| Petestor | 23.02.2017 21:21 |
Hallo Matthias,
erst einmal ein herzlichen Dank für Deine Hilfe
Hier die FRST
FRST Logfile: Code:
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 23-02-2017 01
durchgeführt von Johanna Maria (Administrator) auf JOHANNAMARIA (23-02-2017 20:51:07)
Gestartet von C:\Users\Johanna Maria\Downloads
Geladene Profile: Johanna Maria & (Verfügbare Profile: Johanna Maria)
Platform: Windows 10 Home (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Edge)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
() C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Toshiba Corporation) C:\Program Files\Toshiba\Teco\TecoService.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHSrv.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Windows\SysWOW64\UMonit64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Teco\TecoResident.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIFJU.EXE
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\NetworkUXBroker.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
==================== Registry (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [894048 2013-01-12] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [354144 2013-08-14] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-08-18] (TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [178016 2013-08-21] (TOSHIBA Corporation)
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296520 2013-09-12] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954880 2015-10-24] (Synaptics Incorporated)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516512 2013-07-23] (TOSHIBA)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [843776 2009-02-06] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [61896 2016-12-29] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [917576 2016-12-06] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [EPSONDA20EA] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIFJU.EXE [223232 2009-01-26] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2779480563-4212029771-705074042-1001\...\Run: [Epson Stylus Office BX610FW(Netzwerk)] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFJU.EXE [223232 2009-01-26] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2779480563-4212029771-705074042-1001\...\Run: [EPSONDA20EA] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIFJU.EXE [223232 2009-01-26] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2779480563-4212029771-705074042-1001\...\Run: [EA Core] => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
HKU\S-1-5-21-2779480563-4212029771-705074042-1001\...\MountPoints2: {efcc4c39-77ec-11e5-828d-28e34702852e} - "E:\setup.exe"
HKU\S-1-5-21-2779480563-4212029771-705074042-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Epson Stylus Office BX610FW(Netzwerk)] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFJU.EXE [223232 2009-01-26] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2779480563-4212029771-705074042-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [EPSONDA20EA] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIFJU.EXE [223232 2009-01-26] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2779480563-4212029771-705074042-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [EA Core] => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
HKU\S-1-5-21-2779480563-4212029771-705074042-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {efcc4c39-77ec-11e5-828d-28e34702852e} - "E:\setup.exe"
HKU\S-1-5-18\...\Run: [EPSONDA20EA] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIFJU.EXE [223232 2009-01-26] (SEIKO EPSON CORPORATION)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Keine Datei
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{1c5fa56c-fc0c-4558-80a3-32a635e72541}: [DhcpNameServer] 40.41.1.201 40.41.1.202
Tcpip\..\Interfaces\{41df1414-ff17-4b0f-9e9f-987671ffca25}: [DhcpNameServer] 192.168.178.1
Internet Explorer:
==================
HKU\S-1-5-21-2779480563-4212029771-705074042-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-2779480563-4212029771-705074042-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TEJB
HKU\S-1-5-21-2779480563-4212029771-705074042-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-2779480563-4212029771-705074042-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TEJB
SearchScopes: HKU\S-1-5-21-2779480563-4212029771-705074042-1001 -> DefaultScope {A657118D-AEE1-43FB-BF95-18E2B7488FDB} URL =
SearchScopes: HKU\S-1-5-21-2779480563-4212029771-705074042-1001 -> {A657118D-AEE1-43FB-BF95-18E2B7488FDB} URL =
SearchScopes: HKU\S-1-5-21-2779480563-4212029771-705074042-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {A657118D-AEE1-43FB-BF95-18E2B7488FDB} URL =
SearchScopes: HKU\S-1-5-21-2779480563-4212029771-705074042-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {A657118D-AEE1-43FB-BF95-18E2B7488FDB} URL =
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://sslvpn.brk.de/dana-cached/sc/JuniperSetupClient.cab
FireFox:
========
FF DefaultProfile: f0motbvu.default
FF ProfilePath: C:\Users\Johanna Maria\AppData\Roaming\Mozilla\Firefox\Profiles\f0motbvu.default [2017-02-19]
FF Extension: (Avira Browser Safety) - C:\Users\Johanna Maria\AppData\Roaming\Mozilla\Firefox\Profiles\f0motbvu.default\Extensions\abs@avira.com [2017-01-29]
FF Extension: (Firefox Hotfix) - C:\Users\Johanna Maria\AppData\Roaming\Mozilla\Firefox\Profiles\f0motbvu.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-09-29]
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2015-10-12] ()
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
==================== Dienste (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [99328 2013-08-31] () [Datei ist nicht signiert]
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1089592 2016-12-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [476736 2016-12-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [476736 2016-12-06] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1490296 2016-12-06] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-10-01] (Windows (R) Win 7 DDK provider) [Datei ist nicht signiert]
S2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [372272 2016-12-29] (Avira Operations GmbH & Co. KG)
R2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [19792 2013-09-10] ()
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [Datei ist nicht signiert]
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [349728 2015-10-12] (WildTangent)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [Datei ist nicht signiert]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [255168 2015-10-24] (Synaptics Incorporated)
R3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [120392 2015-11-17] (Toshiba Europe GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ======================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R3 AmdAS4; C:\WINDOWS\System32\drivers\AmdAS4.sys [17504 2013-02-07] (Advanced Micro Devices, INC.)
R2 APXACC; C:\WINDOWS\system32\DRIVERS\appexDrv.sys [219360 2013-04-18] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWB6.sys [138240 2013-06-22] (Advanced Micro Devices)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [151352 2016-12-06] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [153904 2016-12-06] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [35488 2016-12-06] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [78208 2016-12-06] (Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\WINDOWS\System32\Drivers\avusbflt.sys [28272 2016-12-06] (Avira Operations GmbH & Co. KG)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-10-23] (Samsung Electronics Co., Ltd.)
S3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2015-10-23] (Disc Soft Ltd)
S3 GeneStor; C:\WINDOWS\System32\drivers\GeneStor.sys [105704 2013-08-16] (GenesysLogic)
S3 jnprva; C:\WINDOWS\System32\drivers\jnprva.sys [30072 2014-04-04] (Juniper Networks, Inc.)
S3 JnprVaMgr; C:\WINDOWS\System32\drivers\jnprvamgr.sys [45352 2014-04-04] (Juniper Networks, Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2017-02-23] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-10-23] (Samsung Electronics Co., Ltd.)
R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [33168 2013-11-01] (Windows (R) Win 7 DDK provider)
S3 UdeCx; C:\WINDOWS\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
U0 aswVmm; kein ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-02-23 20:52 - 2017-02-23 20:52 - 04747704 _____ (AO Kaspersky Lab) C:\Users\Johanna Maria\Desktop\tdsskiller.exe
2017-02-23 20:51 - 2017-02-23 20:53 - 00015728 _____ C:\Users\Johanna Maria\Downloads\FRST.txt
2017-02-23 20:50 - 2017-02-23 20:51 - 00000000 ____D C:\FRST
2017-02-23 20:49 - 2017-02-23 20:49 - 02423296 _____ (Farbar) C:\Users\Johanna Maria\Downloads\FRST64.exe
2017-02-23 20:37 - 2017-02-23 20:37 - 00016148 _____ C:\WINDOWS\system32\JOHANNAMARIA_Johanna Maria_HistoryPrediction.bin
2017-02-22 19:49 - 2017-02-22 19:49 - 04251160 _____ (Qualcomm Atheros Communications, Inc.) C:\WINDOWS\system32\Drivers\athw8x.sys
2017-02-22 19:24 - 2017-02-23 20:48 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-02-22 19:23 - 2017-02-22 19:23 - 00001182 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2017-02-22 19:23 - 2017-02-22 19:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2017-02-22 19:23 - 2017-02-22 19:23 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-22 19:23 - 2017-02-22 19:23 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2017-02-22 19:23 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2017-02-22 19:23 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-02-22 19:23 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-02-22 19:21 - 2017-02-22 19:22 - 22851472 _____ (Malwarebytes ) C:\Users\Johanna Maria\Downloads\mbam-setup-2.2.1.1043.exe
2017-02-22 19:07 - 2017-02-22 19:07 - 00388608 _____ (Trend Micro Inc.) C:\Users\Johanna Maria\Downloads\HijackThis.exe
2017-02-22 18:28 - 2017-02-22 18:28 - 00002065 _____ C:\Users\Johanna Maria\Desktop\Internet Explorer.lnk
2017-02-19 14:28 - 2017-02-19 14:28 - 00000000 ____D C:\Program Files (x86)\Toshiba TEMPRO
2017-01-29 16:13 - 2017-01-29 16:13 - 00002276 _____ C:\Users\Public\Desktop\Toshiba Tempro.lnk
2017-01-29 15:51 - 2017-01-29 20:35 - 00000000 ____D C:\WINDOWS\Minidump
2017-01-29 15:40 - 2017-01-29 15:40 - 00000000 ____D C:\Users\Johanna Maria\AppData\Roaming\Avira
2017-01-29 15:17 - 2017-01-29 15:17 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_avusbflt_01011.Wdf
2017-01-29 15:12 - 2016-12-06 16:01 - 00153904 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2017-01-29 15:12 - 2016-12-06 16:01 - 00151352 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2017-01-29 15:12 - 2016-12-06 16:01 - 00078208 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2017-01-29 15:12 - 2016-12-06 16:01 - 00035488 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
2017-01-29 15:12 - 2016-12-06 16:01 - 00028272 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avusbflt.sys
2017-01-29 15:10 - 2017-01-29 15:10 - 00000000 ____D C:\ProgramData\TOSHIBA Tempro
2017-01-29 15:10 - 2017-01-29 15:10 - 00000000 ____D C:\ProgramData\IsolatedStorage
2017-01-29 15:07 - 2017-01-29 15:07 - 00000017 _____ C:\Users\Johanna Maria\AppData\Local\resmon.resmoncfg
2017-01-29 15:02 - 2017-01-29 15:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-01-29 15:02 - 2017-01-29 15:12 - 00000000 ____D C:\ProgramData\Avira
2017-01-29 15:02 - 2017-01-29 15:12 - 00000000 ____D C:\Program Files (x86)\Avira
2017-01-29 15:02 - 2017-01-29 15:02 - 00001292 _____ C:\Users\Public\Desktop\Avira Connect.lnk
2017-01-29 15:01 - 2017-01-29 15:01 - 04581024 _____ (Avira Operations GmbH & Co. KG) C:\Users\Johanna Maria\Downloads\avira_de_av_588df4df3c22a__adw.exe
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-02-23 20:49 - 2015-07-30 23:42 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-23 20:47 - 2015-07-30 23:42 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-22 20:44 - 2015-11-30 18:50 - 00000000 ____D C:\Users\Johanna Maria\AppData\Local\CrashDumps
2017-02-22 20:42 - 2014-01-10 22:39 - 00000000 ____D C:\WINDOWS\System32\Tasks\TOSHIBA
2017-02-22 20:12 - 2015-07-30 22:52 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-22 20:11 - 2014-01-10 23:33 - 00000000 ____D C:\WINDOWS\OemDrv
2017-02-22 20:10 - 2015-07-10 10:05 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2017-02-22 20:10 - 2014-01-10 22:17 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
2017-02-22 19:49 - 2015-07-30 23:40 - 00000000 ____D C:\WINDOWS\INF
2017-02-22 18:34 - 2015-11-14 13:49 - 00000000 ____D C:\ProgramData\Citrix
2017-02-22 18:31 - 2015-11-14 13:48 - 00000000 ____D C:\Users\Johanna Maria\AppData\Local\Citrix
2017-02-22 18:28 - 2014-12-18 16:58 - 02416640 ___SH C:\Users\Johanna Maria\Desktop\Thumbs.db
2017-01-30 20:34 - 2015-10-23 21:25 - 00000000 ____D C:\Users\Johanna Maria
2017-01-30 18:50 - 2014-05-18 15:06 - 00000000 ____D C:\Users\Johanna Maria\AppData\Local\ElevatedDiagnostics
2017-01-29 20:35 - 2015-07-30 23:42 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-01-29 15:01 - 2014-01-10 22:15 - 00000000 ____D C:\ProgramData\Package Cache
2017-01-29 14:24 - 2016-12-15 11:02 - 00003300 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-01-29 14:24 - 2015-10-24 07:52 - 00002461 _____ C:\Users\Johanna Maria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-01-29 14:24 - 2015-10-24 07:52 - 00000000 ___RD C:\Users\Johanna Maria\OneDrive
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2017-01-29 15:07 - 2017-01-29 15:07 - 0000017 _____ () C:\Users\Johanna Maria\AppData\Local\resmon.resmoncfg
==================== Bamital & volsnap ======================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2017-01-30 18:48
==================== Ende von FRST.txt ============================
--- --- ---
[/CODE]
Und hier die
Addition Code:
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 23-02-2017 01
durchgeführt von Johanna Maria (23-02-2017 20:55:20)
Gestartet von C:\Users\Johanna Maria\Downloads
Windows 10 Home (X64) (2015-10-24 06:41:56)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-2779480563-4212029771-705074042-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2779480563-4212029771-705074042-503 - Limited - Disabled)
Gast (S-1-5-21-2779480563-4212029771-705074042-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2779480563-4212029771-705074042-1005 - Limited - Enabled)
Johanna Maria (S-1-5-21-2779480563-4212029771-705074042-1001 - Administrator - Enabled) => C:\Users\Johanna Maria
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
2007 Microsoft Office Suite Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
AMD Catalyst Install Manager (HKLM\...\{5D42947B-E961-C0B5-5A70-EA0F753331EB}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Atheros)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.24.146 - Avira Operations GmbH & Co. KG)
Avira Connect (HKLM-x32\...\{845380e2-f0b5-4584-bc40-cc54345b3c06}) (Version: 1.2.77.41287 - Avira Operations GmbH & Co. KG)
Avira Connect (x32 Version: 1.2.77.41287 - Avira Operations GmbH & Co. KG) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.2.0 - Conexant)
Die*Sims™*3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.0.631 - Electronic Arts)
DTS Sound (HKLM-x32\...\{2DFA9084-CEB3-4A48-B9F7-9038FEF1B8F4}) (Version: 1.01.2700 - DTS, Inc.)
Empress of the Deep - The Darkest Secret (x32 Version: 2.2.0.98 - WildTangent) Hidden
EPSON BX610FW Series Printer Uninstall (HKLM\...\EPSON BX610FW Series) (Version: - SEIKO EPSON Corporation)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.00.000 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
Epson Stylus Office BX610FW_Office TX610FW_SX610FW Handbuch (HKLM-x32\...\Epson Stylus Office BX610FW_Office TX610FW_SX610FW Benutzerhandbuch) (Version: - )
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
EpsonNet Setup (HKLM-x32\...\{FFFAE01B-466F-4C07-9821-A94FD753BDDA}) (Version: 3.1a - SEIKO EPSON CORPORATION)
Evernote (HKLM-x32\...\Evernote) (Version: 1.0.0 - Evernote Launcher by Toshiba Europe GmbH)
Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.3.0.8 - Genesys Logic)
Island Tribe (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Juniper Networks Setup Client (HKU\S-1-5-21-2779480563-4212029771-705074042-1001\...\Juniper_Setup_Client) (Version: 8.0.4.47117 - Juniper Networks)
Juniper Networks Setup Client (HKU\S-1-5-21-2779480563-4212029771-705074042-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Juniper_Setup_Client) (Version: 8.0.4.47117 - Juniper Networks)
Juniper Networks Setup Client 64-bit Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks)
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2779480563-4212029771-705074042-1001\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2779480563-4212029771-705074042-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d07b0db5-8dad-40e1-be90-88026298a46b}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{2749c485-3a8b-4533-92ff-7cf6e8221cff}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 47.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 47.0.2 (x86 de)) (Version: 47.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.2.6148 - Mozilla)
OEM Application Profile (HKLM-x32\...\{70D5F822-F4C4-33D9-7EEC-2A4AF4EA7BDC}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Origin (HKLM-x32\...\Origin) (Version: 8.4.1.210 - Electronic Arts, Inc.)
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.306 - Qualcomm Atheros)
Qualcomm Atheros Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.16.3 - Synaptics Incorporated)
TOSHIBA Addendum (HKLM-x32\...\{C1569944-FAD6-4B3B-85E5-C213C2FF8EFC}) (Version: 1.00 - TOSHIBA)
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.02.01.6407 - Toshiba Corporation)
TOSHIBA Display Utility (HKLM\...\{5F6AC07E-50EF-422E-B56E-6521E5B35139}) (Version: 1.1.12.0 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.2.0.6404 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.1.0001.6403 - Toshiba Corporation)
TOSHIBA Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.10 - TOSHIBA)
TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{26BB68BB-CF93-4A12-BC6D-A3B6F53AC8D9}) (Version: 5.0.1.0 - Toshiba Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.9.09.6400 - Toshiba Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.1.02.55065006 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{FBFCEEA5-96EA-4C8E-9262-43CBBEBAE413}) (Version: 2.6.8 - Toshiba Corporation)
TOSHIBA Start Screen Option (HKLM\...\{06B71035-F19F-4F76-9875-FFCCD4FC3F83}) (Version: 1.00.00.6403 - Toshiba Corporation)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0030 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.1.2.32001 - Toshiba Corporation)
Toshiba TEMPRO (HKLM-x32\...\{E4C7D9D7-19D4-4623-AF0C-EA313C466411}) (Version: 5.0.0 - Toshiba Europe GmbH)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.3.27.102 - Toshiba Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_PROPLUS_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_PROPLUS_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_PROPLUS_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_PROPLUS_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.2 - VideoLAN)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.9.7 - WildTangent) Hidden
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {2B454A52-BA2A-477C-85D9-8A1561C0B50F} - System32\Tasks\Toshiba\CommonNotifier => C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe [2015-11-17] (Toshiba Europe GmbH)
Task: {2C483881-8E73-42C6-A686-3DB213536F68} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {375831A6-D042-4CFC-BB13-1DFDCC90B1ED} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {7099DA89-23C3-4A63-9252-DE4BEF623F8A} - System32\Tasks\UMonitor Task => C:\Windows\SysWOW64\UMonit64.exe [2013-08-28] ()
Task: {764A475E-8E35-4A34-AABD-4646104C41DB} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-07-31] (TOSHIBA Corporation)
Task: {7831879A-DF9A-486C-B079-00158BC97C80} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {8D06519A-BC14-421D-8E0F-14054569FA1D} - \Microsoft\Windows\Setup\gwx\runappraiser -> Keine Datei <==== ACHTUNG
Task: {A14356BD-6781-428F-94D3-49F3EEA13492} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2015-09-10 06:12 - 2015-09-10 06:12 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2013-08-31 04:47 - 2013-08-31 04:47 - 00099328 _____ () C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
2015-09-10 06:12 - 2015-09-10 06:12 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2013-09-10 21:54 - 2013-09-10 21:54 - 00019792 _____ () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
2016-07-08 10:43 - 2016-03-16 05:55 - 02495768 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-07-08 10:43 - 2016-03-16 05:55 - 02495768 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2014-01-10 22:35 - 2013-08-28 17:08 - 00053248 _____ () C:\Windows\SysWOW64\UMonit64.exe
2015-11-14 13:27 - 2015-09-17 06:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-02-11 12:23 - 2015-11-25 05:20 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-02-11 12:22 - 2015-11-25 05:17 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-02-11 12:23 - 2015-11-25 05:17 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-11-14 13:28 - 2015-09-17 06:43 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-10 04:13 - 2015-09-10 06:12 - 00210432 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
2012-07-19 03:38 - 2012-07-19 03:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\Users\Johanna Maria\Downloads\launch (8).ica:icasource [219]
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2013-08-22 14:25 - 2016-12-04 13:57 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-2779480563-4212029771-705074042-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Johanna Maria\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{36e8ffc5-b413-4b80-ba70-04d014f8cdb3}.jpg
HKU\S-1-5-21-2779480563-4212029771-705074042-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Johanna Maria\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{36e8ffc5-b413-4b80-ba70-04d014f8cdb3}.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
HKU\S-1-5-21-2779480563-4212029771-705074042-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2779480563-4212029771-705074042-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "OneDrive"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{05AEE69C-B7F7-47FC-90EA-635C7FB3D47F}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool09\ENEasyApp.exe
FirewallRules: [{55C9BF60-9212-4BF3-8361-72D0F34EBD7C}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool09\ENEasyApp.exe
FirewallRules: [{836AA516-8140-428C-AEFA-64871C25D260}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{71A892F1-23A2-429F-B8F0-1DB51A4E358F}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{A0065C44-6180-40B9-A3D0-05B551B809C4}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{1734EC7C-3EDA-4898-BEC1-776D8D1C90B6}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{A4CEED0C-0A6E-4F1D-A4CB-35055D5BECDD}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{D930023F-0492-4957-A2B6-41634105AB16}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{1076B7F2-5890-4FB9-A9AB-B6B34F004792}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{289A0F14-015D-4964-9182-1DE336371F50}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{55C29910-B6CF-42DA-B674-C6909B45DCB4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DCE904E3-E4A5-451B-BBB2-EC27BD06F3DA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{F8BDF19B-4206-454B-AC38-4EDDF8E56746}C:\program files (x86)\electronic arts\eadm\core.exe] => (Allow) C:\program files (x86)\electronic arts\eadm\core.exe
FirewallRules: [UDP Query User{82B1AB2D-ABF6-449B-A634-2F4A8E963794}C:\program files (x86)\electronic arts\eadm\core.exe] => (Allow) C:\program files (x86)\electronic arts\eadm\core.exe
FirewallRules: [TCP Query User{2B8AE30E-0509-41CF-93F1-B27A4AE8C6B3}C:\program files (x86)\electronic arts\eadm\core.exe] => (Block) C:\program files (x86)\electronic arts\eadm\core.exe
FirewallRules: [UDP Query User{ECD95E76-3006-4987-8132-13DB9763E129}C:\program files (x86)\electronic arts\eadm\core.exe] => (Block) C:\program files (x86)\electronic arts\eadm\core.exe
==================== Wiederherstellungspunkte =========================
04-12-2016 12:20:27 Removed Junos Pulse Drivers Add-On
22-02-2017 18:35:30 Removed Junos Pulse Drivers Add-On
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (02/23/2017 08:43:13 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JohannaMaria)
Description: Bei der Aktivierung der App „Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI“ ist folgender Fehler aufgetreten: -2144927142. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (02/22/2017 08:47:29 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JohannaMaria)
Description: Bei der Aktivierung der App „Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (02/22/2017 08:44:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: microsoftedgecp.exe, Version: 11.0.10240.16603, Zeitstempel: 0x56553644
Name des fehlerhaften Moduls: EMODEL.dll, Version: 11.0.10240.16771, Zeitstempel: 0x56fa234c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000097f61
ID des fehlerhaften Prozesses: 0x3614
Startzeit der fehlerhaften Anwendung: 0x01d28d42e0ac83cc
Pfad der fehlerhaften Anwendung: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Pfad des fehlerhaften Moduls: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\EMODEL.dll
Berichtskennung: ef44a0f3-dddf-44d4-8fd9-2ae4f5178111
Vollständiger Name des fehlerhaften Pakets: Microsoft.MicrosoftEdge_20.10240.16384.0_neutral__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: MicrosoftEdge
Error: (02/22/2017 06:57:38 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm SystemSettings.exe, Version 10.0.10240.16384 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1724
Startzeit: 01d28d3469dfc312
Beendigungszeit: 4294967295
Anwendungspfad: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Berichts-ID: 616c694c-f928-11e6-829e-28e34702852e
Vollständiger Name des fehlerhaften Pakets: windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy
Auf das fehlerhafte Paket bezogene Anwendungs-ID: microsoft.windows.immersivecontrolpanel
Error: (02/22/2017 06:57:29 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: JohannaMaria)
Description: Das Paket „windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy+microsoft.windows.immersivecontrolpanel“ wurde beendet, da das Anhalten zu lange dauerte.
Error: (02/22/2017 06:35:48 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.
System Error:
Zugriff verweigert
.
Error: (02/22/2017 06:33:54 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JohannaMaria)
Description: Bei der Aktivierung der App „Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI“ ist folgender Fehler aufgetreten: -2144927142. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (02/22/2017 06:31:35 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JohannaMaria)
Description: Bei der Aktivierung der App „Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI“ ist folgender Fehler aufgetreten: -2144927142. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (01/30/2017 08:34:41 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JohannaMaria)
Description: Bei der Aktivierung der App „Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (01/30/2017 07:17:46 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JohannaMaria)
Description: Bei der Aktivierung der App „Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Systemfehler:
=============
Error: (02/23/2017 08:45:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "MBAMService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (02/23/2017 08:43:12 PM) (Source: DCOM) (EventID: 10010) (User: JohannaMaria)
Description: Der Server "CortanaUI.AppXtpp90jhw9p0njjb85kvhxpppgrqfp117.mca" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (02/23/2017 08:40:40 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: Der Server "{784E29F4-5EBE-4279-9948-1E8FE941646D}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (02/22/2017 08:47:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Synchronisierungshost_Session1" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (02/22/2017 08:47:29 PM) (Source: DCOM) (EventID: 10010) (User: JohannaMaria)
Description: Der Server "CortanaUI.AppXtpp90jhw9p0njjb85kvhxpppgrqfp117.mca" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (02/22/2017 08:47:26 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Synchronisierungshost_Session1" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (02/22/2017 08:28:58 PM) (Source: DCOM) (EventID: 10016) (User: JohannaMaria)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "JohannaMaria\Johanna Maria" (SID: S-1-5-21-2779480563-4212029771-705074042-1001) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{9E175B6D-F52A-11D8-B9A5-505054503030}
und der APPID
{9E175B9C-F52A-11D8-B9A5-505054503030}
im Anwendungscontainer "Microsoft.MicrosoftEdge_20.10240.16384.0_neutral__8wekyb3d8bbwe" (SID: S-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (02/22/2017 08:28:25 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Lokaler Dienst" (SID: S-1-5-19) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
und der APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (02/22/2017 08:28:24 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Lokaler Dienst" (SID: S-1-5-19) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
und der APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (02/22/2017 08:28:23 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Lokaler Dienst" (SID: S-1-5-19) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
und der APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
CodeIntegrity:
===================================
Date: 2016-12-03 14:05:41.842
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-10-14 16:20:46.907
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-08-01 17:41:01.789
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-07-07 15:19:37.418
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-04-03 13:27:41.291
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-03-21 11:50:24.589
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-12-06 11:13:08.033
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-11-14 14:47:25.296
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-11-02 15:13:19.356
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Speicherinformationen ===========================
Prozessor: AMD E1-2100 APU with Radeon(TM) HD Graphics
Prozentuale Nutzung des RAM: 60%
Installierter physikalischer RAM: 3533.51 MB
Verfügbarer physikalischer RAM: 1378.15 MB
Summe virtueller Speicher: 4173.51 MB
Verfügbarer virtueller Speicher: 1652.16 MB
==================== Laufwerke ================================
Drive c: (TI31251000A) (Fixed) (Total:453.97 GB) (Free:397.38 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 00000000)
Partition: GPT.
==================== Ende von Addition.txt ============================
Teil 1 Code:
21:04:05.0964 0x0b48 TDSS rootkit removing tool 3.1.0.12 Nov 7 2016 07:10:01
21:04:05.0964 0x0b48 UEFI system
21:04:14.0083 0x0b48 ============================================================
21:04:14.0083 0x0b48 Current date / time: 2017/02/23 21:04:14.0083
21:04:14.0098 0x0b48 SystemInfo:
21:04:14.0098 0x0b48
21:04:14.0098 0x0b48 OS Version: 10.0.10240 ServicePack: 0.0
21:04:14.0098 0x0b48 Product type: Workstation
21:04:14.0098 0x0b48 ComputerName: JOHANNAMARIA
21:04:14.0098 0x0b48 UserName: Johanna Maria
21:04:14.0098 0x0b48 Windows directory: C:\WINDOWS
21:04:14.0098 0x0b48 System windows directory: C:\WINDOWS
21:04:14.0098 0x0b48 Running under WOW64
21:04:14.0098 0x0b48 Processor architecture: Intel x64
21:04:14.0098 0x0b48 Number of processors: 2
21:04:14.0098 0x0b48 Page size: 0x1000
21:04:14.0098 0x0b48 Boot type: Normal boot
21:04:14.0098 0x0b48 CodeIntegrityOptions = 0x00000001
21:04:14.0098 0x0b48 ============================================================
21:04:15.0286 0x0b48 KLMD registered as C:\WINDOWS\system32\drivers\43191339.sys
21:04:15.0286 0x0b48 KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 10240.16724, osProperties = 0x19
21:04:16.0020 0x0b48 System UUID: {14D9D66A-6034-C997-43F5-50EF2BCE280D}
21:04:18.0442 0x0b48 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:04:18.0473 0x0b48 ============================================================
21:04:18.0473 0x0b48 \Device\Harddisk0\DR0:
21:04:18.0473 0x0b48 GPT partitions:
21:04:18.0473 0x0b48 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {74DB9E7E-635B-11E3-A2BA-903177DA4FD4}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0x200000
21:04:18.0473 0x0b48 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {74DB9E84-635B-11E3-A2BA-903177DA4FD4}, Name: Basic data partition, StartLBA 0x200800, BlocksNum 0x32000
21:04:18.0473 0x0b48 \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {74DB9E86-635B-11E3-A2BA-903177DA4FD4}, Name: Basic data partition, StartLBA 0x232800, BlocksNum 0x40000
21:04:18.0473 0x0b48 \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {74DB9E8E-635B-11E3-A2BA-903177DA4FD4}, Name: Basic data partition, StartLBA 0x272800, BlocksNum 0x38BEE651
21:04:18.0473 0x0b48 \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {62532803-8DBE-4116-BA41-35CF8FE1F2E2}, Name: , StartLBA 0x38E61000, BlocksNum 0xFB800
21:04:18.0473 0x0b48 \Device\Harddisk0\DR0\Partition6: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {492A0BA2-7A48-11E3-AF29-C4544416C003}, Name: Basic data partition, StartLBA 0x38F5C800, BlocksNum 0x14292B6
21:04:18.0473 0x0b48 MBR partitions:
21:04:18.0473 0x0b48 ============================================================
21:04:18.0504 0x0b48 C: <-> \Device\Harddisk0\DR0\Partition4
21:04:18.0504 0x0b48 ============================================================
21:04:18.0504 0x0b48 Initialize success
21:04:18.0504 0x0b48 ============================================================
21:05:00.0958 0x05e0 ============================================================
21:05:00.0958 0x05e0 Scan started
21:05:00.0958 0x05e0 Mode: Manual;
21:05:00.0958 0x05e0 ============================================================
21:05:00.0958 0x05e0 KSN ping started
21:05:03.0333 0x05e0 KSN ping finished: true
21:05:07.0396 0x05e0 ================ Scan system memory ========================
21:05:07.0396 0x05e0 System memory - ok
21:05:07.0396 0x05e0 ================ Scan services =============================
21:05:07.0599 0x05e0 [ 22CE801AD25C51E2553F41A076BB0CB2, 0520216417F1619FB642734EC937C59D5E79A24306C1E9B793C82FAE077851E6 ] 1394ohci C:\WINDOWS\System32\drivers\1394ohci.sys
21:05:07.0614 0x05e0 1394ohci - ok
21:05:07.0661 0x05e0 [ 2C49A2441EBB24C6ACFB524C1459115F, 0ABACB6F21C41C0297994E61F1BFABB3905AF6B569D0446FE8E174EB9225B8EF ] 3ware C:\WINDOWS\system32\drivers\3ware.sys
21:05:07.0661 0x05e0 3ware - ok
21:05:07.0739 0x05e0 [ B87D3D07FE6F15328C6860D542F0E2BD, 46CF069EDD7DBFB4DB800BABA3081DAB363DD2CFD724AFF5916D3419F62A3574 ] ACPI C:\WINDOWS\system32\drivers\ACPI.sys
21:05:07.0771 0x05e0 ACPI - ok
21:05:07.0786 0x05e0 [ 1E3C4EDBB7F3F668B7205E351010BB79, A3CA12F72836C4F77B671264828B370B9EBA9CD71110E2C0514994760B6B12FF ] acpiex C:\WINDOWS\system32\Drivers\acpiex.sys
21:05:07.0802 0x05e0 acpiex - ok
21:05:07.0833 0x05e0 [ 13B1C26AEDCB40082CDD97506F968129, 883442206B4C60AA493E84CC3037B6C1568441E1F43D2B1FCBFD8D87D135D511 ] acpipagr C:\WINDOWS\System32\drivers\acpipagr.sys
21:05:07.0833 0x05e0 acpipagr - ok
21:05:07.0880 0x05e0 [ B3D64FF927D611721DA73A61BF3A18B3, 96B51AFDC3078B5088AAF66F0CF3E07D2FCBBC84A19D309A25DF0A5C6CECB958 ] AcpiPmi C:\WINDOWS\System32\drivers\acpipmi.sys
21:05:07.0880 0x05e0 AcpiPmi - ok
21:05:07.0896 0x05e0 [ 19F793B2203D94AC1F8AEDB08B494E2E, DC98CCF9935E1F1C32FA88575A9A678B74916EFF48E39A64CF1FF92232F64A52 ] acpitime C:\WINDOWS\System32\drivers\acpitime.sys
21:05:07.0896 0x05e0 acpitime - ok
21:05:07.0984 0x05e0 [ AECB490016EE078BD66E94E0F2039B79, D7B90A137D52CA5116472D932029EFE8673F590E8D32F2CD99AF0F9465A6EFF2 ] AdaptiveSleepService C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
21:05:07.0991 0x05e0 AdaptiveSleepService - ok
21:05:08.0117 0x05e0 [ 2A24E10C1A1DE0E0035E353EED494A1C, CBBFA86578BE74CAADDCA923D65E3BFFC57BC17B887936ADE5C6952530546A22 ] ADP80XX C:\WINDOWS\system32\drivers\ADP80XX.SYS
21:05:08.0187 0x05e0 ADP80XX - ok
21:05:08.0264 0x05e0 [ A3D96563BF46FC8A0E5756B796127D14, BAD3C30714F6514D2AF725077A79FF671CC022E415786E1666C0B7C24CE3670A ] AFD C:\WINDOWS\system32\drivers\afd.sys
21:05:08.0295 0x05e0 AFD - ok
21:05:08.0326 0x05e0 [ EF09D07626820F7F89519514C17FE768, C3EC1DC163CD5946270ED876CD414889BBF2C586A8AF5DC7825FA5D77001E827 ] agp440 C:\WINDOWS\system32\drivers\agp440.sys
21:05:08.0326 0x05e0 agp440 - ok
21:05:08.0383 0x05e0 [ 8A289EF0721F95267BF2404BABEE146D, E263D258F03DF3BB405D49AE7230C37E7EB8F392FDEE48059C7C1E3709520D35 ] ahcache C:\WINDOWS\system32\DRIVERS\ahcache.sys
21:05:08.0412 0x05e0 ahcache - ok
21:05:08.0444 0x05e0 [ C301499987AF909258774AE9DC5778BB, 3ED539C999847116AE9DB9C8C5A34AB09703BAE3018E1EAF6DBC779BB6736F32 ] AJRouter C:\WINDOWS\System32\AJRouter.dll
21:05:08.0447 0x05e0 AJRouter - ok
21:05:08.0488 0x05e0 [ DD69535D379F9E40AD0D6002887AAA99, 579DD18CE2B264B4058C6069B8AEE6FD9FE6A882B7DA19E300DFE40B37A4E5BE ] ALG C:\WINDOWS\System32\alg.exe
21:05:08.0495 0x05e0 ALG - ok
21:05:08.0537 0x05e0 [ FB1548ED9CD0E1D0881D572328A53AF8, 1D5D6CF31ECE2890EC18042139EAF5B30FF831923CFCF90B9D92A49C4AF41964 ] AMD External Events Utility C:\WINDOWS\system32\atiesrxx.exe
21:05:08.0553 0x05e0 AMD External Events Utility - ok
21:05:08.0600 0x05e0 [ C0A486A51FDE02E22E8D5E5544479825, 9C476AAAD4BE8C5D5AD9F90078ADDD7420D38F0B1901763CCFC0985DBC6FD5F4 ] AmdAS4 C:\WINDOWS\System32\drivers\AmdAS4.sys
21:05:08.0600 0x05e0 AmdAS4 - ok
21:05:08.0631 0x05e0 [ 6763084E8322A4876D1613854640F914, 89EEEB47517A9964FA799821E5E45BDD6009EBDC628D6DADE6A7F03DE7CDA6CD ] AmdK8 C:\WINDOWS\System32\drivers\amdk8.sys
21:05:08.0647 0x05e0 AmdK8 - ok
21:05:08.0678 0x05e0 amdkmdag - ok
21:05:08.0741 0x05e0 [ 5F72D93E780AB93609070182ECB50338, D1609E2EF03A3807C2EEAE2C8D03D64106E887B0A8CB4796FB5AB506108A4FDB ] amdkmdap C:\WINDOWS\system32\DRIVERS\atikmpag.sys
21:05:08.0787 0x05e0 amdkmdap - ok
21:05:08.0819 0x05e0 [ DE29D8AB57AD67D4940CAB4A48B3E230, 4E92AFCD9107573DAB8E65AC6318E4B8851DCCBE17E135DFF8CF5733210B52E6 ] AmdPPM C:\WINDOWS\System32\drivers\amdppm.sys
21:05:08.0834 0x05e0 AmdPPM - ok
21:05:08.0866 0x05e0 [ 4C1F9BBAF5CCD76D4642F3B92B97B454, 514CCAA8B586B1019658BE101046386EB727AD48D7913AEF9A168763E91F0DE5 ] amdsata C:\WINDOWS\system32\drivers\amdsata.sys
21:05:08.0881 0x05e0 amdsata - ok
21:05:08.0920 0x05e0 [ F8195C1A15955180DD663E7FF4C2F6DD, F3C0C6B38FB9478217EE25EBDBDF7A18F01B97655BC38373E70E71171705D5E9 ] amdsbs C:\WINDOWS\system32\drivers\amdsbs.sys
21:05:08.0937 0x05e0 amdsbs - ok
21:05:08.0962 0x05e0 [ DD2F5BBCFAC4D8E48DB1A95A7EEBFF08, 619E3106072C6F785144D785C4AFB4C607CAF7ED29AAA4A1411BE262E62B7ADE ] amdxata C:\WINDOWS\system32\drivers\amdxata.sys
21:05:08.0966 0x05e0 amdxata - ok
21:05:09.0123 0x05e0 [ 98D7647EF729503A60EF870DA5C21D0D, 7E36E8E3D9D0BD940DC225E1DB7EFD90F76F7BE8DCAD9782255556C31D6FD476 ] AntiVirMailService C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe
21:05:09.0185 0x05e0 AntiVirMailService - ok
21:05:09.0248 0x05e0 [ 229E752A26B53E155524D6530B95CDD4, B4D3DEA52860143D16A57EBA31CD3394B8B4FEA642EB3A736C8388447AB7E0E9 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\Antivirus\sched.exe
21:05:09.0279 0x05e0 AntiVirSchedulerService - ok
21:05:09.0398 0x05e0 [ 229E752A26B53E155524D6530B95CDD4, B4D3DEA52860143D16A57EBA31CD3394B8B4FEA642EB3A736C8388447AB7E0E9 ] AntiVirService C:\Program Files (x86)\Avira\Antivirus\avguard.exe
21:05:09.0446 0x05e0 AntiVirService - ok
21:05:09.0665 0x05e0 [ F2B26CD2305E917B1EA1BF49E0C59E31, 8CCE64C68B80D56C7604DB6ABD187F66C624462328F4886C607F0A46D8E9DE92 ] AntiVirWebService C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe
21:05:09.0847 0x05e0 AntiVirWebService - ok
21:05:09.0905 0x05e0 [ 46AAF119090573A80D603745582229ED, 8D7C4AED66DD32A104965DC23D17C0815CD1BE2E3D52375C1A63863664EE174F ] AppID C:\WINDOWS\system32\drivers\appid.sys
21:05:09.0917 0x05e0 AppID - ok
21:05:09.0954 0x05e0 [ 24315B385F515D6D5476757EAFD62633, CE645397BF43CC54B864A0E4FCB86F76C10B9C2D2482E85DBBE15EF7BF045F17 ] AppIDSvc C:\WINDOWS\System32\appidsvc.dll
21:05:09.0959 0x05e0 AppIDSvc - ok
21:05:09.0994 0x05e0 [ 2CE396457D5C18F034D243EC7E159010, DDF588A568DF5EAE058DF315535BD746760363E2242EF8C705F8DCBA2D5DA4A7 ] Appinfo C:\WINDOWS\System32\appinfo.dll
21:05:10.0003 0x05e0 Appinfo - ok
21:05:10.0076 0x05e0 [ A8AC0B8ED134888731D1A1BCEF930FA1, 917D2C99CB28C5F20BA386148B6A93541AEF900A9A99D310D732B501322945E5 ] AppReadiness C:\WINDOWS\system32\AppReadiness.dll
21:05:10.0122 0x05e0 AppReadiness - ok
21:05:10.0337 0x05e0 [ DD613F1BD0559E50B8022C429D638DE8, 38939994ACDD6B3E58378194189848B33DF02AF1DB3566236B195979698B77F1 ] AppXSvc C:\WINDOWS\system32\appxdeploymentserver.dll
21:05:10.0599 0x05e0 AppXSvc - ok
21:05:10.0677 0x05e0 [ FE62EDC3C804974E6CECB471E1E80EF6, D2C293645BECF1153D94DA41632DBE5852DCA32124B01F047AB5E6887742DA41 ] APXACC C:\WINDOWS\system32\DRIVERS\appexDrv.sys
21:05:10.0693 0x05e0 APXACC - ok
21:05:10.0726 0x05e0 [ 0756EECAC010BE449D07502DF27E7701, 6A895CA80050D021DB5E130102F626027339A22673B7C15C51A375C0401F03D2 ] arcsas C:\WINDOWS\system32\drivers\arcsas.sys
21:05:10.0742 0x05e0 arcsas - ok
21:05:10.0791 0x05e0 [ A5792F971EFE86B7F56EE7299ED1082B, 82DCD15E2C9D8A3EA663941C9CE73020FEEF2F91354D0BB51E8A142AA1E30217 ] AsyncMac C:\WINDOWS\System32\drivers\asyncmac.sys
21:05:10.0795 0x05e0 AsyncMac - ok
21:05:10.0818 0x05e0 [ 8921DF6060DB5C7700AA48CB12E9EA08, 8F18841B454CDE4926C50B23F818D00ECE0AE884DB198E396445CB44CB39B2C4 ] atapi C:\WINDOWS\system32\drivers\atapi.sys
21:05:10.0822 0x05e0 atapi - ok
21:05:10.0892 0x05e0 [ 346012042E988BF0E56BF73C656FD02E, A30C7B98347C099324E95DF05BE36DCDB4DACB2F83D50A21FA276BD1D5C7FC7A ] AtherosSvc C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
21:05:10.0924 0x05e0 AtherosSvc - ok
21:05:11.0277 0x05e0 [ 03BFA99543EF1709D3BEAC374D082452, D00CD38D53D30EF9D6F89B53570BC8CA5EF7FFE7C9112759A934E705133AE7E3 ] athr C:\WINDOWS\System32\drivers\athw8x.sys
21:05:11.0621 0x05e0 athr - ok
21:05:11.0715 0x05e0 [ AEB8BC801F11E436EBD8D347F866F7A1, 5C1DBFDD1D705E8CD8680DA3AC933EE47676FFB5FB0800CD0FCDAB5C379356B3 ] AtiHDAudioService C:\WINDOWS\system32\drivers\AtihdWB6.sys
21:05:11.0746 0x05e0 AtiHDAudioService - ok
21:05:11.0820 0x05e0 [ 240FF83DD79546B26F187FAB20F83864, C4DC0159016B4A4630357131E614814C068D07BEA94AAF6393E882A78C9FCA1E ] AudioEndpointBuilder C:\WINDOWS\System32\AudioEndpointBuilder.dll
21:05:11.0840 0x05e0 AudioEndpointBuilder - ok
21:05:11.0959 0x05e0 [ 6300722E8527EC54D426FD00EE5196B2, 71376BE797E8F3E2E671167DA400239D5289DE7EE56CF29564C98715B9DB1D09 ] Audiosrv C:\WINDOWS\System32\Audiosrv.dll
21:05:12.0030 0x05e0 Audiosrv - ok
21:05:12.0093 0x05e0 [ 19A629CC661BBB49E25203B9626354F9, 9FDE67E19CE0B5973441A11EB0D5CD8187C1B47B3A2C866FD6BD939D31F42924 ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
21:05:12.0103 0x05e0 avgntflt - ok
21:05:12.0149 0x05e0 [ B34C86461D03F33E9B1A57699DCABED3, 127A63A3AEC796DDF7E19432CAF523CA23051058752B9772244655797B3B4CDB ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
21:05:12.0159 0x05e0 avipbb - ok
21:05:12.0255 0x05e0 [ 2AEE4D1D7E668F1CCF97EDE93509B0EE, B082B3BBB27D3C8B26A754508C3B98BA803FEA707898FF18A120D6A2679098DF ] Avira.ServiceHost C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
21:05:12.0280 0x05e0 Avira.ServiceHost - ok
21:05:12.0310 0x05e0 [ 79F7741A773FF194EEC64A8161AE26D5, 3DDEA5FBDCB74A2BACC895A44C8C2A947F09E2649ED61D781E99DD61DBFACA5D ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys
21:05:12.0313 0x05e0 avkmgr - ok
21:05:12.0341 0x05e0 [ 899D89FDF015BBAF628076987D74C295, 7534A10F652FBE559431B9B1C6BC13874E8BC7438D7AFD7553F96811FD3E59BD ] avnetflt C:\WINDOWS\system32\DRIVERS\avnetflt.sys
21:05:12.0347 0x05e0 avnetflt - ok
21:05:12.0384 0x05e0 [ D19DA6C23FC2C4AF294E60CB7752D64C, 8EFC1D45A297D8881E89B00BF5993502D57F50C0ADBE07607FF140EEC724DC43 ] avusbflt C:\WINDOWS\system32\Drivers\avusbflt.sys
21:05:12.0387 0x05e0 avusbflt - ok
21:05:12.0428 0x05e0 [ 2F7F80543129210CA75995D0DCA488E8, 353E598FF26FA363C02A2B44BA8D7D1ED97B8AC8C69F1B5C5D521BD0D5D5AB94 ] AxInstSV C:\WINDOWS\System32\AxInstSV.dll
21:05:12.0437 0x05e0 AxInstSV - ok
21:05:12.0499 0x05e0 [ 00D64E82900E4EC9062805ED87C2D75A, 577110F9A7C6C2C4CF86FFF4F60E23F61623ED325FC950033900A5102754A677 ] b06bdrv C:\WINDOWS\system32\drivers\bxvbda.sys
21:05:12.0546 0x05e0 b06bdrv - ok
21:05:12.0591 0x05e0 [ 5164A66EC1565711A7B4CF2F143B4979, DA29F0FB63F3EB2BF92D51FEB4BB7D2B964553D2F634556325953927464CB3A5 ] BasicDisplay C:\WINDOWS\System32\drivers\BasicDisplay.sys
21:05:12.0596 0x05e0 BasicDisplay - ok
21:05:12.0612 0x05e0 [ F4C58BBF2972BD84C73F6A14CA35AC4E, B7A226EB861B63ACF4BF9B5A331ACA6FFC9B787DCCAA7697EEFC4F634508A6D5 ] BasicRender C:\WINDOWS\System32\drivers\BasicRender.sys
21:05:12.0617 0x05e0 BasicRender - ok
21:05:12.0654 0x05e0 [ 25349D0B334E528667980948ED107D89, 70EF9D3B8DCAC6E9720C6F3EBC77392FADC182A6925F9024FE30A21321E0137F ] bcmfn2 C:\WINDOWS\System32\drivers\bcmfn2.sys
21:05:12.0658 0x05e0 bcmfn2 - ok
21:05:12.0713 0x05e0 [ DF78B56EEE6004DEE8CE57763128075E, 5758CAF4B0182F3F2E2508B3BB58B0271F2689808D09675B2753FE373D1D77D2 ] BDESVC C:\WINDOWS\System32\bdesvc.dll
21:05:12.0738 0x05e0 BDESVC - ok
21:05:12.0773 0x05e0 [ 1E8A9267F8886803AAE02982FC1B5BC4, 655DF84E037BD6E582A6BA89737A4388956219171AF7253D126E54A23F16BE59 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
21:05:12.0776 0x05e0 Beep - ok
21:05:12.0861 0x05e0 [ 7FAFFFC4C59F5010D6E7CEA152076B92, 945FD6C04E109D4E5A4164BAA9A8120EC85AB809555AAD83E61B9F179F976FD7 ] BFE C:\WINDOWS\System32\bfe.dll
21:05:12.0915 0x05e0 BFE - ok
21:05:13.0021 0x05e0 [ BD60F5633F6BD617D9ECCA3FFDC0D37E, 2F0DECAEB7096CD628387263381E123C883F483BD87F7F2BA6DEFBB5A184BAA3 ] BITS C:\WINDOWS\System32\qmgr.dll
21:05:13.0114 0x05e0 BITS - ok
21:05:13.0150 0x05e0 [ C9FD65687EF89715999C582D3E568812, 42BA59A78A47C510CB2AFDC6C6080B33F9F611F84FEE5262DFF16D7633C50EB1 ] bowser C:\WINDOWS\system32\DRIVERS\bowser.sys
21:05:13.0159 0x05e0 bowser - ok
21:05:13.0230 0x05e0 [ 3A4A543F135DE9A06ABA9DF982D79DD7, ABA165435C27BE15D7EBD3E7D023E295CB7AE2A099DF9E253C78EC45EADD75EA ] BrokerInfrastructure C:\WINDOWS\System32\bisrv.dll
21:05:13.0288 0x05e0 BrokerInfrastructure - ok
21:05:13.0343 0x05e0 [ B88731761FF66380303BEE550C5ED5B9, 8DB89CEDA511E199527CC7682262D80C7EEE77F92C76A6F9291BC24D1DC31318 ] Browser C:\WINDOWS\System32\browser.dll
21:05:13.0355 0x05e0 Browser - ok
21:05:13.0427 0x05e0 [ 7037B585F7D4AB58F1CFB1E7841E6FEF, DF01C722924404D0EC559B962CEAF655D13315A073810FA82649E2810E4A951D ] BtFilter C:\WINDOWS\system32\DRIVERS\btfilter.sys
21:05:13.0479 0x05e0 BtFilter - ok
21:05:13.0528 0x05e0 [ F8DD3B0EAC1EF1D087AE47E5819540AC, 866C951B52E3202AC89552AEA72A45123367199335578F03815E2ED55DA2FDAE ] BthAvrcpTg C:\WINDOWS\System32\drivers\BthAvrcpTg.sys
21:05:13.0532 0x05e0 BthAvrcpTg - ok
21:05:13.0567 0x05e0 [ 74C9D52F3F594529465E18B2BFF80487, F1ECD8B730AD8B90673735FD6D2D9F6F0754F8BAB7135B16A41128145D5F9377 ] BthEnum C:\WINDOWS\System32\drivers\BthEnum.sys
21:05:13.0576 0x05e0 BthEnum - ok
21:05:13.0602 0x05e0 [ 647E2A425AD43637EAA01096A58B7089, 8F76D024FEBCBA1AC54363133DE1E0DD5B9D696E5E688EFEBC3B79F7F1B9C568 ] BthHFEnum C:\WINDOWS\System32\drivers\bthhfenum.sys
21:05:13.0609 0x05e0 BthHFEnum - ok
21:05:13.0641 0x05e0 [ B95040CAD3434D9EE003065363A0FAFF, D441E0676EA1AE1ABC305732024311CA59715E6763B3D7ADB728DEEFC403E182 ] bthhfhid C:\WINDOWS\System32\drivers\BthHFHid.sys
21:05:13.0645 0x05e0 bthhfhid - ok
21:05:13.0701 0x05e0 [ F334BF7B0737CEB3B6822631EAD55A87, 4E5AEB1F8E109BA01A5D1CDE2E3C677FF07F2AFE8B195CB5F82AA28816D2060E ] BthHFSrv C:\WINDOWS\System32\BthHFSrv.dll
21:05:13.0724 0x05e0 BthHFSrv - ok
21:05:13.0786 0x05e0 [ 10C7E03E6DF231F26136C5C7BADEF3FC, F1712E1D95C7443613482451564C91D333D3F9B772F8954939E23247CAE65C35 ] BthLEEnum C:\WINDOWS\System32\drivers\BthLEEnum.sys
21:05:13.0803 0x05e0 BthLEEnum - ok
21:05:13.0842 0x05e0 [ 29AEE352AED4FCD2191436D263D75347, 3D21262EA26BF423BFA4A9146E53F8B036B2A1157DBE91A11C5603AF7A670B6F ] BTHMODEM C:\WINDOWS\System32\drivers\bthmodem.sys
21:05:13.0848 0x05e0 BTHMODEM - ok
21:05:13.0900 0x05e0 [ 38C97371F058E889F730BF35530732F4, 7CD16DF9C51D40CF80392E6DF444D6F5546B0E8B6A6DAC6DFD70BB45E014FA27 ] BthPan C:\WINDOWS\System32\drivers\bthpan.sys
21:05:13.0910 0x05e0 BthPan - ok
21:05:14.0015 0x05e0 [ FCC211B0F46D831506D0D76539203899, A2609658AE36EB0FE4CFAA00684986193FEACED7BA8D869A9DF8D03312E53169 ] BTHPORT C:\WINDOWS\System32\Drivers\BTHport.sys
21:05:14.0094 0x05e0 BTHPORT - ok
21:05:14.0140 0x05e0 [ 26DD0127A05B333E36316E6EA9A6AAE2, A2DC4483FF5639EE8DD315AB2989865CA6A6992C578FD7F7D31698A015355941 ] bthserv C:\WINDOWS\system32\bthserv.dll
21:05:14.0156 0x05e0 bthserv - ok
21:05:14.0187 0x05e0 [ 5866AE46EEF644E6DE5C95942AE419D7, 0726C0845D2BA4247AB26ACF05006F6FA96015158CD49795801BB906DA80C007 ] BTHUSB C:\WINDOWS\System32\Drivers\BTHUSB.sys
21:05:14.0203 0x05e0 BTHUSB - ok
21:05:14.0234 0x05e0 [ 854AF190F55E6D70EC65A85798F896E2, 6D39F9131BE93F934502BA1DB109E7AD35D3987B636F7B32F9C34823DF25746B ] buttonconverter C:\WINDOWS\System32\drivers\buttonconverter.sys
21:05:14.0234 0x05e0 buttonconverter - ok
21:05:14.0280 0x05e0 [ A10A1E05A943B10ECE5D57D131B7404D, 71BB816B6841001A4305DF1814926B639265E91895CA5D06284B0970E40CE386 ] CapImg C:\WINDOWS\System32\drivers\capimg.sys
21:05:14.0293 0x05e0 CapImg - ok
21:05:14.0322 0x05e0 [ F2829DC6D292DCAC5029893BB2E9FEE3, AF2A25722D3BE37BABD1F6668786AAF39E9D6CA18CE8E845E63266E218C64526 ] cdfs C:\WINDOWS\system32\DRIVERS\cdfs.sys
21:05:14.0331 0x05e0 cdfs - ok
21:05:14.0379 0x05e0 [ F3A9E38AE23AD4015764AF89E4AE3519, 57ED6AC834177E128720FEC5B5793F35C7C36474E2D787F182B6730933222CC9 ] CDPSvc C:\WINDOWS\System32\CDPSvc.dll
21:05:14.0390 0x05e0 CDPSvc - ok
21:05:14.0435 0x05e0 [ CA160E02F35A61C6F5C681FB4669C519, E6BC66156EE226F16804C4FDC8A60EB15CE6212EAFB9FB841FAC899979E140E2 ] cdrom C:\WINDOWS\System32\drivers\cdrom.sys
21:05:14.0448 0x05e0 cdrom - ok
21:05:14.0489 0x05e0 [ 320E7A02D81A468E8C1FEEFDB856AFAE, E65127D3D6B628F9D19EA509FEBD9E4DC1BF20D0C62C3C9E1D7087DF972B2AA7 ] CertPropSvc C:\WINDOWS\System32\certprop.dll
21:05:14.0503 0x05e0 CertPropSvc - ok
21:05:14.0533 0x05e0 [ 60D7D304DF75DFF6A46CF633F583B592, 4141D8D1C6FE829C02053DA91AC6B0628BDEB3322CAAD4AD958190F9D173340E ] circlass C:\WINDOWS\System32\drivers\circlass.sys
21:05:14.0538 0x05e0 circlass - ok
21:05:14.0587 0x05e0 [ FF9D4BCE19E5D36CB3A845A3286DA6C3, A0E2C38D629359EEC6F8EEC6F92A3E571AEF018BAF259F395DC497ED4827460B ] CLFS C:\WINDOWS\system32\drivers\CLFS.sys
21:05:14.0615 0x05e0 CLFS - ok
21:05:14.0699 0x05e0 [ 282BF6B5AB1F4A24AFAAB8FED0FD7731, 413B903B7799DB746D20E8CC643C80E83362EB27F8A7A45ACCAA84E6FD64252F ] ClipSVC C:\WINDOWS\System32\ClipSVC.dll
21:05:14.0733 0x05e0 ClipSVC - ok
21:05:14.0805 0x05e0 [ 8EBA63416EC166EBA6EF6D34A505D8C8, 5EB0236ABEA2277B71D9F009DA71934C618606B20BBEC07B8595195E40C12A2B ] CmBatt C:\WINDOWS\System32\drivers\CmBatt.sys
21:05:14.0809 0x05e0 CmBatt - ok
21:05:14.0888 0x05e0 [ 9281116A817FE051AAA8BA2711FC2507, 18F51171C87D628C3CA1A4A236744CB465E9F6062882C064B5BCF249E0EB259E ] CNG C:\WINDOWS\system32\Drivers\cng.sys
21:05:14.0956 0x05e0 CNG - ok
21:05:15.0001 0x05e0 [ 5EEA0856000F81B3D709BC81B3AA1EF2, C04E4E31D3FC38102BA410D312F58AF848920EE37004A5C306D79229C9B6079A ] cnghwassist C:\WINDOWS\system32\DRIVERS\cnghwassist.sys
21:05:15.0006 0x05e0 cnghwassist - ok
21:05:15.0127 0x05e0 [ 527EAB1560E6A2C3FA574F8C43630260, 5786D256156DEA44AAFFE88D0F566E7D9412B702A06132F98F1D906213DD618D ] CnxtHdAudService C:\WINDOWS\system32\drivers\CHDRT64.sys
21:05:15.0236 0x05e0 CnxtHdAudService - ok
21:05:15.0330 0x05e0 [ 74CD3BF688E2B408227FE012A2F2D8ED, CC01AC79CEB9DC94FA5675D66F048928C9968B8944E34F5482A73C14B70EE8A8 ] CompositeBus C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_98334ba6e76853ba\CompositeBus.sys
21:05:15.0346 0x05e0 CompositeBus - ok
21:05:15.0346 0x05e0 COMSysApp - ok
21:05:15.0392 0x05e0 [ D38774D1D383A2CDB9A4F64B7206913B, 6CDDC46D1D431342F00CA537FC327B23B8AA4D513CEEEE61F3E19C77975DF9C8 ] condrv C:\WINDOWS\system32\drivers\condrv.sys
21:05:15.0392 0x05e0 condrv - ok
21:05:15.0486 0x05e0 [ 8AFDD74F2DC5BAD9B2215FB19DB65240, A2BDDA4C77C63D3D8E9F1D397D7B41EC1BF093A6399C14D311D4D230B5F1E093 ] CoreMessagingRegistrar C:\WINDOWS\system32\coremessaging.dll
21:05:15.0549 0x05e0 CoreMessagingRegistrar - ok
21:05:15.0624 0x05e0 [ 35DB06AACD8AD5999161DA71FF0E16F0, 22AD27811AAD14666ACEF4115447B0CFAA70D1E73923059FB2A9B4C3CBE500A6 ] CryptSvc C:\WINDOWS\system32\cryptsvc.dll
21:05:15.0632 0x05e0 CryptSvc - ok
21:05:15.0675 0x05e0 [ 426B2624A1669D233BAB6C4AC5E9432E, C03746D04094FAEA0650032447667055E7C7D1094581D4C1EB414D22A164CA99 ] CxAudMsg C:\Windows\system32\CxAudMsg64.exe
21:05:15.0691 0x05e0 CxAudMsg - ok
21:05:15.0722 0x05e0 [ F038EAF73AAB72A4A89185A5A7B9FD75, 8213A60B3BEAFC1C554C5D049DFE3C6E44CEFE639EDD6A335AC18A9DAEDA2D4B ] dam C:\WINDOWS\system32\drivers\dam.sys
21:05:15.0728 0x05e0 dam - ok
21:05:15.0831 0x05e0 [ 5E57B9FBB4E9C43EE5B69BEE01A1819F, A1F8D1E52AF446CEA2EB50064E3A24B713B19197D61C3EAECB81B3CCD80558E7 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
21:05:15.0905 0x05e0 DcomLaunch - ok
21:05:15.0966 0x05e0 [ 0605AB12BF1856DF21AB708F28EA91CF, 3A6A7F8F84044DC1EA490A007E6DBC52203BA237ECF1B845961D9BB95E9BF8C8 ] DcpSvc C:\WINDOWS\system32\dcpsvc.dll
21:05:15.0981 0x05e0 DcpSvc - ok
21:05:16.0056 0x05e0 [ BABB7BB5AD3CECFF466E6080F43CFC58, 1B8FF66557EC4C749156ED6DACC4D61D5DC4E25DD58F6DB3713C356214B80FDA ] defragsvc C:\WINDOWS\System32\defragsvc.dll
21:05:16.0097 0x05e0 defragsvc - ok
21:05:16.0158 0x05e0 [ 63C9464B165D31ACC46B6B089AB36B41, DE38DE4E6331D07630B63224F8014C27368C29791EDB58CC5DAE7CBACD37160A ] DeviceAssociationService C:\WINDOWS\system32\das.dll
21:05:16.0188 0x05e0 DeviceAssociationService - ok
21:05:16.0228 0x05e0 [ 7B3DA16FAA498838BB457E0B7E380EDF, B73DCFFA60886F10765E4B76A58CFF18C08CAFEE620700361FC8FEC7E80B5958 ] DeviceInstall C:\WINDOWS\system32\umpnpmgr.dll
21:05:16.0243 0x05e0 DeviceInstall - ok
21:05:16.0285 0x05e0 [ CF3895DD260ADE05BC91D8FBE0A82907, D7D8A29E873BE5C3832C9264F0165F6CD50D42ED0E04B0FCF07F054793092334 ] DevQueryBroker C:\WINDOWS\system32\DevQueryBroker.dll
21:05:16.0290 0x05e0 DevQueryBroker - ok
21:05:16.0329 0x05e0 [ 55D5C5B0B9F9B65BD452136A384E6EAC, A50530EDF3B7BAF39686E97379E9148D8678FE105207A0B5BD437C32E18E030A ] Dfsc C:\WINDOWS\system32\Drivers\dfsc.sys
21:05:16.0340 0x05e0 Dfsc - ok
21:05:16.0388 0x05e0 [ 9593475FBC857A05D93BFF4FA7323C2B, D2A958AF5EFDC6136A6ABB7F8D5FE1F84C967E79BEA96C5BE3661A0145DEB907 ] dg_ssudbus C:\WINDOWS\system32\DRIVERS\ssudbus.sys
21:05:16.0399 0x05e0 dg_ssudbus - ok
21:05:16.0458 0x05e0 [ E59C209F1F633C1AEAF151B2CA46BBAA, 6A4DA927418B56A228CC8D9DFA3351B2B53A9328F5C56C10F0C7B19974B2ED89 ] Dhcp C:\WINDOWS\system32\dhcpcore.dll
21:05:16.0482 0x05e0 Dhcp - ok
21:05:16.0537 0x05e0 [ 95AA7877FD4161BFBC8493F9279B1901, F6B7DF75D763A89901BD12454BEF92D161B392F721B8568505073929D9F419BD ] diagnosticshub.standardcollector.service C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
21:05:16.0541 0x05e0 diagnosticshub.standardcollector.service - ok
21:05:16.0702 0x05e0 [ 28257B48DCBE3A193FFC41CF59CE293F, 89EA2E2F4A3D0238750C97FEBEF27B5DCD896127A20C5FE859B1705BDCC1F6A6 ] DiagTrack C:\WINDOWS\system32\diagtrack.dll
21:05:16.0840 0x05e0 DiagTrack - ok
21:05:16.0889 0x05e0 [ FDCD449AE9E75D7690593D16ADAF4DB4, 3366C4BDB031EB525F85850E903C46802A2AC762C0772C6F6E543DDA4AF1E9D5 ] disk C:\WINDOWS\system32\drivers\disk.sys
21:05:16.0897 0x05e0 disk - ok
21:05:16.0957 0x05e0 [ 43A1B8B43CA4E213E0FD920F2FD6BCBA, 839C6047FD6EA951538209C30C9D8AE68F9B47A58DA151D071C03408250B0ECD ] DmEnrollmentSvc C:\WINDOWS\system32\Windows.Internal.Management.dll
21:05:16.0982 0x05e0 DmEnrollmentSvc - ok
21:05:16.0999 0x05e0 [ F10A8F6D036CEDD14A5471782C52F041, E0DA3C4F76DBBEAED549375E57819F8825B33A118F7674D417D294054863F648 ] dmvsc C:\WINDOWS\System32\drivers\dmvsc.sys
21:05:17.0002 0x05e0 dmvsc - ok
21:05:17.0047 0x05e0 [ 7228733177F673B4D51BD1AA082D47C1, DBE155CDCFAA7C32407A207F637F252FA0CE30F1DE7E7DBEC42DB37FADB5BFA7 ] dmwappushservice C:\WINDOWS\system32\dmwappushsvc.dll
21:05:17.0054 0x05e0 dmwappushservice - ok
21:05:17.0108 0x05e0 [ 592E41B3C11CA12203D3708AD8FC3D37, 6C69D5D603FBF038C069EDDCE29F7C6A60CAAE58B985AB218E1497F2BA934D42 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
21:05:17.0128 0x05e0 Dnscache - ok
21:05:17.0183 0x05e0 [ 6184C7A2F12625C108AEFD3A43429967, 689153F319BB1013FF60F71317E8380A6945EEE8141EDBDD6B185A966E23BB93 ] dot3svc C:\WINDOWS\System32\dot3svc.dll
21:05:17.0203 0x05e0 dot3svc - ok
21:05:17.0242 0x05e0 [ A616D8297C1BEA690BBC796736A7A78D, 9365470F4609606410AD79D98E1E77D815DC7C5AA924FB639FCF713EE8EDEA76 ] DPS C:\WINDOWS\system32\dps.dll
21:05:17.0256 0x05e0 DPS - ok
21:05:17.0303 0x05e0 [ 45771610FF181434073B5A0A00F20F8D, 6A17DB09AA6D021F000F7315317235E1FCF41FD58EA7DF81A7C9F5A6DE999984 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
21:05:17.0306 0x05e0 drmkaud - ok
21:05:17.0360 0x05e0 [ 00D9A948FB7344C62CEBED88E50EE39A, EF33FE7FB34DE571F3956C1F7AC8EFAA25BFD9F3AFA3ECD25DD34C5890873245 ] DsmSvc C:\WINDOWS\System32\DeviceSetupManager.dll
21:05:17.0379 0x05e0 DsmSvc - ok
21:05:17.0422 0x05e0 [ 5E649D3A3A6F72B1EF062E023308D08E, FF6EFA58AD293707CC0394B747EA059F24D35A85987BBC68BABBD84DF1B3FD3A ] DsSvc C:\WINDOWS\System32\DsSvc.dll
21:05:17.0436 0x05e0 DsSvc - ok
21:05:17.0463 0x05e0 [ 496C3C6BC3D930D0960C9E75AA30F4A7, 3FE0E86DA8C2C6A990BB2F1B92C22BD3483882B8D69FF8025BB68A199362C234 ] dtlitescsibus C:\WINDOWS\System32\drivers\dtlitescsibus.sys
21:05:17.0467 0x05e0 dtlitescsibus - ok
21:05:17.0506 0x05e0 [ 40CFC6671B2442D32E149FF1683212D1, ADC1743CDB98EAC736783156D659364DF8613BCC4C0B6D0AC0D8F05AF18E0BF7 ] dts_apo_service C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
21:05:17.0509 0x05e0 dts_apo_service - ok
21:05:17.0688 0x05e0 [ 89C9C3745F270EF93988DA57BC6AA62B, 947886F3121919427BDCB123C6FC28E29CA73D427E92025E1BEAA743D27306D3 ] DXGKrnl C:\WINDOWS\System32\drivers\dxgkrnl.sys
21:05:17.0845 0x05e0 DXGKrnl - ok
21:05:17.0892 0x05e0 [ 6E36BDBB46DF7F865D0DD30663AE3891, 98967B01EA450AD4D5FE8085F710359C022D783B839A51BD4A266718156B01EB ] Eaphost C:\WINDOWS\System32\eapsvc.dll
21:05:17.0907 0x05e0 Eaphost - ok
21:05:18.0220 0x05e0 [ 3070013B01EDA42C7EB67D731340C396, C083CA05650750876E70CB6AB51D5C047C06098C2ED86B083A74C97830247BFC ] ebdrv C:\WINDOWS\system32\drivers\evbda.sys
21:05:18.0654 0x05e0 ebdrv - ok
21:05:18.0770 0x05e0 [ 9A83FA0EC9B0DCED2CBC49DD05901920, 14D2F241235E2693C68BCCF05D83F2A1C9A7BE185C83E7C6C63EF0F654892F95 ] EFS C:\WINDOWS\System32\lsass.exe
21:05:18.0787 0x05e0 EFS - ok
21:05:18.0841 0x05e0 [ 59EE187E333EE9914DD9BEA5F4E0D85D, E34BB8075E38FC6AEC056323C6E3B5B4E7041EE6F4D51699B706DEEA18BDB911 ] EhStorClass C:\WINDOWS\system32\drivers\EhStorClass.sys
21:05:18.0850 0x05e0 EhStorClass - ok
21:05:18.0910 0x05e0 [ 9297F1CC486F24BDFD2874156AC5430F, 1AF8689ADE4E658FC9418F7886B6C19F7D005EAB2AEF9B0E14FC81C61A74CECF ] EhStorTcgDrv C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys
21:05:18.0920 0x05e0 EhStorTcgDrv - ok
21:05:18.0954 0x05e0 [ 9E8FF6B95FD420FA9E40BE548E5C8D92, 8825B81418335D03CFAADB792C1466023C459BE489ACACBD6686FFB544F22D30 ] embeddedmode C:\WINDOWS\System32\embeddedmodesvc.dll
21:05:18.0962 0x05e0 embeddedmode - ok
21:05:19.0001 0x05e0 [ DC2F91EAE9A28FA8C6610A9B7701B70D, 480DB509BF944AAC3617594F1245B4603069DE39186BC1FA7EDB8E0536B05E79 ] EntAppSvc C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
21:05:19.0021 0x05e0 EntAppSvc - ok
21:05:19.0101 0x05e0 [ ABDD5AD016AFFD34AD40E944CE94BF59, 61089124CD8FEA31142CD4D3C47224A6310B9BE7B7FA974956D9EDDAD4381503 ] EpsonBidirectionalService C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
21:05:19.0108 0x05e0 EpsonBidirectionalService - ok
21:05:19.0189 0x05e0 [ B5581646636759D0DAFA8B008881C079, 0CADE029ABDCDE3A89C0786F1698C93D9A7CC981EFB3761CF243E19E178FF611 ] EPSON_EB_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
21:05:19.0205 0x05e0 EPSON_EB_RPCV4_01 - ok
21:05:19.0262 0x05e0 [ 1E345F2A2D95DA3190596E691CDE9342, 9D1D48F3B749ADA598D155E11E63CD52A4EEABF9BE92A1D997D25D07CF350084 ] EPSON_PM_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
21:05:19.0278 0x05e0 EPSON_PM_RPCV4_01 - ok
21:05:19.0306 0x05e0 [ F7FCCA6300485EF60CEA6D991D6C8C78, 24080D80CF1FD678DF4C9CAE70F65F8D9232F5F6A6F2B73A77B5E3C91E6505F3 ] ErrDev C:\WINDOWS\System32\drivers\errdev.sys
21:05:19.0309 0x05e0 ErrDev - ok
21:05:19.0459 0x05e0 [ 2093F65AA84478E28C8E9D05BC413845, 086D4E0D4B993F4041AA8A9DCBEEDB53BD05B88E2BEFB218837FB10FACDF4233 ] EventSystem C:\WINDOWS\system32\es.dll
21:05:19.0491 0x05e0 EventSystem - ok
21:05:19.0569 0x05e0 [ DCCDC3F35F0618692117DF90800A4284, B636B2A39AE89A9C2CDE17EC52DA669DA8AA9E2B04CA5CA19926DA8009655244 ] exfat C:\WINDOWS\system32\drivers\exfat.sys
21:05:19.0584 0x05e0 exfat - ok
21:05:19.0643 0x05e0 [ 5A1C6AFFF6946C5C21A27AE05084C0D1, 558CB87E596E85182F6976F215EE0E35F57BF901409A2805E6A3C29D8984B048 ] fastfat C:\WINDOWS\system32\drivers\fastfat.sys
21:05:19.0679 0x05e0 fastfat - ok
21:05:19.0756 0x05e0 [ 046FC9CF53A91E2FBA498CA7B0C3B028, BCFB06DF53065706DD6287E8C47BF5047F8A1E33981E1881E6ED7510337F5BC8 ] Fax C:\WINDOWS\system32\fxssvc.exe
21:05:19.0819 0x05e0 Fax - ok
21:05:19.0859 0x05e0 [ 583EB1C7690E361213BBD0472155128B, 5F5871490A6DAC4A824F4428941AC86FBFA9AA349B99B5D9544E5D62EB459FA8 ] fdc C:\WINDOWS\System32\drivers\fdc.sys
21:05:19.0862 0x05e0 fdc - ok
21:05:19.0905 0x05e0 [ 94B1A46EDD335F0C54C7BDAFC43348E6, 58073D58D0BE7389C2A4736AFE108835E5AE9C9950FF630644F585C99B964043 ] fdPHost C:\WINDOWS\system32\fdPHost.dll
21:05:19.0916 0x05e0 fdPHost - ok
21:05:19.0939 0x05e0 [ BC855BB7DFE06F27F78E0EB2A8CCB70D, D16C3DAB99C16B077BA5DA5E9E0646B0B9237B00ABAE867D9F81A2D072D583B1 ] FDResPub C:\WINDOWS\system32\fdrespub.dll
21:05:19.0945 0x05e0 FDResPub - ok
21:05:19.0985 0x05e0 [ F1125F20D56F28DDCD1A6F3E81EB4F5F, A6620ECCB15FAA70E4A43ADA4CE82CF97D708B6FA07F3FAED276359E7F92FD0F ] fhsvc C:\WINDOWS\system32\fhsvc.dll
21:05:19.0996 0x05e0 fhsvc - ok
21:05:20.0040 0x05e0 [ CDFD81CACE0E11596A3BB61EC4CF6467, 569FA86A215B054131AA9AFEECFEE7FD7143DCFFE275B84196004AEA538B2476 ] FileCrypt C:\WINDOWS\system32\drivers\filecrypt.sys
21:05:20.0047 0x05e0 FileCrypt - ok
21:05:20.0074 0x05e0 [ 3F02FEDAE894CBF4BAADDF8C8E1D53A8, DA32ABB1CDA867B8456C46F8581FA7F3A8D8B89D9F6E7422F51941D5FFA15B13 ] FileInfo C:\WINDOWS\system32\drivers\fileinfo.sys
21:05:20.0081 0x05e0 FileInfo - ok
21:05:20.0111 0x05e0 [ 2824933386E30DE5BA089DF539CE19A3, 7B33E514576C68B444AE99CBA1360EBFAE8A46EEE5C01F4EE4CF471A712AB148 ] Filetrace C:\WINDOWS\system32\drivers\filetrace.sys
21:05:20.0115 0x05e0 Filetrace - ok
21:05:20.0153 0x05e0 [ 6A598249640F8BEDD79EC73917E1664F, A675238EA19E6632CDEB4EEFF7CF509EAAEF76AD8DFD247664E5607555D9CEE1 ] flpydisk C:\WINDOWS\System32\drivers\flpydisk.sys
21:05:20.0156 0x05e0 flpydisk - ok
21:05:20.0201 0x05e0 [ 44B6A6832134DF651E887E941478CA35, FCF4EB726D00F5A17DD66C81CFDA49427281C94CF9CA2008397D591AEA61AE05 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
21:05:20.0227 0x05e0 FltMgr - ok
21:05:20.0374 0x05e0 [ C197284A9D565A38497733AF2BDFA111, C6615AF0D366C2DD6D431B073901EED02D49AA3F252230735DBB52A90BCFA833 ] FontCache C:\WINDOWS\system32\FntCache.dll
21:05:20.0499 0x05e0 FontCache - ok
21:05:20.0620 0x05e0 [ 109AACC7FB0170535F71491F673AFD38, 212B6761ABBAC29993DA0A47C3DDE8074EA9E5A8FFA8FF6EAB95AC69D8FDD5A0 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:05:20.0624 0x05e0 FontCache3.0.0.0 - ok
21:05:20.0649 0x05e0 [ 3F3B9E8CECD5604BC7746EF3A852EB67, 51AF62A9563379266C0C873E82F55427900032DFD7AC3EBDCDF77F8F8DE91A5D ] FsDepends C:\WINDOWS\system32\drivers\FsDepends.sys
21:05:20.0655 0x05e0 FsDepends - ok
21:05:20.0683 0x05e0 [ A60583221C7BB7CEC35C63285A297BE1, 3C842FBEAD1FA2BD8D37B2B0E8EDF77F4F50508C56FB25DFA81DE9679090D51D ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:05:20.0687 0x05e0 Fs_Rec - ok
21:05:20.0767 0x05e0 [ F7101D3B4E00800E6CEE69F9795B7B62, FB6F7119D3977D4E8C4D2C5BA87CBE9F56F54AF5622DC0D07E042449C17C959F ] fvevol C:\WINDOWS\system32\DRIVERS\fvevol.sys
21:05:20.0823 0x05e0 fvevol - ok
21:05:20.0871 0x05e0 [ 0DAAE3EFCE00133AB3E383A36C47CDAF, 9145665F4F0575F951803AAFAA1A7DC0FAA35430CAE7D90E902074D60D6F4C62 ] gagp30kx C:\WINDOWS\system32\drivers\gagp30kx.sys
21:05:20.0881 0x05e0 gagp30kx - ok
21:05:20.0942 0x05e0 [ 0D58B7202985107EA6882A7E80E0E119, 04731709EB839AD9E45908FB25927D5AA957CDCBBACAA3C87B13C8B379F36851 ] GamesAppIntegrationService C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
21:05:20.0976 0x05e0 GamesAppIntegrationService - ok
21:05:21.0014 0x05e0 [ 337A373ED4C125E7581D856BC1DCF014, 56A8CE8FC0EF3F4D2B7104B2B669C177982A2A81030C499D6398EA2DAD20EFF3 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
21:05:21.0029 0x05e0 GamesAppService - ok
21:05:21.0061 0x05e0 [ F59155B95D01C08F9ED774B626B504A1, EF0FCF35AD9CD5E5D695F0C064244D2B327E7FB10FD7CBB0586253EC75562918 ] gencounter C:\WINDOWS\System32\drivers\vmgencounter.sys
21:05:21.0064 0x05e0 gencounter - ok
21:05:21.0088 0x05e0 [ AE24452F55C6F1784CBD7489D0CDDB02, 4E13C51CBF30A8662B1180AC74E968CFC428B6EA7931F09357E7D120063D4823 ] genericusbfn C:\WINDOWS\System32\drivers\genericusbfn.sys
21:05:21.0091 0x05e0 genericusbfn - ok
21:05:21.0124 0x05e0 [ 7E18373CF037EBDDE5F2BDB94E2C26E1, 6CE983091567E62F7CB4A4A1DAFD4133D9C305A16172B74DDCA130BF197E0D9A ] GeneStor C:\WINDOWS\System32\drivers\GeneStor.sys
21:05:21.0132 0x05e0 GeneStor - ok
21:05:21.0174 0x05e0 [ 96F0D3A583A91B634EE2AC2507356EDC, 43D2575F33D28F61C13D2DCF358BFA9DCEAE276C83152DBE7AE2020A66929CD9 ] GPIOClx0101 C:\WINDOWS\system32\Drivers\msgpioclx.sys
21:05:21.0185 0x05e0 GPIOClx0101 - ok
21:05:21.0320 0x05e0 [ E50CE978F571B900D9A7E2F1C5BCC070, EA14873A5F1B700D7CDBE55B9D214DC457262866A90D80B3E8325A8EB7932CE7 ] gpsvc C:\WINDOWS\System32\gpsvc.dll
21:05:21.0445 0x05e0 gpsvc - ok
21:05:21.0483 0x05e0 [ 7BF844D362EB746BC7A6DC3F57FA3E32, C07007CF6A0A2BA953FC40A5031931131CC953A8CF3B5AFA86C8811F9C4D43C4 ] GpuEnergyDrv C:\WINDOWS\system32\drivers\gpuenergydrv.sys
21:05:21.0485 0x05e0 GpuEnergyDrv - ok
21:05:21.0514 0x05e0 [ 27E248CD861AFED4DF0C48F4C853E7F0, 37BEA5E9D8ACAA871A441766B5FDD32A1091C0CB8B34DFA15596AD827C5EF1A4 ] HDAudBus C:\WINDOWS\System32\drivers\HDAudBus.sys
21:05:21.0521 0x05e0 HDAudBus - ok
21:05:21.0555 0x05e0 [ D5A57EF4822A0388352FFF9F5CD53495, 509F365386859157E9078821FAA56D2A3C0BA296CA129E0D42453428A14687A5 ] HidBatt C:\WINDOWS\System32\drivers\HidBatt.sys
21:05:21.0559 0x05e0 HidBatt - ok
21:05:21.0608 0x05e0 [ 39575B53EB80C77FF2A3F1449D00B7F5, 37E66B38BACE00AFEF7093F990A234399D8451A9D2C2C8CBECAB69C664E63EA6 ] HidBth C:\WINDOWS\System32\drivers\hidbth.sys
21:05:21.0616 0x05e0 HidBth - ok
21:05:21.0640 0x05e0 [ 35C3B602664116E737FF729F9A7156AD, 7A3C5CAD716E819CC53405971F3ACD135BCF023EC2228C1095E2116BCC384E62 ] hidi2c C:\WINDOWS\System32\drivers\hidi2c.sys
21:05:21.0645 0x05e0 hidi2c - ok
21:05:21.0664 0x05e0 [ C4ABE526BBF2A18E8AF70177FBAD9C6E, 4DA06B563A08AC15D949F4599F73F172B3BFCB5D23B34240D1E2114438A11929 ] hidinterrupt C:\WINDOWS\System32\drivers\hidinterrupt.sys
21:05:21.0673 0x05e0 hidinterrupt - ok
21:05:21.0705 0x05e0 [ 348416C7D7EB05BC3099FE2F2B27985C, F30E8682E9DD731A1AD7328FB8A48A2BB7D6E52780AE1FDE839D26E84B4FA7B5 ] HidIr C:\WINDOWS\System32\drivers\hidir.sys
21:05:21.0710 0x05e0 HidIr - ok
21:05:21.0743 0x05e0 [ 5576DF399CF2D3B63608F7F282151249, 04939E79B8B8035547CE6FFE9001252CA810BAD46D8DB75FF5C13EB10EEB5C57 ] hidserv C:\WINDOWS\system32\hidserv.dll
21:05:21.0750 0x05e0 hidserv - ok
21:05:21.0774 0x05e0 [ 01F732724AF6EFE69886DA95A4E51820, E048A480F9396418BDE9659596E7EDA5FF97D3CE029D186048609B47575BEAE1 ] HidUsb C:\WINDOWS\System32\drivers\hidusb.sys
21:05:21.0780 0x05e0 HidUsb - ok
21:05:21.0839 0x05e0 [ 7433A8D28EE11A661C7A45AF28BA7987, 8A73DB423924E84CD3629BF6C7298CD093D2437B73B3F4520D39330923DDA2D6 ] HomeGroupListener C:\WINDOWS\system32\ListSvc.dll
21:05:21.0863 0x05e0 HomeGroupListener - ok
21:05:21.0932 0x05e0 [ 3FDBFBE5AE639996EB8D482C16BA7EA9, 7E48304818AABB4C5B0CB7FD32D96D6F90F4180AB0F668A2FE653A7097A40673 ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll
21:05:21.0977 0x05e0 HomeGroupProvider - ok
21:05:22.0021 0x05e0 [ 3844CE7DD23530CAD59D8CABA57CCB05, A44BB60686A0E98FF370D9DED5B32C3F34F0352ACFA3B3052BA4023922B53DB7 ] HpSAMD C:\WINDOWS\system32\drivers\HpSAMD.sys
21:05:22.0028 0x05e0 HpSAMD - ok
21:05:22.0135 0x05e0 [ 870DB31C41E4D04BCDDFC297F64D63D7, 1ACA966DB568E13F17E38D1F904B3FE9ED36EAAA85E0243C8B817083D7D85903 ] HTTP C:\WINDOWS\system32\drivers\HTTP.sys
21:05:22.0220 0x05e0 HTTP - ok
21:05:22.0268 0x05e0 [ 8841D927EB1F7FFC8B1805BC0CF190ED, B063E686380EEF582CF736E33751812F0041C593C7F30EE97D13DEDC9B246AB5 ] hwpolicy C:\WINDOWS\system32\drivers\hwpolicy.sys
21:05:22.0272 0x05e0 hwpolicy - ok
21:05:22.0306 0x05e0 [ 53436C3835E80F4421652A67F44D6313, 8731091945A839713348DF3060A4C96033874E2B3DC7E099BEEC8C65B07F98CF ] hyperkbd C:\WINDOWS\System32\drivers\hyperkbd.sys
21:05:22.0309 0x05e0 hyperkbd - ok
21:05:22.0358 0x05e0 [ B2DC6C2F313EBB967B556B4E73A75451, B1816A0AE15705F0325F167EA76166779607D6086EC36A4A960E3BA47B4EBC4B ] HyperVideo C:\WINDOWS\system32\DRIVERS\HyperVideo.sys
21:05:22.0361 0x05e0 HyperVideo - ok
21:05:22.0391 0x05e0 [ D4CDEE4A62BDFFF6E8558A9552148EA7, 55306786CB45082AE374937EBA256FF9CD640BB2E8C19DC6C704489D4743F5CC ] i8042prt C:\WINDOWS\System32\drivers\i8042prt.sys
21:05:22.0400 0x05e0 i8042prt - ok
21:05:22.0430 0x05e0 [ 16A10CCEDCF5AC4CAAE43DC9FC40392F, F77696AE55B992154A3B35F7660BD73E0AB35A6ECEEC1931C0D35748CFA605C0 ] iaLPSSi_GPIO C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys
21:05:22.0436 0x05e0 iaLPSSi_GPIO - ok
21:05:22.0470 0x05e0 [ F1DF87463AC308047B089E9F0456B4C8, DFFF3C63D3124C2B879B888104042406FE326D4E7C8C1881A269BD4287B9CD33 ] iaLPSSi_I2C C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys
21:05:22.0481 0x05e0 iaLPSSi_I2C - ok
21:05:22.0553 0x05e0 [ 9FDD4763A115D04F565C38183DE4646F, A8B0653E7C5F5B3CB2A1B642F502269FB1BB1E35DBB1CBABDBDADF92C9815727 ] iaStorAV C:\WINDOWS\system32\drivers\iaStorAV.sys
21:05:22.0584 0x05e0 iaStorAV - ok
21:05:22.0647 0x05e0 [ 4E69EE8F8E5DA036535D433C544AF9E2, 2ADE9B97CE1C19FF984D8BB99CF31415872C2D9628864BD78C0E44D21CC94EE3 ] iaStorV C:\WINDOWS\system32\drivers\iaStorV.sys
21:05:22.0662 0x05e0 iaStorV - ok
21:05:22.0725 0x05e0 [ 15C59DF20F74A0C2C764B991FED7F4A5, 6E9804775E815F32A4D73C346E627D64A3096525E78FAE3B6E43CFECAE270428 ] ibbus C:\WINDOWS\System32\drivers\ibbus.sys
21:05:22.0759 0x05e0 ibbus - ok
21:05:22.0809 0x05e0 [ 88E6A429944544346EC3AE1FD7D24BCC, B6B8D51E5491C91D2FCDC77C1D82A5168B0C860252208E1B4612D8D5C19401AD ] icssvc C:\WINDOWS\System32\tetheringservice.dll
21:05:22.0825 0x05e0 icssvc - ok
21:05:22.0881 0x05e0 [ 1CF03C69B49ACB70C722DF92755C0C8C, C227850C133F29BB9DED91A26A22AE077FD69629CEF35B67D305F016C4BDAA81 ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
21:05:22.0887 0x05e0 IDriverT - ok
21:05:22.0900 0x05e0 IEEtwCollectorService - ok
21:05:23.0021 0x05e0 [ 6F9C31435DD3E3D3BC247212EA144EBF, 05C4A0BD4BABD27783CEFEE6108C1A05911A212189233F09AF1A56BDC60F60F8 ] IKEEXT C:\WINDOWS\System32\ikeext.dll
21:05:23.0105 0x05e0 IKEEXT - ok
21:05:23.0136 0x05e0 [ 498759139F71142888CF7EFA1ABE18C8, 9CD0CD748B143F947B4DEDE39344A8C284717CC8AC97E25827EB73CF10831419 ] intelide C:\WINDOWS\system32\drivers\intelide.sys
21:05:23.0144 0x05e0 intelide - ok
21:05:23.0168 0x05e0 [ DC270DDCDDC2EF65D484A65CC5166222, A88BEAD819ABEFE28B6F9A10586ADCB0EE2A5ED9273F176E9313750609C7892F ] intelpep C:\WINDOWS\system32\drivers\intelpep.sys
21:05:23.0175 0x05e0 intelpep - ok
21:05:23.0211 0x05e0 [ B4D9C777762B1F7356958B9C0AA93BEB, F11B07FE939A107AB4EED4857854DF269C2D86A80C8507C8B1E95F7805975EDB ] intelppm C:\WINDOWS\System32\drivers\intelppm.sys
21:05:23.0222 0x05e0 intelppm - ok
21:05:23.0253 0x05e0 [ 22BD83268B80A8C89AAC0BDF46E4EB5D, E7DC0C2E4104B51EA545BA8D0CFF11FD6A15BFD8EE16E546E8FC220853402CB3 ] IoQos C:\WINDOWS\system32\drivers\ioqos.sys
21:05:23.0257 0x05e0 IoQos - ok
21:05:23.0295 0x05e0 [ A49E47A6E1429123F46A7CA9C05AEFC1, FFD68CA46DFAA4954FD76145808E2C74BDC34FFD6979BB3FB6A3EE4DC33CDC78 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:05:23.0303 0x05e0 IpFilterDriver - ok
21:05:23.0419 0x05e0 [ 8FBA61B7CB44F136226BE3B346FC6D19, 2190A523AC948B18C2C7B6DC96ABB654DAB471AD5E5E13F79899416E91777AED ] iphlpsvc C:\WINDOWS\System32\iphlpsvc.dll
21:05:23.0526 0x05e0 iphlpsvc - ok
21:05:23.0564 0x05e0 [ E0C276985AF968CE295B8E09C121321F, 07B54165E80D4254C29A6CF00CC634E70F190EF0EB8EEF73EC14F38B841087A5 ] IPMIDRV C:\WINDOWS\System32\drivers\IPMIDrv.sys
21:05:23.0570 0x05e0 IPMIDRV - ok
21:05:23.0616 0x05e0 [ 5D3744E6FDEC1A6FB3FA9B1DD4AF0694, 209BE9FC25C8BF8CE058B7E993B6A902B881380DADC69F5208733077DA7F4382 ] IPNAT C:\WINDOWS\system32\drivers\ipnat.sys
21:05:23.0627 0x05e0 IPNAT - ok
21:05:23.0655 0x05e0 [ B18202D72C0EF4B53CEC6F59E3E1B955, 6DA244E6485372C16CF0B38838DC90B48079A85F5D22B0F2F197C8DA37F0A293 ] IRENUM C:\WINDOWS\system32\drivers\irenum.sys
21:05:23.0659 0x05e0 IRENUM - ok
21:05:23.0711 0x05e0 [ CD04CBCCCB4C0E4BB06B98E0F45C888A, 106B3E823C188BD14328F2BEA28559D2F637C270064B2FD214522FAC4E616F4C ] isapnp C:\WINDOWS\system32\drivers\isapnp.sys
21:05:23.0715 0x05e0 isapnp - ok
21:05:23.0772 0x05e0 [ 5D90E942C94B20E0F321015C0ABF3EEA, 4110551B172D4A5524DD857D7CB65FAF2594310BE7883D5641BC0DF5EF49C82C ] iScsiPrt C:\WINDOWS\System32\drivers\msiscsi.sys
21:05:23.0791 0x05e0 iScsiPrt - ok
21:05:23.0826 0x05e0 [ 44C9235408780F1F6299FA809A2C4FCE, 409E0A4212669A30E3EA14083668785C69D5F0028692F23419BCDAD00D15097A ] jnprva C:\WINDOWS\System32\drivers\jnprva.sys
21:05:23.0833 0x05e0 jnprva - ok
21:05:23.0872 0x05e0 [ 43389A5F75966CB4715253F1B3EAD392, 68C61701DAC97EB21AFDD9457A71417C474F9EE0B0CEE6859B694266E601803C ] JnprVaMgr C:\WINDOWS\System32\drivers\jnprvamgr.sys
21:05:23.0877 0x05e0 JnprVaMgr - ok
21:05:23.0913 0x05e0 [ 4192DFE6CA143C0AD8AF42C51A82BECA, 31FB3A261D0D5241CC87EF7DFF8BFC1A1EACE8CEC42138918EC5958DAEE100CD ] kbdclass C:\WINDOWS\System32\drivers\kbdclass.sys
21:05:23.0918 0x05e0 kbdclass - ok
21:05:23.0949 0x05e0 [ B63C0DB341DCB46CF7AA259333A737DD, F1B43BA68707F3F99CD31AB2035F5E86CD967AE4E5393928C69861785E960872 ] kbdhid C:\WINDOWS\System32\drivers\kbdhid.sys
21:05:23.0953 0x05e0 kbdhid - ok
21:05:23.0969 0x05e0 [ 53C79A7FABDAAFD11EAB31963FB2CED7, 357418645DDCEFA5546AE78EDCAE86D50928710CA7A3F65F01CF721AADA36623 ] kdnic C:\WINDOWS\System32\drivers\kdnic.sys
21:05:23.0973 0x05e0 kdnic - ok
21:05:23.0997 0x05e0 [ 9A83FA0EC9B0DCED2CBC49DD05901920, 14D2F241235E2693C68BCCF05D83F2A1C9A7BE185C83E7C6C63EF0F654892F95 ] KeyIso C:\WINDOWS\system32\lsass.exe
21:05:24.0005 0x05e0 KeyIso - ok
21:05:24.0032 0x05e0 [ 1E99B26BDB9B9C9BC775ED4543558560, 890870A6737B4910735D1B23F714AA73FCCD1C131D135FACBA6909F06D31B3FF ] KSecDD C:\WINDOWS\system32\Drivers\ksecdd.sys
21:05:24.0043 0x05e0 KSecDD - ok
21:05:24.0067 0x05e0 [ 6198A79011C67497B324798B3D4272CE, C587F7D86837550D07918F6AACF26BF65EBAF7FF57475DC9196B4D011E83AE47 ] KSecPkg C:\WINDOWS\system32\Drivers\ksecpkg.sys
21:05:24.0080 0x05e0 KSecPkg - ok
21:05:24.0098 0x05e0 [ 503597D9B72DBD9998F722F12A51ACFC, 9B3585282191163AA70243BAD921ED8725A98454E0D3879E0F671E0E4F56AB4F ] ksthunk C:\WINDOWS\system32\drivers\ksthunk.sys
21:05:24.0101 0x05e0 ksthunk - ok
21:05:24.0172 0x05e0 [ ED5AE20C27F27F293C6C61AEC9881054, 4D5BE394D129BD559B0A9D237F3F59CB3D24C15ABDD97AE2E64931D6B9D14FF1 ] KtmRm C:\WINDOWS\system32\msdtckrm.dll
21:05:24.0223 0x05e0 KtmRm - ok
21:05:24.0285 0x05e0 [ 4E5EA006CFFB96E0BAFC767D659AAB9A, A24A334955FB98D0903971454FADAC639D535BD32BB48964BD95019C7F6C454E ] L1C C:\WINDOWS\System32\drivers\L1C63x64.sys
21:05:24.0294 0x05e0 L1C - ok
21:05:24.0356 0x05e0 [ C529DA0AD5A21878E318801B024AF8E7, A14E8ADCA33C37B1D256CB4926A19F56D2D19B94EDF314A4ED34A8B5AB62CA5A ] LanmanServer C:\WINDOWS\system32\srvsvc.dll
21:05:24.0372 0x05e0 LanmanServer - ok
21:05:24.0435 0x05e0 [ D6D9F4CAFD3F1A7E30AD02E508552CD2, F0D225E5951CFE1D8349F634CC91BDD5B3F9DCF6233CCB965E99BFEAFE642265 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
21:05:24.0450 0x05e0 LanmanWorkstation - ok
21:05:24.0497 0x05e0 [ 24881F16D2829764681F5FAE7B86D7D3, 290348CFAF3165847E4B53965D22E9D417EE20FFD23293B5C1855C57E6328599 ] lfsvc C:\WINDOWS\System32\lfsvc.dll
21:05:24.0513 0x05e0 lfsvc - ok
21:05:24.0544 0x05e0 [ 6ED675774BDC3735AB6DA12D29F825CF, 4317C7CF491F4E806975E7A973CFF11CFEE9E94730DDABCC67C3D693691DDDE5 ] LicenseManager C:\WINDOWS\system32\LicenseManagerSvc.dll
21:05:24.0544 0x05e0 LicenseManager - ok
21:05:24.0575 0x05e0 [ DB789F57CE94C827FBFF709CA5ABD29E, 4CA4DD079A63649C36F76A31C4081F11F5CF6574AC573B63EF930DB19B1D1C95 ] lltdio C:\WINDOWS\system32\drivers\lltdio.sys
21:05:24.0591 0x05e0 lltdio - ok
21:05:24.0638 0x05e0 [ FECBC6C4981772E5D0F517B34A5496EE, 15DB097BFB221B91E580E5CD1DD6B34A9A2C78A1A6FCE4162A855BB4AFE673E9 ] lltdsvc C:\WINDOWS\System32\lltdsvc.dll
21:05:24.0669 0x05e0 lltdsvc - ok
21:05:24.0700 0x05e0 [ 24C87BDC66AB192FEB273BEE5FD5AA38, BFAAE1F2450DEBD1A14877C046C6EBA91014DB0B5D0FB95EC14CB714B773B3C0 ] lmhosts C:\WINDOWS\System32\lmhsvc.dll
21:05:24.0700 0x05e0 lmhosts - ok
21:05:24.0747 0x05e0 [ 3BB39166E446D456C277C17DFEA3DAC6, 1A08E1D017BBCE91E508D876835FA7AD2DA0859A8CFE8F8F31B4F12B48E2573D ] LSI_SAS C:\WINDOWS\system32\drivers\lsi_sas.sys
21:05:24.0763 0x05e0 LSI_SAS - ok
21:05:24.0778 0x05e0 [ 25CF625E46307A5D6674C8DFA1A289AA, 1D00EB70B6B0157013A7C15EF194F51B8596612066EF31B337D8134D6BD0BBBE ] LSI_SAS2i C:\WINDOWS\system32\drivers\lsi_sas2i.sys
21:05:24.0794 0x05e0 LSI_SAS2i - ok
21:05:24.0810 0x05e0 [ 722C52B12EA4C198D56994934C9DDAB6, 5F4AB818251C770821BAF41C19B1C483A31CCC28EB96F2084D4092E33EAF906B ] LSI_SAS3i C:\WINDOWS\system32\drivers\lsi_sas3i.sys
21:05:24.0825 0x05e0 LSI_SAS3i - ok
21:05:24.0841 0x05e0 [ 3371FF1D5D745C3306C6A2C4E99C25A9, DD6F0099001501BAEDDF8411FBCD930BD6472662D209199249203CB2FDAA23FB ] LSI_SSS C:\WINDOWS\system32\drivers\lsi_sss.sys
21:05:24.0856 0x05e0 LSI_SSS - ok
21:05:24.0919 0x05e0 [ E2EEF074F5260378F9AAFBCD592319A3, DC56674A08FA03FA7AF7DD8B3CC55D8324D1CB51546092A990A935FF9AB48A3C ] LSM C:\WINDOWS\System32\lsm.dll
21:05:24.0981 0x05e0 LSM - ok
21:05:25.0013 0x05e0 [ C692B9C0352315417CF49FFA664957A3, C2D4F9A936B809889F7C51FE48214A1923175913A6C5D0B72D3BA469214B5174 ] luafv C:\WINDOWS\system32\drivers\luafv.sys
21:05:25.0028 0x05e0 luafv - ok
21:05:25.0075 0x05e0 [ 6A4C75FD28F60062FEA3DF3B15D956C0, 4FC58F3320D33BDACCF759A50C623A3E58E4320749E6691B397DF0C8EAAA8A6F ] MapsBroker C:\WINDOWS\System32\moshost.dll
21:05:25.0075 0x05e0 MapsBroker - ok
21:05:25.0122 0x05e0 [ 78BFF5425E044086E74E78650A359FBB, 294738C10F3ED933D4EC40EA0659372FCF19A3C6D45D356917438CA495F2CB45 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
21:05:25.0122 0x05e0 MBAMProtector - ok
21:05:25.0278 0x05e0 [ 9611577752E293259C7DCE19E9026362, 8CB5DFD63FA15603BB6FA6B501E09ED7F4DE0E8F68CB28B78CECAC3711BEFD24 ] MBAMScheduler C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
21:05:25.0388 0x05e0 MBAMScheduler - ok
21:05:25.0513 0x05e0 [ F1A89A34388B5626F1548D393B23ECB1, EA00AC76C4C8C9340753B58A3313C9177A9B98F9F1BDE08F184CD0F53D0C186F ] MBAMService C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
21:05:25.0591 0x05e0 MBAMService - ok
21:05:25.0669 0x05e0 [ 78488AF2AB2111D67B3C4044707A519B, 7AA71B9C4C7949A1A21F60EF7CCEDE0079794990696B60557B5DC86F4D47223A ] MBAMSwissArmy C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
21:05:25.0685 0x05e0 MBAMSwissArmy - ok
21:05:25.0713 0x05e0 [ 898415AC0B5F1D2A9A48ABCB68A6DC4B, E1FD9AE5E22E3E5A18288E66A6184E92A4B63A1274DCE147A7728BB09C6A225E ] MBAMWebAccessControl C:\WINDOWS\system32\drivers\mwac.sys
21:05:25.0713 0x05e0 MBAMWebAccessControl - ok
21:05:25.0745 0x05e0 [ B2ED9A7A5587A128A0EFD0DBE7662E95, 63070AAFD44E3CD2A4B262DF27222B103455A4D8C2E45914502BFA03D84D32C9 ] megasas C:\WINDOWS\system32\drivers\megasas.sys
21:05:25.0760 0x05e0 megasas - ok
21:05:25.0823 0x05e0 [ 083F71488E6780A67290273180256EA5, 5F43CE66F5A48850BABB70F4D219FDD002F9BC2B2F0E58E66FE2C492AA335E50 ] megasr C:\WINDOWS\system32\drivers\megasr.sys
21:05:25.0870 0x05e0 megasr - ok
21:05:25.0948 0x05e0 [ 5907A10D46747A2B6DBFD6A198254DC2, 6C283E9DC75C7ABFD270D6FABBF4F54628A1786E7CE2F603BF664CBB9E4FE583 ] mlx4_bus C:\WINDOWS\System32\drivers\mlx4_bus.sys
21:05:25.0995 0x05e0 mlx4_bus - ok
21:05:26.0026 0x05e0 [ 91ED6F0EDF4158D63C52194F17D4F42E, ACF543978E253650C167C6C370699AEA7340EBCECF7CAB904CBDD334D1BD6928 ] MMCSS C:\WINDOWS\system32\drivers\mmcss.sys
21:05:26.0026 0x05e0 MMCSS - ok
21:05:26.0057 0x05e0 [ 2C4CC9F6ADBED5A6D131FDB97A78FF68, 04DC76E3F0959C0A9B00DF2133B075194FB7DCBD76832B9D25B0E37223D300DC ] Modem C:\WINDOWS\system32\drivers\modem.sys
21:05:26.0057 0x05e0 Modem - ok
21:05:26.0088 0x05e0 [ D8DB13529C8AD6FBAF8E2F382024374F, 13025035C479E2EF76EDCB90D83BE65B4ADD9F7000AD31FEAD628D5DDFE69158 ] monitor C:\WINDOWS\System32\drivers\monitor.sys
21:05:26.0104 0x05e0 monitor - ok
21:05:26.0135 0x05e0 [ 2DAAF1EE1C30F2FCF59851A64ADA0422, 08CD801E63E2862DE058CD732C3DB3D87B1A2898732365440E3F8919932E96FC ] mouclass C:\WINDOWS\System32\drivers\mouclass.sys
21:05:26.0135 0x05e0 mouclass - ok
21:05:26.0151 0x05e0 [ D30FE074503283829ED194BCAE6239C3, A3A127381ECC798417D01F6B8A1894EED7D71989047BC4D1D74D0E7C8394AD65 ] mouhid C:\WINDOWS\System32\drivers\mouhid.sys
21:05:26.0166 0x05e0 mouhid - ok
21:05:26.0182 0x05e0 [ D5EC9413527B286CFEEB0294C53ABB95, B094C611F5A7E33D2F8667B2A4D6260E1D57BD135867F984EE5B674C7EE72B95 ] mountmgr C:\WINDOWS\system32\drivers\mountmgr.sys
21:05:26.0198 0x05e0 mountmgr - ok
21:05:26.0260 0x05e0 [ DDDA5D3974F67B48D40B76ABD840A083, CF29CBEDE5E275B3DB26C738BCE86049B28604DA7BAD37E02E87A86AA50C1860 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:05:26.0260 0x05e0 MozillaMaintenance - ok
21:05:26.0276 0x05e0 [ 989A1BBD9C49B107B4A47D06E6827A69, 62D90B22AE13AC84324DFD5FEBA595813AD07469B7FEC41380CE223D93020CCA ] mpsdrv C:\WINDOWS\system32\drivers\mpsdrv.sys
21:05:26.0291 0x05e0 mpsdrv - ok
21:05:26.0401 0x05e0 [ 749EE0008489244EB05C3283A105EFF8, D692708C975DD8BA13597AD0056C3F10760257F4EB144EB0B5C8D9CFF1754F62 ] MpsSvc C:\WINDOWS\system32\mpssvc.dll
21:05:26.0463 0x05e0 MpsSvc - ok
21:05:26.0526 0x05e0 [ 8E3F4C3A8EA2E787E6089618675501D0, 8A9FE21C5CBB1D770B58BFA241AA5A4428079EF901C28433FE94DB93DC14B6FB ] MRxDAV C:\WINDOWS\system32\drivers\mrxdav.sys
21:05:26.0541 0x05e0 MRxDAV - ok
21:05:26.0604 0x05e0 [ 1DF2C5FD2710A13B07E663A12F0E0EEA, 8EBCA9269F52A5CF602F5DE2B0C2AB2BFD82F415465DBB74C73D43F321D9FD46 ] mrxsmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:05:26.0635 0x05e0 mrxsmb - ok
21:05:26.0666 0x05e0 [ 185932B1149BD707F8A13174CDAB365B, BC26CB10DD6E81A94477564444E91F76D47E685E897BD77B9C1393F0D31AB718 ] mrxsmb10 C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys
21:05:26.0682 0x05e0 mrxsmb10 - ok
21:05:26.0713 0x05e0 [ 99E24D4DBACBC569833B9A67710D65E7, 93BC765E7B6E19E83AFF783DE8080A80A1D69A406B496F1E36C47AE6E86AFB76 ] mrxsmb20 C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys
21:05:26.0729 0x05e0 mrxsmb20 - ok
21:05:26.0760 0x05e0 [ 6F8BE4FB6262012E61BBADB5444628DC, E87489207AA48106C08E4BADDD8D66D14BC9DD6AD2A4CDD880BA655932CDDE60 ] MsBridge C:\WINDOWS\system32\drivers\bridge.sys
21:05:26.0760 0x05e0 MsBridge - ok
21:05:26.0823 0x05e0 [ 283BDF3602F442336DAF242BDD07FB98, 185F046B6AA24FFD1567F00AA70357C82002FF627E329CEF9B926645A6DDB172 ] MSDTC C:\WINDOWS\System32\msdtc.exe
21:05:26.0823 0x05e0 MSDTC - ok
21:05:26.0870 0x05e0 [ 7C55F1751CAC199680D4489D1EE46544, 967EC8137D321F6139C3382D19A338FD97A3023EB654747AC57C2008BE4AF677 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
21:05:26.0870 0x05e0 Msfs - ok
21:05:26.0901 0x05e0 [ 988588C16A53C2581488C15FF18934BF, F021FD31163CB5C7012CF96EF642C5E551708C835039075268F4CBED002D441D ] msgpiowin32 C:\WINDOWS\System32\drivers\msgpiowin32.sys
21:05:26.0916 0x05e0 msgpiowin32 - ok
21:05:26.0932 0x05e0 [ 09622DBC24D0178F15DB8461BB6970DF, C0B3F9B2219AAF87E417EE9FF54C64B8AD9944E101EA79B5DC81D99E8C2ECF30 ] mshidkmdf C:\WINDOWS\System32\drivers\mshidkmdf.sys
21:05:26.0948 0x05e0 mshidkmdf - ok
21:05:26.0963 0x05e0 [ 34BB07495C0159BE4189841E16F3BC2F, 264B5735D9A68C85BEDE363D4C0AE1FCC381B39EA884B4BAEE185EB8A873184A ] mshidumdf C:\WINDOWS\System32\drivers\mshidumdf.sys
21:05:26.0979 0x05e0 mshidumdf - ok
21:05:26.0995 0x05e0 [ 7BF3F0DA362C053918F5F2EC43CE39E2, AA773FA3F83C0C572160D3D0286A697DC628FF4F3655EF21D01C6D1B7BE5DF1C ] msisadrv C:\WINDOWS\system32\drivers\msisadrv.sys
21:05:27.0010 0x05e0 msisadrv - ok
21:05:27.0041 0x05e0 [ 669DA2006C0B9D882D2014617E1E88F5, 090F558818806CAEF6C81D369F8BFFE4A8240295EF37CAA7102A18F4CD20D868 ] MSiSCSI C:\WINDOWS\system32\iscsiexe.dll
21:05:27.0057 0x05e0 MSiSCSI - ok
21:05:27.0073 0x05e0 msiserver - ok
21:05:27.0104 0x05e0 [ B2D0FD21FE67D6434769CC6F7A7883CA, B2368BD72952C6EE6DAF1AA006DF575A3019E4721BEFB108D3DF1B9E07B2BC5D ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:05:27.0104 0x05e0 MSKSSRV - ok
21:05:27.0135 0x05e0 [ FB3801F176376286A3F8F20FFB8CDC53, EEF89081665B9BBA93AE9F5912C40C1698E8BA8DBBCCC3BBE0BAB5A86B7E05D4 ] MsLldp C:\WINDOWS\system32\drivers\mslldp.sys
21:05:27.0151 0x05e0 MsLldp - ok
21:05:27.0166 0x05e0 [ 8CBDF0E7A6CD824352F37A682A33DF7E, 4567FF4C73648FF26EA68EAE2B524B767099789086C158875C97768C77B81359 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:05:27.0182 0x05e0 MSPCLOCK - ok
21:05:27.0182 0x05e0 [ 33E5B6261D69ACD4948A5C64B9D8F29F, 1D32340640312372E52E59AFB5DB872E6F9DFE3AC16B56F9D928AE230DA02B8A ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
21:05:27.0198 0x05e0 MSPQM - ok
21:05:27.0260 0x05e0 [ 557DF8C0DBBBF518AC395C6EB1B179AE, B294B5A7882C0C60D91FB853FC87505B6E7638D25E360FDAE002AEBB714ED471 ] MsRPC C:\WINDOWS\system32\drivers\MsRPC.sys
21:05:27.0276 0x05e0 MsRPC - ok
21:05:27.0291 0x05e0 [ 0A29AFA668F5DD50482A98ECE70C77A7, 4C1F23B062361D97B1C8D864AB227E5F398F774A99B5E60A1149A4F78D5BEC20 ] mssmbios C:\WINDOWS\System32\drivers\mssmbios.sys
21:05:27.0307 0x05e0 mssmbios - ok
21:05:27.0323 0x05e0 [ 30CE30877FD5BFADE74FA27D7829BF89, B5EA1F8C91E75722DB1E3E2172C8607FEDBF35BDC4141258A3E6D29D8B0E193B ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
21:05:27.0338 0x05e0 MSTEE - ok
21:05:27.0354 0x05e0 [ 13D88C0B8A2FA001CD72D454955A6974, 19DD5C8BBD07B64F355737436BF702FFC209D84A8855D2224D3377E233D4BB34 ] MTConfig C:\WINDOWS\System32\drivers\MTConfig.sys
21:05:27.0354 0x05e0 MTConfig - ok
21:05:27.0370 0x05e0 [ 00C7F0F06A0A48B9CDB6B3AC3BE288F0, BF469A2DDF495ACB9FEE9063C6680C95BCC8686682C9EDAE6D1893D4058E8AA6 ] Mup C:\WINDOWS\system32\Drivers\mup.sys
21:05:27.0385 0x05e0 Mup - ok
21:05:27.0416 0x05e0 [ 8E237527CA260C71D39ED4081BDF3419, CA52DD174C756A404B1FAD3F2A70E50085C2820BF12369259F61DA649101A179 ] mvumis C:\WINDOWS\system32\drivers\mvumis.sys
21:05:27.0416 0x05e0 mvumis - ok
21:05:27.0495 0x05e0 [ 48D0587A8302FD3302CFE6F59F7345B0, 26D48AF3F7FF4867E179347CD635055DEA9A751C6C61CE2C391A7F74FC0DC1DE ] NativeWifiP C:\WINDOWS\system32\DRIVERS\nwifi.sys
21:05:27.0526 0x05e0 NativeWifiP - ok
21:05:27.0573 0x05e0 [ 11BE8117653C542D264788A700AC5BFE, 87EAAC2DF62BB26619DA72950F5EE41DCA1DBDF93F098647F9D200D588F14003 ] NcaSvc C:\WINDOWS\System32\ncasvc.dll
21:05:27.0588 0x05e0 NcaSvc - ok
21:05:27.0651 0x05e0 [ 286C6276B2BA86F29A0F687D05466277, AC8551536F37717A0ACE4A260F5696D1276F7AC62F669E8F12AA158DD86F71A5 ] NcbService C:\WINDOWS\System32\ncbservice.dll
21:05:27.0666 0x05e0 NcbService - ok
21:05:27.0698 0x05e0 [ C55DA734ED2A831E0BACAAFA01CEB7FF, 9D989B03D07BBAD287B317D238691664B0694331D6A69B7A1AA3D8AB7D1323FC ] NcdAutoSetup C:\WINDOWS\System32\NcdAutoSetup.dll
21:05:27.0698 0x05e0 NcdAutoSetup - ok
21:05:27.0745 0x05e0 [ CF8296427834CF8BBB3EE1444C17362D, 6EFBE1F015DFFA0704C66DF5C88089DD5771E1542018E4AE98389CFF3D0B2309 ] ndfltr C:\WINDOWS\System32\drivers\ndfltr.sys
21:05:27.0745 0x05e0 ndfltr - ok
21:05:27.0854 0x05e0 [ 616F40B897DA651221F86A1741E9609B, 22D66029726313D92FC8E074BCC51C1E1560CB5FE36DCB735E7E063EA53E299A ] NDIS C:\WINDOWS\system32\drivers\ndis.sys
21:05:27.0916 0x05e0 NDIS - ok
21:05:27.0963 0x05e0 [ A0719D1EBA971DFC5DF5F7CC010385F8, A982487D3A74E66F3C29AAA5B46CE9A0969F07F267DDEFE58C58573573AB0024 ] NdisCap C:\WINDOWS\system32\drivers\ndiscap.sys
21:05:27.0963 0x05e0 NdisCap - ok
21:05:27.0995 0x05e0 [ 0C557932CCCC65AEB37326DD36504527, C0AF3066DEE4BCC32DB30CCC16B7A91442A8383BB36C7C4E3CC0A5EFE0FAAA9B ] NdisImPlatform C:\WINDOWS\system32\drivers\NdisImPlatform.sys
21:05:28.0010 0x05e0 NdisImPlatform - ok
21:05:28.0026 0x05e0 [ 56F9345D1945826135FBAB7589592B1F, 6BC2A5900076B917823C7392C582A2648D0C8000F2F65D309D5B48E36D4FB4D6 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:05:28.0026 0x05e0 NdisTapi - ok
21:05:28.0073 0x05e0 [ AADFC340939D99E5D756E713E1D452EB, EFEFDBB2188DE82C2C5E67929861B269FD4C127D34D1DE6D0596ABC33E2C2B51 ] Ndisuio C:\WINDOWS\system32\drivers\ndisuio.sys
21:05:28.0073 0x05e0 Ndisuio - ok
21:05:28.0088 0x05e0 [ 312DFD787D99D3BF1427B0388BC04F71, C082CA1F332AD57FF2100748518D3D7B3D0F1B042F69BD7401C44B77AFE97462 ] NdisVirtualBus C:\WINDOWS\System32\drivers\NdisVirtualBus.sys
21:05:28.0088 0x05e0 NdisVirtualBus - ok
21:05:28.0135 0x05e0 [ 2103F43E0A1ECFB14B7E1B889F5F24D7, 6A86E854C89E132DBC9183DE2B9464DC592E7492BE267BA02FE4DAFE6FA87528 ] NdisWan C:\WINDOWS\System32\drivers\ndiswan.sys
21:05:28.0151 0x05e0 NdisWan - ok
21:05:28.0182 0x05e0 [ 2103F43E0A1ECFB14B7E1B889F5F24D7, 6A86E854C89E132DBC9183DE2B9464DC592E7492BE267BA02FE4DAFE6FA87528 ] ndiswanlegacy C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:05:28.0182 0x05e0 ndiswanlegacy - ok
21:05:28.0213 0x05e0 [ 6E98F16983C4AE8703FF9F90AB4B31DD, BB8BD5DB4B5FB31F3A257747C27CBEFA4B7837EC5C0CF3D4F408E626E4003F4C ] ndproxy C:\WINDOWS\system32\DRIVERS\NDProxy.sys
21:05:28.0213 0x05e0 ndproxy - ok
21:05:28.0245 0x05e0 [ F1B7CC77F412C8D45B2DDCF76EDA4F9D, 25F2AA76E675D9BCC0B1FD47AFEC6DF2D0B47E7B1C8AF6FB27C1ED2FB902961A ] Ndu C:\WINDOWS\system32\drivers\Ndu.sys
21:05:28.0260 0x05e0 Ndu - ok
21:05:28.0276 0x05e0 [ 824FDC990A3F79069BE468A132EB6888, D09F7A9EC04E37DA504CE54EEC25C312B407B6A8B214CBB074BEB50DE420F52A ] NetBIOS C:\WINDOWS\system32\drivers\netbios.sys
21:05:28.0276 0x05e0 NetBIOS - ok
21:05:28.0323 0x05e0 [ F0D791348AD254360CC3C3E501CCB745, E4CAB4D3C2CD3169731283B00DEBFE26438BB66A3F0D78BDB68E876A14FC7070 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
21:05:28.0338 0x05e0 NetBT - ok
21:05:28.0370 0x05e0 [ 9A83FA0EC9B0DCED2CBC49DD05901920, 14D2F241235E2693C68BCCF05D83F2A1C9A7BE185C83E7C6C63EF0F654892F95 ] Netlogon C:\WINDOWS\system32\lsass.exe
21:05:28.0370 0x05e0 Netlogon - ok
21:05:28.0416 0x05e0 [ 7C8A7380CBE45DFD3DF118D8601499A7, C137280B7696F8CF4258BDC8B241C66BB3AA5708C5410D85255E46C7E8284826 ] Netman C:\WINDOWS\System32\netman.dll
21:05:28.0432 0x05e0 Netman - ok
21:05:28.0510 0x05e0 [ BBE9D72EFC7BD66B28309C3607683DBA, FC372EFBC650CE0BDB117858D840A1FB361947B1C67D1DD16BABA95D0286856A ] netprofm C:\WINDOWS\System32\netprofmsvc.dll
21:05:28.0557 0x05e0 netprofm - ok
21:05:28.0604 0x05e0 [ B50C003F86EFEDAB844AC808C6A6CB6C, DE27531037129830FD537114B0299B80A0C87C3515411EC95001BC6334ADA5C7 ] NetSetupSvc C:\WINDOWS\System32\NetSetupSvc.dll
21:05:28.0620 0x05e0 NetSetupSvc - ok
21:05:28.0666 0x05e0 [ FBF2ACE9B10DDE0B4108930D78370E86, 2A4910F071747B786EA49A638B3AAB698DCD0AD7FE702078BA83F85C533A227E ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:05:28.0713 0x05e0 NetTcpPortSharing - ok
21:05:28.0760 0x05e0 [ 46E862DA2CF8F351375EF537276B69B5, AC0FE0977E56380849DCE668AC0F5AF183AAB115ED84ADD964E390CC0BEDF6D3 ] netvsc C:\WINDOWS\System32\drivers\netvsc.sys
21:05:28.0760 0x05e0 netvsc - ok
|
So funktioniert es:
FRST 32-Bit | FRST 64-Bit
TDSSKiller.exe und speichere diese Datei auf dem Desktop
und 
und speichere die Logdatei auf Deinem Desktop.