sys
23:53:41.0447 0x0fa0 HTTP - ok
23:53:41.0463 0x0fa0 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
23:53:41.0478 0x0fa0 hwpolicy - ok
23:53:41.0510 0x0fa0 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
23:53:41.0525 0x0fa0 i8042prt - ok
23:53:41.0541 0x0fa0 [ ABBF174CB394F5C437410A788B7E404A, 95554F675329E7062F0936E4E902FEFF2456CAD95D6C9B60DCC213EF6E4C62D8 ] iaStor C:\Windows\system32\drivers\iaStor.sys
23:53:41.0572 0x0fa0 iaStor - ok
23:53:41.0619 0x0fa0 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
23:53:41.0666 0x0fa0 iaStorV - ok
23:53:41.0681 0x0fa0 [ B005844661028E11480D724A709CC298, DC738AA0246581814915160BA824C2DB9009E6CFCCDB6A268F08C8D13F52BEB0 ] IBMPMDRV C:\Windows\system32\DRIVERS\ibmpmdrv.sys
23:53:41.0712 0x0fa0 IBMPMDRV - ok
23:53:41.0728 0x0fa0 [ ED802CE6B36E280401197F593634C1DD, 620F2D5F40B8E61DE606FC1B1B1DCDD12BE7431E065F9CB776FDCFF915B1D243 ] IBMPMSVC C:\Windows\system32\ibmpmsvc.exe
23:53:41.0759 0x0fa0 IBMPMSVC - ok
23:53:41.0822 0x0fa0 [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:53:41.0853 0x0fa0 idsvc - ok
23:53:41.0868 0x0fa0 IEEtwCollectorService - ok
23:53:41.0900 0x0fa0 [ 165FF3EDD56C51A4643AADE74D0166D4, 3EC2D73C35DCBC52CE2FD41E68C46BA0889125DC18C85419A1B1AB7BF5AAB72B ] IFCoEMP C:\Windows\system32\drivers\ifM60x64.sys
23:53:41.0931 0x0fa0 IFCoEMP - ok
23:53:41.0962 0x0fa0 [ B73014E4B32BF0CC068973E0156271BE, 233F2FFA664CE3CFEE14E022998D8BB51AEAA7EE85584BE684CB8516826461BA ] IFCoEVB C:\Windows\system32\drivers\ifP60X64.sys
23:53:41.0962 0x0fa0 IFCoEVB - ok
23:53:42.0196 0x0fa0 [ B9857625DF8B539ABCB90E15B5716568, 99393C74D6C5BB1D3B7399C628DEF47641563A3A1118988597091B0735805F06 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
23:53:42.0399 0x0fa0 igfx - ok
23:53:42.0430 0x0fa0 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\drivers\iirsp.sys
23:53:42.0446 0x0fa0 iirsp - ok
23:53:42.0492 0x0fa0 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
23:53:42.0524 0x0fa0 IKEEXT - ok
23:53:42.0555 0x0fa0 [ DD587A55390ED2295BCE6D36AD567DA9, AEB7DCB8EF89BEE8D9649A05FC482B1E4E3F44243D57A2577C862EB69166C48E ] Impcd C:\Windows\system32\drivers\Impcd.sys
23:53:42.0586 0x0fa0 Impcd - ok
23:53:42.0633 0x0fa0 [ F5495B38BFB9149925F54F65AB40EFBF, 7CBB72C41E2343DACBFB967A39CA04788561EDECB289C41BC2D6A06B80882AC4 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
23:53:42.0680 0x0fa0 IntcDAud - ok
23:53:42.0711 0x0fa0 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
23:53:42.0742 0x0fa0 intelide - ok
23:53:42.0789 0x0fa0 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
23:53:42.0820 0x0fa0 intelppm - ok
23:53:42.0851 0x0fa0 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
23:53:42.0898 0x0fa0 IPBusEnum - ok
23:53:42.0914 0x0fa0 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:53:42.0945 0x0fa0 IpFilterDriver - ok
23:53:43.0007 0x0fa0 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
23:53:43.0054 0x0fa0 iphlpsvc - ok
23:53:43.0085 0x0fa0 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
23:53:43.0101 0x0fa0 IPMIDRV - ok
23:53:43.0132 0x0fa0 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
23:53:43.0148 0x0fa0 IPNAT - ok
23:53:43.0257 0x0fa0 [ 8A640C05C43A9EB5DCAD2259578A39AF, 10FB01E5DEBAA1502C818EF3758EB3FB5836FB4AE25DDBE959619BCBE20E52C4 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
23:53:43.0272 0x0fa0 iPod Service - ok
23:53:43.0304 0x0fa0 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
23:53:43.0319 0x0fa0 IRENUM - ok
23:53:43.0335 0x0fa0 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
23:53:43.0350 0x0fa0 isapnp - ok
23:53:43.0382 0x0fa0 [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
23:53:43.0397 0x0fa0 iScsiPrt - ok
23:53:43.0428 0x0fa0 [ F1BB9E56FFACA74D8BD19A6FD86A48B4, 017C3C1CEA91A8DB9A4A5656A664C2089088045D339EF4BA067D10CB69FC730F ] iusb3hub C:\Windows\system32\DRIVERS\iusb3hub.sys
23:53:43.0428 0x0fa0 Suspicious file ( Forged ): C:\Windows\system32\DRIVERS\iusb3hub.sys. Real md5: F1BB9E56FFACA74D8BD19A6FD86A48B4, sha256: 017C3C1CEA91A8DB9A4A5656A664C2089088045D339EF4BA067D10CB69FC730F, fake md5: ED203F0FC8AE344E99DF75D3015B5F2F, fake sha256: DB1980614F56D7988FBAEE31E51198324C84EF082B97C04416871DCE00A0DFB1
23:53:43.0428 0x0fa0 iusb3hub - detected ForgedFile.Multi.Generic ( 1 )
23:53:43.0569 0x0fa0 iusb3hub ( ForgedFile.Multi.Generic ) - warning
23:53:43.0756 0x0fa0 [ 7971B368F36042A0EC31FEA15945187B, E5EDD32316549644708DFD84ECC899C12C5095A16A607ACE0E23A9F49DCCC0BC ] iusb3xhc C:\Windows\system32\DRIVERS\iusb3xhc.sys
23:53:43.0787 0x0fa0 iusb3xhc - ok
23:53:43.0803 0x0fa0 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
23:53:43.0818 0x0fa0 kbdclass - ok
23:53:43.0834 0x0fa0 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
23:53:43.0850 0x0fa0 kbdhid - ok
23:53:43.0865 0x0fa0 [ 62056ADD38513A86C4866E912371B56B, 9465E65EB4303BF87483B9621D402E848A50E6D22B05846A621A2761B9516A57 ] KeyIso C:\Windows\system32\lsass.exe
23:53:43.0881 0x0fa0 KeyIso - ok
23:53:43.0912 0x0fa0 [ DFE85B031220F8E0271716BBB3C4C8FF, 531AB0851AE2F2B25D751605529C483B4734E5D26F94F56DEC0191730DD6A9A4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
23:53:43.0928 0x0fa0 KSecDD - ok
23:53:43.0943 0x0fa0 [ 70D7302DD70B979637179BFD8295C924, 7A3498C8A90AC5D7A070E9BCAF1BC0D16F478A7160A9333C58247034C5B3B59F ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
23:53:43.0943 0x0fa0 KSecPkg - ok
23:53:43.0959 0x0fa0 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
23:53:43.0990 0x0fa0 ksthunk - ok
23:53:44.0006 0x0fa0 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
23:53:44.0052 0x0fa0 KtmRm - ok
23:53:44.0068 0x0fa0 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll
23:53:44.0099 0x0fa0 LanmanServer - ok
23:53:44.0115 0x0fa0 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:53:44.0146 0x0fa0 LanmanWorkstation - ok
23:53:44.0177 0x0fa0 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
23:53:44.0208 0x0fa0 lltdio - ok
23:53:44.0240 0x0fa0 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
23:53:44.0271 0x0fa0 lltdsvc - ok
23:53:44.0286 0x0fa0 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
23:53:44.0333 0x0fa0 lmhosts - ok
23:53:44.0349 0x0fa0 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
23:53:44.0349 0x0fa0 LSI_FC - ok
23:53:44.0380 0x0fa0 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
23:53:44.0380 0x0fa0 LSI_SAS - ok
23:53:44.0396 0x0fa0 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
23:53:44.0411 0x0fa0 LSI_SAS2 - ok
23:53:44.0427 0x0fa0 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
23:53:44.0442 0x0fa0 LSI_SCSI - ok
23:53:44.0489 0x0fa0 [ 5416CEB2916BBE635288C4D1075B045E, BEFF99052206C0D774CFFF14AC3305C397726B289B17666C2AD2706C261F2FF0 ] luafv C:\Windows\system32\drivers\luafv.sys
23:53:44.0520 0x0fa0 luafv - ok
23:53:44.0567 0x0fa0 [ FF135F5CFAE6595680004DD9F055F56B, 50068A5F335198EDE91E646140F4DA948E45BB936FF5492A80540989EE11D3DB ] MBAMChameleon C:\Windows\System32\Drivers\MbamChameleon.sys
23:53:44.0598 0x0fa0 MBAMChameleon - ok
23:53:44.0645 0x0fa0 [ A806410985B89FE602EAF1B16A360D4A, 5BF6DEA4698B44527A9D0F29D410280450763DE7E87B29CACFA76DA8D9A532D1 ] MBAMFarflt C:\Windows\system32\DRIVERS\farflt.sys
23:53:44.0676 0x0fa0 MBAMFarflt - ok
23:53:44.0723 0x0fa0 [ 26D513697CCB3BCBC8764B1AE8654088, 1B4033EB5CD820D909063CB8AC1CA57EB029E4D639E86FEB7A682C1CDAF11E1B ] MBAMProtection C:\Windows\system32\DRIVERS\mbam.sys
23:53:44.0770 0x0fa0 MBAMProtection - ok
23:53:45.0066 0x0fa0 [ F7265B7490428499F2FE409FA9247866, 43A406C74689B72020E4669B45F19D377A5FF3EFE79B03AF58C2679D14405E9D ] MBAMService C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
23:53:45.0176 0x0fa0 MBAMService - ok
23:53:45.0238 0x0fa0 [ A692F41F46F789228CECB2AA128AEC85, 83F7A12934D008BE46A774ABB136A7C11408D92832A0AEFF4866AEACF2594C55 ] MBAMSwissArmy C:\Windows\System32\Drivers\mbamswissarmy.sys
23:53:45.0285 0x0fa0 MBAMSwissArmy - ok
23:53:45.0332 0x0fa0 [ 5C6473AAEC66AB6FED991C0EA0D9C8F1, 4DC249B4DEF81DE71B43DB6347B21E65B379832A7827E3DDF10FEDEC956F6062 ] MBAMWebProtection C:\Windows\system32\DRIVERS\mwac.sys
23:53:45.0363 0x0fa0 MBAMWebProtection - ok
23:53:45.0378 0x0fa0 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
23:53:45.0394 0x0fa0 Mcx2Svc - ok
23:53:45.0410 0x0fa0 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\drivers\megasas.sys
23:53:45.0425 0x0fa0 megasas - ok
23:53:45.0441 0x0fa0 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
23:53:45.0456 0x0fa0 MegaSR - ok
23:53:45.0472 0x0fa0 [ 926C135CFB0C75B32FB714B5C0C58FAA, AF627CD125794B69D450D298D5608D357F2C91FB89EBFAA0DA2A0F07C6A304A8 ] MEIx64 C:\Windows\system32\DRIVERS\TeeDriverx64.sys
23:53:45.0488 0x0fa0 MEIx64 - ok
23:53:45.0503 0x0fa0 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
23:53:45.0534 0x0fa0 MMCSS - ok
23:53:45.0550 0x0fa0 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
23:53:45.0581 0x0fa0 Modem - ok
23:53:45.0597 0x0fa0 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
23:53:45.0612 0x0fa0 monitor - ok
23:53:45.0628 0x0fa0 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
23:53:45.0628 0x0fa0 mouclass - ok
23:53:45.0644 0x0fa0 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
23:53:45.0722 0x0fa0 mouhid - ok
23:53:45.0753 0x0fa0 [ 072D8646E23ECF8A3F5F0157017B4DB6, EBFB1459ECC5AF94C94FB49CEBC724542612680F0777E24B5AA6E062C0EE5D94 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
23:53:45.0768 0x0fa0 mountmgr - ok
23:53:45.0893 0x0fa0 [ 7016D6ED42BECBBF4B598190AD6E3F11, FEC66F566F30C3783203C4DD7A51D0D7DDFC6C55E75E9F597DAD148875EDEEE7 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
23:53:45.0924 0x0fa0 MozillaMaintenance - ok
23:53:45.0956 0x0fa0 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
23:53:45.0971 0x0fa0 mpio - ok
23:53:45.0987 0x0fa0 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
23:53:46.0018 0x0fa0 mpsdrv - ok
23:53:46.0049 0x0fa0 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
23:53:46.0096 0x0fa0 MpsSvc - ok
23:53:46.0127 0x0fa0 [ 98DB1790F0A584E0A2528B92B052417F, 9AA04CA73AFE599810CD233B9CEC212E16D44DCEDF5C7D0181C7257F498068B5 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
23:53:46.0158 0x0fa0 MRxDAV - ok
23:53:46.0190 0x0fa0 [ 767C6DF04C5758B9F0790D400541B44F, BFC38D7BCF19F7246BCAD3E04273A403F6B973432EE0EF6E25B16BA3826A21B7 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
23:53:46.0252 0x0fa0 mrxsmb - ok
23:53:46.0299 0x0fa0 [ BD55F604FFABC911F8E5500186AE70E5, 3719EDB070E6FFE9781337A05CA0309C3CD5CD38A292DF091E05C9BA3D5A479F ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:53:46.0361 0x0fa0 mrxsmb10 - ok
23:53:46.0377 0x0fa0 [ 92EECFB046D4706A4B8D699A4069B6EC, 3B3E232DABA913A500CE55AD8600D8DD8F28E32B0276B9B6C8FD6239688833A4 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:53:46.0392 0x0fa0 mrxsmb20 - ok
23:53:46.0424 0x0fa0 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
23:53:46.0455 0x0fa0 msahci - ok
23:53:46.0470 0x0fa0 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
23:53:46.0486 0x0fa0 msdsm - ok
23:53:46.0502 0x0fa0 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
23:53:46.0517 0x0fa0 MSDTC - ok
23:53:46.0548 0x0fa0 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
23:53:46.0580 0x0fa0 Msfs - ok
23:53:46.0595 0x0fa0 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
23:53:46.0626 0x0fa0 mshidkmdf - ok
23:53:46.0626 0x0fa0 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
23:53:46.0642 0x0fa0 msisadrv - ok
23:53:46.0673 0x0fa0 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
23:53:46.0767 0x0fa0 MSiSCSI - ok
23:53:46.0767 0x0fa0 msiserver - ok
23:53:46.0782 0x0fa0 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
23:53:46.0814 0x0fa0 MSKSSRV - ok
23:53:46.0829 0x0fa0 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
23:53:46.0860 0x0fa0 MSPCLOCK - ok
23:53:46.0876 0x0fa0 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
23:53:46.0907 0x0fa0 MSPQM - ok
23:53:46.0923 0x0fa0 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
23:53:46.0938 0x0fa0 MsRPC - ok
23:53:46.0954 0x0fa0 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
23:53:46.0970 0x0fa0 mssmbios - ok
23:53:46.0985 0x0fa0 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
23:53:47.0016 0x0fa0 MSTEE - ok
23:53:47.0032 0x0fa0 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
23:53:47.0048 0x0fa0 MTConfig - ok
23:53:47.0063 0x0fa0 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
23:53:47.0079 0x0fa0 Mup - ok
23:53:47.0094 0x0fa0 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
23:53:47.0141 0x0fa0 napagent - ok
23:53:47.0204 0x0fa0 [ 9FB2A095B1166CB3C9A06651863B3452, 808105C59C2D28C390FDE0CA48690A5CD052DE3D7F7327864EB45F80187D5BE9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
23:53:47.0250 0x0fa0 NativeWifiP - ok
23:53:47.0297 0x0fa0 [ F7309F42555F8AAB7144A51A1F2585B0, 065277A8AFAEE3888C997A76D2F751070F92DF4C3354D16B194860B4BDAFF937 ] NDIS C:\Windows\system32\drivers\ndis.sys
23:53:47.0328 0x0fa0 NDIS - ok
23:53:47.0344 0x0fa0 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
23:53:47.0360 0x0fa0 NdisCap - ok
23:53:47.0391 0x0fa0 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
23:53:47.0422 0x0fa0 NdisTapi - ok
23:53:47.0438 0x0fa0 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
23:53:47.0469 0x0fa0 Ndisuio - ok
23:53:47.0484 0x0fa0 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
23:53:47.0516 0x0fa0 NdisWan - ok
23:53:47.0516 0x0fa0 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
23:53:47.0547 0x0fa0 NDProxy - ok
23:53:47.0562 0x0fa0 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
23:53:47.0594 0x0fa0 NetBIOS - ok
23:53:47.0640 0x0fa0 [ 734837208CAFD6E0959A7A0333C95C9D, 0B7CD6E3CE43ABE021DBE6516492E326265EC0273F2F4297187CE70602CB8CE1 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
23:53:47.0672 0x0fa0 NetBT - ok
23:53:47.0687 0x0fa0 [ 62056ADD38513A86C4866E912371B56B, 9465E65EB4303BF87483B9621D402E848A50E6D22B05846A621A2761B9516A57 ] Netlogon C:\Windows\system32\lsass.exe
23:53:47.0703 0x0fa0 Netlogon - ok
23:53:47.0734 0x0fa0 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
23:53:47.0765 0x0fa0 Netman - ok
23:53:47.0859 0x0fa0 [ 10D5997E2F5F16FE3BC3BD1A4BF31EA8, 0DDC4855C00A581A35AB2A11D2AAACC844C460F13F524DD9B92B8F00C31173A7 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:53:47.0890 0x0fa0 NetMsmqActivator - ok
23:53:47.0906 0x0fa0 [ 10D5997E2F5F16FE3BC3BD1A4BF31EA8, 0DDC4855C00A581A35AB2A11D2AAACC844C460F13F524DD9B92B8F00C31173A7 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:53:47.0921 0x0fa0 NetPipeActivator - ok
23:53:47.0937 0x0fa0 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
23:53:47.0999 0x0fa0 netprofm - ok
23:53:48.0030 0x0fa0 [ 10D5997E2F5F16FE3BC3BD1A4BF31EA8, 0DDC4855C00A581A35AB2A11D2AAACC844C460F13F524DD9B92B8F00C31173A7 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:53:48.0046 0x0fa0 NetTcpActivator - ok
23:53:48.0062 0x0fa0 [ 10D5997E2F5F16FE3BC3BD1A4BF31EA8, 0DDC4855C00A581A35AB2A11D2AAACC844C460F13F524DD9B92B8F00C31173A7 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:53:48.0077 0x0fa0 NetTcpPortSharing - ok
23:53:48.0358 0x0fa0 [ 7A72041342E328E91DE46C41722D6AC3, 22A03FD214A5DE94CFC123605A975E14FDDB05A7B51E7BD02F74B617BC32A72F ] NETwNs64 C:\Windows\system32\DRIVERS\NETwsw00.sys
23:53:48.0576 0x0fa0 NETwNs64 - ok
23:53:48.0639 0x0fa0 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
23:53:48.0670 0x0fa0 nfrd960 - ok
23:53:48.0732 0x0fa0 [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc C:\Windows\System32\nlasvc.dll
23:53:48.0779 0x0fa0 NlaSvc - ok
23:53:48.0795 0x0fa0 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
23:53:48.0826 0x0fa0 Npfs - ok
23:53:48.0873 0x0fa0 [ 668B9EFF5CCA4542F435D2CD9CE3C778, 7409EF35D1DC0DE2BAB752694981FFA1F1855C7F11310366B80BD1EC3513262E ] nsi C:\Windows\system32\nsisvc.dll
23:53:48.0904 0x0fa0 nsi - ok
23:53:48.0935 0x0fa0 [ BE313E566EEA2A4B7F9AAC9782A567D4, 377C624737B1A4FBC1DFF988F029B8ED9A368827C33A4FEEBA1B7937A87C2B47 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
23:53:48.0998 0x0fa0 nsiproxy - ok
23:53:49.0091 0x0fa0 [ 1065D9AFE491706EB00AD3CBB76C9E54, 7014029663FC61932EACC07682A66EE5483F11968EF58DE9766A9D77238C6812 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
23:53:49.0122 0x0fa0 Ntfs - ok
23:53:49.0154 0x0fa0 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
23:53:49.0185 0x0fa0 Null - ok
23:53:49.0216 0x0fa0 [ 158AD24745BD85BA9BE3C51C38F48C32, B053A3B5A5CAE2CBC47E2C19E636AD70F376334EFFBB391A76562E67CBF3AC86 ] nusb3hub C:\Windows\system32\drivers\nusb3hub.sys
23:53:49.0247 0x0fa0 nusb3hub - ok
23:53:49.0263 0x0fa0 [ D40A13B2C0891E218F9523B376955DB6, 9A2AAAF960868B860A65579EAD507B35C64CFD6C3581F8D731ADF975F778D10E ] nusb3xhc C:\Windows\system32\drivers\nusb3xhc.sys
23:53:49.0278 0x0fa0 nusb3xhc - ok
23:53:49.0325 0x0fa0 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
23:53:49.0356 0x0fa0 nvraid - ok
23:53:49.0388 0x0fa0 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
23:53:49.0403 0x0fa0 nvstor - ok
23:53:49.0419 0x0fa0 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
23:53:49.0434 0x0fa0 nv_agp - ok
23:53:49.0450 0x0fa0 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
23:53:49.0466 0x0fa0 ohci1394 - ok
23:53:49.0497 0x0fa0 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
23:53:49.0528 0x0fa0 p2pimsvc - ok
23:53:49.0559 0x0fa0 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
23:53:49.0590 0x0fa0 p2psvc - ok
23:53:49.0606 0x0fa0 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\drivers\parport.sys
23:53:49.0622 0x0fa0 Parport - ok
23:53:49.0653 0x0fa0 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
23:53:49.0653 0x0fa0 partmgr - ok
23:53:49.0700 0x0fa0 [ 3CD83692C43D87088E85E3C916146FFB, 9E812535E8FBA045FDA30F68E9EB2031132C37721D542A2DC9D4C33E2B137FCF ] PcaSvc C:\Windows\System32\pcasvc.dll
23:53:49.0715 0x0fa0 PcaSvc - ok
23:53:49.0731 0x0fa0 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
23:53:49.0746 0x0fa0 pci - ok
23:53:49.0793 0x0fa0 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
23:53:49.0809 0x0fa0 pciide - ok
23:53:49.0871 0x0fa0 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
23:53:49.0902 0x0fa0 pcmcia - ok
23:53:49.0918 0x0fa0 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
23:53:49.0934 0x0fa0 pcw - ok
23:53:49.0949 0x0fa0 [ EA4D67448BE493D543F1730D6CD04694, 24717C5E41B7CA522F3330EF2228B6685E710A5259396E9887A1C1E7A413F8CA ] PEAUTH C:\Windows\system32\drivers\peauth.sys
23:53:49.0965 0x0fa0 PEAUTH - ok
23:53:50.0043 0x0fa0 [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
23:53:50.0105 0x0fa0 PeerDistSvc - ok
23:53:50.0168 0x0fa0 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
23:53:50.0199 0x0fa0 PerfHost - ok
23:53:50.0277 0x0fa0 [ BC5F8C5C7ACCD0B884FCB8B67616F537, 5C99E9D7E7095CED52B1F5F4A569E54F124602C573DD2B25731E0D57FDA22A27 ] pla C:\Windows\system32\pla.dll
23:53:50.0324 0x0fa0 pla - ok
23:53:50.0402 0x0fa0 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
23:53:50.0433 0x0fa0 PlugPlay - ok
23:53:50.0495 0x0fa0 [ F485770EEC8959684CC4C4786B63C06C, 34ECC6D83782A2F8E9E32456F3C6C527999283775626C772D0354D232A10604A ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
23:53:50.0558 0x0fa0 Pml Driver HPZ12 - ok
23:53:50.0589 0x0fa0 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
23:53:50.0620 0x0fa0 PNRPAutoReg - ok
23:53:50.0636 0x0fa0 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
23:53:50.0667 0x0fa0 PNRPsvc - ok
23:53:50.0714 0x0fa0 [ 80D6B0563ED2BF10656B1D4748331082, B7E6B5E1148B7EE537E8D5C3A65450876B61CD45A395267D08699746E98AD574 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
23:53:50.0745 0x0fa0 PolicyAgent - ok
23:53:50.0776 0x0fa0 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
23:53:50.0807 0x0fa0 Power - ok
23:53:50.0854 0x0fa0 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
23:53:50.0885 0x0fa0 PptpMiniport - ok
23:53:50.0901 0x0fa0 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\drivers\processr.sys
23:53:50.0916 0x0fa0 Processor - ok
23:53:50.0963 0x0fa0 [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc C:\Windows\system32\profsvc.dll
23:53:51.0010 0x0fa0 ProfSvc - ok
23:53:51.0026 0x0fa0 [ 62056ADD38513A86C4866E912371B56B, 9465E65EB4303BF87483B9621D402E848A50E6D22B05846A621A2761B9516A57 ] ProtectedStorage C:\Windows\system32\lsass.exe
23:53:51.0041 0x0fa0 ProtectedStorage - ok
23:53:51.0072 0x0fa0 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
23:53:51.0104 0x0fa0 Psched - ok
23:53:51.0135 0x0fa0 [ 052031A92809B438683FDCF5B574234D, F177BAD4444613DEC575FE19269BAFC90CD6B573C4FD3D7F429B321429583B36 ] qcfilterhp2k C:\Windows\system32\drivers\qcfilterhp2k.sys
23:53:51.0166 0x0fa0 qcfilterhp2k - ok
23:53:51.0197 0x0fa0 [ 9D8D8077A1B849AFEC221FDD33E9DADD, FD7A8980934C7166F40E40C2987809FD0D6EDA7B5D332BF6C693B8E33B95323F ] qcombushp C:\Windows\system32\drivers\qcombushp.sys
23:53:51.0213 0x0fa0 qcombushp - ok
23:53:51.0228 0x0fa0 [ 4AD8CB1E096872EE7A7F6FBEAC91B54A, 662D42DBF62BFB30DB48B3A8A36E443B199889B1FA12CA4E55F8B873D781CCBC ] qcusbserhp2k C:\Windows\system32\drivers\qcusbserhp2k.sys
23:53:51.0260 0x0fa0 qcusbserhp2k - ok
23:53:51.0353 0x0fa0 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
23:53:51.0384 0x0fa0 ql2300 - ok
23:53:51.0400 0x0fa0 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
23:53:51.0416 0x0fa0 ql40xx - ok
23:53:51.0447 0x0fa0 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
23:53:51.0462 0x0fa0 QWAVE - ok
23:53:51.0478 0x0fa0 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
23:53:51.0509 0x0fa0 QWAVEdrv - ok
23:53:51.0525 0x0fa0 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
23:53:51.0556 0x0fa0 RasAcd - ok
23:53:51.0587 0x0fa0 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
23:53:51.0618 0x0fa0 RasAgileVpn - ok
23:53:51.0634 0x0fa0 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
23:53:51.0665 0x0fa0 RasAuto - ok
23:53:51.0681 0x0fa0 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
23:53:51.0712 0x0fa0 Rasl2tp - ok
23:53:51.0728 0x0fa0 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
23:53:51.0774 0x0fa0 RasMan - ok
23:53:51.0774 0x0fa0 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
23:53:51.0806 0x0fa0 RasPppoe - ok
23:53:51.0821 0x0fa0 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
23:53:51.0852 0x0fa0 RasSstp - ok
23:53:51.0884 0x0fa0 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
23:53:51.0915 0x0fa0 rdbss - ok
23:53:51.0930 0x0fa0 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
23:53:51.0946 0x0fa0 rdpbus - ok
23:53:51.0962 0x0fa0 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
23:53:51.0993 0x0fa0 RDPCDD - ok
23:53:52.0008 0x0fa0 [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
23:53:52.0040 0x0fa0 RDPDR - ok
23:53:52.0055 0x0fa0 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
23:53:52.0102 0x0fa0 RDPENCDD - ok
23:53:52.0102 0x0fa0 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
23:53:52.0133 0x0fa0 RDPREFMP - ok
23:53:52.0164 0x0fa0 [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
23:53:52.0196 0x0fa0 RDPWD - ok
23:53:52.0211 0x0fa0 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
23:53:52.0227 0x0fa0 rdyboost - ok
23:53:52.0258 0x0fa0 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
23:53:52.0289 0x0fa0 RemoteAccess - ok
23:53:52.0305 0x0fa0 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
23:53:52.0336 0x0fa0 RemoteRegistry - ok
23:53:52.0367 0x0fa0 [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
23:53:52.0398 0x0fa0 RFCOMM - ok
23:53:52.0398 0x0fa0 [ 6FAF5B04BEDC66D300D9D233B2D222F0, 26068A89DC00B8CC5A9CD840C16CA073D4290F25F8CE2CD418EFF0EDF2C6495E ] rimmptsk C:\Windows\system32\drivers\rimmpx64.sys
23:53:52.0414 0x0fa0 rimmptsk - ok
23:53:52.0445 0x0fa0 [ 3DCA561AAF776AA2E356FB5B142AA5F8, E11F6776F02A09D64FDBB23D7169AB5467E0D8684AACB3D7CA8FAC42F3A02677 ] rimspci C:\Windows\system32\drivers\rimspe64.sys
23:53:52.0476 0x0fa0 rimspci - ok
23:53:52.0492 0x0fa0 [ 67F50C31713106FD1B0F286F86AA2B2E, 8E1CAAA442C749396DBCE63F2A9D1C44AE84C48B8DD7EE400E24AA4AE041495E ] rimsptsk C:\Windows\system32\drivers\rimspx64.sys
23:53:52.0523 0x0fa0 rimsptsk - ok
23:53:52.0539 0x0fa0 [ C4581F04AA130892555B821F1FBAA151, 8D517EE442A331AFE768A23067AAFE1491F94F66A58C5184823DF1CEB8DC53A0 ] risdpcie C:\Windows\system32\drivers\risdpe64.sys
23:53:52.0539 0x0fa0 risdpcie - ok
23:53:52.0570 0x0fa0 [ 5A227511ED22DDFEDF7EF7323C8F7D2F, 5056DED32432E192268BE8214B6152A488807357D1BBB769171843E589BF4320 ] risdxc C:\Windows\system32\DRIVERS\risdxc64.sys
23:53:52.0586 0x0fa0 risdxc - ok
23:53:52.0617 0x0fa0 [ 4D7EF3D46346EC4C58784DB964B365DE, 17AEE03C051998C5B50476AF43A95DC0A90AC08D07CED1172BEB2DD910762E19 ] rismxdp C:\Windows\system32\drivers\rixdpx64.sys
23:53:52.0632 0x0fa0 rismxdp - ok
23:53:52.0648 0x0fa0 [ A4579105A3C5B6290701EAD0C153E07A, C1070C93309FBD3D67E8BAFDF2B8FFE83D4F877396B21816F8AAC0FDE68335CC ] rixdpcie C:\Windows\system32\drivers\rixdpe64.sys
23:53:52.0679 0x0fa0 rixdpcie - ok
23:53:52.0710 0x0fa0 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
23:53:52.0742 0x0fa0 RpcEptMapper - ok
23:53:52.0757 0x0fa0 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
23:53:52.0773 0x0fa0 RpcLocator - ok
23:53:52.0820 0x0fa0 [ 3F1A199859B4F3F8357B2A0AF5666A54, B0ACE9384088B7D0E54CF82BF48D4FEAA518BDEF98A294BA8F5A37DFF0E45328 ] RpcSs C:\Windows\system32\rpcss.dll
23:53:52.0835 0x0fa0 RpcSs - ok
23:53:52.0851 0x0fa0 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
23:53:52.0898 0x0fa0 rspndr - ok
23:53:52.0913 0x0fa0 [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap C:\Windows\system32\drivers\vms3cap.sys
23:53:52.0929 0x0fa0 s3cap - ok
23:53:52.0929 0x0fa0 [ 62056ADD38513A86C4866E912371B56B, 9465E65EB4303BF87483B9621D402E848A50E6D22B05846A621A2761B9516A57 ] SamSs C:\Windows\system32\lsass.exe
23:53:52.0944 0x0fa0 SamSs - ok
23:53:52.0960 0x0fa0 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
23:53:52.0976 0x0fa0 sbp2port - ok
23:53:52.0991 0x0fa0 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
23:53:53.0038 0x0fa0 SCardSvr - ok
23:53:53.0054 0x0fa0 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
23:53:53.0085 0x0fa0 scfilter - ok
23:53:53.0163 0x0fa0 [ 40686B59C127F0C93B4234E4A1E3472A, B2DD61CB796C6AA8AFD285D43472B94646CA6D331D282818E0FDC9DE28DDE9CF ] Schedule C:\Windows\system32\schedsvc.dll
23:53:53.0210 0x0fa0 Schedule - ok
23:53:53.0225 0x0fa0 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
23:53:53.0241 0x0fa0 SCPolicySvc - ok
23:53:53.0256 0x0fa0 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
23:53:53.0288 0x0fa0 SDRSVC - ok
23:53:53.0319 0x0fa0 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
23:53:53.0334 0x0fa0 secdrv - ok
23:53:53.0381 0x0fa0 [ A19623BDD61E66A12AB53992002B4F3A, E351CEEC086084A417BA3BD0EEF46114D3147EC38E3EF8BE49B724F9D028CC56 ] seclogon C:\Windows\system32\seclogon.dll
23:53:53.0397 0x0fa0 seclogon - ok
23:53:53.0412 0x0fa0 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll
23:53:53.0444 0x0fa0 SENS - ok
23:53:53.0444 0x0fa0 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
23:53:53.0490 0x0fa0 SensrSvc - ok
23:53:53.0506 0x0fa0 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
23:53:53.0522 0x0fa0 Serenum - ok
23:53:53.0553 0x0fa0 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys
23:53:53.0600 0x0fa0 Serial - ok
23:53:53.0646 0x0fa0 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\drivers\sermouse.sys
23:53:53.0662 0x0fa0 sermouse - ok
23:53:53.0678 0x0fa0 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
23:53:53.0724 0x0fa0 SessionEnv - ok
23:53:53.0756 0x0fa0 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
23:53:53.0802 0x0fa0 sffdisk - ok
23:53:53.0818 0x0fa0 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
23:53:53.0849 0x0fa0 sffp_mmc - ok
23:53:53.0865 0x0fa0 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
23:53:53.0880 0x0fa0 sffp_sd - ok
23:53:53.0896 0x0fa0 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
23:53:53.0912 0x0fa0 sfloppy - ok
23:53:53.0943 0x0fa0 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
23:53:53.0974 0x0fa0 SharedAccess - ok
23:53:53.0990 0x0fa0 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:53:54.0036 0x0fa0 ShellHWDetection - ok
23:53:54.0052 0x0fa0 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
23:53:54.0068 0x0fa0 SiSRaid2 - ok
23:53:54.0083 0x0fa0 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
23:53:54.0083 0x0fa0 SiSRaid4 - ok
23:53:54.0114 0x0fa0 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
23:53:54.0146 0x0fa0 Smb - ok
23:53:54.0177 0x0fa0 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
23:53:54.0192 0x0fa0 SNMPTRAP - ok
23:53:54.0192 0x0fa0 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
23:53:54.0208 0x0fa0 spldr - ok
23:53:54.0239 0x0fa0 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe
23:53:54.0286 0x0fa0 Spooler - ok
23:53:54.0395 0x0fa0 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
23:53:54.0473 0x0fa0 sppsvc - ok
23:53:54.0473 0x0fa0 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
23:53:54.0504 0x0fa0 sppuinotify - ok
23:53:54.0567 0x0fa0 [ 72E6A150A8C8530B201832D1C801CDE6, EFBDD5D1FB924979E63D829A6970CB5552A746BEBB7C4D41066684CA16A374E0 ] srv C:\Windows\system32\DRIVERS\srv.sys
23:53:54.0582 0x0fa0 srv - ok
23:53:54.0614 0x0fa0 [ C4F67ABCC5033D334613F28F9E782809, A19E32E2EF790E88E7013C298AF0A34A9957A7CE55DF19FBD7BDF688D3767BA5 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
23:53:54.0629 0x0fa0 srv2 - ok
23:53:54.0660 0x0fa0 [ C53CB62B0E57488AAE41FDA0FF8A0AB9, 93614C72C578E348B66690585F8AC2B53C0C19D2C96AAD3E776D3389CA5E43B6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
23:53:54.0692 0x0fa0 srvnet - ok
23:53:54.0707 0x0fa0 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
23:53:54.0738 0x0fa0 SSDPSRV - ok
23:53:54.0754 0x0fa0 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
23:53:54.0785 0x0fa0 SstpSvc - ok
23:53:54.0801 0x0fa0 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\drivers\stexstor.sys
23:53:54.0816 0x0fa0 stexstor - ok
23:53:54.0879 0x0fa0 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
23:53:54.0910 0x0fa0 stisvc - ok
23:53:54.0926 0x0fa0 [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt C:\Windows\system32\drivers\vmstorfl.sys
23:53:54.0941 0x0fa0 storflt - ok
23:53:54.0957 0x0fa0 [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc C:\Windows\system32\storsvc.dll
23:53:55.0004 0x0fa0 StorSvc - ok
23:53:55.0019 0x0fa0 [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc C:\Windows\system32\drivers\storvsc.sys
23:53:55.0035 0x0fa0 storvsc - ok
23:53:55.0050 0x0fa0 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
23:53:55.0066 0x0fa0 swenum - ok
23:53:55.0097 0x0fa0 [ F64E7E37AE21D455E7CB56D3579EB524, B3807ED48C826120888A36EF5A0B0A9FCA40F0DEAD2BABF40CA4683B6AF5087F ] swg3knmea02 C:\Windows\system32\drivers\swg3knmea02.sys
23:53:55.0160 0x0fa0 swg3knmea02 - ok
23:53:55.0191 0x0fa0 [ 4318B1BD1295961E06442F6CBC44CB03, 6362954A979C9376F4954F7D0D91E5EFF63193EEBEEA2913D515CC4E0FBF6D97 ] swg3kser02 C:\Windows\system32\drivers\swg3kser02.sys
23:53:55.0222 0x0fa0 swg3kser02 - ok
23:53:55.0238 0x0fa0 [ D80AAC95E803B993EB1E74FCD8946AC2, 72708A0D0F49616D6CCD0FAFC429AA51512727C3314E589816E10A172187CD19 ] swibus02 C:\Windows\system32\drivers\swibus02.sys
23:53:55.0253 0x0fa0 swibus02 - ok
23:53:55.0269 0x0fa0 [ D80AAC95E803B993EB1E74FCD8946AC2, 72708A0D0F49616D6CCD0FAFC429AA51512727C3314E589816E10A172187CD19 ] swibusflt02 C:\Windows\system32\drivers\swibusflt02.sys
23:53:55.0284 0x0fa0 swibusflt02 - ok
23:53:55.0316 0x0fa0 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
23:53:55.0362 0x0fa0 swprv - ok
23:53:55.0409 0x0fa0 [ D268D2A0DB2A2BBE963E688D0B039267, DBEF7A1E1E015825E4C2BD80FE3D468E8A6840A44027381CDD4B96605D2FC12A ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
23:53:55.0440 0x0fa0 SynTP - ok
23:53:55.0534 0x0fa0 [ 2E730941CC5BF6200A4F56D1E9C24AAD, 758836D55DC84F3EBE9917DC6FAB8E6170A5B238FEDBCFDB6D7C5C6EA98E08B2 ] SysMain C:\Windows\system32\sysmain.dll
23:53:55.0596 0x0fa0 SysMain - ok
23:53:55.0612 0x0fa0 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:53:55.0643 0x0fa0 TabletInputService - ok
23:53:55.0659 0x0fa0 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
23:53:55.0690 0x0fa0 TapiSrv - ok
23:53:55.0799 0x0fa0 [ 7FB36A0A036ADDACE0A868E4A43C1C27, AFDCD57C49D06F31C02F37C81B67BA148CDC9B62AD62B771925D31339DDA9012 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
23:53:55.0846 0x0fa0 Tcpip - ok
23:53:55.0893 0x0fa0 [ 7FB36A0A036ADDACE0A868E4A43C1C27, AFDCD57C49D06F31C02F37C81B67BA148CDC9B62AD62B771925D31339DDA9012 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
23:53:55.0924 0x0fa0 TCPIP6 - ok
23:53:55.0971 0x0fa0 [ 7FE5586314EE7D6AA8483264A089E5AF, 4E3EA68713A45C22F1B9A1AA125E15D06D0C5E637B815537431ADFB6D7563879 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
23:53:55.0986 0x0fa0 tcpipreg - ok
23:53:56.0002 0x0fa0 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
23:53:56.0049 0x0fa0 TDPIPE - ok
23:53:56.0080 0x0fa0 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
23:53:56.0080 0x0fa0 TDTCP - ok
23:53:56.0111 0x0fa0 [ 4DD986720F7CB7A8A5D1226793097B9A, 9020375B45E9C966BF44CF425C127D7E0EC82EB99C7047F225C25402FF97743D ] tdx C:\Windows\system32\DRIVERS\tdx.sys
23:53:56.0142 0x0fa0 tdx - ok
23:53:56.0158 0x0fa0 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
23:53:56.0174 0x0fa0 TermDD - ok
23:53:56.0236 0x0fa0 [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService C:\Windows\System32\termsrv.dll
23:53:56.0283 0x0fa0 TermService - ok
23:53:56.0298 0x0fa0 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
23:53:56.0314 0x0fa0 Themes - ok
23:53:56.0330 0x0fa0 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
23:53:56.0361 0x0fa0 THREADORDER - ok
23:53:56.0408 0x0fa0 [ 48DDEF0B921DD331536CC82C1A8FF64F, 540107E278E4C7DE4F43D37F7EA7BC094B6755399C22EE3A68574AA8A7719ACC ] TPM C:\Windows\system32\drivers\tpm.sys
23:53:56.0439 0x0fa0 TPM - ok
23:53:56.0454 0x0fa0 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
23:53:56.0486 0x0fa0 TrkWks - ok
23:53:56.0532 0x0fa0 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:53:56.0564 0x0fa0 TrustedInstaller - ok
23:53:56.0610 0x0fa0 [ 2CF58216424757ED29605B4F18EC443C, 9D523FC075F7F41A17F60617670A976A8F2F2943444515DC3834720BDC37DFA0 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
23:53:56.0642 0x0fa0 tssecsrv - ok
23:53:56.0657 0x0fa0 [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
23:53:56.0704 0x0fa0 TsUsbFlt - ok
23:53:56.0720 0x0fa0 [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
23:53:56.0735 0x0fa0 TsUsbGD - ok
23:53:56.0751 0x0fa0 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
23:53:56.0798 0x0fa0 tunnel - ok
23:53:56.0813 0x0fa0 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
23:53:56.0829 0x0fa0 uagp35 - ok
23:53:56.0844 0x0fa0 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
23:53:56.0876 0x0fa0 udfs - ok
23:53:56.0891 0x0fa0 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
23:53:56.0922 0x0fa0 UI0Detect - ok
23:53:56.0938 0x0fa0 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
23:53:56.0954 0x0fa0 uliagpkx - ok
23:53:56.0969 0x0fa0 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys
23:53:56.0985 0x0fa0 umbus - ok
23:53:57.0000 0x0fa0 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\drivers\umpass.sys
23:53:57.0000 0x0fa0 UmPass - ok
23:53:57.0032 0x0fa0 [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService C:\Windows\System32\umrdp.dll
23:53:57.0063 0x0fa0 UmRdpService - ok
23:53:57.0078 0x0fa0 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
23:53:57.0110 0x0fa0 upnphost - ok
23:53:57.0156 0x0fa0 [ F957092C63CD71D85903CA0D8370F473, 4DEC2FC20329F248135DA24CB6694FD972DCCE8B1BBEA8D872FDE41939E96AAF ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
23:53:57.0203 0x0fa0 USBAAPL64 - ok
23:53:57.0250 0x0fa0 [ 9E68E917FB4B5C983438969643F53BEF, 7148BF1E7AFAFA025A51AA9A26B90ED85328B41C7F7791CB3460D9CF53245985 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
23:53:57.0281 0x0fa0 usbccgp - ok
23:53:57.0312 0x0fa0 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
23:53:57.0375 0x0fa0 usbcir - ok
23:53:57.0406 0x0fa0 [ 3F9D3902CE931E2A28DD8452AE915B67, C8BF042DD84FB2E3AE7FCDBA65923611FCBDAFD6410E42A5E58F8995D99AE16C ] usbehci C:\Windows\system32\drivers\usbehci.sys
23:53:57.0468 0x0fa0 usbehci - ok
23:53:57.0500 0x0fa0 [ 86B65EEBC03B936DE8B26E5A18D98FA2, 2981CF5A0FB6B6FE0A38363EA4804DB743C45E3E6E72DC3A2260F583377717C8 ] usbhub C:\Windows\system32\drivers\usbhub.sys
23:53:57.0531 0x0fa0 usbhub - ok
23:53:57.0531 0x0fa0 [ 099C2931C6F73EB1B9E13C560F61B50D, 83B64A52173243526E380C8FA0D913C7B07C2AF1806ECC4EC0D0B5523A7CBFAA ] usbohci C:\Windows\system32\drivers\usbohci.sys
23:53:57.0562 0x0fa0 usbohci - ok
23:53:57.0593 0x0fa0 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
23:53:57.0640 0x0fa0 usbprint - ok
23:53:57.0656 0x0fa0 [ D029DD09E22EB24318A8FC3D8138BA43, C95805E8BF75ECB939520AE86420B16467B0771C161C51C9F1A37649ADFADCD0 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:53:57.0687 0x0fa0 USBSTOR - ok
23:53:57.0702 0x0fa0 [ 5D7651347C7D702F4A5DE53603DC024F, F55532D13AB2FF6D4B6058113AF2710AC5C87059C9000942CF517198BABCD6F5 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
23:53:57.0718 0x0fa0 usbuhci - ok
23:53:57.0780 0x0fa0 [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
23:53:57.0874 0x0fa0 usbvideo - ok
23:53:57.0936 0x0fa0 [ 7B28E2FBE75115660FAB31079C0A9F29, 81BB5A3E64B652A672A0782A88ABF6DDD729D38712D0706CE0FB9DE6D1EE1515 ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
23:53:57.0968 0x0fa0 usb_rndisx - ok
23:53:57.0983 0x0fa0 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
23:53:58.0030 0x0fa0 UxSms - ok
23:53:58.0046 0x0fa0 [ 62056ADD38513A86C4866E912371B56B, 9465E65EB4303BF87483B9621D402E848A50E6D22B05846A621A2761B9516A57 ] VaultSvc C:\Windows\system32\lsass.exe
23:53:58.0061 0x0fa0 VaultSvc - ok
23:53:58.0061 0x0fa0 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
23:53:58.0077 0x0fa0 vdrvroot - ok
23:53:58.0092 0x0fa0 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
23:53:58.0139 0x0fa0 vds - ok
23:53:58.0170 0x0fa0 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
23:53:58.0186 0x0fa0 vga - ok
23:53:58.0217 0x0fa0 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
23:53:58.0233 0x0fa0 VgaSave - ok
23:53:58.0264 0x0fa0 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
23:53:58.0280 0x0fa0 vhdmp - ok
23:53:58.0326 0x0fa0 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
23:53:58.0342 0x0fa0 viaide - ok
23:53:58.0373 0x0fa0 [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus C:\Windows\system32\drivers\vmbus.sys
23:53:58.0389 0x0fa0 vmbus - ok
23:53:58.0389 0x0fa0 [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
23:53:58.0404 0x0fa0 VMBusHID - ok
23:53:58.0420 0x0fa0 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
23:53:58.0420 0x0fa0 volmgr - ok
23:53:58.0467 0x0fa0 [ 85C5468BC395819AE2A0C747334BA14C, 75EB4751F90F3347229442A5622539383CE0B1834EE7B995260D0D433BA2E25F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
23:53:58.0514 0x0fa0 volmgrx - ok
23:53:58.0529 0x0fa0 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
23:53:58.0560 0x0fa0 volsnap - ok
23:53:58.0576 0x0fa0 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
23:53:58.0592 0x0fa0 vsmraid - ok
23:53:58.0654 0x0fa0 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
23:53:58.0701 0x0fa0 VSS - ok
23:53:58.0716 0x0fa0 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
23:53:58.0732 0x0fa0 vwifibus - ok
23:53:58.0748 0x0fa0 [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
23:53:58.0779 0x0fa0 vwififlt - ok
23:53:58.0810 0x0fa0 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
23:53:58.0857 0x0fa0 W32Time - ok
23:53:58.0872 0x0fa0 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
23:53:58.0888 0x0fa0 WacomPen - ok
23:53:58.0888 0x0fa0 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
23:53:58.0919 0x0fa0 WANARP - ok
23:53:58.0935 0x0fa0 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
23:53:58.0966 0x0fa0 Wanarpv6 - ok
23:53:59.0075 0x0fa0 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
23:53:59.0138 0x0fa0 WatAdminSvc - ok
23:53:59.0184 0x0fa0 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
23:53:59.0231 0x0fa0 wbengine - ok
23:53:59.0278 0x0fa0 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
23:53:59.0309 0x0fa0 WbioSrvc - ok
23:53:59.0325 0x0fa0 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
23:53:59.0340 0x0fa0 wcncsvc - ok
23:53:59.0387 0x0fa0 [ BC00873272B3771CCDA38336AF2B4D4B, 3E412DEC5F172B4C5FD5C227CD790EE56B90A00A8B538704E8F973D230BE2289 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:53:59.0403 0x0fa0 WcsPlugInService - ok
23:53:59.0434 0x0fa0 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\drivers\wd.sys
23:53:59.0450 0x0fa0 Wd - ok
23:53:59.0512 0x0fa0 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
23:53:59.0543 0x0fa0 Wdf01000 - ok
23:53:59.0574 0x0fa0 [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost C:\Windows\system32\wdi.dll
23:53:59.0606 0x0fa0 WdiServiceHost - ok
23:53:59.0621 0x0fa0 [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost C:\Windows\system32\wdi.dll
23:53:59.0637 0x0fa0 WdiSystemHost - ok
23:53:59.0668 0x0fa0 [ EE841B6D1F2B9508D3ABAE52AC05A94F, F1AE981FCDBFC4672A4EABABD41382E93762EFC2EDAD96E75530E7ACA5AF1FD8 ] WebClient C:\Windows\System32\webclnt.dll
23:53:59.0684 0x0fa0 WebClient - ok
23:53:59.0715 0x0fa0 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
23:53:59.0762 0x0fa0 Wecsvc - ok
23:53:59.0777 0x0fa0 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
23:53:59.0808 0x0fa0 wercplsupport - ok
23:53:59.0840 0x0fa0 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
23:53:59.0871 0x0fa0 WerSvc - ok
23:53:59.0871 0x0fa0 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
23:53:59.0902 0x0fa0 WfpLwf - ok
23:53:59.0918 0x0fa0 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
23:53:59.0933 0x0fa0 WIMMount - ok
23:53:59.0949 0x0fa0 WinDefend - ok
23:53:59.0964 0x0fa0 WinHttpAutoProxySvc - ok
23:54:00.0011 0x0fa0 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
23:54:00.0042 0x0fa0 Winmgmt - ok
23:54:00.0152 0x0fa0 [ EBDA1B0F15CB9B2CBCC6C94824E4E054, C51314F7D611E4903DA00EFA8EB99365414436324D256083CE0B5A8E055E8E06 ] WinRM C:\Windows\system32\WsmSvc.dll
23:54:00.0214 0x0fa0 WinRM - ok
23:54:00.0276 0x0fa0 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
23:54:00.0308 0x0fa0 WinUsb - ok
23:54:00.0386 0x0fa0 [ 4B7912EB80820EAC543EE54806EFCAF0, 4D9186F9FE80F03C85C4DC73342EE5870DF1021BD29974BE33557CEA0D524667 ] Wlansvc C:\Windows\System32\wlansvc.dll
23:54:00.0417 0x0fa0 Wlansvc - ok
23:54:00.0588 0x0fa0 [ 357CABBF155AFD1D3926E62539D2A3A7, C43CFF84E7D930B4999DC061AB0766B57AAD7540B3E6EE54605B10ECE90825F5 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:54:00.0635 0x0fa0 wlidsvc - ok
23:54:00.0666 0x0fa0 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
23:54:00.0682 0x0fa0 WmiAcpi - ok
23:54:00.0713 0x0fa0 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
23:54:00.0729 0x0fa0 wmiApSrv - ok
23:54:00.0760 0x0fa0 WMPNetworkSvc - ok
23:54:00.0776 0x0fa0 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
23:54:00.0822 0x0fa0 WPCSvc - ok
23:54:00.0838 0x0fa0 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
23:54:00.0869 0x0fa0 WPDBusEnum - ok
23:54:00.0885 0x0fa0 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
23:54:00.0916 0x0fa0 ws2ifsl - ok
23:54:00.0916 0x0fa0 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll
23:54:00.0932 0x0fa0 wscsvc - ok
23:54:00.0932 0x0fa0 WSearch - ok
23:54:01.0072 0x0fa0 [ 88009DB9E1166B6B6713A858C176FECD, CBF4C63D3C5D14AF3C3F0D9C48E5AC9E7A4323BFB0363E9948FD801963BE1467 ] wuauserv C:\Windows\system32\wuaueng.dll
23:54:01.0134 0x0fa0 wuauserv - ok
23:54:01.0181 0x0fa0 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
23:54:01.0212 0x0fa0 WudfPf - ok
23:54:01.0228 0x0fa0 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
23:54:01.0244 0x0fa0 WUDFRd - ok
23:54:01.0290 0x0fa0 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
23:54:01.0322 0x0fa0 wudfsvc - ok
23:54:01.0368 0x0fa0 [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll
23:54:01.0400 0x0fa0 WwanSvc - ok
23:54:01.0446 0x0fa0 ================ Scan global ===============================
23:54:01.0478 0x0fa0 [ 168EA9CD9BD6056BB6F60B57D5304BBE, 5A2F98754F042A7D80E7483842967EB362F01D57CE9720B24C7EDAA047F24C6F ] C:\Windows\system32\basesrv.dll
23:54:01.0524 0x0fa0 [ 66A8A9412337B08E1735204B8ADEE58C, 766429FBB014A9CA6AEFD39579C3F33625335A3DFD88AB324E4534978695B887 ] C:\Windows\system32\winsrv.dll
23:54:01.0540 0x0fa0 [ 66A8A9412337B08E1735204B8ADEE58C, 766429FBB014A9CA6AEFD39579C3F33625335A3DFD88AB324E4534978695B887 ] C:\Windows\system32\winsrv.dll
23:54:01.0571 0x0fa0 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
23:54:01.0602 0x0fa0 [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
23:54:01.0618 0x0fa0 [ Global ] - ok
23:54:01.0618 0x0fa0 ================ Scan MBR ==================================
23:54:01.0634 0x0fa0 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
23:54:01.0868 0x0fa0 \Device\Harddisk0\DR0 - ok
23:54:01.0868 0x0fa0 ================ Scan VBR ==================================
23:54:01.0868 0x0fa0 [ 165FA13C7B6A051C077D771CA654857C ] \Device\Harddisk0\DR0\Partition1
23:54:01.0868 0x0fa0 \Device\Harddisk0\DR0\Partition1 - ok
23:54:01.0868 0x0fa0 [ 448B853D3395739FB276CCA9AA70C5A4 ] \Device\Harddisk0\DR0\Partition2
23:54:01.0883 0x0fa0 \Device\Harddisk0\DR0\Partition2 - ok
23:54:01.0883 0x0fa0 ================ Scan generic autorun ======================
23:54:01.0883 0x0fa0 SynTPEnh - ok
23:54:01.0914 0x0fa0 [ B14E534653347DC3FAF685DAD7C512E0, AC42D34CC08DEE59C3C5F101FC58121D36AD9AE67237CBFB9BDA93EB1D267B9C ] C:\Windows\system32\igfxtray.exe
23:54:01.0930 0x0fa0 IgfxTray - ok
23:54:01.0961 0x0fa0 [ 5B4E5176FBA1A7724B2355FBB5A6BEDA, D2614253D70F2147570E18462D41DE2B1481F9272080712DB6A329080CC8C1EF ] C:\Windows\system32\igfxpers.exe
23:54:01.0977 0x0fa0 Persistence - ok
23:54:02.0070 0x0fa0 [ 4B6E5E5810D06E94C552AEB76B4D954C, 1B40233357A2AB589C82AD99369411004C899DEBFFCB0A3F399FD5CF12F1CD6B ] C:\Program Files\iTunes\iTunesHelper.exe
23:54:02.0102 0x0fa0 iTunesHelper - ok
23:54:02.0164 0x0fa0 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
23:54:02.0211 0x0fa0 Sidebar - ok
23:54:02.0226 0x0fa0 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
23:54:02.0258 0x0fa0 mctadmin - ok
23:54:02.0273 0x0fa0 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
23:54:02.0304 0x0fa0 Sidebar - ok
23:54:02.0320 0x0fa0 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
23:54:02.0336 0x0fa0 mctadmin - ok
23:54:02.0336 0x0fa0 Waiting for KSN requests completion. In queue: 140
23:54:03.0412 0x0fa0 AV detected via SS2: Malwarebytes, C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe ( 3.0.0.181 ), 0x61000 ( enabled : updated )
23:54:03.0412 0x0fa0 Win FW state via NFP2: enabled ( trusted )
23:54:03.0521 0x0fa0 ============================================================
23:54:03.0521 0x0fa0 Scan finished
23:54:03.0521 0x0fa0 ============================================================
23:54:03.0521 0x1008 Detected object count: 1
23:54:03.0521 0x1008 Actual detected object count: 1
23:57:18.0272 0x1008 iusb3hub ( ForgedFile.Multi.Generic ) - skipped by user
23:57:18.0272 0x1008 iusb3hub ( ForgedFile.Multi.Generic ) - User select action: Skip
23:58:55.0413 0x0884 Deinitialize success
|
|
19.09.2018, 08:12
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Jts\jars\jts4launch-970_1525195389000.dat / Enthält Erkennungsmuster des Exploits EXP/2012-1723.EB Adware/Junkware/Toolbars entfernen Alte Versionen von adwCleaner vorher löschen, danach neu runterladen auf den Desktop! Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren! adwCleaner v7.x Downloade Dir bitte AdwCleaner auf deinen Desktop (Bebilderte Anleitung).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.09.2018, 20:03
| #9 |
| | Jts\jars\jts4launch-970_1525195389000.dat / Enthält Erkennungsmuster des Exploits EXP/2012-1723.EB Hallo, hier nun die log-Datei des Adwcleaners: Code:
ATTFilter # -------------------------------
# Malwarebytes AdwCleaner 7.2.3.1
# -------------------------------
# Build: 09-03-2018
# Database: (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 09-19-2018
# Duration: 00:00:01
# OS: Windows 7 Professional
# Cleaned: 3
# Failed: 0
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
Deleted C:\Users\_installuser\AppData\Local\Temp\DMR
***** [ Files ] *****
No malicious files cleaned.
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
Deleted HKCU\Software\Conduit
Deleted HKLM\Software\Wow6432Node\Conduit
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
*************************
[+] Delete Prefetch
[+] Delete Tracing Keys
[+] Reset Chromium Policies
[+] Reset IE Policies
[+] Reset Proxy Settings
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [1378 octets] - [19/09/2018 20:54:38]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
|
|
19.09.2018, 22:08
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Jts\jars\jts4launch-970_1525195389000.dat / Enthält Erkennungsmuster des Exploits EXP/2012-1723.EB adwcleaner bitte zwecks Kontrolle wiederholen
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.09.2018, 22:40
| #11 |
| | Jts\jars\jts4launch-970_1525195389000.dat / Enthält Erkennungsmuster des Exploits EXP/2012-1723.EB Hier der erneute Scan: Code:
ATTFilter # -------------------------------
# Malwarebytes AdwCleaner 7.2.3.1
# -------------------------------
# Build: 09-03-2018
# Database: (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 09-19-2018
# Duration: 00:00:11
# OS: Windows 7 Professional
# Scanned: 41929
# Detected: 0
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
No malicious folders found.
***** [ Files ] *****
No malicious files found.
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
No malicious tasks found.
***** [ Registry ] *****
No malicious registry entries found.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries found.
***** [ Chromium URLs ] *****
No malicious Chromium URLs found.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries found.
***** [ Firefox URLs ] *****
No malicious Firefox URLs found.
AdwCleaner[S00].txt - [1378 octets] - [19/09/2018 20:54:38]
AdwCleaner[C00].txt - [1605 octets] - [19/09/2018 20:55:39]
AdwCleaner[S01].txt - [1367 octets] - [19/09/2018 23:34:28]
AdwCleaner[S02].txt - [1428 octets] - [19/09/2018 23:36:56]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S03].txt ##########
|
|
19.09.2018, 22:49
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Jts\jars\jts4launch-970_1525195389000.dat / Enthält Erkennungsmuster des Exploits EXP/2012-1723.EB Ich brauche neue FRST-Logs . Haken setzen bei addition.txt dann auf Untersuchen klicken.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.09.2018, 23:01
| #13 |
| | Jts\jars\jts4launch-970_1525195389000.dat / Enthält Erkennungsmuster des Exploits EXP/2012-1723.EB Hier die FRST-Log: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 15.09.2018
durchgeführt von _installuser (Administrator) auf OMEGA (19-09-2018 23:56:56)
Gestartet von C:\Users\_installuser\Desktop
Geladene Profile: _installuser (Verfügbare Profile: _installuser)
Platform: Windows 7 Professional Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2174760 2010-06-03] (Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-01-22] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2512057628-3289055196-2243051686-1000\...\MountPoints2: {042abebb-0749-11e6-a6a7-3c77e6edbb80} - D:\AutoRun.exe
HKU\S-1-5-21-2512057628-3289055196-2243051686-1000\...\MountPoints2: {29787cae-fd45-11e5-8ebe-344b50b7ef3f} - D:\AutoRun.exe
HKU\S-1-5-21-2512057628-3289055196-2243051686-1000\...\MountPoints2: {29787d72-fd45-11e5-8ebe-344b50b7ef3f} - D:\AutoRun.exe
HKU\S-1-5-21-2512057628-3289055196-2243051686-1000\...\MountPoints2: {33849857-fc7c-11e5-a85f-344b50b7ef3f} - D:\AutoRun.exe
HKU\S-1-5-21-2512057628-3289055196-2243051686-1000\...\MountPoints2: {f7bfd870-e117-11e4-b804-3c77e6edbb80} - D:\AutoRun.exe
HKU\S-1-5-21-2512057628-3289055196-2243051686-1000\...\MountPoints2: {f7bfd880-e117-11e4-b804-3c77e6edbb80} - D:\AutoRun.exe
HKU\S-1-5-21-2512057628-3289055196-2243051686-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk [2016-07-29]
ShortcutTarget: Adobe Gamma Loader.exe.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{8069F9D3-AB99-4DEF-A83B-5EF0EF0AFA02}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{835C47E5-0D0E-4AA3-B8CE-88502822C420}: [DhcpNameServer] 2.152.0.10 2.152.0.12
Tcpip\..\Interfaces\{A872B82D-C82C-4CBF-A0F2-3C305E5572D1}: [DhcpNameServer] 192.168.0.1 192.168.0.1
Tcpip\..\Interfaces\{DFADC35A-EB7C-431B-AF4D-CAF2BAFD6EA1}: [DhcpNameServer] 192.168.42.129
Internet Explorer:
==================
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
FireFox:
========
FF ProfilePath: C:\Users\_installuser\AppData\Roaming\Mozilla\Firefox\Profiles\m8gs1x8x.default-1488397295641 [2018-09-19]
FF Extension: (Youtube Downloader mp3) - C:\Users\_installuser\AppData\Roaming\Mozilla\Firefox\Profiles\m8gs1x8x.default-1488397295641\Extensions\@youtube_downloader.xpi [2018-09-07]
FF Extension: (Page To PDF) - C:\Users\_installuser\AppData\Roaming\Mozilla\Firefox\Profiles\m8gs1x8x.default-1488397295641\Extensions\page2pdf@epistemex.com.xpi [2018-03-26]
FF Extension: (Video DownloadHelper) - C:\Users\_installuser\AppData\Roaming\Mozilla\Firefox\Profiles\m8gs1x8x.default-1488397295641\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2018-08-25]
FF Extension: (Firefox Monitor) - C:\Users\_installuser\AppData\Roaming\Mozilla\Firefox\Profiles\m8gs1x8x.default-1488397295641\features\{2597433e-f527-4a24-840b-6ade479e0e32}\fxmonitor@mozilla.org.xpi [2018-09-19]
FF Extension: (Telemetry coverage) - C:\Users\_installuser\AppData\Roaming\Mozilla\Firefox\Profiles\m8gs1x8x.default-1488397295641\features\{2597433e-f527-4a24-840b-6ade479e0e32}\telemetry-coverage-bug1487578@mozilla.org.xpi [2018-09-19] [Legacy]
FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-22] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-22] (Google Inc.)
FF Plugin HKU\S-1-5-21-2512057628-3289055196-2243051686-1000: tdameritrade.com/thinkorswim -> C:\Program Files\thinkorswim\npthinkorswim.dll [Keine Datei]
FF Plugin HKU\S-1-5-21-2512057628-3289055196-2243051686-1000: tdameritrade.com/tossc -> C:\Program Files\thinkorswim\nptossc.dll [Keine Datei]
Chrome:
=======
CHR Profile: C:\Users\_installuser\AppData\Local\Google\Chrome\User Data\Default [2018-09-18]
CHR Extension: (Präsentationen) - C:\Users\_installuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-01-30]
CHR Extension: (Docs) - C:\Users\_installuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-30]
CHR Extension: (Google Drive) - C:\Users\_installuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-01]
CHR Extension: (YouTube) - C:\Users\_installuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-01]
CHR Extension: (Tabellen) - C:\Users\_installuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-01-30]
CHR Extension: (Avira Browserschutz) - C:\Users\_installuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2018-09-09]
CHR Extension: (Google Docs Offline) - C:\Users\_installuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-09-09]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\_installuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-09-09]
CHR Extension: (Google Mail) - C:\Users\_installuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-01]
CHR Extension: (Chrome Media Router) - C:\Users\_installuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-09-09]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
==================== Dienste (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2016-03-06] (Adobe Systems) [Datei ist nicht signiert]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-01-05] (Apple Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ======================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [152688 2018-07-12] (Malwarebytes)
S3 IFCoEMP; C:\Windows\system32\drivers\ifM60x64.sys [388368 2011-11-30] (Intel(R) Corporation)
S3 IFCoEVB; C:\Windows\system32\drivers\ifP60X64.sys [78096 2011-11-30] (Intel(R) Corporation)
S3 iusb3hub; C:\Windows\System32\DRIVERS\iusb3hub.sys [368624 2013-08-15] () [Datei ist nicht signiert]
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193256 2018-09-18] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [117472 2018-09-19] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [52328 2018-09-19] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [259360 2018-09-19] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [98616 2018-09-19] (Malwarebytes)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
S3 qcfilterhp2k; C:\Windows\system32\drivers\qcfilterhp2k.sys [6400 2011-04-29] (QUALCOMM Incorporated)
S3 qcombushp; C:\Windows\system32\drivers\qcombushp.sys [160328 2011-04-29] (MCCI)
S3 qcusbserhp2k; C:\Windows\system32\drivers\qcusbserhp2k.sys [230784 2011-04-29] (QUALCOMM Incorporated)
S3 swg3knmea02; C:\Windows\system32\drivers\swg3knmea02.sys [259200 2011-06-15] (Sierra Wireless Incorporated)
S3 swg3kser02; C:\Windows\system32\drivers\swg3kser02.sys [259200 2011-06-24] (Sierra Wireless Incorporated)
S3 swibus02; C:\Windows\system32\drivers\swibus02.sys [73216 2011-07-06] (Sierra Wireless Inc.)
S3 swibusflt02; C:\Windows\system32\drivers\swibusflt02.sys [73216 2011-07-06] (Sierra Wireless Inc.)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2018-09-19 23:56 - 2018-09-19 23:57 - 000011951 _____ C:\Users\_installuser\Desktop\FRST.txt
2018-09-19 20:51 - 2018-09-19 20:55 - 000000000 ____D C:\AdwCleaner
2018-09-19 20:51 - 2018-09-19 20:51 - 007571152 _____ (Malwarebytes) C:\Users\_installuser\Desktop\adwcleaner_7.2.3.1.exe
2018-09-18 23:51 - 2018-09-18 23:58 - 000209338 _____ C:\TDSSKiller.3.1.0.17_18.09.2018_23.51.15_log.txt
2018-09-18 23:49 - 2018-09-18 23:49 - 004949824 _____ (AO Kaspersky Lab) C:\Users\_installuser\Desktop\tdsskiller.exe
2018-09-18 23:22 - 2018-09-19 20:56 - 000259360 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-09-18 22:28 - 2018-09-18 22:28 - 000001071 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2018-09-18 22:28 - 2018-09-18 22:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2018-09-18 22:28 - 2018-09-18 22:28 - 000000000 ____D C:\Program Files\VS Revo Group
2018-09-18 22:27 - 2018-09-18 22:28 - 007197480 _____ (VS Revo Group ) C:\Users\_installuser\Downloads\revosetup205.exe
2018-09-18 21:51 - 2018-09-18 21:54 - 000036159 _____ C:\Users\_installuser\Downloads\Addition.txt
2018-09-18 21:50 - 2018-09-18 21:54 - 000041201 _____ C:\Users\_installuser\Downloads\FRST.txt
2018-09-18 21:49 - 2018-09-19 23:56 - 000000000 ____D C:\FRST
2018-09-18 21:48 - 2018-09-18 21:49 - 002413568 _____ (Farbar) C:\Users\_installuser\Desktop\FRST64.exe
2018-09-18 11:36 - 2018-09-19 22:11 - 000098616 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-09-18 11:36 - 2018-09-18 11:43 - 000000000 ____D C:\Users\_installuser\Desktop\Internet Security
2018-09-18 11:33 - 2018-09-19 20:56 - 000052328 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-09-18 11:33 - 2018-09-18 11:33 - 000000000 ____D C:\Users\_installuser\AppData\Local\mbam
2018-09-18 11:32 - 2018-09-19 20:56 - 000117472 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-09-18 11:32 - 2018-09-18 11:32 - 000193256 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-09-18 11:32 - 2018-09-18 11:32 - 000001904 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-09-18 11:32 - 2018-09-18 11:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-09-18 11:32 - 2018-09-18 11:32 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-09-18 11:32 - 2018-09-18 11:32 - 000000000 ____D C:\Program Files\Malwarebytes
2018-09-18 11:32 - 2018-07-12 08:42 - 000152688 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2018-09-18 11:28 - 2018-09-18 11:30 - 081615816 _____ (Malwarebytes ) C:\Users\_installuser\Downloads\mb3-setup-consumer-3.5.1.2522-1.0.441-1.0.6871.exe
2018-09-09 23:02 - 2018-09-09 21:07 - 000001274 _____ C:\Users\_installuser\AppData\Local\recently-used.xbel
2018-09-09 22:38 - 2018-09-09 22:40 - 067623312 _____ (PortableApps.com) C:\Users\_installuser\Downloads\InkscapePortable_0.92.3.paf.exe
2018-09-09 15:55 - 2018-09-09 15:59 - 000077097 _____ C:\Users\_installuser\Monster fluffy template.svg
2018-09-08 00:54 - 2018-09-08 00:54 - 000001643 _____ C:\Users\_installuser\Neues Dokument 1.2018_09_08_00_54_16.0.svg
2018-09-08 00:51 - 2018-09-08 01:11 - 000524987 _____ C:\Users\_installuser\Neues Dokument 1.2018_09_08_00_51_23.0.svg
2018-09-07 22:32 - 2018-09-07 22:32 - 000000000 ____D C:\Users\_installuser\AppData\Roaming\inkscape
2018-09-07 22:30 - 2018-09-07 22:30 - 000000861 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inkscape.lnk
2018-09-07 22:30 - 2018-09-07 22:30 - 000000849 _____ C:\Users\Public\Desktop\Inkscape.lnk
2018-09-07 22:29 - 2018-09-07 22:31 - 000000000 ____D C:\Program Files\Inkscape
2018-09-07 22:28 - 2018-09-07 22:28 - 067460478 _____ (Inkscape project) C:\Users\_installuser\Downloads\inkscape-0.92.3-x64.exe
2018-08-26 01:25 - 2018-08-26 02:22 - 000010035 _____ C:\Users\_installuser\Downloads\Trump hair.gvdesign
2018-08-26 01:23 - 2018-08-26 01:23 - 000012856 _____ C:\Users\_installuser\Downloads\Graphics.gvdesign
2018-08-26 01:14 - 2018-08-26 01:14 - 000141051 _____ C:\Users\_installuser\Downloads\cartoon-2026566.svg
2018-08-26 01:14 - 2018-08-26 01:14 - 000011402 _____ C:\Users\_installuser\Downloads\donald-trump-2789735.svg
2018-08-26 01:13 - 2018-08-26 01:13 - 000003788 _____ C:\Users\_installuser\Downloads\president-3166216.svg
2018-08-26 00:30 - 2018-08-26 00:30 - 000120211 _____ C:\Users\_installuser\Downloads\donald-trump-2035951.svg
2018-08-26 00:27 - 2018-08-26 00:27 - 000015962 _____ C:\Users\_installuser\Downloads\donald-trump-1967309.svg
2018-08-25 20:51 - 2018-08-26 02:22 - 000000000 ____D C:\Users\_installuser\AppData\Roaming\GravitDesigner
2018-08-25 20:51 - 2018-08-25 20:51 - 000000000 ____D C:\Users\_installuser\AppData\Roaming\gravit
2018-08-25 19:47 - 2018-08-25 19:49 - 093757968 _____ (Gravit GmbH) C:\Users\_installuser\Downloads\GravitDesigner.exe
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2018-09-19 23:38 - 2017-03-09 22:14 - 000000000 ____D C:\Users\_installuser\AppData\LocalLow\Mozilla
2018-09-19 21:04 - 2009-07-14 06:45 - 000021504 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-09-19 21:04 - 2009-07-14 06:45 - 000021504 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-09-19 20:56 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-09-18 23:23 - 2016-02-21 00:50 - 000000000 ____D C:\Program Files (x86)\NCH Software
2018-09-18 23:22 - 2017-03-27 18:26 - 000000000 ____D C:\ProgramData\McAfee
2018-09-18 23:22 - 2009-07-14 06:45 - 000268536 _____ C:\Windows\system32\FNTCACHE.DAT
2018-09-18 23:21 - 2018-05-17 10:12 - 000000000 ____D C:\Program Files (x86)\Epubor
2018-09-18 23:21 - 2017-09-18 21:22 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-09-18 23:21 - 2017-03-28 21:48 - 000000000 ____D C:\Program Files\Common Files\McAfee
2018-09-18 23:21 - 2015-03-28 00:45 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-09-18 23:21 - 2014-12-02 09:23 - 000000000 ____D C:\Program Files (x86)\Avira
2018-09-18 23:01 - 2016-02-21 00:50 - 000000000 ____D C:\ProgramData\NCH Software
2018-09-18 22:58 - 2015-04-13 09:33 - 000000000 ____D C:\Program Files (x86)\OpenOffice 4
2018-09-18 22:57 - 2015-04-13 09:33 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1
2018-09-18 22:54 - 2017-03-27 18:26 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-09-18 22:54 - 2017-03-27 18:26 - 000000000 ____D C:\Windows\system32\Macromed
2018-09-18 22:48 - 2014-12-02 09:23 - 000000000 ____D C:\ProgramData\Package Cache
2018-09-18 22:47 - 2014-12-02 09:23 - 000000000 ____D C:\ProgramData\Avira
2018-09-18 22:35 - 2016-01-18 15:16 - 000000000 ____D C:\Program Files (x86)\7-Zip
2018-09-18 22:04 - 2017-03-01 21:47 - 000002259 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-09-18 22:04 - 2017-03-01 21:47 - 000002218 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-09-09 22:36 - 2010-11-21 08:50 - 000699682 _____ C:\Windows\system32\perfh007.dat
2018-09-09 22:36 - 2010-11-21 08:50 - 000149790 _____ C:\Windows\system32\perfc007.dat
2018-09-09 22:36 - 2009-07-14 07:13 - 001620684 _____ C:\Windows\system32\PerfStringBackup.INI
2018-09-09 22:36 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2018-09-09 15:55 - 2014-12-02 09:10 - 000000000 ____D C:\Users\_installuser
2018-08-25 19:42 - 2015-05-05 13:24 - 000000000 ____D C:\TickDataDownloader
2018-08-25 19:41 - 2016-02-02 15:00 - 000000000 ____D C:\Windows\system32\appmgmt
2018-08-25 19:39 - 2016-04-01 12:40 - 000000000 ____D C:\Program Files (x86)\AmiBroker
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2015-01-04 12:19 - 2016-04-01 12:36 - 001513472 _____ () C:\Program Files\7z938-x64.msi
2015-01-04 12:19 - 2016-04-01 12:36 - 001182190 _____ () C:\Program Files\7z938.exe
2018-09-09 23:02 - 2018-09-09 21:07 - 000001274 _____ () C:\Users\_installuser\AppData\Local\recently-used.xbel
2016-01-29 08:16 - 2016-01-29 08:16 - 000007602 _____ () C:\Users\_installuser\AppData\Local\Resmon.ResmonCfg
==================== Bamital & volsnap ======================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2018-09-18 12:08
==================== Ende von FRST.txt ============================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 15.09.2018
durchgeführt von _installuser (19-09-2018 23:57:41)
Gestartet von C:\Users\_installuser\Desktop
Windows 7 Professional Service Pack 1 (X64) (2014-12-02 07:09:57)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-2512057628-3289055196-2243051686-500 - Administrator - Disabled)
Gast (S-1-5-21-2512057628-3289055196-2243051686-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2512057628-3289055196-2243051686-1002 - Limited - Enabled)
_installuser (S-1-5-21-2512057628-3289055196-2243051686-1000 - Administrator - Enabled) => C:\Users\_installuser
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Adobe Photoshop 6.0 (HKLM-x32\...\Adobe Photoshop 6.0) (Version: 6.0 - Adobe Systems, Inc.)
Apple Application Support (32-Bit) (HKLM-x32\...\{D4C80B0C-CF67-43A7-90C3-466853543B54}) (Version: 6.3 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{B2A2E8AF-BC48-4191-B2C4-3846A19835CA}) (Version: 6.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{AA7D90D2-2387-4FA5-A3AF-96811BE49BFD}) (Version: 11.0.5.14 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{19589375-5C58-4AFA-842F-8B34744CCEAD}) (Version: 2.5.0.1 - Apple Inc.)
Bolt PDF Printer (HKLM-x32\...\BoltPDF) (Version: 2.03 - NCH Software)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon Camera WIA Driver (HKLM-x32\...\{652C4ADF-0A29-4B02-9211-EE61675847DE}) (Version: 5.5 - Canon) Hidden
Canon Camera WIA Driver (HKLM-x32\...\{C537C86E-22C0-41CF-8A8E-3B23E986C3D9}) (Version: 5.3 - Canon) Hidden
Canon Camera WIA Driver (HKLM-x32\...\{ED9775A0-383E-4EAA-8DA5-8CC6860D60A3}) (Version: 5.4 - Canon) Hidden
Canon EOS 20D WIA Driver (HKLM-x32\...\InstallShield_{ED9775A0-383E-4EAA-8DA5-8CC6860D60A3}) (Version: 5.4 - Canon)
Canon EOS-1D Mark II WIA Driver (HKLM-x32\...\InstallShield_{C537C86E-22C0-41CF-8A8E-3B23E986C3D9}) (Version: 5.3 - Canon)
Canon EOS-1Ds Mark II WIA Driver (HKLM-x32\...\InstallShield_{652C4ADF-0A29-4B02-9211-EE61675847DE}) (Version: 5.5 - Canon)
Canon Utilities Digital Photo Professional 1.5 (HKLM-x32\...\{48859B06-6074-4ED0-8A1E-5730CD42F9B1}) (Version: 1.5 - Canon) Hidden
Canon Utilities Digital Photo Professional 1.5 (HKLM-x32\...\InstallShield_{48859B06-6074-4ED0-8A1E-5730CD42F9B1}) (Version: 1.5 - Canon)
Canon Utilities EOS Capture 1.2 (HKLM-x32\...\InstallShield_{74BE7519-41A7-45A8-8AA6-78C7907A4808}) (Version: 1.2 - Canon)
Canon Utilities EOS Viewer Utility 1.2 (HKLM-x32\...\InstallShield_{750CF8D7-4B04-404F-AFA2-14C129C42373}) (Version: 1.2.1 - Canon)
Canon Utilities PhotoStitch 3.1 (HKLM-x32\...\InstallShield_{218BBBE3-FE63-4BB2-81A8-7435575A84FA}) (Version: 3.1.14 - Canon)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
EOS Capture 1.2 (HKLM-x32\...\{74BE7519-41A7-45A8-8AA6-78C7907A4808}) (Version: 1.2 - Canon) Hidden
EOS Viewer Utility 1.2.1 (HKLM-x32\...\{750CF8D7-4B04-404F-AFA2-14C129C42373}) (Version: 1.2.1 - Canon) Hidden
Exact Audio Copy 1.1 (HKLM-x32\...\Exact Audio Copy) (Version: 1.1 - Andre Wiethoff)
FastStone Image Viewer 5.5 (HKLM-x32\...\FastStone Image Viewer) (Version: 5.5 - FastStone Soft)
FastStone Photo Resizer 3.4 (HKLM-x32\...\FastStone Photo Resizer) (Version: 3.4 - FastStone Soft.)
Fotogalerie (HKLM-x32\...\{0FD66C6F-4023-4C74-AF8E-9B8B2053868E}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
GKFX MetaTrader 4 (HKLM-x32\...\GKFX MetaTrader 4) (Version: 4.00 - MetaQuotes Software Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 69.0.3497.100 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
Inkscape 0.92.3 (HKLM-x32\...\Inkscape) (Version: 0.92.3 - Inkscape Project)
IrfanView 4.44 (64-bit) (HKLM\...\IrfanView64) (Version: 4.44 - Irfan Skiljan)
iTunes (HKLM\...\{69D24652-4A1D-49C6-AA0C-573A38083F6C}) (Version: 12.7.3.46 - Apple Inc.)
Junk Mail filter update (HKLM-x32\...\{F6F30C28-38AA-4DBA-AE0B-7E30238E61BB}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.04 - )
Malwarebytes Version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Mein CEWE FOTOBUCH (HKLM-x32\...\Mein CEWE FOTOBUCH) (Version: 6.1.5 - CEWE Stiftung u Co. KGaA)
MetaTrader - ActivTrades (HKLM-x32\...\MetaTrader - ActivTrades) (Version: 6.00 - MetaQuotes Software Corp.)
Microsoft .NET Framework 4.7 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-2512057628-3289055196-2243051686-1000\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{45898170-E68C-4F02-AA35-C2186BF347A3}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{6066D3FE-3692-4449-A3C8-D1EAA2C0E9E7}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 62.0 (x64 de) (HKLM\...\Mozilla Firefox 62.0 (x64 de)) (Version: 62.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 62.0.0.6816 - Mozilla)
PhotoStage Diashow-Ersteller (HKLM-x32\...\PhotoStage) (Version: 3.28 - NCH Software)
PhotoStitch (HKLM-x32\...\{218BBBE3-FE63-4BB2-81A8-7435575A84FA}) (Version: 3.1.14 - Canon) Hidden
RawTherapee Version 4.2 (HKLM\...\{128459AB-59A7-430A-8BD0-3D8803D50400}_is1) (Version: 4.2 - rawtherapee.com)
Revo Uninstaller 2.0.5 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.5 - VS Revo Group, Ltd.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.24.0 - Synaptics Incorporated)
Trader Workstation (HKU\S-1-5-21-2512057628-3289055196-2243051686-1000\...\5889-6375-8446-2021) (Version: latest (972.1m) 20180713 15:59:52 - Interactive Brokers LLC)
Trading (HKU\S-1-5-21-2512057628-3289055196-2243051686-1000\...\5556-0001-2700-0000) (Version: latest (969.2f) 20180213 12:38:50 - IB Exchange Corp.)
VdhCoApp 1.1.3 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version: - DownloadHelper)
VirtualDJ 8 (HKLM-x32\...\{415D8B6F-2597-4B84-B677-B4A936C10E37}) (Version: 8.1.2832.0 - Atomix Productions)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-2512057628-3289055196-2243051686-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\_installuser\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2512057628-3289055196-2243051686-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\_installuser\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2512057628-3289055196-2243051686-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\_installuser\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2512057628-3289055196-2243051686-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\_installuser\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2012-08-24] (Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {3BCDA149-C717-4C8A-953D-831E29E88270} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-01] (Google Inc.)
Task: {659FC7C5-04D0-4146-BC8E-D662C2FDEB46} - System32\Tasks\{991A73BB-9CEC-4477-B5FD-0CADD00F0067} => C:\Windows\system32\pcalua.exe -a C:\Users\_installuser\Desktop\Darwins_Walk_Forward_Analyzer\bin\Darwins_Walk_Forward_Analyzer.exe -d C:\Users\_installuser\Desktop\Darwins_Walk_Forward_Analyzer\bin
Task: {C1BB7FC4-CA89-43AB-84B1-6695FA7E97A7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-01] (Google Inc.)
Task: {C7EF744F-3C9E-4BE0-B14B-7B2E85396A65} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-10-12] (Apple Inc.)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
==================== Verknüpfungen & WMI ========================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
Shortcut: C:\Users\_installuser\Favorites\NCH Software Download Site.lnk -> hxxp://www.nchsoftware.com/index.htm
Shortcut: C:\Users\_installuser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\Online Help.lnk -> hxxp://www.virtualdj.com/wiki
Shortcut: C:\Users\_installuser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\www.virtualdj.com.lnk -> hxxp://www.virtualdj.com
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2018-09-18 11:32 - 2018-07-24 12:32 - 002681424 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-09-18 11:32 - 2018-08-06 14:20 - 002769768 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-01-05 00:13 - 2018-01-05 00:13 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2018-01-05 00:14 - 2018-01-05 00:14 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2009-07-14 04:34 - 2009-06-10 23:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-2512057628-3289055196-2243051686-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\_installuser\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{FD417E35-A7B6-4DBB-8004-E5DED3B90A9F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FE790FD8-A88C-4C05-B3F9-84434F8AFD13}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{BB29AC99-C5B4-4E00-8950-81D4CF663549}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{4ED4EA12-B998-4F12-ABD5-CCFB483E3385}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{7A1896D0-C1C0-4D75-8854-2451FFAFE430}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0DE1FBDA-2542-4C2A-AF6A-EE444E6DEF31}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5769BD33-C65D-48FD-98E5-625C705D33AD}] => (Allow) C:\Users\_installuser\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{1FD0B70B-BDED-4CC0-8ADE-481207A23BB1}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{5A5D1BBB-B2C4-4083-A2AA-7FBB8E65A443}] => (Allow) LPort=2869
FirewallRules: [{A984905C-5126-4096-B64F-099BE15A142B}] => (Allow) LPort=1900
FirewallRules: [{B9D86A7E-8A03-479B-ABC2-145A22778A5E}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{FEDDDCC1-D289-46E4-BBD4-B5861C90FFB8}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{E87984C0-597F-4211-9208-63E8ADB40F21}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FC8DA674-B3C6-4B20-9373-3478BA67F75A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{740CFB6B-E13F-4F52-9262-1DDD0394F6FE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{ACA8CA25-8E3C-4C4F-9026-69DAD89E4E84}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{23AF3D85-2FE9-4E43-8E09-9BB8969F0C33}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{9F2C68B5-8E3E-4CD4-8E1D-B4DFF02F066F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Wiederherstellungspunkte =========================
10-07-2018 17:04:37 Geplanter Prüfpunkt
25-08-2018 19:40:51 Removed OptionsOracle.
08-09-2018 00:21:58 Geplanter Prüfpunkt
18-09-2018 12:15:13 Geplanter Prüfpunkt
18-09-2018 22:34:30 Revo Uninstaller's restore point - 7-Zip 9.38 beta
18-09-2018 22:35:38 Revo Uninstaller's restore point - Adobe Flash Player 31 NPAPI
18-09-2018 22:38:35 Revo Uninstaller's restore point - Adobe SVG Viewer
18-09-2018 22:39:11 Revo Uninstaller's restore point - Avira
18-09-2018 22:39:54 Revo Uninstaller's restore point - Avira Antivirus
18-09-2018 22:41:19 Revo Uninstaller's restore point - Avira
18-09-2018 22:48:30 Revo Uninstaller's restore point - CCleaner
18-09-2018 22:49:26 Revo Uninstaller's restore point - Express Zip
18-09-2018 22:50:17 Revo Uninstaller's restore point - Java 8 Update 161
18-09-2018 22:50:31 Removed Java 8 Update 161
18-09-2018 22:51:41 Revo Uninstaller's restore point - McAfee True Key
18-09-2018 22:54:15 Revo Uninstaller's restore point - Adobe Flash Player 31 NPAPI
18-09-2018 22:56:28 Revo Uninstaller's restore point - OpenOffice 4.1.1
18-09-2018 22:58:33 Revo Uninstaller's restore point - VLC media player
18-09-2018 22:59:33 Revo Uninstaller's restore point - EquityMonaco
18-09-2018 23:00:57 Revo Uninstaller's restore point - Doxillion Dokumentkonverter
18-09-2018 23:01:26 Revo Uninstaller's restore point - ePUB to PDF Converter
18-09-2018 23:07:41 Revo Uninstaller's restore point - MetaTrader 4 Terminal
18-09-2018 23:16:00 Revo Uninstaller's restore point - GKFX MultiTerminal
==================== Fehlerhafte Geräte im Gerätemanager =============
Name:
Description:
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Intel(R) Corporation
Service:
Problem: : Reinstall the drivers for this device. (Code 18)
Resolution: The drivers for this device must be reinstalled.
Click "Update Driver", which starts the Hardware Update wizard.
Alternately, uninstall the driver, and then click "Scan for hardware changes" to reload the drivers.
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (09/19/2018 11:37:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: adwcleaner_7.2.3.1.exe, Version: 7.2.3.0, Zeitstempel: 0x5b8d7938
Name des fehlerhaften Moduls: adwcleaner_7.2.3.1.exe, Version: 7.2.3.0, Zeitstempel: 0x5b8d7938
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00098c0e
ID des fehlerhaften Prozesses: 0x10b8
Startzeit der fehlerhaften Anwendung: 0x01d45060da2b89ed
Pfad der fehlerhaften Anwendung: C:\Users\_installuser\Desktop\adwcleaner_7.2.3.1.exe
Pfad des fehlerhaften Moduls: C:\Users\_installuser\Desktop\adwcleaner_7.2.3.1.exe
Berichtskennung: 27ffadd9-bc54-11e8-9650-3c77e6edbb80
Error: (09/19/2018 11:36:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: adwcleaner_7.2.3.1.exe, Version: 7.2.3.0, Zeitstempel: 0x5b8d7938
Name des fehlerhaften Moduls: adwcleaner_7.2.3.1.exe, Version: 7.2.3.0, Zeitstempel: 0x5b8d7938
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00098c0e
ID des fehlerhaften Prozesses: 0xb50
Startzeit der fehlerhaften Anwendung: 0x01d4504a8fcfbbd0
Pfad der fehlerhaften Anwendung: C:\Users\_installuser\Desktop\adwcleaner_7.2.3.1.exe
Pfad des fehlerhaften Moduls: C:\Users\_installuser\Desktop\adwcleaner_7.2.3.1.exe
Berichtskennung: 0f198d48-bc54-11e8-9650-3c77e6edbb80
Error: (09/19/2018 08:58:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist.
Error: (09/19/2018 08:46:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist.
Error: (09/18/2018 11:23:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist.
Error: (09/18/2018 11:16:00 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary avgntflt.
System Error:
Das System kann die angegebene Datei nicht finden.
.
Error: (09/18/2018 11:07:41 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary avgntflt.
System Error:
Das System kann die angegebene Datei nicht finden.
.
Error: (09/18/2018 11:01:27 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary avgntflt.
System Error:
Das System kann die angegebene Datei nicht finden.
.
Systemfehler:
=============
Error: (09/19/2018 11:37:07 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (09/19/2018 11:37:07 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Live ID Sign-in Assistant" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (09/19/2018 11:36:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (09/19/2018 11:36:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "iPod-Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (09/19/2018 11:36:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Modules Installer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (09/19/2018 11:36:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Live ID Sign-in Assistant" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (09/19/2018 11:36:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Dienst "Bonjour"" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (09/19/2018 11:36:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Apple Mobile Device Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i5-3320M CPU @ 2.60GHz
Prozentuale Nutzung des RAM: 56%
Installierter physikalischer RAM: 3791.8 MB
Verfügbarer physikalischer RAM: 1648.73 MB
Summe virtueller Speicher: 7581.78 MB
Verfügbarer virtueller Speicher: 5440.24 MB
==================== Laufwerke ================================
Drive c: (OS) (Fixed) (Total:297.99 GB) (Free:127.67 GB) NTFS
\\?\Volume{644ffb43-79f1-11e4-a3c7-806e6f6e6963}\ (System) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 298.1 GB) (Disk ID: 13D36E7F)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)
==================== Ende von Addition.txt ============================
|
|
19.09.2018, 23:56
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Jts\jars\jts4launch-970_1525195389000.dat / Enthält Erkennungsmuster des Exploits EXP/2012-1723.EB Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKU\S-1-5-21-2512057628-3289055196-2243051686-1000\...\MountPoints2: {042abebb-0749-11e6-a6a7-3c77e6edbb80} - D:\AutoRun.exe
HKU\S-1-5-21-2512057628-3289055196-2243051686-1000\...\MountPoints2: {29787cae-fd45-11e5-8ebe-344b50b7ef3f} - D:\AutoRun.exe
HKU\S-1-5-21-2512057628-3289055196-2243051686-1000\...\MountPoints2: {29787d72-fd45-11e5-8ebe-344b50b7ef3f} - D:\AutoRun.exe
HKU\S-1-5-21-2512057628-3289055196-2243051686-1000\...\MountPoints2: {33849857-fc7c-11e5-a85f-344b50b7ef3f} - D:\AutoRun.exe
HKU\S-1-5-21-2512057628-3289055196-2243051686-1000\...\MountPoints2: {f7bfd870-e117-11e4-b804-3c77e6edbb80} - D:\AutoRun.exe
HKU\S-1-5-21-2512057628-3289055196-2243051686-1000\...\MountPoints2: {f7bfd880-e117-11e4-b804-3c77e6edbb80} - D:\AutoRun.exe
CHR Extension: (Avira Browserschutz) - C:\Users\_installuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2018-09-09]
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
C:\Program Files\Common Files\McAfee
C:\Program Files (x86)\Avira
C:\Program Files (x86)\OpenOffice 4
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1
C:\Program Files (x86)\7-Zip
C:\ProgramData\McAfee
C:\ProgramData\Avira
C:\Program Files\7z938-x64.msi
C:\Program Files\7z938.exe
emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.09.2018, 20:04
| #15 |
| | Jts\jars\jts4launch-970_1525195389000.dat / Enthält Erkennungsmuster des Exploits EXP/2012-1723.EB Hallo, hier nun die Fixlog-Datei: Code:
ATTFilter Entfernungsergebnis von Farbar Recovery Scan Tool (x64) Version: 15.09.2018
durchgeführt von _installuser (20-09-2018 20:56:42) Run:1
Gestartet von C:\Users\_installuser\Desktop
Geladene Profile: _installuser (Verfügbare Profile: _installuser)
Start-Modus: Normal
==============================================
fixlist Inhalt:
*****************
HKU\S-1-5-21-2512057628-3289055196-2243051686-1000\...\MountPoints2: {042abebb-0749-11e6-a6a7-3c77e6edbb80} - D:\AutoRun.exe
HKU\S-1-5-21-2512057628-3289055196-2243051686-1000\...\MountPoints2: {29787cae-fd45-11e5-8ebe-344b50b7ef3f} - D:\AutoRun.exe
HKU\S-1-5-21-2512057628-3289055196-2243051686-1000\...\MountPoints2: {29787d72-fd45-11e5-8ebe-344b50b7ef3f} - D:\AutoRun.exe
HKU\S-1-5-21-2512057628-3289055196-2243051686-1000\...\MountPoints2: {33849857-fc7c-11e5-a85f-344b50b7ef3f} - D:\AutoRun.exe
HKU\S-1-5-21-2512057628-3289055196-2243051686-1000\...\MountPoints2: {f7bfd870-e117-11e4-b804-3c77e6edbb80} - D:\AutoRun.exe
HKU\S-1-5-21-2512057628-3289055196-2243051686-1000\...\MountPoints2: {f7bfd880-e117-11e4-b804-3c77e6edbb80} - D:\AutoRun.exe
CHR Extension: (Avira Browserschutz) - C:\Users\_installuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2018-09-09]
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
C:\Program Files\Common Files\McAfee
C:\Program Files (x86)\Avira
C:\Program Files (x86)\OpenOffice 4
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1
C:\Program Files (x86)\7-Zip
C:\ProgramData\McAfee
C:\ProgramData\Avira
C:\Program Files\7z938-x64.msi
C:\Program Files\7z938.exe
emptytemp:
*****************
"HKU\S-1-5-21-2512057628-3289055196-2243051686-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{042abebb-0749-11e6-a6a7-3c77e6edbb80}" => erfolgreich entfernt
HKLM\Software\Classes\CLSID\{042abebb-0749-11e6-a6a7-3c77e6edbb80} => nicht gefunden
"HKU\S-1-5-21-2512057628-3289055196-2243051686-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{29787cae-fd45-11e5-8ebe-344b50b7ef3f}" => erfolgreich entfernt
HKLM\Software\Classes\CLSID\{29787cae-fd45-11e5-8ebe-344b50b7ef3f} => nicht gefunden
"HKU\S-1-5-21-2512057628-3289055196-2243051686-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{29787d72-fd45-11e5-8ebe-344b50b7ef3f}" => erfolgreich entfernt
HKLM\Software\Classes\CLSID\{29787d72-fd45-11e5-8ebe-344b50b7ef3f} => nicht gefunden
"HKU\S-1-5-21-2512057628-3289055196-2243051686-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{33849857-fc7c-11e5-a85f-344b50b7ef3f}" => erfolgreich entfernt
HKLM\Software\Classes\CLSID\{33849857-fc7c-11e5-a85f-344b50b7ef3f} => nicht gefunden
"HKU\S-1-5-21-2512057628-3289055196-2243051686-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f7bfd870-e117-11e4-b804-3c77e6edbb80}" => erfolgreich entfernt
HKLM\Software\Classes\CLSID\{f7bfd870-e117-11e4-b804-3c77e6edbb80} => nicht gefunden
"HKU\S-1-5-21-2512057628-3289055196-2243051686-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f7bfd880-e117-11e4-b804-3c77e6edbb80}" => erfolgreich entfernt
HKLM\Software\Classes\CLSID\{f7bfd880-e117-11e4-b804-3c77e6edbb80} => nicht gefunden
CHR Extension: (Avira Browserschutz) - C:\Users\_installuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2018-09-09] => Fehler: Kein automatisierter Fix für diesen Eintrag gefunden.
HKLM\System\CurrentControlSet\Control\Lsa\\Notification Packages => Wert erfolgreich wiederhergestellt
C:\Program Files\Common Files\McAfee => erfolgreich verschoben
C:\Program Files (x86)\Avira => erfolgreich verschoben
C:\Program Files (x86)\OpenOffice 4 => erfolgreich verschoben
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1 => erfolgreich verschoben
C:\Program Files (x86)\7-Zip => erfolgreich verschoben
C:\ProgramData\McAfee => erfolgreich verschoben
C:\ProgramData\Avira => erfolgreich verschoben
C:\Program Files\7z938-x64.msi => erfolgreich verschoben
C:\Program Files\7z938.exe => erfolgreich verschoben
=========== EmptyTemp: ==========
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 12828252 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/drivers => 3581877 B
Edge => 0 B
Chrome => 232434862 B
Firefox => 321702656 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 58504240 B
systemprofile32 => 75134 B
LocalService => 66295 B
NetworkService => 66228 B
_installuser => 6611424 B
RecycleBin => 0 B
EmptyTemp: => 614.4 MB temporäre Dateien entfernt.
================================
Das System musste neu gestartet werden.
==== Ende von Fixlog 20:57:24 ====
|
|
| Themen zu Jts\jars\jts4launch-970_1525195389000.dat / Enthält Erkennungsmuster des Exploits EXP/2012-1723.EB |
| adobe, archive, ausspioniert, avira, avira virusfund, dateien, erklärungsbedarf, fehler, fehlercode, files, folge, folgende, fund, hinweis, infizierte, keylogger, meldet, meldung, namen, plugins, programme, quarantäne, suche, versteckte, viren, virus, warnung |
dann auf 
und dann auf 
. 
Linear-Darstellung
