Fremder Amazonzugriff - Verstecktes auf dem PC ?

Explo · 25.09.2016, 15:45

Hallo zusammen,

kürzlichst hat sich jemand Zugriff zu meinem Amazonkonto verschafft. (Bemerkt an einer fremden Bestellung). Mit Amazon & co. bin ich bereits in Kontakt - allerdings würde ich gerne mal meinen PC gegenchecken lassen um mögliche Malware (bestmöglichst) auszuschließen.

Danke schonmal!

Anbei schonmal die FRST-Logs:

FRST.txt

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 24-09-2016 02
durchgeführt von Explo (Administrator) auf EXPLOOLPXE (25-09-2016 16:42:42)
Gestartet von C:\Users\Explo\Desktop
Geladene Profile: Explo (Verfügbare Profile: Explo)
Platform: Windows 8.1 (Update) (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
() C:\Program Files (x86)\WatchGuard\WatchGuard Mobile VPN with SSL\wgsslvpnsrc.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2guard.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2start.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) C:\Users\Explo\Desktop\FRST64(1).exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161728 2015-11-12] (IvoSoft)
HKLM\...\Run: [emsisoft anti-malware] => c:\program files\emsisoft anti-malware\a2guard.exe [7241200 2016-07-26] (Emsisoft Ltd)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2631120 2016-07-28] (Malwarebytes Corporation)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [222240 2016-04-28] (Geek Software GmbH)
HKU\S-1-5-21-2660694709-3229954312-2415296201-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2858272 2016-09-20] (Valve Corporation)
HKU\S-1-5-21-2660694709-3229954312-2415296201-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29494400 2016-07-13] (Skype Technologies S.A.)
HKU\S-1-5-21-2660694709-3229954312-2415296201-1001\...\MountPoints2: {44c36233-3e29-11e6-824f-806e6f6e6963} - "D:\data\setup.exe" 
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-11-12] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-11-12] (IvoSoft)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{7FF5B267-6E7E-4F2F-8485-E85A2F3A42A4}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-09-20] (Microsoft Corporation)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-11-12] (IvoSoft)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-09-20] (Microsoft Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2015-11-12] (IvoSoft)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2016-09-20] (Microsoft Corporation)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-11-12] (IvoSoft)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-09-20] (Microsoft Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2015-11-12] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-11-12] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-11-12] (IvoSoft)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-09-20] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-09-20] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-09-20] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-09-20] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Explo\AppData\Roaming\Mozilla\Firefox\Profiles\soi4m1s1.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_162.dll [2016-09-20] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-09-20] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-09-20] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-09-20] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Extension: (DownThemAll!) - C:\Users\Explo\AppData\Roaming\Mozilla\Firefox\Profiles\soi4m1s1.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2015-05-31]
FF Extension: (Stylish) - C:\Users\Explo\AppData\Roaming\Mozilla\Firefox\Profiles\soi4m1s1.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2015-05-31]
FF Extension: (Greasemonkey) - C:\Users\Explo\AppData\Roaming\Mozilla\Firefox\Profiles\soi4m1s1.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2015-05-31]
FF Extension: (anonymoX) - C:\Users\Explo\AppData\Roaming\Mozilla\Firefox\Profiles\soi4m1s1.default\Extensions\client@anonymox.net.xpi [2015-05-31]
FF Extension: (Ghostery) - C:\Users\Explo\AppData\Roaming\Mozilla\Firefox\Profiles\soi4m1s1.default\Extensions\firefox@ghostery.com.xpi [2015-05-29]
FF Extension: (Diablo 3 profile +) - C:\Users\Explo\AppData\Roaming\Mozilla\Firefox\Profiles\soi4m1s1.default\Extensions\jid1-M4HE20OYnEIt5A@jetpack.xpi [2015-05-29]
FF Extension: (Snap Links Plus) - C:\Users\Explo\AppData\Roaming\Mozilla\Firefox\Profiles\soi4m1s1.default\Extensions\snaplinks@snaplinks.mozdev.org.xpi [2015-05-29]
FF Extension: (uBlock Origin) - C:\Users\Explo\AppData\Roaming\Mozilla\Firefox\Profiles\soi4m1s1.default\Extensions\uBlock0@raymondhill.net.xpi [2016-05-28]
FF Extension: (NoScript) - C:\Users\Explo\AppData\Roaming\Mozilla\Firefox\Profiles\soi4m1s1.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-06-14]
FF Extension: (Adblock Plus) - C:\Users\Explo\AppData\Roaming\Mozilla\Firefox\Profiles\soi4m1s1.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-05-28]

Chrome: 
=======
CHR Profile: C:\Users\Explo\AppData\Local\Google\Chrome\User Data\Default [2016-09-25]
CHR Extension: (Google Präsentationen) - C:\Users\Explo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-06-29]
CHR Extension: (Google Docs) - C:\Users\Explo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-29]
CHR Extension: (Google Drive) - C:\Users\Explo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-29]
CHR Extension: (YouTube) - C:\Users\Explo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-29]
CHR Extension: (Google Tabellen) - C:\Users\Explo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-06-29]
CHR Extension: (Google Docs Offline) - C:\Users\Explo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-29]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Explo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-29]
CHR Extension: (Google Mail) - C:\Users\Explo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-29]
CHR Extension: (Chrome Media Router) - C:\Users\Explo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-21]

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [9331168 2016-07-26] (Emsisoft Ltd)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3035848 2016-09-15] (Microsoft Corporation)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [750032 2016-07-28] (Malwarebytes Corporation)
S3 vmicvss; C:\Windows\System32\ICSvc.dll [524800 2014-11-21] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 wgsslvpnsrc; C:\Program Files (x86)\WatchGuard\WatchGuard Mobile VPN with SSL\wgsslvpnsrc.exe [102912 2016-05-20] () [Datei ist nicht signiert]
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R1 epp; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\epp.sys [115832 2016-07-21] (Emsisoft Ltd)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [74984 2016-07-28] ()
R1 VBoxUSBMon; C:\Windows\system32\DRIVERS\VBoxUSBMon.sys [127432 2015-09-16] (BigNox Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
R1 XQHDrv; C:\Windows\system32\DRIVERS\XQHDrv.sys [253384 2015-09-16] (BigNox Corporation)
R1 XQHDrv; C:\Windows\SysWOW64\DRIVERS\XQHDrv.sys [253384 2015-09-16] (BigNox Corporation)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-09-25 16:42 - 2016-09-25 16:43 - 00013860 _____ C:\Users\Explo\Desktop\FRST.txt
2016-09-25 16:35 - 2016-09-25 16:35 - 02402816 _____ (Farbar) C:\Users\Explo\Desktop\FRST64(1).exe
2016-09-24 15:22 - 2016-09-24 20:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2016-09-20 22:40 - 2016-09-20 22:40 - 01610560 _____ (Malwarebytes) C:\Users\Explo\Downloads\JRT(1).exe
2016-09-20 22:32 - 2016-09-20 22:32 - 03861056 _____ C:\Users\Explo\Downloads\AdwCleaner_6.020.exe
2016-09-20 22:07 - 2016-08-27 21:44 - 22360288 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-09-20 22:07 - 2016-08-27 21:44 - 02755504 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-09-20 22:07 - 2016-08-27 21:44 - 00133256 _____ (Microsoft Corporation) C:\Windows\system32\RestoreOptIn.exe
2016-09-20 22:07 - 2016-08-27 20:26 - 19789232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-09-20 22:07 - 2016-08-27 20:26 - 02411048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-09-20 22:07 - 2016-08-27 20:26 - 00113656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RestoreOptIn.exe
2016-09-20 22:07 - 2016-08-27 18:33 - 02881536 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2016-09-20 22:07 - 2016-08-27 18:11 - 01049600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2016-09-20 22:07 - 2016-08-27 18:09 - 14466560 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2016-09-20 22:07 - 2016-08-27 17:55 - 12879360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2016-09-20 22:07 - 2016-08-25 22:50 - 00747008 _____ (Microsoft Corporation) C:\Windows\system32\ntshrui.dll
2016-09-20 22:07 - 2016-08-25 21:40 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
2016-09-20 22:07 - 2016-08-21 00:24 - 02778624 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-09-20 22:07 - 2016-08-21 00:12 - 02463744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-09-20 22:07 - 2016-08-13 02:05 - 09323008 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2016-09-20 22:07 - 2016-08-13 02:03 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwifibus.sys
2016-09-20 22:07 - 2016-08-13 02:02 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwififlt.sys
2016-09-20 22:07 - 2016-08-13 02:01 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwifimp.sys
2016-09-20 22:07 - 2016-08-13 00:35 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\rastapi.dll
2016-09-20 22:07 - 2016-08-13 00:19 - 09323008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2016-09-20 22:07 - 2016-08-12 23:47 - 15431168 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-09-20 22:07 - 2016-08-12 23:17 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastapi.dll
2016-09-20 22:07 - 2016-08-12 22:52 - 13317120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-09-20 22:07 - 2016-08-12 03:58 - 02315496 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2016-09-20 22:07 - 2016-08-12 03:58 - 01946176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2016-09-20 22:07 - 2016-08-11 20:33 - 00096256 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\parport.sys
2016-09-20 22:07 - 2016-08-11 20:33 - 00083456 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\serial.sys
2016-09-20 22:07 - 2016-08-11 20:33 - 00023040 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\serenum.sys
2016-09-20 22:07 - 2016-08-11 19:17 - 01574912 _____ (Microsoft Corporation) C:\Windows\system32\wbengine.exe
2016-09-20 22:07 - 2016-08-11 15:39 - 00445765 _____ C:\Windows\system32\ApnDatabase.xml
2016-09-20 22:07 - 2016-08-11 15:12 - 00875720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2016-09-20 22:07 - 2016-08-11 15:12 - 00536776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll
2016-09-20 22:07 - 2016-08-11 15:12 - 00028352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll
2016-09-20 22:07 - 2016-08-11 15:11 - 00869576 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2016-09-20 22:07 - 2016-08-11 15:11 - 00678592 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll
2016-09-20 22:07 - 2016-08-11 15:11 - 00029888 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
2016-09-20 22:07 - 2016-08-11 07:46 - 00420184 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
2016-09-20 22:07 - 2016-08-03 17:42 - 01317888 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Streaming.dll
2016-09-20 22:07 - 2016-08-03 17:36 - 01102848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Streaming.dll
2016-09-20 22:07 - 2016-08-03 17:36 - 00289792 _____ (Microsoft Corporation) C:\Windows\system32\PlayToDevice.dll
2016-09-20 22:07 - 2016-08-03 17:33 - 00215552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PlayToDevice.dll
2016-09-20 22:07 - 2016-07-30 19:12 - 02896384 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
2016-09-20 22:07 - 2016-07-30 18:36 - 02537472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2016-09-20 22:07 - 2016-07-26 15:40 - 00162850 _____ C:\Windows\SysWOW64\C_932.NLS
2016-09-20 22:07 - 2016-07-26 15:40 - 00162850 _____ C:\Windows\system32\C_932.NLS
2016-09-20 22:07 - 2016-07-23 20:18 - 01220096 _____ (Microsoft Corporation) C:\Windows\system32\twinui.appcore.dll
2016-09-20 22:07 - 2016-07-23 20:12 - 00954880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.appcore.dll
2016-09-20 03:46 - 2016-09-20 03:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office -Tools
2016-09-15 10:12 - 2016-09-15 10:12 - 00271112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vccorlib140.dll
2016-09-15 10:12 - 2016-09-15 10:12 - 00244504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\concrt140.dll
2016-09-15 10:10 - 2016-09-15 10:10 - 00085744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vcruntime140.dll
2016-09-15 10:08 - 2016-09-15 10:08 - 00443632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp140.dll
2016-09-15 10:08 - 2016-09-15 10:08 - 00394504 _____ (Microsoft Corporation) C:\Windows\system32\vccorlib140.dll
2016-09-15 10:08 - 2016-09-15 10:08 - 00334616 _____ (Microsoft Corporation) C:\Windows\system32\concrt140.dll
2016-09-15 10:08 - 2016-09-15 10:08 - 00089328 _____ (Microsoft Corporation) C:\Windows\system32\vcruntime140.dll
2016-09-15 10:06 - 2016-09-15 10:06 - 00639728 _____ (Microsoft Corporation) C:\Windows\system32\msvcp140.dll
2016-09-15 08:08 - 2016-09-01 05:08 - 20312064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-09-15 08:08 - 2016-09-01 04:46 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-09-15 08:08 - 2016-09-01 04:24 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-09-15 08:08 - 2016-09-01 03:39 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-09-15 08:08 - 2016-09-01 03:30 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-09-15 08:08 - 2016-09-01 03:27 - 13808128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-09-15 08:08 - 2016-09-01 03:24 - 04607488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-09-15 08:08 - 2016-09-01 02:45 - 25770496 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-09-15 08:08 - 2016-09-01 02:43 - 02445824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-09-15 08:08 - 2016-09-01 02:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-09-15 08:08 - 2016-09-01 02:38 - 01316352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-09-15 08:08 - 2016-09-01 02:24 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-09-15 08:08 - 2016-09-01 02:10 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-09-15 08:08 - 2016-09-01 02:06 - 06047232 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-09-15 08:08 - 2016-09-01 01:38 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-09-15 08:08 - 2016-09-01 01:28 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-09-15 08:08 - 2016-09-01 01:15 - 15411712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-09-15 08:08 - 2016-09-01 01:10 - 02921472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-09-15 08:08 - 2016-09-01 00:58 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-09-15 08:08 - 2016-09-01 00:47 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-09-15 08:08 - 2016-08-26 07:51 - 02894336 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-09-15 08:08 - 2016-08-26 06:44 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-09-15 08:08 - 2016-08-21 01:45 - 07076864 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll
2016-09-15 08:08 - 2016-08-21 01:22 - 00435200 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-09-15 08:08 - 2016-08-21 01:05 - 05273600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll
2016-09-15 08:08 - 2016-08-21 00:50 - 00360448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-09-15 08:08 - 2016-08-21 00:42 - 07795712 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2016-09-15 08:08 - 2016-08-21 00:27 - 05268480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2016-09-15 08:08 - 2016-08-10 00:47 - 00803176 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-09-15 08:08 - 2016-08-10 00:47 - 00611576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-09-15 08:08 - 2016-08-04 16:17 - 00416768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-09-15 08:08 - 2016-08-03 20:06 - 00675328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-09-15 08:08 - 2016-08-03 20:05 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-09-15 08:07 - 2016-09-08 23:51 - 00443224 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-09-15 08:07 - 2016-09-08 23:51 - 00332632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-09-15 08:07 - 2016-08-22 18:06 - 00179248 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-09-15 08:07 - 2016-08-22 18:06 - 00100184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-09-15 08:07 - 2016-08-21 03:03 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-09-15 08:07 - 2016-08-21 03:01 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-09-15 08:07 - 2016-08-21 03:01 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-09-15 08:07 - 2016-08-21 02:17 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-09-15 08:07 - 2016-08-21 01:27 - 01445376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-09-15 08:07 - 2016-08-21 01:26 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-09-15 08:07 - 2016-08-21 00:55 - 00104960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-09-15 08:07 - 2016-08-14 21:34 - 01541248 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-09-15 08:07 - 2016-08-14 20:25 - 04171264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-09-15 08:07 - 2016-08-14 18:14 - 01376768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2016-09-15 08:07 - 2016-08-13 09:41 - 07445848 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-09-15 08:07 - 2016-08-13 09:40 - 01737080 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-09-15 08:07 - 2016-08-13 09:40 - 01663184 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-09-15 08:07 - 2016-08-13 09:40 - 01523208 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2016-09-15 08:07 - 2016-08-13 09:40 - 01490120 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-09-15 08:07 - 2016-08-13 09:40 - 01358952 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2016-09-15 08:07 - 2016-08-13 02:04 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-09-15 08:07 - 2016-08-11 18:26 - 01156608 _____ (Microsoft Corporation) C:\Windows\system32\wwanmm.dll
2016-09-15 08:07 - 2016-08-11 18:17 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\pnidui.dll
2016-09-15 08:07 - 2016-08-11 18:16 - 00455680 _____ (Microsoft Corporation) C:\Windows\system32\wwanconn.dll
2016-09-11 14:29 - 2016-09-11 14:29 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2016-09-04 13:11 - 2016-09-11 14:30 - 00000000 ____D C:\Users\Explo\Downloads\MusiHandy

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-09-25 16:42 - 2016-08-20 23:32 - 00000000 ____D C:\FRST
2016-09-25 16:38 - 2016-07-01 20:19 - 00000000 ____D C:\Users\Explo\AppData\Roaming\Skype
2016-09-25 16:22 - 2016-06-29 20:55 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware
2016-09-25 16:20 - 2016-06-29 21:02 - 00001140 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-25 12:44 - 2016-07-01 20:05 - 00000000 ____D C:\Users\Explo\AppData\Local\Battle.net
2016-09-25 10:21 - 2016-06-29 20:55 - 00000000 ____D C:\Users\Explo\AppData\Local\ClassicShell
2016-09-25 09:54 - 2016-07-01 20:05 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-09-25 09:20 - 2016-06-29 21:02 - 00001136 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-25 01:21 - 2016-07-01 20:12 - 00000000 ____D C:\Program Files (x86)\Steam
2016-09-24 20:00 - 2016-06-29 20:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-09-24 16:56 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\rescache
2016-09-24 14:00 - 2016-07-01 20:11 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2016-09-22 11:03 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp
2016-09-21 23:41 - 2014-11-21 05:35 - 01686150 _____ C:\Windows\system32\PerfStringBackup.INI
2016-09-21 23:41 - 2014-11-21 04:45 - 00727930 _____ C:\Windows\system32\perfh007.dat
2016-09-21 23:41 - 2014-11-21 04:45 - 00151586 _____ C:\Windows\system32\perfc007.dat
2016-09-21 23:41 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\Inf
2016-09-20 22:42 - 2016-07-31 00:16 - 00000543 _____ C:\Users\Explo\Desktop\JRT.txt
2016-09-20 22:38 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-09-20 22:37 - 2016-07-31 00:03 - 00000000 ____D C:\AdwCleaner
2016-09-20 22:22 - 2016-07-01 21:14 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-09-20 22:09 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-09-20 22:08 - 2013-08-22 17:36 - 00000000 ___RD C:\Windows\ToastData
2016-09-20 22:07 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-09-20 22:07 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\Macromed
2016-09-20 22:06 - 2016-07-01 19:29 - 00000000 ____D C:\Users\Explo\AppData\Local\Adobe
2016-09-20 22:05 - 2016-07-01 20:19 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-09-20 22:04 - 2013-08-22 16:44 - 00473064 _____ C:\Windows\system32\FNTCACHE.DAT
2016-09-20 22:02 - 2016-06-29 20:47 - 00000000 ____D C:\Users\Explo
2016-09-20 20:28 - 2016-06-29 20:47 - 00000000 ____D C:\Users\Explo\AppData\Local\Packages
2016-09-20 10:11 - 2016-06-29 20:52 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2660694709-3229954312-2415296201-1001
2016-09-20 03:46 - 2013-08-22 17:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-09-20 03:45 - 2016-07-01 20:44 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-09-17 23:23 - 2016-06-29 20:51 - 00000000 __SHD C:\Users\Explo\AppData\LocalLow\EmieUserList
2016-09-17 23:23 - 2016-06-29 20:51 - 00000000 __SHD C:\Users\Explo\AppData\LocalLow\EmieSiteList
2016-09-17 23:23 - 2016-06-29 20:51 - 00000000 __SHD C:\Users\Explo\AppData\Local\EmieUserList
2016-09-17 23:23 - 2016-06-29 20:51 - 00000000 __SHD C:\Users\Explo\AppData\Local\EmieSiteList
2016-09-17 13:21 - 2016-06-29 21:02 - 00002207 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-09-17 13:21 - 2016-06-29 21:02 - 00002195 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-09-17 13:00 - 2016-06-29 21:09 - 00000000 ____D C:\Windows\system32\MRT
2016-09-17 12:58 - 2016-06-29 21:09 - 144199024 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-09-16 08:17 - 2016-07-01 20:11 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-09-16 08:16 - 2013-08-22 17:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-09-16 08:16 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness
2016-09-10 18:19 - 2016-08-07 00:55 - 00096256 ___SH C:\Users\Explo\Downloads\Thumbs.db
2016-09-07 03:11 - 2014-11-21 13:01 - 00828408 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-09-07 03:11 - 2014-11-21 13:01 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-09-04 22:48 - 2016-07-24 21:06 - 00000000 ____D C:\Users\Explo\AppData\Roaming\TS3Client

Einige Dateien in TEMP:
====================
C:\Users\Explo\AppData\Local\Temp\libeay32.dll
C:\Users\Explo\AppData\Local\Temp\msvcr120.dll
C:\Users\Explo\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-09-22 08:03

==================== Ende von FRST.txt ============================

Addition.txt

Code:

ATTFilter

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 24-09-2016 02
durchgeführt von Explo (25-09-2016 16:43:04)
Gestartet von C:\Users\Explo\Desktop
Windows 8.1 (Update) (X64) (2016-06-29 18:47:35)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-2660694709-3229954312-2415296201-500 - Administrator - Disabled)
Explo (S-1-5-21-2660694709-3229954312-2415296201-1001 - Administrator - Enabled) => C:\Users\Explo
Gast (S-1-5-21-2660694709-3229954312-2415296201-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2660694709-3229954312-2415296201-1003 - Limited - Enabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Emsisoft Anti-Malware (Enabled - Up to date) {D1196F3E-3487-585D-3681-0661BD157EC3}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Emsisoft Anti-Malware (Enabled - Up to date) {6A788EDA-12BD-57D3-0C31-3D13C692347E}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

7-Zip 16.02 (x64) (HKLM\...\7-Zip) (Version: 16.02 - Igor Pavlov)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.162 - Adobe Systems Incorporated)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Canon MG5100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5100_series) (Version:  - )
Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
CCleaner (HKLM\...\CCleaner) (Version: 5.19 - Piriform)
Classic Shell (HKLM\...\{D4B3454F-7529-4F5F-851D-2C36933F7D64}) (Version: 4.2.5 - IvoSoft)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version:  - Valve)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 11.8 - Emsisoft Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 53.0.2785.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Indiana Jones and the Fate of Atlantis (HKLM\...\Steam App 6010) (Version:  - LucasArts)
Indiana Jones and the Last Crusade (HKLM\...\Steam App 32310) (Version:  - LucasArts)
Malwarebytes Anti-Exploit version 1.8.1.2572 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.8.1.2572 - Malwarebytes)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office 365 ProPlus - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 16.0.7341.2032 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2660694709-3229954312-2415296201-1001\...\OneDriveSetup.exe) (Version: 17.3.6517.0809 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Mozilla Firefox 47.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 47.0.1 (x86 de)) (Version: 47.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.1.1 - Mozilla)
Mozilla Thunderbird 45.3.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 45.3.0 (x86 de)) (Version: 45.3.0 - Mozilla)
Nox APP Player (HKLM-x32\...\Nox) (Version: 3.7.0.0 - Duodian Technology Co. Ltd.)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7341.2032 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7341.2032 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7341.2032 - Microsoft Corporation) Hidden
PDF24 Creator 7.8.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Skype™ 7.26 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.26.101 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Steuer-Sparer 2016 (HKLM-x32\...\{F7B36B93-F38D-4A38-A028-31E0A9622377}) (Version: 21.36.103 - Akademische Arbeitsgemeinschaft)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WatchGuard Mobile VPN with SSL client 11.11.1 (HKLM-x32\...\Mobile VPN with SSL client_is1) (Version:  - WatchGuard)
Windows Driver Package - BigNox Corporation VBoxUSBMon System  (09/16/2015 4.3.12) (HKLM\...\39F54A37125643D2E1E90FA7D81F36ACC9441510) (Version: 09/16/2015 4.3.12 - BigNox Corporation)
Windows Driver Package - BigNox Corporation XQHDrv System  (09/16/2015 4.3.12) (HKLM\...\0147813640F7AF69F569581EE672B6BE1E71798E) (Version: 09/16/2015 4.3.12 - BigNox Corporation)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-2660694709-3229954312-2415296201-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Explo\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileCoAuthLib64.dll ()
CustomCLSID: HKU\S-1-5-21-2660694709-3229954312-2415296201-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Explo\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileCoAuth.exe (Microsoft Corporation)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2BD74BE7-F8EE-4916-B285-254F5F709F5A} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Explo\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe [2016-08-23] (Microsoft Corporation)
Task: {2F6D9F3C-4038-48C9-9A2C-35F46F1D1B71} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-08] (Adobe Systems Incorporated)
Task: {300B3F61-8B5F-492E-898A-129E92D2C7CE} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-09-15] (Microsoft Corporation)
Task: {31F129B7-7C79-47E5-9135-0C23A7A1A724} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-09-20] (Microsoft Corporation)
Task: {5C98F5E7-4738-47CC-87F1-7D71EF6A234D} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2660694709-3229954312-2415296201-1001 => C:\Users\Explo\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2016-08-23] (Microsoft Corporation)
Task: {6D7FC688-3265-4A89-AEA9-AE2E92748830} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-09-20] (Microsoft Corporation)
Task: {8D157702-884B-4C19-A013-9BAE14350FAB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-09-20] (Microsoft Corporation)
Task: {A2B21CB4-CAD1-4F4E-9157-83E4B90F1E45} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-29] (Google Inc.)
Task: {B20D4010-3E88-46C4-B687-AEC26B60CD5F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-09-15] (Microsoft Corporation)
Task: {CA4CAC4E-203E-4C7D-96FE-D9D0B9E9C0A6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-06-10] (Piriform Ltd)
Task: {E0882EFE-7121-41B2-9CD6-D4FBC84337DC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-29] (Google Inc.)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2016-08-08 20:15 - 2016-05-20 14:34 - 00102912 _____ () C:\Program Files (x86)\WatchGuard\WatchGuard Mobile VPN with SSL\wgsslvpnsrc.exe
2016-08-23 07:54 - 2016-08-23 07:54 - 01864384 _____ () C:\Users\Explo\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\ClientTelemetry.dll
2016-07-01 20:13 - 2016-09-08 05:14 - 00784672 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2016-07-01 20:13 - 2016-09-01 03:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2016-07-01 20:13 - 2016-09-20 21:28 - 02321696 _____ () C:\Program Files (x86)\Steam\video.dll
2016-07-01 20:13 - 2016-09-01 03:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2016-07-01 20:13 - 2016-09-01 03:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2016-07-01 20:13 - 2016-01-27 09:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2016-07-01 20:13 - 2016-01-27 09:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2016-07-01 20:13 - 2016-01-27 09:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2016-07-01 20:13 - 2016-01-27 09:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2016-07-01 20:13 - 2016-01-27 09:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2016-07-01 20:13 - 2016-09-20 21:28 - 00835360 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-07-01 20:13 - 2016-07-05 00:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-07-01 20:13 - 2016-08-04 22:56 - 49825056 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2016-07-01 20:13 - 2015-09-25 01:52 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-2660694709-3229954312-2415296201-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Theme1\img1.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==


==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{A4B97141-D89E-4EE8-ACE4-4559D1F34496}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BC8FE7C2-CDBA-4BDF-AFF1-7F9C9A482E8D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E58F6AA9-6B7A-4F52-B0DD-A25E929177DC}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{FE096311-28E3-41CB-B8CA-CEDB64D26F78}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7A5BE588-9842-4F52-B39C-A131BDE0DDCF}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{8DFB4653-91F3-4A84-9ED0-70408D3BDE58}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{9DF438BD-0DAE-4485-B127-2C7F1CC6107B}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{EFFFF3EB-C45B-452F-9E0C-592097F5E318}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{FE0FD2B4-79F2-4219-9769-0D3658F76862}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{37C2A57F-399A-4C0B-81E9-F01F4133B979}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{4C3CBECB-9E97-4EE5-9EE2-8AF541EADFB7}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{0FFBFC7B-E945-4EDF-B1D2-F8C9D443F6A8}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{34545FA1-97B4-4F23-92D1-0650D03A1F5E}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{8A1CB675-2E23-4689-9EFD-5E7E1BCCBD70}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{4ADAD218-54E7-44D5-A60C-5476B2A0FDE9}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [TCP Query User{BC3C53C6-0FEB-40C1-B7E0-70C8802B85C5}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{DBD7A83E-48E8-4579-A56C-6B6DF8168525}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [TCP Query User{AB093F08-3A25-4FB9-8016-B61FFD245091}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{6EFDF932-E080-48C6-A8AB-BC29FF84C368}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{DA1ADFB6-1260-4E7C-A6E7-CD9E711910C9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Indiana Jones and the Last Crusade\Indiana Jones and the Last Crusade.exe
FirewallRules: [{B96A6D67-A99A-42B0-9166-363F798A0642}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Indiana Jones and the Last Crusade\Indiana Jones and the Last Crusade.exe
FirewallRules: [{D8214FAA-B990-4B2F-B455-C1770A9C3BB9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Indiana Jones and the Fate of Atlantis\Indiana Jones and the Fate of Atlantis.exe
FirewallRules: [{FF4BC7F3-CD9E-4A5E-A65A-D9225CC41FC7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Indiana Jones and the Fate of Atlantis\Indiana Jones and the Fate of Atlantis.exe
FirewallRules: [{ED7027B8-DD01-4301-B866-34AF0B76F9FC}] => (Allow) C:\Users\Explo\AppData\Roaming\Nox\bin\Nox.exe
FirewallRules: [{1D31FA23-4BCA-4880-863A-4004FCE8BED2}] => (Allow) C:\Program Files\Bignox\BigNoxVM\RTNoxVMHandle.exe
FirewallRules: [{935AC911-1F71-4956-B689-ABB9AAEFA709}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Wiederherstellungspunkte =========================

10-09-2016 12:58:58 Geplanter Prüfpunkt
17-09-2016 12:57:41 Windows Update
20-09-2016 22:02:50 Windows Update
20-09-2016 22:41:16 JRT Pre-Junkware Removal

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (09/24/2016 04:50:21 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Das Volume "\\?\Volume{b023730f-cb4c-424b-b6ba-7ec01db674a3}\" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)

Error: (09/24/2016 04:50:21 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Das Volume "Wiederherstellung" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)

Error: (09/20/2016 10:08:31 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" in Zeile  1.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition: UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (09/20/2016 10:07:41 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" in Zeile  1.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition: UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (09/18/2016 06:53:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 47.0.1.6018, Zeitstempel: 0x576c9637
Name des fehlerhaften Moduls: mozglue.dll, Version: 47.0.1.6018, Zeitstempel: 0x576c85ba
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000f02b
ID des fehlerhaften Prozesses: 0x1348
Startzeit der fehlerhaften Anwendung: 0x01d210fa8694e9eb
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
Berichtskennung: 6cc806df-7dc0-11e6-825a-b8763fef676c
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (09/18/2016 02:26:41 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Das Volume "\\?\Volume{b023730f-cb4c-424b-b6ba-7ec01db674a3}\" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)

Error: (09/18/2016 02:26:40 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Das Volume "Wiederherstellung" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)

Error: (09/17/2016 01:44:02 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Das Volume "\\?\Volume{b023730f-cb4c-424b-b6ba-7ec01db674a3}\" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)

Error: (09/17/2016 01:44:01 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Das Volume "Wiederherstellung" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)

Error: (09/12/2016 12:39:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 47.0.1.6018, Zeitstempel: 0x576c9637
Name des fehlerhaften Moduls: mozglue.dll, Version: 47.0.1.6018, Zeitstempel: 0x576c85ba
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000f02b
ID des fehlerhaften Prozesses: 0x3484
Startzeit der fehlerhaften Anwendung: 0x01d20c7c9d1bbd8b
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
Berichtskennung: 94350968-7870-11e6-825a-b8763fef676c
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:


Systemfehler:
=============
Error: (09/25/2016 04:34:52 AM) (Source: DCOM) (EventID: 10010) (User: ExploolpxE)
Description: Der Server "{BF6C1E47-86EC-4194-9CE5-13C15DCB2001}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (09/25/2016 04:34:22 AM) (Source: DCOM) (EventID: 10010) (User: ExploolpxE)
Description: Der Server "{1B1F472E-3221-4826-97DB-2C2324D389AE}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (09/24/2016 06:28:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.

Error: (09/24/2016 06:28:54 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.

Error: (09/24/2016 04:51:19 PM) (Source: DCOM) (EventID: 10010) (User: ExploolpxE)
Description: Der Server "{1B1F472E-3221-4826-97DB-2C2324D389AE}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (09/24/2016 04:50:49 PM) (Source: DCOM) (EventID: 10010) (User: ExploolpxE)
Description: Der Server "{BF6C1E47-86EC-4194-9CE5-13C15DCB2001}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (09/24/2016 01:22:57 PM) (Source: DCOM) (EventID: 10010) (User: ExploolpxE)
Description: Der Server "{BF6C1E47-86EC-4194-9CE5-13C15DCB2001}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (09/23/2016 11:50:37 AM) (Source: DCOM) (EventID: 10010) (User: ExploolpxE)
Description: Der Server "{1B1F472E-3221-4826-97DB-2C2324D389AE}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (09/22/2016 10:00:33 PM) (Source: DCOM) (EventID: 10010) (User: ExploolpxE)
Description: Der Server "{BF6C1E47-86EC-4194-9CE5-13C15DCB2001}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (09/22/2016 09:59:53 PM) (Source: DCOM) (EventID: 10010) (User: ExploolpxE)
Description: Der Server "{1B1F472E-3221-4826-97DB-2C2324D389AE}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.


CodeIntegrity:
===================================
  Date: 2016-08-01 19:04:01.729
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-01 10:11:52.542
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Microsoft signing level requirements.

  Date: 2016-08-01 10:11:50.562
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements.

  Date: 2016-08-01 07:05:41.642
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-01 07:01:03.204
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-01 06:54:05.293
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-01 03:21:42.793
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-01 00:11:23.469
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-01 00:06:44.472
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements.

  Date: 2016-08-01 00:06:38.152
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i7-3632QM CPU @ 2.20GHz
Prozentuale Nutzung des RAM: 41%
Installierter physikalischer RAM: 8139.28 MB
Verfügbarer physikalischer RAM: 4727.77 MB
Summe virtueller Speicher: 12491.28 MB
Verfügbarer virtueller Speicher: 7672.11 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:237.46 GB) (Free:145.83 GB) NTFS
Drive d: (212038) (CDROM) (Total:0.22 GB) (Free:0 GB) CDFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== Ende von Addition.txt ============================

deeprybka · 25.09.2016, 17:59

Wohin ging denn die Bestellung und was wurde gekauft?

Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das...

Bitte arbeite alle Schritte der Reihe nach ab.
Lies die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem.
Führe bitte nur Scans durch, zu denen Du von mir aufgefordert wurdest.
Bitte kein Crossposting (posten in mehreren Foren).
Installiere oder deinstalliere während der Bereinigung keine Software, außer Du wurdest dazu aufgefordert.
Speichere alle unsere Tools auf dem Desktop ab. Link: So ladet Ihr unsere Tools richtig
Poste die Logfiles direkt in Deinen Thread in Code-Tags.
Bedenke, dass wir hier alle während unserer Freizeit tätig sind, wenn du innerhalb von 24 Stunden nichts von mir liest, dann schreibe mir bitte eine PM.

Hinweis:
Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden.
Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert.
Adware & Co. können wir sehr gut entfernen.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean bekommst.

Los geht's:

Schritt 1
Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Explo · 25.09.2016, 18:59

Es waren 3 Bestellungen. Alle an meine Adresse, alle aus dem gleichen Shop. 2 Davon direkt wieder storniert. Die 3. wurde dann ausgeblendet (dank Kontoauszug "schnell" bemerkt). Ein 25€ "Bunte Nachtlicht Hubschrauber"

__

Log:

Code:

ATTFilter

19:57:44.0569 0x1cdc  TDSS rootkit removing tool 3.1.0.11 Aug  5 2016 12:13:31
19:57:44.0569 0x1cdc  UEFI system
19:58:00.0711 0x1cdc  ============================================================
19:58:00.0711 0x1cdc  Current date / time: 2016/09/25 19:58:00.0711
19:58:00.0711 0x1cdc  SystemInfo:
19:58:00.0711 0x1cdc  
19:58:00.0711 0x1cdc  OS Version: 6.3.9600 ServicePack: 0.0
19:58:00.0711 0x1cdc  Product type: Workstation
19:58:00.0711 0x1cdc  ComputerName: EXPLOOLPXE
19:58:00.0711 0x1cdc  UserName: Explo
19:58:00.0711 0x1cdc  Windows directory: C:\Windows
19:58:00.0711 0x1cdc  System windows directory: C:\Windows
19:58:00.0711 0x1cdc  Running under WOW64
19:58:00.0711 0x1cdc  Processor architecture: Intel x64
19:58:00.0711 0x1cdc  Number of processors: 8
19:58:00.0711 0x1cdc  Page size: 0x1000
19:58:00.0711 0x1cdc  Boot type: Normal boot
19:58:00.0711 0x1cdc  CodeIntegrityOptions = 0x00000001
19:58:00.0711 0x1cdc  ============================================================
19:58:00.0994 0x1cdc  KLMD registered as C:\Windows\system32\drivers\93298841.sys
19:58:00.0994 0x1cdc  KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 9600.18438, osProperties = 0x19
19:58:01.0059 0x1cdc  System UUID: {55A0F149-3CC7-75D8-E4C4-20B3F5523C94}
19:58:01.0289 0x1cdc  Drive \Device\Harddisk0\DR0 - Size: 0x3B9E656000 ( 238.47 Gb ), SectorSize: 0x200, Cylinders: 0x799A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:58:01.0292 0x1cdc  ============================================================
19:58:01.0292 0x1cdc  \Device\Harddisk0\DR0:
19:58:01.0292 0x1cdc  GPT partitions:
19:58:01.0293 0x1cdc  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {E85EACAF-83B7-4626-889B-8B3750D9AAA6}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0x96000
19:58:01.0293 0x1cdc  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {232B0101-B96B-4E5A-8953-E58D154F6C88}, Name: EFI system partition, StartLBA 0x96800, BlocksNum 0x32000
19:58:01.0293 0x1cdc  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {D3254D3B-8619-4FDC-9D36-E81423F2F608}, Name: Microsoft reserved partition, StartLBA 0xC8800, BlocksNum 0x40000
19:58:01.0293 0x1cdc  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {10ABF851-0DDB-4767-92EF-D65936EB56B7}, Name: Basic data partition, StartLBA 0x108800, BlocksNum 0x1DAEB800
19:58:01.0293 0x1cdc  \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {B023730F-CB4C-424B-B6BA-7EC01DB674A3}, Name: , StartLBA 0x1DBF4000, BlocksNum 0xFF000
19:58:01.0293 0x1cdc  MBR partitions:
19:58:01.0293 0x1cdc  ============================================================
19:58:01.0294 0x1cdc  C: <-> \Device\Harddisk0\DR0\Partition4
19:58:01.0294 0x1cdc  ============================================================
19:58:01.0294 0x1cdc  Initialize success
19:58:01.0294 0x1cdc  ============================================================
19:58:29.0055 0x1274  ============================================================
19:58:29.0055 0x1274  Scan started
19:58:29.0055 0x1274  Mode: Manual; SigCheck; TDLFS; 
19:58:29.0055 0x1274  ============================================================
19:58:29.0055 0x1274  KSN ping started
19:58:29.0155 0x1274  KSN ping finished: true
19:58:29.0557 0x1274  ================ Scan system memory ========================
19:58:29.0557 0x1274  System memory - ok
19:58:29.0558 0x1274  ================ Scan services =============================
19:58:29.0590 0x1274  [ E1832BD9FD7E0FC2DC9FA5935DE3E8C1, 41FF7418887AFC8B9C96EF21C5950DD342CC9E3C0D87AFD60A05B988C1D6CC23 ] 1394ohci        C:\Windows\System32\drivers\1394ohci.sys
19:58:29.0631 0x1274  1394ohci - ok
19:58:29.0639 0x1274  [ AD508A1A46EC21B740AB31C28EFDFDB1, 9B1046CF0B80723149BD359B55CC0B8B3ABBEAA9038469F542A4C345C503FB02 ] 3ware           C:\Windows\system32\drivers\3ware.sys
19:58:29.0649 0x1274  3ware - ok
19:58:29.0806 0x1274  [ 02F3BA98D25FD4764CBEFF365EC73113, B8641770BA1782E9A49A217BB142C3CC394CA17C3D2A27422690D336B06D3769 ] a2AntiMalware   C:\Program Files\Emsisoft Anti-Malware\a2service.exe
19:58:30.0011 0x1274  a2AntiMalware - ok
19:58:30.0034 0x1274  [ E796AE43DDD1844281DB4D57294D17C0, 21AE69615044A96041E46476BE814B52C22624B6C7EA6BFC77BB64F69C3C21F5 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
19:58:30.0056 0x1274  ACPI - ok
19:58:30.0061 0x1274  [ AC8279D229398BCF05C3154ADCA86813, 083E86CBE53244D24C334DB1511C77025133AE7875191845764B890A8CA5AFA9 ] acpiex          C:\Windows\system32\Drivers\acpiex.sys
19:58:30.0070 0x1274  acpiex - ok
19:58:30.0073 0x1274  [ A8970D9BF23CD309E0403978A1B58F3F, 9946C8477104EEC7DB197E2222F9905307F101C398CCED4B5FD0F86A5622C791 ] acpipagr        C:\Windows\System32\drivers\acpipagr.sys
19:58:30.0083 0x1274  acpipagr - ok
19:58:30.0086 0x1274  [ 111A89C99C5B4F1A7BCE5F643DD86F65, 41A2E49FF443927D05F7EF638518108227852984E68D4663C8761178C0B84A45 ] AcpiPmi         C:\Windows\System32\drivers\acpipmi.sys
19:58:30.0097 0x1274  AcpiPmi - ok
19:58:30.0100 0x1274  [ 5758387D68A20AE7D3245011B07E36E7, 77832E200E8B0D259552F6F60FE454A887E3EBBB9EA2F3590E6645289A04E293 ] acpitime        C:\Windows\System32\drivers\acpitime.sys
19:58:30.0109 0x1274  acpitime - ok
19:58:30.0115 0x1274  [ A0CAC4F3F998173A8DC1E67E7E0345EF, D0C2F504A5059691EDBBA917D0C6260450A554A365C12E7747E48EE1668C51A5 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:58:30.0124 0x1274  AdobeARMservice - ok
19:58:30.0146 0x1274  [ 7C1FDF1B48298CBA7CE4BDD4978951AD, 80F4D536E1231B30E836F72ADC8814AE6AA9FEC573FB5F3F965FAC8ABCCAF0F8 ] ADP80XX         C:\Windows\system32\drivers\ADP80XX.SYS
19:58:30.0171 0x1274  ADP80XX - ok
19:58:30.0180 0x1274  [ BCD58DACAA1EAAADC115EDD940478F6D, F31613F583C302F62A00E6766B031531C9E193CAED563689B178BA257715B992 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
19:58:30.0197 0x1274  AeLookupSvc - ok
19:58:30.0209 0x1274  [ A460C3AF3755A2A79A3C8EFE72E147B5, 62CEA85DA53D86D3E7B5D79F94095C6126FFF3DEE1427BBF3DEF5EA366B4513B ] AFD             C:\Windows\system32\drivers\afd.sys
19:58:30.0232 0x1274  AFD - ok
19:58:30.0237 0x1274  [ 7DFAEBA9AD62D20102B576D5CAC45EC8, 9FA5207335303D1E8E9A3C9E1FB82C09AD21B04382F69D777A67E48EE91D2093 ] agp440          C:\Windows\system32\drivers\agp440.sys
19:58:30.0246 0x1274  agp440 - ok
19:58:30.0250 0x1274  [ FE14D249D39368CA62D8DA6BC94AC694, E1036E22BFBD3750FD2D3DA6AB939B2DD54E824F4BD3E6539EF0E45AB5453DD1 ] ahcache         C:\Windows\system32\DRIVERS\ahcache.sys
19:58:30.0261 0x1274  ahcache - ok
19:58:30.0266 0x1274  [ 14A45BE6F5678339F0EC5752D9849410, DD0F60E96FAC68FBD5B86382E541408C613BD0F871D0E0A1EF9AB6E7B26E545C ] ALG             C:\Windows\System32\alg.exe
19:58:30.0277 0x1274  ALG - ok
19:58:30.0285 0x1274  [ 6CF81DD5083D7F94A7E76E50429A949C, 19240502A6406924F889D1AFA975B975A300776D8B2D0557181DF13649622E2B ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
19:58:30.0307 0x1274  AMD External Events Utility - ok
19:58:30.0313 0x1274  [ 7589DE749DB6F71A68489DCE04158729, 5F35EDD50737985595C9D6703237CA2ADE49AA5443331020899698EB5114A0FB ] AmdK8           C:\Windows\System32\drivers\amdk8.sys
19:58:30.0325 0x1274  AmdK8 - ok
19:58:30.0545 0x1274  [ 71F8D8B977ACC5973FA042BF906E709F, 8106C5F5C8E40344CCCDB912845786DF287BDF068D7A6EF9D26B00FA1754C1BC ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
19:58:30.0810 0x1274  amdkmdag - ok
19:58:30.0833 0x1274  [ 4AA027F91A8093B1CDF453B5394F6715, E6D15E959637C102A34F73F66BFDC38436575A2FEFFC3976ACF399A472F126A5 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
19:58:30.0858 0x1274  amdkmdap - ok
19:58:30.0864 0x1274  [ B46D2D89AFF8A9490FA8C98C7A5616E3, BE0765B5423B690E0F097FECD9717FAA95BFDFFDC6CF1B93DE5A19A1B7797879 ] AmdPPM          C:\Windows\System32\drivers\amdppm.sys
19:58:30.0877 0x1274  AmdPPM - ok
19:58:30.0881 0x1274  [ D2BF2F94A47D332814910FD47C6BBCD2, FE273D77D119D958676E1197D9EA7B008E3B05C6192B1962A81D4223ED204C35 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
19:58:30.0890 0x1274  amdsata - ok
19:58:30.0898 0x1274  [ A8E04943C7BBA7219AA50400272C3C6E, 794C0BD12DF0392654E9A37AE4A24B5BE2D83F1F24F74DD48A1A0BF3AB8B1FF8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
19:58:30.0912 0x1274  amdsbs - ok
19:58:30.0916 0x1274  [ CEA5F4F27CFC08E3A44D576811B35F50, 89DF64B81BD109BAABAE93A4603C1617241219F38DDAF325EFE6BD35FF6FD717 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
19:58:30.0924 0x1274  amdxata - ok
19:58:30.0929 0x1274  [ 415DD71628795197F7AFC176CBADC74E, 5F0359053A6CD6EE239139E0E6F46E1FA9A73F017C0CE9B7BC052216B2C846EC ] AppID           C:\Windows\system32\drivers\appid.sys
19:58:30.0941 0x1274  AppID - ok
19:58:30.0945 0x1274  [ 88358135810B9DFD830A9D3A8C3D149A, DF914DA3828EE2310895D156342E3B3DF5E8C6F6F9B851C359E82A1F48180D4B ] AppIDSvc        C:\Windows\System32\appidsvc.dll
19:58:30.0954 0x1274  AppIDSvc - ok
19:58:30.0959 0x1274  [ 734622FBA766DBD65B1803549B24A04A, 3B6872B87A60D4DA265D3B8AB0561A929CFE2C097419183E93D3843422363C89 ] Appinfo         C:\Windows\System32\appinfo.dll
19:58:30.0972 0x1274  Appinfo - ok
19:58:30.0985 0x1274  [ 35E28923A23ADABAA5A1B43256D0AB58, A5F3AF8BBEE58B2165BAFACC5FF8B167B55B020998D3D1565C2229ED8753B269 ] AppReadiness    C:\Windows\system32\AppReadiness.dll
19:58:31.0008 0x1274  AppReadiness - ok
19:58:31.0034 0x1274  [ E0F846ADE7DED88981D0908DE56FF160, D8F536438091878724A5004849306ADFB96A2778A9D958ED3DCC0CD9E35160BB ] AppXSvc         C:\Windows\system32\appxdeploymentserver.dll
19:58:31.0070 0x1274  AppXSvc - ok
19:58:31.0076 0x1274  [ 65045784366F7EC5FB4E71BCF923187B, 53C215C64FF12E44B097F7CB88E8482438CE0ACBD3C68D8FD38BA0D0D8747FAA ] arcsas          C:\Windows\system32\drivers\arcsas.sys
19:58:31.0086 0x1274  arcsas - ok
19:58:31.0089 0x1274  [ 74B14192CF79A72F7536B27CB8814FBD, 0CF6BBB63FFE0C12777664D80B2797923844C8392D0FD81D7962EE5EE2C3C3D9 ] atapi           C:\Windows\system32\drivers\atapi.sys
19:58:31.0097 0x1274  atapi - ok
19:58:31.0162 0x1274  [ 2C7676F892E88FD190F08D98048C7C6C, 44C13C103F61DA4D1A3823D37344F8C9465A611A9560808CE928925FB69604F7 ] athr            C:\Windows\system32\DRIVERS\athw8x.sys
19:58:31.0249 0x1274  athr - ok
19:58:31.0260 0x1274  [ 431FE56F5A2F5937994CB2DA330B47DB, E5AED551529A21494114959251FDF566802DD6D9B9D86A937A0EECE53338CAC7 ] AudioEndpointBuilder C:\Windows\System32\AudioEndpointBuilder.dll
19:58:31.0275 0x1274  AudioEndpointBuilder - ok
19:58:31.0293 0x1274  [ 0F03CC00645D7F841879A048787D6AC7, 3ECD2486157469F2EDB63D4868338D1445F2909153DF0AFFE432083730EEE3F5 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
19:58:31.0321 0x1274  Audiosrv - ok
19:58:31.0326 0x1274  [ 3C6ED74AF41DD1A5585CE5EF3D00915F, A742F576407776634E5A8E49C60023FFDF395DE0B2DE36662A23F85B79405ED2 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
19:58:31.0337 0x1274  AxInstSV - ok
19:58:31.0349 0x1274  [ A4A73F631FE2AA2826FBE4A399B04DEF, 973AACE8DC8DA669D0DF20F17EFDEEABB90AA046AC980948D16A62D39A606A79 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
19:58:31.0369 0x1274  b06bdrv - ok
19:58:31.0374 0x1274  [ 8CC7F7E4AFCBA605921B137ED7992C68, 71406E6D6E9964740A6D90B05329D5492BB90AF40E0630CF2FBF4BA4BA14F2DD ] BasicDisplay    C:\Windows\System32\drivers\BasicDisplay.sys
19:58:31.0385 0x1274  BasicDisplay - ok
19:58:31.0389 0x1274  [ 38A82F4EE8C416A6744B6D30381ED768, 9EAAE5F43BA09359130AC04B1DCA0F5D4DF32ED89C02DC5CEB640918948847F7 ] BasicRender     C:\Windows\System32\drivers\BasicRender.sys
19:58:31.0399 0x1274  BasicRender - ok
19:58:31.0404 0x1274  [ C1ABB0F7E3BEA48A0417BDF6FF14AB21, 1CAC63A1A0FB9855A27EE977794576A860F6650C9EF7667FFB27F2A2FF721857 ] bcmfn2          C:\Windows\System32\drivers\bcmfn2.sys
19:58:31.0410 0x1274  bcmfn2 - ok
19:58:31.0419 0x1274  [ 174394F4EF93C117BF7BE3878046A1B1, D58E868342D1DAFC4B04384A3713F729DF07F408AA6AE4762E6A4244F976526A ] BDESVC          C:\Windows\System32\bdesvc.dll
19:58:31.0437 0x1274  BDESVC - ok
19:58:31.0440 0x1274  [ EC19013E4CF87609534165DF897274D6, 8ED45537CF2D58D759A587CCBFDADD5580C7447B0C3B172CF19ECC7585E073FC ] Beep            C:\Windows\system32\drivers\Beep.sys
19:58:31.0450 0x1274  Beep - ok
19:58:31.0467 0x1274  [ 5059D93764340D4EAEDF49C47133118F, 26C5779469E04BEAFD290B619CA355648F3911C66D41B22D2C3DCA909FCA0F6E ] BFE             C:\Windows\System32\bfe.dll
19:58:31.0495 0x1274  BFE - ok
19:58:31.0514 0x1274  [ 48554994279BFE17A3D2B00076D0CB1A, 6521B1EC0BC6B01F63976370D89FE7DC2E7404899F68B6FAC37A9173B9C5D489 ] BITS            C:\Windows\System32\qmgr.dll
19:58:31.0550 0x1274  BITS - ok
19:58:31.0556 0x1274  [ 6B4FFFDDC618FCF64473CAA86E305697, 29EA66071D5822920F5C50533673ADAB5204F8B25C11027AD27450D881F1142D ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
19:58:31.0567 0x1274  bowser - ok
19:58:31.0575 0x1274  [ FA601515FF2B59F25FDD8EDB1D2A1104, 21DFB53241F8E880F7546B9ADF38F47D6AD0782EC7F8F0284ED69DE7CEF7DCB9 ] BrokerInfrastructure C:\Windows\System32\bisrv.dll
19:58:31.0590 0x1274  BrokerInfrastructure - ok
19:58:31.0595 0x1274  [ BC111AADACD0BF59D56547461D13AB6E, 91E3619930C29EE4B2683683888BA7EE3CF6B1DDB0C19A14E0880470CBE40EF4 ] Browser         C:\Windows\System32\browser.dll
19:58:31.0607 0x1274  Browser - ok
19:58:31.0620 0x1274  [ 25B35FDD5FE5666DC49CCC0BC6A9AD81, 0F6A9783EF72AF53F20B19E51FE40A17F72FB9CC037670ADB77970AF9CA7E376 ] BtFilter        C:\Windows\system32\DRIVERS\btfilter.sys
19:58:31.0642 0x1274  BtFilter - ok
19:58:31.0646 0x1274  [ A8F23D453A424FF4DE04989C4727ECC7, AE4A9081395C7379F1C947EF8243F7609F90C843E086B8E77E1A2C06E36D4381 ] BthAvrcpTg      C:\Windows\System32\drivers\BthAvrcpTg.sys
19:58:31.0655 0x1274  BthAvrcpTg - ok
19:58:31.0659 0x1274  [ 12418846B057E4F92FC621F5C6CF737D, 0B8B0EADE4F2AD95D450A5C71C287C0F04F33897ABF27D3E3B6428A3C99C7B5D ] BthEnum         C:\Windows\System32\drivers\BthEnum.sys
19:58:31.0670 0x1274  BthEnum - ok
19:58:31.0674 0x1274  [ 272A62B660A48AEF366F8A1836CED19F, 78EFAC6B1B2313482329BBFFBF0DDA6462BD88E5BE3C817C5E8E0EAF3074C925 ] BthHFEnum       C:\Windows\System32\drivers\bthhfenum.sys
19:58:31.0683 0x1274  BthHFEnum - ok
19:58:31.0687 0x1274  [ 71FE2A48E4C93DDB9798C024880B6C07, 8E93DE29C61A5FA64216231228CB3C4A1A693FE87CAA2C070BCAD7BE2D8ED000 ] bthhfhid        C:\Windows\System32\drivers\BthHFHid.sys
19:58:31.0697 0x1274  bthhfhid - ok
19:58:31.0707 0x1274  [ 9307A4B743D277C499CDA8E19E5687AC, 7A01989EC3D54581F292BDEDC9B9445F2ABD50165102617E3089BDD061C63A19 ] BthHFSrv        C:\Windows\System32\BthHFSrv.dll
19:58:31.0725 0x1274  BthHFSrv - ok
19:58:31.0733 0x1274  [ D30C67473A2E229662D21F27EAA9AAA5, D009C4836B0DFE963D8E3DEEDE611068838F2BBCAB146E6D70692FAB838E11F1 ] BthLEEnum       C:\Windows\system32\DRIVERS\BthLEEnum.sys
19:58:31.0748 0x1274  BthLEEnum - ok
19:58:31.0752 0x1274  [ EF4B9E7C9AD88C00C18A12B0D22D1894, 672537E75201E690D86CD65252B8AEF887C76EBD37AB0C419462D69164B350CC ] BTHMODEM        C:\Windows\System32\drivers\bthmodem.sys
19:58:31.0762 0x1274  BTHMODEM - ok
19:58:31.0768 0x1274  [ FEA8FC81431AD93F44D5FBFBBF096AA7, C0581DF6B2AD24836604B083F4866F93A3F4D9091D382029948A5E6221EDF788 ] BthPan          C:\Windows\System32\drivers\bthpan.sys
19:58:31.0780 0x1274  BthPan - ok
19:58:31.0809 0x1274  [ B810B2B39CCA90DC6BF42AF1658AE0D1, D184F927BCFBDE7063A0C9873BF2C174226E1AB5081A7108FCC66210CD117465 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
19:58:31.0845 0x1274  BTHPORT - ok
19:58:31.0850 0x1274  [ 043A0F37631BF453F16D478B71320F46, C368296B802984F438852927B8A40EA3F4205724A05828F3173F08EC17228356 ] bthserv         C:\Windows\system32\bthserv.dll
19:58:31.0861 0x1274  bthserv - ok
19:58:31.0866 0x1274  [ 52A1B7ECAB4C9EF70FD41241691E09D3, F7A5BFE72D3151E73DD9922A76964C08AC1FDCB8460D9A17DCF8B7969006AD42 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
19:58:31.0876 0x1274  BTHUSB - ok
19:58:31.0880 0x1274  [ 2FA6510E33F7DEFEC03658B74101A9B9, 61C8C8E3F09B427711464C974EE22E1E01C48E10DB54A4EC9901F482FC36C978 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
19:58:31.0893 0x1274  cdfs - ok
19:58:31.0900 0x1274  [ C6796EA22B513E3457514D92DCDB1A3D, 2B893F3950C6B913B934C2089B69F3B0B77F229AE1820907E598455CBB78139C ] cdrom           C:\Windows\System32\drivers\cdrom.sys
19:58:31.0912 0x1274  cdrom - ok
19:58:31.0918 0x1274  [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] CertPropSvc     C:\Windows\System32\certprop.dll
19:58:31.0932 0x1274  CertPropSvc - ok
19:58:31.0936 0x1274  [ BE9936EDD3267FAAFF94A7835867F00B, 3CEEF2377D45ED38C7CD3CE4C746EC5EA7277EFEC728A5438F0EF5F62FC7C859 ] circlass        C:\Windows\System32\drivers\circlass.sys
19:58:31.0946 0x1274  circlass - ok
19:58:31.0955 0x1274  [ 8EB7E70C2D348FE2476A2E3F2D585E3D, 2B5D407FACF1D049261026CC552A7C93B028A661B0F4E959815EAE7670054127 ] CLFS            C:\Windows\system32\drivers\CLFS.sys
19:58:31.0971 0x1274  CLFS - ok
19:58:32.0039 0x1274  [ 73B28D91BF0F1E9C9130BDADC43C82B2, D64B52FA6F1FF7805D1814A2031899054D91034DD549EE13891D36190E9B86BC ] ClickToRunSvc   C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
19:58:32.0106 0x1274  ClickToRunSvc - ok
19:58:32.0115 0x1274  [ EF6EF85DADC3184A10D8F2F7159973CB, 42FCB286CED95A5DEBC5C0C894FCBC4818A2C818BB71087142FB51A08A0BE96B ] CmBatt          C:\Windows\System32\drivers\CmBatt.sys
19:58:32.0124 0x1274  CmBatt - ok
19:58:32.0137 0x1274  [ 5CBF8B3E27D824D2AA2A34AFB406F1D0, 955AF1307C02D2B4DEEB150F37F77B8631C0F3C450037C233E9E27D6571B0265 ] CNG             C:\Windows\system32\Drivers\cng.sys
19:58:32.0158 0x1274  CNG - ok
19:58:32.0163 0x1274  [ 03AAED827C36F35D70900558B8274905, 8E44A23C6013FFAE7769F99CAA3B1D6288DE00A38937F9056903AC265B503AFA ] CompositeBus    C:\Windows\System32\drivers\CompositeBus.sys
19:58:32.0172 0x1274  CompositeBus - ok
19:58:32.0174 0x1274  COMSysApp - ok
19:58:32.0178 0x1274  [ A1FF7DFBFBE164CF92603C651D304DD2, 470ACE5A75E64FC62C950037201199857E974803625DC73BEDBCF6FA4DDD496C ] condrv          C:\Windows\system32\drivers\condrv.sys
19:58:32.0189 0x1274  condrv - ok
19:58:32.0195 0x1274  [ 6324F0D18FB52833BA64BC828E29054C, 04118FA1BDFC512F76E4A81FEF34C78B6BD98429DB1D65123B6802B4A1E30584 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
19:58:32.0209 0x1274  CryptSvc - ok
19:58:32.0213 0x1274  [ 389C998C64319CD97625B0550E52ECFA, DD0EDDD9C8412F78D2D2B648D67DA887C3040E05DF29F48F71299CB68FDDD0F8 ] dam             C:\Windows\system32\drivers\dam.sys
19:58:32.0222 0x1274  dam - ok
19:58:32.0240 0x1274  [ 7830CEA509693DE0817DF2F3F2D80E89, 7B1786CD225E2D6BCFA484D0BFB81DD162D5713EAEC80C53317CC6950E3D17F3 ] DcomLaunch      C:\Windows\system32\rpcss.dll
19:58:32.0268 0x1274  DcomLaunch - ok
19:58:32.0280 0x1274  [ 95E1ABFB27F8A62ED764805775F0D2F3, 692865DA60C93481E01592883678B2C51FD9AC9A835DFB00A8E3F2DFEE7AB0ED ] defragsvc       C:\Windows\System32\defragsvc.dll
19:58:32.0300 0x1274  defragsvc - ok
19:58:32.0311 0x1274  [ FF086DEF5995558CCB1B5AAC2110195D, CED52FF01F9247BFDAFC5C7EFC538F8638146ED715574A422496EE0F846CB079 ] DeviceAssociationService C:\Windows\system32\das.dll
19:58:32.0331 0x1274  DeviceAssociationService - ok
19:58:32.0336 0x1274  [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] DeviceInstall   C:\Windows\system32\umpnpmgr.dll
19:58:32.0349 0x1274  DeviceInstall - ok
19:58:32.0354 0x1274  [ 5408A71E47FF21E357192FD4126B3002, D9EDDE26EFB7B3EBD8F21F5730A49D594D916A95E0D09ABBA7B6E7C59052A712 ] Dfsc            C:\Windows\system32\Drivers\dfsc.sys
19:58:32.0368 0x1274  Dfsc - ok
19:58:32.0378 0x1274  [ 3EEAADA3125431980E5804ED7143458A, 381E12C83E3211C255B321D35536F4049D67E31061F8D82155E4D4509E97F43D ] Dhcp            C:\Windows\system32\dhcpcore.dll
19:58:32.0395 0x1274  Dhcp - ok
19:58:32.0428 0x1274  [ 21EDAD8188372C912B7BB9B1C6CB0D38, 4A102745DE8A2A82D2C069B30503BF9FF2312A035A82854F84EF9C27E3533CEE ] DiagTrack       C:\Windows\system32\diagtrack.dll
19:58:32.0470 0x1274  DiagTrack - ok
19:58:32.0476 0x1274  [ 8B1E62881D5AC68E673CD94B136B34AC, A0C50F17041E43AC07B67A74F2C408820316201439F47CDEA37A4F5891CC0E6F ] disk            C:\Windows\system32\drivers\disk.sys
19:58:32.0487 0x1274  disk - ok
19:58:32.0490 0x1274  [ EB70A894708D1BC176AFD690FF06085F, 0DD2A97F5E1B38D1F7C0D44E50F09EA222B18B3B074CC9C8CD25A7526CB1A112 ] dmvsc           C:\Windows\System32\drivers\dmvsc.sys
19:58:32.0501 0x1274  dmvsc - ok
19:58:32.0508 0x1274  [ 561CBB163EB3C8221D9B1D7D1E5CA477, 4D235E73CC127769A257B31A92180552276EC8DDD991F1106815FADEF385E72D ] Dnscache        C:\Windows\System32\dnsrslvr.dll
19:58:32.0524 0x1274  Dnscache - ok
19:58:32.0531 0x1274  [ 811EACBCC7C51A03AE11F13CC27B2AB6, FAB94F84950FFB7D3649BAFB8D96D43B880D7FDE8D5B879472AE26C4BC4203B0 ] dot3svc         C:\Windows\System32\dot3svc.dll
19:58:32.0547 0x1274  dot3svc - ok
19:58:32.0553 0x1274  [ B99CB575986789A93A683DCF292A43A1, 6ACEA31C723B74003E106FC8303542FCC6DBC4952B6B523F6590D006BE57238D ] DPS             C:\Windows\system32\dps.dll
19:58:32.0567 0x1274  DPS - ok
19:58:32.0570 0x1274  [ 00C594D5A1DBD22AD8B2902B9F6EFF94, 2920D62B5F7C49A8AFA80FCAD1E834BBAA670AEBDD7E6F21F0496D1D3CCB4E90 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
19:58:32.0577 0x1274  drmkaud - ok
19:58:32.0584 0x1274  [ 263625A4F616538EB867B6306A6590DB, 2A064720C247EAA3446EFDCC9E01D84CBA875905D78DFED0FBD62D1EE422D416 ] DsmSvc          C:\Windows\System32\DeviceSetupManager.dll
19:58:32.0597 0x1274  DsmSvc - ok
19:58:32.0625 0x1274  [ F74B839FA0F4E6060CA1DA6B8DA17941, EF493E1F55FCD6A8C32B3D5D5809B7EFCCC9829E9A347522D1E6FE080D41BF37 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
19:58:32.0668 0x1274  DXGKrnl - ok
19:58:32.0675 0x1274  [ E253530BD5EDE28F1FF6AF93C4D8034D, 787A70C3E946348F066FB8EB81FCE60157217D93FD78ADC631B5835E8D76A253 ] Eaphost         C:\Windows\System32\eapsvc.dll
19:58:32.0687 0x1274  Eaphost - ok
19:58:32.0745 0x1274  [ 114BCFDF367FF37C3F1B0A96AF542E4D, D385BC1D91BC1406091C8C3691C07A90BD60EDE05B1384E5AA3506FCB909C857 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
19:58:32.0828 0x1274  ebdrv - ok
19:58:32.0835 0x1274  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] EFS             C:\Windows\System32\lsass.exe
19:58:32.0844 0x1274  EFS - ok
19:58:32.0849 0x1274  [ 43531A5993380CC5113242C29D265FD9, EE0076D96F7F3CF29884AC7A67C08A429115A7201354A1FB5DE45FD63ABB4960 ] EhStorClass     C:\Windows\system32\drivers\EhStorClass.sys
19:58:32.0857 0x1274  EhStorClass - ok
19:58:32.0863 0x1274  [ 6F8E738A9505A388B1157FDDE7B3101B, 3696CA634102B41EEA11EB9DCA0B24439D8636AED4A7190C138C5E64A2EFB514 ] EhStorTcgDrv    C:\Windows\system32\drivers\EhStorTcgDrv.sys
19:58:32.0873 0x1274  EhStorTcgDrv - ok
19:58:32.0877 0x1274  [ F25A2EBFEB9814C048DAC62D0CB8C83B, 5DBF0A98F72DF44B4BD5101C884CE0A6FE9BC00F8CD83765CED885CBC5296D44 ] epp             C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\epp.sys
19:58:32.0886 0x1274  epp - ok
19:58:32.0890 0x1274  [ DFFFAE1442BA4076E18EED5E406FA0D3, 329FC6FB8D14BEACDBE2A5D4C496EDEA485E838B1DF27566E278F8F8E0D8E82E ] ErrDev          C:\Windows\System32\drivers\errdev.sys
19:58:32.0898 0x1274  ErrDev - ok
19:58:32.0903 0x1274  [ 32710ECBE3C17C6F769BAC88CD1756FF, BB9B269F0322FFBFAC459EC15BA9410A5FF5CDCBD38F67F8482720ACB1799C2B ] ESProtectionDriver C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys
19:58:32.0912 0x1274  ESProtectionDriver - ok
19:58:32.0926 0x1274  [ F00C593994D57C75273F820653440536, 2DC986D9890EC907405FB2045E6F55ACC384169B45F0B56CCB1A953CF71D9A5D ] EventSystem     C:\Windows\system32\es.dll
19:58:32.0947 0x1274  EventSystem - ok
19:58:32.0953 0x1274  [ 7729D294A555C7AEB281ED8E4D0E01E4, 7269E79D72CCE477AC108294D0DDFB59CF533B03C587599C5AB0507C43A0B6D4 ] exfat           C:\Windows\system32\drivers\exfat.sys
19:58:32.0973 0x1274  exfat - ok
19:58:32.0980 0x1274  [ 7C4E0D5900B2A1D11EDD626D6DDB937B, 732F310F8F6016C56F432A81636B13CE0124A802FE8DD91287B618EED22C9A1D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
19:58:32.0992 0x1274  fastfat - ok
19:58:33.0006 0x1274  [ 304B6AEC4639A7CCCCF544C6BA6177B2, B75CDD52FD3890B3008E06C503945D1E36478F0EC5E067C8DBC2822D7935D24B ] Fax             C:\Windows\system32\fxssvc.exe
19:58:33.0029 0x1274  Fax - ok
19:58:33.0033 0x1274  [ 5D8402613E778B3BD45E687A8372710B, EE9EA10805168D309A609B9019AEC5961EE46D18207B5E0EA2DE4064A5770AF8 ] fdc             C:\Windows\System32\drivers\fdc.sys
19:58:33.0042 0x1274  fdc - ok
19:58:33.0045 0x1274  [ 020D2F29009F893ADEFF4405B4B44565, 9F8501064C72933D1442DA00E70392B30D0207EB7D60F50E6648FF363799E6F1 ] fdPHost         C:\Windows\system32\fdPHost.dll
19:58:33.0055 0x1274  fdPHost - ok
19:58:33.0059 0x1274  [ E80D2EDD2F88B6E20076A0A4F5A5A245, E3CD6E0BE152B22E8A7340EFFD10CCDB1B632CD3EDF487E83F697D2E22A7D594 ] FDResPub        C:\Windows\system32\fdrespub.dll
19:58:33.0069 0x1274  FDResPub - ok
19:58:33.0074 0x1274  [ 47AB7D16EDE434B934AA4D661456C2D5, D375A92FB3E4BB0A8DA5270DACC888E53FB9F514516039FE6DAE4D4EF6B9A970 ] fhsvc           C:\Windows\system32\fhsvc.dll
19:58:33.0086 0x1274  fhsvc - ok
19:58:33.0090 0x1274  [ BCFD8B149B3ADF92D0DB1E909CAF0265, 002B085C131473642450176B4B8359F3E5B04350AFB659B9C0F9EB587D1181E7 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
19:58:33.0099 0x1274  FileInfo - ok
19:58:33.0102 0x1274  [ A1A66C4FDAFD6B0289523232AFB7D8AF, 0F5832F626BB62190D5F3A088CE6E048D8A400CCF9EA527F06973CAD96D3A81C ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
19:58:33.0116 0x1274  Filetrace - ok
19:58:33.0120 0x1274  [ BE743083CF7063C486A4398E3AEFE59A, 85796D89943DD6FE3932C1ED6CF01470C1B4DFD243C390B07055FFDA3C231551 ] flpydisk        C:\Windows\System32\drivers\flpydisk.sys
19:58:33.0129 0x1274  flpydisk - ok
19:58:33.0138 0x1274  [ C1FB505A73FA2E9019D32444AB33B75A, 765F0635C18295855CA4C0394192E8B94BA2EA1C4D74F86B720358ABA019FFAA ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
19:58:33.0153 0x1274  FltMgr - ok
19:58:33.0179 0x1274  [ 2F225BC85B84C04EA01BAB8D8DACFA83, 1F6E20C8F0FFD3FA60BDF556FB8392FE014E6519C3F314D1D22D394DB2A040CA ] FontCache       C:\Windows\system32\FntCache.dll
19:58:33.0216 0x1274  FontCache - ok
19:58:33.0221 0x1274  [ A7C31B168F371E8E6796219F23E354DB, C51C9BF568F1E96CBBE57D2432B38F93F40520086DDB6AAAAC48CBCD1691B441 ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
19:58:33.0229 0x1274  FsDepends - ok
19:58:33.0232 0x1274  [ 09F460AFEDCA03F3BF6E07D1CCC9AC42, B832091BC9B2C2FE38A4BCA132ABB58251E851F21EC6F39636E73777AB9A5791 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
19:58:33.0240 0x1274  Fs_Rec - ok
19:58:33.0252 0x1274  [ D4AB6EE3D715BC44C00277FD934FAACF, DE8A8B14D7BA73BA1B5A833DE193CA65EDFE512A57D84F4F2CE19D9646D97F4E ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
19:58:33.0273 0x1274  fvevol - ok
19:58:33.0277 0x1274  [ 9591D0B9351ED489EAFD9D1CE52A8015, AC64C236C3AE545FCE8ED44A4A87FB86265A453BA60026EC9A4DE2B631E99996 ] FxPPM           C:\Windows\System32\drivers\fxppm.sys
19:58:33.0286 0x1274  FxPPM - ok
19:58:33.0290 0x1274  [ FC3EF65EE20D39F8749C2218DBA681CA, 12980F1DE99B25E6920A33556F3ABDA5EC9BFE4757BE602130B5E939D8D25CE3 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
19:58:33.0299 0x1274  gagp30kx - ok
19:58:33.0302 0x1274  [ 0BF5CAD281E25F1418E5B8875DC5ADD1, 0929AD8437DD78234553D8B2CDF0D6838FD54ACDE1918AFEBE48684EB32A07A3 ] gencounter      C:\Windows\System32\drivers\vmgencounter.sys
19:58:33.0312 0x1274  gencounter - ok
19:58:33.0318 0x1274  [ 8DF1254093B5C354CE725EB6B9B0DE19, DE6C5661CC076DA44B8A5D044FDB7280EDCF38D322A98C14FDC82E25586B3014 ] GPIOClx0101     C:\Windows\system32\Drivers\msgpioclx.sys
19:58:33.0329 0x1274  GPIOClx0101 - ok
19:58:33.0354 0x1274  [ 9678FD4747A4F2E2318245EE6099482E, C76AE30E8BA77DC330F9CFE5ECEA58FAE0995396742923B564A2257DE24D7B32 ] gpsvc           C:\Windows\System32\gpsvc.dll
19:58:33.0393 0x1274  gpsvc - ok
19:58:33.0400 0x1274  [ 750446ED76A5D13E902174DDDDA1A62B, F67355A6659E21D8D97E6982B28F22453F8C298E822E27FADDB440DA4A6DE7C0 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:58:33.0409 0x1274  gupdate - ok
19:58:33.0414 0x1274  [ 750446ED76A5D13E902174DDDDA1A62B, F67355A6659E21D8D97E6982B28F22453F8C298E822E27FADDB440DA4A6DE7C0 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:58:33.0422 0x1274  gupdatem - ok
19:58:33.0434 0x1274  [ 56F69F7C25FB67C970997D7066DBC593, 83E03A82237DCC5BCB3E722ACECACEF3510CAA619F33E0D7C4D902A482E90418 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:58:33.0452 0x1274  HdAudAddService - ok
19:58:33.0457 0x1274  [ D4B7ED39C7900384D9E5C1283F1E7926, F93F98858067B40F1C071EAD0F8E85442A78B95342BC692AF4D726540634923F ] HDAudBus        C:\Windows\System32\drivers\HDAudBus.sys
19:58:33.0469 0x1274  HDAudBus - ok
19:58:33.0472 0x1274  [ 10A70BC1871CD955D85CD88372724906, 2480A74854D0A89FF028EE9BA41224D4B2F9B0863066BFC43097920794FEE08D ] HidBatt         C:\Windows\System32\drivers\HidBatt.sys
19:58:33.0481 0x1274  HidBatt - ok
19:58:33.0487 0x1274  [ 42F88B57CAE42FC10059C887B3FCFCEA, 9363AA2B8E839A6935A7C6A36C491938DF78024886DCCE6D29CB18E1D6A6D806 ] HidBth          C:\Windows\System32\drivers\hidbth.sys
19:58:33.0499 0x1274  HidBth - ok
19:58:33.0503 0x1274  [ C241A8BAFBBFC90176EA0F5240EACC17, 571E20B87818618BE9179986177D55739A240F04D1F740B3C1B7809B9427B767 ] hidi2c          C:\Windows\System32\drivers\hidi2c.sys
19:58:33.0513 0x1274  hidi2c - ok
19:58:33.0516 0x1274  [ 9BDDEE26255421017E161CCB9D5EDA95, B766FD5E31708F29384F69418FC33C4BCC6E3064AA553D5B1D30EE0B8B1BFB40 ] HidIr           C:\Windows\System32\drivers\hidir.sys
19:58:33.0526 0x1274  HidIr - ok
19:58:33.0530 0x1274  [ EA85B5093DF7B5C3E80362B053740AE2, 1D4251385402A2ADEE8FA1642F54180304F88337DA74989BDE44025ABB145FE5 ] hidserv         C:\Windows\system32\hidserv.dll
19:58:33.0540 0x1274  hidserv - ok
19:58:33.0544 0x1274  [ 49676FEC898AB2A11B157F848269A56E, 011E6DDEF9570212520F92FEFD205E1F8104F198B57C40D11BE857FCBCC5F68D ] HidUsb          C:\Windows\System32\drivers\hidusb.sys
19:58:33.0555 0x1274  HidUsb - ok
19:58:33.0559 0x1274  [ 93C4315F47F8D635C6DB0DF49FCE10EE, 70C52B8927D54ACD23F27948780B522974250FD5CD81AA9801C3F158C402889F ] hkmsvc          C:\Windows\system32\kmsvc.dll
19:58:33.0571 0x1274  hkmsvc - ok
19:58:33.0579 0x1274  [ AC49522ED106BD4B545D6614D71C2445, 40BD738A301170378ECFC031635EB04E2F812B676376CADDD6607ECABEC9255F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:58:33.0594 0x1274  HomeGroupListener - ok
19:58:33.0605 0x1274  [ 99932E30CE0283B73BB6E5019E150394, 1F88C2F56A7B8E1F75E6359281F418F9661DA4FB7B7D7B14FA7F718B15D4DCE0 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:58:33.0622 0x1274  HomeGroupProvider - ok
19:58:33.0626 0x1274  [ A6AACEA4C785789BDA5912AD1FEDA80D, D197012A5DA6AB3F76FF298336DF0CF027C07ECC71267BAEF5912DE12893E096 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
19:58:33.0635 0x1274  HpSAMD - ok
19:58:33.0654 0x1274  [ E87A6D3B8FECD5B93BC0CFBB48C27970, 55C49B6F3822450447C082B40A263F3370694DB53AD0018ADEB911E4A9F65A88 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
19:58:33.0685 0x1274  HTTP - ok
19:58:33.0689 0x1274  [ 90656C0B3864804B090434EFC582404F, BDB60050B729AACB9E009AC7129BEBD6298BBD8A9DB14B817D02E8E13669BD6E ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
19:58:33.0697 0x1274  hwpolicy - ok
19:58:33.0699 0x1274  [ 6D6F9E3BF0484967E52F7E846BFF1CA1, C982966BDE6A3E6773D9441ADA7A3B08D13511DFC68D04DF303248B942423F38 ] hyperkbd        C:\Windows\System32\drivers\hyperkbd.sys
19:58:33.0708 0x1274  hyperkbd - ok
19:58:33.0711 0x1274  [ 907C870F8C31F8DDD6F090857B46AB25, 308664A31717383D06185875E76C6612407A9F04E7DB28404F574A5706C6715D ] HyperVideo      C:\Windows\system32\DRIVERS\HyperVideo.sys
19:58:33.0721 0x1274  HyperVideo - ok
19:58:33.0726 0x1274  [ 49EE0AE9E5B64FFBBD06D55C4984B598, 8866627F9241B24A59C81D8BCC67A4DCA87576F589599BA291D0E323F679EB4D ] i8042prt        C:\Windows\System32\drivers\i8042prt.sys
19:58:33.0739 0x1274  i8042prt - ok
19:58:33.0742 0x1274  [ 5D90E32E36CE5D4C535D17CE08AEAF05, 976A463343E8C8308AFBE9E64DF56C430D2241DE002430D00318AB065EB72E4A ] iaLPSSi_GPIO    C:\Windows\System32\drivers\iaLPSSi_GPIO.sys
19:58:33.0748 0x1274  iaLPSSi_GPIO - ok
19:58:33.0753 0x1274  [ DD05E7E80F52ADE9AEB292819920F32C, E71AB6A50B0F90C8F94569CE89F66F915A0A4A00D4AC091B2E5E750D88CFC334 ] iaLPSSi_I2C     C:\Windows\System32\drivers\iaLPSSi_I2C.sys
19:58:33.0760 0x1274  iaLPSSi_I2C - ok
19:58:33.0774 0x1274  [ 08BFE413B0B4AA8DFA4B5684CE06D3DC, 95DEEBB203E12EE6E191F5247A74C04AEC0E16DE981FADDC4D6C42EE41D8D079 ] iaStorAV        C:\Windows\system32\drivers\iaStorAV.sys
19:58:33.0792 0x1274  iaStorAV - ok
19:58:33.0803 0x1274  [ A2200C3033FA4EF249FC096A7A7D02A2, 5819F5C2020DE2EEE339B0C08CD4B1E3490EAFBBEA1277CE649DB5A5150986B0 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
19:58:33.0820 0x1274  iaStorV - ok
19:58:33.0823 0x1274  IEEtwCollectorService - ok
19:58:33.0844 0x1274  [ 5697FD05EC6915A1E7193D658D8D6E05, 0179C3AF29880AA21F609CB471034EA5FA49324ACCE12736866675C037EBEC7A ] IKEEXT          C:\Windows\System32\ikeext.dll
19:58:33.0874 0x1274  IKEEXT - ok
19:58:33.0879 0x1274  [ 4E448FCFFD00E8D657CD9E48D3E47157, 4A958CF0BF8DAEAE5E008500BA67CE89B21388592811274331EE39CAC1043A00 ] intelide        C:\Windows\system32\drivers\intelide.sys
19:58:33.0886 0x1274  intelide - ok
19:58:33.0890 0x1274  [ 7AA01AB1C110916825E6E1389F1B9AF2, E2885955AFA0908E194B1BC364C9582249B2B2AFFF93F17F3414F55B1E5F2C42 ] intelpep        C:\Windows\system32\drivers\intelpep.sys
19:58:33.0898 0x1274  intelpep - ok
19:58:33.0904 0x1274  [ 47E74A8E53C7C24DCE38311E1451C1D9, 79B06E37A552C8A847404D4C572CDB8CF525354D8AE3BEBC06892B7C3B330761 ] intelppm        C:\Windows\System32\drivers\intelppm.sys
19:58:33.0915 0x1274  intelppm - ok
19:58:33.0920 0x1274  [ 9DB76D7F9E4E53EFE5DD8C53DE837514, 07BA4EDA9BE9139A689A2C3EFC1D1A4F3D1216625ED145F313398292A2CD5703 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:58:33.0935 0x1274  IpFilterDriver - ok
19:58:33.0954 0x1274  [ B452623C1DE60544054E784D94A7AA47, 57AECDEE0AB2B80DFFE11E43608988D46E9169288CB56D644DDE2CAFED6AFD40 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
19:58:33.0983 0x1274  iphlpsvc - ok
19:58:33.0988 0x1274  [ C800DCD904016B2BF6AB541083770A3A, 95A8FB9AB2818A4F44AFCBF2715B0B3024DCE38E1406EA639F2A5ECA105D2290 ] IPMIDRV         C:\Windows\System32\drivers\IPMIDrv.sys
19:58:33.0998 0x1274  IPMIDRV - ok
19:58:34.0003 0x1274  [ B7342B3C58E91107F6E946A93D9D4EFD, D5DA3C02C5C5A343785745EF6983CC9B5FBD3FB8D49FE9B450523E50212D1A32 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
19:58:34.0015 0x1274  IPNAT - ok
19:58:34.0018 0x1274  [ AE44C526AB5F8A487D941CEB57B10C97, A783A2EAF7A6FF450FB3F189A5930036FA60D125C42171AC44B6FE2E3DBD6F7A ] IRENUM          C:\Windows\system32\drivers\irenum.sys
19:58:34.0028 0x1274  IRENUM - ok
19:58:34.0032 0x1274  [ 8AFEEA3955AA43616A60F133B1D25F21, E99359A4F1D653790133F145CF7C9F97399FD75C5E135AA7E5F989BB660789AF ] isapnp          C:\Windows\system32\drivers\isapnp.sys
19:58:34.0039 0x1274  isapnp - ok
19:58:34.0049 0x1274  [ D90AB68D0FAC9F357F663670FDBB511E, A82AAA5DF1B38EFBDCF834535A0C520D1BB2D7A4A906C18CFDD22BCF16BDB97D ] iScsiPrt        C:\Windows\System32\drivers\msiscsi.sys
19:58:34.0064 0x1274  iScsiPrt - ok
19:58:34.0067 0x1274  [ 5917AFE4A3F695A54B99C1849C8207FE, DD57638966F2F0387DCF9DA4BBAEE3CDD8CC6F1A2D49581A0374D46A565BED4F ] kbdclass        C:\Windows\System32\drivers\kbdclass.sys
19:58:34.0076 0x1274  kbdclass - ok
19:58:34.0079 0x1274  [ 8CD840A062F6BDF41DDE3ACB96164B72, AEAE867F3557C1CE6B931E19D7144A3BD3CBABD81B1542667680D54FC24DEBE1 ] kbdhid          C:\Windows\System32\drivers\kbdhid.sys
19:58:34.0088 0x1274  kbdhid - ok
19:58:34.0092 0x1274  [ 813871C7D402A05F2E3A7075F9584A05, FF0C2F87EB083F8CE74C679D80C845CDFBFBBC70BE818F899F3336BBB54A3FFB ] kdnic           C:\Windows\system32\DRIVERS\kdnic.sys
19:58:34.0101 0x1274  kdnic - ok
19:58:34.0105 0x1274  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] KeyIso          C:\Windows\system32\lsass.exe
19:58:34.0114 0x1274  KeyIso - ok
19:58:34.0119 0x1274  [ 304DA394D958BC3B62AF6DF514005B01, 8D17777C82F034E800181E82D30FCED800CBC46CD659AE2E0D972CA1381BD4C2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
19:58:34.0128 0x1274  KSecDD - ok
19:58:34.0135 0x1274  [ 3D4AE520CD6F6FFE549DD195C1F515BE, 2AD3E07F504CE50956C391FD4633D20B354A854C940B3563A67B79BB6E40218F ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
19:58:34.0146 0x1274  KSecPkg - ok
19:58:34.0149 0x1274  [ 11AFB527AA370B1DAFD5C36F35F6D45F, 757AD234284467ADB826F7CA0251F58D48866B91995BC867DEA4BAF676947163 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
19:58:34.0159 0x1274  ksthunk - ok
19:58:34.0168 0x1274  [ C1591A66028C71147A3E2EAB0B1CCB7E, 82F3D5DCC1614398A144D9791E4BAA814DBA9112677341FD57D5E9834CEDEB41 ] KtmRm           C:\Windows\system32\msdtckrm.dll
19:58:34.0184 0x1274  KtmRm - ok
19:58:34.0193 0x1274  [ CA2828DDE4B09FEFFDB7CE68B3D8D00A, B514792FF1EF36C678BB51644A1C420105D5E2CD6DD5A89A3FB252D08277A40C ] LanmanServer    C:\Windows\system32\srvsvc.dll
19:58:34.0209 0x1274  LanmanServer - ok
19:58:34.0217 0x1274  [ 3DBD9100745F9B8506B8FEC6FE6CCDE3, C3EF2856A1680AFDE133887E48946CF9CAB6755C3BDC07F0326965DCD4096F62 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:58:34.0233 0x1274  LanmanWorkstation - ok
19:58:34.0246 0x1274  [ 8B9F3796EC1762CF255BDB324E5529C8, F73D6BEF19BE20AEB18DA82CB63E9D8B50ACBBE4ED9B646EF0C9F598F6B81F94 ] lfsvc           C:\Windows\System32\GeofenceMonitorService.dll
19:58:34.0266 0x1274  lfsvc - ok
19:58:34.0270 0x1274  [ C09010B3680860131631F53E8FE7BAD8, 35F2A06D5F29478D22ABDCC20DA893EF9D96504C65594A0CEA674D1C21B04FF8 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
19:58:34.0281 0x1274  lltdio - ok
19:58:34.0289 0x1274  [ DAE98CC96C5EE308BF4EA7B18F226CB8, 7A6CC56BF075010707715AB6608764291E358EDF27C806A025532869004C686B ] lltdsvc         C:\Windows\System32\lltdsvc.dll
19:58:34.0304 0x1274  lltdsvc - ok
19:58:34.0308 0x1274  [ 1E2662D847B7D9995C65D90D254A7E0F, AFD4063D2071FFCB6B0EAC0715276D986F42326919C86E525DCE12E1109A93E2 ] lmhosts         C:\Windows\System32\lmhsvc.dll
19:58:34.0319 0x1274  lmhosts - ok
19:58:34.0326 0x1274  [ C755AE4635457AA2A11F79C0DF857ABC, E03D1ACAC155287291FE1BD0B653953ADC94279A74D0152088D698FAA796460F ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
19:58:34.0335 0x1274  LSI_SAS - ok
19:58:34.0339 0x1274  [ ADAC09CBE7A2040B7F68B5E5C9A75141, 7865DA7E91404F3642BC444B97F6B7AA42B9523D5EDD7F6365DA236B8EC3410F ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
19:58:34.0348 0x1274  LSI_SAS2 - ok
19:58:34.0352 0x1274  [ 04D1274BB9BBCCF12BD12374002AA191, 4B9618F8D25F2278DE1610A70ACAADB074D171D162C3AF27D464F5DC800A8E60 ] LSI_SAS3        C:\Windows\system32\drivers\lsi_sas3.sys
19:58:34.0361 0x1274  LSI_SAS3 - ok
19:58:34.0365 0x1274  [ 327469EEF3833D0C584B7E88A76AEC0C, 3D88B5A2D68F93F01B39C6E3D8D5C7A2A20686EFC756086E66AFFF1BC3019B85 ] LSI_SSS         C:\Windows\system32\drivers\lsi_sss.sys
19:58:34.0374 0x1274  LSI_SSS - ok
19:58:34.0390 0x1274  [ 9A7A7E45DAED2E8C2816716D8D28236A, C94787988826E546A8DC752BD6BE4EA7423DC3762B2D371DB297A63F865A95FF ] LSM             C:\Windows\System32\lsm.dll
19:58:34.0415 0x1274  LSM - ok
19:58:34.0420 0x1274  [ DDEE191AB32DFC22C6465002ECDF5EE4, 190C3930A8449118F9FEDF43C482837EF1C255E6D67F9651156E66A1E2BC6553 ] luafv           C:\Windows\system32\drivers\luafv.sys
19:58:34.0432 0x1274  luafv - ok
19:58:34.0448 0x1274  [ DE111E937CB01E149FD749F67CDA7DD9, 1434FD87072FE4032D40E2B59DA301B0B35A301DAD4A6E7FE53BE8044BD2B465 ] MbaeSvc         C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
19:58:34.0469 0x1274  MbaeSvc - ok
19:58:34.0474 0x1274  [ EB5C03A070F30D64A6DF80E53B22F53F, 12051B6AEBDEE1E28F24364F25A52BA3A6E282ECF86D6290E34BD38E6D4E066D ] megasas         C:\Windows\system32\drivers\megasas.sys
19:58:34.0483 0x1274  megasas - ok
19:58:34.0495 0x1274  [ F6F13533196DE7A582D422B0241E4363, B3CD9B08937AFFF12141B38634AF3A56F5AC5FF3EF03941802B9841DEC559469 ] megasr          C:\Windows\system32\drivers\megasr.sys
19:58:34.0516 0x1274  megasr - ok
19:58:34.0521 0x1274  [ 772A1DEEDFDBC244183B5C805D1B7D85, 7D821B8DF1F174E5414FFDEAB5207DB687740E9842F7203600AEBA086945AFC9 ] MEIx64          C:\Windows\System32\drivers\HECIx64.sys
19:58:34.0528 0x1274  MEIx64 - ok
19:58:34.0533 0x1274  [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] MMCSS           C:\Windows\system32\mmcss.dll
19:58:34.0545 0x1274  MMCSS - ok
19:58:34.0548 0x1274  [ 8B38C44F69259987C95135C9627E2378, E698B82D4EFFF56D66C7FC9866369BA5736FDBDBE2028CC421C51E70DEA74727 ] Modem           C:\Windows\system32\drivers\modem.sys
19:58:34.0559 0x1274  Modem - ok
19:58:34.0563 0x1274  [ 601589000CC90F0DF8DA2CC254A3CCC9, D1238A386C41B6C368D9A44B7C112C943995B5403E2A5B4B7346B266DDB0C5A0 ] monitor         C:\Windows\System32\drivers\monitor.sys
19:58:34.0572 0x1274  monitor - ok
19:58:34.0575 0x1274  [ 08374E4E5B8914DE6067CBA99F61E930, CBB1390D6523FC968BEDF78FD13699488621ACB2CD1DF55D1606316090548661 ] mouclass        C:\Windows\System32\drivers\mouclass.sys
19:58:34.0584 0x1274  mouclass - ok
19:58:34.0587 0x1274  [ 5FCBAB60598AE119E02B4C27DE6B99EA, 36F30094F700DE41C293047ACB49ED1961DD927BEDAD8DFDAB7023D4D24CB0DE ] mouhid          C:\Windows\System32\drivers\mouhid.sys
19:58:34.0596 0x1274  mouhid - ok
19:58:34.0600 0x1274  [ 24DABC0A77FAFDC0E379AB3B30F61BB6, E66624ABBF1D742879035F9161F9D3713DE7B759B3D3CF8B96C9E397A02FCF82 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
19:58:34.0609 0x1274  mountmgr - ok
19:58:34.0615 0x1274  [ 69E23C730974BAC8C11DF2B7C4C9D37B, 8DC4448EC9C9647381952D7822B39C89E0997B4B964A785AE274144FADEE3C02 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:58:34.0624 0x1274  MozillaMaintenance - ok
19:58:34.0629 0x1274  [ 6FC047578785B0435F4E2660946D1ADC, 8AEA5659F01FC2F75160922C69622502DABA39F33CB90D5178DD679A1CDE617D ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
19:58:34.0640 0x1274  mpsdrv - ok
19:58:34.0657 0x1274  [ D1418745A5472F3930A288E05B9E2C05, 95785F0FA7EE239459C0288DB37E9E54648029FD6FE45A61E6343526D67FFA32 ] MpsSvc          C:\Windows\system32\mpssvc.dll
19:58:34.0684 0x1274  MpsSvc - ok
19:58:34.0691 0x1274  [ D2AC8F07995CE6CD18848C129435B481, 839B04116B49A757950E049150F6AADE41335914CC699ED73BE886BECAC39D36 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
19:58:34.0703 0x1274  MRxDAV - ok
19:58:34.0714 0x1274  [ 3AF30CEB99E581E2FADA0B5FC4B551D8, 59BDE83C10D6F31E13B81FC317F1DE0E00793FBA288EAF844E29CFA0EB184502 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
19:58:34.0733 0x1274  mrxsmb - ok
19:58:34.0741 0x1274  [ 15D7AF1A26CCEBA32DF21A8E2098F463, 84390806AD3A9651DAB803E9257EEE851B898ED2AB56D8936E8C9F6B41967243 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:58:34.0755 0x1274  mrxsmb10 - ok
19:58:34.0762 0x1274  [ 0790EEB1EC199F8BE8259E47B373ED23, F9330F43B40675CCB60804182EF04BFBA3837ED14C798788A4B27D65A646D1C7 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:58:34.0774 0x1274  mrxsmb20 - ok
19:58:34.0778 0x1274  [ F3C060444777A59FC63D920719E43CCD, 8766A2746E3DFB0749E902F458141269335CA6F0CEDCA3D5F8C204637C19E783 ] MsBridge        C:\Windows\system32\DRIVERS\bridge.sys
19:58:34.0789 0x1274  MsBridge - ok
19:58:34.0794 0x1274  [ 915747E010A9414B069173284A9B93F4, 8A335C28FE1EF96DD71485877F2E86155D24B5614ACE05468F4B07E2ACD56331 ] MSDTC           C:\Windows\System32\msdtc.exe
19:58:34.0806 0x1274  MSDTC - ok
19:58:34.0812 0x1274  [ D13329FBF8345B28AB30F44CC247DC08, 9C7EC2D4D65E6510EB5B9E61BB0D14F725D7E8FE98D65161C3971E43EF1AB6EB ] Msfs            C:\Windows\system32\drivers\Msfs.sys
19:58:34.0821 0x1274  Msfs - ok
19:58:34.0826 0x1274  [ C6B474E46F9E543B875981ED3FFE6ADD, E16687E52FB649C23D92159A1F036CB662202C1E58D961EECDAA528AA4FA669A ] msgpiowin32     C:\Windows\System32\drivers\msgpiowin32.sys
19:58:34.0834 0x1274  msgpiowin32 - ok
19:58:34.0837 0x1274  [ 65C92EB9D08DB5C69F28C7FFD4E84E31, D709BA4723225321F665B1157A33A4AE230420752308EF535DA9A41CAC164628 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
19:58:34.0846 0x1274  mshidkmdf - ok
19:58:34.0849 0x1274  [ 52299F086AC2DAFD100DD5DC4A8614BA, B36BE0FC96798E5EB8C193C318970E3906961E3ABC3BFAAD73138C76D9A95B0B ] mshidumdf       C:\Windows\System32\drivers\mshidumdf.sys
19:58:34.0858 0x1274  mshidumdf - ok
19:58:34.0862 0x1274  [ 36D92AF3343C3A3E57FEF11C449AEA4C, ECC85AA1E530DF55B4A4545798219F87F0FCA66DDD2E37BCEF0850D3C9129DD2 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
19:58:34.0869 0x1274  msisadrv - ok
19:58:34.0875 0x1274  [ 4EAEEBAC8CFF4E0D717DFA920BC58A90, A65CB1BB3392B6A04B978348CAC18A414560A6B04A727F22DFC0ADB20DD3AF6B ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
19:58:34.0887 0x1274  MSiSCSI - ok
19:58:34.0890 0x1274  msiserver - ok
19:58:34.0893 0x1274  [ A9BBBD2BAE6142253B9195E949AC2E8D, 599D2952D4E0B0B3E02D91E38A30F4900B1ADA330716B887B156A1CB9A3E6EE9 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
19:58:34.0902 0x1274  MSKSSRV - ok
19:58:34.0906 0x1274  [ 51B3AC0560848CD6D65AC2033E293113, 73A27E88774C6929328E6C9FC9C389F4DF76D4D4D5CBFC4F51651CC308829628 ] MsLldp          C:\Windows\system32\DRIVERS\mslldp.sys
19:58:34.0917 0x1274  MsLldp - ok
19:58:34.0920 0x1274  [ 7B2128EB875DCBC006E6A913211006D6, 97BBD7FF770741FBFC0F181A609AD0954EA926DA203B742E8F08C89AD8FE476E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
19:58:34.0930 0x1274  MSPCLOCK - ok
19:58:34.0933 0x1274  [ 1E88171579B218115C7A772F8DE04BD8, B9EAA835D0BF8F9C4DF8403D95EF1400E8AE38F28F9DBA87657DE2129FEF02D2 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
19:58:34.0942 0x1274  MSPQM - ok
19:58:34.0951 0x1274  [ BBE2A455053E63BECBF42C2F9B21FAE0, 7C5DF563499DF59DF9895A1581E47ADF5FD54C94ECEF6C886CDB60E5E95A6DAE ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
19:58:34.0967 0x1274  MsRPC - ok
19:58:34.0972 0x1274  [ 8D6B7D515C5CBCDB75B928A0B73C3C5E, 1EB4DC3DD21D2627C78EC3F9931D9E5D033169087E43B5D7C17BF1FF2A0028CD ] mssmbios        C:\Windows\System32\drivers\mssmbios.sys
19:58:34.0980 0x1274  mssmbios - ok
19:58:34.0984 0x1274  [ 115019AE01E0EB9C048530D2928AB4A2, 6E2275E85EACF2D0FC784792E0D72A165589D33CBAB3BCFA8E271CA09566C925 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
19:58:34.0992 0x1274  MSTEE - ok
19:58:34.0995 0x1274  [ 96D604A35070360F0DD4A7A8AF410B5E, F94DD1A3566C7C8D0A76D6E1E2530552A9B7F99C5DA0DE11829325EAB9F8B7ED ] MTConfig        C:\Windows\System32\drivers\MTConfig.sys
19:58:35.0004 0x1274  MTConfig - ok
19:58:35.0009 0x1274  [ 438EA7A2D8D4F9B8AFB64748ACA70BA8, AEEB7B657B645C4006C6D5E8D07ECE581DEE7AD22EA1A587C552574990CF091B ] Mup             C:\Windows\system32\Drivers\mup.sys
19:58:35.0019 0x1274  Mup - ok
19:58:35.0023 0x1274  [ B8C35C94DCB2DFEAF03BB42131F2F77F, F0FCF367CA8F722D6ABCF7F363CD406D890D71452E91C3FC6677B47AD74D6324 ] mvumis          C:\Windows\system32\drivers\mvumis.sys
19:58:35.0032 0x1274  mvumis - ok
19:58:35.0043 0x1274  [ 8DF30698BDD9492A9D45A4B94FB4A82A, 26B1B2D7E785E29B8BCB74C467C66AE4EBDD481ACFF36334F3BDF4506B778244 ] napagent        C:\Windows\system32\qagentRT.dll
19:58:35.0061 0x1274  napagent - ok
19:58:35.0071 0x1274  [ 008F7CED69FD5B30CBDE1E03C6F36A27, D4ADA7834C470B17A3CD976012DC5A511B32545B9F91D23D09A85722E0B75320 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
19:58:35.0090 0x1274  NativeWifiP - ok
19:58:35.0096 0x1274  [ BFCE1225D10619029E68946929CEB64C, 499F560331FFBA82E3D673B47F027FDAB7BEE4F2CB5B811D69E0218839F6E6A5 ] NcaSvc          C:\Windows\System32\ncasvc.dll
19:58:35.0109 0x1274  NcaSvc - ok
19:58:35.0115 0x1274  [ 267C97373110B7AFD3B46DF60B6CBB85, CEBB99F71D47634BB9C04DF2836DF6B47F15B3073FEFC237F85526DF01E4E38B ] NcbService      C:\Windows\System32\ncbservice.dll
19:58:35.0129 0x1274  NcbService - ok
19:58:35.0133 0x1274  [ 0813B71EAF097208DC76CE0605B48AF0, A93A2E6A8FB77B58AC4D580E6F8BF307A25BADC9493994F9BE235EBFB0E1DB22 ] NcdAutoSetup    C:\Windows\System32\NcdAutoSetup.dll
19:58:35.0145 0x1274  NcdAutoSetup - ok
19:58:35.0167 0x1274  [ 97DC5967F65503213FD1F1B3E4A6F983, 3EC515856C7CE9B30032F963DC04190F66EE62402A819781DC45B7D088C84229 ] NDIS            C:\Windows\system32\drivers\ndis.sys
19:58:35.0200 0x1274  NDIS - ok
19:58:35.0204 0x1274  [ 8CECC8DA55F3274181FD1EA28AD76664, 188112424CEF97FB926A0FB915260B803555A775DD2E1846725A9C8616300F42 ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
19:58:35.0213 0x1274  NdisCap - ok
19:58:35.0218 0x1274  [ 269882812E9A68FFF1AFE1283D428322, 50B99EBC42DA9B46A8C2C28C9BADCF58AE3079535CDD1227D0F5C86291C715FF ] NdisImPlatform  C:\Windows\system32\DRIVERS\NdisImPlatform.sys
19:58:35.0229 0x1274  NdisImPlatform - ok
19:58:35.0232 0x1274  [ DC1D9F692C2AD84C214584C28501C1F7, 96FC0D1EC48FED963E02648541A2AAC8E72ED00D797EA8E3D0ED02F5EB4816C5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
19:58:35.0242 0x1274  NdisTapi - ok
19:58:35.0247 0x1274  [ B832B35055BA2B7B4181861FF94D8E59, 2E60E5D503E88D27E35ECFEE265D51328E93A9C7B9B931F86D9CBC947636BB00 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
19:58:35.0257 0x1274  Ndisuio - ok
19:58:35.0260 0x1274  [ 1F58E48EF75F34C35D8E93A0DC535CFE, D65619A6C4B1747F8B05DA08A44EF0E46B5CC384880E04E4755A2BA6CDB3C4EA ] NdisVirtualBus  C:\Windows\System32\drivers\NdisVirtualBus.sys
19:58:35.0270 0x1274  NdisVirtualBus - ok
19:58:35.0277 0x1274  [ C3755FCF9A0B5C6FE8ED9E873B85D3CE, 4D3DAFAFA5FB2930522D6DA536E3A731BABE0C24613C190D2330DB415D1A6515 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
19:58:35.0290 0x1274  NdisWan - ok
19:58:35.0296 0x1274  [ C3755FCF9A0B5C6FE8ED9E873B85D3CE, 4D3DAFAFA5FB2930522D6DA536E3A731BABE0C24613C190D2330DB415D1A6515 ] NdisWanLegacy   C:\Windows\system32\DRIVERS\ndiswan.sys
19:58:35.0308 0x1274  NdisWanLegacy - ok
19:58:35.0312 0x1274  [ B8F36CBC72FC5C8B8A30AD850165EA8E, 478454B1399700B745265A64EC9C797C66BD0141471200BCF222F5EB15B0F40C ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
19:58:35.0323 0x1274  NDProxy - ok
19:58:35.0327 0x1274  [ 3083926D1CC5B56EA0786527B557DD1B, 3C3F0CA0D43398576DBE8F677B353ADDA7E8F56829874958CE668E31261C1590 ] Ndu             C:\Windows\system32\drivers\Ndu.sys
19:58:35.0339 0x1274  Ndu - ok
19:58:35.0343 0x1274  [ 42FF4975D032CAE558AE4BB8448F6E5A, 0B8FACF3382443DED79A8004A6AA14C32471A6A1C6BAA543AA9F3FEC52620A6D ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
19:58:35.0352 0x1274  NetBIOS - ok
19:58:35.0360 0x1274  [ 9DC17B7D9D84C37C102D379FCC7D4942, D522022ED4395686837E96F57EE29F8065FB749D1195B60D2A406FB33F696C09 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
19:58:35.0375 0x1274  NetBT - ok
19:58:35.0379 0x1274  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] Netlogon        C:\Windows\system32\lsass.exe
19:58:35.0387 0x1274  Netlogon - ok
19:58:35.0395 0x1274  [ 8F074B62E66B6117D9598C62A12069C5, 5FDB19045D3E2F6D0F0C5158AC2ECB0D5404CD2AF7A319755D7E3753CA3B7CF3 ] Netman          C:\Windows\System32\netman.dll
19:58:35.0409 0x1274  Netman - ok
19:58:35.0421 0x1274  [ 4A04B1CD5BFB4A978C5F60E86D6C3E45, A946922C1C38ADD3CF9D3B09DDCC301AE4DAC960A081B2F42B32BE1E7095B3FD ] netprofm        C:\Windows\System32\netprofmsvc.dll
19:58:35.0441 0x1274  netprofm - ok
19:58:35.0449 0x1274  [ 1092B3190E69E0C5ECBCE90F171DE047, C16106EEFC324EE80E5F659CB71A5DD69FA800D36D829F5B0E6AD3393BD1BAF7 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:58:35.0460 0x1274  NetTcpPortSharing - ok
19:58:35.0465 0x1274  [ 3C9C11DFF7C8C4384D22972ED75398D6, 79D1C630A441385E2A03A7BF1D9B3F85C8BC5BFA9CED96F85180059D18B3B5EC ] netvsc          C:\Windows\System32\drivers\netvsc63.sys
19:58:35.0475 0x1274  netvsc - ok
19:58:35.0485 0x1274  [ E94EB2A95D7D016E119C4D6868788831, 3E4A925D23262FBA0A6432DD635FBE94B0CEF76BD9BB323254B66977497FEE2A ] NlaSvc          C:\Windows\System32\nlasvc.dll
19:58:35.0502 0x1274  NlaSvc - ok
19:58:35.0506 0x1274  [ 8F44A2F57C9F1A19AC9C6288C10FB351, 310274DDBAC0FE4BE54ECD3B90C97D82A0F9F5CFCA7A35711A36164DE4B94074 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
19:58:35.0517 0x1274  Npfs - ok
19:58:35.0520 0x1274  [ CBDB4F0871C88DF930FC0E8588CA67FC, 7E4AA3EA81A9D532F236FD7896744F07ED07CA9B37A9F18A9778BCCCC67490F2 ] npsvctrig       C:\Windows\System32\drivers\npsvctrig.sys
19:58:35.0530 0x1274  npsvctrig - ok
19:58:35.0533 0x1274  [ 0F12A72A753CFD7FB0631EE8D08FE983, 860A96471F6CD90DDA9AB3A48E95CEAD826C87D2FA98A00EF91B61C44A4C8B82 ] nsi             C:\Windows\system32\nsisvc.dll
19:58:35.0545 0x1274  nsi - ok
19:58:35.0548 0x1274  [ 0E046FF5823B95326D10CF1B4AF23541, 39D22715003746527AB4BFEDED8C34B695DAF589091AE7F3A2A2C4B8A35675A9 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
19:58:35.0558 0x1274  nsiproxy - ok
19:58:35.0595 0x1274  [ 9980B262DBE439AE6BDC91AA985F19EE, E998E4CAE9CD103ADA9CA3C737C4DAD017D056828BFA42A41C7B4E4E108FB13C ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
19:58:35.0647 0x1274  Ntfs - ok
19:58:35.0652 0x1274  [ EF1B290FC9F0E47CC0B537292BEE5904, DBC07BBC54EBC2D2E576B23A4CE116B3DA988577AD0D96CB7289A6748A60F9EA ] Null            C:\Windows\system32\drivers\Null.sys
19:58:35.0661 0x1274  Null - ok
19:58:35.0667 0x1274  [ BC6B5942AFF25EBAF62DE43C3807EDF8, CB0FA194084B8C309039D571B5760FDA800E9531B8660C499B4F9977BA5C36D5 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
19:58:35.0678 0x1274  nvraid - ok
19:58:35.0684 0x1274  [ 1F43ABFFAC3D6CA356851D517392966E, 6FD7621F67BA94B0E1D8F43BEC2951DBCDEEA1E848BB265AC169E27C01DA68F2 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
19:58:35.0694 0x1274  nvstor - ok
19:58:35.0699 0x1274  [ 6934A936A7369DFE37B7DBA93F5E5E49, 0900FEEB0CE8D09F0FC60630B5B986034A8BCD3882ED66E47170810C32492892 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
19:58:35.0710 0x1274  nv_agp - ok
19:58:35.0717 0x1274  [ FD63D247B8AE1ADB2EE075C3608372F5, D28EB60C77DD9976C1912789E5E08376B1043DBDCFBF25BD71A8C92EACA8C76F ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:58:35.0728 0x1274  ose - ok
19:58:35.0738 0x1274  [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
19:58:35.0756 0x1274  p2pimsvc - ok
19:58:35.0767 0x1274  [ FD8F61F0D1F64BBB3D835F39A3F979C9, E5C5F86576488EA7F605E26C06EE5AFB36506A446F60C894D55E0A148BF7F02D ] p2psvc          C:\Windows\system32\p2psvc.dll
19:58:35.0785 0x1274  p2psvc - ok
19:58:35.0791 0x1274  [ 57DCE4FB0467986AE78E1C6FC5240D32, F7F3ADD1B48E4D6BB0A664A2FE556F71ED7453054B4FB667A29BE050C845045B ] Parport         C:\Windows\System32\drivers\parport.sys
19:58:35.0803 0x1274  Parport - ok
19:58:35.0807 0x1274  [ BAFF6122CFC9F95CA175AD8C348179A4, 079A912D951DF6A57BC1BDB0D182977EE9592751EC9DDCDA2932BDEDB333850C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
19:58:35.0816 0x1274  partmgr - ok
19:58:35.0827 0x1274  [ 0A2DF1055FEEA30DFF73DAC0DA45FDE4, 497B2AE591ABBCFA8FC571D9C1D750006212F2D2DDF12F5A9E7FFA811CD707A3 ] PcaSvc          C:\Windows\System32\pcasvc.dll
19:58:35.0847 0x1274  PcaSvc - ok
19:58:35.0856 0x1274  [ 91ED124E261EA8FAA1C0FFDF2A71B0C4, 20E41A38067395D03184938983A9BE459717A1941352972DBC28D83D542319EC ] pci             C:\Windows\system32\drivers\pci.sys
19:58:35.0870 0x1274  pci - ok
19:58:35.0874 0x1274  [ 346E38FCC6859A727DD28AFAD1F0AFF4, FF3DA26F79B3BC3A5B8A8AA0B9139B9EF70297F4EA1203B1E68FB5A212C3AA58 ] pciide          C:\Windows\system32\drivers\pciide.sys
19:58:35.0881 0x1274  pciide - ok
19:58:35.0886 0x1274  [ 4D3BDCC1C7B40C9D7B6AD990E6DEC397, 27A7AF2127B699F4579CB77936F38DC102211E26E5E2947DB808756FE06FC98E ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
19:58:35.0897 0x1274  pcmcia - ok
19:58:35.0900 0x1274  [ BF28771D1436C88BE1D297D3098B0F7D, 5F7630916A76A8CF31289E9C577F522B999C74C39E541CD40E62BD53004BEF74 ] pcw             C:\Windows\system32\drivers\pcw.sys
19:58:35.0908 0x1274  pcw - ok
19:58:35.0912 0x1274  [ ED54A75050211DC77F9B98C41E026858, F92FB59ADE88469EAA50E91D43165C68CC32FDE11595A0069FD43103A674FE44 ] pdc             C:\Windows\system32\drivers\pdc.sys
19:58:35.0923 0x1274  pdc - ok
19:58:35.0937 0x1274  [ 0ECEE590F2E2EF969FB74A6FC583A1E6, 1C611D9225C863CF32125F684B324C58BDE1942F4F283F5674133200AC505D44 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
19:58:35.0959 0x1274  PEAUTH - ok
19:58:35.0978 0x1274  [ 8E3C640FFF5A963F570233AE99C0FFF3, 3DE978B005BF2E88BA858CE37D9E27BD3584642B8412E22C300A1E739743838A ] PerfHost        C:\Windows\SysWow64\perfhost.exe
19:58:35.0991 0x1274  PerfHost - ok
19:58:36.0023 0x1274  [ 70B39E7241F750A248798CE82C44596D, 54A72199EB277EE586611DCBC21654786FD2196F91D5884C4F531297893CC3EC ] pla             C:\Windows\system32\pla.dll
19:58:36.0063 0x1274  pla - ok
19:58:36.0069 0x1274  [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
19:58:36.0079 0x1274  PlugPlay - ok
19:58:36.0083 0x1274  [ 4570F8A37D221660F3A09D6F4DD4BA94, 0EA190CFFA53DF9CCA2D53A4EF1BCB837BA3F2489A3AC5BD11F6D6ED811D118E ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
19:58:36.0092 0x1274  PNRPAutoReg - ok
19:58:36.0101 0x1274  [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
19:58:36.0116 0x1274  PNRPsvc - ok
19:58:36.0127 0x1274  [ 0FF8507A8B901B904E98EB36B9E347EE, FE4A9A6159A8490F3155D166656748722EFDEDCDC447C09155A5AD6D9F5D294D ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
19:58:36.0144 0x1274  PolicyAgent - ok
19:58:36.0150 0x1274  [ C8DD82C3035E60D671B8CC5DF128D3A9, 6AABF632CBEDA9A7B553BC9134FF100CB6FDC88000D499D2883408FCEDD97576 ] Power           C:\Windows\system32\umpo.dll
19:58:36.0161 0x1274  Power - ok
19:58:36.0217 0x1274  [ F6EA63145C20A23732AD2CA1EBA65FA1, 0DD1164D37C1500258E9CCCE458778A3DA196D9A65919B2672E3C88383068F52 ] PrintNotify     C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll
19:58:36.0286 0x1274  PrintNotify - ok
19:58:36.0294 0x1274  [ ECD373F9571C745894367CC2635EA44F, E08B2A1017DAE1BF10B986DAFAD14BDE20D79703E0EF3A8C700A3753908C1392 ] Processor       C:\Windows\System32\drivers\processr.sys
19:58:36.0305 0x1274  Processor - ok
19:58:36.0312 0x1274  [ 6E409D818C6B342544EAE741B1422B85, B4ADFB7809FC42C432C984C3AC13FAFD1B7AD53BCC7FB16E86371DE4C829DD1A ] ProfSvc         C:\Windows\system32\profsvc.dll
19:58:36.0327 0x1274  ProfSvc - ok
19:58:36.0333 0x1274  [ FC0141B4A5AD6D637D883C1A89FC45C5, DCE8942C02EEDAE7A57707CA60CAC3A8CD6BA68E6571E405CA882D4DD6D69E43 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
19:58:36.0344 0x1274  Psched - ok
19:58:36.0353 0x1274  [ DAA9DEE0A5D5F238C4EE54C2C7FB67C5, 7EC8C603BD92699AC35BDCD294F13BEE90D5C2C195FD93A3F16928BFCF53CA93 ] QWAVE           C:\Windows\system32\qwave.dll
19:58:36.0368 0x1274  QWAVE - ok
19:58:36.0372 0x1274  [ 83868EB2924E6BC21A54337C65D614D1, 8D1BE01EBD190231153B867C32120DC8FBFBD32050448A778134D435D76A0B07 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
19:58:36.0381 0x1274  QWAVEdrv - ok
19:58:36.0384 0x1274  [ B337B1F1E82A83E20A1743E008E25C0F, A2E8AF041B4CAB78AEE28A2147A189FF0F9D2FCEFB167D60FBBA0A787A5A5BE7 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
19:58:36.0394 0x1274  RasAcd - ok
19:58:36.0399 0x1274  [ 044638489B4A5FE5334F46C5314A0826, E06CC2A9EF369794DAD69FBB5AFD1676D4283DDAB2AD5E3EFE454C473F62F955 ] RasAuto         C:\Windows\System32\rasauto.dll
19:58:36.0410 0x1274  RasAuto - ok
19:58:36.0423 0x1274  [ 15C0034561FE5B03FA376F1A6232478B, 0F9B5C2BD7D8803FF3C5ED957D3F0859F2A59B74510E4659FBF05EDCBF230208 ] RasMan          C:\Windows\System32\rasmans.dll
19:58:36.0443 0x1274  RasMan - ok
19:58:36.0448 0x1274  [ 5247F308C4103CDC4FE12AE1D235800A, E567CD33CA1897D53795E071B7AFBAF98B2C8F725F8BED0BA90F5EF611520E48 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
19:58:36.0460 0x1274  RasPppoe - ok
19:58:36.0470 0x1274  [ D67ED4AB59D1EF66B05AD1A81AC28B26, 72E750A9A6B484D8BEDE52FA6DABEF4D95765DE491152E1F6C856D0590B50C28 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
19:58:36.0486 0x1274  rdbss - ok
19:58:36.0491 0x1274  [ 6B21EBF892CD8CACB71669B35AB5DE32, 0AD8E14FEF16FB2559F5FC8AFBC9D49E4E24F43CF65F480DBF9FAB593269B419 ] rdpbus          C:\Windows\System32\drivers\rdpbus.sys
19:58:36.0500 0x1274  rdpbus - ok
19:58:36.0506 0x1274  [ 680C1DAE268B6FB67FA21B389A8B79EF, 856911F77BDD8830C3D683EBE8AF399FB3A54C7D8D0B34EA37D903377F0A39BD ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
19:58:36.0521 0x1274  RDPDR - ok
19:58:36.0527 0x1274  [ BC8A79C625568DDB7DCA49D0C2741A64, AB0A7ED9EC2282EC0356D27EA4F70515943E41C2112428B787636B8BEC278933 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
19:58:36.0534 0x1274  RdpVideoMiniport - ok
19:58:36.0541 0x1274  [ A26AEC49F318FEE141DDDB2C5F99B3E6, 246AD79FF27E79DEDCB0AAA7C22A8EA6349DEDAC863413A1E378E68FD94C9C4F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
19:58:36.0553 0x1274  rdyboost - ok
19:58:36.0572 0x1274  [ 615DFD97DEA56CE1C3A52185A3038FF8, 707BF5F9FAE478A12656D15013F507CC1335E7B72BD21CA99BB813CB95E37BC0 ] ReFS            C:\Windows\system32\drivers\ReFS.sys
19:58:36.0601 0x1274  ReFS - ok
19:58:36.0609 0x1274  [ DF78648AC3C8DC9D70E6714AF785382F, 56E104939ED0AB5B26AE07BAB1BBB7D15828DBD3A2AD35361423D7ADDA4BA551 ] RemoteAccess    C:\Windows\System32\mprdim.dll
19:58:36.0623 0x1274  RemoteAccess - ok
19:58:36.0629 0x1274  [ AC8785B53F8436058C90450DA1840AE7, CC1FFC2713910211F8A6AD532DBB9253ACD188CBD784F1BE6613DF382825A3C1 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
19:58:36.0642 0x1274  RemoteRegistry - ok
19:58:36.0649 0x1274  [ DC66AE45816614D2999DCD3834DCCC4E, 1C26225135E851DDD1307F52401DD7055B26B3F3B8FDD693B21042C2896E235A ] RFCOMM          C:\Windows\System32\drivers\rfcomm.sys
19:58:36.0661 0x1274  RFCOMM - ok
19:58:36.0666 0x1274  [ 65B9FDE300A6DECC03BA44C4616DCAD6, CAD992982733DD20282A3453DC4E554AE1FC077C35479C0CA4E8BC3A9DCD3BB0 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
19:58:36.0677 0x1274  RpcEptMapper - ok
19:58:36.0680 0x1274  [ A737B433ABAF3F2DCB2BD7B4CC582B26, 3B5706B0CF0969A9F82060FD4DCC745F2D83C066B663FE8A4F0F493B64032C9C ] RpcLocator      C:\Windows\system32\locator.exe
19:58:36.0690 0x1274  RpcLocator - ok
19:58:36.0706 0x1274  [ 7830CEA509693DE0817DF2F3F2D80E89, 7B1786CD225E2D6BCFA484D0BFB81DD162D5713EAEC80C53317CC6950E3D17F3 ] RpcSs           C:\Windows\system32\rpcss.dll
19:58:36.0731 0x1274  RpcSs - ok
19:58:36.0740 0x1274  [ E909662BF3CED6B79F2239DDA75BC6A4, 16A308AFFC605BEEAC968D6155928AA2FF5FD335B8F59F28C6AF40A4F0344E7F ] RSPCIESTOR      C:\Windows\system32\DRIVERS\RtsPStor.sys
19:58:36.0752 0x1274  RSPCIESTOR - ok
19:58:36.0757 0x1274  [ 2D05A5508F4685412F2B89E8C2189ABC, 82F12B4E0E73411A121EFD35FBD3B44CBBC0AE96ACFBB45D8C3C3777E2EA320D ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
19:58:36.0769 0x1274  rspndr - ok
19:58:36.0782 0x1274  [ 19764658C1468C2C0CEF133D28414A6B, 87AD4056F6C67052433A366B200B75613148B69B9B9D502AD926A7F7F037B8DE ] RTL8168         C:\Windows\system32\DRIVERS\Rt630x64.sys
19:58:36.0802 0x1274  RTL8168 - ok
19:58:36.0805 0x1274  [ 1A063730F221B2746FF00457AE17E4F0, 39A3C258CBFE3BC566C63528C9020A3BC9409736AE5289C08A7BA471D8409263 ] s3cap           C:\Windows\System32\drivers\vms3cap.sys
19:58:36.0813 0x1274  s3cap - ok
19:58:36.0816 0x1274  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] SamSs           C:\Windows\system32\lsass.exe
19:58:36.0825 0x1274  SamSs - ok
19:58:36.0830 0x1274  [ C624A1B32211C3166EDB3F4AB02A30B7, 6B2A4607DB52D74242787ED9DF9067058983D310431D8612D2B0236E6201E681 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
19:58:36.0841 0x1274  sbp2port - ok
19:58:36.0847 0x1274  [ 74A3B67F03877D06B09B1B40C5ED582E, A8FF9BF416F0BF365BFB4E1796859825C811A74B5E54DDDCE8345193BEEBE206 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
19:58:36.0861 0x1274  SCardSvr - ok
19:58:36.0866 0x1274  [ 8B9C4D55B4A536FB01C360DDB9533574, 9B939FE68F6F9C171ED0D91E2CE1E67515295D34EC23606BCDFD097DCC8CFD4A ] ScDeviceEnum    C:\Windows\System32\ScDeviceEnum.dll
19:58:36.0879 0x1274  ScDeviceEnum - ok
19:58:36.0883 0x1274  [ 13BEA6C882D4D877A5A85CA149C86BC1, 8E9BE5C2A36D5881D9985C3A31309FE03966EA13A3541D3C5B542AB67FA0D55F ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
19:58:36.0893 0x1274  scfilter - ok
19:58:36.0917 0x1274  [ 3151A020E03DDE31AAC49F35C5EFB4DB, 5ABB1103009979F86C862357E28F37C2744979F2C99F7CF6ABB4EB1B8416B3F6 ] Schedule        C:\Windows\system32\schedsvc.dll
19:58:36.0952 0x1274  Schedule - ok
19:58:36.0959 0x1274  [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] SCPolicySvc     C:\Windows\System32\certprop.dll
19:58:36.0970 0x1274  SCPolicySvc - ok
19:58:36.0979 0x1274  [ C54B6B2170BF628FD42F799A66956D75, BCF460A124CAA6F1F1A9A7BCBDCC2D5E39B0404D96B7C9FFAC806E041782B91E ] sdbus           C:\Windows\System32\drivers\sdbus.sys
19:58:36.0993 0x1274  sdbus - ok
19:58:36.0998 0x1274  [ 0B1E929D11A8E358106955603FAC65E8, A5EC91BFC0873EC6AB1D0DB4E91654BD35339BD680E7E82DA2DC64996B4AE515 ] sdstor          C:\Windows\System32\drivers\sdstor.sys
19:58:37.0008 0x1274  sdstor - ok
19:58:37.0012 0x1274  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
19:58:37.0021 0x1274  secdrv - ok
19:58:37.0025 0x1274  [ 6627154693B6C2B8A59727F5B38728E8, F08251EE3436400295F120D48F3763E6F11BBF4132D674AD3E8112B6B3538455 ] seclogon        C:\Windows\system32\seclogon.dll
19:58:37.0036 0x1274  seclogon - ok
19:58:37.0040 0x1274  [ 81FE9A81EDF8016816C9E91FBFBF7D35, 87FB92A3D15F312F0B9C423EF851061A944B013E5668D8C9A441B4DC0EB690AF ] SENS            C:\Windows\System32\sens.dll
19:58:37.0052 0x1274  SENS - ok
19:58:37.0059 0x1274  [ 6E4012AE67F09F867EF620C8D5524C0B, 63933E51F8E413E63481369CE2F9FD224560550FBD3BD2B4573E9F4AD88708A2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
19:58:37.0073 0x1274  SensrSvc - ok
19:58:37.0077 0x1274  [ DB2FF24CE0BDD15FE75870AFE312BA89, 7DB0D978C92CD0A0A81F7AB46FE323B4929CEA01585B0F330921E6DFA7DE1B85 ] SerCx           C:\Windows\system32\drivers\SerCx.sys
19:58:37.0086 0x1274  SerCx - ok
19:58:37.0091 0x1274  [ 0044B31F93946D5D41982314381FE431, 95B8A94BA9EF770F29ACD5B23D447EC2B6CF1CB3D0030343BA1550AC31F6E2A5 ] SerCx2          C:\Windows\system32\drivers\SerCx2.sys
19:58:37.0101 0x1274  SerCx2 - ok
19:58:37.0106 0x1274  [ 1F0135949A6AD6025F363F80FE268251, DB2D503863143F2251E589F7B0B3E9FBF997D7333D54C55856590B5080B5513D ] Serenum         C:\Windows\System32\drivers\serenum.sys
19:58:37.0115 0x1274  Serenum - ok
19:58:37.0120 0x1274  [ 81633C87B42B63BA484A6177179AC750, A22BA40E9EC74E88D8098CBDC954E1D63B832FCB789E3C7B731DE5DA39BEE2CA ] Serial          C:\Windows\System32\drivers\serial.sys
19:58:37.0130 0x1274  Serial - ok
19:58:37.0134 0x1274  [ 148195AE95D9BC7375A08846439FDAC1, 3A2F78FD18AA7A6D659921E19335E943894530874AC5AB5E7219CEF28FA54F7A ] sermouse        C:\Windows\System32\drivers\sermouse.sys
19:58:37.0143 0x1274  sermouse - ok
19:58:37.0151 0x1274  [ 3A2F1A7472C3B7CC9B89C8516C726488, 9BCBBAC10C900EA7B30822B463A77EE5067F217C4B490857A09E5277983CB89B ] SessionEnv      C:\Windows\system32\sessenv.dll
19:58:37.0168 0x1274  SessionEnv - ok
19:58:37.0172 0x1274  [ 472B7A5AC181C050888DB454663DD764, C950A8615D57BFD455E18880398350642B2E1D6B951EC9754FD8D429F3418835 ] sfloppy         C:\Windows\System32\drivers\sfloppy.sys
19:58:37.0181 0x1274  sfloppy - ok
19:58:37.0192 0x1274  [ 8081FF3DAE8159FE8956B09BC29CE983, AC0F305AEE8B1AB2E1275F1D33EC1D2F3E23F234F831BD9D41F415A94A19D3AB ] SharedAccess    C:\Windows\System32\ipnathlp.dll
19:58:37.0209 0x1274  SharedAccess - ok
19:58:37.0223 0x1274  [ 7FD9A61A3523A61FC135D61D6E160314, 409E1CF7A62FD90CBC31AEAFBB7230B02DBEC6CFCA2D266D221A7643FAEBA13B ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:58:37.0247 0x1274  ShellHWDetection - ok
19:58:37.0251 0x1274  [ 2F518D13DD6F3053837FE606F1A2EA1F, 64109296CE95BD233525688A350D575CF97B9464659AA07CF78B307B6ADBC835 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
19:58:37.0259 0x1274  SiSRaid2 - ok
19:58:37.0264 0x1274  [ 1AC9A200A9C49C4508F04AAFFCA34A3F, 972BCB2A39169155F74111FAC74ACCD8F50E34EADCF087833B0980827627BBF4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
19:58:37.0272 0x1274  SiSRaid4 - ok
19:58:37.0280 0x1274  [ 6749AD471D1D44CBD1F30257C861F77B, D5A554F35E380948F13BFE0673B49F8FD8AE5A438BF3645857522E2560A58685 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
19:58:37.0294 0x1274  SkypeUpdate - ok
19:58:37.0297 0x1274  [ 3C84DCCE5B322F745A75CA8BA3A0F6B3, 1FB94A8A1C63D6FDB82E28ED5B696B3CB1F64183A89A3B5153B266C292CB7815 ] smphost         C:\Windows\System32\smphost.dll
19:58:37.0308 0x1274  smphost - ok
19:58:37.0313 0x1274  [ D0EB0DF8C603BBA084351A92732B1CBE, E24ED8F78EF41C1BC17386AE4BBCE0DC892C5B89B12C03FC9FB61D359B13F1B4 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
19:58:37.0324 0x1274  SNMPTRAP - ok
19:58:37.0338 0x1274  [ B312191DCBECE3C07DF9A99DE433B126, D9D9028331C703CE9B9EC75772D29BB04FE43B3A7895F8CBB3AC701CA0548F8D ] spaceport       C:\Windows\system32\drivers\spaceport.sys
19:58:37.0357 0x1274  spaceport - ok
19:58:37.0361 0x1274  [ F337BE11071818FC3F5DC2940B6BDE34, D5CFF00E5DF37045F71AEE101AC9B270EBB29F372F404757B58600E9966C7E4D ] SpbCx           C:\Windows\system32\drivers\SpbCx.sys
19:58:37.0370 0x1274  SpbCx - ok
19:58:37.0387 0x1274  [ 2E3976C857D7230EC8D2B2276E688255, C0A6A84369CB3E709A6FFEBED2B38AB62D731B79D052D6D6FA8EF855BC428778 ] Spooler         C:\Windows\System32\spoolsv.exe
19:58:37.0413 0x1274  Spooler - ok
19:58:37.0526 0x1274  [ F264662C057A54AA2DE41B3C7551712F, 2C123C6ACD967CDF1AD2855187CF3D8357B16A4FD9C2F18AE54CFA384165FA11 ] sppsvc          C:\Windows\system32\sppsvc.exe
19:58:37.0703 0x1274  sppsvc - ok
19:58:37.0720 0x1274  [ 36B082C7A764A34FB1DC72D975870B61, 572CB632D9FDC1183F7BF8BFCBC51765C647945E0C13D1C91ADE3D0E76DF83BC ] srv             C:\Windows\system32\DRIVERS\srv.sys
19:58:37.0738 0x1274  srv - ok
19:58:37.0752 0x1274  [ F5849909D4B29B4E3D4445F943E5C7E3, 3FCA1423753716FE1AFDD27EE1E13C4D779A3C976185B5C998EF1A9A39BFC186 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
19:58:37.0775 0x1274  srv2 - ok
19:58:37.0783 0x1274  [ FABC49666708EA562549E78E6FBF3191, BE1FEBFC259308B39C727915C41A67CD50720A6E2A68D148F4F2F926AED43B02 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
19:58:37.0797 0x1274  srvnet - ok
19:58:37.0804 0x1274  [ CF6C3037839CF78421A94F9060C2886F, CA98C180AE03F5BE8FEFFBA75BD98DEE2AD4FA975E1EF83215C9CD2476946811 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
19:58:37.0819 0x1274  SSDPSRV - ok
19:58:37.0825 0x1274  [ 198A737DBA666F4808D62E9A8277A6B7, 90B6E5E2ACE95D850C913A3A1DA1F966C44955C530004C228FA93B2A536F5C27 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
19:58:37.0839 0x1274  SstpSvc - ok
19:58:37.0866 0x1274  [ 04F9B53224689BB3638CC2D3DA721E5C, D073C8D5CEFD59CC3D4834A6B92EA8FE113A73C400C27BB6B3D215522FAE17C3 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
19:58:37.0900 0x1274  Steam Client Service - ok
19:58:37.0904 0x1274  [ 366DEA74BBA65B362BCCFC6FC2ADFD8B, 4D28122AB9D8DAB724021E6513B4474BD34FCEDF47769B1D27AC7551FCA002F8 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
19:58:37.0913 0x1274  stexstor - ok
19:58:37.0927 0x1274  [ 63E9CE568CF1192771A5F0460DE7D2B9, C27B21FD2C14AD41A59EF62EB8AC95C08EB13CCB1CEECD8378B8CDD4DC352E69 ] stisvc          C:\Windows\System32\wiaservc.dll
19:58:37.0951 0x1274  stisvc - ok
19:58:37.0956 0x1274  [ 0ED2E318ABB68C1A35A8B8038BDB4C90, 5C3ABC245F4BCFE64E646D9C0E2F5E211244956C84D03084C71FF6A7E0CDED30 ] storahci        C:\Windows\system32\drivers\storahci.sys
19:58:37.0966 0x1274  storahci - ok
19:58:37.0969 0x1274  [ 8B9486B64E5FC17FB9CC04CA10B77A34, C1EAC9D27DC83E4C56B890D97988C3CCFAE3877309610601F2E3FFFE97686D43 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
19:58:37.0978 0x1274  storflt - ok
19:58:37.0982 0x1274  [ 0EDD1F4D470C775740625B06A60C9DD5, 94964D0A793B1C984E87095249EE383A5E669D05BA6BF9F655587887E6CE3C19 ] stornvme        C:\Windows\system32\drivers\stornvme.sys
19:58:37.0990 0x1274  stornvme - ok
19:58:37.0993 0x1274  [ A45F5AC9D8069D0EC66E3CA73103073B, 996788F1C58E016E8E5CF3FD1D220A3C40AFFD6C21361A34636415DB12E0D381 ] StorSvc         C:\Windows\system32\storsvc.dll
19:58:38.0004 0x1274  StorSvc - ok
19:58:38.0007 0x1274  [ 548759755BC73DAD663250239D7E0B9F, D31A05A8CE800B539420B6E545F1F4BF6E4B02EAF8366DE89CAF13A83C6CA48D ] storvsc         C:\Windows\system32\drivers\storvsc.sys
19:58:38.0016 0x1274  storvsc - ok
19:58:38.0019 0x1274  [ E395BE02F80A79A6CF973BA38DBB8135, 4C6F85B0EB8E7725BA720F9742561D229726C0D7C17505D1E79F19A5626F6325 ] svsvc           C:\Windows\system32\svsvc.dll
19:58:38.0029 0x1274  svsvc - ok
19:58:38.0032 0x1274  [ 65454187E0F8B6C0DCECB0287D06EC43, 87550000CF5B3C1DF3E69633934AFE8554AE40B6638F190D3185AD63F1D7A2EE ] swenum          C:\Windows\System32\drivers\swenum.sys
19:58:38.0039 0x1274  swenum - ok
19:58:38.0054 0x1274  [ 1C71D72D4997A284128FBEE770726330, 21682BDE74A1108FED1124FB1EA35A03CBFA94ABE1B89CC0FADB4DD82596C43E ] swprv           C:\Windows\System32\swprv.dll
19:58:38.0078 0x1274  swprv - ok
19:58:38.0103 0x1274  [ 7E85DB0463AD2403AE84AD162B162279, 996C42ECAFC6E24C623068AFAFCC0A2612526333AF9315F7536C6D40C2570632 ] SysMain         C:\Windows\system32\sysmain.dll
19:58:38.0138 0x1274  SysMain - ok
19:58:38.0147 0x1274  [ D73DBBB96CEE90C2856164AAD8543425, D11ADB5D4C5DD355314CA656D375D0062CAE7462E866F94F1B26D5803F65DCB2 ] SystemEventsBroker C:\Windows\System32\SystemEventsBrokerServer.dll
19:58:38.0162 0x1274  SystemEventsBroker - ok
19:58:38.0168 0x1274  [ D6A71B95ACF71ACA63B67232059F1BCD, C5CEC032E7AB507500D1CC7A4E65DA6322412C798201A9D770CBDE892E50DFC8 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:58:38.0181 0x1274  TabletInputService - ok
19:58:38.0185 0x1274  [ BD2F92D26B4B6F8D43B9AD997B1A7E4F, C1553BB9908761EA946611D867466EA4E47ECDA3D09587C8026C88B7E8CCC779 ] tap0901         C:\Windows\system32\DRIVERS\tap0901.sys
19:58:38.0192 0x1274  tap0901 - ok
19:58:38.0201 0x1274  [ 5A5BAB1CA9621E73E25EE4744B67CDA6, 479EBD7BAE1E2AD431153FDC016742F7A8D824716EAB1A4CA87EBBD21D61DECD ] TapiSrv         C:\Windows\System32\tapisrv.dll
19:58:38.0217 0x1274  TapiSrv - ok
19:58:38.0262 0x1274  [ 1C8560E3A37A9D4F25B7769C3E3D4163, 3246F3CD6C9EA2BD874822D594A0FAC68A9DE0612C0893B50B8A3D5F1E9B0B33 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
19:58:38.0326 0x1274  Tcpip - ok
19:58:38.0374 0x1274  [ 1C8560E3A37A9D4F25B7769C3E3D4163, 3246F3CD6C9EA2BD874822D594A0FAC68A9DE0612C0893B50B8A3D5F1E9B0B33 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
19:58:38.0433 0x1274  TCPIP6 - ok
19:58:38.0440 0x1274  [ 41CF802064F72E55F50CA0A221FD36D4, 70ABCDF9E96611E8C83042C581575E26649FE479475E8E118CD3FF6CB1C84C3F ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
19:58:38.0450 0x1274  tcpipreg - ok
19:58:38.0456 0x1274  [ E0BD2D83875464FEEEB242CBA8B7E073, A3067165128F36035FA9F3CBA55CFED736E180C495497FA7332B3D97908C3D90 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
19:58:38.0466 0x1274  tdx - ok
19:58:38.0470 0x1274  [ 232D185D2337F141311D0CF1983E1431, 02EB56D3F26174AF1741C1A444CE30DE84D5BAF583C1A52C7A953BCC52445547 ] terminpt        C:\Windows\System32\drivers\terminpt.sys
19:58:38.0478 0x1274  terminpt - ok
19:58:38.0500 0x1274  [ C50997E282576DA492EBA66B059D4196, EBD793CB396F9503376207FA60353F5672DEDB620C8E01C8D6AE0030B3B03339 ] TermService     C:\Windows\System32\termsrv.dll
19:58:38.0532 0x1274  TermService - ok
19:58:38.0537 0x1274  [ 2180DBCE75B914E5E5BBFFFAAE97AA21, 8000AECC8855903DB50ABA7E304396D1FCEAE8DC9ADD4FC50275CF24B4D914DE ] Themes          C:\Windows\system32\themeservice.dll
19:58:38.0547 0x1274  Themes - ok
19:58:38.0551 0x1274  [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] THREADORDER     C:\Windows\system32\mmcss.dll
19:58:38.0560 0x1274  THREADORDER - ok
19:58:38.0568 0x1274  [ B5ED9CC61798C7D44BD535D40B89EFB5, 1BDCEAA9AF2096381870D92129C748F4EE06A1167ABA9367B9DD43BAF27E3F5B ] TimeBroker      C:\Windows\System32\TimeBrokerServer.dll
19:58:38.0583 0x1274  TimeBroker - ok
19:58:38.0590 0x1274  [ 80A2FC1A089A71F2DBE5D8394FFB009F, DEA30E751F6EA42E43E16869713FC7E37832B15DAFA0062B1798DFA476981385 ] TPM             C:\Windows\system32\drivers\tpm.sys
19:58:38.0601 0x1274  TPM - ok
19:58:38.0606 0x1274  [ 884113C2BB703FE806C8608B75F34831, 24DE5750CA4363455412BABB0B1FAB08497153E8F158ED44958F100410F93506 ] TrkWks          C:\Windows\System32\trkwks.dll
19:58:38.0618 0x1274  TrkWks - ok
19:58:38.0623 0x1274  [ 44A94FB4C76528D2382FFE04B05827C3, B0BCDF7CD1D65E61A9061D539D83527A89B69583958F8A26C6BF9766C1B61E0C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:58:38.0634 0x1274  TrustedInstaller - ok
19:58:38.0639 0x1274  [ BF8F54CA37E9C9D6582C31C5761F8C93, 337C566792F6FB9B7FD5D1D4384B767CFE4CF5DBB2E4688CCC36CBB018A0DD0F ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
19:58:38.0650 0x1274  TsUsbFlt - ok
19:58:38.0653 0x1274  [ 20185BEB7512EDE4EFECDFA148AC9F99, 6F539478493C0F87F3DDF67A4A6D4D41E9474EEF21434E856350CE149A34EA9F ] TsUsbGD         C:\Windows\System32\drivers\TsUsbGD.sys
19:58:38.0663 0x1274  TsUsbGD - ok
19:58:38.0669 0x1274  [ E85916632CD3B9E9B546968DB950BF42, DECE3852C763CC6293C7D1B772296C43A0AE1E47BBCC4979C96B3B2AD70413F3 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
19:58:38.0681 0x1274  tunnel - ok
19:58:38.0685 0x1274  [ F6EEAD052943B5A3104C1405BB856C54, FE422813E6C1012E9F392EFF2AE4C6D3A4DBD9CB2BD5E6A5CAB57D4E89A29468 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
19:58:38.0693 0x1274  uagp35 - ok
19:58:38.0698 0x1274  [ FE6067B1FD4E63650C667B33D080565B, 2C330ED00E49BA55E25564230E0DFB8A35F2B5320EB18D4AF7CAACFA9A449044 ] UASPStor        C:\Windows\System32\drivers\uaspstor.sys
19:58:38.0708 0x1274  UASPStor - ok
19:58:38.0716 0x1274  [ 807F8CF3E973305FC435C61CBBEE2A49, 43CDEAC2BFC5091C11DFC0E7F7171AF9A598AE56CB056C3CF382AE7807F79EF0 ] UCX01000        C:\Windows\System32\drivers\ucx01000.sys
19:58:38.0734 0x1274  UCX01000 - ok
19:58:38.0745 0x1274  [ C61EAF8E1E4B2F62BA4FDF457440B2C6, 961F76A789925234AC27F56AAE34556FA06088D71580B42C24B0BC209EAFD67E ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
19:58:38.0760 0x1274  udfs - ok
19:58:38.0764 0x1274  [ 9578691F297E1B1F519970FE6D47CB21, 080C352AAF22A16A4F3C4AB4DCEA5BFA656457C73F735CEBA30516FDACCF6301 ] UEFI            C:\Windows\System32\drivers\UEFI.sys
19:58:38.0772 0x1274  UEFI - ok
19:58:38.0778 0x1274  [ A867F0F978EE64C87FADC3B100869EE4, 2686BE85F963D0D0BB275E92E5B543280D8742CF10772303E3189D0719B6A277 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
19:58:38.0789 0x1274  UI0Detect - ok
19:58:38.0792 0x1274  [ 5EAB5117DDB24FC4D39E6FFFCF1837B9, 2BC709240867F161E94BE6625A04F478EAAA3EEE7BC7C37ED0DFA9EEA5928E98 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
19:58:38.0801 0x1274  uliagpkx - ok
19:58:38.0805 0x1274  [ DA34C39A18E60E7C3FA0630566408034, 2F162504214053894C72760D9933D01DBF3578609FE5E2376C3272818599FE32 ] umbus           C:\Windows\System32\drivers\umbus.sys
19:58:38.0815 0x1274  umbus - ok
19:58:38.0818 0x1274  [ AE8294875E5446E359B1E8035D40C05E, AE0357BAB47C07C3576BC76951CD258C009BC5A1B93259D2122A841BD9CDA8FA ] UmPass          C:\Windows\System32\drivers\umpass.sys
19:58:38.0826 0x1274  UmPass - ok
19:58:38.0835 0x1274  [ A023F267A262D5DA6CE1436D9C5E8FD9, 92AD7AF91184C244A7E392F49663143193A80D5D81114546A00F18227DE31D23 ] UmRdpService    C:\Windows\System32\umrdp.dll
19:58:38.0851 0x1274  UmRdpService - ok
19:58:38.0862 0x1274  [ C98493DD8E6A50154FAC75C15E1C36BB, CECD1C826C8F7AF05468871BF6A0ACDBB6B0202F4F87F48C6D367E5BD699E800 ] upnphost        C:\Windows\System32\upnphost.dll
19:58:38.0880 0x1274  upnphost - ok
19:58:38.0887 0x1274  [ FF78D053A05E5A394F4E3C1816CC65A8, 5DAE02414271231F5FDBB751AFEB99874779B467947020815D4AE54432D4269D ] usbccgp         C:\Windows\System32\drivers\usbccgp.sys
19:58:38.0899 0x1274  usbccgp - ok
19:58:38.0905 0x1274  [ 0139248F6B95CF0D837B5B46A2722D40, 38E3E704E0364F07732DB418AEBD126B040FB3CDB7D78EA36E8605D50D528A80 ] usbcir          C:\Windows\System32\drivers\usbcir.sys
19:58:38.0916 0x1274  usbcir - ok
19:58:38.0922 0x1274  [ C996CBEF922B5653A01E3F50DDCE2F86, 231EB5A36E7EE242197E796D3B4AB12F945D2C8570587BC8D57D45530A0C59B4 ] usbehci         C:\Windows\System32\drivers\usbehci.sys
19:58:38.0933 0x1274  usbehci - ok
19:58:38.0943 0x1274  [ CD81683F4553677B9BF5163A922153EB, 6B304B0D68B9BFF0245EC755CDAAF9DF59DF3A081727E32CB66672929F0DBC50 ] usbhub          C:\Windows\System32\drivers\usbhub.sys
19:58:38.0962 0x1274  usbhub - ok
19:58:38.0976 0x1274  [ 5C90D5379B53590FBB24BBAD4FA682EE, DC036340510C1C0999AB1CB845F8E6EB8B7696BAC9BBE6E936454C0000D1E9D4 ] USBHUB3         C:\Windows\System32\drivers\UsbHub3.sys
19:58:38.0996 0x1274  USBHUB3 - ok
19:58:39.0000 0x1274  [ A0F0484C97D6441ED6A75D7426ECCC9E, FF928ADE1C5464E581BF929F7383D5762D110EA6C7E31A6F0887EA7357ADBEFE ] usbohci         C:\Windows\System32\drivers\usbohci.sys
19:58:39.0011 0x1274  usbohci - ok
19:58:39.0015 0x1274  [ 4D655E3B684BE9B0F7FFD8A2935C348C, 3A7FC1748C5AEA8CFE0E7C22ADC77E3DCA475455FC16D9C6A5C16EB5E949A516 ] usbprint        C:\Windows\System32\drivers\usbprint.sys
19:58:39.0026 0x1274  usbprint - ok
19:58:39.0029 0x1274  [ 0F030491BA4A27BD46F8B8ACEEE83F1A, 7063855611BEF94D4D229BA1BE507ECBDD89F5861641A407EB3E2919A352F9D4 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
19:58:39.0039 0x1274  usbscan - ok
19:58:39.0046 0x1274  [ 9D168BFA334D47BE404367EB58D4E130, 23279CBE6ACBD074E7B268BA2EDA14E2255C41F8117173B2BBE653D8259ECFA2 ] USBSTOR         C:\Windows\System32\drivers\USBSTOR.SYS
19:58:39.0057 0x1274  USBSTOR - ok
19:58:39.0061 0x1274  [ FC974B03C8B87455F44F734C8F31A3C8, D69F6EE8030F7DF96FF151D9EAA6AE65417ACAC5A267C7DB96E9611D5BC42D2C ] usbuhci         C:\Windows\System32\drivers\usbuhci.sys
19:58:39.0070 0x1274  usbuhci - ok
19:58:39.0078 0x1274  [ 5C8F604F6DC74177CDD8372D7B1ADFF0, C1DE9A37A7A01CCCBFCE13C1E5B26683F620AB21EDA5A14C82022E2F49C84484 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
19:58:39.0091 0x1274  usbvideo - ok
19:58:39.0102 0x1274  [ 44603DA5A87FB491EF59C889EBBB4DDB, 59AA9B6B0B5D66F9312CD3F999D0D9F12F1A2C5D230365AD7287CD71FD86961C ] USBXHCI         C:\Windows\System32\drivers\USBXHCI.SYS
19:58:39.0118 0x1274  USBXHCI - ok
19:58:39.0123 0x1274  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] VaultSvc        C:\Windows\system32\lsass.exe
19:58:39.0131 0x1274  VaultSvc - ok
19:58:39.0136 0x1274  [ 0E3C4F20B2CE21168F3242D9CAC6CBF2, 1BD5E1A2000EBC1C335A8960ACDCD08BDC8230F533A80D086D2EE6FE4990EA02 ] VBoxUSBMon      C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
19:58:39.0147 0x1274  VBoxUSBMon - ok
19:58:39.0151 0x1274  [ FEB26E3B8345A7E8D62F945C4AE86562, 3AAFE87C402FC8E92542DFE60EC9540559863065F88D429A16D7B1BF829223FF ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
19:58:39.0158 0x1274  vdrvroot - ok
19:58:39.0183 0x1274  [ 8A4D808D1EC7C1C47B2C8BF488A9A07A, 63C07312ADB6F8A8BDE93361C30AC63DAB4DE1141AF54630EEF11E54B0BF983D ] vds             C:\Windows\System32\vds.exe
19:58:39.0219 0x1274  vds - ok
19:58:39.0226 0x1274  [ A026EDEAA5EECAE0B08E2748B616D4BD, 2525A54DC7F49DDFBB999C22BF3FAB6D9E9F70C0806E58D81E90AC59F9F46089 ] VerifierExt     C:\Windows\system32\drivers\VerifierExt.sys
19:58:39.0237 0x1274  VerifierExt - ok
19:58:39.0253 0x1274  [ 5DB4AFA10A488EC4DDB3DA09B0425BE5, 480AFB6A6BCC95E86C5087C3D9DCD6058D48659A5A63F524A0B9ED3A8FEF6B9B ] vhdmp           C:\Windows\System32\drivers\vhdmp.sys
19:58:39.0281 0x1274  vhdmp - ok
19:58:39.0284 0x1274  [ 06D38968028E9AB19DE9B618C7B6D199, 62022297A47F440D1C82CA0B0E57C0C8E9D5033D83DD3B40492B218DF65EBF68 ] viaide          C:\Windows\system32\drivers\viaide.sys
19:58:39.0292 0x1274  viaide - ok
19:58:39.0296 0x1274  [ 511AD3FF957A0127E6BD336FF6F89C38, 55325BFD0857A1204F7F6F8ED8C91C07B0E20A50402105708E7365ECD9E25A21 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
19:58:39.0305 0x1274  vmbus - ok
19:58:39.0309 0x1274  [ DA40BEA0A863CE768C940CA9723BF81F, 567C0C3F422325635808B0CF76E05D3B6187F96845C33F85F92F98C9FE53A5B8 ] VMBusHID        C:\Windows\System32\drivers\VMBusHID.sys
19:58:39.0317 0x1274  VMBusHID - ok
19:58:39.0330 0x1274  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicguestinterface C:\Windows\System32\ICSvc.dll
19:58:39.0350 0x1274  vmicguestinterface - ok
19:58:39.0361 0x1274  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicheartbeat   C:\Windows\System32\ICSvc.dll
19:58:39.0379 0x1274  vmicheartbeat - ok
19:58:39.0390 0x1274  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmickvpexchange C:\Windows\System32\ICSvc.dll
19:58:39.0408 0x1274  vmickvpexchange - ok
19:58:39.0419 0x1274  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicrdv         C:\Windows\System32\ICSvc.dll
19:58:39.0437 0x1274  vmicrdv - ok
19:58:39.0449 0x1274  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicshutdown    C:\Windows\System32\ICSvc.dll
19:58:39.0466 0x1274  vmicshutdown - ok
19:58:39.0478 0x1274  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmictimesync    C:\Windows\System32\ICSvc.dll
19:58:39.0495 0x1274  vmictimesync - ok
19:58:39.0507 0x1274  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicvss         C:\Windows\System32\ICSvc.dll
19:58:39.0526 0x1274  vmicvss - ok
19:58:39.0531 0x1274  [ 436E1A724E7E683F6B612D3D58F04241, 939B5EF0090DF3759295F88402FD0EA33F499DDA9F89E5D0E90D1F9AED65D491 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
19:58:39.0540 0x1274  volmgr - ok
19:58:39.0550 0x1274  [ CCB9E901F7254BF96D28EB1B0E5329B7, F0E3CA4EFA544CDAEF4092284CF3EC7DF07F806A770285E281816457AD8813F5 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
19:58:39.0565 0x1274  volmgrx - ok
19:58:39.0576 0x1274  [ 17F7B0F2298D97F4B6C7A69511033D3D, 5BDFC225F31553786726808FB7952940FC05CA72B3977D684056F42AFAA59565 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
19:58:39.0591 0x1274  volsnap - ok
19:58:39.0595 0x1274  [ DAC438FB5FF85A9E72806E2341D5D732, B1D1EFCA8C588A6BF53CEC941CC59702C366F15C7D5943431736EC857E57C0A2 ] vpci            C:\Windows\System32\drivers\vpci.sys
19:58:39.0604 0x1274  vpci - ok
19:58:39.0610 0x1274  [ 4539F45F9F4C9757A86A56C949421E07, DEC362314B2C66414F39354AFE79C02B18BF4EEF90787FB58307F6EB62237E2C ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
19:58:39.0621 0x1274  vsmraid - ok
19:58:39.0649 0x1274  [ D0CBA7B3531CCF2ADB985856D5F92434, 7FCBBCAF1AA85DCE8D75FB38DC4848AE12E8DD913CEBBC37BCD3D0123F0A3CAB ] VSS             C:\Windows\system32\vssvc.exe
19:58:39.0686 0x1274  VSS - ok
19:58:39.0696 0x1274  [ 0849B7260F26FE05EA56DED0672E2F4B, 7EAC0E7988F45CB4133A15932955B7B03CE715C967A3BAC9999D81543EBCAEC5 ] VSTXRAID        C:\Windows\system32\drivers\vstxraid.sys
19:58:39.0710 0x1274  VSTXRAID - ok
19:58:39.0714 0x1274  [ 71066FF95C487327E44C8AF1B72EBE8B, EA2729126B452CAE0C80D07501779D804B08E47F1217B61D53277B40869FEC25 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
19:58:39.0724 0x1274  vwifibus - ok
19:58:39.0728 0x1274  [ 29AB43937FFDA0B0FB56984226E698C6, 6A1A559964FE5D594E54988C46149969E6FFD5A8D5A6862E14648B608794CC29 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
19:58:39.0738 0x1274  vwififlt - ok
19:58:39.0741 0x1274  [ 8B8624A93E3F88CB923AEB05B6313227, 2856B63CD376BF2B1A9129581E7B9207588D4EAFD29A2C8D98F176FEAFDE26A9 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
19:58:39.0749 0x1274  vwifimp - ok
19:58:39.0760 0x1274  [ DC821E811EFBB65CDD77FBB8B6ECA385, B7C8AACDF81DBA298F2F384983D36B269876C31F0398D89BF9070217A069B96F ] W32Time         C:\Windows\system32\w32time.dll
19:58:39.0778 0x1274  W32Time - ok
19:58:39.0782 0x1274  [ 0910AB9ED404C1434E2D0376C2AD5D8B, 62585CA5F1375BDA440D28D5DF1ADDC9DE3DDFA196D49BBFF3456A5A09EE1C6B ] WacomPen        C:\Windows\System32\drivers\wacompen.sys
19:58:39.0792 0x1274  WacomPen - ok
19:58:39.0821 0x1274  [ 841345442390953CBC8801B95D3D0540, FD4F9FD2C4C60A1A580177FFF2E9035009AC6A38E78D4236B0ED4773E3B263EE ] wbengine        C:\Windows\system32\wbengine.exe
19:58:39.0862 0x1274  wbengine - ok
19:58:39.0874 0x1274  [ 0F1DFA2FED73FA78B8C3CDE332A870F6, 1089F6F585F5350D349A640EBD3117832DF6B3657EB6667CB00AE217E04ACA17 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
19:58:39.0893 0x1274  WbioSrvc - ok
19:58:39.0903 0x1274  [ 0EAEC313B24837613621B4A2536ED382, 61C194ED7FA7D65BBE61A546D5FCA52F52AB08324E084D3EC23C9706E9BF0175 ] Wcmsvc          C:\Windows\System32\wcmsvc.dll
19:58:39.0921 0x1274  Wcmsvc - ok
19:58:39.0932 0x1274  [ F6B4C2280FF7C7156AC8A4687B9DA35E, 1899D584D7469BB49355D84080051E2575B033E6312009D9C6C1DD3F7F9AA4C5 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
19:58:39.0950 0x1274  wcncsvc - ok
19:58:39.0954 0x1274  [ B7BF1D783F5B2484E8CE1C0C78257F16, 468601199FCCF63DBAE86EE6B8825EA85B2A1EE177413353FFA2CC9CA5249FCD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:58:39.0965 0x1274  WcsPlugInService - ok
19:58:39.0968 0x1274  [ 81285DDC994F03379DB46419300B2DCB, 98D3622E11F375718AEA1DE3B5F0104DDAB4F96B6D4C19788C14F7B338A6F235 ] WdBoot          C:\Windows\system32\drivers\WdBoot.sys
19:58:39.0976 0x1274  WdBoot - ok
19:58:39.0993 0x1274  [ CB6C63FF8342B467E2EF76E98D5B934D, BE017CE91E3BAB293DE6ECF143797CCE3F33CC63024437472B4E38C6961AD884 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
19:58:40.0016 0x1274  Wdf01000 - ok
19:58:40.0025 0x1274  [ 26B8FED3F3B85F5F0C4BD03FD00B9941, 7F94FE7954498223B33C025258DB588A3AC9FF25C58EEAD204514FD20652FE40 ] WdFilter        C:\Windows\system32\drivers\WdFilter.sys
19:58:40.0039 0x1274  WdFilter - ok
19:58:40.0043 0x1274  [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiServiceHost  C:\Windows\system32\wdi.dll
19:58:40.0056 0x1274  WdiServiceHost - ok
19:58:40.0059 0x1274  [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiSystemHost   C:\Windows\system32\wdi.dll
19:58:40.0071 0x1274  WdiSystemHost - ok
19:58:40.0076 0x1274  [ CE67080F00E0AF32755096CEA6430ABA, 0E5D626F9F76C0BC63B2D246AD66D9CBF7D92F34B56398417BCFD0C331DBD282 ] WdNisDrv        C:\Windows\system32\Drivers\WdNisDrv.sys
19:58:40.0085 0x1274  WdNisDrv - ok
19:58:40.0088 0x1274  WdNisSvc - ok
19:58:40.0095 0x1274  [ A70CAF5EA36CBA5FCA24244306D4D5C6, 76C3E20B62B89D9699A1E817377FAD70B144B877BCC5C850A5B64CC68184D8DA ] WebClient       C:\Windows\System32\webclnt.dll
19:58:40.0110 0x1274  WebClient - ok
19:58:40.0118 0x1274  [ 384E1D04FE20845B2559D292F17A9FA1, AD3B0B2B2219691AC30FEEC8AFDB3BBB74B51BB7D02038AE2B4DEA514E245315 ] Wecsvc          C:\Windows\system32\wecsvc.dll
19:58:40.0132 0x1274  Wecsvc - ok
19:58:40.0136 0x1274  [ 455014F4E48B67EBE0F032E2B0E06BF2, A36435784A034B27056A0E606683A20C69F1B0AB2B6BAEDEAEAA190F6287CAEF ] WEPHOSTSVC      C:\Windows\system32\wephostsvc.dll
19:58:40.0145 0x1274  WEPHOSTSVC - ok
19:58:40.0149 0x1274  [ F13DBA57CEA9B7074B95EDCA6AD2635E, 1D9BA4841EF1343A5D9096B5FE27FC65DC1901D6683DD13516171638549666B5 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
19:58:40.0164 0x1274  wercplsupport - ok
19:58:40.0169 0x1274  [ FD7E58B6AA3EABF2D12B9762A20E11E4, 4C5E2E246C5C70074866BB3DBC2AAF483ECE4345004CCB8D1FE285047268685D ] WerSvc          C:\Windows\System32\WerSvc.dll
19:58:40.0182 0x1274  WerSvc - ok
19:58:40.0187 0x1274  [ 715ABA3DD164D06457A2A3C92F6EA9D5, E6F8269D2FFC4A548B65724C0A3F53756ED15E47229861FBD40B656EE40FE166 ] WFPLWFS         C:\Windows\system32\DRIVERS\wfplwfs.sys
19:58:40.0197 0x1274  WFPLWFS - ok
19:58:40.0203 0x1274  [ 42C5DC0D7236CF8C0ADE3BEE2CA1443C, 051EED3F9A9C424D52ED106173A91AFD04A0D9355F96E5B0D8D3C09C4DA16ECF ] wgsslvpnsrc     C:\Program Files (x86)\WatchGuard\WatchGuard Mobile VPN with SSL\wgsslvpnsrc.exe
19:58:40.0208 0x1274  wgsslvpnsrc - detected UnsignedFile.Multi.Generic ( 1 )
19:58:40.0347 0x1274  Detect skipped due to KSN trusted
19:58:40.0347 0x1274  wgsslvpnsrc - ok
19:58:40.0352 0x1274  [ 8C840E1FD7584E74BD0CC1EA581EC187, 148E534A94B4882E7396B13FABE17407802292E7890713540080D03D5629C81D ] WiaRpc          C:\Windows\System32\wiarpc.dll
19:58:40.0363 0x1274  WiaRpc - ok
19:58:40.0366 0x1274  [ 5F66B7BB330AA80067FC66149A692620, 92C5D7115A168A23108B65EEEB5FBA8FA43D781855355792596D2419160263C2 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
19:58:40.0374 0x1274  WIMMount - ok
19:58:40.0376 0x1274  WinDefend - ok
19:58:40.0394 0x1274  [ 0E70990EC2E5D2331AA5E88DB0CFB826, 79DFF565C3FCBC691E8FEB669CEC00E340FD2A2AFA4488D23A7CC63A2A98A5C1 ] WinHttpAutoProxySvc C:\Windows\system32\winhttp.dll
19:58:40.0421 0x1274  WinHttpAutoProxySvc - ok
19:58:40.0431 0x1274  [ FC8BD690321216C32BB58B035B6D5674, D61698DB19D9DB2593B60B6BA13F7B7735667206F41D751D507135469D6D3CDD ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
19:58:40.0445 0x1274  Winmgmt - ok
19:58:40.0491 0x1274  [ 427873F889F2F508BE8BE982219CE578, CA8DCFB774BF0F747295A7A0CB46A6177DE12AD6BD58266182206C41A3C9001E ] WinRM           C:\Windows\system32\WsmSvc.dll
19:58:40.0555 0x1274  WinRM - ok
19:58:40.0566 0x1274  [ 3AF1FA17F1C4ACBDB660D8F98B1A9C13, 99B0851410B462685F6705EBF832D10943FB9634030B02D15BF5D0C66F26F2C2 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
19:58:40.0577 0x1274  WinUsb - ok
19:58:40.0606 0x1274  [ DC079BA8390089E4EBCA63D27EEA3ECB, 4D549217A68292E2B16C09FD9F84317011EE54A2DAF4E2AB85554267DF0D3249 ] WlanSvc         C:\Windows\System32\wlansvc.dll
19:58:40.0647 0x1274  WlanSvc - ok
19:58:40.0678 0x1274  [ 06BF5897949A8F24893F792E876B71F5, 9D3719492A86BF52A56E2EA798FD6FDB5862A03F6D360FCC4B0CEA9BE9792AE4 ] wlidsvc         C:\Windows\system32\wlidsvc.dll
19:58:40.0721 0x1274  wlidsvc - ok
19:58:40.0725 0x1274  [ 2834D9D3B4F554A39C72F00EA3F0E128, D10124343C67FE9A0B711AD569BB8080495FCEA0ECEF9AC3F3FBD6865F436A44 ] WmiAcpi         C:\Windows\System32\drivers\wmiacpi.sys
19:58:40.0734 0x1274  WmiAcpi - ok
19:58:40.0741 0x1274  [ B96F7A1236C3F21212DE2C40A3DDB005, 5A29EBB6DA036E303611EB1304192655021405BB05452FD37886DDE604FF0D9D ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
19:58:40.0754 0x1274  wmiApSrv - ok
19:58:40.0756 0x1274  WMPNetworkSvc - ok
19:58:40.0763 0x1274  [ 7FC5667DF73D4B04AA457CC3A4180E09, CB7B014945DCA16B6D120DBE0E5876C4C867A4ACD3C3536AEADC14B908613D4E ] Wof             C:\Windows\system32\drivers\Wof.sys
19:58:40.0773 0x1274  Wof - ok
19:58:40.0805 0x1274  [ EDFA5CEDBE174FAAA4A09A6B297AEA42, 5998FE15462E4AD9C7B1444E5E2C17BD470DA3A5D474A0A118E02E47DADC678A ] workfolderssvc  C:\Windows\system32\workfolderssvc.dll
19:58:40.0847 0x1274  workfolderssvc - ok
19:58:40.0852 0x1274  [ A2468CC3509394A33C4C32F99563D845, 62690C7D41F382DF74B8F4B942647842858E37DE35FF2DE028192E4D09ABB2C5 ] wpcfltr         C:\Windows\system32\DRIVERS\wpcfltr.sys
19:58:40.0861 0x1274  wpcfltr - ok
19:58:40.0864 0x1274  [ 19F4DF69876DA7E9C4965351560FE6B7, 127247A7964F55EE3AF842D25120F5ACD387632BEE2BF3D28FAC05840CEA19BA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
19:58:40.0874 0x1274  WPCSvc - ok
19:58:40.0878 0x1274  [ DBDCE2378F65F0A07D4644AC103037E7, 99714F0CD31297C9831BAF04768F467F6E0BF710C859CEDCA83069226BF1A68A ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
19:58:40.0890 0x1274  WPDBusEnum - ok
19:58:40.0893 0x1274  [ 9F2904B55F6CECCD1A8D986B5CE2609A, E19ED4DD3CEF3A22C058FC324824604FB3FC98A029C94E6C2A3389F938D680B6 ] WpdUpFltr       C:\Windows\system32\drivers\WpdUpFltr.sys
19:58:40.0901 0x1274  WpdUpFltr - ok
19:58:40.0904 0x1274  [ AE072B0339D0A18E455DC21666CAD572, AB1DAEA25E2C7AD610818D4B4783F6D4190D85EBB3963BBAD410E8CEA7899EDB ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
19:58:40.0915 0x1274  ws2ifsl - ok
19:58:40.0921 0x1274  [ 501D5EFAB9711039479AE48401386D2B, C8C1184DE93E9D2C4E8A60E4E9980745C4E5470E5DA9B59165D18705330ADEFE ] wscsvc          C:\Windows\System32\wscsvc.dll
19:58:40.0934 0x1274  wscsvc - ok
19:58:40.0936 0x1274  WSearch - ok
19:58:40.0997 0x1274  [ 6B2D71124C1EA86B74412F414C42431D, 078CC6C9667EF6BDA3E6900BC26A5A5B030CAA66928A6BBB7B7DC43C5C199EDC ] WSService       C:\Windows\System32\WSService.dll
19:58:41.0087 0x1274  WSService - ok
19:58:41.0154 0x1274  [ F3F60C88A6BBC8D0C68FE5B1C91181AF, AF9A4D282CD4BB1127BC3F48AB89DC294408D96F7906553C636F37D1503CFA48 ] wuauserv        C:\Windows\system32\wuaueng.dll
19:58:41.0235 0x1274  wuauserv - ok
19:58:41.0243 0x1274  [ 481286719402E4BAEFEA0604AB1B5113, F3CF65DF2AB39F79AE4C1335831408418E40726706E0242677E8B96B0FAD988F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
19:58:41.0255 0x1274  WudfPf - ok
19:58:41.0261 0x1274  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFRd          C:\Windows\System32\drivers\WUDFRd.sys
19:58:41.0274 0x1274  WUDFRd - ok
19:58:41.0279 0x1274  [ 51D28F7F1F888DDCF2C67DCF3B79A5D3, 74FF2936AFCEB9A36175D5B00EB91A5AD614B52BE3FB3FA9B994A025A484D2B7 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
19:58:41.0290 0x1274  wudfsvc - ok
19:58:41.0297 0x1274  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdFs       C:\Windows\system32\DRIVERS\WUDFRd.sys
19:58:41.0309 0x1274  WUDFWpdFs - ok
19:58:41.0315 0x1274  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdMtp      C:\Windows\system32\DRIVERS\WUDFRd.sys
19:58:41.0328 0x1274  WUDFWpdMtp - ok
19:58:41.0340 0x1274  [ A0900F8F628B5AF6841414EB3CF11E50, 8A531F2472FF4B4D895D469D28C215C834ECADBEF539894B8F3F606079A86184 ] WwanSvc         C:\Windows\System32\wwansvc.dll
19:58:41.0359 0x1274  WwanSvc - ok
19:58:41.0368 0x1274  [ D3D9CB4BA15C1854294517AA8954E201, DFBB6E1A5FF01123FEAD6EFFA67F4A0203792AFDF82EAFFC2DA981A584896542 ] XQHDrv          C:\Windows\system32\DRIVERS\XQHDrv.sys
19:58:41.0380 0x1274  XQHDrv - ok
19:58:41.0388 0x1274  ================ Scan global ===============================
19:58:41.0392 0x1274  [ 3500AF0BA2EF095BF313EEB75D2366C6, C755E57B02BFA82151A182DF964349859575570EA5C3FBA81F747B8D2134A4D0 ] C:\Windows\system32\basesrv.dll
19:58:41.0399 0x1274  [ EAB311B0A7A8EA0346F14F08D4BC8F46, 11168E4074679F8A69DA714C0ABD0C68BA49D171B379343F14783C9C563202CA ] C:\Windows\system32\winsrv.dll
19:58:41.0407 0x1274  [ 3600ED7EA8AED849E20700551C0BD63B, 4A8C346C1646E80B58EF93F87F915A41E05CA2E993BB1C96955AE62A0669AF66 ] C:\Windows\system32\sxssrv.dll
19:58:41.0418 0x1274  [ E0C7813A97CA7947FF5C18A8F3B61A45, 083BB4F3B20419C87DB656F1465E5F782ACDE76838CDE6207F26AAD035C69DE0 ] C:\Windows\system32\services.exe
19:58:41.0427 0x1274  [ Global ] - ok
19:58:41.0427 0x1274  ================ Scan MBR ==================================
19:58:41.0429 0x1274  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
19:58:41.0448 0x1274  \Device\Harddisk0\DR0 - ok
19:58:41.0448 0x1274  ================ Scan VBR ==================================
19:58:41.0450 0x1274  [ 26CE77DACE65E535CC0AE2A4C5402A6C ] \Device\Harddisk0\DR0\Partition1
19:58:41.0451 0x1274  \Device\Harddisk0\DR0\Partition1 - ok
19:58:41.0453 0x1274  [ 47E73EEDA86B3720B4BB5D953CD5D057 ] \Device\Harddisk0\DR0\Partition2
19:58:41.0454 0x1274  \Device\Harddisk0\DR0\Partition2 - ok
19:58:41.0456 0x1274  [ F9F664790FCD645E827C062D5B28E579 ] \Device\Harddisk0\DR0\Partition3
19:58:41.0456 0x1274  \Device\Harddisk0\DR0\Partition3 - ok
19:58:41.0458 0x1274  [ 4BF2ADE632E9C670186C74E8465AE617 ] \Device\Harddisk0\DR0\Partition4
19:58:41.0459 0x1274  \Device\Harddisk0\DR0\Partition4 - ok
19:58:41.0461 0x1274  [ 4541964B2AF1F3A72485FC375A1B06AF ] \Device\Harddisk0\DR0\Partition5
19:58:41.0462 0x1274  \Device\Harddisk0\DR0\Partition5 - ok
19:58:41.0463 0x1274  ================ Scan generic autorun ======================
19:58:41.0468 0x1274  [ 889E56C58F5AC4242E395E3AD5F7780C, 35AA891112BE86C28C6AF8DF44BFEE342BAB7BDA877917C9B6466204091B9ADE ] C:\Program Files\Classic Shell\ClassicStartMenu.exe
19:58:41.0480 0x1274  Classic Start Menu - ok
19:58:41.0601 0x1274  [ 47CCAA466AD206FFE34C6C9CA3279BC7, 4B7A4779A4EDB8AFE4CF860316EF949EAD2AEE6D56258F2D12924404F9D67A3B ] c:\program files\emsisoft anti-malware\a2guard.exe
19:58:41.0757 0x1274  emsisoft anti-malware - ok
19:58:41.0780 0x1274  [ 73F1B07CF82235B25BCC3E9A7522ACCB, 47221B8DFF5A44050AFB0AB5A249FEECE36BE2E000D6529E099128EEDFA647DA ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe
19:58:41.0801 0x1274  StartCCC - ok
19:58:41.0848 0x1274  [ 1A774CBE54318A3411539BA10D47BEF5, 99CDBD90429FCAFA1C814E49EFF1160E8DC7D43B8F82E8AC33116BE7D42DBA9B ] C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
19:58:41.0905 0x1274  Malwarebytes Anti-Exploit - ok
19:58:41.0914 0x1274  [ 812EC7C5892262386C2B47E1083D456A, 06FC1D6D0F1D8C3C6E09E50C02FF75A50443F429BE3339909E416B29A255E8CC ] C:\Program Files (x86)\PDF24\pdf24.exe
19:58:41.0925 0x1274  PDFPrint - ok
19:58:41.0974 0x1274  [ 6F4E4E5B2C2B9922ED022CBA4266B375, 6B646D7ED0E14F21DC52FB6701837A8C1553AE4F4BD89682F21BB8B23161BB03 ] C:\Program Files (x86)\Steam\steam.exe
19:58:42.0033 0x1274  Steam - ok
19:58:42.0037 0x1274  Skype - ok
19:58:42.0039 0x1274  Waiting for KSN requests completion. In queue: 110
19:58:43.0057 0x1274  AV detected via SS2: Emsisoft Anti-Malware, C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2start.exe ( 11.10.0.6563 ), 0x41000 ( enabled : updated )
19:58:43.0058 0x1274  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.8.207.0 ), 0x60100 ( disabled : updated )
19:58:43.0067 0x1274  Win FW state via NFP2: enabled ( trusted )
19:58:43.0185 0x1274  ============================================================
19:58:43.0185 0x1274  Scan finished
19:58:43.0185 0x1274  ============================================================
19:58:43.0194 0x179c  Detected object count: 0
19:58:43.0194 0x179c  Actual detected object count: 0

deeprybka · 25.09.2016, 19:09

Zitat:

Zitat von Explo

Es waren 3 Bestellungen. Alle an meine Adresse, alle aus dem gleichen Shop. 2 Davon direkt wieder storniert. Die 3. wurde dann ausgeblendet (dank Kontoauszug "schnell" bemerkt). Ein 25€ "Bunte Nachtlicht Hubschrauber"

Schritt 1

Downloade Dir HitmanPro

auf Deinen Desktop:

HitmanPro-32 Bit Version
HitmanPro-64 Bit Version

Starte die HitmanPro.exe
Klicke auf
Entferne den Haken bei
Klicke auf
und
Akzeptiere die Lizenzbedingungen und klicke auf
Klicke auf

und auf
Wenn der Scan beendet wurde, nichts löschen lassen etc. sondern wähle unten links auf der Button-Leiste
und speichere die Logdatei auf Deinem Desktop.
Schließe HitmanPro und poste mir das Log.

Explo · 25.09.2016, 19:19

Eine der stornierten war auch der Hubschrauber.. das andere so'n 300€ Helm aus dem Shop.. - Vermutlich, damit ich es nicht so mitbekomme doch so'n kleiner Heli?

Log:

Code:

ATTFilter

HitmanPro 3.7.14.280
www.hitmanpro.com

   Computer name . . . . : EXPLOOLPXE
   Windows . . . . . . . : 6.3.0.9600.X64/8
   User name . . . . . . : ExploolpxE\Explo
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2016-09-25 20:17:15
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 1m 15s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 2

   Objects scanned . . . : 1.565.199
   Files scanned . . . . : 46.504
   Remnants scanned  . . : 401.410 files / 1.117.285 keys

Suspicious files ____________________________________________________________

   C:\Users\Explo\Desktop\FRST64(1).exe
      Size . . . . . . . : 2.402.816 bytes
      Age  . . . . . . . : 0.2 days (2016-09-25 16:35:29)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : EDE8A29D9DECB62C4DDC853B9584C74AAD20E3FFCA13CAAAF1908A0ABE623224
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.

   C:\Users\Explo\Downloads\FRST64.exe
      Size . . . . . . . : 2.396.160 bytes
      Age  . . . . . . . : 35.9 days (2016-08-20 23:32:13)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : BA59A1750AEA48A6B469BC524609F7D601D0F213106211C3098D26F07D203FC9
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 22.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.

deeprybka · 26.09.2016, 12:08

Hast mal ne Phishing-Mail bekommen und Deine Login-Daten eingegeben?
Man bekommt doch bei jeder Bestellung auch ne Email? Hast die erhalten? Kann amazon nicht die Login-Details erfassen?
Klassische Malware sehe ich keine...

Explo · 26.09.2016, 15:09

Das Problem war, dass meine Mailadresse geändert wurde. Dazu bekam ich auch eine Mail. Allerdings dachte ich anfangs, dass das Phishing sei, weil es absolut nicht nach Amazon aussah. Ich gehe von einem zu leichten Passwort aus. (Zugegebenermaßen war das recht einfach gewählt.

) .. Nur komisch, "warum ich" und warum dann nur sowas kleines für 25€

Nun ja.

Danke für den Check auf jedenfall! :-)

deeprybka · 26.09.2016, 20:45

Und dann auch noch an Dich selbst...

26.09.2016, 12:08	#6
deeprybka /// TB-Ausbilder /// Anleitungs-Guru	Fremder Amazonzugriff - Verstecktes auf dem PC ? Hast mal ne Phishing-Mail bekommen und Deine Login-Daten eingegeben? Man bekommt doch bei jeder Bestellung auch ne Email? Hast die erhalten? Kann amazon nicht die Login-Details erfassen? Klassische Malware sehe ich keine... __________________ --> Fremder Amazonzugriff - Verstecktes auf dem PC ?

26.09.2016, 20:45	#8
deeprybka /// TB-Ausbilder /// Anleitungs-Guru	Fremder Amazonzugriff - Verstecktes auf dem PC ? Und dann auch noch an Dich selbst... __________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Fremder Amazonzugriff - Verstecktes auf dem PC ?

Log-Analyse und Auswertung: Fremder Amazonzugriff - Verstecktes auf dem PC ?