Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Datenleck Aufsprüfen PC1

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 20.06.2015, 15:21   #1
Armer_Thor
 
Datenleck Aufsprüfen PC1 - Standard

Datenleck Aufsprüfen PC1



Vor kurzem sind mir Zugangsdaten für einige Dienste und konnten abhanden gekommen.
Aufgefallen ist die erst nach Missbrauch. Die Kennwörter waren niemandem bekannt und auch nirgends niedergeschrieben oder in jedweder Form gespeichert. Nun möchte ich beide Geräte überprüfen an dem die Kennwörter eingegeben wurden.

PC1 - Laptop mit Win 8

Grundsätzlich mit gratisvariante von Avira geschützt.
Nun Mit der neusten Desinfect aus der aktuellen CT gescannt.
Außerdem defogger, FRST und Gmaer ausgeführt.

- Gmer hat 2 Fehlermeldungen ausgegeben:

-- Beim Start: C:\Windows\system32\config\system: Der Prozess kann nicht auf die Datei zugreifen,da sie von einem anderen Prozess verwendet wird.

--- Während des Scans: C:\Users\Profilname\ntuser.dater Prozess kann nicht auf die Datei zugreifen,da sie von einem anderen Prozess verwendet wird.

Logs stehen am Ende des Beitrags: Username und Gerätename wurden durch "Profilname" ersetzt.

Ich hoffe das zumindest dieses System sauber ist

Additions.txt
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-06-2015
Ran by Profilname at 2015-06-20 15:05:03
Running from C:\Users\Profilname\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1767951355-1007739754-1276474970-500 - Administrator - Disabled)
Profilname (S-1-5-21-1767951355-1007739754-1276474970-1001 - Administrator - Enabled) => C:\Users\Profilname
Gast (S-1-5-21-1767951355-1007739754-1276474970-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1767951355-1007739754-1276474970-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ASUS Gaming Center (HKLM-x32\...\{23C8A788-4790-4F3C-B103-0ACC7D9DC5BE}) (Version: 1.0.2 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.3.4 - ASUS)
ASUS ROG Gaming Mouse (HKLM-x32\...\{3B9E171F-A955-4834-B877-447C0A437260}) (Version: 2.00.026 - ASUS)
ASUS ROG MacroKey (HKLM-x32\...\{348022C5-F497-4333-AFEE-208F22F169F2}_is1) (Version: 1.0.0.28 - G-spy Co., Ltd)
ASUS Screen Saver (HKLM-x32\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 2.0.5 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.02.0001 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.0.1 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0037 - ASUS)
Avira (HKLM-x32\...\{0696cc37-db90-4000-be99-4a173ca7c8af}) (Version: 1.1.39.17987 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.39.17987 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.11.574 - Avira Operations GmbH & Co. KG)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.4.2.30944 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB)
Command and Conquer 3: Kane's Wrath (HKLM-x32\...\Steam App 24810) (Version:  - EA Los Angeles)
CyberLink MediaStory (HKLM-x32\...\InstallShield_{55762F9A-FCE3-45d5-817B-051218658423}) (Version: 1.0.1314 - CyberLink Corp.)
Device Setup (HKLM-x32\...\{1F07F2C7-596F-4F34-B805-2C61A3E50E5A}) (Version: 1.0.18 - ASUSTek Computer Inc.)
Dishonored (HKLM-x32\...\Steam App 205100) (Version:  - Arkane Studios)
ETDWare PS/2-X64 11.5.13.9_WHQL (HKLM\...\Elantech) (Version: 11.5.13.9 - ELAN Microelectronic Corp.)
Foxit PhantomPDF (HKLM-x32\...\{FC76E6BB-7CBB-4CD6-8178-3BCADC0526C3}) (Version: 6.0.62.801 - Foxit Corporation)
Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.3.1.1 - Genesys Logic)
Intel Collaborative Processor Performance Control (HKLM-x32\...\0E7DAF70-FB54-4B91-B192-7E771C25AEEB) (Version: 1.0.0.1016 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.6.0.1038 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 17.0.1419.2) (HKLM\...\{302600C1-6BDF-4FD1-1405-148929CC1385}) (Version: 17.0.1405.0464 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{85b9d34f-7397-4e39-8600-07942ef6ca04}) (Version: 17.0.5 - Intel Corporation)
METAL GEAR SOLID V: GROUND ZEROES (HKLM-x32\...\Steam App 311340) (Version:  - Kojima Productions)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
mIRC (HKLM-x32\...\mIRC) (Version: 6.35 - mIRC Co. Ltd.)
Mozilla Firefox 38.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 de)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.1 - Mozilla)
NVIDIA 3D Vision Treiber 350.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 350.12 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.2 - NVIDIA Corporation)
NVIDIA Grafiktreiber 350.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 350.12 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA Miracast Virtueller Ton 350.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 350.12 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.15.0324 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0324 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.5.12.2862 - Electronic Arts, Inc.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
QuickPar 0.9 (HKLM-x32\...\QuickPar) (Version: 0.9 - Peter B. Clements)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.34.617.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7335 - Realtek Semiconductor Corp.)
ROG Game First III (HKLM-x32\...\{0C6E32E1-31D9-49F1-B67F-2941994002D5}) (Version: 1.00.16 - ASUSTeK Computer Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SHIELD Streaming (Version: 3.1.200 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.21 - NVIDIA Corporation) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
The Darkness II (HKLM-x32\...\Steam App 67370) (Version:  - Digital Extremes)
Thief (HKLM-x32\...\Steam App 239160) (Version:  - Eidos-Montréal)
Thunderbolt(TM) Software (HKLM\...\{BED2816F-D47A-41DA-AFCF-44E1B257C368}) (Version: 2.0.4.250 - Intel(R) Corporation)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WebStorage (HKLM-x32\...\WebStorage) (Version: 2.1.11.399 - ASUS Cloud Corporation)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-asus) (Version: 4.0.11.14 - WildTangent)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
WinRAR 5.21 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

02-06-2015 20:35:43 Windows Update
09-06-2015 18:46:46 DirectX wurde installiert
12-06-2015 20:44:10 Windows Update
14-06-2015 23:07:16 DirectX wurde installiert
20-06-2015 00:08:37 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
20-06-2015 00:08:43 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01C7EE9E-1BBF-46F7-8EA7-5E508E266D92} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service on boot if driver is up => tbtsvc.exe
Task: {291F8F6C-4BFA-4188-8A65-083E53BFCE7C} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {30CD5939-AB9C-4E22-BE04-E2BD7158966C} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2015-02-12] ()
Task: {30D21188-AF49-4210-AA6D-E8ECB03F09A1} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {36E27157-D0DB-4D2D-A708-3BCE4417161E} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2014-09-02] (ASUSTek Computer Inc.)
Task: {3757EC25-6E4D-46F5-A2F5-962EFDF11FC1} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {3E5664C4-F665-49A0-8AE8-1CC3AC846188} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2014-09-02] (Realtek Semiconductor)
Task: {42CB133E-01A6-4BB3-8207-E0FB06CFD4C8} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2014-06-03] (ASUS)
Task: {6409079B-DC70-42B8-B01B-BFD447376CE0} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {72F6E40D-EF13-4ADF-96DC-660ED254B473} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application when hardware is detected => Thunderbolt.exe
Task: {787779D4-423C-409A-81D9-123EC6A67CB2} - System32\Tasks\UMonitor Task => C:\Windows\SysWOW64\UMonit64.exe [2014-02-26] ()
Task: {7AF32167-5D43-4498-9862-3B781A27856A} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Time-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {82A023AF-8AE5-4717-9208-2C53E3C1AF0F} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattel\DiagTrackRunner.exe [2015-03-16] (Microsoft Corporation)
Task: {83149969-7C36-4AA0-BD4F-77CBDE97E67E} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-06] (Microsoft Corporation)
Task: {835539E3-2F2A-46BB-AE2C-B7E041FA85F7} - System32\Tasks\Gaming Center => C:\Program Files (x86)\ASUS\ASUS Gaming Center\vivokey.exe [2014-04-30] (ASUSTek Computer Inc.)
Task: {86ED87FF-E8C6-42E9-903F-FD1521D1C45E} - System32\Tasks\RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014-09-01] (Realtek Semiconductor)
Task: {B033B55F-17F8-4786-9FC4-9C4ECDC323E9} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {B5D1CF05-89A1-4BE7-9E32-26C48826A203} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service when hardware is detected => start ThunderboltService
Task: {C1A852A0-00A1-4611-80D9-5BFFC33549A5} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-06-12] (Microsoft Corporation)
Task: {DC901DAE-FFBB-4E14-A3E3-44AD2F9F5DCC} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on login if service is up => Thunderbolt.exe
Task: {DE205064-DE19-4CF0-A20E-98923DDF0F3A} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-23] (ASUSTeK Computer Inc.)
Task: {E83319F4-0215-42E0-AED0-D9DD3596DD97} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2014-07-09] (ASUSTek Computer Inc.)
Task: {F8CD0730-BF8B-42B1-B35D-5FFCDCF2B227} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-23] (ASUSTeK Computer Inc.)
Task: {FE8E8F37-1850-452D-94F5-F7D0ADB73A2B} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2014-06-11] (ASUSTek Computer Inc.)
Task: {FFD6988B-22A3-42F7-B8BF-AD353D28FC7B} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)

==================== Loaded Modules (Whitelisted) ==============

2014-12-11 04:21 - 2015-04-08 23:30 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2015-05-25 19:42 - 2015-05-25 19:42 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2014-12-11 04:31 - 2013-05-15 16:39 - 00463872 _____ () C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe
2014-12-11 04:29 - 2014-02-26 05:13 - 00053248 _____ () C:\Windows\SysWOW64\UMonit64.exe
2014-06-03 22:01 - 2014-06-03 22:01 - 00117248 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2014-06-03 22:01 - 2014-06-03 22:01 - 00037936 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2014-06-03 22:01 - 2014-06-03 22:01 - 00018992 _____ () C:\Program Files (x86)\ASUS\Splendid\AMDColorEnhance.dll
2014-06-03 22:01 - 2014-06-03 22:01 - 00020528 _____ () C:\Program Files (x86)\ASUS\Splendid\AMDRegammaAndGamut.dll
2015-05-18 02:31 - 2015-06-02 05:22 - 01007104 _____ () C:\Spiele\Origin\platforms\qwindows.dll
2015-05-18 02:31 - 2015-06-02 05:22 - 00023552 _____ () C:\Spiele\Origin\imageformats\qgif.dll
2015-05-18 02:31 - 2015-06-02 05:22 - 00024576 _____ () C:\Spiele\Origin\imageformats\qico.dll
2015-05-18 02:31 - 2015-06-02 05:22 - 00216576 _____ () C:\Spiele\Origin\imageformats\qjpeg.dll
2015-05-18 02:31 - 2015-06-02 05:22 - 00261120 _____ () C:\Spiele\Origin\imageformats\qmng.dll
2015-05-18 02:31 - 2015-06-02 05:22 - 00019456 _____ () C:\Spiele\Origin\imageformats\qtga.dll
2015-05-18 02:31 - 2015-06-02 05:22 - 00337408 _____ () C:\Spiele\Origin\imageformats\qtiff.dll
2015-05-18 02:31 - 2015-06-02 05:22 - 00018944 _____ () C:\Spiele\Origin\imageformats\qwbmp.dll
2014-12-11 04:25 - 2013-10-23 15:44 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2013-04-27 10:24 - 2013-04-27 10:24 - 00071680 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\checkmetro.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1767951355-1007739754-1276474970-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Profilname\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{D48F6F7F-BD46-41F0-BD6B-37F58504FF32}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{606AE995-9C21-4595-A361-D694AFBF14BB}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{D07C2BDC-33CE-4019-96CF-0E5FAAC63EF5}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{9DF2011A-BAF6-41DF-9BEF-7188CCD90CAB}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{916DD865-4294-4366-946D-3E9A5E1C4BEA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{DD71F7C7-3121-4C1B-8255-F64644530340}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{5AEF3889-CB25-42D2-8338-6A993DE29600}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{88A69DE3-773C-4BC6-9AE1-A6E791F8B9C9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{0277D7D6-643C-41DC-A8F8-02D7ADF9FEA9}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{9E458772-C26E-4D17-AA38-FCDD8A70A2B7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{F0E5EB37-CD7C-457C-B09F-71C150037846}] => (Allow) C:\Windows\system32\ftp.exe
FirewallRules: [{2158D9F2-2CDB-4F15-9974-31FEA2213E2C}] => (Allow) C:\Windows\system32\ftp.exe
FirewallRules: [{9C9C552A-E0D9-4B40-B28F-01305626C5CE}] => (Allow) C:\Windows\SysWOW64\ftp.exe
FirewallRules: [{1685CB77-9C32-41F3-B88A-B629BCBBDC80}] => (Allow) C:\Windows\SysWOW64\ftp.exe
FirewallRules: [{18153B11-249C-4677-8E7F-F3A6EEBB2B67}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{EBAFE9C5-A81D-42B7-B8BD-9468C7F4CABF}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{C5BFC37A-F0A7-4EA9-BB5F-F02E66DA818A}] => (Allow) C:\Steam_Games\Steam\Steam.exe
FirewallRules: [{C6B8EAE0-4C7A-44BF-9708-DA8654955BE2}] => (Allow) C:\Steam_Games\Steam\Steam.exe
FirewallRules: [{38AD4D1C-C126-4F7E-84DB-49CD23A34A20}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{ED0F09B2-5AB0-401F-939B-16EEEB93DF1E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EDA59C6C-1125-4A91-9671-E41A57DE15FD}] => (Allow) C:\Steam_Games\Steam\steamapps\common\Arma 2\arma2.exe
FirewallRules: [{230EB1BD-FCC3-45C4-B3B6-E0E7BEB60D84}] => (Allow) C:\Steam_Games\Steam\steamapps\common\Arma 2\arma2.exe
FirewallRules: [{3DD4A496-180C-4504-98B0-F74DCA1F51E8}] => (Allow) C:\Steam_Games\Steam\steamapps\common\arma 2 operation arrowhead\ArmA2OA.exe
FirewallRules: [{CAAEAA16-9E3F-4E8D-8E5F-9D4A19933B15}] => (Allow) C:\Steam_Games\Steam\steamapps\common\arma 2 operation arrowhead\ArmA2OA.exe
FirewallRules: [{65C45EC3-7E24-4AF9-8891-659489E0F332}] => (Allow) C:\Steam_Games\Steam\steamapps\common\arma 2 operation arrowhead\Expansion\beta\Arma2OA.exe
FirewallRules: [{39FAB9F4-922C-4E7E-96DE-5234788D42F0}] => (Allow) C:\Steam_Games\Steam\steamapps\common\arma 2 operation arrowhead\Expansion\beta\Arma2OA.exe
FirewallRules: [{BBB746E1-3EE4-40C9-826B-44D10013D3CF}] => (Allow) C:\Steam_Games\Steam\steamapps\common\arma 2 operation arrowhead\ArmA2OA_BE.exe
FirewallRules: [{481EF33C-68DF-49F0-9A36-39CD6393D2B2}] => (Allow) C:\Steam_Games\Steam\steamapps\common\arma 2 operation arrowhead\ArmA2OA_BE.exe
FirewallRules: [{B03083CA-1BA0-4BF6-AC3C-477CE438305E}] => (Allow) C:\Steam_Games\Steam\steamapps\common\arma 2 operation arrowhead\DLCsetup\ACR\datacachepreprocessor.exe
FirewallRules: [{4A3B736F-0CBA-4A0B-BD7D-738A89E760B1}] => (Allow) C:\Steam_Games\Steam\steamapps\common\arma 2 operation arrowhead\DLCsetup\ACR\datacachepreprocessor.exe
FirewallRules: [{9AC41D93-AA9B-4BD3-BC07-CEDE96C27BB5}] => (Allow) C:\Steam_Games\Steam\steamapps\common\arma 2 operation arrowhead\DLCsetup\PMC\datacachepreprocessor.exe
FirewallRules: [{85132833-0F52-4654-AD8D-D0E6DA8170C1}] => (Allow) C:\Steam_Games\Steam\steamapps\common\arma 2 operation arrowhead\DLCsetup\PMC\datacachepreprocessor.exe
FirewallRules: [{D5F312DC-2DD4-40A5-9CE5-F944B78F79DF}] => (Allow) C:\Steam_Games\Steam\steamapps\common\call of duty black ops\BlackOps.exe
FirewallRules: [{BE7837B2-3F0D-4E42-BE64-7D10614EB298}] => (Allow) C:\Steam_Games\Steam\steamapps\common\call of duty black ops\BlackOps.exe
FirewallRules: [{DE9A4F00-8D26-4416-BD9C-8D6F837E6848}] => (Allow) C:\Steam_Games\Steam\steamapps\common\call of duty black ops\BlackOpsMP.exe
FirewallRules: [{B1FCAE80-12D9-4439-94CF-16372BC9E86B}] => (Allow) C:\Steam_Games\Steam\steamapps\common\call of duty black ops\BlackOpsMP.exe
FirewallRules: [{801AE6D1-3073-44EC-83CF-407C96928F83}] => (Allow) C:\Steam_Games\Steam\steamapps\common\Deus Ex - Human Revolution\dxhr.exe
FirewallRules: [{41A246FA-5C78-43BC-8824-0AB623E695DA}] => (Allow) C:\Steam_Games\Steam\steamapps\common\Deus Ex - Human Revolution\dxhr.exe
FirewallRules: [{13C61DF8-9D4A-4CBA-9A5D-F5DB4B5616B5}] => (Allow) C:\Steam_Games\Steam\steamapps\common\DXHRML\dxhrml.exe
FirewallRules: [{32BBEE42-FCD1-4F11-96E4-76401991293B}] => (Allow) C:\Steam_Games\Steam\steamapps\common\DXHRML\dxhrml.exe
FirewallRules: [{6D7C62DA-162A-416E-8338-193A13186D18}] => (Allow) C:\Steam_Games\Steam\steamapps\common\skyrim\SkyrimLauncher.exe
FirewallRules: [{6E603CA2-9E23-4C30-9095-6DCAD88F0BD2}] => (Allow) C:\Steam_Games\Steam\steamapps\common\skyrim\SkyrimLauncher.exe
FirewallRules: [{73B8BB1A-1BEF-41DE-B1F8-5EEA836B9EA7}] => (Allow) C:\Steam_Games\Steam\steamapps\common\max payne 3\Max Payne 3\MaxPayne3.exe
FirewallRules: [{F7177A81-7E3B-43AA-B6EC-46F06BAC0AF2}] => (Allow) C:\Steam_Games\Steam\steamapps\common\max payne 3\Max Payne 3\MaxPayne3.exe
FirewallRules: [{35045B08-B21D-4A99-B7D4-E3AB7734ADB9}] => (Allow) C:\Steam_Games\Steam\steamapps\common\Orcs Must Die 2\build\release\OrcsMustDie2.exe
FirewallRules: [{6B87DB2C-272E-4DF1-B2D2-6A66DC99A574}] => (Allow) C:\Steam_Games\Steam\steamapps\common\Orcs Must Die 2\build\release\OrcsMustDie2.exe
FirewallRules: [{9C664C85-55C0-4DCF-8C3C-6965481CF44F}] => (Allow) C:\Steam_Games\Steam\steamapps\common\Shadow Warrior\dx11\launcher.exe
FirewallRules: [{304118CF-72DC-4CBA-8E0C-A071433FBB02}] => (Allow) C:\Steam_Games\Steam\steamapps\common\Shadow Warrior\dx11\launcher.exe
FirewallRules: [{CF642E0D-9F55-4E8A-9A63-79B5A9B3EF9D}] => (Allow) C:\Steam_Games\Steam\steamapps\common\Shadow Warrior\sw.exe
FirewallRules: [{49D77475-31F7-4FBB-886C-E85F9A3B244B}] => (Allow) C:\Steam_Games\Steam\steamapps\common\Shadow Warrior\sw.exe
FirewallRules: [{B122015E-3C3F-4B3C-9364-A352CF98EEDE}] => (Allow) C:\spiele\steam\steamapps\common\command and conquer 3 tiberium wars\CNC3.exe
FirewallRules: [{43A4E560-73B1-46E2-B7CA-58788907902F}] => (Allow) C:\spiele\steam\steamapps\common\command and conquer 3 tiberium wars\CNC3.exe
FirewallRules: [{447EF613-82C6-4B7A-818E-E01F71E73413}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{FA45E5E6-432A-4876-A38B-0C129356CFC2}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{AF5B1984-CA59-48B5-9E86-85D04C601390}] => (Allow) C:\spiele\steam\steamapps\common\aliens vs predator\AvP_Launcher.exe
FirewallRules: [{E887CAB3-824E-4EB0-823E-424C2370B639}] => (Allow) C:\spiele\steam\steamapps\common\aliens vs predator\AvP_Launcher.exe
FirewallRules: [{7BEC4332-CF6A-4950-81B2-D31552BCF4FF}] => (Allow) C:\spiele\steam\steamapps\common\aliens vs predator\AvP_DX11.exe
FirewallRules: [{776E3DBD-A19F-4A60-9A14-5B1E7CC9CAB4}] => (Allow) C:\spiele\steam\steamapps\common\aliens vs predator\AvP_DX11.exe
FirewallRules: [{1D74CED6-9097-424D-B67A-F39E2BD3381F}] => (Allow) C:\spiele\steam\steamapps\common\aliens vs predator\AvP.exe
FirewallRules: [{89942E1A-593C-481E-8CFF-878DEE6A3719}] => (Allow) C:\spiele\steam\steamapps\common\aliens vs predator\AvP.exe
FirewallRules: [{70FD8D64-7E0B-4BFE-BCCB-F6993CD570EC}] => (Allow) C:\Steam_Games\Steam\steamapps\common\Command and Conquer 3 - Kane's Wrath\CNC3EP1.exe
FirewallRules: [{B60394D4-CBF0-471F-B473-C104DE2877E6}] => (Allow) C:\Steam_Games\Steam\steamapps\common\Command and Conquer 3 - Kane's Wrath\CNC3EP1.exe
FirewallRules: [{35838E8C-0FAB-43B3-B2A1-C6BEC76452B9}] => (Allow) C:\Spiele\Steam\Steam.exe
FirewallRules: [{F6DF763A-3AE5-4479-8D6A-345C128DF534}] => (Allow) C:\Spiele\Steam\Steam.exe
FirewallRules: [TCP Query User{4FEEA555-584F-41AF-A293-4C2FC3EF6F9B}E:\mirc\mirc.exe] => (Allow) E:\mirc\mirc.exe
FirewallRules: [UDP Query User{E2548BBA-8530-4952-87AE-34CA6588493B}E:\mirc\mirc.exe] => (Allow) E:\mirc\mirc.exe
FirewallRules: [{CBBDE26B-A3C3-49F2-98F6-2CD92DA8A587}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{CF55FB9F-108C-4283-9F92-0C73029761BB}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{602F9970-F9CA-43A2-A948-00F5DB575B45}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{B77DD191-03A6-4B64-874C-96793BDDAD0B}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{45AD69CA-7AEB-48AE-A02E-B1E577759332}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{A50E3513-6CC1-4981-9015-F40E4AE588FE}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{308D9CE5-B83E-436F-9F3D-F2EA64E95888}] => (Allow) C:\Spiele\Origin Games\Battlefield 4\bf4_x86.exe
FirewallRules: [{DDD580E3-EF67-4ACA-8E3C-8154D6FA4532}] => (Allow) C:\Spiele\Origin Games\Battlefield 4\bf4_x86.exe
FirewallRules: [{CD08116C-D6C3-4578-9593-33BFE64E8E8C}] => (Allow) C:\Spiele\Origin Games\Battlefield 4\bf4.exe
FirewallRules: [{898781E3-AFA4-4F23-B7FE-88DD35F7E99A}] => (Allow) C:\Spiele\Origin Games\Battlefield 4\bf4.exe
FirewallRules: [{2F074AC0-CE81-4DEF-B1E1-13A95A29614D}] => (Allow) C:\Spiele\Steam\steamapps\common\max payne 3\Max Payne 3\MaxPayne3.exe
FirewallRules: [{DFECC3EC-C517-4B1F-AE75-98402E1D232D}] => (Allow) C:\Spiele\Steam\steamapps\common\max payne 3\Max Payne 3\MaxPayne3.exe
FirewallRules: [TCP Query User{7BBE6CED-FA2C-4FD4-ABA2-0F86A4BCEEE5}C:\spiele\battlenet\diablo iii\diablo iii.exe] => (Allow) C:\spiele\battlenet\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{13EB5DE0-F34D-4BF1-A7FA-7057A15F2B75}C:\spiele\battlenet\diablo iii\diablo iii.exe] => (Allow) C:\spiele\battlenet\diablo iii\diablo iii.exe
FirewallRules: [{8618A7ED-7D26-47BE-BA51-0E11224D097B}] => (Allow) C:\Spiele\Origin Games\Battlefield 4\bf4_x86.exe
FirewallRules: [{5E992CC2-2702-486C-963A-1D7E09B56113}] => (Allow) C:\Spiele\Origin Games\Battlefield 4\bf4_x86.exe
FirewallRules: [{4B40C92A-6DFA-4100-871D-A86C9FC5FE99}] => (Allow) C:\Spiele\Origin Games\Battlefield 4\bf4.exe
FirewallRules: [{5110C18E-6D63-4955-98C9-9E11B73CE93B}] => (Allow) C:\Spiele\Origin Games\Battlefield 4\bf4.exe
FirewallRules: [TCP Query User{5E699258-D4C3-4D4F-9C5A-2BD1C8D0A80F}C:\spiele\steam\steamapps\common\orcs must die 2\build\game\orcsmustdie2.exe] => (Allow) C:\spiele\steam\steamapps\common\orcs must die 2\build\game\orcsmustdie2.exe
FirewallRules: [UDP Query User{458ED06C-3AA3-48A4-8BDE-885B51D45A2D}C:\spiele\steam\steamapps\common\orcs must die 2\build\game\orcsmustdie2.exe] => (Allow) C:\spiele\steam\steamapps\common\orcs must die 2\build\game\orcsmustdie2.exe
FirewallRules: [{2060D222-C28F-4238-A066-1A20A1054F1E}] => (Allow) C:\Spiele\Steam\steamapps\common\arma 2 operation arrowhead\ArmA2OA.exe
FirewallRules: [{0F5BBD26-A76C-4B4D-958C-36BD21FC6B58}] => (Allow) C:\Spiele\Steam\steamapps\common\arma 2 operation arrowhead\ArmA2OA.exe
FirewallRules: [{8C3F97D1-EAF2-4638-81EC-5329DB3CA6C2}] => (Allow) C:\Spiele\Steam\steamapps\common\arma 2 operation arrowhead\Expansion\beta\Arma2OA.exe
FirewallRules: [{3AF65722-324D-4808-8F27-718DD2C2A9B1}] => (Allow) C:\Spiele\Steam\steamapps\common\arma 2 operation arrowhead\Expansion\beta\Arma2OA.exe
FirewallRules: [{7ABAA44E-A350-4BEB-BBF1-612E6ED6E333}] => (Allow) C:\Spiele\Steam\steamapps\common\arma 2 operation arrowhead\ArmA2OA_BE.exe
FirewallRules: [{98FE3377-0285-41A0-9CC5-636E48B28E01}] => (Allow) C:\Spiele\Steam\steamapps\common\arma 2 operation arrowhead\ArmA2OA_BE.exe
FirewallRules: [{F8A5DF1F-A9D3-4CFF-BBE6-17901D2858F8}] => (Allow) C:\Spiele\Steam\steamapps\common\arma 2 operation arrowhead\DLCsetup\ACR\datacachepreprocessor.exe
FirewallRules: [{1CA693FD-4787-4954-A742-582DD8B4AD7F}] => (Allow) C:\Spiele\Steam\steamapps\common\arma 2 operation arrowhead\DLCsetup\ACR\datacachepreprocessor.exe
FirewallRules: [{E458AFB2-A47A-4BF0-AAA0-3534E1AE3026}] => (Allow) C:\Spiele\Steam\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{85C6CA21-3D48-4623-94A0-D447D083F667}] => (Allow) C:\Spiele\Steam\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [TCP Query User{A1D460B0-F2CC-4F33-A133-B45F1FB8538E}C:\spiele\steam\steamapps\common\call of duty black ops\blackopsmp.exe] => (Allow) C:\spiele\steam\steamapps\common\call of duty black ops\blackopsmp.exe
FirewallRules: [UDP Query User{AD09BC55-0B13-42CC-AAF3-AF99B035E055}C:\spiele\steam\steamapps\common\call of duty black ops\blackopsmp.exe] => (Allow) C:\spiele\steam\steamapps\common\call of duty black ops\blackopsmp.exe
FirewallRules: [{6A215FD4-3056-4C5F-9409-9FF4DB28FD80}] => (Allow) C:\Spiele\Steam\steamapps\common\Darkness II\DarknessII.exe
FirewallRules: [{313C5C47-CF5D-4B91-8F21-613615624237}] => (Allow) C:\Spiele\Steam\steamapps\common\Darkness II\DarknessII.exe
FirewallRules: [{E5EF1B6C-32D9-40C5-9C41-3D5C5CC1EBD9}] => (Allow) C:\Spiele\Steam\steamapps\common\Thief\Binaries\Win64\Shipping-ThiefGame.exe
FirewallRules: [{3F347320-A505-490A-9D13-C7D7868547C1}] => (Allow) C:\Spiele\Steam\steamapps\common\Thief\Binaries\Win64\Shipping-ThiefGame.exe
FirewallRules: [{028FC6A6-B9F2-4AD1-B205-4A49E83BA914}] => (Allow) C:\Spiele\Steam\steamapps\common\Metal Gear Solid Ground Zeroes\MgsGroundZeroes.exe
FirewallRules: [{95C5F6AD-CBE0-4C05-9BA9-09589722A640}] => (Allow) C:\Spiele\Steam\steamapps\common\Metal Gear Solid Ground Zeroes\MgsGroundZeroes.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/19/2015 11:28:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Thunderbolt.exe, Version: 2.0.4.54, Zeitstempel: 0x530cadea
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.17415, Zeitstempel: 0x54505737
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000000000008b9c
ID des fehlerhaften Prozesses: 0x6b4
Startzeit der fehlerhaften Anwendung: 0xThunderbolt.exe0
Pfad der fehlerhaften Anwendung: Thunderbolt.exe1
Pfad des fehlerhaften Moduls: Thunderbolt.exe2
Berichtskennung: Thunderbolt.exe3
Vollständiger Name des fehlerhaften Pakets: Thunderbolt.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Thunderbolt.exe5

Error: (06/19/2015 11:28:47 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Thunderbolt.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.ApplicationException
Stapel:
   bei System.Threading.Mutex.ReleaseMutex()
   bei Thunderbolt.frmConnectedDevices.CloseApp()
   bei Thunderbolt.frmConnectedDevices..ctor(System.String[])
   bei Thunderbolt.Program.Main(System.String[])

Error: (06/19/2015 11:27:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Thunderbolt.exe, Version: 2.0.4.54, Zeitstempel: 0x530cadea
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.17415, Zeitstempel: 0x54505737
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000000000008b9c
ID des fehlerhaften Prozesses: 0x6c8
Startzeit der fehlerhaften Anwendung: 0xThunderbolt.exe0
Pfad der fehlerhaften Anwendung: Thunderbolt.exe1
Pfad des fehlerhaften Moduls: Thunderbolt.exe2
Berichtskennung: Thunderbolt.exe3
Vollständiger Name des fehlerhaften Pakets: Thunderbolt.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Thunderbolt.exe5

Error: (06/19/2015 11:27:25 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Thunderbolt.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.ApplicationException
Stapel:
   bei System.Threading.Mutex.ReleaseMutex()
   bei Thunderbolt.frmConnectedDevices.CloseApp()
   bei Thunderbolt.frmConnectedDevices..ctor(System.String[])
   bei Thunderbolt.Program.Main(System.String[])

Error: (06/19/2015 11:14:32 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Thunderbolt.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.ApplicationException
Stapel:
   bei System.Threading.Mutex.ReleaseMutex()
   bei Thunderbolt.frmConnectedDevices.CloseApp()
   bei Thunderbolt.frmConnectedDevices..ctor(System.String[])
   bei Thunderbolt.Program.Main(System.String[])

Error: (06/19/2015 03:55:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Thunderbolt.exe, Version: 2.0.4.54, Zeitstempel: 0x530cadea
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.17415, Zeitstempel: 0x54505737
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000000000008b9c
ID des fehlerhaften Prozesses: 0x6e0
Startzeit der fehlerhaften Anwendung: 0xThunderbolt.exe0
Pfad der fehlerhaften Anwendung: Thunderbolt.exe1
Pfad des fehlerhaften Moduls: Thunderbolt.exe2
Berichtskennung: Thunderbolt.exe3
Vollständiger Name des fehlerhaften Pakets: Thunderbolt.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Thunderbolt.exe5

Error: (06/19/2015 03:55:45 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Thunderbolt.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.ApplicationException
Stapel:
   bei System.Threading.Mutex.ReleaseMutex()
   bei Thunderbolt.frmConnectedDevices.CloseApp()
   bei Thunderbolt.frmConnectedDevices..ctor(System.String[])
   bei Thunderbolt.Program.Main(System.String[])

Error: (06/12/2015 09:40:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: dxhr.exe, Version: 1.4.651.0, Zeitstempel: 0x4fb36dd8
Name des fehlerhaften Moduls: dxhr.exe, Version: 1.4.651.0, Zeitstempel: 0x4fb36dd8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x001f0de0
ID des fehlerhaften Prozesses: 0x1890
Startzeit der fehlerhaften Anwendung: 0xdxhr.exe0
Pfad der fehlerhaften Anwendung: dxhr.exe1
Pfad des fehlerhaften Moduls: dxhr.exe2
Berichtskennung: dxhr.exe3
Vollständiger Name des fehlerhaften Pakets: dxhr.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: dxhr.exe5

Error: (06/12/2015 09:35:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: dxhr.exe, Version: 1.4.651.0, Zeitstempel: 0x4fb36dd8
Name des fehlerhaften Moduls: dxhr.exe, Version: 1.4.651.0, Zeitstempel: 0x4fb36dd8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00135c0d
ID des fehlerhaften Prozesses: 0x147c
Startzeit der fehlerhaften Anwendung: 0xdxhr.exe0
Pfad der fehlerhaften Anwendung: dxhr.exe1
Pfad des fehlerhaften Moduls: dxhr.exe2
Berichtskennung: dxhr.exe3
Vollständiger Name des fehlerhaften Pakets: dxhr.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: dxhr.exe5

Error: (06/12/2015 09:34:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: dxhr.exe, Version: 1.4.651.0, Zeitstempel: 0x4fb36dd8
Name des fehlerhaften Moduls: dxhr.exe, Version: 1.4.651.0, Zeitstempel: 0x4fb36dd8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x001f2dab
ID des fehlerhaften Prozesses: 0x5ac
Startzeit der fehlerhaften Anwendung: 0xdxhr.exe0
Pfad der fehlerhaften Anwendung: dxhr.exe1
Pfad des fehlerhaften Moduls: dxhr.exe2
Berichtskennung: dxhr.exe3
Vollständiger Name des fehlerhaften Pakets: dxhr.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: dxhr.exe5


System errors:
=============
Error: (06/20/2015 00:05:36 PM) (Source: DCOM) (EventID: 10010) (User: Profilname-Laptop)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (06/20/2015 00:05:06 PM) (Source: DCOM) (EventID: 10010) (User: Profilname-Laptop)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (06/20/2015 11:54:32 AM) (Source: DCOM) (EventID: 10016) (User: Profilname-Laptop)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}Profilname-LaptopprofilnameS-1-5-21-1767951355-1007739754-1276474970-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (06/20/2015 11:54:32 AM) (Source: DCOM) (EventID: 10016) (User: Profilname-Laptop)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}Profilname-LaptopProfilnameS-1-5-21-1767951355-1007739754-1276474970-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (06/20/2015 11:54:32 AM) (Source: DCOM) (EventID: 10016) (User: Profilname-Laptop)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}profilnames-Laptopprofilname-1-5-21-1767951355-1007739754-1276474970-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (06/20/2015 11:54:32 AM) (Source: DCOM) (EventID: 10016) (User: profilnames-Laptop)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}profilnames-LaptopprofilnameS-1-5-21-1767951355-1007739754-1276474970-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (06/20/2015 11:54:32 AM) (Source: DCOM) (EventID: 10016) (User: Profilnames-Laptop)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}profilnames-LaptopprofilnameS-1-5-21-1767951355-1007739754-1276474970-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (06/20/2015 11:54:32 AM) (Source: DCOM) (EventID: 10016) (User: profilnames-Laptop)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}Profilnames-LaptopprofilnameS-1-5-21-1767951355-1007739754-1276474970-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (06/20/2015 11:54:22 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎20.‎06.‎2015 um 00:59:48 unerwartet heruntergefahren.

Error: (06/20/2015 11:54:15 AM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT-AUTORITÄT)
Description: 32212256841144288


Microsoft Office:
=========================
Error: (06/19/2015 11:28:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Thunderbolt.exe2.0.4.54530cadeaKERNELBASE.dll6.3.9600.1741554505737e04343520000000000008b9c6b401d0aa7251d2877bC:\Program Files\Intel\Thunderbolt Software\Thunderbolt.exeC:\Windows\system32\KERNELBASE.dll96229cde-1665-11e5-8272-e8b1fc6bf462

Error: (06/19/2015 11:28:47 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Thunderbolt.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.ApplicationException
Stapel:
   bei System.Threading.Mutex.ReleaseMutex()
   bei Thunderbolt.frmConnectedDevices.CloseApp()
   bei Thunderbolt.frmConnectedDevices..ctor(System.String[])
   bei Thunderbolt.Program.Main(System.String[])

Error: (06/19/2015 11:27:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Thunderbolt.exe2.0.4.54530cadeaKERNELBASE.dll6.3.9600.1741554505737e04343520000000000008b9c6c801d0aa72229e3b36C:\Program Files\Intel\Thunderbolt Software\Thunderbolt.exeC:\Windows\system32\KERNELBASE.dll666af846-1665-11e5-8271-e8b1fc6bf462

Error: (06/19/2015 11:27:25 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Thunderbolt.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.ApplicationException
Stapel:
   bei System.Threading.Mutex.ReleaseMutex()
   bei Thunderbolt.frmConnectedDevices.CloseApp()
   bei Thunderbolt.frmConnectedDevices..ctor(System.String[])
   bei Thunderbolt.Program.Main(System.String[])

Error: (06/19/2015 11:14:32 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Thunderbolt.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.ApplicationException
Stapel:
   bei System.Threading.Mutex.ReleaseMutex()
   bei Thunderbolt.frmConnectedDevices.CloseApp()
   bei Thunderbolt.frmConnectedDevices..ctor(System.String[])
   bei Thunderbolt.Program.Main(System.String[])

Error: (06/19/2015 03:55:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Thunderbolt.exe2.0.4.54530cadeaKERNELBASE.dll6.3.9600.1741554505737e04343520000000000008b9c6e001d0aa330a576d7eC:\Program Files\Intel\Thunderbolt Software\Thunderbolt.exeC:\Windows\system32\KERNELBASE.dll4de80693-1626-11e5-826c-e8b1fc6bf462

Error: (06/19/2015 03:55:45 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Thunderbolt.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.ApplicationException
Stapel:
   bei System.Threading.Mutex.ReleaseMutex()
   bei Thunderbolt.frmConnectedDevices.CloseApp()
   bei Thunderbolt.frmConnectedDevices..ctor(System.String[])
   bei Thunderbolt.Program.Main(System.String[])

Error: (06/12/2015 09:40:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: dxhr.exe1.4.651.04fb36dd8dxhr.exe1.4.651.04fb36dd8c0000005001f0de0189001d0a546f65d83f8C:\Spiele\Steam\steamapps\common\Deus Ex - Human Revolution\dxhr.exeC:\Spiele\Steam\steamapps\common\Deus Ex - Human Revolution\dxhr.exed6e6cf8f-113a-11e5-826a-e8b1fc6bf462

Error: (06/12/2015 09:35:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: dxhr.exe1.4.651.04fb36dd8dxhr.exe1.4.651.04fb36dd8c000000500135c0d147c01d0a546c4af0471C:\Spiele\Steam\steamapps\common\Deus Ex - Human Revolution\dxhr.exeC:\Spiele\Steam\steamapps\common\Deus Ex - Human Revolution\dxhr.exe310bd92a-113a-11e5-826a-e8b1fc6bf462

Error: (06/12/2015 09:34:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: dxhr.exe1.4.651.04fb36dd8dxhr.exe1.4.651.04fb36dd8c0000005001f2dab5ac01d0a540f1107539C:\Spiele\Steam\steamapps\common\Deus Ex - Human Revolution\dxhr.exeC:\Spiele\Steam\steamapps\common\Deus Ex - Human Revolution\dxhr.exefdab60b8-1139-11e5-826a-e8b1fc6bf462


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-4710HQ CPU @ 2.50GHz
Percentage of memory in use: 12%
Total physical RAM: 16333.11 MB
Available physical RAM: 14315.8 MB
Total Pagefile: 18765.11 MB
Available Pagefile: 16485.02 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:464.71 GB) (Free:152.25 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (Data1) (Fixed) (Total:931.51 GB) (Free:870.04 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: E3EA9747)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 6310F6FB)

Partition: GPT Partition Type.

==================== End of log ============================
         
Defogger
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 15:04 on 20/06/2015 (Profilname)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
Frst
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015
Ran by Profilname (administrator) on Profilnames-LAPTOP on 20-06-2015 15:04:44
Running from C:\Users\Profilname\Desktop
Loaded Profiles: Profilname (Available Profiles: Profilname)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSWinService.exe
(ASUSTeK) C:\Program Files (x86)\ASUS\ROG Game First III\AsusGameFirstService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Gaming Center\vivokey.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\System32\PnkBstrA.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Razer Inc.) C:\Program Files (x86)\Razer\RzWizard\RzWizardService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDGesture.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Electronic Arts) C:\Spiele\Origin\Origin.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
() C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Razer Inc.) C:\Program Files (x86)\Razer\RzWizard\RzWizard.exe
() C:\Windows\SysWOW64\UMonit64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2473800 2014-09-09] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3276040 2014-05-09] (ELAN Microelectronics Corp.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\ASUSWSLoader.exe [63296 2014-08-20] ()
HKLM-x32\...\Run: [ROGNB] => C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe [463872 2013-05-15] ()
HKLM-x32\...\Run: [ASUS ROG MacroKey] => C:\Program Files (x86)\ASUS\ASUS ROG MacroKey\Hid.exe [2036224 2014-07-30] (ASUS)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [730416 2015-06-19] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [RzWizard] => C:\Program Files (x86)\Razer\RzWizard\RzWizard.exe [254976 2015-04-16] (Razer Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe [130864 2015-05-21] (Avira Operations GmbH & Co. KG)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1767951355-1007739754-1276474970-1001\...\Run: [Steam] => "C:\Steam_Games\Steam\steam.exe" -silent
HKU\S-1-5-21-1767951355-1007739754-1276474970-1001\...\Run: [EADM] => C:\Spiele\Origin\Origin.exe [3632472 2015-06-02] (Electronic Arts)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.1.11.399\ASUSWSShellExt64.dll [2013-06-26] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.1.11.399\ASUSWSShellExt64.dll [2013-06-26] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.1.11.399\ASUSWSShellExt64.dll [2013-06-26] (ASUS Cloud Corporation.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1767951355-1007739754-1276474970-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1767951355-1007739754-1276474970-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com/?pc=ASJB
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Profilname\AppData\Roaming\Mozilla\Firefox\Profiles\lt1e8mof.default
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2013-12-18] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2013-12-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-10-23] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-10-23] (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-04-08] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-04-08] (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-06] ()
FF Extension: Avira Browser Safety - C:\Users\Profilname\AppData\Roaming\Mozilla\Firefox\Profiles\lt1e8mof.default\Extensions\abs@avira.com [2015-06-12]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [827184 2015-06-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [450808 2015-06-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [450808 2015-06-19] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1188360 2015-06-19] (Avira Operations GmbH & Co. KG)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSWinService.exe [71168 2014-08-20] (ASUS Cloud Corporation) [File not signed]
R2 AsusGameFirstService; C:\Program Files (x86)\ASUS\ROG Game First III\AsusGameFirstService.exe [345912 2014-08-29] (ASUSTeK)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [208632 2015-05-21] (Avira Operations GmbH & Co. KG)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [102152 2014-05-09] (ELAN Microelectronics Corp.)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-24] (WildTangent)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-09-09] (NVIDIA Corporation)
R2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [121288 2014-05-09] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [827392 2013-09-02] (Intel(R) Corporation) [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-10-23] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-10-23] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-05-29] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-09-09] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19438920 2014-09-09] (NVIDIA Corporation)
S3 Origin Client Service; C:\Spiele\Origin\OriginClientService.exe [1997168 2015-06-02] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2015-05-25] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2015-05-20] ()
R2 RzWizardService; C:\Program Files (x86)\Razer\RzWizard\RzWizardService.exe [368128 2015-04-16] (Razer Inc.) [File not signed]
S3 ThunderboltService; C:\Program Files\Intel\Thunderbolt Software\tbtsvc.exe [1179944 2014-05-13] (Intel Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-05-29] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [153256 2015-06-19] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132656 2015-06-19] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2015-04-16] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-04-16] (Avira Operations GmbH & Co. KG)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2014-03-26] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1424184 2014-04-22] (Motorola Solutions, Inc.)
U5 GeneStor; C:\Windows\System32\Drivers\GeneStor.sys [107208 2014-01-17] (GenesysLogic)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [192456 2014-05-09] (Intel Corporation)
R0 IntelHSWPcc; C:\Windows\System32\drivers\IntelPcc.sys [77992 2014-08-04] (Intel Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [17280 2012-08-06] ( )
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-10-23] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3446240 2014-06-18] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R1 NFC_Driver; C:\Windows\System32\drivers\NFC_Driver.sys [48336 2014-03-27] (Titan ARC Corp.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-09-09] (NVIDIA Corporation)
R3 NVVADARM; C:\Windows\system32\drivers\nvvadarm.sys [39056 2015-04-09] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
U0 msahci; system32\drivers\msahci.sys

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-20 15:04 - 2015-06-20 15:04 - 00017412 _____ C:\Users\Profilname\Desktop\FRST.txt
2015-06-20 15:04 - 2015-06-20 15:04 - 00000472 _____ C:\Users\Profilname\Desktop\defogger_disable.log
2015-06-20 15:04 - 2015-06-20 15:04 - 00000000 ____D C:\FRST
2015-06-20 15:04 - 2015-06-20 15:04 - 00000000 _____ C:\Users\Profilname\defogger_reenable
2015-06-20 14:54 - 2015-06-20 14:57 - 00000000 ____D C:\Users\Profilname\Desktop\Laptop
2015-06-20 14:47 - 2015-06-20 14:47 - 02109952 _____ (Farbar) C:\Users\Profilname\Desktop\FRST64.exe
2015-06-20 14:47 - 2015-06-20 14:47 - 00380416 _____ C:\Users\Profilname\Desktop\GMER-kqxc66yd.exe
2015-06-20 14:46 - 2015-06-20 14:46 - 00050477 _____ C:\Users\Profilname\Desktop\Defogger.exe
2015-06-19 23:57 - 2015-06-19 23:57 - 00000209 _____ C:\Users\Profilname\Desktop\METAL GEAR SOLID V GROUND ZEROES.url
2015-06-19 13:13 - 2015-06-19 13:13 - 00000000 _____ C:\Recovery.txt
2015-06-19 11:36 - 2015-06-19 11:36 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2015-06-15 14:40 - 2015-06-15 14:40 - 00000000 ____D C:\Users\Profilname\AppData\Roaming\Foxit Software
2015-06-14 23:07 - 2015-06-16 00:57 - 00000000 ____D C:\Users\Profilname\AppData\Roaming\DarknessII
2015-06-14 20:18 - 2015-06-14 20:18 - 00000000 ____D C:\Users\Profilname\AppData\Local\GWX
2015-06-13 16:53 - 2015-06-13 16:53 - 00000209 _____ C:\Users\Profilname\Desktop\Thief.url
2015-06-13 16:52 - 2015-06-13 16:52 - 00000208 _____ C:\Users\Profilname\Desktop\The Darkness II.url
2015-06-12 23:06 - 2015-06-20 11:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-12 20:46 - 2015-05-22 15:08 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-12 20:46 - 2015-05-21 15:08 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-12 20:46 - 2015-05-21 15:08 - 01020928 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-12 20:46 - 2015-05-21 15:08 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-12 20:46 - 2015-05-21 15:08 - 00422912 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-12 20:46 - 2015-05-21 15:08 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-12 20:46 - 2015-05-21 15:08 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-12 20:46 - 2015-04-17 00:07 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-11 19:32 - 2015-05-25 15:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-11 19:32 - 2015-05-25 15:07 - 01430528 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-11 19:32 - 2015-04-16 08:17 - 00325464 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2015-06-11 19:32 - 2015-04-14 00:37 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\authz.dll
2015-06-11 19:32 - 2015-04-14 00:34 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authz.dll
2015-06-11 19:32 - 2015-04-10 02:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll
2015-06-11 19:32 - 2015-04-10 02:17 - 01018880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2015-06-11 19:32 - 2015-04-09 00:41 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rgb9rast.dll
2015-06-11 19:32 - 2015-04-09 00:07 - 00410336 _____ C:\Windows\system32\ApnDatabase.xml
2015-06-11 19:32 - 2015-04-02 00:42 - 03097600 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2015-06-11 19:32 - 2015-04-02 00:30 - 02483712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2015-06-11 19:32 - 2015-03-20 05:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\compstui.dll
2015-06-11 19:32 - 2015-03-20 05:08 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2015-06-11 19:32 - 2015-03-20 04:37 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2015-06-11 19:32 - 2015-03-20 04:07 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-06-11 19:32 - 2015-03-02 03:43 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\rastapi.dll
2015-06-11 19:32 - 2015-03-02 03:21 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastapi.dll
2015-06-11 19:31 - 2015-04-01 06:21 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2015-06-11 19:31 - 2015-04-01 06:18 - 00468480 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2015-06-11 19:31 - 2015-04-01 06:17 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2015-06-11 19:31 - 2015-04-01 06:08 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2015-06-11 19:31 - 2015-04-01 05:46 - 03633664 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2015-06-11 19:31 - 2015-04-01 05:17 - 02551808 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2015-06-11 19:31 - 2015-04-01 05:17 - 00903168 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2015-06-11 19:31 - 2015-04-01 04:53 - 00391680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2015-06-11 19:31 - 2015-04-01 04:53 - 00272896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2015-06-11 19:31 - 2015-04-01 04:45 - 02749952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2015-06-11 19:31 - 2015-04-01 04:45 - 00699392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2015-06-11 19:31 - 2015-04-01 04:14 - 01920000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2015-06-11 19:31 - 2015-04-01 04:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2015-06-10 19:55 - 2015-05-27 16:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-10 19:55 - 2015-05-27 16:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-10 19:55 - 2015-05-23 05:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-10 19:55 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-10 19:55 - 2015-05-23 05:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-10 19:55 - 2015-05-23 05:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-10 19:55 - 2015-05-23 05:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-06-10 19:55 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-10 19:55 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-10 19:55 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-10 19:55 - 2015-05-23 04:47 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-06-10 19:55 - 2015-05-23 04:43 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-06-10 19:55 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-10 19:55 - 2015-05-23 04:38 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-06-10 19:55 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-10 19:55 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-10 19:55 - 2015-05-23 04:28 - 01042944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2015-06-10 19:55 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-10 19:55 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-10 19:55 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-06-10 19:55 - 2015-05-22 21:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-10 19:55 - 2015-05-22 21:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-10 19:55 - 2015-05-22 21:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-10 19:55 - 2015-05-22 20:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-10 19:55 - 2015-05-22 20:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-10 19:55 - 2015-05-22 20:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-10 19:55 - 2015-05-22 20:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-10 19:55 - 2015-05-22 20:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-10 19:55 - 2015-05-22 20:23 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-06-10 19:55 - 2015-05-22 20:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-10 19:55 - 2015-05-22 20:15 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-06-10 19:55 - 2015-05-22 20:09 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-06-10 19:55 - 2015-05-22 20:08 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-10 19:55 - 2015-05-22 20:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-10 19:55 - 2015-05-22 20:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-10 19:55 - 2015-05-22 19:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-10 19:55 - 2015-05-22 19:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-10 19:55 - 2015-05-22 19:49 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-06-10 19:55 - 2015-05-22 19:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-10 19:55 - 2015-05-22 19:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-10 19:55 - 2015-05-21 18:47 - 04177920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-10 19:55 - 2015-04-25 04:34 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-10 19:55 - 2015-04-25 04:33 - 00549888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-09 18:47 - 2015-06-09 18:47 - 00000000 ____D C:\Users\Profilname\AppData\Local\Activision
2015-05-30 10:58 - 2015-06-14 20:25 - 00000000 ____D C:\Users\Profilname\AppData\Local\dxhr
2015-05-30 10:56 - 2015-05-30 10:56 - 00000000 ____D C:\Users\Profilname\AppData\Local\28050
2015-05-30 08:17 - 2015-05-30 08:17 - 00000926 _____ C:\Users\Public\Desktop\Battlefield 4.lnk
2015-05-30 08:17 - 2015-05-30 08:17 - 00000902 _____ C:\Users\Public\Desktop\Battlefield 4(64 bit).lnk
2015-05-25 22:52 - 2015-05-25 22:52 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-05-25 22:52 - 2015-05-25 22:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-05-25 22:51 - 2015-05-25 22:51 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2015-05-25 22:51 - 2015-05-25 22:51 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2015-05-25 22:50 - 2015-05-25 22:50 - 00000000 ____D C:\Program Files (x86)\Microsoft ASP.NET
2015-05-25 20:40 - 2015-05-25 23:10 - 00005498 _____ C:\Users\Profilname\Desktop\Neues Textdokument.txt
2015-05-25 20:33 - 2015-05-25 20:33 - 00000000 ____D C:\Windows\PCHEALTH
2015-05-25 20:33 - 2015-05-25 20:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2015-05-25 20:33 - 2015-05-25 20:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-05-25 20:33 - 2015-05-25 20:33 - 00000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services
2015-05-25 20:33 - 2015-05-25 20:33 - 00000000 ____D C:\Program Files (x86)\Microsoft Sync Framework
2015-05-25 20:33 - 2015-05-25 20:33 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2015-05-25 20:32 - 2015-06-12 20:47 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-05-25 20:32 - 2015-05-25 20:33 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-05-25 20:32 - 2015-05-25 20:32 - 00000000 __RHD C:\MSOCache
2015-05-25 20:32 - 2015-05-25 20:32 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2015-05-25 20:32 - 2015-05-25 20:32 - 00000000 ____D C:\Users\Profilname\AppData\Local\Microsoft Help
2015-05-25 20:32 - 2015-05-25 20:32 - 00000000 ____D C:\Program Files\Microsoft Office
2015-05-25 20:32 - 2015-05-25 20:32 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2015-05-25 20:32 - 2015-05-25 20:32 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2015-05-25 19:42 - 2015-05-25 19:42 - 00076152 _____ C:\Windows\system32\PnkBstrA.exe
2015-05-25 04:44 - 2015-05-25 04:44 - 00000000 ____D C:\Users\Profilname\AppData\Local\PunkBuster
2015-05-25 04:22 - 2015-05-25 04:22 - 00000000 ____D C:\Users\Profilname\Documents\Battlefield 4
2015-05-25 04:21 - 2015-05-25 04:21 - 00000707 _____ C:\Users\Public\Desktop\Origin.lnk
2015-05-25 04:21 - 2015-05-25 04:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2015-05-25 04:21 - 2015-05-25 04:21 - 00000000 ____D C:\ProgramData\Electronic Arts

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-20 15:04 - 2015-05-16 21:42 - 00000000 ____D C:\Users\Profilname
2015-06-20 15:02 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\sru
2015-06-20 14:55 - 2014-10-29 14:02 - 00765582 _____ C:\Windows\system32\perfh007.dat
2015-06-20 14:55 - 2014-10-29 14:02 - 00159366 _____ C:\Windows\system32\perfc007.dat
2015-06-20 14:55 - 2014-03-18 17:26 - 01776918 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-20 14:54 - 2013-08-22 16:46 - 00028671 _____ C:\Windows\setupact.log
2015-06-20 14:00 - 2014-12-11 04:17 - 01470056 _____ C:\Windows\WindowsUpdate.log
2015-06-20 12:33 - 2015-05-16 19:47 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1767951355-1007739754-1276474970-1001
2015-06-20 12:04 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness
2015-06-20 12:00 - 2015-05-16 20:53 - 00003474 _____ C:\Windows\System32\Tasks\ASUS Live Update1
2015-06-20 12:00 - 2015-05-16 20:53 - 00003464 _____ C:\Windows\System32\Tasks\ASUS Live Update2
2015-06-20 11:54 - 2015-05-20 13:24 - 00000000 ____D C:\ProgramData\Origin
2015-06-20 11:54 - 2015-05-16 22:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-20 11:54 - 2015-05-16 21:42 - 00000093 _____ C:\Users\Profilname\AppData\Roaming\sp_data.sys
2015-06-20 11:54 - 2014-12-11 04:21 - 00000000 ____D C:\ProgramData\NVIDIA
2015-06-20 11:54 - 2014-03-18 10:16 - 00210628 _____ C:\Windows\PFRO.log
2015-06-20 11:54 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-20 00:08 - 2015-05-20 12:02 - 00129240 _____ C:\Windows\DirectX.log
2015-06-20 00:08 - 2014-10-29 08:25 - 00000000 ____D C:\ProgramData\Package Cache
2015-06-19 03:55 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-06-19 03:53 - 2015-05-20 14:06 - 00153256 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-06-19 03:53 - 2015-05-20 14:06 - 00132656 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-06-19 03:53 - 2015-05-20 14:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-06-17 15:10 - 2015-05-17 22:06 - 00000000 __SHD C:\Users\PRofilname\AppData\Local\EmieBrowserModeList
2015-06-17 15:10 - 2015-05-16 21:45 - 00000000 __SHD C:\Users\Profilname\AppData\Local\EmieUserList
2015-06-17 15:10 - 2015-05-16 21:45 - 00000000 __SHD C:\Users\Profilname\AppData\Local\EmieSiteList
2015-06-14 06:37 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\rescache
2015-06-13 16:50 - 2013-08-22 16:44 - 00481504 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-12 23:14 - 2015-05-16 21:58 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-12 23:14 - 2015-05-16 21:58 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-12 23:14 - 2013-08-22 17:36 - 00000000 ___RD C:\Windows\ToastData
2015-06-12 23:14 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-12 23:14 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp
2015-06-12 20:46 - 2015-05-16 20:51 - 00000000 ____D C:\Windows\system32\MRT
2015-06-12 20:45 - 2015-05-16 20:51 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-12 20:45 - 2013-08-22 15:25 - 00000199 _____ C:\Windows\win.ini
2015-06-10 19:53 - 2015-05-20 14:05 - 00000000 ____D C:\Program Files (x86)\Avira
2015-06-03 18:18 - 2013-08-22 17:38 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-03 18:18 - 2013-08-22 17:38 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-03 03:03 - 2015-05-16 19:48 - 00000000 ____D C:\Program Files (x86)\Razer
2015-06-02 05:23 - 2015-05-20 12:12 - 00000000 ____D C:\Users\Profilname\AppData\Roaming\Origin
2015-06-01 11:25 - 2015-05-20 12:19 - 00000000 ____D C:\Users\Profilname\AppData\Local\Battle.net
2015-05-30 09:32 - 2015-05-20 15:47 - 00226680 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2015-05-30 09:22 - 2015-05-20 15:47 - 00226680 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2015-05-26 04:47 - 2015-05-17 22:08 - 00000000 ____D C:\Users\Profilname\AppData\Roaming\vlc
2015-05-25 23:21 - 2015-05-16 21:58 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-05-25 23:21 - 2015-05-16 21:58 - 00000000 ___SD C:\Windows\system32\GWX
2015-05-25 22:51 - 2014-10-29 08:25 - 00000000 ____D C:\ProgramData\Skype
2015-05-25 20:33 - 2014-10-29 13:30 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-05-25 20:33 - 2014-03-18 17:10 - 00000000 ____D C:\Windows\ShellNew
2015-05-25 20:32 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-05-25 04:33 - 2015-05-20 15:48 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2015-05-25 04:33 - 2014-12-11 04:33 - 00000000 ____D C:\ProgramData\McAfee
2015-05-25 04:21 - 2015-05-20 13:25 - 00000000 ____D C:\Users\Profilname\AppData\Local\Origin

==================== Files in the root of some directories =======

2015-05-16 21:42 - 2015-06-20 11:54 - 0000093 _____ () C:\Users\Profilname\AppData\Roaming\sp_data.sys
2014-12-11 04:26 - 2014-12-11 04:26 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-10-29 08:25 - 2012-09-07 13:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS

Files to move or delete:
====================
C:\ProgramData\SetStretch.VBS


Some files in TEMP:
====================
C:\Users\Profilname\AppData\Local\Temp\avgnt.exe
C:\Users\Profilname\AppData\Local\Temp\mccspuninstall.exe
C:\Users\Profilname\AppData\Local\Temp\mirc635.exe
C:\Users\Profilname\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Profilname\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Profilname\AppData\Local\Temp\nvStInst.exe
C:\Users\Profilname\AppData\Local\Temp\sonarinst.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-20 12:04

==================== End of log ============================
         
LogDatei von Desinfect:
HTML-Code:
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <title>Virenfunde</title>
<link rel="stylesheet" type="text/css" href="file:///opt/desinfect/metascan.css" />
</head>
<body>
<h2 align="center">Virenfunde</h2>
<table class="virustab">
<tr>
<th class="leftempty">&nbsp;</th>
<th>Avira</th>
<th>Bitdefender</th>
<th>Kaspersky</th>
<th>ClamAV</th>
<th>Aktion</th>
</tr>
<tr class="even">
<td colspan="6" class="filename"><a title="Im Dateimananger öffnen" href="filemanager:///media/Recovery/oem/DELAY.EXE">/media/Recovery/oem/DELAY.EXE</a></td>
</tr>
<tr  class="even">
<td class="leftempty"></td>
<td><a target="_blank" href="hxxp://www.avira.com/de/support-virus-lab?sq=TR/Agent.179568">TR/Agent.179568</td>
<td></td>
<td></td>
<td class="clamlight"><a target="_blank" href="hxxp://www.google.com/search?q=Win.Worm.Agent-88">Win.Worm.Agent-88</td><td>
<a href="vtupload:///media/Recovery/oem/DELAY.EXE">VirusTotal</a>
 <a href="rename:///media/Recovery/oem/DELAY.EXE">umbenennen</a> </td>
</tr>
<tr class="odd">
<td colspan="6" class="filename"><a title="Im Dateimananger öffnen" href="filemanager:///media/Data1/mIRC/mirc.exe">/media/Data1/mIRC/mirc.exe</a></td>
</tr>
<tr  class="odd">
<td class="leftempty"></td>
<td></td>
<td></td>
<td></td>
<td class="clamlight"><a target="_blank" href="hxxp://www.google.com/search?q=Trojan.Small-504">Trojan.Small-504</td><td>
<a href="vtupload:///media/Data1/mIRC/mirc.exe">VirusTotal</a>
 <a href="rename:///media/Data1/mIRC/mirc.exe">umbenennen</a> </td>
</tr>
<tr class="even">
<td colspan="6" class="filename"><a title="Im Dateimananger öffnen" href="filemanager:///media/Data1/Portable Apps/m_irc-1635/DEViLiSiON/mirc.exe">/media/Data1/Portable Apps/m_irc-1635/DEViLiSiON/mirc.exe</a></td>
</tr>
<tr  class="even">
<td class="leftempty"></td>
<td></td>
<td></td>
<td></td>
<td class="clamlight"><a target="_blank" href="hxxp://www.google.com/search?q=Trojan.Small-504">Trojan.Small-504</td><td>
<a href="vtupload:///media/Data1/Portable Apps/m_irc-1635/DEViLiSiON/mirc.exe">VirusTotal</a>
 <a href="rename:///media/Data1/Portable Apps/m_irc-1635/DEViLiSiON/mirc.exe">umbenennen</a> </td>
</tr>
<tr class="odd">
<td colspan="6" class="filename"><a title="Im Dateimananger öffnen" href="filemanager:///media/desinfect/OS/Spiele/Dying Light/_CommonRedist/DirectX/Jun2010/DXSETUP.exe">/media/desinfect/OS/Spiele/Dying Light/_CommonRedist/DirectX/Jun2010/DXSETUP.exe</a></td>
</tr>
<tr  class="odd">
<td class="leftempty"></td>
<td></td>
<td></td>
<td></td>
<td class="clamlight"><a target="_blank" href="hxxp://www.google.com/search?q=Win.Trojan.Dropped-1793">Win.Trojan.Dropped-1793</td><td>
<a href="vtupload:///media/desinfect/OS/Spiele/Dying Light/_CommonRedist/DirectX/Jun2010/DXSETUP.exe">VirusTotal</a>
 <a href="rename:///media/desinfect/OS/Spiele/Dying Light/_CommonRedist/DirectX/Jun2010/DXSETUP.exe">umbenennen</a> </td>
</tr>
<tr class="even">
<td colspan="6" class="filename"><a title="Im Dateimananger öffnen" href="filemanager:///media/desinfect/OS/Spiele/Origin Games/Battlefield 4/__Installer/directx/redist/DXSETUP.exe">/media/desinfect/OS/Spiele/Origin Games/Battlefield 4/__Installer/directx/redist/DXSETUP.exe</a></td>
</tr>
<tr  class="even">
<td class="leftempty"></td>
<td></td>
<td></td>
<td></td>
<td class="clamlight"><a target="_blank" href="hxxp://www.google.com/search?q=Win.Trojan.Dropped-1793">Win.Trojan.Dropped-1793</td><td>
<a href="vtupload:///media/desinfect/OS/Spiele/Origin Games/Battlefield 4/__Installer/directx/redist/DXSETUP.exe">VirusTotal</a>
 <a href="rename:///media/desinfect/OS/Spiele/Origin Games/Battlefield 4/__Installer/directx/redist/DXSETUP.exe">umbenennen</a> </td>
</tr>
<tr class="odd">
<td colspan="6" class="filename"><a title="Im Dateimananger öffnen" href="filemanager:///media/desinfect/OS/Spiele/Steam/steamapps/common/call of duty black ops/Redist/DirectX/DXSETUP.exe">/media/desinfect/OS/Spiele/Steam/steamapps/common/call of duty black ops/Redist/DirectX/DXSETUP.exe</a></td>
</tr>
<tr  class="odd">
<td class="leftempty"></td>
<td></td>
<td></td>
<td></td>
<td class="clamlight"><a target="_blank" href="hxxp://www.google.com/search?q=Win.Trojan.Dropped-1793">Win.Trojan.Dropped-1793</td><td>
<a href="vtupload:///media/desinfect/OS/Spiele/Steam/steamapps/common/call of duty black ops/Redist/DirectX/DXSETUP.exe">VirusTotal</a>
 <a href="rename:///media/desinfect/OS/Spiele/Steam/steamapps/common/call of duty black ops/Redist/DirectX/DXSETUP.exe">umbenennen</a> </td>
</tr>
<tr class="even">
<td colspan="6" class="filename"><a title="Im Dateimananger öffnen" href="filemanager:///media/desinfect/OS/Spiele/Steam/steamapps/common/call of duty modern warfare 3/Redist/DirectX/DXSETUP.exe">/media/desinfect/OS/Spiele/Steam/steamapps/common/call of duty modern warfare 3/Redist/DirectX/DXSETUP.exe</a></td>
</tr>
<tr  class="even">
<td class="leftempty"></td>
<td></td>
<td></td>
<td></td>
<td class="clamlight"><a target="_blank" href="hxxp://www.google.com/search?q=Win.Trojan.Dropped-1793">Win.Trojan.Dropped-1793</td><td>
<a href="vtupload:///media/desinfect/OS/Spiele/Steam/steamapps/common/call of duty modern warfare 3/Redist/DirectX/DXSETUP.exe">VirusTotal</a>
 <a href="rename:///media/desinfect/OS/Spiele/Steam/steamapps/common/call of duty modern warfare 3/Redist/DirectX/DXSETUP.exe">umbenennen</a> </td>
</tr>
<tr class="odd">
<td colspan="6" class="filename"><a title="Im Dateimananger öffnen" href="filemanager:///media/desinfect/OS/Spiele/Steam/steamapps/common/Dishonored/Binaries/Redist/directx_full_redist/DXSETUP.exe">/media/desinfect/OS/Spiele/Steam/steamapps/common/Dishonored/Binaries/Redist/directx_full_redist/DXSETUP.exe</a></td>
</tr>
<tr  class="odd">
<td class="leftempty"></td>
<td></td>
<td></td>
<td></td>
<td class="clamlight"><a target="_blank" href="hxxp://www.google.com/search?q=Win.Trojan.Dropped-1793">Win.Trojan.Dropped-1793</td><td>
<a href="vtupload:///media/desinfect/OS/Spiele/Steam/steamapps/common/Dishonored/Binaries/Redist/directx_full_redist/DXSETUP.exe">VirusTotal</a>
 <a href="rename:///media/desinfect/OS/Spiele/Steam/steamapps/common/Dishonored/Binaries/Redist/directx_full_redist/DXSETUP.exe">umbenennen</a> </td>
</tr>
<tr class="even">
<td colspan="6" class="filename"><a title="Im Dateimananger öffnen" href="filemanager:///media/desinfect/OS/Spiele/Steam/steamapps/common/max payne 3/MP3_Installers/DirectX/DXSETUP.exe">/media/desinfect/OS/Spiele/Steam/steamapps/common/max payne 3/MP3_Installers/DirectX/DXSETUP.exe</a></td>
</tr>
<tr  class="even">
<td class="leftempty"></td>
<td></td>
<td></td>
<td></td>
<td class="clamlight"><a target="_blank" href="hxxp://www.google.com/search?q=Win.Trojan.Dropped-1793">Win.Trojan.Dropped-1793</td><td>
<a href="vtupload:///media/desinfect/OS/Spiele/Steam/steamapps/common/max payne 3/MP3_Installers/DirectX/DXSETUP.exe">VirusTotal</a>
 <a href="rename:///media/desinfect/OS/Spiele/Steam/steamapps/common/max payne 3/MP3_Installers/DirectX/DXSETUP.exe">umbenennen</a> </td>
</tr>
<tr class="odd">
<td colspan="6" class="filename"><a title="Im Dateimananger öffnen" href="filemanager:///media/desinfect/OS/Spiele/Steam/steamapps/common/Shadow Warrior/_CommonRedist/DirectX/Jun2010/DXSETUP.exe">/media/desinfect/OS/Spiele/Steam/steamapps/common/Shadow Warrior/_CommonRedist/DirectX/Jun2010/DXSETUP.exe</a></td>
</tr>
<tr  class="odd">
<td class="leftempty"></td>
<td></td>
<td></td>
<td></td>
<td class="clamlight"><a target="_blank" href="hxxp://www.google.com/search?q=Win.Trojan.Dropped-1793">Win.Trojan.Dropped-1793</td><td>
<a href="vtupload:///media/desinfect/OS/Spiele/Steam/steamapps/common/Shadow Warrior/_CommonRedist/DirectX/Jun2010/DXSETUP.exe">VirusTotal</a>
 <a href="rename:///media/desinfect/OS/Spiele/Steam/steamapps/common/Shadow Warrior/_CommonRedist/DirectX/Jun2010/DXSETUP.exe">umbenennen</a> </td>
</tr>
<tr class="even">
<td colspan="6" class="filename"><a title="Im Dateimananger öffnen" href="filemanager:///media/desinfect/OS/Spiele/Steam/steamapps/common/Thief/_CommonRedist/DirectX/Jun2010/DXSETUP.exe">/media/desinfect/OS/Spiele/Steam/steamapps/common/Thief/_CommonRedist/DirectX/Jun2010/DXSETUP.exe</a></td>
</tr>
<tr  class="even">
<td class="leftempty"></td>
<td></td>
<td></td>
<td></td>
<td class="clamlight"><a target="_blank" href="hxxp://www.google.com/search?q=Win.Trojan.Dropped-1793">Win.Trojan.Dropped-1793</td><td>
<a href="vtupload:///media/desinfect/OS/Spiele/Steam/steamapps/common/Thief/_CommonRedist/DirectX/Jun2010/DXSETUP.exe">VirusTotal</a>
 <a href="rename:///media/desinfect/OS/Spiele/Steam/steamapps/common/Thief/_CommonRedist/DirectX/Jun2010/DXSETUP.exe">umbenennen</a> </td>
</tr>
<tr class="odd">
<td colspan="6" class="filename"><a title="Im Dateimananger öffnen" href="filemanager:///media/desinfect/OS/Users/Kontoname/AppData/Local/Temp/Rar$DRa0.881/mirc.exe">/media/desinfect/OS/Users/Kontoname/AppData/Local/Temp/Rar$DRa0.881/mirc.exe</a></td>
</tr>
<tr  class="odd">
<td class="leftempty"></td>
<td></td>
<td></td>
<td></td>
<td class="clamlight"><a target="_blank" href="hxxp://www.google.com/search?q=Trojan.Small-504">Trojan.Small-504</td><td>
<a href="vtupload:///media/desinfect/OS/Users/Kontoname/AppData/Local/Temp/Rar$DRa0.881/mirc.exe">VirusTotal</a>
 <a href="rename:///media/desinfect/OS/Users/Kontoname/AppData/Local/Temp/Rar$DRa0.881/mirc.exe">umbenennen</a> </td>
</tr>
</table>
<div class="cleanall"><p><a href="renameall:///virus">Alle gefundenen Dateien mit der Endung .VIRUS versehen</a></p></div></body>
</html>

Alt 20.06.2015, 16:31   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Datenleck Aufsprüfen PC1 - Standard

Datenleck Aufsprüfen PC1



hi,

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________

__________________

Alt 20.06.2015, 17:35   #3
Armer_Thor
 
Datenleck Aufsprüfen PC1 - Standard

Datenleck Aufsprüfen PC1



Vielen Dank für das schnelle Feedback!

Beide Scannner haben nichts gefunden. Daher blieb vermutlich der angekündigte Neustart von Malwarebytes Anti-Rootkit aus ?
TDSS Log:
Code:
ATTFilter
18:29:58.0802 0x16b0  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
18:29:58.0802 0x16b0  UEFI system
18:30:02.0197 0x16b0  ============================================================
18:30:02.0197 0x16b0  Current date / time: 2015/06/20 18:30:02.0197
18:30:02.0197 0x16b0  SystemInfo:
18:30:02.0197 0x16b0  
18:30:02.0197 0x16b0  OS Version: 6.3.9600 ServicePack: 0.0
18:30:02.0197 0x16b0  Product type: Workstation
18:30:02.0197 0x16b0  ComputerName: ProfilnamesLAPTOP
18:30:02.0197 0x16b0  UserName: Profilname
18:30:02.0197 0x16b0  Windows directory: C:\Windows
18:30:02.0197 0x16b0  System windows directory: C:\Windows
18:30:02.0197 0x16b0  Running under WOW64
18:30:02.0197 0x16b0  Processor architecture: Intel x64
18:30:02.0197 0x16b0  Number of processors: 8
18:30:02.0197 0x16b0  Page size: 0x1000
18:30:02.0197 0x16b0  Boot type: Normal boot
18:30:02.0197 0x16b0  ============================================================
18:30:02.0371 0x16b0  KLMD registered as C:\Windows\system32\drivers\30677795.sys
18:30:02.0489 0x16b0  System UUID: {ADFB46F5-4151-61FF-2749-D759EDBF996A}
18:30:02.0760 0x16b0  Drive \Device\Harddisk0\DR0 - Size: 0x773C256000 ( 476.94 Gb ), SectorSize: 0x200, Cylinders: 0xF334, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:30:02.0782 0x16b0  Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:30:02.0784 0x16b0  ============================================================
18:30:02.0784 0x16b0  \Device\Harddisk0\DR0:
18:30:02.0784 0x16b0  GPT partitions:
18:30:02.0784 0x16b0  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {C3E64DD3-66A9-4522-9AA2-2CC7E53C9FAD}, Name: EFI system partition, StartLBA 0x800, BlocksNum 0x32000
18:30:02.0784 0x16b0  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {93BE51D6-B2DF-4640-B6DF-4255C3E9E27D}, Name: Microsoft reserved partition, StartLBA 0x32800, BlocksNum 0x40000
18:30:02.0784 0x16b0  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {212F7661-DA7A-4109-87D1-56D1387943E3}, Name: Basic data partition, StartLBA 0x72800, BlocksNum 0x3A16D000
18:30:02.0784 0x16b0  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {05930F75-7BD6-4458-97FF-BAF0B0270A52}, Name: Basic data partition, StartLBA 0x3A1E0000, BlocksNum 0x1801000
18:30:02.0784 0x16b0  MBR partitions:
18:30:02.0784 0x16b0  \Device\Harddisk1\DR1:
18:30:02.0785 0x16b0  GPT partitions:
18:30:02.0785 0x16b0  \Device\Harddisk1\DR1\Partition1: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {CFACCBE9-D089-4A49-85A0-08D172FD1D6B}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0x74705800
18:30:02.0785 0x16b0  MBR partitions:
18:30:02.0785 0x16b0  ============================================================
18:30:02.0786 0x16b0  C: <-> \Device\Harddisk0\DR0\Partition3
18:30:02.0808 0x16b0  E: <-> \Device\Harddisk1\DR1\Partition1
18:30:02.0808 0x16b0  ============================================================
18:30:02.0808 0x16b0  Initialize success
18:30:02.0808 0x16b0  ============================================================
18:30:54.0876 0x04bc  ============================================================
18:30:54.0876 0x04bc  Scan started
18:30:54.0876 0x04bc  Mode: Manual; SigCheck; TDLFS; 
18:30:54.0876 0x04bc  ============================================================
18:30:54.0876 0x04bc  KSN ping started
18:30:57.0442 0x04bc  KSN ping finished: true
18:30:57.0828 0x04bc  ================ Scan system memory ========================
18:30:57.0829 0x04bc  System memory - ok
18:30:57.0829 0x04bc  ================ Scan services =============================
18:30:57.0873 0x04bc  1394ohci - ok
18:30:57.0876 0x04bc  3ware - ok
18:30:57.0899 0x04bc  [ E796AE43DDD1844281DB4D57294D17C0, 21AE69615044A96041E46476BE814B52C22624B6C7EA6BFC77BB64F69C3C21F5 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
18:30:57.0951 0x04bc  ACPI - ok
18:30:57.0959 0x04bc  acpiex - ok
18:30:57.0962 0x04bc  acpipagr - ok
18:30:57.0966 0x04bc  AcpiPmi - ok
18:30:57.0969 0x04bc  acpitime - ok
18:30:57.0973 0x04bc  ADP80XX - ok
18:30:57.0982 0x04bc  [ BCD58DACAA1EAAADC115EDD940478F6D, F31613F583C302F62A00E6766B031531C9E193CAED563689B178BA257715B992 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
18:30:58.0009 0x04bc  AeLookupSvc - ok
18:30:58.0012 0x04bc  AFD - ok
18:30:58.0016 0x04bc  AgereSoftModem - ok
18:30:58.0019 0x04bc  agp440 - ok
18:30:58.0024 0x04bc  [ FE14D249D39368CA62D8DA6BC94AC694, E1036E22BFBD3750FD2D3DA6AB939B2DD54E824F4BD3E6539EF0E45AB5453DD1 ] ahcache         C:\Windows\system32\DRIVERS\ahcache.sys
18:30:58.0041 0x04bc  ahcache - ok
18:30:58.0044 0x04bc  AiCharger - ok
18:30:58.0050 0x04bc  [ 14A45BE6F5678339F0EC5752D9849410, DD0F60E96FAC68FBD5B86382E541408C613BD0F871D0E0A1EF9AB6E7B26E545C ] ALG             C:\Windows\System32\alg.exe
18:30:58.0066 0x04bc  ALG - ok
18:30:58.0069 0x04bc  AmdK8 - ok
18:30:58.0073 0x04bc  AmdPPM - ok
18:30:58.0076 0x04bc  amdsata - ok
18:30:58.0079 0x04bc  amdsbs - ok
18:30:58.0083 0x04bc  amdxata - ok
18:30:58.0115 0x04bc  [ 3358CAD1887DDDDD2A36B7796B579292, 40BA1A836276C2AA78914F294661C3C918F2D6DFAA9D6EF3FEB6D1EE3B07F584 ] AntiVirMailService C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe
18:30:58.0145 0x04bc  AntiVirMailService - ok
18:30:58.0159 0x04bc  [ 1892E1DB0B6431720B98B52AE9388C28, 141098794D774265662FF0EBB4E938D70ADB8BD54B62B1C9A19F6C3C1F263FEC ] AntiVirSchedulerService C:\Program Files (x86)\Avira\Antivirus\sched.exe
18:30:58.0178 0x04bc  AntiVirSchedulerService - ok
18:30:58.0192 0x04bc  [ 1892E1DB0B6431720B98B52AE9388C28, 141098794D774265662FF0EBB4E938D70ADB8BD54B62B1C9A19F6C3C1F263FEC ] AntiVirService  C:\Program Files (x86)\Avira\Antivirus\avguard.exe
18:30:58.0210 0x04bc  AntiVirService - ok
18:30:58.0242 0x04bc  [ 6FD5165364D88FDABE4FA59E1768376F, B82D11E6FCC297F822E29A49D46C9985955C9F5676D107A397B00D0468F93504 ] AntiVirWebService C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe
18:30:58.0279 0x04bc  AntiVirWebService - ok
18:30:58.0285 0x04bc  [ 415DD71628795197F7AFC176CBADC74E, 5F0359053A6CD6EE239139E0E6F46E1FA9A73F017C0CE9B7BC052216B2C846EC ] AppID           C:\Windows\system32\drivers\appid.sys
18:30:58.0302 0x04bc  AppID - ok
18:30:58.0306 0x04bc  [ 34B2E222F82D05398DAE7203B36B6A2B, AC04BC6B5A36A6807FFE302E9ACF073342B4D76B0BB386249251CB3CA1852CE8 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
18:30:58.0321 0x04bc  AppIDSvc - ok
18:30:58.0334 0x04bc  [ 680BFB820C5A943AB709BAA2B1EF27F2, A51D2A7976A762FE470C13C6D1BA0319A0FB19C9E66BF02AA44F83EAEC7130F8 ] Appinfo         C:\Windows\System32\appinfo.dll
18:30:58.0369 0x04bc  Appinfo - ok
18:30:58.0407 0x04bc  [ 35E28923A23ADABAA5A1B43256D0AB58, A5F3AF8BBEE58B2165BAFACC5FF8B167B55B020998D3D1565C2229ED8753B269 ] AppReadiness    C:\Windows\system32\AppReadiness.dll
18:30:58.0446 0x04bc  AppReadiness - ok
18:30:58.0481 0x04bc  [ 573542B5E97772021B73E854DA861DAA, C3FD00FA28060F8D7CDFD455BBB5FF8239CB76DDFFF2BDAE6AA944674DD993D3 ] AppXSvc         C:\Windows\system32\appxdeploymentserver.dll
18:30:58.0518 0x04bc  AppXSvc - ok
18:30:58.0521 0x04bc  arcsas - ok
18:30:58.0524 0x04bc  ASLDRService - ok
18:30:58.0526 0x04bc  ASMMAP64 - ok
18:30:58.0529 0x04bc  Asus WebStorage Windows Service - ok
18:30:58.0531 0x04bc  AsusGameFirstService - ok
18:30:58.0536 0x04bc  atapi - ok
18:30:58.0540 0x04bc  ATKGFNEXSrv - ok
18:30:58.0545 0x04bc  ATKWMIACPIIO - ok
18:30:58.0558 0x04bc  [ 8779FDAE68BC948B0FE152E758CC8DA7, 13070C2073F8E7546B48AE9CF54067B9BB75DFCD98F2987B90FFAD20D40D54CF ] AudioEndpointBuilder C:\Windows\System32\AudioEndpointBuilder.dll
18:30:58.0577 0x04bc  AudioEndpointBuilder - ok
18:30:58.0600 0x04bc  [ 61EA45A645854FE81D8A924E2D93DFFE, 34F79532297F609CA93C380B68BB8B7B0F027F9C8F4FB8E02A9A43EA3D155F1B ] Audiosrv        C:\Windows\System32\Audiosrv.dll
18:30:58.0629 0x04bc  Audiosrv - ok
18:30:58.0636 0x04bc  [ CC1ABBD9E61B7AA5CCBB45EA87CB033F, 4E5DE485833721E19B36455C017B9D908BAA7D12637A878934A0FAF2326E000B ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
18:30:58.0646 0x04bc  avgntflt - ok
18:30:58.0651 0x04bc  [ 07C8454D3A94BA478752FAFA2B94E0FE, EB19396D4A6D51D6C33ED55C8EF0259045801D39CCE2945931F9163D6006C133 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
18:30:58.0658 0x04bc  avipbb - ok
18:30:58.0666 0x04bc  [ 17348FE28C0A0AB4A6CB86D177770335, 633FEDA61F62504534B47090EA142F73C5D80C0D52A22A6C81DF64CD3EAFDAA8 ] Avira.ServiceHost C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
18:30:58.0674 0x04bc  Avira.ServiceHost - ok
18:30:58.0677 0x04bc  [ 390184FAD8FCC1B6DA25AEBAE928C3B6, 537B0E0FAE080B55D70E990BBA0F7F22903CA340F6A42039BAD617A8ECF59119 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
18:30:58.0682 0x04bc  avkmgr - ok
18:30:58.0685 0x04bc  [ 83586138F23A4C284EB68AFC852D7AFA, 9ADE8924B4518ED0A8E3FC4CC3F9964BC05B5FF67F230A7FD0BDABCFFA0BB0C8 ] avnetflt        C:\Windows\system32\DRIVERS\avnetflt.sys
18:30:58.0691 0x04bc  avnetflt - ok
18:30:58.0695 0x04bc  [ 3C6ED74AF41DD1A5585CE5EF3D00915F, A742F576407776634E5A8E49C60023FFDF395DE0B2DE36662A23F85B79405ED2 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
18:30:58.0706 0x04bc  AxInstSV - ok
18:30:58.0709 0x04bc  b06bdrv - ok
18:30:58.0711 0x04bc  BasicDisplay - ok
18:30:58.0713 0x04bc  BasicRender - ok
18:30:58.0716 0x04bc  bcmfn2 - ok
18:30:58.0724 0x04bc  [ 77D760E9B477C21487C171F561497F98, 2393D466CEC863C771C5BB4CD81B251635DC084386134B8E13F74F3E1C6D68DF ] BDESVC          C:\Windows\System32\bdesvc.dll
18:30:58.0739 0x04bc  BDESVC - ok
18:30:58.0742 0x04bc  Beep - ok
18:30:58.0759 0x04bc  [ 7BCB00EA702F78EC74CD9699D85CE80B, 17241ADAA13051B560DB9FA9079CAE6321D5B49788B596C125DC912443B00421 ] BFE             C:\Windows\System32\bfe.dll
18:30:58.0781 0x04bc  BFE - ok
18:30:58.0801 0x04bc  [ 48554994279BFE17A3D2B00076D0CB1A, 6521B1EC0BC6B01F63976370D89FE7DC2E7404899F68B6FAC37A9173B9C5D489 ] BITS            C:\Windows\System32\qmgr.dll
18:30:58.0871 0x04bc  BITS - ok
18:30:58.0877 0x04bc  Bluetooth Device Monitor - ok
18:30:58.0881 0x04bc  Bluetooth OBEX Service - ok
18:30:58.0886 0x04bc  bowser - ok
18:30:58.0906 0x04bc  [ FA601515FF2B59F25FDD8EDB1D2A1104, 21DFB53241F8E880F7546B9ADF38F47D6AD0782EC7F8F0284ED69DE7CEF7DCB9 ] BrokerInfrastructure C:\Windows\System32\bisrv.dll
18:30:58.0943 0x04bc  BrokerInfrastructure - ok
18:30:58.0953 0x04bc  [ BC111AADACD0BF59D56547461D13AB6E, 91E3619930C29EE4B2683683888BA7EE3CF6B1DDB0C19A14E0880470CBE40EF4 ] Browser         C:\Windows\System32\browser.dll
18:30:58.0978 0x04bc  Browser - ok
18:30:58.0984 0x04bc  BthAvrcpTg - ok
18:30:58.0993 0x04bc  [ 1104A31260CCF4318C884E0AE6C513BF, A8F83B558944DEF0F84414A11DC3CB90C3A92377B46760EC0A9B8BC22FB0D5C7 ] BthEnum         C:\Windows\System32\drivers\BthEnum.sys
18:30:59.0015 0x04bc  BthEnum - ok
18:30:59.0023 0x04bc  [ 272A62B660A48AEF366F8A1836CED19F, 78EFAC6B1B2313482329BBFFBF0DDA6462BD88E5BE3C817C5E8E0EAF3074C925 ] BthHFEnum       C:\Windows\System32\drivers\bthhfenum.sys
18:30:59.0045 0x04bc  BthHFEnum - ok
18:30:59.0053 0x04bc  bthhfhid - ok
18:30:59.0078 0x04bc  [ 9307A4B743D277C499CDA8E19E5687AC, 7A01989EC3D54581F292BDEDC9B9445F2ABD50165102617E3089BDD061C63A19 ] BthHFSrv        C:\Windows\System32\BthHFSrv.dll
18:30:59.0115 0x04bc  BthHFSrv - ok
18:30:59.0121 0x04bc  BthLEEnum - ok
18:30:59.0125 0x04bc  BTHMODEM - ok
18:30:59.0130 0x04bc  BthPan - ok
18:30:59.0188 0x04bc  [ C37F4930795B771400C63C3C87E7A6C2, 0D0F54184B2DAA45F646E4F69B85C4411E8DFA88EB4763BB0F386055A420F217 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
18:30:59.0223 0x04bc  BTHPORT - ok
18:30:59.0230 0x04bc  [ 043A0F37631BF453F16D478B71320F46, C368296B802984F438852927B8A40EA3F4205724A05828F3173F08EC17228356 ] bthserv         C:\Windows\system32\bthserv.dll
18:30:59.0242 0x04bc  bthserv - ok
18:30:59.0248 0x04bc  [ 08EA90955AED2D959EE67DF6EDF0E2B6, 0A70AA67E5DD24C473C66A570C0FEBA9D398A0F0AD8386FE05D01C4D16346968 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
18:30:59.0259 0x04bc  BTHUSB - ok
18:30:59.0262 0x04bc  btmaux - ok
18:30:59.0265 0x04bc  btmhsf - ok
18:30:59.0268 0x04bc  cdfs - ok
18:30:59.0271 0x04bc  cdrom - ok
18:30:59.0277 0x04bc  [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] CertPropSvc     C:\Windows\System32\certprop.dll
18:30:59.0293 0x04bc  CertPropSvc - ok
18:30:59.0296 0x04bc  circlass - ok
18:30:59.0307 0x04bc  [ 8EB7E70C2D348FE2476A2E3F2D585E3D, 2B5D407FACF1D049261026CC552A7C93B028A661B0F4E959815EAE7670054127 ] CLFS            C:\Windows\system32\drivers\CLFS.sys
18:30:59.0325 0x04bc  CLFS - ok
18:30:59.0333 0x04bc  CmBatt - ok
18:30:59.0347 0x04bc  [ 5E5AB950693F2C6D6ACBEE3A74697ED7, 3790A7DD0AC65F47A697A577744FDFA4CC1CA3422884C84E499F97AC91BA84F3 ] CNG             C:\Windows\system32\Drivers\cng.sys
18:30:59.0370 0x04bc  CNG - ok
18:30:59.0374 0x04bc  CompositeBus - ok
18:30:59.0377 0x04bc  COMSysApp - ok
18:30:59.0379 0x04bc  condrv - ok
18:30:59.0384 0x04bc  [ 6324F0D18FB52833BA64BC828E29054C, 04118FA1BDFC512F76E4A81FEF34C78B6BD98429DB1D65123B6802B4A1E30584 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
18:30:59.0398 0x04bc  CryptSvc - ok
18:30:59.0401 0x04bc  dam - ok
18:30:59.0453 0x04bc  [ A6F17C299A03BAFEFB9257C462A19E00, EB68967D28355271897166D7B6FD963D1E546D3C24AE1AEAAC561F94357A9345 ] DcomLaunch      C:\Windows\system32\rpcss.dll
18:30:59.0499 0x04bc  DcomLaunch - ok
18:30:59.0513 0x04bc  [ 95E1ABFB27F8A62ED764805775F0D2F3, 692865DA60C93481E01592883678B2C51FD9AC9A835DFB00A8E3F2DFEE7AB0ED ] defragsvc       C:\Windows\System32\defragsvc.dll
18:30:59.0534 0x04bc  defragsvc - ok
18:30:59.0546 0x04bc  [ FF086DEF5995558CCB1B5AAC2110195D, CED52FF01F9247BFDAFC5C7EFC538F8638146ED715574A422496EE0F846CB079 ] DeviceAssociationService C:\Windows\system32\das.dll
18:30:59.0564 0x04bc  DeviceAssociationService - ok
18:30:59.0570 0x04bc  [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] DeviceInstall   C:\Windows\system32\umpnpmgr.dll
18:30:59.0586 0x04bc  DeviceInstall - ok
18:30:59.0589 0x04bc  Dfsc - ok
18:30:59.0600 0x04bc  [ 3EEAADA3125431980E5804ED7143458A, 381E12C83E3211C255B321D35536F4049D67E31061F8D82155E4D4509E97F43D ] Dhcp            C:\Windows\system32\dhcpcore.dll
18:30:59.0620 0x04bc  Dhcp - ok
18:30:59.0653 0x04bc  [ 3ECB752A6963B1CBC9AD65ED89C8ACED, 1D47D2EBD2C8D2B9F8D2D12A5FD93E6B10335EB6B23252DDEA6DF2233655FA59 ] DiagTrack       C:\Windows\system32\diagtrack.dll
18:30:59.0688 0x04bc  DiagTrack - ok
18:30:59.0691 0x04bc  disk - ok
18:30:59.0693 0x04bc  dmvsc - ok
18:30:59.0699 0x04bc  [ 33ADFB7453BF3271463712C4BCE61AD1, A1DB30F874BA7B2C4C653494D70B46B94BF7D39D0DD8559F6CA7A14B676FD617 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
18:30:59.0710 0x04bc  Dnscache - ok
18:30:59.0717 0x04bc  [ 811EACBCC7C51A03AE11F13CC27B2AB6, FAB94F84950FFB7D3649BAFB8D96D43B880D7FDE8D5B879472AE26C4BC4203B0 ] dot3svc         C:\Windows\System32\dot3svc.dll
18:30:59.0729 0x04bc  dot3svc - ok
18:30:59.0735 0x04bc  [ B99CB575986789A93A683DCF292A43A1, 6ACEA31C723B74003E106FC8303542FCC6DBC4952B6B523F6590D006BE57238D ] DPS             C:\Windows\system32\dps.dll
18:30:59.0746 0x04bc  DPS - ok
18:30:59.0749 0x04bc  [ 00C594D5A1DBD22AD8B2902B9F6EFF94, 2920D62B5F7C49A8AFA80FCAD1E834BBAA670AEBDD7E6F21F0496D1D3CCB4E90 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
18:30:59.0756 0x04bc  drmkaud - ok
18:30:59.0762 0x04bc  [ 263625A4F616538EB867B6306A6590DB, 2A064720C247EAA3446EFDCC9E01D84CBA875905D78DFED0FBD62D1EE422D416 ] DsmSvc          C:\Windows\System32\DeviceSetupManager.dll
18:30:59.0773 0x04bc  DsmSvc - ok
18:30:59.0800 0x04bc  [ E1BB0B6F00F470B451AB45EA13EBA0B3, 3A2FC2175B69A5EB98D6C2D563DBFDCB320647AB87A14E47FAE800423DCACDAB ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
18:30:59.0834 0x04bc  DXGKrnl - ok
18:30:59.0838 0x04bc  e1iexpress - ok
18:30:59.0842 0x04bc  [ E253530BD5EDE28F1FF6AF93C4D8034D, 787A70C3E946348F066FB8EB81FCE60157217D93FD78ADC631B5835E8D76A253 ] Eaphost         C:\Windows\System32\eapsvc.dll
18:30:59.0854 0x04bc  Eaphost - ok
18:30:59.0857 0x04bc  ebdrv - ok
18:30:59.0861 0x04bc  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] EFS             C:\Windows\System32\lsass.exe
18:30:59.0870 0x04bc  EFS - ok
18:30:59.0872 0x04bc  EhStorClass - ok
18:30:59.0874 0x04bc  EhStorTcgDrv - ok
18:30:59.0877 0x04bc  ErrDev - ok
18:30:59.0880 0x04bc  ETD - ok
18:30:59.0885 0x04bc  ETDService - ok
18:30:59.0917 0x04bc  [ F00C593994D57C75273F820653440536, 2DC986D9890EC907405FB2045E6F55ACC384169B45F0B56CCB1A953CF71D9A5D ] EventSystem     C:\Windows\system32\es.dll
18:30:59.0961 0x04bc  EventSystem - ok
18:30:59.0966 0x04bc  EvtEng - ok
18:30:59.0970 0x04bc  exfat - ok
18:30:59.0974 0x04bc  fastfat - ok
18:30:59.0999 0x04bc  [ 304B6AEC4639A7CCCCF544C6BA6177B2, B75CDD52FD3890B3008E06C503945D1E36478F0EC5E067C8DBC2822D7935D24B ] Fax             C:\Windows\system32\fxssvc.exe
18:31:00.0053 0x04bc  Fax - ok
18:31:00.0058 0x04bc  fdc - ok
18:31:00.0062 0x04bc  [ 020D2F29009F893ADEFF4405B4B44565, 9F8501064C72933D1442DA00E70392B30D0207EB7D60F50E6648FF363799E6F1 ] fdPHost         C:\Windows\system32\fdPHost.dll
18:31:00.0075 0x04bc  fdPHost - ok
18:31:00.0078 0x04bc  [ E80D2EDD2F88B6E20076A0A4F5A5A245, E3CD6E0BE152B22E8A7340EFFD10CCDB1B632CD3EDF487E83F697D2E22A7D594 ] FDResPub        C:\Windows\system32\fdrespub.dll
18:31:00.0091 0x04bc  FDResPub - ok
18:31:00.0096 0x04bc  [ 47AB7D16EDE434B934AA4D661456C2D5, D375A92FB3E4BB0A8DA5270DACC888E53FB9F514516039FE6DAE4D4EF6B9A970 ] fhsvc           C:\Windows\system32\fhsvc.dll
18:31:00.0111 0x04bc  fhsvc - ok
18:31:00.0114 0x04bc  FileInfo - ok
18:31:00.0117 0x04bc  Filetrace - ok
18:31:00.0120 0x04bc  flpydisk - ok
18:31:00.0131 0x04bc  [ C1FB505A73FA2E9019D32444AB33B75A, 765F0635C18295855CA4C0394192E8B94BA2EA1C4D74F86B720358ABA019FFAA ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
18:31:00.0149 0x04bc  FltMgr - ok
18:31:00.0175 0x04bc  [ 6C068E7207F183FF3647E45D2599E80C, D65C9888522CA29596D5C8BEFF42356F0310E812117E72C1D612BA089C0940D9 ] FontCache       C:\Windows\system32\FntCache.dll
18:31:00.0239 0x04bc  FontCache - ok
18:31:00.0245 0x04bc  FontCache3.0.0.0 - ok
18:31:00.0251 0x04bc  [ A7C31B168F371E8E6796219F23E354DB, C51C9BF568F1E96CBBE57D2432B38F93F40520086DDB6AAAAC48CBCD1691B441 ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
18:31:00.0264 0x04bc  FsDepends - ok
18:31:00.0268 0x04bc  Fs_Rec - ok
18:31:00.0274 0x04bc  fvevol - ok
18:31:00.0282 0x04bc  FxPPM - ok
18:31:00.0289 0x04bc  gagp30kx - ok
18:31:00.0295 0x04bc  GamesAppIntegrationService - ok
18:31:00.0302 0x04bc  GamesAppService - ok
18:31:00.0312 0x04bc  gencounter - ok
18:31:00.0322 0x04bc  GfExperienceService - ok
18:31:00.0331 0x04bc  GPIOClx0101 - ok
18:31:00.0383 0x04bc  [ 0D03F87D4FF4ADBAF8336DD80548155A, BC10CFA88EA2F41A8D96CB810B7953A4C168B79273A3E804A9F020F49AB58CD3 ] gpsvc           C:\Windows\System32\gpsvc.dll
18:31:00.0426 0x04bc  gpsvc - ok
18:31:00.0429 0x04bc  HdAudAddService - ok
18:31:00.0431 0x04bc  HDAudBus - ok
18:31:00.0433 0x04bc  HidBatt - ok
18:31:00.0438 0x04bc  [ 42F88B57CAE42FC10059C887B3FCFCEA, 9363AA2B8E839A6935A7C6A36C491938DF78024886DCCE6D29CB18E1D6A6D806 ] HidBth          C:\Windows\System32\drivers\hidbth.sys
18:31:00.0446 0x04bc  HidBth - ok
18:31:00.0448 0x04bc  hidi2c - ok
18:31:00.0450 0x04bc  HidIr - ok
18:31:00.0453 0x04bc  [ EA85B5093DF7B5C3E80362B053740AE2, 1D4251385402A2ADEE8FA1642F54180304F88337DA74989BDE44025ABB145FE5 ] hidserv         C:\Windows\system32\hidserv.dll
18:31:00.0462 0x04bc  hidserv - ok
18:31:00.0465 0x04bc  HIDSwitch - ok
18:31:00.0467 0x04bc  HidUsb - ok
18:31:00.0470 0x04bc  [ 93C4315F47F8D635C6DB0DF49FCE10EE, 70C52B8927D54ACD23F27948780B522974250FD5CD81AA9801C3F158C402889F ] hkmsvc          C:\Windows\system32\kmsvc.dll
18:31:00.0482 0x04bc  hkmsvc - ok
18:31:00.0489 0x04bc  [ AC49522ED106BD4B545D6614D71C2445, 40BD738A301170378ECFC031635EB04E2F812B676376CADDD6607ECABEC9255F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:31:00.0503 0x04bc  HomeGroupListener - ok
18:31:00.0513 0x04bc  [ 99932E30CE0283B73BB6E5019E150394, 1F88C2F56A7B8E1F75E6359281F418F9661DA4FB7B7D7B14FA7F718B15D4DCE0 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:31:00.0528 0x04bc  HomeGroupProvider - ok
18:31:00.0531 0x04bc  HpSAMD - ok
18:31:00.0549 0x04bc  [ E87A6D3B8FECD5B93BC0CFBB48C27970, 55C49B6F3822450447C082B40A263F3370694DB53AD0018ADEB911E4A9F65A88 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
18:31:00.0573 0x04bc  HTTP - ok
18:31:00.0577 0x04bc  hwpolicy - ok
18:31:00.0579 0x04bc  hyperkbd - ok
18:31:00.0581 0x04bc  HyperVideo - ok
18:31:00.0586 0x04bc  [ D887446F3F6051C60C26F4FD1FC8D43F, A3235C64E9D5378E3409FA7CDD9DB0DD1B3CE6A6EB018F2C40558EB9C427A498 ] i8042prt        C:\Windows\System32\drivers\i8042prt.sys
18:31:00.0597 0x04bc  i8042prt - ok
18:31:00.0600 0x04bc  iaLPSSi_GPIO - ok
18:31:00.0607 0x04bc  iaLPSSi_I2C - ok
18:31:00.0615 0x04bc  iaStorA - ok
18:31:00.0623 0x04bc  iaStorAV - ok
18:31:00.0631 0x04bc  iaStorV - ok
18:31:00.0640 0x04bc  iBtSiva - ok
18:31:00.0650 0x04bc  ibtusb - ok
18:31:00.0657 0x04bc  IEEtwCollectorService - ok
18:31:00.0722 0x04bc  [ 3DBDBD9581C015F02651D6A89801FAD5, 81B6D302C9CD29AD8319515056CFBCD0BD25619B2B166937ACD5F1416B568837 ] IKEEXT          C:\Windows\System32\ikeext.dll
18:31:00.0767 0x04bc  IKEEXT - ok
18:31:00.0772 0x04bc  IntcAzAudAddService - ok
18:31:00.0774 0x04bc  Intel(R) Capability Licensing Service TCP IP Interface - ok
18:31:00.0777 0x04bc  Intel(R) ME Service - ok
18:31:00.0780 0x04bc  IntelHSWPcc - ok
18:31:00.0783 0x04bc  intelide - ok
18:31:00.0787 0x04bc  [ A770340FC02B999EF0DE6C2A6BC8437C, 214567BE706B21BEA7EC13AF6B10FBFF658000511DBBA79BAA28D1D4EFD029A7 ] intelpep        C:\Windows\system32\drivers\intelpep.sys
18:31:00.0797 0x04bc  intelpep - ok
18:31:00.0799 0x04bc  intelppm - ok
18:31:00.0802 0x04bc  IpFilterDriver - ok
18:31:00.0824 0x04bc  [ A5800036E4EA06697A34742A24ACFBE1, BA67060526E9213000B4206F86A74F904999AD7018EFCBE4FE9708650DA9D973 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
18:31:00.0851 0x04bc  iphlpsvc - ok
18:31:00.0856 0x04bc  IPMIDRV - ok
18:31:00.0857 0x04bc  IPNAT - ok
18:31:00.0859 0x04bc  IRENUM - ok
18:31:00.0861 0x04bc  isapnp - ok
18:31:00.0864 0x04bc  iScsiPrt - ok
18:31:00.0865 0x04bc  jhi_service - ok
18:31:00.0869 0x04bc  [ A1D4D34A56DF1D5122CDB265038A2E72, AE061BA1A65C98AF875FA18878B014B57E33594D4AC4C39B050AA532E2220F83 ] kbdclass        C:\Windows\System32\drivers\kbdclass.sys
18:31:00.0876 0x04bc  kbdclass - ok
18:31:00.0879 0x04bc  [ 4A34D7084B862A92F3ABC4969166B3D3, 87B2635873DA4DD06D9E3B8E4313CBDBDC1488E4E340EC2101393EC65823771F ] kbdhid          C:\Windows\System32\drivers\kbdhid.sys
18:31:00.0888 0x04bc  kbdhid - ok
18:31:00.0889 0x04bc  kbfiltr - ok
18:31:00.0891 0x04bc  kdnic - ok
18:31:00.0894 0x04bc  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] KeyIso          C:\Windows\system32\lsass.exe
18:31:00.0910 0x04bc  KeyIso - ok
18:31:00.0920 0x04bc  [ 4E829B18D5BAEC29893792A3C671A847, 64C3B99F53A9D1ACA802B46B09E820AD210B667D5A1CD0ADAF1F12944B15B52E ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
18:31:00.0944 0x04bc  KSecDD - ok
18:31:00.0957 0x04bc  [ 15C8C65CEA018C02EA0F648448C491C5, DF909704D22D891BE439B2E3D8386EA659444F91DC92AABFF9766446AEE5EBC0 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
18:31:00.0977 0x04bc  KSecPkg - ok
18:31:00.0981 0x04bc  ksthunk - ok
18:31:00.0994 0x04bc  [ C1591A66028C71147A3E2EAB0B1CCB7E, 82F3D5DCC1614398A144D9791E4BAA814DBA9112677341FD57D5E9834CEDEB41 ] KtmRm           C:\Windows\system32\msdtckrm.dll
18:31:01.0021 0x04bc  KtmRm - ok
18:31:01.0041 0x04bc  [ CA2828DDE4B09FEFFDB7CE68B3D8D00A, B514792FF1EF36C678BB51644A1C420105D5E2CD6DD5A89A3FB252D08277A40C ] LanmanServer    C:\Windows\system32\srvsvc.dll
18:31:01.0069 0x04bc  LanmanServer - ok
18:31:01.0081 0x04bc  [ 3DBD9100745F9B8506B8FEC6FE6CCDE3, C3EF2856A1680AFDE133887E48946CF9CAB6755C3BDC07F0326965DCD4096F62 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:31:01.0106 0x04bc  LanmanWorkstation - ok
18:31:01.0125 0x04bc  [ 2B7479EB47731A8ACBA28AF4C4BDA32D, 67AEB98E7B41337FEFD92CC81BFAD25FBB679998B318C110A4873B1AD8927A97 ] lfsvc           C:\Windows\System32\GeofenceMonitorService.dll
18:31:01.0148 0x04bc  lfsvc - ok
18:31:01.0151 0x04bc  lltdio - ok
18:31:01.0157 0x04bc  [ DAE98CC96C5EE308BF4EA7B18F226CB8, 7A6CC56BF075010707715AB6608764291E358EDF27C806A025532869004C686B ] lltdsvc         C:\Windows\System32\lltdsvc.dll
18:31:01.0170 0x04bc  lltdsvc - ok
18:31:01.0173 0x04bc  [ 1E2662D847B7D9995C65D90D254A7E0F, AFD4063D2071FFCB6B0EAC0715276D986F42326919C86E525DCE12E1109A93E2 ] lmhosts         C:\Windows\System32\lmhsvc.dll
18:31:01.0183 0x04bc  lmhosts - ok
18:31:01.0185 0x04bc  LMS - ok
18:31:01.0188 0x04bc  LSI_SAS - ok
18:31:01.0190 0x04bc  LSI_SAS2 - ok
18:31:01.0193 0x04bc  LSI_SAS3 - ok
18:31:01.0195 0x04bc  LSI_SSS - ok
18:31:01.0209 0x04bc  [ 9A7A7E45DAED2E8C2816716D8D28236A, C94787988826E546A8DC752BD6BE4EA7423DC3762B2D371DB297A63F865A95FF ] LSM             C:\Windows\System32\lsm.dll
18:31:01.0235 0x04bc  LSM - ok
18:31:01.0241 0x04bc  luafv - ok
18:31:01.0250 0x04bc  megasas - ok
18:31:01.0256 0x04bc  megasr - ok
18:31:01.0263 0x04bc  MEIx64 - ok
18:31:01.0275 0x04bc  Microsoft SharePoint Workspace Audit Service - ok
18:31:01.0286 0x04bc  [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] MMCSS           C:\Windows\system32\mmcss.dll
18:31:01.0320 0x04bc  MMCSS - ok
18:31:01.0327 0x04bc  Modem - ok
18:31:01.0333 0x04bc  monitor - ok
18:31:01.0344 0x04bc  [ 2A2F8D5284E59815169A88F1FC9CEE28, 58EFBCF3C849FD088CFB7FE287FC7D9DD7E03D4E6AA98F0497C09E4596E42538 ] mouclass        C:\Windows\System32\drivers\mouclass.sys
18:31:01.0369 0x04bc  mouclass - ok
18:31:01.0379 0x04bc  [ 91223A2AE2955B3E0DA3DB79C3A897A6, 32B59CF1586C2300D60AF8A1D819515033ACC7F7A1F3523FC4AC7725E29B5A90 ] mouhid          C:\Windows\System32\drivers\mouhid.sys
18:31:01.0404 0x04bc  mouhid - ok
18:31:01.0416 0x04bc  [ D1D82F007A079A4D623DBD1F36EF30A1, 7901F81B62C5A4196D75A10C05386B16831CB290EFB9A1611CECF281068C520F ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
18:31:01.0443 0x04bc  mountmgr - ok
18:31:01.0451 0x04bc  [ 9FC679D10A7377BB04ECC3D0E2E26B53, 24ACD4EC1618A052C29E4463138B28F62C8B78D442DB82F4925E64FC5849A096 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:31:01.0466 0x04bc  MozillaMaintenance - ok
18:31:01.0473 0x04bc  [ 6FC047578785B0435F4E2660946D1ADC, 8AEA5659F01FC2F75160922C69622502DABA39F33CB90D5178DD679A1CDE617D ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
18:31:01.0490 0x04bc  mpsdrv - ok
18:31:01.0521 0x04bc  [ C18AA14126ADC66478E8E962B2DFAA98, A6F8CE9D88D590DC083253004392572C3BD02C33433CD6C0D9117D2AA7171EEC ] MpsSvc          C:\Windows\system32\mpssvc.dll
18:31:01.0554 0x04bc  MpsSvc - ok
18:31:01.0560 0x04bc  [ DB32958F0E704EFBF7F15161A569E39F, 8A26448B954F8A16EE9BA72EF47F6C549A75B30BD13FEB5A29EB099A74D8F678 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
18:31:01.0572 0x04bc  MRxDAV - ok
18:31:01.0583 0x04bc  [ 31233271EDE50D1BBB220F78AFA60486, 2122FAB5BD353DF63CF0FE9CEDBD5DFD1F26F2DE04303E1B3FFB03AA02AECED9 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
18:31:01.0620 0x04bc  mrxsmb - ok
18:31:01.0625 0x04bc  mrxsmb10 - ok
18:31:01.0637 0x04bc  [ 6276AC2AA203CF47811F6EFBBD214FBF, AE55D87D863A626347B0074F4E962080F1989A94153DAF8475593249F616DA2F ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:31:01.0660 0x04bc  mrxsmb20 - ok
18:31:01.0671 0x04bc  [ F3C060444777A59FC63D920719E43CCD, 8766A2746E3DFB0749E902F458141269335CA6F0CEDCA3D5F8C204637C19E783 ] MsBridge        C:\Windows\system32\DRIVERS\bridge.sys
18:31:01.0692 0x04bc  MsBridge - ok
18:31:01.0701 0x04bc  [ 915747E010A9414B069173284A9B93F4, 8A335C28FE1EF96DD71485877F2E86155D24B5614ACE05468F4B07E2ACD56331 ] MSDTC           C:\Windows\System32\msdtc.exe
18:31:01.0726 0x04bc  MSDTC - ok
18:31:01.0734 0x04bc  Msfs - ok
18:31:01.0739 0x04bc  msgpiowin32 - ok
18:31:01.0742 0x04bc  mshidkmdf - ok
18:31:01.0745 0x04bc  mshidumdf - ok
18:31:01.0748 0x04bc  msisadrv - ok
18:31:01.0755 0x04bc  [ 4EAEEBAC8CFF4E0D717DFA920BC58A90, A65CB1BB3392B6A04B978348CAC18A414560A6B04A727F22DFC0ADB20DD3AF6B ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
18:31:01.0770 0x04bc  MSiSCSI - ok
18:31:01.0773 0x04bc  msiserver - ok
18:31:01.0776 0x04bc  MSKSSRV - ok
18:31:01.0781 0x04bc  [ 51B3AC0560848CD6D65AC2033E293113, 73A27E88774C6929328E6C9FC9C389F4DF76D4D4D5CBFC4F51651CC308829628 ] MsLldp          C:\Windows\system32\DRIVERS\mslldp.sys
18:31:01.0793 0x04bc  MsLldp - ok
18:31:01.0796 0x04bc  MSPCLOCK - ok
18:31:01.0799 0x04bc  MSPQM - ok
18:31:01.0802 0x04bc  MsRPC - ok
18:31:01.0807 0x04bc  mssmbios - ok
18:31:01.0810 0x04bc  MSTEE - ok
18:31:01.0812 0x04bc  MTConfig - ok
18:31:01.0815 0x04bc  Mup - ok
18:31:01.0818 0x04bc  mvumis - ok
18:31:01.0821 0x04bc  MyWiFiDHCPDNS - ok
18:31:01.0835 0x04bc  [ 8DF30698BDD9492A9D45A4B94FB4A82A, 26B1B2D7E785E29B8BCB74C467C66AE4EBDD481ACFF36334F3BDF4506B778244 ] napagent        C:\Windows\system32\qagentRT.dll
18:31:01.0859 0x04bc  napagent - ok
18:31:01.0872 0x04bc  [ 008F7CED69FD5B30CBDE1E03C6F36A27, D4ADA7834C470B17A3CD976012DC5A511B32545B9F91D23D09A85722E0B75320 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
18:31:01.0894 0x04bc  NativeWifiP - ok
18:31:01.0902 0x04bc  [ BFCE1225D10619029E68946929CEB64C, 499F560331FFBA82E3D673B47F027FDAB7BEE4F2CB5B811D69E0218839F6E6A5 ] NcaSvc          C:\Windows\System32\ncasvc.dll
18:31:01.0920 0x04bc  NcaSvc - ok
18:31:01.0926 0x04bc  [ 267C97373110B7AFD3B46DF60B6CBB85, CEBB99F71D47634BB9C04DF2836DF6B47F15B3073FEFC237F85526DF01E4E38B ] NcbService      C:\Windows\System32\ncbservice.dll
18:31:01.0943 0x04bc  NcbService - ok
18:31:01.0948 0x04bc  [ 9ACED0F5B458C9011F39143326494E93, 9DFFC7EE7DE6FD92545EC6A203213C498A01EEFB0BC55460D339BCE498E56A7F ] NcdAutoSetup    C:\Windows\System32\NcdAutoSetup.dll
18:31:01.0964 0x04bc  NcdAutoSetup - ok
18:31:01.0992 0x04bc  [ 6D3A2565E01B3E4B0F1BEDB0D4B00B3F, 95F2608E17CA3E25BD7958D1A49F7030EC8088BC1DF12422F1DAC5BA99113E34 ] NDIS            C:\Windows\system32\drivers\ndis.sys
18:31:02.0033 0x04bc  NDIS - ok
18:31:02.0038 0x04bc  [ 8CECC8DA55F3274181FD1EA28AD76664, 188112424CEF97FB926A0FB915260B803555A775DD2E1846725A9C8616300F42 ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
18:31:02.0047 0x04bc  NdisCap - ok
18:31:02.0051 0x04bc  [ 269882812E9A68FFF1AFE1283D428322, 50B99EBC42DA9B46A8C2C28C9BADCF58AE3079535CDD1227D0F5C86291C715FF ] NdisImPlatform  C:\Windows\system32\DRIVERS\NdisImPlatform.sys
18:31:02.0061 0x04bc  NdisImPlatform - ok
18:31:02.0064 0x04bc  [ 82821F4EEC776B4CF11695A38F3ABA46, 23184F9D31E662855DC4D23EFE7C2FE00E5487D3762B6024704A5D8C87762E1C ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
18:31:02.0071 0x04bc  NdisTapi - ok
18:31:02.0073 0x04bc  Ndisuio - ok
18:31:02.0075 0x04bc  NdisVirtualBus - ok
18:31:02.0077 0x04bc  NdisWan - ok
18:31:02.0079 0x04bc  NdisWanLegacy - ok
18:31:02.0082 0x04bc  [ DDD7F92A83F74D1476B71FBA9530A8DC, D3F94FC9F48854E09B0B77CE5E1C1DB948D54EAC63C5583437051BB893B5A386 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
18:31:02.0090 0x04bc  NDProxy - ok
18:31:02.0094 0x04bc  [ 3083926D1CC5B56EA0786527B557DD1B, 3C3F0CA0D43398576DBE8F677B353ADDA7E8F56829874958CE668E31261C1590 ] Ndu             C:\Windows\system32\drivers\Ndu.sys
18:31:02.0104 0x04bc  Ndu - ok
18:31:02.0107 0x04bc  [ 42FF4975D032CAE558AE4BB8448F6E5A, 0B8FACF3382443DED79A8004A6AA14C32471A6A1C6BAA543AA9F3FEC52620A6D ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
18:31:02.0115 0x04bc  NetBIOS - ok
18:31:02.0117 0x04bc  NetBT - ok
18:31:02.0120 0x04bc  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] Netlogon        C:\Windows\system32\lsass.exe
18:31:02.0129 0x04bc  Netlogon - ok
18:31:02.0136 0x04bc  [ 8F074B62E66B6117D9598C62A12069C5, 5FDB19045D3E2F6D0F0C5158AC2ECB0D5404CD2AF7A319755D7E3753CA3B7CF3 ] Netman          C:\Windows\System32\netman.dll
18:31:02.0148 0x04bc  Netman - ok
18:31:02.0159 0x04bc  [ 4A04B1CD5BFB4A978C5F60E86D6C3E45, A946922C1C38ADD3CF9D3B09DDCC301AE4DAC960A081B2F42B32BE1E7095B3FD ] netprofm        C:\Windows\System32\netprofmsvc.dll
18:31:02.0176 0x04bc  netprofm - ok
18:31:02.0183 0x04bc  NetTcpPortSharing - ok
18:31:02.0187 0x04bc  [ D4DCE03870314D3354F3501F9DDD4123, 5BFE8299B3F72B8C39A4965365CBF5BA151024451F02DD872FAD1CC35CF94CEA ] netvsc          C:\Windows\System32\drivers\netvsc63.sys
18:31:02.0196 0x04bc  netvsc - ok
18:31:02.0199 0x04bc  NETwNb64 - ok
18:31:02.0200 0x04bc  NETwNe64 - ok
18:31:02.0203 0x04bc  NETwNs64 - ok
18:31:02.0205 0x04bc  NFC_Driver - ok
18:31:02.0214 0x04bc  [ E94EB2A95D7D016E119C4D6868788831, 3E4A925D23262FBA0A6432DD635FBE94B0CEF76BD9BB323254B66977497FEE2A ] NlaSvc          C:\Windows\System32\nlasvc.dll
18:31:02.0230 0x04bc  NlaSvc - ok
18:31:02.0233 0x04bc  Npfs - ok
18:31:02.0235 0x04bc  npsvctrig - ok
18:31:02.0238 0x04bc  [ 0F12A72A753CFD7FB0631EE8D08FE983, 860A96471F6CD90DDA9AB3A48E95CEAD826C87D2FA98A00EF91B61C44A4C8B82 ] nsi             C:\Windows\system32\nsisvc.dll
18:31:02.0251 0x04bc  nsi - ok
18:31:02.0255 0x04bc  [ 0E046FF5823B95326D10CF1B4AF23541, 39D22715003746527AB4BFEDED8C34B695DAF589091AE7F3A2A2C4B8A35675A9 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
18:31:02.0263 0x04bc  nsiproxy - ok
18:31:02.0298 0x04bc  [ 7F68063A5A0461E02BC860CE0E6BFDDC, 47E9F75D27B97278B74034B7D3951A26B1644911ED321455E08D935731C858DE ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
18:31:02.0340 0x04bc  Ntfs - ok
18:31:02.0344 0x04bc  Null - ok
18:31:02.0350 0x04bc  [ 7E4355930B28C2798D9F09AB9F81151F, 941C730F3B75BDF99639E76350031EDD15F18D8D860F3B1282C28B62096E7717 ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
18:31:02.0357 0x04bc  NVHDA - ok
18:31:02.0568 0x04bc  [ 7C28BA74B766F3470128107DA764F711, 43738B3B7F7A493D2B0102B889612A1E91545F38BA82CD911D63361F08048314 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:31:02.0724 0x04bc  nvlddmkm - ok
18:31:02.0735 0x04bc  NvNetworkService - ok
18:31:02.0737 0x04bc  nvraid - ok
18:31:02.0739 0x04bc  nvstor - ok
18:31:02.0740 0x04bc  NvStreamKms - ok
18:31:02.0742 0x04bc  NvStreamSvc - ok
18:31:02.0759 0x04bc  [ 2A4F832243E869FD7564AA90402D74BD, E730A517EB6D49036B6FC196BFC930ED93EDB4FD4FA7EB1EB69A434BB94AE3C0 ] nvsvc           C:\Windows\system32\nvvsvc.exe
18:31:02.0781 0x04bc  nvsvc - ok
18:31:02.0785 0x04bc  [ DD5D741E4FFF47BA4C1E8BD14D59E866, AB7B5A9386EE8AB41E53547529CB993EF70D66870B173B8B353C7936CE2A2932 ] NVVADARM        C:\Windows\system32\drivers\nvvadarm.sys
18:31:02.0790 0x04bc  NVVADARM - ok
18:31:02.0792 0x04bc  nvvad_WaveExtensible - ok
18:31:02.0794 0x04bc  nv_agp - ok
18:31:02.0831 0x04bc  [ FCE83ABDE761C87D17EA65960455F0E5, E59C13E26845FE0537AEBF0E4A9DC0AF3E6DF55C7A54247FC8078AC5DE666AD4 ] Origin Client Service C:\Spiele\Origin\OriginClientService.exe
18:31:02.0866 0x04bc  Origin Client Service - ok
18:31:02.0874 0x04bc  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:31:02.0881 0x04bc  ose - ok
18:31:03.0014 0x04bc  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:31:03.0090 0x04bc  osppsvc - ok
18:31:03.0104 0x04bc  [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
18:31:03.0119 0x04bc  p2pimsvc - ok
18:31:03.0129 0x04bc  [ FD8F61F0D1F64BBB3D835F39A3F979C9, E5C5F86576488EA7F605E26C06EE5AFB36506A446F60C894D55E0A148BF7F02D ] p2psvc          C:\Windows\system32\p2psvc.dll
18:31:03.0144 0x04bc  p2psvc - ok
18:31:03.0147 0x04bc  Parport - ok
18:31:03.0151 0x04bc  [ BAFF6122CFC9F95CA175AD8C348179A4, 079A912D951DF6A57BC1BDB0D182977EE9592751EC9DDCDA2932BDEDB333850C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
18:31:03.0159 0x04bc  partmgr - ok
18:31:03.0170 0x04bc  [ ABE95ABE27A8BD9701782BBCD82C9925, AE3BA1E9ECDE692374D8DAC95A8DAA289DD2470E3D8D58EFAD9F83A37F3AC8E5 ] PcaSvc          C:\Windows\System32\pcasvc.dll
18:31:03.0185 0x04bc  PcaSvc - ok
18:31:03.0188 0x04bc  pci - ok
18:31:03.0190 0x04bc  pciide - ok
18:31:03.0191 0x04bc  pcmcia - ok
18:31:03.0193 0x04bc  pcw - ok
18:31:03.0197 0x04bc  [ 24A8DFC07E4BAF29AEA26E383D4CC886, 1B903FE52CD816662D37A8113930B4B7019B6996D49F1982D8F42933A3525A67 ] pdc             C:\Windows\system32\drivers\pdc.sys
18:31:03.0204 0x04bc  pdc - ok
18:31:03.0207 0x04bc  PEAUTH - ok
18:31:03.0229 0x04bc  PerfHost - ok
18:31:03.0258 0x04bc  [ 70B39E7241F750A248798CE82C44596D, 54A72199EB277EE586611DCBC21654786FD2196F91D5884C4F531297893CC3EC ] pla             C:\Windows\system32\pla.dll
18:31:03.0291 0x04bc  pla - ok
18:31:03.0296 0x04bc  [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
18:31:03.0307 0x04bc  PlugPlay - ok
18:31:03.0311 0x04bc  [ CD421DDB5C6E5458CE52EDC36DE7DC5B, 7B9C0A8B2B86BBF5D7E02F2620B0015A2530CBBC99724BE20313DE53EB31D62E ] PnkBstrA        C:\Windows\system32\PnkBstrA.exe
18:31:03.0318 0x04bc  PnkBstrA - ok
18:31:03.0321 0x04bc  [ 4570F8A37D221660F3A09D6F4DD4BA94, 0EA190CFFA53DF9CCA2D53A4EF1BCB837BA3F2489A3AC5BD11F6D6ED811D118E ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
18:31:03.0332 0x04bc  PNRPAutoReg - ok
18:31:03.0357 0x04bc  [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
18:31:03.0399 0x04bc  PNRPsvc - ok
18:31:03.0416 0x04bc  [ BDD52AB4AEBB8B1904568DBD0CCB70CB, C3D1DBA349C79B43DCDD9EF5255C5EE973EFB844235B808B5EF9B63A51FF00AA ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
18:31:03.0445 0x04bc  PolicyAgent - ok
18:31:03.0454 0x04bc  [ C8DD82C3035E60D671B8CC5DF128D3A9, 6AABF632CBEDA9A7B553BC9134FF100CB6FDC88000D499D2883408FCEDD97576 ] Power           C:\Windows\system32\umpo.dll
18:31:03.0477 0x04bc  Power - ok
18:31:03.0488 0x04bc  PrintNotify - ok
18:31:03.0498 0x04bc  Processor - ok
18:31:03.0509 0x04bc  [ 19424364D8C03B990C4281BE53963FD0, 958FC8436E6B754858E20BC48B0D4B269991E8CA94C15C2761BF04ED52591907 ] ProfSvc         C:\Windows\system32\profsvc.dll
18:31:03.0537 0x04bc  ProfSvc - ok
18:31:03.0546 0x04bc  [ FC0141B4A5AD6D637D883C1A89FC45C5, DCE8942C02EEDAE7A57707CA60CAC3A8CD6BA68E6571E405CA882D4DD6D69E43 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
18:31:03.0565 0x04bc  Psched - ok
18:31:03.0585 0x04bc  [ DAA9DEE0A5D5F238C4EE54C2C7FB67C5, 7EC8C603BD92699AC35BDCD294F13BEE90D5C2C195FD93A3F16928BFCF53CA93 ] QWAVE           C:\Windows\system32\qwave.dll
18:31:03.0623 0x04bc  QWAVE - ok
18:31:03.0629 0x04bc  [ 83868EB2924E6BC21A54337C65D614D1, 8D1BE01EBD190231153B867C32120DC8FBFBD32050448A778134D435D76A0B07 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
18:31:03.0647 0x04bc  QWAVEdrv - ok
18:31:03.0652 0x04bc  [ B337B1F1E82A83E20A1743E008E25C0F, A2E8AF041B4CAB78AEE28A2147A189FF0F9D2FCEFB167D60FBBA0A787A5A5BE7 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
18:31:03.0676 0x04bc  RasAcd - ok
18:31:03.0689 0x04bc  [ 044638489B4A5FE5334F46C5314A0826, E06CC2A9EF369794DAD69FBB5AFD1676D4283DDAB2AD5E3EFE454C473F62F955 ] RasAuto         C:\Windows\System32\rasauto.dll
18:31:03.0730 0x04bc  RasAuto - ok
18:31:03.0767 0x04bc  [ F83B38FCD4F69157B3D158433FA149CC, AB103BD3E2B3B134CB355C556DF70BCF0CF4DB11EFF7DB4A9876D5AA43D81293 ] RasMan          C:\Windows\System32\rasmans.dll
18:31:03.0811 0x04bc  RasMan - ok
18:31:03.0816 0x04bc  RasPppoe - ok
18:31:03.0820 0x04bc  rdbss - ok
18:31:03.0826 0x04bc  rdpbus - ok
18:31:03.0830 0x04bc  RDPDR - ok
18:31:03.0839 0x04bc  [ BC8A79C625568DDB7DCA49D0C2741A64, AB0A7ED9EC2282EC0356D27EA4F70515943E41C2112428B787636B8BEC278933 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
18:31:03.0854 0x04bc  RdpVideoMiniport - ok
18:31:03.0859 0x04bc  rdyboost - ok
18:31:03.0894 0x04bc  [ 615DFD97DEA56CE1C3A52185A3038FF8, 707BF5F9FAE478A12656D15013F507CC1335E7B72BD21CA99BB813CB95E37BC0 ] ReFS            C:\Windows\system32\drivers\ReFS.sys
18:31:03.0928 0x04bc  ReFS - ok
18:31:03.0932 0x04bc  RegSrvc - ok
18:31:03.0938 0x04bc  [ 0CF7CB56BF2D5E9DBCEE0185CB626FAD, 2BD2E2FB1D2EADD1F70EF55E8523C353F95D4FEB1BAD5017FA4D94F790F27825 ] RemoteAccess    C:\Windows\System32\mprdim.dll
18:31:03.0950 0x04bc  RemoteAccess - ok
18:31:03.0955 0x04bc  [ AC8785B53F8436058C90450DA1840AE7, CC1FFC2713910211F8A6AD532DBB9253ACD188CBD784F1BE6613DF382825A3C1 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
18:31:03.0968 0x04bc  RemoteRegistry - ok
18:31:03.0974 0x04bc  [ DC66AE45816614D2999DCD3834DCCC4E, 1C26225135E851DDD1307F52401DD7055B26B3F3B8FDD693B21042C2896E235A ] RFCOMM          C:\Windows\System32\drivers\rfcomm.sys
18:31:03.0984 0x04bc  RFCOMM - ok
18:31:03.0988 0x04bc  [ 65B9FDE300A6DECC03BA44C4616DCAD6, CAD992982733DD20282A3453DC4E554AE1FC077C35479C0CA4E8BC3A9DCD3BB0 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
18:31:03.0999 0x04bc  RpcEptMapper - ok
18:31:04.0001 0x04bc  [ A737B433ABAF3F2DCB2BD7B4CC582B26, 3B5706B0CF0969A9F82060FD4DCC745F2D83C066B663FE8A4F0F493B64032C9C ] RpcLocator      C:\Windows\system32\locator.exe
18:31:04.0011 0x04bc  RpcLocator - ok
18:31:04.0027 0x04bc  [ A6F17C299A03BAFEFB9257C462A19E00, EB68967D28355271897166D7B6FD963D1E546D3C24AE1AEAAC561F94357A9345 ] RpcSs           C:\Windows\system32\rpcss.dll
18:31:04.0048 0x04bc  RpcSs - ok
18:31:04.0051 0x04bc  rspndr - ok
18:31:04.0053 0x04bc  RTL8168 - ok
18:31:04.0064 0x04bc  [ 11EF57EC51EDE3697B462B5FDDBFD0D1, B7CE98D2AAC12B5809B03F273AC71F604D9FEDB8743E92460F17E4910BDB6204 ] RzWizardService C:\Program Files (x86)\Razer\RzWizard\RzWizardService.exe
18:31:04.0072 0x04bc  RzWizardService - detected UnsignedFile.Multi.Generic ( 1 )
18:31:06.0669 0x04bc  Detect skipped due to KSN trusted
18:31:06.0670 0x04bc  RzWizardService - ok
18:31:06.0677 0x04bc  s3cap - ok
18:31:06.0687 0x04bc  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] SamSs           C:\Windows\system32\lsass.exe
18:31:06.0720 0x04bc  SamSs - ok
18:31:06.0725 0x04bc  sbp2port - ok
18:31:06.0736 0x04bc  [ 74A3B67F03877D06B09B1B40C5ED582E, A8FF9BF416F0BF365BFB4E1796859825C811A74B5E54DDDCE8345193BEEBE206 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
18:31:06.0776 0x04bc  SCardSvr - ok
18:31:06.0791 0x04bc  [ 8B9C4D55B4A536FB01C360DDB9533574, 9B939FE68F6F9C171ED0D91E2CE1E67515295D34EC23606BCDFD097DCC8CFD4A ] ScDeviceEnum    C:\Windows\System32\ScDeviceEnum.dll
18:31:06.0833 0x04bc  ScDeviceEnum - ok
18:31:06.0843 0x04bc  [ 13BEA6C882D4D877A5A85CA149C86BC1, 8E9BE5C2A36D5881D9985C3A31309FE03966EA13A3541D3C5B542AB67FA0D55F ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
18:31:06.0873 0x04bc  scfilter - ok
18:31:06.0921 0x04bc  [ A626F5E446860F22835E783142D7AE33, 3A786639E1FABCA512F4F91A10811DD3C4D9C9C9BB893362E4D019219D0BD8E2 ] Schedule        C:\Windows\system32\schedsvc.dll
18:31:06.0964 0x04bc  Schedule - ok
18:31:06.0970 0x04bc  [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] SCPolicySvc     C:\Windows\System32\certprop.dll
18:31:06.0980 0x04bc  SCPolicySvc - ok
18:31:06.0988 0x04bc  [ C54B6B2170BF628FD42F799A66956D75, BCF460A124CAA6F1F1A9A7BCBDCC2D5E39B0404D96B7C9FFAC806E041782B91E ] sdbus           C:\Windows\System32\drivers\sdbus.sys
18:31:06.0998 0x04bc  sdbus - ok
18:31:07.0001 0x04bc  sdstor - ok
18:31:07.0003 0x04bc  secdrv - ok
18:31:07.0006 0x04bc  [ BA24CEA7152239F42ECD04AFB7C89D24, A2A11EABB0C283772B74667C7544B61BEB1B9745FBF065E831542129EB585AFA ] seclogon        C:\Windows\system32\seclogon.dll
18:31:07.0016 0x04bc  seclogon - ok
18:31:07.0020 0x04bc  [ 81FE9A81EDF8016816C9E91FBFBF7D35, 87FB92A3D15F312F0B9C423EF851061A944B013E5668D8C9A441B4DC0EB690AF ] SENS            C:\Windows\System32\sens.dll
18:31:07.0031 0x04bc  SENS - ok
18:31:07.0037 0x04bc  [ 6E4012AE67F09F867EF620C8D5524C0B, 63933E51F8E413E63481369CE2F9FD224560550FBD3BD2B4573E9F4AD88708A2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
18:31:07.0050 0x04bc  SensrSvc - ok
18:31:07.0053 0x04bc  SerCx - ok
18:31:07.0054 0x04bc  SerCx2 - ok
18:31:07.0056 0x04bc  Serenum - ok
18:31:07.0058 0x04bc  Serial - ok
18:31:07.0061 0x04bc  [ 96B01F117057FB4DAE0FF919ACB55770, D0F58F1CAE4F81D60FCE60BB0065A34B4F897E8105DF17B6DAA334938CD25A56 ] sermouse        C:\Windows\System32\drivers\sermouse.sys
18:31:07.0068 0x04bc  sermouse - ok
18:31:07.0079 0x04bc  [ 3A2F1A7472C3B7CC9B89C8516C726488, 9BCBBAC10C900EA7B30822B463A77EE5067F217C4B490857A09E5277983CB89B ] SessionEnv      C:\Windows\system32\sessenv.dll
18:31:07.0094 0x04bc  SessionEnv - ok
18:31:07.0096 0x04bc  sfloppy - ok
18:31:07.0105 0x04bc  [ 8081FF3DAE8159FE8956B09BC29CE983, AC0F305AEE8B1AB2E1275F1D33EC1D2F3E23F234F831BD9D41F415A94A19D3AB ] SharedAccess    C:\Windows\System32\ipnathlp.dll
18:31:07.0120 0x04bc  SharedAccess - ok
18:31:07.0133 0x04bc  [ 7FD9A61A3523A61FC135D61D6E160314, 409E1CF7A62FD90CBC31AEAFBB7230B02DBEC6CFCA2D266D221A7643FAEBA13B ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:31:07.0168 0x04bc  ShellHWDetection - ok
18:31:07.0173 0x04bc  SiSRaid2 - ok
18:31:07.0178 0x04bc  SiSRaid4 - ok
18:31:07.0191 0x04bc  [ F6EF225A23D336CA30001E5007644C24, B0A4B1256C1074F1B4F73E3BBA16FD4683D6EEA583DEEF8E11EFD29BA7541F2A ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
18:31:07.0216 0x04bc  SkypeUpdate - ok
18:31:07.0222 0x04bc  [ 3C84DCCE5B322F745A75CA8BA3A0F6B3, 1FB94A8A1C63D6FDB82E28ED5B696B3CB1F64183A89A3B5153B266C292CB7815 ] smphost         C:\Windows\System32\smphost.dll
18:31:07.0241 0x04bc  smphost - ok
18:31:07.0249 0x04bc  [ D0EB0DF8C603BBA084351A92732B1CBE, E24ED8F78EF41C1BC17386AE4BBCE0DC892C5B89B12C03FC9FB61D359B13F1B4 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
18:31:07.0270 0x04bc  SNMPTRAP - ok
18:31:07.0293 0x04bc  [ D24B1945ED1F9C96DA786DBBF1E983CE, B46CB0B72B7A3DF94A46B8D65E38535C5F8E72A55CF2DC48EFA1F9A0108691C4 ] spaceport       C:\Windows\system32\drivers\spaceport.sys
18:31:07.0322 0x04bc  spaceport - ok
18:31:07.0325 0x04bc  SpbCx - ok
18:31:07.0340 0x04bc  [ FCB156A6745631A67DEA61827061D483, 9275ABFA1E1E595969A71C0DA228D18D1B868BF46E097E1276142BD80F8A32C9 ] Spooler         C:\Windows\System32\spoolsv.exe
18:31:07.0364 0x04bc  Spooler - ok
18:31:07.0367 0x04bc  sppsvc - ok
18:31:07.0369 0x04bc  srv - ok
18:31:07.0382 0x04bc  [ 00D8AC8E3053290BDE6EA2FB6810D2FC, 957FEF84CBBAE71829529AE99A1B24F52D7831BD666442D0132FBB825409A75D ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
18:31:07.0398 0x04bc  srv2 - ok
18:31:07.0401 0x04bc  srvnet - ok
18:31:07.0408 0x04bc  [ CF6C3037839CF78421A94F9060C2886F, CA98C180AE03F5BE8FEFFBA75BD98DEE2AD4FA975E1EF83215C9CD2476946811 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
18:31:07.0421 0x04bc  SSDPSRV - ok
18:31:07.0427 0x04bc  [ 198A737DBA666F4808D62E9A8277A6B7, 90B6E5E2ACE95D850C913A3A1DA1F966C44955C530004C228FA93B2A536F5C27 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
18:31:07.0438 0x04bc  SstpSvc - ok
18:31:07.0456 0x04bc  [ 0A3544D7E9AF7D8C991C904339157EDC, 1E1DE4D808AE1174B0CB37E93EBADFC98FEBCD70D612CFE393DDA513581CD123 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
18:31:07.0480 0x04bc  Steam Client Service - ok
18:31:07.0511 0x04bc  [ F82B2FC221CA0E408874884787491667, A9C7FB9C4719484BDA4FB69A8F948DC556CFEA19DFE89D2E63536F2C42725E66 ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
18:31:07.0543 0x04bc  Stereo Service - ok
18:31:07.0548 0x04bc  stexstor - ok
18:31:07.0573 0x04bc  [ 63E9CE568CF1192771A5F0460DE7D2B9, C27B21FD2C14AD41A59EF62EB8AC95C08EB13CCB1CEECD8378B8CDD4DC352E69 ] stisvc          C:\Windows\System32\wiaservc.dll
18:31:07.0607 0x04bc  stisvc - ok
18:31:07.0610 0x04bc  storahci - ok
18:31:07.0613 0x04bc  [ 8B9486B64E5FC17FB9CC04CA10B77A34, C1EAC9D27DC83E4C56B890D97988C3CCFAE3877309610601F2E3FFFE97686D43 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
18:31:07.0623 0x04bc  storflt - ok
18:31:07.0626 0x04bc  stornvme - ok
18:31:07.0629 0x04bc  [ A45F5AC9D8069D0EC66E3CA73103073B, 996788F1C58E016E8E5CF3FD1D220A3C40AFFD6C21361A34636415DB12E0D381 ] StorSvc         C:\Windows\system32\storsvc.dll
18:31:07.0642 0x04bc  StorSvc - ok
18:31:07.0645 0x04bc  storvsc - ok
18:31:07.0648 0x04bc  [ E395BE02F80A79A6CF973BA38DBB8135, 4C6F85B0EB8E7725BA720F9742561D229726C0D7C17505D1E79F19A5626F6325 ] svsvc           C:\Windows\system32\svsvc.dll
18:31:07.0660 0x04bc  svsvc - ok
18:31:07.0663 0x04bc  [ 65454187E0F8B6C0DCECB0287D06EC43, 87550000CF5B3C1DF3E69633934AFE8554AE40B6638F190D3185AD63F1D7A2EE ] swenum          C:\Windows\System32\drivers\swenum.sys
18:31:07.0672 0x04bc  swenum - ok
18:31:07.0690 0x04bc  [ 1C71D72D4997A284128FBEE770726330, 21682BDE74A1108FED1124FB1EA35A03CBFA94ABE1B89CC0FADB4DD82596C43E ] swprv           C:\Windows\System32\swprv.dll
18:31:07.0716 0x04bc  swprv - ok
18:31:07.0740 0x04bc  [ 3114CB46C2853CA71525428CB0C7CB58, A9CC51506AABBC23BAB2B90E30AB13197A72268A3DE6D2F281C1C367ED7118AE ] SysMain         C:\Windows\system32\sysmain.dll
18:31:07.0768 0x04bc  SysMain - ok
18:31:07.0777 0x04bc  [ 23BECB70654B192A7E378DEE3DBD8D42, 7596174AE7508B62C40A429645198F6A420D0CD5B62A10AB78516113584E7EDB ] SystemEventsBroker C:\Windows\System32\SystemEventsBrokerServer.dll
18:31:07.0792 0x04bc  SystemEventsBroker - ok
18:31:07.0798 0x04bc  [ D6A71B95ACF71ACA63B67232059F1BCD, C5CEC032E7AB507500D1CC7A4E65DA6322412C798201A9D770CBDE892E50DFC8 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:31:07.0812 0x04bc  TabletInputService - ok
18:31:07.0820 0x04bc  [ 5A5BAB1CA9621E73E25EE4744B67CDA6, 479EBD7BAE1E2AD431153FDC016742F7A8D824716EAB1A4CA87EBBD21D61DECD ] TapiSrv         C:\Windows\System32\tapisrv.dll
18:31:07.0835 0x04bc  TapiSrv - ok
18:31:07.0877 0x04bc  [ 468273F7089A3A33D149955F0F203FA4, 18FD0B73FBD63550E904EE76D4323EFE163BFF8C3DC6DE67F4BE6003C7DC6879 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
18:31:07.0928 0x04bc  Tcpip - ok
18:31:07.0971 0x04bc  [ 468273F7089A3A33D149955F0F203FA4, 18FD0B73FBD63550E904EE76D4323EFE163BFF8C3DC6DE67F4BE6003C7DC6879 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
18:31:08.0021 0x04bc  TCPIP6 - ok
18:31:08.0026 0x04bc  tcpipreg - ok
18:31:08.0029 0x04bc  tdx - ok
18:31:08.0031 0x04bc  terminpt - ok
18:31:08.0073 0x04bc  [ C50997E282576DA492EBA66B059D4196, EBD793CB396F9503376207FA60353F5672DEDB620C8E01C8D6AE0030B3B03339 ] TermService     C:\Windows\System32\termsrv.dll
18:31:08.0112 0x04bc  TermService - ok
18:31:08.0117 0x04bc  [ 2180DBCE75B914E5E5BBFFFAAE97AA21, 8000AECC8855903DB50ABA7E304396D1FCEAE8DC9ADD4FC50275CF24B4D914DE ] Themes          C:\Windows\system32\themeservice.dll
18:31:08.0128 0x04bc  Themes - ok
18:31:08.0136 0x04bc  [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] THREADORDER     C:\Windows\system32\mmcss.dll
18:31:08.0168 0x04bc  THREADORDER - ok
18:31:08.0172 0x04bc  ThunderboltService - ok
18:31:08.0186 0x04bc  [ B5ED9CC61798C7D44BD535D40B89EFB5, 1BDCEAA9AF2096381870D92129C748F4EE06A1167ABA9367B9DD43BAF27E3F5B ] TimeBroker      C:\Windows\System32\TimeBrokerServer.dll
18:31:08.0218 0x04bc  TimeBroker - ok
18:31:08.0222 0x04bc  TPM - ok
18:31:08.0228 0x04bc  [ 884113C2BB703FE806C8608B75F34831, 24DE5750CA4363455412BABB0B1FAB08497153E8F158ED44958F100410F93506 ] TrkWks          C:\Windows\System32\trkwks.dll
18:31:08.0245 0x04bc  TrkWks - ok
18:31:08.0250 0x04bc  [ 44A94FB4C76528D2382FFE04B05827C3, B0BCDF7CD1D65E61A9061D539D83527A89B69583958F8A26C6BF9766C1B61E0C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:31:08.0265 0x04bc  TrustedInstaller - ok
18:31:08.0269 0x04bc  TsUsbFlt - ok
18:31:08.0273 0x04bc  [ 20185BEB7512EDE4EFECDFA148AC9F99, 6F539478493C0F87F3DDF67A4A6D4D41E9474EEF21434E856350CE149A34EA9F ] TsUsbGD         C:\Windows\System32\drivers\TsUsbGD.sys
18:31:08.0286 0x04bc  TsUsbGD - ok
18:31:08.0289 0x04bc  tunnel - ok
18:31:08.0292 0x04bc  uagp35 - ok
18:31:08.0295 0x04bc  UASPStor - ok
18:31:08.0303 0x04bc  [ 807F8CF3E973305FC435C61CBBEE2A49, 43CDEAC2BFC5091C11DFC0E7F7171AF9A598AE56CB056C3CF382AE7807F79EF0 ] UCX01000        C:\Windows\System32\drivers\ucx01000.sys
18:31:08.0319 0x04bc  UCX01000 - ok
18:31:08.0330 0x04bc  [ C61EAF8E1E4B2F62BA4FDF457440B2C6, 961F76A789925234AC27F56AAE34556FA06088D71580B42C24B0BC209EAFD67E ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
18:31:08.0346 0x04bc  udfs - ok
18:31:08.0349 0x04bc  UEFI - ok
18:31:08.0353 0x04bc  [ A867F0F978EE64C87FADC3B100869EE4, 2686BE85F963D0D0BB275E92E5B543280D8742CF10772303E3189D0719B6A277 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
18:31:08.0363 0x04bc  UI0Detect - ok
18:31:08.0366 0x04bc  uliagpkx - ok
18:31:08.0368 0x04bc  umbus - ok
18:31:08.0370 0x04bc  UmPass - ok
18:31:08.0377 0x04bc  [ A023F267A262D5DA6CE1436D9C5E8FD9, 92AD7AF91184C244A7E392F49663143193A80D5D81114546A00F18227DE31D23 ] UmRdpService    C:\Windows\System32\umrdp.dll
18:31:08.0391 0x04bc  UmRdpService - ok
18:31:08.0401 0x04bc  [ C98493DD8E6A50154FAC75C15E1C36BB, CECD1C826C8F7AF05468871BF6A0ACDBB6B0202F4F87F48C6D367E5BD699E800 ] upnphost        C:\Windows\System32\upnphost.dll
18:31:08.0418 0x04bc  upnphost - ok
18:31:08.0420 0x04bc  usbccgp - ok
18:31:08.0425 0x04bc  [ 0139248F6B95CF0D837B5B46A2722D40, 38E3E704E0364F07732DB418AEBD126B040FB3CDB7D78EA36E8605D50D528A80 ] usbcir          C:\Windows\System32\drivers\usbcir.sys
18:31:08.0434 0x04bc  usbcir - ok
18:31:08.0436 0x04bc  usbehci - ok
18:31:08.0438 0x04bc  usbhub - ok
18:31:08.0451 0x04bc  [ 95B0179BDA907252025DEEA183699FB3, A6BDFB93EE9418A83407024204A41640A08638C60E2BE75C249D102601DC1D80 ] USBHUB3         C:\Windows\System32\drivers\UsbHub3.sys
18:31:08.0465 0x04bc  USBHUB3 - ok
18:31:08.0468 0x04bc  usbohci - ok
18:31:08.0470 0x04bc  usbprint - ok
18:31:08.0476 0x04bc  [ 66732C13628BDB1AB0D6FD46027327C2, B582C0F348D8F79419CA5A58F10CA151E06D7CA3BE162344CADA46D9D7FED97C ] USBSTOR         C:\Windows\System32\drivers\USBSTOR.SYS
18:31:08.0485 0x04bc  USBSTOR - ok
18:31:08.0488 0x04bc  usbuhci - ok
18:31:08.0495 0x04bc  [ 5C8F604F6DC74177CDD8372D7B1ADFF0, C1DE9A37A7A01CCCBFCE13C1E5B26683F620AB21EDA5A14C82022E2F49C84484 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
18:31:08.0506 0x04bc  usbvideo - ok
18:31:08.0516 0x04bc  [ 44603DA5A87FB491EF59C889EBBB4DDB, 59AA9B6B0B5D66F9312CD3F999D0D9F12F1A2C5D230365AD7287CD71FD86961C ] USBXHCI         C:\Windows\System32\drivers\USBXHCI.SYS
18:31:08.0528 0x04bc  USBXHCI - ok
18:31:08.0531 0x04bc  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] VaultSvc        C:\Windows\system32\lsass.exe
18:31:08.0540 0x04bc  VaultSvc - ok
18:31:08.0543 0x04bc  vdrvroot - ok
18:31:08.0565 0x04bc  [ 8A4D808D1EC7C1C47B2C8BF488A9A07A, 63C07312ADB6F8A8BDE93361C30AC63DAB4DE1141AF54630EEF11E54B0BF983D ] vds             C:\Windows\System32\vds.exe
18:31:08.0596 0x04bc  vds - ok
18:31:08.0599 0x04bc  VerifierExt - ok
18:31:08.0615 0x04bc  [ C06E8481E068F170A258441639AC5792, 2F550530BACB511A195D5047F003B01CB6E04FA9A0DCCF638CB3D51FF5467DC7 ] vhdmp           C:\Windows\System32\drivers\vhdmp.sys
18:31:08.0631 0x04bc  vhdmp - ok
18:31:08.0634 0x04bc  viaide - ok
18:31:08.0638 0x04bc  [ 511AD3FF957A0127E6BD336FF6F89C38, 55325BFD0857A1204F7F6F8ED8C91C07B0E20A50402105708E7365ECD9E25A21 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
18:31:08.0646 0x04bc  vmbus - ok
18:31:08.0648 0x04bc  VMBusHID - ok
18:31:08.0659 0x04bc  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicguestinterface C:\Windows\System32\ICSvc.dll
18:31:08.0676 0x04bc  vmicguestinterface - ok
18:31:08.0688 0x04bc  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicheartbeat   C:\Windows\System32\ICSvc.dll
18:31:08.0704 0x04bc  vmicheartbeat - ok
18:31:08.0716 0x04bc  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmickvpexchange C:\Windows\System32\ICSvc.dll
18:31:08.0732 0x04bc  vmickvpexchange - ok
18:31:08.0743 0x04bc  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicrdv         C:\Windows\System32\ICSvc.dll
18:31:08.0759 0x04bc  vmicrdv - ok
18:31:08.0770 0x04bc  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicshutdown    C:\Windows\System32\ICSvc.dll
18:31:08.0786 0x04bc  vmicshutdown - ok
18:31:08.0812 0x04bc  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmictimesync    C:\Windows\System32\ICSvc.dll
18:31:08.0845 0x04bc  vmictimesync - ok
18:31:08.0857 0x04bc  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicvss         C:\Windows\System32\ICSvc.dll
18:31:08.0874 0x04bc  vmicvss - ok
18:31:08.0877 0x04bc  volmgr - ok
18:31:08.0879 0x04bc  volmgrx - ok
18:31:08.0881 0x04bc  volsnap - ok
18:31:08.0884 0x04bc  [ EF31713EE4C7CCFE4049F7E7F15645A2, 35D198D3F1061E19A7EF89FA1E75377049CD6BCA9702F8076B9F95BB8737E0D4 ] vpci            C:\Windows\System32\drivers\vpci.sys
18:31:08.0892 0x04bc  vpci - ok
18:31:08.0895 0x04bc  vsmraid - ok
18:31:08.0919 0x04bc  [ 94FAFD473CDD80CE19A21FB9503D7ED1, 953E5E8C753C0017E1258695A76F60CC05D283F7476B9D9C5C8AC78B8E3FCE18 ] VSS             C:\Windows\system32\vssvc.exe
18:31:08.0953 0x04bc  VSS - ok
18:31:08.0957 0x04bc  VSTXRAID - ok
18:31:08.0959 0x04bc  vwifibus - ok
18:31:08.0961 0x04bc  vwififlt - ok
18:31:08.0963 0x04bc  vwifimp - ok
18:31:08.0971 0x04bc  [ DC821E811EFBB65CDD77FBB8B6ECA385, B7C8AACDF81DBA298F2F384983D36B269876C31F0398D89BF9070217A069B96F ] W32Time         C:\Windows\system32\w32time.dll
18:31:08.0989 0x04bc  W32Time - ok
18:31:08.0990 0x04bc  WacomPen - ok
18:31:09.0019 0x04bc  [ A81988DCC4FA440AA88B84CA452F5E22, 3573AAA09971E8ADB6FEFA778E02B2D8EE5E4249267CF37A524D9F019CC836FB ] wbengine        C:\Windows\system32\wbengine.exe
18:31:09.0053 0x04bc  wbengine - ok
18:31:09.0065 0x04bc  [ 0F1DFA2FED73FA78B8C3CDE332A870F6, 1089F6F585F5350D349A640EBD3117832DF6B3657EB6667CB00AE217E04ACA17 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
18:31:09.0083 0x04bc  WbioSrvc - ok
18:31:09.0098 0x04bc  [ 0EAEC313B24837613621B4A2536ED382, 61C194ED7FA7D65BBE61A546D5FCA52F52AB08324E084D3EC23C9706E9BF0175 ] Wcmsvc          C:\Windows\System32\wcmsvc.dll
18:31:09.0134 0x04bc  Wcmsvc - ok
18:31:09.0152 0x04bc  [ F6B4C2280FF7C7156AC8A4687B9DA35E, 1899D584D7469BB49355D84080051E2575B033E6312009D9C6C1DD3F7F9AA4C5 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
18:31:09.0181 0x04bc  wcncsvc - ok
18:31:09.0185 0x04bc  [ B7BF1D783F5B2484E8CE1C0C78257F16, 468601199FCCF63DBAE86EE6B8825EA85B2A1EE177413353FFA2CC9CA5249FCD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:31:09.0195 0x04bc  WcsPlugInService - ok
18:31:09.0199 0x04bc  [ 1751F6B031ADAC34724511057D2E455D, BCBC77DE02718868302F7469E8FBB8F2E7E0F8A5D3E46A5B4D48713E829FBAF6 ] WdBoot          C:\Windows\system32\drivers\WdBoot.sys
18:31:09.0206 0x04bc  WdBoot - ok
18:31:09.0209 0x04bc  Wdf01000 - ok
18:31:09.0215 0x04bc  [ D296D0F0DB2CD1504F90405603664493, 9531034AE2E027B5C7366713AA9003085501800B35F971D1CE7FFB8E5DAE3825 ] WdFilter        C:\Windows\system32\drivers\WdFilter.sys
18:31:09.0226 0x04bc  WdFilter - ok
18:31:09.0231 0x04bc  [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiServiceHost  C:\Windows\system32\wdi.dll
18:31:09.0243 0x04bc  WdiServiceHost - ok
18:31:09.0246 0x04bc  [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiSystemHost   C:\Windows\system32\wdi.dll
18:31:09.0258 0x04bc  WdiSystemHost - ok
18:31:09.0262 0x04bc  [ 9F4DF0043965808973023A9B51A11136, 3A799125CBC5C214D9FBB91C348B39563B1FDB7403B520270752E9A177464723 ] WdNisDrv        C:\Windows\system32\Drivers\WdNisDrv.sys
18:31:09.0270 0x04bc  WdNisDrv - ok
18:31:09.0272 0x04bc  WdNisSvc - ok
18:31:09.0279 0x04bc  [ 185E4111627F7AA6799E1366B5E91D65, 7A02C816DFBCCF47EDB49E5E2005A3D0B80719FAC94F9298D2DBAC63950EDA05 ] WebClient       C:\Windows\System32\webclnt.dll
18:31:09.0292 0x04bc  WebClient - ok
18:31:09.0298 0x04bc  [ 384E1D04FE20845B2559D292F17A9FA1, AD3B0B2B2219691AC30FEEC8AFDB3BBB74B51BB7D02038AE2B4DEA514E245315 ] Wecsvc          C:\Windows\system32\wecsvc.dll
18:31:09.0310 0x04bc  Wecsvc - ok
18:31:09.0313 0x04bc  [ 455014F4E48B67EBE0F032E2B0E06BF2, A36435784A034B27056A0E606683A20C69F1B0AB2B6BAEDEAEAA190F6287CAEF ] WEPHOSTSVC      C:\Windows\system32\wephostsvc.dll
18:31:09.0324 0x04bc  WEPHOSTSVC - ok
18:31:09.0328 0x04bc  [ F13DBA57CEA9B7074B95EDCA6AD2635E, 1D9BA4841EF1343A5D9096B5FE27FC65DC1901D6683DD13516171638549666B5 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
18:31:09.0343 0x04bc  wercplsupport - ok
18:31:09.0347 0x04bc  [ FD7E58B6AA3EABF2D12B9762A20E11E4, 4C5E2E246C5C70074866BB3DBC2AAF483ECE4345004CCB8D1FE285047268685D ] WerSvc          C:\Windows\System32\WerSvc.dll
18:31:09.0359 0x04bc  WerSvc - ok
18:31:09.0364 0x04bc  [ BAB713B409258DB7B5D9F9693F802B0E, C0D0391EC4FDC07E0A07F4EEB2DC9CC5B2BE5D2E292E7D01929E8D39D6F73EA5 ] WFPLWFS         C:\Windows\system32\DRIVERS\wfplwfs.sys
18:31:09.0373 0x04bc  WFPLWFS - ok
18:31:09.0377 0x04bc  [ 8C840E1FD7584E74BD0CC1EA581EC187, 148E534A94B4882E7396B13FABE17407802292E7890713540080D03D5629C81D ] WiaRpc          C:\Windows\System32\wiarpc.dll
18:31:09.0387 0x04bc  WiaRpc - ok
18:31:09.0390 0x04bc  [ 5F66B7BB330AA80067FC66149A692620, 92C5D7115A168A23108B65EEEB5FBA8FA43D781855355792596D2419160263C2 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
18:31:09.0397 0x04bc  WIMMount - ok
18:31:09.0398 0x04bc  WinDefend - ok
18:31:09.0415 0x04bc  [ 10DAD6A7FC617A221313BD584E3C3A00, F139B878668ECF38FE59831E8595A207D5CEEE76C6FFDA8C9F735435E601A763 ] WinHttpAutoProxySvc C:\Windows\system32\winhttp.dll
18:31:09.0437 0x04bc  WinHttpAutoProxySvc - ok
18:31:09.0448 0x04bc  [ FC8BD690321216C32BB58B035B6D5674, D61698DB19D9DB2593B60B6BA13F7B7735667206F41D751D507135469D6D3CDD ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
18:31:09.0460 0x04bc  Winmgmt - ok
18:31:09.0506 0x04bc  [ 75436315AA383CF527695C6D49D0CA59, E3D55F2ACBD45D4D031FA6CA799394459C89BE50FF6ADE4FE36F2CAB2D2E63D0 ] WinRM           C:\Windows\system32\WsmSvc.dll
18:31:09.0558 0x04bc  WinRM - ok
18:31:09.0564 0x04bc  WinUsb - ok
18:31:09.0592 0x04bc  [ DC079BA8390089E4EBCA63D27EEA3ECB, 4D549217A68292E2B16C09FD9F84317011EE54A2DAF4E2AB85554267DF0D3249 ] WlanSvc         C:\Windows\System32\wlansvc.dll
18:31:09.0659 0x04bc  WlanSvc - ok
18:31:09.0695 0x04bc  [ 06BF5897949A8F24893F792E876B71F5, 9D3719492A86BF52A56E2EA798FD6FDB5862A03F6D360FCC4B0CEA9BE9792AE4 ] wlidsvc         C:\Windows\system32\wlidsvc.dll
18:31:09.0771 0x04bc  wlidsvc - ok
18:31:09.0776 0x04bc  WmiAcpi - ok
18:31:09.0784 0x04bc  [ B96F7A1236C3F21212DE2C40A3DDB005, 5A29EBB6DA036E303611EB1304192655021405BB05452FD37886DDE604FF0D9D ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
18:31:09.0798 0x04bc  wmiApSrv - ok
18:31:09.0800 0x04bc  WMPNetworkSvc - ok
18:31:09.0807 0x04bc  [ 7FC5667DF73D4B04AA457CC3A4180E09, CB7B014945DCA16B6D120DBE0E5876C4C867A4ACD3C3536AEADC14B908613D4E ] Wof             C:\Windows\system32\drivers\Wof.sys
18:31:09.0821 0x04bc  Wof - ok
18:31:09.0888 0x04bc  [ 588040D595BBF0856CA1ADD941A8ED17, CBC92BB5453FE1BEA6F33239B7CE884F312559591383408EA5F95A006156C5D3 ] workfolderssvc  C:\Windows\system32\workfolderssvc.dll
18:31:09.0939 0x04bc  workfolderssvc - ok
18:31:09.0943 0x04bc  [ A2468CC3509394A33C4C32F99563D845, 62690C7D41F382DF74B8F4B942647842858E37DE35FF2DE028192E4D09ABB2C5 ] wpcfltr         C:\Windows\system32\DRIVERS\wpcfltr.sys
18:31:09.0952 0x04bc  wpcfltr - ok
18:31:09.0954 0x04bc  [ 19F4DF69876DA7E9C4965351560FE6B7, 127247A7964F55EE3AF842D25120F5ACD387632BEE2BF3D28FAC05840CEA19BA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
18:31:09.0977 0x04bc  WPCSvc - ok
18:31:09.0987 0x04bc  [ 2ADE11F3D84709C5F6781E4C59F11683, F003C43396CF8FCF44EAB87583650DB4D2A233322D28D6A78D1694945D9073BB ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
18:31:10.0024 0x04bc  WPDBusEnum - ok
18:31:10.0029 0x04bc  WpdUpFltr - ok
18:31:10.0033 0x04bc  ws2ifsl - ok
18:31:10.0044 0x04bc  [ 5596C0960ED6ED7494BF2A55DE428684, C95CF09A657F37F421CC80E16F2F95B8EC59A8D5D48F104551155EAC8E53DCB2 ] wscsvc          C:\Windows\System32\wscsvc.dll
18:31:10.0071 0x04bc  wscsvc - ok
18:31:10.0076 0x04bc  WSearch - ok
18:31:10.0172 0x04bc  [ 6B2D71124C1EA86B74412F414C42431D, 078CC6C9667EF6BDA3E6900BC26A5A5B030CAA66928A6BBB7B7DC43C5C199EDC ] WSService       C:\Windows\System32\WSService.dll
18:31:10.0247 0x04bc  WSService - ok
18:31:10.0343 0x04bc  [ 5F3D70B19BCAC985DA90F22CA2FF45E4, BBD82BAEF0DCA2C6361F8D1ADF5BED36D0F1AB1A2AEADB0E4526B917F40C2E52 ] wuauserv        C:\Windows\system32\wuaueng.dll
18:31:10.0411 0x04bc  wuauserv - ok
18:31:10.0418 0x04bc  [ 481286719402E4BAEFEA0604AB1B5113, F3CF65DF2AB39F79AE4C1335831408418E40726706E0242677E8B96B0FAD988F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
18:31:10.0427 0x04bc  WudfPf - ok
18:31:10.0434 0x04bc  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFRd          C:\Windows\System32\drivers\WUDFRd.sys
18:31:10.0456 0x04bc  WUDFRd - ok
18:31:10.0468 0x04bc  [ 51D28F7F1F888DDCF2C67DCF3B79A5D3, 74FF2936AFCEB9A36175D5B00EB91A5AD614B52BE3FB3FA9B994A025A484D2B7 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
18:31:10.0505 0x04bc  wudfsvc - ok
18:31:10.0518 0x04bc  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdFs       C:\Windows\system32\DRIVERS\WUDFRd.sys
18:31:10.0542 0x04bc  WUDFWpdFs - ok
18:31:10.0571 0x04bc  [ A0900F8F628B5AF6841414EB3CF11E50, 8A531F2472FF4B4D895D469D28C215C834ECADBEF539894B8F3F606079A86184 ] WwanSvc         C:\Windows\System32\wwansvc.dll
18:31:10.0618 0x04bc  WwanSvc - ok
18:31:10.0625 0x04bc  ZeroConfigService - ok
18:31:10.0635 0x04bc  ================ Scan global ===============================
18:31:10.0641 0x04bc  [ 243F54DBA6EB48A369CA465E263ABA4A, 9D9F9DE783D000F3EA130EB68FD71319F21E4F1CD4232FB8B2F8A9A67E08F5F4 ] C:\Windows\system32\basesrv.dll
18:31:10.0653 0x04bc  [ EAB311B0A7A8EA0346F14F08D4BC8F46, 11168E4074679F8A69DA714C0ABD0C68BA49D171B379343F14783C9C563202CA ] C:\Windows\system32\winsrv.dll
18:31:10.0670 0x04bc  [ 3600ED7EA8AED849E20700551C0BD63B, 4A8C346C1646E80B58EF93F87F915A41E05CA2E993BB1C96955AE62A0669AF66 ] C:\Windows\system32\sxssrv.dll
18:31:10.0688 0x04bc  [ E0C7813A97CA7947FF5C18A8F3B61A45, 083BB4F3B20419C87DB656F1465E5F782ACDE76838CDE6207F26AAD035C69DE0 ] C:\Windows\system32\services.exe
18:31:10.0699 0x04bc  [ Global ] - ok
18:31:10.0699 0x04bc  ================ Scan MBR ==================================
18:31:10.0701 0x04bc  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
18:31:10.0735 0x04bc  \Device\Harddisk0\DR0 - ok
18:31:10.0758 0x04bc  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
18:31:10.0845 0x04bc  \Device\Harddisk1\DR1 - ok
18:31:10.0846 0x04bc  ================ Scan VBR ==================================
18:31:10.0850 0x04bc  [ 09CE55A14337FDD3D1BB8373A3941A3C ] \Device\Harddisk0\DR0\Partition1
18:31:10.0852 0x04bc  \Device\Harddisk0\DR0\Partition1 - ok
18:31:10.0857 0x04bc  [ 2D524F05766D084E9BC1747B63390F77 ] \Device\Harddisk0\DR0\Partition2
18:31:10.0857 0x04bc  \Device\Harddisk0\DR0\Partition2 - ok
18:31:10.0864 0x04bc  [ CF2E6908D4146578C373E8F913DC0A3D ] \Device\Harddisk0\DR0\Partition3
18:31:10.0867 0x04bc  \Device\Harddisk0\DR0\Partition3 - ok
18:31:10.0872 0x04bc  [ 43B69AE1A5F9882A32CA20276AB41827 ] \Device\Harddisk0\DR0\Partition4
18:31:10.0875 0x04bc  \Device\Harddisk0\DR0\Partition4 - ok
18:31:10.0880 0x04bc  [ 2E515701EA0378598B54FBEAD4C82201 ] \Device\Harddisk1\DR1\Partition1
18:31:10.0922 0x04bc  \Device\Harddisk1\DR1\Partition1 - ok
18:31:10.0923 0x04bc  ================ Scan generic autorun ======================
18:31:10.0924 0x04bc  NvBackend - ok
18:31:10.0935 0x04bc  [ 6C308D32AFA41D26CE2A0EA8F7B79565, 5CC2C563D89257964C4B446F54AFE1E57BBEE49315A9FC001FF5A6BCB6650393 ] C:\Windows\system32\rundll32.exe
18:31:10.0977 0x04bc  ShadowPlay - ok
18:31:10.0978 0x04bc  ETDCtrl - ok
18:31:10.0986 0x04bc  BTMTrayAgent - ok
18:31:10.0990 0x04bc  WebStorage - ok
18:31:10.0993 0x04bc  ROGNB - ok
18:31:10.0996 0x04bc  ASUS ROG MacroKey - ok
18:31:11.0010 0x04bc  [ 187F4C75A89E3F412322C94526320074, D78FA7EF93C8C7B4326A5B6DB04A92ADD091DF00658FA8731D07C5D3BE29ED04 ] C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe
18:31:11.0038 0x04bc  BCSSync - ok
18:31:11.0052 0x04bc  [ 10D17ABA0E64306AF1C2AC0C9934CE57, 33384B535F9656D38C9C5C912BAC750E9E47229E52273FA9548D92BE5693FEE9 ] C:\Program Files (x86)\Razer\RzWizard\RzWizard.exe
18:31:11.0067 0x04bc  RzWizard - detected UnsignedFile.Multi.Generic ( 1 )
18:31:13.0501 0x04bc  Detect skipped due to KSN trusted
18:31:13.0501 0x04bc  RzWizard - ok
18:31:13.0514 0x04bc  [ 5120CD65A74A5E054FB2B0577688024C, 2C771743C797ED2F94E4C0CD7472D20532DB6C3E95DEB0DA4D14D6B5469EE273 ] C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
18:31:13.0539 0x04bc  Avira Systray - ok
18:31:13.0592 0x04bc  [ A6ABD4AF02AB03676DEA55F383ABC7C2, 62F838618C78A297D970EC58F97F2D843EBFEF2D81754D658664BEEED79BFB50 ] C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
18:31:13.0624 0x04bc  avgnt - ok
18:31:13.0625 0x04bc  Steam - ok
18:31:13.0701 0x04bc  [ D270652063855034758D65001715BDEE, 0EBF559AE8D6B54E4AC035042783D1FA30624F222D0F1E717C724845A082F2CE ] C:\Spiele\Origin\Origin.exe
18:31:13.0756 0x04bc  EADM - ok
18:31:13.0759 0x04bc  Waiting for KSN requests completion. In queue: 14
18:31:14.0761 0x04bc  Waiting for KSN requests completion. In queue: 14
18:31:15.0761 0x04bc  Waiting for KSN requests completion. In queue: 14
18:31:16.0785 0x04bc  AV detected via SS2: Avira Antivirus, C:\Program Files (x86)\Avira\Antivirus\wsctool.exe ( 15.0.11.550 ), 0x41000 ( enabled : updated )
18:31:16.0787 0x04bc  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.7.205.0 ), 0x60100 ( disabled : updated )
18:31:16.0816 0x04bc  Win FW state via NFP2: enabled
18:31:19.0356 0x04bc  ============================================================
18:31:19.0356 0x04bc  Scan finished
18:31:19.0356 0x04bc  ============================================================
18:31:19.0375 0x0d68  Detected object count: 0
18:31:19.0375 0x0d68  Actual detected object count: 0
         
Malwarebytes Log:
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2015.06.20.03
  rootkit: v2015.06.15.01

Windows 8.1 x64 NTFS
Internet Explorer 11.0.9600.17842
Profilname :: ProfilnameS-LAPTOP [administrator]

20.06.2015 18:12:29
mbar-log-2015-06-20 (18-12-29).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 348313
Time elapsed: 5 minute(s), 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         
__________________

Alt 21.06.2015, 09:37   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Datenleck Aufsprüfen PC1 - Standard

Datenleck Aufsprüfen PC1



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
2015-05-16 21:42 - 2015-06-20 11:54 - 0000093 _____ () C:\Users\Profilname\AppData\Roaming\sp_data.sys
2014-12-11 04:26 - 2014-12-11 04:26 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-10-29 08:25 - 2012-09-07 13:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS
Emptytemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 21.06.2015, 16:35   #5
Armer_Thor
 
Datenleck Aufsprüfen PC1 - Standard

Datenleck Aufsprüfen PC1



Fertig.
- Versehentlich wurde die Fixlist.txt einmal zuvor einmal ausgeführt ohne das der Profilname angepasst wurde.
Der Nachfolgende Code wurde in der 1. Runde ausgeführt und von mir in den 2. Log übernommen. Lediglich die Größe der gelöschten temp. Dateien konnte ich nicht zusammenfassen, da der 1. Log durch den 2. überschrieben wurde.
Code:
ATTFilter
"C:\ProgramData\DP45977C.lfl" => moved successfully.
"C:\ProgramData\SetStretch.VBS" => moved successfully.
         
Code:
ATTFilter
Fix result of Farbar Recovery Scan Tool (x64) Version:13-06-2015
Ran by Profilname at 2015-06-21 17:30:39 Run:2
Running from C:\Users\Profilname\Desktop
Loaded Profiles: Profilname (Available Profiles: Profilname)
Boot Mode: Normal
==============================================

fixlist content:
*****************
2015-05-16 21:42 - 2015-06-20 11:54 - 0000093 _____ () C:\Users\Profilname\AppData\Roaming\sp_data.sys
2014-12-11 04:26 - 2014-12-11 04:26 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-10-29 08:25 - 2012-09-07 13:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS
Emptytemp:
         
*****************

C:\Users\Profilname\AppData\Roaming\sp_data.sys => moved successfully.
"C:\ProgramData\DP45977C.lfl" => moved successfully.
"C:\ProgramData\SetStretch.VBS" => moved successfully.
EmptyTemp: => 8.6 MB temporary data Removed.


The system needed a reboot.. 

==== End of Fixlog 17:30:50 ====
         


Geändert von Armer_Thor (21.06.2015 um 16:49 Uhr)

Alt 22.06.2015, 11:44   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Datenleck Aufsprüfen PC1 - Standard

Datenleck Aufsprüfen PC1



Ansonsten seh ich auf dem Rechner nix
__________________
--> Datenleck Aufsprüfen PC1

Alt 22.06.2015, 18:01   #7
Armer_Thor
 
Datenleck Aufsprüfen PC1 - Standard

Datenleck Aufsprüfen PC1



Danke! Lässt sich aus den Logs erlesen, was wir dort entfernt haben?

Alt 23.06.2015, 09:36   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Datenleck Aufsprüfen PC1 - Standard

Datenleck Aufsprüfen PC1



Wir haben nur 3 Dateien entfernt die da nicht sein müssen, mehr nicht
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Datenleck Aufsprüfen PC1
adobe, adware, antivirus, avira, avp, browser, computer, cpu, defender, firefox, internet, internet explorer, kaspersky, launch, performance, prozess, rundll, security, services.exe, software, svchost.exe, system, tcp, udp, usb, windows




Zum Thema Datenleck Aufsprüfen PC1 - Vor kurzem sind mir Zugangsdaten für einige Dienste und konnten abhanden gekommen. Aufgefallen ist die erst nach Missbrauch. Die Kennwörter waren niemandem bekannt und auch nirgends niedergeschrieben oder in jedweder - Datenleck Aufsprüfen PC1...
Archiv
Du betrachtest: Datenleck Aufsprüfen PC1 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.