| |
| |||||||
Log-Analyse und Auswertung: Windows 8, Malware: Schrift verändert, Programme lassen sich nicht öffnenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
12.05.2016, 21:02
| #1 |
 |  Windows 8, Malware: Schrift verändert, Programme lassen sich nicht öffnen Hallo zusammen, bei meinem Rechner ist das Problem, dass auf den Internetseiten sich die Schrift unnatürlich verändert hat, zum Beispiel ist ein Wort plötzlich fettgedruckt und hat einen Hyperlink. Inzwischen lässt sich mein Word Programm nicht mehr starten. Zuvor hat sich auch bei Word die Schrift verzerrt und verändert. Im Internet wurden Bilder nicht angezeigt, dann erschienen plötzlich unpassende Bilder, wie ein Einkaufswagen. Im Internet wurden wie von selbst Texte, die ich mir anschaute, überschrieben. Malwarebytes läuft nicht mehr bis zum Schluss durch. Farbar Recovery Scan lässt sich nicht öffnen. zu meinem Laptop: Windows 8 Prozessor: Intel (R) Pentium CPU B960, 2.2 GHZ Systemtyp: 64 Bit Betriebssystem, x64 basierter Prozessor Leider kann ich die Logfiles noch nicht posten, da mein Rechner mich das Programm nicht öffnen lässt. Ich bitte euch um Hilfe und hoffe, dass Ihr meinen Rechner retten könnt.. Viele Grüße Helen Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:09-05-2016
durchgeführt von **** (2016-05-12 21:53:39)
Gestartet von C:\Users\****\Desktop
Windows 8.1 (X64) (2016-04-04 15:14:26)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-988491291-3693754129-3637727364-500 - Administrator - Disabled)
Gast (S-1-5-21-988491291-3693754129-3637727364-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-988491291-3693754129-3637727364-1003 - Limited - Enabled)
**** (S-1-5-21-988491291-3693754129-3637727364-1001 - Administrator - Enabled) => C:\Users\****
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Norton Security (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Security (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
"Professionelle Entwicklungsberichte Nov 2011" (HKLM-x32\...\{58F076B2-160B-47F5-96FF-93AD12BF5A91}) (Version: - )
7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
Acer Backup Manager (HKLM-x32\...\InstallShield_{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}) (Version: 4.0.0.0053 - NTI Corporation)
Acer Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3003 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3003 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3006 - Acer Incorporated)
AcerCloud (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.01.3112 - Acer Incorporated)
AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.00.3103 - Acer Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.197 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.13) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
Apple Application Support (32-Bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Backup Manager v4 (x32 Version: 4.0.0.0053 - NTI Corporation) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Broadcom Card Reader Driver Installer (HKLM\...\{F0A7DF2F-0BE0-470F-B137-D7A19F977189}) (Version: 15.4.4.2 - Broadcom Corporation)
Browser-Security (HKLM-x32\...\Browser-Security) (Version: 1.0.5.0 - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version: - )
clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.01.3107 - Acer Incorporated)
clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.01.3107 - Acer Incorporated)
clear.fi SDK - Video 2 (x32 Version: 2.1.1910 - CyberLink Corp.) Hidden
clear.fi SDK- Movie 2 (x32 Version: 2.1.1910 - CyberLink Corp.) Hidden
CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3103_44819 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Epson Customer Research Participation (HKLM\...\{B26449A6-6007-4460-B4FE-C4776115BCEA}) (Version: 1.70.0000 - EPSON)
Epson Event Manager (HKLM-x32\...\{0F13C24A-FFE2-4CD0-8E0B-DC804E0A0E0B}) (Version: 3.10.0035 - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON XP-225 Series Printer Uninstall (HKLM\...\EPSON XP-225 Series) (Version: - SEIKO EPSON Corporation)
EPSON-Handbücher (HKLM-x32\...\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}) (Version: 1.32.0.0 - SEIKO EPSON CORPORATION)
EpsonNet Print (HKLM\...\{DF5200AB-5AE6-4598-846B-8ABC3AE121B1}) (Version: 3.0.2.0 - SEIKO EPSON Corporation)
ETDWare PS/2-X64 11.6.4.001_WHQL (HKLM\...\Elantech) (Version: 11.6.4.001 - ELAN Microelectronic Corp.)
Fotosizer 1.36 (HKLM-x32\...\Fotosizer) (Version: 1.36 - Fotosizer.com)
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version: - NCsoft Corporation, Ltd.)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3002 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.)
Launch Manager (HKLM-x32\...\LManager) (Version: 7.0.4 - Acer Inc.)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3002 - Acer Incorporated)
Malwarebytes Anti-Malware Version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Manager (x32 Version: 4.0.1.25166 - 2015 pdfforge GmbH. All rights reserved) Hidden
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Word 2002 (HKLM-x32\...\{911B0407-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2701.01 - Microsoft Corporation)
Microsoft Works 2000 (HKLM-x32\...\{56364334-9530-11D2-BFFC-00C04FA329AA}) (Version: 1.0.0.0000 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
MyEpson Portal (HKLM-x32\...\MyEpson Portal) (Version: - SEIKO EPSON Corporation)
MyEpson Portal (x32 Version: 1.1.1.0 - SEIKO EPSON CORPORATION) Hidden
MyWinLocker (Version: 4.0.14.35 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.35 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.24 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.24 - Egis Technology Inc.) Hidden
Norton Security (HKLM-x32\...\NS) (Version: 22.6.0.142 - Symantec Corporation)
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9008 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.9008 - NTI Corporation) Hidden
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.01.3102 - Acer)
Office Addin 2003 (HKLM-x32\...\{1FCC073B-CC01-4443-AD20-E559F66E6E83}) (Version: 2.01.3102 - Acer)
PDF Architect 4 (HKLM-x32\...\PDF Architect 4) (Version: 4.0.34.26215 - pdfforge GmbH)
PDF Architect 4 Create Module (Version: 4.0.12.26604 - pdfforge GmbH) Hidden
PDF Architect 4 Edit Module (Version: 4.0.12.26604 - pdfforge GmbH) Hidden
PDF Architect 4 View Module (Version: 4.0.12.26604 - pdfforge GmbH) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.2.2 - pdfforge)
PHOTOfunSTUDIO 6.0 (HKLM-x32\...\{B62A8A6F-5E48-4336-BF13-1632D5921872}) (Version: 6.00.135 - Panasonic Corporation)
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.05 - Qualcomm Atheros)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.1.0.9134 - Microsoft Corporation)
Skype™ 7.23 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.23.105 - Skype Technologies S.A.)
Software Updater (HKLM-x32\...\{8DBC5A0A-31C4-46C7-B252-6B593EA11A87}) (Version: 4.3.7 - SEIKO EPSON CORPORATION)
Spotify (HKLM-x32\...\Spotify) (Version: 0.8.4.99.ga249b5f1 - Spotify AB)
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {10736420-5957-43CF-BF62-417377C3D1E8} - System32\Tasks\Norton Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\SymErr.exe [2016-02-10] (Symantec Corporation)
Task: {17E4CA9F-25FD-494E-BB74-B84A209FCA12} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2012-06-22] ()
Task: {2DAC27BB-1A79-4EF9-8ECC-6D01F43A2564} - System32\Tasks\EPSON XP-225 Series Update {D75D1A13-8C20-4FDE-AF0E-C481B240F4CF} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSNFE.EXE [2013-11-22] (SEIKO EPSON CORPORATION)
Task: {436F583E-A7BB-4A03-9094-9749B83FB01B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {5031E43D-8433-478B-ADEF-ED7A3609D51E} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2012-07-13] ()
Task: {5F97D955-A579-4638-865C-D7CBEEE30D30} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe
Task: {7C3C82A6-F5FF-49E6-84A8-3BCCD8C3CEFD} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2012-07-31] (Acer Incorporated)
Task: {83C57912-9A45-48DB-8987-3E34D0554B2F} - System32\Tasks\Microsoft\Windows\Setup\gwx\rundetector => C:\Windows\system32\GWX\GWXDetector.exe [2016-04-26] (Microsoft Corporation)
Task: {95DDC2B4-C496-4CF5-B5ED-D1A74A66DF47} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [2016-02-26] (Symantec Corporation)
Task: {98CEFDC9-4187-453C-A3B4-C49FB9152592} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2012-07-12] (Egis Technology Inc.)
Task: {9AFE1707-0536-49B5-BA05-62AF5F32C1BB} - System32\Tasks\{D0F9DC7E-8E00-45C9-A792-528F83A68E0A} => pcalua.exe -a "C:\Users\****\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\01R11QL1\mbam-setup-2.0.2.1012 (1).exe" -d "C:\Users\****\Desktop"
Task: {AA3C6505-461B-4708-88F3-302AEC1180D2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {B8AEBA0C-A090-4602-A612-C906D0E29740} - System32\Tasks\EPSON XP-225 Series Update {8FC657E6-EBAA-44EA-9A7F-D11B9FC0FC4A} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSNFE.EXE [2013-11-22] (SEIKO EPSON CORPORATION)
Task: {C1B8D457-8CE8-4301-9F85-89E525B0F0A4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-03-23] (Adobe Systems Incorporated)
Task: {D73D4D28-307E-4653-AA96-4B4B6B4957E2} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\WSCStub.exe [2016-02-26] (Symantec Corporation)
Task: {DB52C38A-7BED-4C11-8C09-4DA13108FB1A} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-07-04] (CyberLink)
Task: {F83191E3-E913-4DC2-BE22-C614E7BF5FB0} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2012-07-12] (Egis Technology Inc.)
Task: {FD69F983-B019-4F42-80F6-5AB7D7CED2C2} - System32\Tasks\Norton Security\Norton Error Processor => C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\SymErr.exe [2016-02-10] (Symantec Corporation)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\EPSON XP-225 Series Update {8FC657E6-EBAA-44EA-9A7F-D11B9FC0FC4A}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSNFE.EXE:/EXE:{8FC657E6-EBAA-44EA-9A7F-D11B9FC0FC4A} /F:UpdateWORKGROUP\MAHAKALA$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\EPSON XP-225 Series Update {D75D1A13-8C20-4FDE-AF0E-C481B240F4CF}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSNFE.EXE:/EXE:{D75D1A13-8C20-4FDE-AF0E-C481B240F4CF} /F:UpdateWORKGROUP\MAHAKALA$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2015-02-13 05:20 - 2015-02-13 05:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 06:45 - 2015-10-13 06:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-06-22 03:12 - 2012-06-22 03:12 - 01407568 _____ () C:\Program Files (x86)\EgisTec MyWinLocker\x64\LIBEAY32.dll
2012-08-09 11:12 - 2015-06-01 21:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-08-25 22:47 - 2012-06-25 19:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2012-07-31 01:04 - 2012-07-31 01:04 - 00465384 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [119]
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
IE restricted site: HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\100sexlinks.com -> 100sexlinks.com
Da befinden sich 5317 mehr Seiten.
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-988491291-3693754129-3637727364-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\****\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist deaktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: c2cautoupdatesvc => 2
MSCONFIG\Services: c2cpnrsvc => 2
MSCONFIG\Services: iPod Service => 3
HKLM\...\StartupApproved\StartupFolder: => "PHOTOfunSTUDIO 6.0.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Microsoft Office.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Erinnerungen für Microsoft Works-Kalender.lnk"
HKLM\...\StartupApproved\Run: => "CanonMyPrinter"
HKLM\...\StartupApproved\Run: => "ETDCtrl"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "AnyProtect Scanner"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{FEE7A7CC-82D3-4011-B640-F4626DD122F4}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{AB5F27BF-22F4-4712-8084-FF660BE08D34}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{AA0888C6-F92B-4C7C-9CAD-2D282D3A50E0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8A0D8D67-94B9-4CCE-AAAC-E3C57773677E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{407EE37A-623F-4966-B21D-C99C799713ED}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{4FA73748-5938-4CEB-894E-B453B1AFEFE6}] => (Allow) D:\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [{2F2C4377-FD70-4B2C-940A-23A1AEE3FC05}] => (Allow) D:\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [UDP Query User{3A605BF0-3665-45A1-B819-DAEA51300DE9}C:\users\****\appdata\local\temp\jivexviewer\jre\bin\jivex[dv] light] => (Block) C:\users\****\appdata\local\temp\jivexviewer\jre\bin\jivex[dv] light
FirewallRules: [TCP Query User{49424576-D9E3-45AB-98E6-CD3E6B303893}C:\users\****\appdata\local\temp\jivexviewer\jre\bin\jivex[dv] light] => (Block) C:\users\****\appdata\local\temp\jivexviewer\jre\bin\jivex[dv] light
FirewallRules: [{65233150-7EFD-41C0-8387-BAC1BD0226A3}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{D97855A8-6D9E-405C-B26C-57C2A67DCD80}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{9392600C-2155-4D0C-A283-F2A30B1AA7A3}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{1DAC8AE4-CF71-4936-8C9F-DD78BDD24DE8}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{ACEC3427-8DD9-437E-B80C-1A9B4375BD75}] => (Allow) LPort=1900
FirewallRules: [{2CA2DA71-C8F1-49BD-88FD-266F4210D32B}] => (Allow) LPort=2869
FirewallRules: [{A14C80E4-F2C0-440C-B990-41612E96744B}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{33B99F81-3ADA-4D69-9F1B-61623CB17BFE}] => (Allow) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
FirewallRules: [{3351F186-2F38-480A-9D6E-7B48414D7190}] => (Allow) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
FirewallRules: [{3ACE7494-CA27-4075-A6B0-6F03864C8498}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{1B98F366-B2FF-45B9-B109-33C742CE2AD3}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{7A4A2624-F555-4B06-92E0-903EA15BD562}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{9F0D0792-05DF-46B5-BF0C-E36242E677CF}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{392902D1-E492-4B23-A44B-E9B4D4E872E9}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{EFBD8867-1604-4351-9BE8-E66425FC88EA}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{BDCF4A59-7BE8-4236-BAF1-280105E652EA}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{F143CCBD-402C-466A-9476-0ADF1DDD5964}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{D1972B30-34CD-4F27-B47A-27CD1F7720C0}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Movie\PlayMovie.exe
FirewallRules: [{27AB78F4-1F3E-47D4-A937-F64B5E5119CC}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\MusicPlayer.exe
FirewallRules: [{DF271C76-9D93-4AE2-B943-B49EF449A610}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\VideoPlayer.exe
FirewallRules: [{F6CD36E9-A5FB-4979-A36C-E738FA98B9FC}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{5E05036C-890F-460A-BE90-3C56C4C5E808}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{C0E8E1E8-1E7D-400A-BBA9-ADF8D4A95716}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{1BF54D06-9CE1-4C4D-BC29-CAC9E9C28219}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{03E3A4AB-FE05-4653-BEB7-BA72A94EAED0}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{F26F30F2-C88D-42D7-9F3B-7E265807388E}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{08C68545-463C-4FFA-9420-B8448073C336}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{CBE26A28-4749-4E1F-8568-114A76816C14}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{E82CAC18-872F-42EB-8783-E55F1BB9DB71}] => (Allow) C:\Program Files (x86)\NTI\Acer Backup Manager\FileExplorer.exe
FirewallRules: [{4D211644-52DE-4B61-99A1-6263E6D00570}] => (Allow) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
FirewallRules: [{686F6810-3EE6-4DE8-A966-3824652A6A7D}] => (Allow) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManager.exe
==================== Wiederherstellungspunkte =========================
21-04-2016 15:11:30 Geplanter Prüfpunkt
29-04-2016 19:16:24 Geplanter Prüfpunkt
05-05-2016 12:35:57 Windows Update
11-05-2016 14:20:46 Windows Update
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (05/12/2016 09:20:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: WINWORD.EXE, Version: 10.0.2627.0, Zeitstempel: 0x3a9cdbe7
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0018f87c
ID des fehlerhaften Prozesses: 0x1468
Startzeit der fehlerhaften Anwendung: 0xWINWORD.EXE0
Pfad der fehlerhaften Anwendung: WINWORD.EXE1
Pfad des fehlerhaften Moduls: WINWORD.EXE2
Berichtskennung: WINWORD.EXE3
Vollständiger Name des fehlerhaften Pakets: WINWORD.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: WINWORD.EXE5
Error: (05/12/2016 08:46:51 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT-AUTORITÄT)
Description: There was an error with the Windows Location Provider database
Error: (05/12/2016 08:41:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: WINWORD.EXE, Version: 10.0.2627.0, Zeitstempel: 0x3a9cdbe7
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0018f87c
ID des fehlerhaften Prozesses: 0x1274
Startzeit der fehlerhaften Anwendung: 0xWINWORD.EXE0
Pfad der fehlerhaften Anwendung: WINWORD.EXE1
Pfad des fehlerhaften Moduls: WINWORD.EXE2
Berichtskennung: WINWORD.EXE3
Vollständiger Name des fehlerhaften Pakets: WINWORD.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: WINWORD.EXE5
Error: (05/12/2016 08:32:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: WINWORD.EXE, Version: 10.0.2627.0, Zeitstempel: 0x3a9cdbe7
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0018f87c
ID des fehlerhaften Prozesses: 0x538
Startzeit der fehlerhaften Anwendung: 0xWINWORD.EXE0
Pfad der fehlerhaften Anwendung: WINWORD.EXE1
Pfad des fehlerhaften Moduls: WINWORD.EXE2
Berichtskennung: WINWORD.EXE3
Vollständiger Name des fehlerhaften Pakets: WINWORD.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: WINWORD.EXE5
Error: (05/12/2016 08:28:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: WINWORD.EXE, Version: 10.0.2627.0, Zeitstempel: 0x3a9cdbe7
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0018f87c
ID des fehlerhaften Prozesses: 0x1638
Startzeit der fehlerhaften Anwendung: 0xWINWORD.EXE0
Pfad der fehlerhaften Anwendung: WINWORD.EXE1
Pfad des fehlerhaften Moduls: WINWORD.EXE2
Berichtskennung: WINWORD.EXE3
Vollständiger Name des fehlerhaften Pakets: WINWORD.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: WINWORD.EXE5
Error: (05/12/2016 08:27:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: WINWORD.EXE, Version: 10.0.2627.0, Zeitstempel: 0x3a9cdbe7
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0018f87c
ID des fehlerhaften Prozesses: 0x1558
Startzeit der fehlerhaften Anwendung: 0xWINWORD.EXE0
Pfad der fehlerhaften Anwendung: WINWORD.EXE1
Pfad des fehlerhaften Moduls: WINWORD.EXE2
Berichtskennung: WINWORD.EXE3
Vollständiger Name des fehlerhaften Pakets: WINWORD.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: WINWORD.EXE5
Error: (05/12/2016 08:24:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: WINWORD.EXE, Version: 10.0.2627.0, Zeitstempel: 0x3a9cdbe7
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0018f87c
ID des fehlerhaften Prozesses: 0x1750
Startzeit der fehlerhaften Anwendung: 0xWINWORD.EXE0
Pfad der fehlerhaften Anwendung: WINWORD.EXE1
Pfad des fehlerhaften Moduls: WINWORD.EXE2
Berichtskennung: WINWORD.EXE3
Vollständiger Name des fehlerhaften Pakets: WINWORD.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: WINWORD.EXE5
Error: (05/12/2016 08:23:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: WINWORD.EXE, Version: 10.0.2627.0, Zeitstempel: 0x3a9cdbe7
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0018f87c
ID des fehlerhaften Prozesses: 0xaf8
Startzeit der fehlerhaften Anwendung: 0xWINWORD.EXE0
Pfad der fehlerhaften Anwendung: WINWORD.EXE1
Pfad des fehlerhaften Moduls: WINWORD.EXE2
Berichtskennung: WINWORD.EXE3
Vollständiger Name des fehlerhaften Pakets: WINWORD.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: WINWORD.EXE5
Error: (05/12/2016 08:22:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: WINWORD.EXE, Version: 10.0.2627.0, Zeitstempel: 0x3a9cdbe7
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0018f87c
ID des fehlerhaften Prozesses: 0x1780
Startzeit der fehlerhaften Anwendung: 0xWINWORD.EXE0
Pfad der fehlerhaften Anwendung: WINWORD.EXE1
Pfad des fehlerhaften Moduls: WINWORD.EXE2
Berichtskennung: WINWORD.EXE3
Vollständiger Name des fehlerhaften Pakets: WINWORD.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: WINWORD.EXE5
Error: (05/12/2016 08:21:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: WINWORD.EXE, Version: 10.0.2627.0, Zeitstempel: 0x3a9cdbe7
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0018f87c
ID des fehlerhaften Prozesses: 0xb5c
Startzeit der fehlerhaften Anwendung: 0xWINWORD.EXE0
Pfad der fehlerhaften Anwendung: WINWORD.EXE1
Pfad des fehlerhaften Moduls: WINWORD.EXE2
Berichtskennung: WINWORD.EXE3
Vollständiger Name des fehlerhaften Pakets: WINWORD.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: WINWORD.EXE5
Systemfehler:
=============
Error: (05/12/2016 08:48:57 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: ****)
Description: 0x8000002a116\??\C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \S-1-5-21-988491291-3693754129-3637727364-1001-0-ntuser.dat
Error: (05/12/2016 08:48:32 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: ****)
Description: 0x8000002a116\??\C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \S-1-5-21-988491291-3693754129-3637727364-1001-0-ntuser.dat
Error: (05/12/2016 07:09:26 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 20.
Error: (05/12/2016 06:42:46 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 20.
Error: (05/12/2016 04:52:39 PM) (Source: DCOM) (EventID: 10010) (User: ****)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Error: (05/12/2016 04:03:40 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 20.
Error: (05/12/2016 03:07:06 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 43. Der Windows-SChannel-Fehlerstatus lautet: 252.
Error: (05/12/2016 03:06:56 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 43. Der Windows-SChannel-Fehlerstatus lautet: 252.
Error: (05/12/2016 03:06:55 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 43. Der Windows-SChannel-Fehlerstatus lautet: 252.
Error: (05/12/2016 03:06:55 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 43. Der Windows-SChannel-Fehlerstatus lautet: 252.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Pentium(R) CPU B960 @ 2.20GHz
Prozentuale Nutzung des RAM: 32%
Installierter physikalischer RAM: 8005.28 MB
Verfügbarer physikalischer RAM: 5417.88 MB
Summe virtueller Speicher: 9285.28 MB
Verfügbarer virtueller Speicher: 6783.1 MB
==================== Laufwerke ================================
Drive c: (Acer) (Fixed) (Total:445.75 GB) (Free:367.48 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 659D2CAA)
Partition: GPT.
==================== Ende von Addition.txt ============================
Code:
ATTFilter ntersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:09-05-2016
durchgeführt von ****(Administrator) auf ****(12-05-2016 21:51:50)
Gestartet von C:\Users\****\Desktop
Geladene Profile: **** (Verfügbare Profile: ****)
Platform: Windows 8.1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: IE)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\epson\MyEpson Portal\mepService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\ns.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(pdfforge GmbH) C:\Program Files\PDF Architect 4\creator-ws.exe
(© pdfforge GmbH.) C:\ProgramData\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(Atheros) C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\ns.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATINFE.EXE
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATINFE.EXE
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2864016 2012-08-10] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-03-18] (CANON INC.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)
HKLM-x32\...\Run: [BakupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [533056 2012-07-31] (NTI Corporation)
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-10-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1065024 2014-05-02] (SEIKO EPSON CORPORATION)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATINFE.EXE [298560 2013-12-16] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\Run: [EPLTarget\P0000000000000001] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATINFE.EXE [298560 2013-12-16] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\MountPoints2: {8bd572ec-0797-11e6-8813-b888e35995e8} - "E:\launcher.exe"
HKU\S-1-5-21-988491291-3693754129-3637727364-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [788480 2014-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security\Engine64\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security\Engine64\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security\Engine64\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Erinnerungen für Microsoft Works-Kalender.lnk [2012-11-07]
ShortcutTarget: Erinnerungen für Microsoft Works-Kalender.lnk -> C:\Program Files (x86)\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe (Microsoft® Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2012-11-07]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO 6.0.lnk [2012-11-07]
ShortcutTarget: PHOTOfunSTUDIO 6.0.lnk -> C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Panasonic Corporation)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{16E1A48C-24CA-46F1-A02B-217A385BD710}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{DFAE735E-3E64-4567-9493-D47B56B073FA}: [DhcpNameServer] 192.168.2.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NS&pvid=22.5.0.124
HKU\S-1-5-21-988491291-3693754129-3637727364-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
SearchScopes: HKU\.DEFAULT -> {e4a1ece8-ed94-4f93-80ea-75f978ceaf24} URL =
SearchScopes: HKU\S-1-5-21-988491291-3693754129-3637727364-1001 -> {81968A3C-C8C0-45D1-BFD4-D6DB6F96682E} URL =
SearchScopes: HKU\S-1-5-21-988491291-3693754129-3637727364-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NS&chn=1000&geo=DE&ver=22&locale=de_DE&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-988491291-3693754129-3637727364-1001 -> {e4a1ece8-ed94-4f93-80ea-75f978ceaf24} URL =
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine64\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-04-29] (Microsoft Corporation)
BHO-x32: PDF Architect 4 Helper -> {38279E1A-7019-40C1-B579-E99DFB3312E8} -> C:\Program Files (x86)\PDF Architect 4\creator-ie-helper.dll [2016-01-15] (pdfforge GmbH)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-04-29] (Microsoft Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
Toolbar: HKLM-x32 - PDF Architect 4 Toolbar - {23FD9C33-A9E1-48A1-8404-E5925CF1C8E1} - C:\Program Files (x86)\PDF Architect 4\creator-ie-plugin.dll [2016-01-15] (pdfforge GmbH)
Toolbar: HKU\S-1-5-21-988491291-3693754129-3637727364-1001 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL [2001-01-22] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-04-29] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-04-29] (Microsoft Corporation)
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_197.dll [2016-03-23] ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\system32\npDeployJava1.dll [2013-06-12] (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_197.dll [2016-03-23] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-27] (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2014-07-05]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.0.124\coFFAddon
FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.0.124\coFFAddon [2016-03-07]
FF HKLM\...\Firefox\Extensions: [pdf_architect_4_conv@pdfarchitect.org] - C:\Program Files\PDF Architect 4\resources\pdfarchitect4firefoxextension
FF Extension: PDF Architect 4 Creator - C:\Program Files\PDF Architect 4\resources\pdfarchitect4firefoxextension [2016-02-14] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.0.124\coFFAddon
Chrome:
=======
CHR Profile: C:\Users\****\AppData\Local\Google\Chrome\User Data\default
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\Exts\Chrome.crx [2016-03-06]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\Exts\Chrome.crx [2016-03-06]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-04-29] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-04-29] (Microsoft Corporation)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2415760 2012-07-27] (Acer Incorporated)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [466064 2012-07-31] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [659600 2012-07-31] (Acer Incorporated)
R2 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [662592 2014-07-23] (SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MyEpson Portal Service; C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe [703984 2014-09-22] (SEIKO EPSON CORPORATION)
R2 NS; C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\NS.exe [289080 2016-02-26] (Symantec Corporation)
S3 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-07-31] (NTI Corporation)
S3 PDF Architect 4; C:\Program Files\PDF Architect 4\ws.exe [2417376 2016-01-15] (pdfforge GmbH)
S3 PDF Architect 4 CrashHandler; C:\Program Files\PDF Architect 4\crash-handler-ws.exe [1038048 2016-01-15] (pdfforge GmbH)
R2 PDF Architect 4 Creator; C:\Program Files\PDF Architect 4\creator-ws.exe [851168 2016-01-15] (pdfforge GmbH)
R2 PDF Architect 4 Manager; C:\ProgramData\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe [959248 2015-10-05] (© pdfforge GmbH.)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-08-25] (Dritek System INC.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2016-04-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2016-04-04] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe [81536 2012-08-01] (Atheros) [Datei ist nicht signiert]
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security\NortonData\22.5.0.124\Definitions\BASHDefs\20160502.001\BHDrvx64.sys [1766640 2016-03-09] (Symantec Corporation)
R1 ccSet_NS; C:\Windows\system32\drivers\NSx64\1606000.08E\ccSetx64.sys [173808 2015-07-11] (Symantec Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497392 2016-05-04] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156912 2016-05-04] (Symantec Corporation)
S3 ewusbnet; C:\Windows\system32\DRIVERS\ewusbnet.sys [138752 2012-12-03] (Huawei Technologies Co., Ltd.) [Datei ist nicht signiert]
S3 ew_hwusbdev; C:\Windows\system32\DRIVERS\ew_hwusbdev.sys [117248 2012-12-03] (Huawei Technologies Co., Ltd.) [Datei ist nicht signiert]
S3 hwdatacard; C:\Windows\system32\DRIVERS\ewusbmdm.sys [121600 2012-12-03] (Huawei Technologies Co., Ltd.) [Datei ist nicht signiert]
R1 IDSVia64; C:\Program Files (x86)\Norton Security\NortonData\22.5.0.124\Definitions\IPSDefs\20160508.001\IDSvia64.sys [767224 2016-02-13] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Security\NortonData\22.5.0.124\Definitions\VirusDefs\20160511.023\ENG64.SYS [138488 2016-02-19] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security\NortonData\22.5.0.124\Definitions\VirusDefs\20160511.023\EX64.SYS [2148080 2016-02-19] (Symantec Corporation)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-08-25] (Dritek System Inc.)
R3 SRTSP; C:\Windows\System32\Drivers\NSx64\1606000.08E\SRTSP64.SYS [928504 2016-02-24] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NSx64\1606000.08E\SRTSPX64.SYS [50936 2015-07-11] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NSx64\1606000.08E\SYMEFASI64.SYS [1621232 2016-02-24] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NSx64\1606000.08E\SymELAM.sys [24192 2015-07-11] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-07-27] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NSx64\1606000.08E\Ironx64.SYS [295664 2016-02-24] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NSx64\1606000.08E\SYMNETS.SYS [577768 2016-02-24] (Symantec Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2016-04-04] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2016-04-04] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2016-04-04] (Microsoft Corporation)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-05-12 21:51 - 2016-05-12 21:52 - 00020504 _____ C:\Users\*****\Desktop\FRST.txt
2016-05-12 21:51 - 2016-05-12 21:51 - 02381312 _____ (Farbar) C:\Users\****\Desktop\FRST64.exe
2016-05-12 21:51 - 2016-05-12 21:51 - 00000000 ____D C:\FRST
2016-05-11 14:19 - 2016-04-22 22:54 - 25816576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-05-11 14:19 - 2016-04-22 22:06 - 20349952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-05-11 14:19 - 2016-04-22 21:19 - 15414784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-05-11 14:19 - 2016-04-22 20:54 - 13811200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-05-11 14:19 - 2016-04-06 23:13 - 00561960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-05-11 14:19 - 2016-04-06 23:13 - 00137976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncrypt.dll
2016-05-11 14:19 - 2016-04-06 20:20 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2016-05-11 14:19 - 2016-04-06 20:19 - 00401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-05-11 14:19 - 2016-04-06 20:19 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-05-11 14:19 - 2016-04-06 19:49 - 00120384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncrypt.dll
2016-05-11 14:19 - 2016-04-06 19:40 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2016-05-11 14:19 - 2016-04-06 18:57 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-05-11 14:19 - 2016-04-06 18:52 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-05-11 14:19 - 2016-04-06 18:20 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2016-05-11 14:19 - 2016-04-06 17:48 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-05-11 14:18 - 2016-04-22 22:15 - 00571904 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-05-11 14:18 - 2016-04-22 22:14 - 02893312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-05-11 14:18 - 2016-04-22 22:08 - 06052864 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-05-11 14:18 - 2016-04-22 22:00 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-05-11 14:18 - 2016-04-22 21:35 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-05-11 14:18 - 2016-04-22 21:29 - 02285568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-05-11 14:18 - 2016-04-22 21:24 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-05-11 14:18 - 2016-04-22 21:23 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-05-11 14:18 - 2016-04-22 21:17 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2016-05-11 14:18 - 2016-04-22 21:14 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-05-11 14:18 - 2016-04-22 21:14 - 00725504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-05-11 14:18 - 2016-04-22 21:14 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-05-11 14:18 - 2016-04-22 21:12 - 02131968 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-05-11 14:18 - 2016-04-22 20:58 - 04611072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-05-11 14:18 - 2016-04-22 20:58 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-05-11 14:18 - 2016-04-22 20:53 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2016-05-11 14:18 - 2016-04-22 20:52 - 02596864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-05-11 14:18 - 2016-04-22 20:52 - 00693248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-05-11 14:18 - 2016-04-22 20:52 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-05-11 14:18 - 2016-04-22 20:51 - 02056192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-05-11 14:18 - 2016-04-22 20:40 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-05-11 14:18 - 2016-04-22 20:29 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-05-11 14:18 - 2016-04-22 20:27 - 02121216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-05-11 14:18 - 2016-04-22 20:24 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-05-11 14:18 - 2016-04-22 20:23 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-05-11 14:13 - 2016-04-10 09:48 - 00738096 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10level9.dll
2016-05-11 14:13 - 2016-04-10 09:48 - 00613624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10level9.dll
2016-05-11 14:13 - 2016-04-10 06:14 - 01380600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-05-11 14:13 - 2016-04-10 00:07 - 01097728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-05-11 14:13 - 2016-04-09 23:58 - 00534016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2016-05-11 14:13 - 2016-04-09 23:50 - 00375296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2016-05-11 14:13 - 2016-03-31 08:50 - 01307328 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2016-05-11 14:13 - 2016-03-31 05:40 - 00747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2016-05-11 14:13 - 2016-03-12 02:49 - 02466136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-05-11 14:13 - 2016-03-12 02:47 - 00160160 _____ (Microsoft Corporation) C:\WINDOWS\system32\IPHLPAPI.DLL
2016-05-11 14:13 - 2016-03-12 02:47 - 00121912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IPHLPAPI.DLL
2016-05-11 14:13 - 2016-03-10 18:55 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\webio.dll
2016-05-11 14:13 - 2016-03-10 18:42 - 00413696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webio.dll
2016-05-11 14:12 - 2016-04-10 06:21 - 01763376 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-05-11 14:12 - 2016-04-10 06:21 - 01489088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-05-11 14:12 - 2016-03-29 03:42 - 07446368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-05-11 14:12 - 2016-03-14 18:50 - 00316760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2016-05-11 14:12 - 2016-03-10 19:03 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsparse.dll
2016-05-11 14:12 - 2016-03-10 18:48 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsparse.dll
2016-05-11 14:12 - 2016-03-05 19:44 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2016-05-11 14:12 - 2016-03-05 19:04 - 00192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2016-05-11 14:12 - 2016-02-27 20:28 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-05-11 14:12 - 2016-02-27 19:57 - 03273728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2016-05-11 14:12 - 2016-02-27 19:19 - 03820544 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2016-05-11 14:12 - 2016-02-27 18:32 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-05-11 14:11 - 2016-04-10 07:37 - 01549144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-05-11 14:11 - 2016-04-10 01:29 - 04169216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-05-11 14:09 - 2016-04-11 08:21 - 00074584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2016-05-01 19:10 - 2016-05-01 19:10 - 13570423 _____ C:\Users\****\Desktop\****.pdf
2016-04-13 18:31 - 2016-03-10 18:48 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
2016-04-13 18:30 - 2016-03-11 16:48 - 00833024 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-04-13 18:30 - 2016-03-10 19:03 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2016-04-13 18:30 - 2016-02-02 20:16 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys
2016-04-13 18:29 - 2016-05-11 14:08 - 01737088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-04-13 18:29 - 2016-05-11 14:08 - 01663184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-04-13 18:29 - 2016-05-11 14:08 - 01523208 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-04-13 18:29 - 2016-05-11 14:08 - 01501488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-04-13 18:29 - 2016-05-11 14:08 - 01490120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-04-13 18:29 - 2016-05-11 14:08 - 01358952 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-04-13 18:29 - 2016-05-11 14:08 - 00246784 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-04-13 18:29 - 2016-03-31 01:56 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2016-04-13 18:29 - 2016-03-31 01:56 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2016-04-13 18:29 - 2016-03-31 01:55 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2016-04-13 18:29 - 2016-03-31 01:30 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2016-04-13 18:29 - 2016-03-31 01:30 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2016-04-13 18:29 - 2016-03-03 18:47 - 02345472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2016-04-13 18:29 - 2016-03-03 18:33 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2016-04-13 18:29 - 2016-03-03 03:39 - 01661576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-04-13 18:29 - 2016-03-03 03:39 - 01212248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-04-13 18:29 - 2016-02-09 03:31 - 22365472 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-04-13 18:29 - 2016-02-05 21:07 - 00378712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-04-13 18:29 - 2016-02-05 17:11 - 00845312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2016-04-13 18:29 - 2016-02-05 17:11 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2016-04-13 18:29 - 2016-02-05 17:07 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2016-04-13 18:29 - 2016-02-05 17:02 - 01083904 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2016-04-13 18:29 - 2016-02-05 16:46 - 01455104 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2016-04-13 18:29 - 2016-02-04 20:07 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpsapi.dll
2016-04-13 18:29 - 2016-02-04 19:35 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpsapi.dll
2016-04-13 18:29 - 2016-02-04 18:23 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2016-04-13 18:29 - 2016-02-04 18:22 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2016-04-13 18:29 - 2016-02-03 17:14 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\IPMIDrv.sys
2016-04-13 18:29 - 2016-02-03 17:11 - 01673728 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2016-04-13 18:29 - 2016-02-02 19:51 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmAuto.dll
2016-04-13 18:29 - 2016-02-02 19:19 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmAuto.dll
2016-04-13 18:29 - 2016-02-02 19:15 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2016-04-13 18:29 - 2016-02-02 19:01 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmAgent.dll
2016-04-13 18:29 - 2016-02-02 18:51 - 02609152 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2016-04-13 18:29 - 2016-02-02 18:48 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmWmiPl.dll
2016-04-13 18:29 - 2016-02-02 18:46 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmAgent.dll
2016-04-13 18:29 - 2016-02-02 18:41 - 02170880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2016-04-13 18:29 - 2016-02-02 18:39 - 00236032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmWmiPl.dll
2016-04-13 18:29 - 2016-01-27 17:18 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2016-04-13 18:29 - 2016-01-26 21:15 - 00072024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vpci.sys
2016-04-13 18:29 - 2016-01-21 21:35 - 00952928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-04-13 18:29 - 2016-01-21 20:42 - 00786152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-04-13 18:28 - 2016-02-09 03:31 - 19794896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-04-13 18:28 - 2016-02-09 03:31 - 02757616 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-04-13 18:28 - 2016-02-09 03:31 - 02412576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-04-13 18:28 - 2016-02-09 03:31 - 00273264 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-04-13 18:28 - 2016-02-08 22:55 - 02712576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-04-13 18:28 - 2016-02-08 22:15 - 02551808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themecpl.dll
2016-04-13 18:28 - 2016-02-08 22:02 - 01197056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2016-04-13 18:28 - 2016-02-08 21:48 - 12879360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-04-13 18:28 - 2016-02-08 21:43 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-04-13 18:28 - 2016-02-08 21:40 - 00539648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hgcpl.dll
2016-04-13 18:28 - 2016-02-08 21:39 - 00305152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2016-04-13 18:28 - 2016-02-08 21:37 - 00141312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingMonitor.dll
2016-04-13 18:28 - 2016-02-08 21:35 - 00954880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2016-04-13 18:28 - 2016-02-08 21:34 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2016-04-13 18:28 - 2016-02-08 21:33 - 00520192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2016-04-13 18:28 - 2016-02-08 20:50 - 03120640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-04-13 18:28 - 2016-02-08 19:55 - 02592256 _____ (Microsoft Corporation) C:\WINDOWS\system32\themecpl.dll
2016-04-13 18:28 - 2016-02-08 19:33 - 01278464 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2016-04-13 18:28 - 2016-02-08 19:12 - 14466560 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-04-13 18:28 - 2016-02-08 19:02 - 00653824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-04-13 18:28 - 2016-02-08 19:00 - 00599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hgcpl.dll
2016-04-13 18:28 - 2016-02-08 18:58 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2016-04-13 18:28 - 2016-02-08 18:55 - 00173056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingMonitor.dll
2016-04-13 18:28 - 2016-02-08 18:53 - 02171904 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll
2016-04-13 18:28 - 2016-02-08 18:53 - 01348096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-04-13 18:28 - 2016-02-08 18:50 - 01220096 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2016-04-13 18:28 - 2016-02-08 18:50 - 00841728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-04-13 18:28 - 2016-02-08 18:48 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-04-13 18:28 - 2016-02-08 18:47 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2016-04-13 18:28 - 2016-02-08 18:44 - 00955392 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-04-13 18:27 - 2016-04-04 08:35 - 00046768 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-04-13 18:27 - 2016-04-02 15:26 - 01386496 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-04-13 18:27 - 2016-04-02 15:26 - 01169408 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-04-13 18:27 - 2016-03-28 15:21 - 00698368 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-04-13 18:27 - 2016-03-28 15:21 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-04-13 18:27 - 2016-03-28 15:21 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-04-13 18:27 - 2016-03-28 15:21 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-04-13 18:27 - 2016-03-28 15:21 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-04-13 18:27 - 2016-02-02 19:18 - 01574912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbengine.exe
2016-04-13 18:27 - 2016-01-31 19:17 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsAnytimeUpgradeui.exe
2016-04-13 18:27 - 2016-01-22 07:22 - 02487296 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2016-04-13 18:27 - 2016-01-22 07:11 - 01482240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2016-04-13 18:27 - 2016-01-21 00:40 - 00099672 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\disk.sys
2016-04-13 18:26 - 2016-03-10 21:17 - 01133752 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-04-13 18:26 - 2016-03-10 19:48 - 00862720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-04-13 18:26 - 2016-03-10 19:43 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-04-13 18:26 - 2016-03-10 18:55 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-04-13 18:26 - 2016-03-10 18:42 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-04-13 18:25 - 2016-03-03 18:13 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2016-04-13 18:24 - 2016-02-07 01:05 - 00551256 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-05-12 21:48 - 2016-04-05 09:48 - 00000937 _____ C:\WINDOWS\Tasks\EPSON XP-225 Series Update {8FC657E6-EBAA-44EA-9A7F-D11B9FC0FC4A}.job
2016-05-12 21:33 - 2014-09-10 10:56 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-05-12 21:32 - 2014-08-05 16:24 - 00605696 ___SH C:\Users\****\Desktop\Thumbs.db
2016-05-12 21:23 - 2016-03-08 19:23 - 00000937 _____ C:\WINDOWS\Tasks\EPSON XP-225 Series Update {D75D1A13-8C20-4FDE-AF0E-C481B240F4CF}.job
2016-05-12 21:20 - 2012-12-11 18:50 - 00000000 ____D C:\Users\****\AppData\Local\ElevatedDiagnostics
2016-05-12 21:19 - 2015-12-09 23:48 - 00000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2016-05-12 21:18 - 2016-04-04 17:21 - 00003974 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{625E70C5-5775-4E96-B5D0-68ED29186B29}
2016-05-12 20:47 - 2014-11-15 21:16 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-05-12 16:53 - 2016-04-04 12:40 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-05-12 16:53 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-05-12 14:53 - 2014-11-21 05:35 - 01776918 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-05-12 14:53 - 2014-11-21 04:45 - 00765582 _____ C:\WINDOWS\system32\perfh007.dat
2016-05-12 14:53 - 2014-11-21 04:45 - 00159366 _____ C:\WINDOWS\system32\perfc007.dat
2016-05-12 14:53 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\Inf
2016-05-12 14:45 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-05-12 14:43 - 2013-08-22 16:44 - 00479848 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-05-12 14:41 - 2013-08-22 15:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-05-11 16:29 - 2016-04-04 13:36 - 00000000 ____D C:\Users\****
2016-05-11 16:29 - 2013-06-10 14:34 - 00000000 ____D C:\Users\****\AppData\Roaming\Skype
2016-05-11 14:38 - 2014-11-21 05:13 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-11 14:37 - 2014-01-06 19:23 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-05-11 14:24 - 2013-01-06 10:17 - 139319312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-05-09 12:32 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2016-05-08 16:56 - 2012-11-07 22:10 - 00000000 ____D C:\Users\****\Desktop\****
2016-05-07 17:11 - 2014-08-03 23:44 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-05-07 16:18 - 2016-04-08 17:02 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2016-05-07 16:18 - 2016-04-08 17:02 - 00000000 ___SD C:\WINDOWS\system32\GWX
2016-05-07 13:18 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-05-04 18:26 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-05-03 03:15 - 2014-11-21 13:01 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-05-03 03:15 - 2014-11-21 13:01 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-01 19:15 - 2016-02-29 12:43 - 00000000 ____D C:\Users\****\Desktop\Bilder *****
2016-05-01 19:15 - 2012-11-07 22:08 - 00000000 ____D C:\Users\****\Desktop\****
2016-05-01 18:39 - 2012-11-07 23:37 - 00000000 ____D C:\Users\****\AppData\Local\CrashDumps
2016-05-01 17:58 - 2012-11-07 22:10 - 00000000 ____D C:\Users\****\Desktop\Eigene Bilder
2016-05-01 17:52 - 2012-11-07 22:10 - 00000000 ____D C:\Users\****\Desktop\****
2016-05-01 17:36 - 2013-06-10 14:34 - 00000000 ____D C:\ProgramData\Skype
2016-05-01 16:30 - 2012-11-07 21:49 - 00000000 ____D C:\Users\****\Desktop\Eigene Dateien
2016-04-29 19:55 - 2012-11-07 21:20 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-988491291-3693754129-3637727364-1001
2016-04-29 19:16 - 2013-08-22 17:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-23 13:02 - 2016-02-14 15:52 - 00000000 ____D C:\Users\****\AppData\Roaming\PDF Architect 4
2016-04-16 11:17 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache
2016-04-15 17:53 - 2013-08-22 17:36 - 00000000 ___RD C:\WINDOWS\ToastData
2016-04-13 18:03 - 2016-04-04 13:54 - 00177488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2016-05-12 16:52
==================== Ende von FRST.txt ============================
Das mit den Logfiles hat nun doch noch geklappt.. Geändert von Helen77 (12.05.2016 um 21:09 Uhr) |
|
14.05.2016, 12:49
| #2 |
| /// TB-Ausbilder   | Windows 8, Malware: Schrift verändert, Programme lassen sich nicht öffnen Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Danke für deine Mitarbeit! Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
|
|
14.05.2016, 13:24
| #3 |
| | Windows 8, Malware: Schrift verändert, Programme lassen sich nicht öffnen Hallo Matthias,
__________________danke für deine Hilfe! Das Programm habe ich durchlaufen lassen, es hat jedoch nichts gefunden. Anbei habe ich das Post-Tag kopiert. Gestern habe ich das aggressive Reparatur-Tool von Norton durchlaufen lassen, dabei wurden zwei auffällige Dateien gefunden. Word habe ich gestern im abgesicherten Modus starten können und dabei merkwürdige Add-ins gefunden, die ich dann deaktiviert habe. Danach habe ich es geschafft, dass ich wieder auf Word zugreifen kann. Code:
ATTFilter 13:59:41.0675 0x03ec TDSS rootkit removing tool 3.1.0.9 Dec 11 2015 22:49:12
13:59:41.0675 0x03ec UEFI system
13:59:48.0543 0x03ec ============================================================
13:59:48.0543 0x03ec Current date / time: 2016/05/14 13:59:48.0543
13:59:48.0543 0x03ec SystemInfo:
13:59:48.0543 0x03ec
13:59:48.0543 0x03ec OS Version: 6.3.9600 ServicePack: 0.0
13:59:48.0543 0x03ec Product type: Workstation
13:59:48.0543 0x03ec ComputerName: ****
13:59:48.0543 0x03ec UserName: ****
13:59:48.0543 0x03ec Windows directory: C:\WINDOWS
13:59:48.0543 0x03ec System windows directory: C:\WINDOWS
13:59:48.0543 0x03ec Running under WOW64
13:59:48.0543 0x03ec Processor architecture: Intel x64
13:59:48.0543 0x03ec Number of processors: 2
13:59:48.0543 0x03ec Page size: 0x1000
13:59:48.0543 0x03ec Boot type: Normal boot
13:59:48.0543 0x03ec ============================================================
13:59:50.0262 0x03ec KLMD registered as C:\WINDOWS\system32\drivers\74903075.sys
13:59:55.0108 0x03ec System UUID: {B59A75F9-D16A-0A9E-0C91-D2E8EA913C6C}
14:00:03.0316 0x03ec Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:00:03.0347 0x03ec ============================================================
14:00:03.0347 0x03ec \Device\Harddisk0\DR0:
14:00:03.0379 0x03ec GPT partitions:
14:00:03.0379 0x03ec \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {7137B17C-345F-4467-B09F-485DF48962BB}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0xC8000
14:00:03.0379 0x03ec \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {366D2665-2FE3-41DB-9140-FA17D4EB4F94}, Name: EFI system partition, StartLBA 0xC8800, BlocksNum 0x96000
14:00:03.0379 0x03ec \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {58F9B49E-2B4E-415A-8F4E-4F6D45B2F4DE}, Name: Microsoft reserved partition, StartLBA 0x15E800, BlocksNum 0x40000
14:00:03.0379 0x03ec \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {57AA7436-D7EC-4214-B40B-0DF7A02102DF}, Name: Basic data partition, StartLBA 0x19E800, BlocksNum 0x37B80000
14:00:03.0379 0x03ec \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {A6CCA49D-412C-4FCB-8875-AE562DF14ABC}, Name: , StartLBA 0x37D1E800, BlocksNum 0xE2000
14:00:03.0379 0x03ec \Device\Harddisk0\DR0\Partition6: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {48EA0317-5D8C-4ADA-956F-3A9EDCB30C00}, Name: Basic data partition, StartLBA 0x37E00800, BlocksNum 0x2585800
14:00:03.0379 0x03ec MBR partitions:
14:00:03.0379 0x03ec ============================================================
14:00:03.0410 0x03ec C: <-> \Device\Harddisk0\DR0\Partition4
14:00:03.0410 0x03ec ============================================================
14:00:03.0410 0x03ec Initialize success
14:00:03.0410 0x03ec ============================================================
14:00:47.0454 0x17f8 ============================================================
14:00:47.0454 0x17f8 Scan started
14:00:47.0454 0x17f8 Mode: Manual; SigCheck; TDLFS;
14:00:47.0454 0x17f8 ============================================================
14:00:47.0454 0x17f8 KSN ping started
14:00:49.0892 0x17f8 KSN ping finished: true
14:00:51.0517 0x17f8 ================ Scan system memory ========================
14:00:51.0517 0x17f8 System memory - ok
14:00:51.0517 0x17f8 ================ Scan services =============================
14:00:51.0861 0x17f8 [ E1832BD9FD7E0FC2DC9FA5935DE3E8C1, 41FF7418887AFC8B9C96EF21C5950DD342CC9E3C0D87AFD60A05B988C1D6CC23 ] 1394ohci C:\WINDOWS\System32\drivers\1394ohci.sys
14:00:52.0064 0x17f8 1394ohci - ok
14:00:52.0111 0x17f8 [ AD508A1A46EC21B740AB31C28EFDFDB1, 9B1046CF0B80723149BD359B55CC0B8B3ABBEAA9038469F542A4C345C503FB02 ] 3ware C:\WINDOWS\system32\drivers\3ware.sys
14:00:52.0158 0x17f8 3ware - ok
14:00:52.0221 0x17f8 [ E796AE43DDD1844281DB4D57294D17C0, 21AE69615044A96041E46476BE814B52C22624B6C7EA6BFC77BB64F69C3C21F5 ] ACPI C:\WINDOWS\system32\drivers\ACPI.sys
14:00:52.0314 0x17f8 ACPI - ok
14:00:52.0330 0x17f8 [ AC8279D229398BCF05C3154ADCA86813, 083E86CBE53244D24C334DB1511C77025133AE7875191845764B890A8CA5AFA9 ] acpiex C:\WINDOWS\system32\Drivers\acpiex.sys
14:00:52.0377 0x17f8 acpiex - ok
14:00:52.0392 0x17f8 [ A8970D9BF23CD309E0403978A1B58F3F, 9946C8477104EEC7DB197E2222F9905307F101C398CCED4B5FD0F86A5622C791 ] acpipagr C:\WINDOWS\System32\drivers\acpipagr.sys
14:00:52.0439 0x17f8 acpipagr - ok
14:00:52.0471 0x17f8 [ 111A89C99C5B4F1A7BCE5F643DD86F65, 41A2E49FF443927D05F7EF638518108227852984E68D4663C8761178C0B84A45 ] AcpiPmi C:\WINDOWS\System32\drivers\acpipmi.sys
14:00:52.0533 0x17f8 AcpiPmi - ok
14:00:52.0549 0x17f8 [ 5758387D68A20AE7D3245011B07E36E7, 77832E200E8B0D259552F6F60FE454A887E3EBBB9EA2F3590E6645289A04E293 ] acpitime C:\WINDOWS\System32\drivers\acpitime.sys
14:00:52.0596 0x17f8 acpitime - ok
14:00:52.0689 0x17f8 [ F2CEEE9ABBCEF207ACB103215AC28BC2, F8F8B8AF6317926D7AC0CA2CA23628B2C69327A2792D58D3328443C5ED9514E9 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:00:52.0721 0x17f8 AdobeARMservice - ok
14:00:52.0861 0x17f8 [ A9D55370A0CBADD1E1E2B4796ACD26DF, 9FD0C2B1206321B34D97FF3D01C5C811022DA76DA667DB6ECCF2746437A706A2 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:00:52.0908 0x17f8 AdobeFlashPlayerUpdateSvc - ok
14:00:53.0174 0x17f8 [ 7C1FDF1B48298CBA7CE4BDD4978951AD, 80F4D536E1231B30E836F72ADC8814AE6AA9FEC573FB5F3F965FAC8ABCCAF0F8 ] ADP80XX C:\WINDOWS\system32\drivers\ADP80XX.SYS
14:00:53.0299 0x17f8 ADP80XX - ok
14:00:53.0346 0x17f8 [ BCD58DACAA1EAAADC115EDD940478F6D, F31613F583C302F62A00E6766B031531C9E193CAED563689B178BA257715B992 ] AeLookupSvc C:\WINDOWS\System32\aelupsvc.dll
14:00:53.0439 0x17f8 AeLookupSvc - ok
14:00:53.0502 0x17f8 [ A460C3AF3755A2A79A3C8EFE72E147B5, 62CEA85DA53D86D3E7B5D79F94095C6126FFF3DEE1427BBF3DEF5EA366B4513B ] AFD C:\WINDOWS\system32\drivers\afd.sys
14:00:53.0611 0x17f8 AFD - ok
14:00:53.0642 0x17f8 [ 7DFAEBA9AD62D20102B576D5CAC45EC8, 9FA5207335303D1E8E9A3C9E1FB82C09AD21B04382F69D777A67E48EE91D2093 ] agp440 C:\WINDOWS\system32\drivers\agp440.sys
14:00:53.0674 0x17f8 agp440 - ok
14:00:53.0721 0x17f8 [ FE14D249D39368CA62D8DA6BC94AC694, E1036E22BFBD3750FD2D3DA6AB939B2DD54E824F4BD3E6539EF0E45AB5453DD1 ] ahcache C:\WINDOWS\system32\DRIVERS\ahcache.sys
14:00:53.0783 0x17f8 ahcache - ok
14:00:53.0861 0x17f8 [ 14A45BE6F5678339F0EC5752D9849410, DD0F60E96FAC68FBD5B86382E541408C613BD0F871D0E0A1EF9AB6E7B26E545C ] ALG C:\WINDOWS\System32\alg.exe
14:00:53.0924 0x17f8 ALG - ok
14:00:53.0955 0x17f8 [ 7589DE749DB6F71A68489DCE04158729, 5F35EDD50737985595C9D6703237CA2ADE49AA5443331020899698EB5114A0FB ] AmdK8 C:\WINDOWS\System32\drivers\amdk8.sys
14:00:54.0017 0x17f8 AmdK8 - ok
14:00:54.0049 0x17f8 [ B46D2D89AFF8A9490FA8C98C7A5616E3, BE0765B5423B690E0F097FECD9717FAA95BFDFFDC6CF1B93DE5A19A1B7797879 ] AmdPPM C:\WINDOWS\System32\drivers\amdppm.sys
14:00:54.0096 0x17f8 AmdPPM - ok
14:00:54.0159 0x17f8 [ D2BF2F94A47D332814910FD47C6BBCD2, FE273D77D119D958676E1197D9EA7B008E3B05C6192B1962A81D4223ED204C35 ] amdsata C:\WINDOWS\system32\drivers\amdsata.sys
14:00:54.0190 0x17f8 amdsata - ok
14:00:54.0237 0x17f8 [ A8E04943C7BBA7219AA50400272C3C6E, 794C0BD12DF0392654E9A37AE4A24B5BE2D83F1F24F74DD48A1A0BF3AB8B1FF8 ] amdsbs C:\WINDOWS\system32\drivers\amdsbs.sys
14:00:54.0299 0x17f8 amdsbs - ok
14:00:54.0330 0x17f8 [ CEA5F4F27CFC08E3A44D576811B35F50, 89DF64B81BD109BAABAE93A4603C1617241219F38DDAF325EFE6BD35FF6FD717 ] amdxata C:\WINDOWS\system32\drivers\amdxata.sys
14:00:54.0362 0x17f8 amdxata - ok
14:00:54.0393 0x17f8 [ 415DD71628795197F7AFC176CBADC74E, 5F0359053A6CD6EE239139E0E6F46E1FA9A73F017C0CE9B7BC052216B2C846EC ] AppID C:\WINDOWS\system32\drivers\appid.sys
14:00:54.0455 0x17f8 AppID - ok
14:00:54.0502 0x17f8 [ 88358135810B9DFD830A9D3A8C3D149A, DF914DA3828EE2310895D156342E3B3DF5E8C6F6F9B851C359E82A1F48180D4B ] AppIDSvc C:\WINDOWS\System32\appidsvc.dll
14:00:54.0565 0x17f8 AppIDSvc - ok
14:00:54.0596 0x17f8 [ 680BFB820C5A943AB709BAA2B1EF27F2, A51D2A7976A762FE470C13C6D1BA0319A0FB19C9E66BF02AA44F83EAEC7130F8 ] Appinfo C:\WINDOWS\System32\appinfo.dll
14:00:54.0674 0x17f8 Appinfo - ok
14:00:54.0784 0x17f8 [ 2D564BB1C4559A517B390A031955714D, 3048C187FD107C958D43DD8B954AB55FDD1BC538D3E0066CBFCB428C7A8A87E1 ] Apple Mobile Device Service C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:00:54.0815 0x17f8 Apple Mobile Device Service - ok
14:00:54.0877 0x17f8 [ 35E28923A23ADABAA5A1B43256D0AB58, A5F3AF8BBEE58B2165BAFACC5FF8B167B55B020998D3D1565C2229ED8753B269 ] AppReadiness C:\WINDOWS\system32\AppReadiness.dll
14:00:54.0987 0x17f8 AppReadiness - ok
14:00:55.0112 0x17f8 [ E0F846ADE7DED88981D0908DE56FF160, D8F536438091878724A5004849306ADFB96A2778A9D958ED3DCC0CD9E35160BB ] AppXSvc C:\WINDOWS\system32\appxdeploymentserver.dll
14:00:55.0299 0x17f8 AppXSvc - ok
14:00:55.0330 0x17f8 [ 65045784366F7EC5FB4E71BCF923187B, 53C215C64FF12E44B097F7CB88E8482438CE0ACBD3C68D8FD38BA0D0D8747FAA ] arcsas C:\WINDOWS\system32\drivers\arcsas.sys
14:00:55.0377 0x17f8 arcsas - ok
14:00:55.0409 0x17f8 [ 74B14192CF79A72F7536B27CB8814FBD, 0CF6BBB63FFE0C12777664D80B2797923844C8392D0FD81D7962EE5EE2C3C3D9 ] atapi C:\WINDOWS\system32\drivers\atapi.sys
14:00:55.0440 0x17f8 atapi - ok
14:00:55.0721 0x17f8 [ 2C7676F892E88FD190F08D98048C7C6C, 44C13C103F61DA4D1A3823D37344F8C9465A611A9560808CE928925FB69604F7 ] athr C:\WINDOWS\system32\DRIVERS\athw8x.sys
14:00:56.0096 0x17f8 athr - ok
14:00:56.0163 0x17f8 [ 431FE56F5A2F5937994CB2DA330B47DB, E5AED551529A21494114959251FDF566802DD6D9B9D86A937A0EECE53338CAC7 ] AudioEndpointBuilder C:\WINDOWS\System32\AudioEndpointBuilder.dll
14:00:56.0257 0x17f8 AudioEndpointBuilder - ok
14:00:56.0366 0x17f8 [ 0F03CC00645D7F841879A048787D6AC7, 3ECD2486157469F2EDB63D4868338D1445F2909153DF0AFFE432083730EEE3F5 ] Audiosrv C:\WINDOWS\System32\Audiosrv.dll
14:00:56.0491 0x17f8 Audiosrv - ok
14:00:56.0538 0x17f8 [ 3C6ED74AF41DD1A5585CE5EF3D00915F, A742F576407776634E5A8E49C60023FFDF395DE0B2DE36662A23F85B79405ED2 ] AxInstSV C:\WINDOWS\System32\AxInstSV.dll
14:00:56.0585 0x17f8 AxInstSV - ok
14:00:56.0663 0x17f8 [ A4A73F631FE2AA2826FBE4A399B04DEF, 973AACE8DC8DA669D0DF20F17EFDEEABB90AA046AC980948D16A62D39A606A79 ] b06bdrv C:\WINDOWS\system32\drivers\bxvbda.sys
14:00:56.0757 0x17f8 b06bdrv - ok
14:00:56.0788 0x17f8 [ 458AF8D6C7B837B3169750254E531095, 0CA3DB39C706A06D90B95D7377A0FEBEFBBBFAD69F7F5087F7DF128C69D674D9 ] b57xdbd C:\WINDOWS\System32\drivers\b57xdbd.sys
14:00:56.0835 0x17f8 b57xdbd - ok
14:00:56.0866 0x17f8 [ B97D9ADFEB4F0AADD3DAC9F8D427AA7A, 1F52B09264715192ED73A2871254675425C211BDBFF3575F96A85DE0411B5D7A ] b57xdmp C:\WINDOWS\System32\drivers\b57xdmp.sys
14:00:56.0897 0x17f8 b57xdmp - ok
14:00:56.0928 0x17f8 [ 8CC7F7E4AFCBA605921B137ED7992C68, 71406E6D6E9964740A6D90B05329D5492BB90AF40E0630CF2FBF4BA4BA14F2DD ] BasicDisplay C:\WINDOWS\System32\drivers\BasicDisplay.sys
14:00:56.0991 0x17f8 BasicDisplay - ok
14:00:57.0007 0x17f8 [ 38A82F4EE8C416A6744B6D30381ED768, 9EAAE5F43BA09359130AC04B1DCA0F5D4DF32ED89C02DC5CEB640918948847F7 ] BasicRender C:\WINDOWS\System32\drivers\BasicRender.sys
14:00:57.0085 0x17f8 BasicRender - ok
14:00:57.0100 0x17f8 [ C1ABB0F7E3BEA48A0417BDF6FF14AB21, 1CAC63A1A0FB9855A27EE977794576A860F6650C9EF7667FFB27F2A2FF721857 ] bcmfn2 C:\WINDOWS\System32\drivers\bcmfn2.sys
14:00:57.0132 0x17f8 bcmfn2 - ok
14:00:57.0178 0x17f8 [ 4B6F61BD394DCEDA9B06D702836531C2, 83C739467BD9A00FE09BCE83BB9409EA2DA62FCDD2384F9EE98626226223E918 ] BDESVC C:\WINDOWS\System32\bdesvc.dll
14:00:57.0272 0x17f8 BDESVC - ok
14:00:57.0319 0x17f8 [ EC19013E4CF87609534165DF897274D6, 8ED45537CF2D58D759A587CCBFDADD5580C7447B0C3B172CF19ECC7585E073FC ] Beep C:\WINDOWS\system32\drivers\Beep.sys
14:00:57.0366 0x17f8 Beep - ok
14:00:57.0444 0x17f8 [ 5059D93764340D4EAEDF49C47133118F, 26C5779469E04BEAFD290B619CA355648F3911C66D41B22D2C3DCA909FCA0F6E ] BFE C:\WINDOWS\System32\bfe.dll
14:00:57.0585 0x17f8 BFE - ok
14:00:57.0803 0x17f8 [ 21F9843380D6151AE0E220B6CE73B9E4, 295142D36FEB1A993DACAA3302789877DDCB3EB527E4B0BA6A55AAC8975600D6 ] BHDrvx64 C:\Program Files (x86)\Norton Security\NortonData\22.5.0.124\Definitions\BASHDefs\20160502.001\BHDrvx64.sys
14:00:57.0944 0x0468 Object required for P2P: [ CEA5F4F27CFC08E3A44D576811B35F50 ] amdxata
14:00:58.0007 0x17f8 BHDrvx64 - ok
14:00:58.0119 0x17f8 [ 48554994279BFE17A3D2B00076D0CB1A, 6521B1EC0BC6B01F63976370D89FE7DC2E7404899F68B6FAC37A9173B9C5D489 ] BITS C:\WINDOWS\System32\qmgr.dll
14:00:58.0275 0x17f8 BITS - ok
14:00:58.0369 0x17f8 [ B5C2F92EE1106DFE7BB1CCE4D35B6037, E399C390687589194D8AAD385055F0CFA7D52AD9E837D8FF95008B8EB2B34E50 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
14:00:58.0447 0x17f8 Bonjour Service - ok
14:00:58.0478 0x17f8 [ 6B4FFFDDC618FCF64473CAA86E305697, 29EA66071D5822920F5C50533673ADAB5204F8B25C11027AD27450D881F1142D ] bowser C:\WINDOWS\system32\DRIVERS\bowser.sys
14:00:58.0541 0x17f8 bowser - ok
14:00:58.0603 0x17f8 [ FA601515FF2B59F25FDD8EDB1D2A1104, 21DFB53241F8E880F7546B9ADF38F47D6AD0782EC7F8F0284ED69DE7CEF7DCB9 ] BrokerInfrastructure C:\WINDOWS\System32\bisrv.dll
14:00:58.0681 0x17f8 BrokerInfrastructure - ok
14:00:58.0697 0x17f8 [ BC111AADACD0BF59D56547461D13AB6E, 91E3619930C29EE4B2683683888BA7EE3CF6B1DDB0C19A14E0880470CBE40EF4 ] Browser C:\WINDOWS\System32\browser.dll
14:00:58.0775 0x17f8 Browser - ok
14:00:58.0822 0x17f8 [ 0E9B28782D0E5DE7C25207432B791B33, FE33E3B27BEED03922DB2565DECC0E12F8CD586B5060EE4A1A87FF99EEC77B22 ] bScsiMSa C:\WINDOWS\System32\drivers\bScsiMSa.sys
14:00:58.0837 0x17f8 bScsiMSa - ok
14:00:58.0884 0x17f8 [ 8168FE3CA8C6C3F18137FF422F3C37DE, 5C0906D50D3585A2850316072FFC8726A70BCFBE7AFB17EE69A70A736125AD7A ] bScsiSDa C:\WINDOWS\System32\drivers\bScsiSDa.sys
14:00:58.0916 0x17f8 bScsiSDa - ok
14:00:58.0947 0x17f8 [ A8F23D453A424FF4DE04989C4727ECC7, AE4A9081395C7379F1C947EF8243F7609F90C843E086B8E77E1A2C06E36D4381 ] BthAvrcpTg C:\WINDOWS\System32\drivers\BthAvrcpTg.sys
14:00:58.0994 0x17f8 BthAvrcpTg - ok
14:00:59.0041 0x17f8 [ 272A62B660A48AEF366F8A1836CED19F, 78EFAC6B1B2313482329BBFFBF0DDA6462BD88E5BE3C817C5E8E0EAF3074C925 ] BthHFEnum C:\WINDOWS\System32\drivers\bthhfenum.sys
14:00:59.0087 0x17f8 BthHFEnum - ok
14:00:59.0119 0x17f8 [ 71FE2A48E4C93DDB9798C024880B6C07, 8E93DE29C61A5FA64216231228CB3C4A1A693FE87CAA2C070BCAD7BE2D8ED000 ] bthhfhid C:\WINDOWS\System32\drivers\BthHFHid.sys
14:00:59.0150 0x17f8 bthhfhid - ok
14:00:59.0212 0x17f8 [ 9307A4B743D277C499CDA8E19E5687AC, 7A01989EC3D54581F292BDEDC9B9445F2ABD50165102617E3089BDD061C63A19 ] BthHFSrv C:\WINDOWS\System32\BthHFSrv.dll
14:00:59.0291 0x17f8 BthHFSrv - ok
14:00:59.0337 0x17f8 [ EF4B9E7C9AD88C00C18A12B0D22D1894, 672537E75201E690D86CD65252B8AEF887C76EBD37AB0C419462D69164B350CC ] BTHMODEM C:\WINDOWS\System32\drivers\bthmodem.sys
14:00:59.0400 0x17f8 BTHMODEM - ok
14:00:59.0431 0x17f8 [ 043A0F37631BF453F16D478B71320F46, C368296B802984F438852927B8A40EA3F4205724A05828F3173F08EC17228356 ] bthserv C:\WINDOWS\system32\bthserv.dll
14:00:59.0494 0x17f8 bthserv - ok
14:00:59.0666 0x17f8 [ DF86BED1D3EF519E33C6816A96C7BF9D, 435E61A03E1E56C7D727DE8C401B8D71BD599B188270645F66744B04A5EB27E1 ] c2cautoupdatesvc C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
14:00:59.0822 0x17f8 c2cautoupdatesvc - ok
14:00:59.0963 0x17f8 [ 461743EB55ABCE22AA2D330552E95A3F, AFF85E1AEEF57B9F0403DE21B7BCAB356217001937B09AC3C2F8B1056E0A0605 ] c2cpnrsvc C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
14:01:00.0150 0x17f8 c2cpnrsvc - ok
14:01:00.0384 0x17f8 [ F9709CC185D19D73F036CF2E47B6DEA5, 9A811FF234EC256A3A9ACDE7CFA23D9797321010E70CA3C2824AB8BBF07B80C0 ] CCDMonitorService C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
14:01:00.0447 0x0468 Object send P2P result: true
14:01:00.0588 0x17f8 CCDMonitorService - ok
14:01:00.0666 0x17f8 [ 5A1C7DBDDB001BC6F1D1720E655445E2, 07A766C804D0709936FF18A2F67C49D6499BEF9CEEB1EF69F654A35268A11027 ] ccSet_NS C:\WINDOWS\system32\drivers\NSx64\1606000.08E\ccSetx64.sys
14:01:00.0728 0x17f8 ccSet_NS - ok
14:01:00.0775 0x17f8 [ 2FA6510E33F7DEFEC03658B74101A9B9, 61C8C8E3F09B427711464C974EE22E1E01C48E10DB54A4EC9901F482FC36C978 ] cdfs C:\WINDOWS\system32\DRIVERS\cdfs.sys
14:01:00.0838 0x17f8 cdfs - ok
14:01:00.0884 0x17f8 [ C6796EA22B513E3457514D92DCDB1A3D, 2B893F3950C6B913B934C2089B69F3B0B77F229AE1820907E598455CBB78139C ] cdrom C:\WINDOWS\System32\drivers\cdrom.sys
14:01:00.0947 0x17f8 cdrom - ok
14:01:00.0994 0x17f8 [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] CertPropSvc C:\WINDOWS\System32\certprop.dll
14:01:01.0072 0x17f8 CertPropSvc - ok
14:01:01.0103 0x17f8 [ BE9936EDD3267FAAFF94A7835867F00B, 3CEEF2377D45ED38C7CD3CE4C746EC5EA7277EFEC728A5438F0EF5F62FC7C859 ] circlass C:\WINDOWS\System32\drivers\circlass.sys
14:01:01.0150 0x17f8 circlass - ok
14:01:01.0213 0x17f8 [ 8EB7E70C2D348FE2476A2E3F2D585E3D, 2B5D407FACF1D049261026CC552A7C93B028A661B0F4E959815EAE7670054127 ] CLFS C:\WINDOWS\system32\drivers\CLFS.sys
14:01:01.0291 0x17f8 CLFS - ok
14:01:01.0369 0x17f8 [ EF6EF85DADC3184A10D8F2F7159973CB, 42FCB286CED95A5DEBC5C0C894FCBC4818A2C818BB71087142FB51A08A0BE96B ] CmBatt C:\WINDOWS\System32\drivers\CmBatt.sys
14:01:01.0431 0x17f8 CmBatt - ok
14:01:01.0510 0x17f8 [ 6A48941C527C8C51051A1514C5B23A31, B0553DAE1F70DB43F2FB3BE699B80783B7943CDE8B31FB3AAB98E689971DFA51 ] CNG C:\WINDOWS\system32\Drivers\cng.sys
14:01:01.0603 0x17f8 CNG - ok
14:01:01.0635 0x17f8 [ 03AAED827C36F35D70900558B8274905, 8E44A23C6013FFAE7769F99CAA3B1D6288DE00A38937F9056903AC265B503AFA ] CompositeBus C:\WINDOWS\System32\drivers\CompositeBus.sys
14:01:01.0681 0x17f8 CompositeBus - ok
14:01:01.0697 0x17f8 COMSysApp - ok
14:01:01.0713 0x17f8 [ A1FF7DFBFBE164CF92603C651D304DD2, 470ACE5A75E64FC62C950037201199857E974803625DC73BEDBCF6FA4DDD496C ] condrv C:\WINDOWS\system32\drivers\condrv.sys
14:01:01.0775 0x17f8 condrv - ok
14:01:01.0900 0x17f8 [ B18D590BC5220FDB4A747BC16D78ABC7, D46F8B43BAC22E55DE9AFC19CF371B1C4E8D3707163598B2F9884BB31D730C09 ] cphs C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
14:01:01.0978 0x17f8 cphs - ok
14:01:02.0213 0x17f8 [ 6324F0D18FB52833BA64BC828E29054C, 04118FA1BDFC512F76E4A81FEF34C78B6BD98429DB1D65123B6802B4A1E30584 ] CryptSvc C:\WINDOWS\system32\cryptsvc.dll
14:01:02.0275 0x17f8 CryptSvc - ok
14:01:02.0338 0x17f8 [ 389C998C64319CD97625B0550E52ECFA, DD0EDDD9C8412F78D2D2B648D67DA887C3040E05DF29F48F71299CB68FDDD0F8 ] dam C:\WINDOWS\system32\drivers\dam.sys
14:01:02.0369 0x17f8 dam - ok
14:01:02.0463 0x17f8 [ E4220FD9C7F1579D9C5F9DFB00427841, 77740122A01A08F18CC82A4BB3F00EC59F29EE10779092F872572C264F6728D0 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
14:01:02.0635 0x17f8 DcomLaunch - ok
14:01:02.0713 0x17f8 [ 95E1ABFB27F8A62ED764805775F0D2F3, 692865DA60C93481E01592883678B2C51FD9AC9A835DFB00A8E3F2DFEE7AB0ED ] defragsvc C:\WINDOWS\System32\defragsvc.dll
14:01:02.0826 0x17f8 defragsvc - ok
14:01:02.0904 0x17f8 [ FF086DEF5995558CCB1B5AAC2110195D, CED52FF01F9247BFDAFC5C7EFC538F8638146ED715574A422496EE0F846CB079 ] DeviceAssociationService C:\WINDOWS\system32\das.dll
14:01:02.0998 0x17f8 DeviceAssociationService - ok
14:01:03.0092 0x17f8 [ 6EC5098678F3E8724A9F3E151031FEDE, 50D8BF9AC08497FA45C097186BD5C0E85C265DDC40A48491E78249BB7243649D ] DeviceFastLaneService C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe
14:01:03.0154 0x17f8 DeviceFastLaneService - ok
14:01:03.0217 0x17f8 [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] DeviceInstall C:\WINDOWS\system32\umpnpmgr.dll
14:01:03.0295 0x17f8 DeviceInstall - ok
14:01:03.0357 0x17f8 [ A03F362C5557E238CBFA914689C77248, BAD0A1124E6A384C15028FBE121ADF650F7716442555AD3737B9EA1F58A69246 ] Dfsc C:\WINDOWS\system32\Drivers\dfsc.sys
14:01:03.0420 0x17f8 Dfsc - ok
14:01:03.0482 0x17f8 [ 3EEAADA3125431980E5804ED7143458A, 381E12C83E3211C255B321D35536F4049D67E31061F8D82155E4D4509E97F43D ] Dhcp C:\WINDOWS\system32\dhcpcore.dll
14:01:03.0592 0x17f8 Dhcp - ok
14:01:03.0732 0x17f8 [ 21EDAD8188372C912B7BB9B1C6CB0D38, 4A102745DE8A2A82D2C069B30503BF9FF2312A035A82854F84EF9C27E3533CEE ] DiagTrack C:\WINDOWS\system32\diagtrack.dll
14:01:03.0920 0x17f8 DiagTrack - ok
14:01:03.0967 0x17f8 [ 8B1E62881D5AC68E673CD94B136B34AC, A0C50F17041E43AC07B67A74F2C408820316201439F47CDEA37A4F5891CC0E6F ] disk C:\WINDOWS\system32\drivers\disk.sys
14:01:03.0998 0x17f8 disk - ok
14:01:04.0045 0x17f8 [ EB70A894708D1BC176AFD690FF06085F, 0DD2A97F5E1B38D1F7C0D44E50F09EA222B18B3B074CC9C8CD25A7526CB1A112 ] dmvsc C:\WINDOWS\System32\drivers\dmvsc.sys
14:01:04.0076 0x17f8 dmvsc - ok
14:01:04.0154 0x17f8 [ E9AE4FAE83FB38A2962F9032B24CEB3C, CC7D2D8C97CB779791613D76D6E4AF5D628C948C28BAC584C3C7F6A5A6036FBA ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
14:01:04.0264 0x17f8 Dnscache - ok
14:01:04.0311 0x17f8 [ 811EACBCC7C51A03AE11F13CC27B2AB6, FAB94F84950FFB7D3649BAFB8D96D43B880D7FDE8D5B879472AE26C4BC4203B0 ] dot3svc C:\WINDOWS\System32\dot3svc.dll
14:01:04.0389 0x17f8 dot3svc - ok
14:01:04.0420 0x17f8 [ B99CB575986789A93A683DCF292A43A1, 6ACEA31C723B74003E106FC8303542FCC6DBC4952B6B523F6590D006BE57238D ] DPS C:\WINDOWS\system32\dps.dll
14:01:04.0482 0x17f8 DPS - ok
14:01:04.0514 0x17f8 [ 00C594D5A1DBD22AD8B2902B9F6EFF94, 2920D62B5F7C49A8AFA80FCAD1E834BBAA670AEBDD7E6F21F0496D1D3CCB4E90 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
14:01:04.0545 0x17f8 drmkaud - ok
14:01:04.0623 0x17f8 [ 4E2C9C48316B2156B45B58687C7435AC, EDB2C48E10F4E6A2E1F9FDC1C62E5E59C50BA4F7D37CD0BDB11F4F888D5720B3 ] DsiWMIService C:\Program Files (x86)\Launch Manager\dsiwmis.exe
14:01:04.0686 0x17f8 DsiWMIService - ok
14:01:04.0733 0x17f8 [ 263625A4F616538EB867B6306A6590DB, 2A064720C247EAA3446EFDCC9E01D84CBA875905D78DFED0FBD62D1EE422D416 ] DsmSvc C:\WINDOWS\System32\DeviceSetupManager.dll
14:01:04.0795 0x17f8 DsmSvc - ok
14:01:04.0936 0x17f8 [ F74B839FA0F4E6060CA1DA6B8DA17941, EF493E1F55FCD6A8C32B3D5D5809B7EFCCC9829E9A347522D1E6FE080D41BF37 ] DXGKrnl C:\WINDOWS\System32\drivers\dxgkrnl.sys
14:01:05.0125 0x17f8 DXGKrnl - ok
14:01:05.0172 0x17f8 [ E253530BD5EDE28F1FF6AF93C4D8034D, 787A70C3E946348F066FB8EB81FCE60157217D93FD78ADC631B5835E8D76A253 ] Eaphost C:\WINDOWS\System32\eapsvc.dll
14:01:05.0250 0x17f8 Eaphost - ok
14:01:05.0500 0x17f8 [ 114BCFDF367FF37C3F1B0A96AF542E4D, D385BC1D91BC1406091C8C3691C07A90BD60EDE05B1384E5AA3506FCB909C857 ] ebdrv C:\WINDOWS\system32\drivers\evbda.sys
14:01:05.0875 0x17f8 ebdrv - ok
14:01:05.0985 0x17f8 [ E5C10FCFA331D2BA13B211D0454FEA38, 9363545317C655EED282BA1FE7C71B26E2C3599F35E42E7496F413961303A24D ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
14:01:06.0047 0x17f8 eeCtrl - ok
14:01:06.0094 0x17f8 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] EFS C:\WINDOWS\System32\lsass.exe
14:01:06.0125 0x17f8 EFS - ok
14:01:06.0172 0x17f8 [ AD23FC5DB336CA89A6FC2DA1F70E421C, 8C543A0057873B71F19D4D94249D6690F27708FB4D6F4056EC87DF33D7D120EF ] EgisTec Ticket Service C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
14:01:06.0204 0x17f8 EgisTec Ticket Service - ok
14:01:06.0250 0x17f8 [ 43531A5993380CC5113242C29D265FD9, EE0076D96F7F3CF29884AC7A67C08A429115A7201354A1FB5DE45FD63ABB4960 ] EhStorClass C:\WINDOWS\system32\drivers\EhStorClass.sys
14:01:06.0282 0x17f8 EhStorClass - ok
14:01:06.0313 0x17f8 [ 6F8E738A9505A388B1157FDDE7B3101B, 3696CA634102B41EEA11EB9DCA0B24439D8636AED4A7190C138C5E64A2EFB514 ] EhStorTcgDrv C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys
14:01:06.0360 0x17f8 EhStorTcgDrv - ok
14:01:06.0500 0x17f8 [ C9455140176A5D1F05FDA44E5F319856, 2FE7ED1C70BFF238F7EB5CFF76552F272A4C95449A8D5C264E340C46281C1F75 ] ePowerSvc C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
14:01:06.0563 0x17f8 ePowerSvc - ok
14:01:06.0641 0x17f8 [ 340F53AD588007EE063C108783643D0A, C63A80ADB202EC3669FCE9E95EAF7DC416D015BEBBF336C2FB7DF95408390D12 ] EpsonCustomerResearchParticipation C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe
14:01:06.0719 0x17f8 EpsonCustomerResearchParticipation - ok
14:01:06.0766 0x17f8 [ D315FF43E23DF424ECEC2F6C930203E4, 68940EDA34DC4945CDD0D8018D96A0DA8F99F16A930946D14E4FECEE033FCB80 ] EpsonScanSvc C:\Windows\system32\EscSvc64.exe
14:01:06.0797 0x17f8 EpsonScanSvc - ok
14:01:06.0829 0x17f8 [ 2BD3F1059975CE90F8D968DADD790DFF, 9FD4FA7DB54B0E1E4A48863435F728220978A271D2A28BB3E9E112C1A59B1D4C ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
14:01:06.0860 0x17f8 EraserUtilRebootDrv - ok
14:01:06.0891 0x17f8 [ DFFFAE1442BA4076E18EED5E406FA0D3, 329FC6FB8D14BEACDBE2A5D4C496EDEA485E838B1DF27566E278F8F8E0D8E82E ] ErrDev C:\WINDOWS\System32\drivers\errdev.sys
14:01:06.0938 0x17f8 ErrDev - ok
14:01:07.0000 0x17f8 [ 2D055FAB756A79F5221ADF56EAE4CB3B, ED8D2CA2EDBD23C794C1B183DD2622A8273E5767D2417FF923A569D07C85773D ] ETD C:\WINDOWS\system32\DRIVERS\ETD.sys
14:01:07.0047 0x17f8 ETD - ok
14:01:07.0127 0x17f8 [ F00C593994D57C75273F820653440536, 2DC986D9890EC907405FB2045E6F55ACC384169B45F0B56CCB1A953CF71D9A5D ] EventSystem C:\WINDOWS\system32\es.dll
14:01:07.0236 0x17f8 EventSystem - ok
14:01:07.0267 0x17f8 [ 6BB25543428878BAFBC2F8446343B160, 4F0ADDD1BD1CE6F20476E73950FCE4C25C8A90CB84DCB9A7C91EC34FA4C6FBF3 ] ewusbnet C:\WINDOWS\system32\DRIVERS\ewusbnet.sys
14:01:07.0314 0x17f8 ewusbnet - detected UnsignedFile.Multi.Generic ( 1 )
14:01:09.0799 0x17f8 Detect skipped due to KSN trusted
14:01:09.0799 0x17f8 ewusbnet - ok
14:01:09.0830 0x17f8 [ 86F7951BBCEE4A86E79A97306BD14318, 84B52A0392DA53ED71A2C4D483DD93DDF552BF8AC764C7BD47BE0EB58C7C8219 ] ew_hwusbdev C:\WINDOWS\system32\DRIVERS\ew_hwusbdev.sys
14:01:09.0861 0x17f8 ew_hwusbdev - detected UnsignedFile.Multi.Generic ( 1 )
14:01:12.0346 0x17f8 Detect skipped due to KSN trusted
14:01:12.0346 0x17f8 ew_hwusbdev - ok
14:01:12.0393 0x17f8 [ 7729D294A555C7AEB281ED8E4D0E01E4, 7269E79D72CCE477AC108294D0DDFB59CF533B03C587599C5AB0507C43A0B6D4 ] exfat C:\WINDOWS\system32\drivers\exfat.sys
14:01:12.0502 0x17f8 exfat - ok
14:01:12.0534 0x17f8 [ 7C4E0D5900B2A1D11EDD626D6DDB937B, 732F310F8F6016C56F432A81636B13CE0124A802FE8DD91287B618EED22C9A1D ] fastfat C:\WINDOWS\system32\drivers\fastfat.sys
14:01:12.0596 0x17f8 fastfat - ok
14:01:12.0690 0x17f8 [ 304B6AEC4639A7CCCCF544C6BA6177B2, B75CDD52FD3890B3008E06C503945D1E36478F0EC5E067C8DBC2822D7935D24B ] Fax C:\WINDOWS\system32\fxssvc.exe
14:01:12.0815 0x17f8 Fax - ok
14:01:12.0846 0x17f8 [ 5D8402613E778B3BD45E687A8372710B, EE9EA10805168D309A609B9019AEC5961EE46D18207B5E0EA2DE4064A5770AF8 ] fdc C:\WINDOWS\System32\drivers\fdc.sys
14:01:12.0877 0x17f8 fdc - ok
14:01:12.0909 0x17f8 [ 020D2F29009F893ADEFF4405B4B44565, 9F8501064C72933D1442DA00E70392B30D0207EB7D60F50E6648FF363799E6F1 ] fdPHost C:\WINDOWS\system32\fdPHost.dll
14:01:12.0956 0x17f8 fdPHost - ok
14:01:12.0971 0x17f8 [ E80D2EDD2F88B6E20076A0A4F5A5A245, E3CD6E0BE152B22E8A7340EFFD10CCDB1B632CD3EDF487E83F697D2E22A7D594 ] FDResPub C:\WINDOWS\system32\fdrespub.dll
14:01:13.0002 0x17f8 FDResPub - ok
14:01:13.0034 0x17f8 [ 47AB7D16EDE434B934AA4D661456C2D5, D375A92FB3E4BB0A8DA5270DACC888E53FB9F514516039FE6DAE4D4EF6B9A970 ] fhsvc C:\WINDOWS\system32\fhsvc.dll
14:01:13.0112 0x17f8 fhsvc - ok
14:01:13.0159 0x17f8 [ BCFD8B149B3ADF92D0DB1E909CAF0265, 002B085C131473642450176B4B8359F3E5B04350AFB659B9C0F9EB587D1181E7 ] FileInfo C:\WINDOWS\system32\drivers\fileinfo.sys
14:01:13.0190 0x17f8 FileInfo - ok
14:01:13.0221 0x17f8 [ A1A66C4FDAFD6B0289523232AFB7D8AF, 0F5832F626BB62190D5F3A088CE6E048D8A400CCF9EA527F06973CAD96D3A81C ] Filetrace C:\WINDOWS\system32\drivers\filetrace.sys
14:01:13.0284 0x17f8 Filetrace - ok
14:01:13.0362 0x17f8 [ BB0667B0171B632B97EA759515476F07, 07A123B2182D5813D2898928C231638353CF086606E9D5A5AF4A2A73E17CEC27 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
14:01:13.0440 0x17f8 FLEXnet Licensing Service - ok
14:01:13.0471 0x17f8 [ BE743083CF7063C486A4398E3AEFE59A, 85796D89943DD6FE3932C1ED6CF01470C1B4DFD243C390B07055FFDA3C231551 ] flpydisk C:\WINDOWS\System32\drivers\flpydisk.sys
14:01:13.0518 0x17f8 flpydisk - ok
14:01:13.0581 0x17f8 [ C1FB505A73FA2E9019D32444AB33B75A, 765F0635C18295855CA4C0394192E8B94BA2EA1C4D74F86B720358ABA019FFAA ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
14:01:13.0674 0x17f8 FltMgr - ok
14:01:13.0799 0x17f8 [ 2F225BC85B84C04EA01BAB8D8DACFA83, 1F6E20C8F0FFD3FA60BDF556FB8392FE014E6519C3F314D1D22D394DB2A040CA ] FontCache C:\WINDOWS\system32\FntCache.dll
14:01:13.0971 0x17f8 FontCache - ok
14:01:14.0081 0x17f8 [ 1C52387BF5A127F5F3BFB31288F30D93, 90D13F60170CD74304F3036A90D596AA3E1E134455A780310BDF67AC7815F2E7 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:01:14.0112 0x17f8 FontCache3.0.0.0 - ok
14:01:14.0131 0x17f8 [ A7C31B168F371E8E6796219F23E354DB, C51C9BF568F1E96CBBE57D2432B38F93F40520086DDB6AAAAC48CBCD1691B441 ] FsDepends C:\WINDOWS\system32\drivers\FsDepends.sys
14:01:14.0162 0x17f8 FsDepends - ok
14:01:14.0193 0x17f8 [ 09F460AFEDCA03F3BF6E07D1CCC9AC42, B832091BC9B2C2FE38A4BCA132ABB58251E851F21EC6F39636E73777AB9A5791 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:01:14.0225 0x17f8 Fs_Rec - ok
14:01:14.0271 0x17f8 [ F152D55E497E12256290C43B31C7D0CE, FFC54B14CCFBC1548948C07FB3866E40A11D0C05AC352BD000E71CEF053F6A6E ] fvevol C:\WINDOWS\system32\DRIVERS\fvevol.sys
14:01:14.0350 0x17f8 fvevol - ok
14:01:14.0396 0x17f8 [ 9591D0B9351ED489EAFD9D1CE52A8015, AC64C236C3AE545FCE8ED44A4A87FB86265A453BA60026EC9A4DE2B631E99996 ] FxPPM C:\WINDOWS\System32\drivers\fxppm.sys
14:01:14.0428 0x17f8 FxPPM - ok
14:01:14.0443 0x17f8 [ FC3EF65EE20D39F8749C2218DBA681CA, 12980F1DE99B25E6920A33556F3ABDA5EC9BFE4757BE602130B5E939D8D25CE3 ] gagp30kx C:\WINDOWS\system32\drivers\gagp30kx.sys
14:01:14.0490 0x17f8 gagp30kx - ok
14:01:14.0521 0x17f8 [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
14:01:14.0537 0x17f8 GEARAspiWDM - ok
14:01:14.0568 0x17f8 [ 0BF5CAD281E25F1418E5B8875DC5ADD1, 0929AD8437DD78234553D8B2CDF0D6838FD54ACDE1918AFEBE48684EB32A07A3 ] gencounter C:\WINDOWS\System32\drivers\vmgencounter.sys
14:01:14.0631 0x17f8 gencounter - ok
14:01:14.0662 0x17f8 [ 8DF1254093B5C354CE725EB6B9B0DE19, DE6C5661CC076DA44B8A5D044FDB7280EDCF38D322A98C14FDC82E25586B3014 ] GPIOClx0101 C:\WINDOWS\system32\Drivers\msgpioclx.sys
14:01:14.0693 0x17f8 GPIOClx0101 - ok
14:01:14.0818 0x17f8 [ 0D03F87D4FF4ADBAF8336DD80548155A, BC10CFA88EA2F41A8D96CB810B7953A4C168B79273A3E804A9F020F49AB58CD3 ] gpsvc C:\WINDOWS\System32\gpsvc.dll
14:01:14.0990 0x17f8 gpsvc - ok
14:01:15.0021 0x17f8 [ D4B7ED39C7900384D9E5C1283F1E7926, F93F98858067B40F1C071EAD0F8E85442A78B95342BC692AF4D726540634923F ] HDAudBus C:\WINDOWS\System32\drivers\HDAudBus.sys
14:01:15.0100 0x17f8 HDAudBus - ok
14:01:15.0115 0x17f8 [ 10A70BC1871CD955D85CD88372724906, 2480A74854D0A89FF028EE9BA41224D4B2F9B0863066BFC43097920794FEE08D ] HidBatt C:\WINDOWS\System32\drivers\HidBatt.sys
14:01:15.0162 0x17f8 HidBatt - ok
14:01:15.0209 0x17f8 [ 42F88B57CAE42FC10059C887B3FCFCEA, 9363AA2B8E839A6935A7C6A36C491938DF78024886DCCE6D29CB18E1D6A6D806 ] HidBth C:\WINDOWS\System32\drivers\hidbth.sys
14:01:15.0271 0x17f8 HidBth - ok
14:01:15.0303 0x17f8 [ C241A8BAFBBFC90176EA0F5240EACC17, 571E20B87818618BE9179986177D55739A240F04D1F740B3C1B7809B9427B767 ] hidi2c C:\WINDOWS\System32\drivers\hidi2c.sys
14:01:15.0350 0x17f8 hidi2c - ok
14:01:15.0381 0x17f8 [ 9BDDEE26255421017E161CCB9D5EDA95, B766FD5E31708F29384F69418FC33C4BCC6E3064AA553D5B1D30EE0B8B1BFB40 ] HidIr C:\WINDOWS\System32\drivers\hidir.sys
14:01:15.0428 0x17f8 HidIr - ok
14:01:15.0475 0x17f8 [ EA85B5093DF7B5C3E80362B053740AE2, 1D4251385402A2ADEE8FA1642F54180304F88337DA74989BDE44025ABB145FE5 ] hidserv C:\WINDOWS\system32\hidserv.dll
14:01:15.0521 0x17f8 hidserv - ok
14:01:15.0553 0x17f8 [ 8DB8EAB9D0C6A5DF0BDCADEA239220B4, EDA23E6909EB83E5E148816DFB16CC29EA01BD6BD2F73AA46B3D820B85FB9C83 ] HidUsb C:\WINDOWS\System32\drivers\hidusb.sys
14:01:15.0631 0x17f8 HidUsb - ok
14:01:15.0662 0x17f8 [ 93C4315F47F8D635C6DB0DF49FCE10EE, 70C52B8927D54ACD23F27948780B522974250FD5CD81AA9801C3F158C402889F ] hkmsvc C:\WINDOWS\system32\kmsvc.dll
14:01:15.0709 0x17f8 hkmsvc - ok
14:01:15.0756 0x17f8 [ AC49522ED106BD4B545D6614D71C2445, 40BD738A301170378ECFC031635EB04E2F812B676376CADDD6607ECABEC9255F ] HomeGroupListener C:\WINDOWS\system32\ListSvc.dll
14:01:15.0865 0x17f8 HomeGroupListener - ok
14:01:15.0928 0x17f8 [ 99932E30CE0283B73BB6E5019E150394, 1F88C2F56A7B8E1F75E6359281F418F9661DA4FB7B7D7B14FA7F718B15D4DCE0 ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll
14:01:16.0022 0x17f8 HomeGroupProvider - ok
14:01:16.0053 0x17f8 [ A6AACEA4C785789BDA5912AD1FEDA80D, D197012A5DA6AB3F76FF298336DF0CF027C07ECC71267BAEF5912DE12893E096 ] HpSAMD C:\WINDOWS\system32\drivers\HpSAMD.sys
14:01:16.0100 0x17f8 HpSAMD - ok
14:01:16.0209 0x17f8 [ E87A6D3B8FECD5B93BC0CFBB48C27970, 55C49B6F3822450447C082B40A263F3370694DB53AD0018ADEB911E4A9F65A88 ] HTTP C:\WINDOWS\system32\drivers\HTTP.sys
14:01:16.0334 0x17f8 HTTP - ok
14:01:16.0397 0x17f8 [ 6E05228393CD614B983568EC40C262C3, CEB1CFDD346534F01A52D2E7004B0220692FC67CAD874FE04740ECDA2F92767D ] hwdatacard C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
14:01:16.0412 0x17f8 hwdatacard - detected UnsignedFile.Multi.Generic ( 1 )
14:01:18.0897 0x17f8 Detect skipped due to KSN trusted
14:01:18.0897 0x17f8 hwdatacard - ok
14:01:18.0928 0x17f8 [ 90656C0B3864804B090434EFC582404F, BDB60050B729AACB9E009AC7129BEBD6298BBD8A9DB14B817D02E8E13669BD6E ] hwpolicy C:\WINDOWS\system32\drivers\hwpolicy.sys
14:01:18.0959 0x17f8 hwpolicy - ok
14:01:19.0006 0x17f8 [ 6D6F9E3BF0484967E52F7E846BFF1CA1, C982966BDE6A3E6773D9441ADA7A3B08D13511DFC68D04DF303248B942423F38 ] hyperkbd C:\WINDOWS\System32\drivers\hyperkbd.sys
14:01:19.0053 0x17f8 hyperkbd - ok
14:01:19.0069 0x17f8 [ 907C870F8C31F8DDD6F090857B46AB25, 308664A31717383D06185875E76C6612407A9F04E7DB28404F574A5706C6715D ] HyperVideo C:\WINDOWS\system32\DRIVERS\HyperVideo.sys
14:01:19.0116 0x17f8 HyperVideo - ok
14:01:19.0178 0x17f8 [ 49EE0AE9E5B64FFBBD06D55C4984B598, 8866627F9241B24A59C81D8BCC67A4DCA87576F589599BA291D0E323F679EB4D ] i8042prt C:\WINDOWS\System32\drivers\i8042prt.sys
14:01:19.0241 0x17f8 i8042prt - ok
14:01:19.0288 0x17f8 [ 5D90E32E36CE5D4C535D17CE08AEAF05, 976A463343E8C8308AFBE9E64DF56C430D2241DE002430D00318AB065EB72E4A ] iaLPSSi_GPIO C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys
14:01:19.0303 0x17f8 iaLPSSi_GPIO - ok
14:01:19.0334 0x17f8 [ DD05E7E80F52ADE9AEB292819920F32C, E71AB6A50B0F90C8F94569CE89F66F915A0A4A00D4AC091B2E5E750D88CFC334 ] iaLPSSi_I2C C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys
14:01:19.0366 0x17f8 iaLPSSi_I2C - ok
14:01:19.0444 0x17f8 [ 0FE66A51D81A25AACEAAE4C26308121D, C5553F7ABA74A8EB71A4ED0E8F2A6AA2892F871D164F2D4FADB035BE7D1A8C44 ] iaStorA C:\WINDOWS\system32\drivers\iaStorA.sys
14:01:19.0522 0x17f8 iaStorA - ok
14:01:19.0584 0x17f8 [ 08BFE413B0B4AA8DFA4B5684CE06D3DC, 95DEEBB203E12EE6E191F5247A74C04AEC0E16DE981FADDC4D6C42EE41D8D079 ] iaStorAV C:\WINDOWS\system32\drivers\iaStorAV.sys
14:01:19.0663 0x17f8 iaStorAV - ok
14:01:19.0725 0x17f8 [ A2200C3033FA4EF249FC096A7A7D02A2, 5819F5C2020DE2EEE339B0C08CD4B1E3490EAFBBEA1277CE649DB5A5150986B0 ] iaStorV C:\WINDOWS\system32\drivers\iaStorV.sys
14:01:19.0803 0x17f8 iaStorV - ok
14:01:19.0975 0x17f8 [ 743E15B12449F1C5CCC6EE8A17465CAF, 1402280D5E5A3269F6ADF9F6AEDEEE7DE3D67F32EFBFA3671DACE0DE890065EA ] IDSVia64 C:\Program Files (x86)\Norton Security\NortonData\22.5.0.124\Definitions\IPSDefs\20160510.005\IDSvia64.sys
14:01:20.0100 0x17f8 IDSVia64 - ok
14:01:20.0116 0x17f8 IEEtwCollectorService - ok
14:01:20.0494 0x17f8 [ 79AE3CC82CA1563A4B392207997ACE7C, A1E4A1DA95CA2FA197EF5975657822F0F813F6C33DA38E1FA5A840194034D071 ] igfx C:\WINDOWS\system32\DRIVERS\igdkmd64.sys
14:01:21.0057 0x17f8 igfx - ok
14:01:21.0182 0x17f8 [ 2530D33CE2F5F30D08A039EC33E91F17, DE1669A9F67C9CA3EEF6D0D0A56167318E4DB50965D87BF94A2795A21EBEE979 ] IKEEXT C:\WINDOWS\System32\ikeext.dll
14:01:21.0323 0x17f8 IKEEXT - ok
14:01:21.0651 0x17f8 [ 9CC645EB9697AA4F2D5A39835C80A0A2, 39861B19E9BF17F5250D571996167A178606150B62C876529D3699817FDDC42A ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHD64.sys
14:01:21.0995 0x17f8 IntcAzAudAddService - ok
14:01:22.0073 0x17f8 [ F5495B38BFB9149925F54F65AB40EFBF, 7CBB72C41E2343DACBFB967A39CA04788561EDECB289C41BC2D6A06B80882AC4 ] IntcDAud C:\WINDOWS\system32\DRIVERS\IntcDAud.sys
14:01:22.0166 0x17f8 IntcDAud - ok
14:01:22.0276 0x17f8 [ C99F8E90DE4B8F0C7FE15BB1CBCD29DC, F791EE101EEF8B9F48102B6C63A89B78F7C0041C750C4F4C0D16D54B583B7B5C ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
14:01:22.0338 0x17f8 Intel(R) Capability Licensing Service Interface - ok
14:01:22.0370 0x17f8 [ 4E448FCFFD00E8D657CD9E48D3E47157, 4A958CF0BF8DAEAE5E008500BA67CE89B21388592811274331EE39CAC1043A00 ] intelide C:\WINDOWS\system32\drivers\intelide.sys
14:01:22.0401 0x17f8 intelide - ok
14:01:22.0432 0x17f8 [ 7AA01AB1C110916825E6E1389F1B9AF2, E2885955AFA0908E194B1BC364C9582249B2B2AFFF93F17F3414F55B1E5F2C42 ] intelpep C:\WINDOWS\system32\drivers\intelpep.sys
14:01:22.0463 0x17f8 intelpep - ok
14:01:22.0495 0x17f8 [ 47E74A8E53C7C24DCE38311E1451C1D9, 79B06E37A552C8A847404D4C572CDB8CF525354D8AE3BEBC06892B7C3B330761 ] intelppm C:\WINDOWS\System32\drivers\intelppm.sys
14:01:22.0541 0x17f8 intelppm - ok
14:01:22.0573 0x17f8 [ 9DB76D7F9E4E53EFE5DD8C53DE837514, 07BA4EDA9BE9139A689A2C3EFC1D1A4F3D1216625ED145F313398292A2CD5703 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:01:22.0635 0x17f8 IpFilterDriver - ok
14:01:22.0745 0x17f8 [ A5800036E4EA06697A34742A24ACFBE1, BA67060526E9213000B4206F86A74F904999AD7018EFCBE4FE9708650DA9D973 ] iphlpsvc C:\WINDOWS\System32\iphlpsvc.dll
14:01:22.0870 0x17f8 iphlpsvc - ok
14:01:22.0917 0x17f8 [ C800DCD904016B2BF6AB541083770A3A, 95A8FB9AB2818A4F44AFCBF2715B0B3024DCE38E1406EA639F2A5ECA105D2290 ] IPMIDRV C:\WINDOWS\System32\drivers\IPMIDrv.sys
14:01:22.0995 0x17f8 IPMIDRV - ok
14:01:23.0026 0x17f8 [ B7342B3C58E91107F6E946A93D9D4EFD, D5DA3C02C5C5A343785745EF6983CC9B5FBD3FB8D49FE9B450523E50212D1A32 ] IPNAT C:\WINDOWS\system32\drivers\ipnat.sys
14:01:23.0073 0x17f8 IPNAT - ok
14:01:23.0152 0x17f8 [ 043A93A498B3C4A88CACA3BCBC9B54C7, C08C5A03940806C6CB75ADDCBE6183145AD2AFE84D77BC85E620E7C1542F0893 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
14:01:23.0240 0x17f8 iPod Service - ok
14:01:23.0261 0x17f8 [ AE44C526AB5F8A487D941CEB57B10C97, A783A2EAF7A6FF450FB3F189A5930036FA60D125C42171AC44B6FE2E3DBD6F7A ] IRENUM C:\WINDOWS\system32\drivers\irenum.sys
14:01:23.0301 0x17f8 IRENUM - ok
14:01:23.0348 0x17f8 [ 8AFEEA3955AA43616A60F133B1D25F21, E99359A4F1D653790133F145CF7C9F97399FD75C5E135AA7E5F989BB660789AF ] isapnp C:\WINDOWS\system32\drivers\isapnp.sys
14:01:23.0379 0x17f8 isapnp - ok
14:01:23.0426 0x17f8 [ D90AB68D0FAC9F357F663670FDBB511E, A82AAA5DF1B38EFBDCF834535A0C520D1BB2D7A4A906C18CFDD22BCF16BDB97D ] iScsiPrt C:\WINDOWS\System32\drivers\msiscsi.sys
14:01:23.0488 0x17f8 iScsiPrt - ok
14:01:23.0567 0x17f8 [ 3C4002D339491AF73D663FFC7F6E5ECB, 0B53047989BDB781572253BC3AA757912FE54366870C1955E687972CE210C285 ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
14:01:23.0598 0x17f8 jhi_service - ok
14:01:23.0676 0x17f8 [ 45369E037410609D769852A1CE46A184, 752BE7BB167E602CD89D52E3A4382AF7C75033306E31884EC55872EF7A0A3EE2 ] k57nd60a C:\WINDOWS\system32\DRIVERS\k57nd60a.sys
14:01:23.0770 0x17f8 k57nd60a - ok
14:01:23.0817 0x17f8 [ 5917AFE4A3F695A54B99C1849C8207FE, DD57638966F2F0387DCF9DA4BBAEE3CDD8CC6F1A2D49581A0374D46A565BED4F ] kbdclass C:\WINDOWS\System32\drivers\kbdclass.sys
14:01:23.0848 0x17f8 kbdclass - ok
14:01:23.0895 0x17f8 [ 8CD840A062F6BDF41DDE3ACB96164B72, AEAE867F3557C1CE6B931E19D7144A3BD3CBABD81B1542667680D54FC24DEBE1 ] kbdhid C:\WINDOWS\System32\drivers\kbdhid.sys
14:01:23.0926 0x17f8 kbdhid - ok
14:01:23.0973 0x17f8 [ 813871C7D402A05F2E3A7075F9584A05, FF0C2F87EB083F8CE74C679D80C845CDFBFBBC70BE818F899F3336BBB54A3FFB ] kdnic C:\WINDOWS\system32\DRIVERS\kdnic.sys
14:01:24.0035 0x17f8 kdnic - ok
14:01:24.0067 0x17f8 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] KeyIso C:\WINDOWS\system32\lsass.exe
14:01:24.0098 0x17f8 KeyIso - ok
14:01:24.0129 0x17f8 [ 4E829B18D5BAEC29893792A3C671A847, 64C3B99F53A9D1ACA802B46B09E820AD210B667D5A1CD0ADAF1F12944B15B52E ] KSecDD C:\WINDOWS\system32\Drivers\ksecdd.sys
14:01:24.0176 0x17f8 KSecDD - ok
14:01:24.0207 0x17f8 [ A950AB512ED2BD847789FAAD3E967AFA, 005340965B30C5A14E4E081E2CDF7214D2C00BAF05C62DA9ED63EA3026E70C8A ] KSecPkg C:\WINDOWS\system32\Drivers\ksecpkg.sys
14:01:24.0254 0x17f8 KSecPkg - ok
14:01:24.0285 0x17f8 [ 11AFB527AA370B1DAFD5C36F35F6D45F, 757AD234284467ADB826F7CA0251F58D48866B91995BC867DEA4BAF676947163 ] ksthunk C:\WINDOWS\system32\drivers\ksthunk.sys
14:01:24.0317 0x17f8 ksthunk - ok
14:01:24.0379 0x17f8 [ C1591A66028C71147A3E2EAB0B1CCB7E, 82F3D5DCC1614398A144D9791E4BAA814DBA9112677341FD57D5E9834CEDEB41 ] KtmRm C:\WINDOWS\system32\msdtckrm.dll
14:01:24.0473 0x17f8 KtmRm - ok
14:01:24.0551 0x17f8 [ CA2828DDE4B09FEFFDB7CE68B3D8D00A, B514792FF1EF36C678BB51644A1C420105D5E2CD6DD5A89A3FB252D08277A40C ] LanmanServer C:\WINDOWS\system32\srvsvc.dll
14:01:24.0645 0x17f8 LanmanServer - ok
14:01:24.0676 0x17f8 [ 3DBD9100745F9B8506B8FEC6FE6CCDE3, C3EF2856A1680AFDE133887E48946CF9CAB6755C3BDC07F0326965DCD4096F62 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
14:01:24.0785 0x17f8 LanmanWorkstation - ok
14:01:24.0864 0x17f8 [ 8B9F3796EC1762CF255BDB324E5529C8, F73D6BEF19BE20AEB18DA82CB63E9D8B50ACBBE4ED9B646EF0C9F598F6B81F94 ] lfsvc C:\WINDOWS\System32\GeofenceMonitorService.dll
14:01:24.0957 0x17f8 lfsvc - ok
14:01:25.0004 0x17f8 [ C09010B3680860131631F53E8FE7BAD8, 35F2A06D5F29478D22ABDCC20DA893EF9D96504C65594A0CEA674D1C21B04FF8 ] lltdio C:\WINDOWS\system32\DRIVERS\lltdio.sys
14:01:25.0067 0x17f8 lltdio - ok
14:01:25.0114 0x17f8 [ DAE98CC96C5EE308BF4EA7B18F226CB8, 7A6CC56BF075010707715AB6608764291E358EDF27C806A025532869004C686B ] lltdsvc C:\WINDOWS\System32\lltdsvc.dll
14:01:25.0208 0x17f8 lltdsvc - ok
14:01:25.0239 0x17f8 [ 1E2662D847B7D9995C65D90D254A7E0F, AFD4063D2071FFCB6B0EAC0715276D986F42326919C86E525DCE12E1109A93E2 ] lmhosts C:\WINDOWS\System32\lmhsvc.dll
14:01:25.0286 0x17f8 lmhosts - ok
14:01:25.0333 0x17f8 [ 4269D44BB47A6DA5D80B11F4C8536458, 7A8FFC8F851DD9E5C43986BE0888831CB71D188138DF3CF7F787DADDA70915B0 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
14:01:25.0380 0x17f8 LMS - ok
14:01:25.0427 0x17f8 [ C755AE4635457AA2A11F79C0DF857ABC, E03D1ACAC155287291FE1BD0B653953ADC94279A74D0152088D698FAA796460F ] LSI_SAS C:\WINDOWS\system32\drivers\lsi_sas.sys
14:01:25.0458 0x17f8 LSI_SAS - ok
14:01:25.0489 0x17f8 [ ADAC09CBE7A2040B7F68B5E5C9A75141, 7865DA7E91404F3642BC444B97F6B7AA42B9523D5EDD7F6365DA236B8EC3410F ] LSI_SAS2 C:\WINDOWS\system32\drivers\lsi_sas2.sys
14:01:25.0536 0x17f8 LSI_SAS2 - ok
14:01:25.0552 0x17f8 [ 04D1274BB9BBCCF12BD12374002AA191, 4B9618F8D25F2278DE1610A70ACAADB074D171D162C3AF27D464F5DC800A8E60 ] LSI_SAS3 C:\WINDOWS\system32\drivers\lsi_sas3.sys
14:01:25.0583 0x17f8 LSI_SAS3 - ok
14:01:25.0614 0x17f8 [ 327469EEF3833D0C584B7E88A76AEC0C, 3D88B5A2D68F93F01B39C6E3D8D5C7A2A20686EFC756086E66AFFF1BC3019B85 ] LSI_SSS C:\WINDOWS\system32\drivers\lsi_sss.sys
14:01:25.0661 0x17f8 LSI_SSS - ok
14:01:25.0755 0x17f8 [ 9A7A7E45DAED2E8C2816716D8D28236A, C94787988826E546A8DC752BD6BE4EA7423DC3762B2D371DB297A63F865A95FF ] LSM C:\WINDOWS\System32\lsm.dll
14:01:25.0880 0x17f8 LSM - ok
14:01:25.0911 0x17f8 [ DDEE191AB32DFC22C6465002ECDF5EE4, 190C3930A8449118F9FEDF43C482837EF1C255E6D67F9651156E66A1E2BC6553 ] luafv C:\WINDOWS\system32\drivers\luafv.sys
14:01:25.0958 0x17f8 luafv - ok
14:01:26.0005 0x17f8 [ A8D28D5B3E2A528D1EF0E338E44F2820, 40D1EFDD253BC0A0D984A5AD8A2721C3E83B15F14D538204714E6D5B00D92CEB ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
14:01:26.0021 0x17f8 MBAMProtector - ok
14:01:26.0146 0x17f8 [ 83C982A395D00BAFF6515FB38424EA76, 0E1B66F84A483D47550347D4A9426B95A066DB5104C4284F606A16768A11DB0C ] MBAMService C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
14:01:26.0271 0x17f8 MBAMService - ok
14:01:26.0318 0x17f8 [ 85CFE7AB85B43B6B7AC7961AA3983A9F, 4E88B75818FD00C0ABBDF8E02EBFB550A67B46E5E13D3B3DF52611793F7DA0DD ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
14:01:26.0349 0x17f8 MBAMWebAccessControl - ok
14:01:26.0380 0x17f8 [ EB5C03A070F30D64A6DF80E53B22F53F, 12051B6AEBDEE1E28F24364F25A52BA3A6E282ECF86D6290E34BD38E6D4E066D ] megasas C:\WINDOWS\system32\drivers\megasas.sys
14:01:26.0411 0x17f8 megasas - ok
14:01:26.0489 0x17f8 [ F6F13533196DE7A582D422B0241E4363, B3CD9B08937AFFF12141B38634AF3A56F5AC5FF3EF03941802B9841DEC559469 ] megasr C:\WINDOWS\system32\drivers\megasr.sys
14:01:26.0567 0x17f8 megasr - ok
14:01:26.0614 0x17f8 [ 772A1DEEDFDBC244183B5C805D1B7D85, 7D821B8DF1F174E5414FFDEAB5207DB687740E9842F7203600AEBA086945AFC9 ] MEIx64 C:\WINDOWS\System32\drivers\HECIx64.sys
14:01:26.0646 0x17f8 MEIx64 - ok
14:01:26.0677 0x17f8 [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] MMCSS C:\WINDOWS\system32\mmcss.dll
14:01:26.0739 0x17f8 MMCSS - ok
14:01:26.0786 0x17f8 [ 8B38C44F69259987C95135C9627E2378, E698B82D4EFFF56D66C7FC9866369BA5736FDBDBE2028CC421C51E70DEA74727 ] Modem C:\WINDOWS\system32\drivers\modem.sys
14:01:26.0833 0x17f8 Modem - ok
14:01:26.0864 0x17f8 [ 601589000CC90F0DF8DA2CC254A3CCC9, D1238A386C41B6C368D9A44B7C112C943995B5403E2A5B4B7346B266DDB0C5A0 ] monitor C:\WINDOWS\System32\drivers\monitor.sys
14:01:26.0911 0x17f8 monitor - ok
14:01:26.0943 0x17f8 [ 08374E4E5B8914DE6067CBA99F61E930, CBB1390D6523FC968BEDF78FD13699488621ACB2CD1DF55D1606316090548661 ] mouclass C:\WINDOWS\System32\drivers\mouclass.sys
14:01:26.0989 0x17f8 mouclass - ok
14:01:27.0005 0x17f8 [ 5FCBAB60598AE119E02B4C27DE6B99EA, 36F30094F700DE41C293047ACB49ED1961DD927BEDAD8DFDAB7023D4D24CB0DE ] mouhid C:\WINDOWS\System32\drivers\mouhid.sys
14:01:27.0052 0x17f8 mouhid - ok
14:01:27.0114 0x17f8 [ 9A788037D768809DFD677F4BA08A224A, E0686B3318F924E440ADA439D6671D44D3FF97C13D45C2E0A3A7B9E23DA38350 ] mountmgr C:\WINDOWS\system32\drivers\mountmgr.sys
14:01:27.0146 0x17f8 mountmgr - ok
14:01:27.0193 0x17f8 [ 6FC047578785B0435F4E2660946D1ADC, 8AEA5659F01FC2F75160922C69622502DABA39F33CB90D5178DD679A1CDE617D ] mpsdrv C:\WINDOWS\system32\drivers\mpsdrv.sys
14:01:27.0240 0x17f8 mpsdrv - ok
14:01:27.0333 0x17f8 [ C18AA14126ADC66478E8E962B2DFAA98, A6F8CE9D88D590DC083253004392572C3BD02C33433CD6C0D9117D2AA7171EEC ] MpsSvc C:\WINDOWS\system32\mpssvc.dll
14:01:27.0458 0x17f8 MpsSvc - ok
14:01:27.0505 0x17f8 [ D2AC8F07995CE6CD18848C129435B481, 839B04116B49A757950E049150F6AADE41335914CC699ED73BE886BECAC39D36 ] MRxDAV C:\WINDOWS\system32\drivers\mrxdav.sys
14:01:27.0568 0x17f8 MRxDAV - ok
14:01:27.0630 0x17f8 [ 5DCD41F62F71519D2A46D41F60C69B0C, A9C2F8B8F82BDBF48F34D5837ED27CE251C75232A07AF26F7B796D2A106795A0 ] mrxsmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:01:27.0708 0x17f8 mrxsmb - ok
14:01:27.0771 0x17f8 [ D7C9BC4D37BF08C7DD436A0A5F321668, 30A5AF211BEC89E26134CDAE3E60D0D9F0AE2748F56E9D09B07431206AD381C6 ] mrxsmb10 C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys
14:01:27.0833 0x17f8 mrxsmb10 - ok
14:01:27.0865 0x17f8 [ FE219A7107C4BC3BBC35D6CDC281612C, 98CA0FECF1F7269DAED43561FA40AAC1A9456F2C2FE7C1243C628F78864D2F54 ] mrxsmb20 C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys
14:01:27.0927 0x17f8 mrxsmb20 - ok
14:01:27.0974 0x17f8 [ F3C060444777A59FC63D920719E43CCD, 8766A2746E3DFB0749E902F458141269335CA6F0CEDCA3D5F8C204637C19E783 ] MsBridge C:\WINDOWS\system32\DRIVERS\bridge.sys
14:01:28.0021 0x17f8 MsBridge - ok
14:01:28.0052 0x17f8 [ 915747E010A9414B069173284A9B93F4, 8A335C28FE1EF96DD71485877F2E86155D24B5614ACE05468F4B07E2ACD56331 ] MSDTC C:\WINDOWS\System32\msdtc.exe
14:01:28.0115 0x17f8 MSDTC - ok
14:01:28.0161 0x17f8 [ D13329FBF8345B28AB30F44CC247DC08, 9C7EC2D4D65E6510EB5B9E61BB0D14F725D7E8FE98D65161C3971E43EF1AB6EB ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
14:01:28.0208 0x17f8 Msfs - ok
14:01:28.0240 0x17f8 [ C6B474E46F9E543B875981ED3FFE6ADD, E16687E52FB649C23D92159A1F036CB662202C1E58D961EECDAA528AA4FA669A ] msgpiowin32 C:\WINDOWS\System32\drivers\msgpiowin32.sys
14:01:28.0271 0x17f8 msgpiowin32 - ok
14:01:28.0302 0x17f8 [ 65C92EB9D08DB5C69F28C7FFD4E84E31, D709BA4723225321F665B1157A33A4AE230420752308EF535DA9A41CAC164628 ] mshidkmdf C:\WINDOWS\System32\drivers\mshidkmdf.sys
14:01:28.0349 0x17f8 mshidkmdf - ok
14:01:28.0380 0x17f8 [ 52299F086AC2DAFD100DD5DC4A8614BA, B36BE0FC96798E5EB8C193C318970E3906961E3ABC3BFAAD73138C76D9A95B0B ] mshidumdf C:\WINDOWS\System32\drivers\mshidumdf.sys
14:01:28.0427 0x17f8 mshidumdf - ok
14:01:28.0443 0x17f8 [ 36D92AF3343C3A3E57FEF11C449AEA4C, ECC85AA1E530DF55B4A4545798219F87F0FCA66DDD2E37BCEF0850D3C9129DD2 ] msisadrv C:\WINDOWS\system32\drivers\msisadrv.sys
14:01:28.0474 0x17f8 msisadrv - ok
14:01:28.0536 0x17f8 [ 4EAEEBAC8CFF4E0D717DFA920BC58A90, A65CB1BB3392B6A04B978348CAC18A414560A6B04A727F22DFC0ADB20DD3AF6B ] MSiSCSI C:\WINDOWS\system32\iscsiexe.dll
14:01:28.0599 0x17f8 MSiSCSI - ok
14:01:28.0615 0x17f8 msiserver - ok
14:01:28.0646 0x17f8 [ A9BBBD2BAE6142253B9195E949AC2E8D, 599D2952D4E0B0B3E02D91E38A30F4900B1ADA330716B887B156A1CB9A3E6EE9 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:01:28.0693 0x17f8 MSKSSRV - ok
14:01:28.0724 0x17f8 [ 51B3AC0560848CD6D65AC2033E293113, 73A27E88774C6929328E6C9FC9C389F4DF76D4D4D5CBFC4F51651CC308829628 ] MsLldp C:\WINDOWS\system32\DRIVERS\mslldp.sys
14:01:28.0786 0x17f8 MsLldp - ok
14:01:28.0818 0x17f8 [ 7B2128EB875DCBC006E6A913211006D6, 97BBD7FF770741FBFC0F181A609AD0954EA926DA203B742E8F08C89AD8FE476E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:01:28.0865 0x17f8 MSPCLOCK - ok
14:01:28.0880 0x17f8 [ 1E88171579B218115C7A772F8DE04BD8, B9EAA835D0BF8F9C4DF8403D95EF1400E8AE38F28F9DBA87657DE2129FEF02D2 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
14:01:28.0927 0x17f8 MSPQM - ok
14:01:28.0990 0x17f8 [ BBE2A455053E63BECBF42C2F9B21FAE0, 7C5DF563499DF59DF9895A1581E47ADF5FD54C94ECEF6C886CDB60E5E95A6DAE ] MsRPC C:\WINDOWS\system32\drivers\MsRPC.sys
14:01:29.0068 0x17f8 MsRPC - ok
14:01:29.0099 0x17f8 [ 8D6B7D515C5CBCDB75B928A0B73C3C5E, 1EB4DC3DD21D2627C78EC3F9931D9E5D033169087E43B5D7C17BF1FF2A0028CD ] mssmbios C:\WINDOWS\System32\drivers\mssmbios.sys
14:01:29.0130 0x17f8 mssmbios - ok
14:01:29.0146 0x17f8 [ 115019AE01E0EB9C048530D2928AB4A2, 6E2275E85EACF2D0FC784792E0D72A165589D33CBAB3BCFA8E271CA09566C925 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
14:01:29.0209 0x17f8 MSTEE - ok
14:01:29.0240 0x17f8 [ 96D604A35070360F0DD4A7A8AF410B5E, F94DD1A3566C7C8D0A76D6E1E2530552A9B7F99C5DA0DE11829325EAB9F8B7ED ] MTConfig C:\WINDOWS\System32\drivers\MTConfig.sys
14:01:29.0287 0x17f8 MTConfig - ok
14:01:29.0302 0x17f8 [ 619CA29326B82372621DB2C0964D8365, 4091F08E266DB45A6E33A4A8B1CE9FA78BB294B3111526AA9E3868620F30AFDF ] Mup C:\WINDOWS\system32\Drivers\mup.sys
14:01:29.0349 0x17f8 Mup - ok
14:01:29.0381 0x17f8 [ B8C35C94DCB2DFEAF03BB42131F2F77F, F0FCF367CA8F722D6ABCF7F363CD406D890D71452E91C3FC6677B47AD74D6324 ] mvumis C:\WINDOWS\system32\drivers\mvumis.sys
14:01:29.0412 0x17f8 mvumis - ok
14:01:29.0427 0x17f8 [ C009123B206C56854F4E88596035231D, 670403A40B425F77C90ECB048A0C8BC11FB19E40A8CECC2C3DCF79175B745863 ] mwlPSDFilter C:\WINDOWS\system32\DRIVERS\mwlPSDFilter.sys
14:01:29.0459 0x17f8 mwlPSDFilter - ok
14:01:29.0474 0x17f8 [ BF3739EEB9F008B1DEBAC115089A53F8, 8546AB69087656259BBE17D6F80F4AB164B04171673CE2BF9FFD1B5C9584E9A4 ] mwlPSDNServ C:\WINDOWS\system32\DRIVERS\mwlPSDNServ.sys
14:01:29.0490 0x17f8 mwlPSDNServ - ok
14:01:29.0506 0x17f8 [ 38DD143D95E7A01B86F219DDA9C28779, 5FA8C0595CCF835DBCE1CC5322E8FD4BFB6DFB6CF869BB7CB73F919445D469AA ] mwlPSDVDisk C:\WINDOWS\system32\DRIVERS\mwlPSDVDisk.sys
14:01:29.0537 0x17f8 mwlPSDVDisk - ok
14:01:29.0646 0x17f8 [ E605F35F03C881DC46902E0E2F5985B3, C97F0C733377E35B463EF7F6A5B879DA21AB512719899160C09278615FE39A21 ] MyEpson Portal Service C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe
14:01:29.0709 0x17f8 MyEpson Portal Service - ok
14:01:29.0771 0x17f8 [ 8DF30698BDD9492A9D45A4B94FB4A82A, 26B1B2D7E785E29B8BCB74C467C66AE4EBDD481ACFF36334F3BDF4506B778244 ] napagent C:\WINDOWS\system32\qagentRT.dll
14:01:29.0881 0x17f8 napagent - ok
14:01:29.0959 0x17f8 [ 008F7CED69FD5B30CBDE1E03C6F36A27, D4ADA7834C470B17A3CD976012DC5A511B32545B9F91D23D09A85722E0B75320 ] NativeWifiP C:\WINDOWS\system32\DRIVERS\nwifi.sys
14:01:30.0068 0x17f8 NativeWifiP - ok
14:01:30.0193 0x17f8 [ FE7B38240E86075E6BC5953496B5C2F1, 13CBDCFD5E63A49D6E66D9EBA701037F014EEED9BBFE8588CE2968A35FF2E16E ] NAVENG C:\Program Files (x86)\Norton Security\NortonData\22.5.0.124\Definitions\VirusDefs\20160513.036\ENG64.SYS
14:01:30.0224 0x17f8 NAVENG - ok
14:01:30.0396 0x17f8 [ C002FA84570CA35F704ACF0AC4A5EAB0, E4246631E5D7AFD31CE642157A9102CB0DDE5B5051D08C3A5EA736CB3C99C6D9 ] NAVEX15 C:\Program Files (x86)\Norton Security\NortonData\22.5.0.124\Definitions\VirusDefs\20160513.036\EX64.SYS
14:01:30.0615 0x17f8 NAVEX15 - ok
14:01:30.0662 0x17f8 [ BFCE1225D10619029E68946929CEB64C, 499F560331FFBA82E3D673B47F027FDAB7BEE4F2CB5B811D69E0218839F6E6A5 ] NcaSvc C:\WINDOWS\System32\ncasvc.dll
14:01:30.0756 0x17f8 NcaSvc - ok
14:01:30.0787 0x17f8 [ 267C97373110B7AFD3B46DF60B6CBB85, CEBB99F71D47634BB9C04DF2836DF6B47F15B3073FEFC237F85526DF01E4E38B ] NcbService C:\WINDOWS\System32\ncbservice.dll
14:01:30.0865 0x17f8 NcbService - ok
14:01:30.0912 0x17f8 [ 0813B71EAF097208DC76CE0605B48AF0, A93A2E6A8FB77B58AC4D580E6F8BF307A25BADC9493994F9BE235EBFB0E1DB22 ] NcdAutoSetup C:\WINDOWS\System32\NcdAutoSetup.dll
14:01:30.0974 0x17f8 NcdAutoSetup - ok
14:01:31.0084 0x17f8 [ 97DC5967F65503213FD1F1B3E4A6F983, 3EC515856C7CE9B30032F963DC04190F66EE62402A819781DC45B7D088C84229 ] NDIS C:\WINDOWS\system32\drivers\ndis.sys
14:01:31.0225 0x17f8 NDIS - ok
14:01:31.0272 0x17f8 [ 8CECC8DA55F3274181FD1EA28AD76664, 188112424CEF97FB926A0FB915260B803555A775DD2E1846725A9C8616300F42 ] NdisCap C:\WINDOWS\system32\DRIVERS\ndiscap.sys
14:01:31.0334 0x17f8 NdisCap - ok
14:01:31.0365 0x17f8 [ 269882812E9A68FFF1AFE1283D428322, 50B99EBC42DA9B46A8C2C28C9BADCF58AE3079535CDD1227D0F5C86291C715FF ] NdisImPlatform C:\WINDOWS\system32\DRIVERS\NdisImPlatform.sys
14:01:31.0428 0x17f8 NdisImPlatform - ok
14:01:31.0475 0x17f8 [ DC1D9F692C2AD84C214584C28501C1F7, 96FC0D1EC48FED963E02648541A2AAC8E72ED00D797EA8E3D0ED02F5EB4816C5 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:01:31.0522 0x17f8 NdisTapi - ok
14:01:31.0553 0x17f8 [ B832B35055BA2B7B4181861FF94D8E59, 2E60E5D503E88D27E35ECFEE265D51328E93A9C7B9B931F86D9CBC947636BB00 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:01:31.0615 0x17f8 Ndisuio - ok
14:01:31.0631 0x17f8 [ 1F58E48EF75F34C35D8E93A0DC535CFE, D65619A6C4B1747F8B05DA08A44EF0E46B5CC384880E04E4755A2BA6CDB3C4EA ] NdisVirtualBus C:\WINDOWS\System32\drivers\NdisVirtualBus.sys
14:01:31.0693 0x17f8 NdisVirtualBus - ok
14:01:31.0725 0x17f8 [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:01:31.0818 0x17f8 NdisWan - ok
14:01:31.0834 0x17f8 [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWanLegacy C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:01:31.0897 0x17f8 NdisWanLegacy - ok
14:01:31.0912 0x17f8 [ 0BBE2FA30BAD58C9ADC01E4F84A3D2A1, 913AEC8A5F735C2EFDCB417E4077AB5A15457C601E6E88A1F4FA52C91E6E0BBF ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
14:01:31.0959 0x17f8 NDProxy - ok
14:01:31.0975 0x17f8 [ 3083926D1CC5B56EA0786527B557DD1B, 3C3F0CA0D43398576DBE8F677B353ADDA7E8F56829874958CE668E31261C1590 ] Ndu C:\WINDOWS\system32\drivers\Ndu.sys
14:01:32.0037 0x17f8 Ndu - ok
14:01:32.0068 0x17f8 [ 42FF4975D032CAE558AE4BB8448F6E5A, 0B8FACF3382443DED79A8004A6AA14C32471A6A1C6BAA543AA9F3FEC52620A6D ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
14:01:32.0115 0x17f8 NetBIOS - ok
14:01:32.0147 0x17f8 [ 0217532E19A748F0E5D569307363D5FD, C40C2E7AFA276057E7327A7BB173122689D6CEC9AE443C3850C3F94AF03DFBF5 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
14:01:32.0225 0x17f8 NetBT - ok
14:01:32.0256 0x17f8 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] Netlogon C:\WINDOWS\system32\lsass.exe
14:01:32.0287 0x17f8 Netlogon - ok
14:01:32.0350 0x17f8 [ 8F074B62E66B6117D9598C62A12069C5, 5FDB19045D3E2F6D0F0C5158AC2ECB0D5404CD2AF7A319755D7E3753CA3B7CF3 ] Netman C:\WINDOWS\System32\netman.dll
14:01:32.0428 0x17f8 Netman - ok
14:01:32.0506 0x17f8 [ 4A04B1CD5BFB4A978C5F60E86D6C3E45, A946922C1C38ADD3CF9D3B09DDCC301AE4DAC960A081B2F42B32BE1E7095B3FD ] netprofm C:\WINDOWS\System32\netprofmsvc.dll
14:01:32.0600 0x17f8 netprofm - ok
14:01:32.0693 0x17f8 [ 1092B3190E69E0C5ECBCE90F171DE047, C16106EEFC324EE80E5F659CB71A5DD69FA800D36D829F5B0E6AD3393BD1BAF7 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:01:32.0740 0x17f8 NetTcpPortSharing - ok
14:01:32.0787 0x17f8 [ D4DCE03870314D3354F3501F9DDD4123, 5BFE8299B3F72B8C39A4965365CBF5BA151024451F02DD872FAD1CC35CF94CEA ] netvsc C:\WINDOWS\System32\drivers\netvsc63.sys
14:01:32.0850 0x17f8 netvsc - ok
14:01:32.0912 0x17f8 [ E94EB2A95D7D016E119C4D6868788831, 3E4A925D23262FBA0A6432DD635FBE94B0CEF76BD9BB323254B66977497FEE2A ] NlaSvc C:\WINDOWS\System32\nlasvc.dll
14:01:33.0006 0x17f8 NlaSvc - ok
14:01:33.0022 0x17f8 [ 8F44A2F57C9F1A19AC9C6288C10FB351, 310274DDBAC0FE4BE54ECD3B90C97D82A0F9F5CFCA7A35711A36164DE4B94074 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
14:01:33.0084 0x17f8 Npfs - ok
14:01:33.0131 0x17f8 [ CBDB4F0871C88DF930FC0E8588CA67FC, 7E4AA3EA81A9D532F236FD7896744F07ED07CA9B37A9F18A9778BCCCC67490F2 ] npsvctrig C:\WINDOWS\System32\drivers\npsvctrig.sys
14:01:33.0163 0x17f8 npsvctrig - ok
14:01:33.0288 0x17f8 [ 277AA7EB724E9D50908778FF3ECC70AA, 01A03D2F1C538BBDD8BC454E529814FDB3C07DEE273B2C2CB774A18C06725572 ] NS C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\NS.exe
14:01:33.0334 0x17f8 NS - ok
14:01:33.0366 0x17f8 [ 0F12A72A753CFD7FB0631EE8D08FE983, 860A96471F6CD90DDA9AB3A48E95CEAD826C87D2FA98A00EF91B61C44A4C8B82 ] nsi C:\WINDOWS\system32\nsisvc.dll
14:01:33.0444 0x17f8 nsi - ok
14:01:33.0475 0x17f8 [ 0E046FF5823B95326D10CF1B4AF23541, 39D22715003746527AB4BFEDED8C34B695DAF589091AE7F3A2A2C4B8A35675A9 ] nsiproxy C:\WINDOWS\system32\drivers\nsiproxy.sys
14:01:33.0522 0x17f8 nsiproxy - ok
14:01:33.0694 0x17f8 [ 9980B262DBE439AE6BDC91AA985F19EE, E998E4CAE9CD103ADA9CA3C737C4DAD017D056828BFA42A41C7B4E4E108FB13C ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
14:01:33.0928 0x17f8 Ntfs - ok
14:01:34.0006 0x17f8 [ FF472A7055E765498AE52564B1503C3F, 89A6E603238F854AA20F9E8EA4A4D4E281B95ED941A087B7E48FE961D1052CBA ] NTI IScheduleSvc C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
14:01:34.0053 0x17f8 NTI IScheduleSvc - ok
14:01:34.0084 0x17f8 [ 710263B44C1D1AEE07525A53401FBE48, 9E30D956099F42A7F8125664E671AEE49A6EDE0C2B717EC9B4488556A386FA21 ] NTIDrvr C:\Windows\system32\drivers\NTIDrvr.sys
14:01:34.0100 0x17f8 NTIDrvr - ok
14:01:34.0131 0x17f8 [ EF1B290FC9F0E47CC0B537292BEE5904, DBC07BBC54EBC2D2E576B23A4CE116B3DA988577AD0D96CB7289A6748A60F9EA ] Null C:\WINDOWS\system32\drivers\Null.sys
14:01:34.0178 0x17f8 Null - ok
14:01:34.0209 0x17f8 [ BC6B5942AFF25EBAF62DE43C3807EDF8, CB0FA194084B8C309039D571B5760FDA800E9531B8660C499B4F9977BA5C36D5 ] nvraid C:\WINDOWS\system32\drivers\nvraid.sys
14:01:34.0256 0x17f8 nvraid - ok
14:01:34.0288 0x17f8 [ 1F43ABFFAC3D6CA356851D517392966E, 6FD7621F67BA94B0E1D8F43BEC2951DBCDEEA1E848BB265AC169E27C01DA68F2 ] nvstor C:\WINDOWS\system32\drivers\nvstor.sys
14:01:34.0334 0x17f8 nvstor - ok
14:01:34.0366 0x17f8 [ 6934A936A7369DFE37B7DBA93F5E5E49, 0900FEEB0CE8D09F0FC60630B5B986034A8BCD3882ED66E47170810C32492892 ] nv_agp C:\WINDOWS\system32\drivers\nv_agp.sys
14:01:34.0413 0x17f8 nv_agp - ok
14:01:34.0475 0x17f8 [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] p2pimsvc C:\WINDOWS\system32\pnrpsvc.dll
14:01:34.0584 0x17f8 p2pimsvc - ok
14:01:34.0631 0x17f8 [ FD8F61F0D1F64BBB3D835F39A3F979C9, E5C5F86576488EA7F605E26C06EE5AFB36506A446F60C894D55E0A148BF7F02D ] p2psvc C:\WINDOWS\system32\p2psvc.dll
14:01:34.0756 0x17f8 p2psvc - ok
14:01:34.0803 0x17f8 [ 764B1121867B2D9B31C491668AC72B2B, 32C04B6FCE1DDD09697B81473A23BDCED8BEEFBCD0D2D58DDC9A11A33C756967 ] Parport C:\WINDOWS\System32\drivers\parport.sys
14:01:34.0850 0x17f8 Parport - ok
14:01:34.0866 0x17f8 [ BAFF6122CFC9F95CA175AD8C348179A4, 079A912D951DF6A57BC1BDB0D182977EE9592751EC9DDCDA2932BDEDB333850C ] partmgr C:\WINDOWS\system32\drivers\partmgr.sys
14:01:34.0913 0x17f8 partmgr - ok
14:01:34.0944 0x17f8 [ ABE95ABE27A8BD9701782BBCD82C9925, AE3BA1E9ECDE692374D8DAC95A8DAA289DD2470E3D8D58EFAD9F83A37F3AC8E5 ] PcaSvc C:\WINDOWS\System32\pcasvc.dll
14:01:35.0038 0x17f8 PcaSvc - ok
14:01:35.0084 0x17f8 [ 91ED124E261EA8FAA1C0FFDF2A71B0C4, 20E41A38067395D03184938983A9BE459717A1941352972DBC28D83D542319EC ] pci C:\WINDOWS\system32\drivers\pci.sys
14:01:35.0147 0x17f8 pci - ok
14:01:35.0178 0x17f8 [ 346E38FCC6859A727DD28AFAD1F0AFF4, FF3DA26F79B3BC3A5B8A8AA0B9139B9EF70297F4EA1203B1E68FB5A212C3AA58 ] pciide C:\WINDOWS\system32\drivers\pciide.sys
14:01:35.0209 0x17f8 pciide - ok
14:01:35.0241 0x17f8 [ 4D3BDCC1C7B40C9D7B6AD990E6DEC397, 27A7AF2127B699F4579CB77936F38DC102211E26E5E2947DB808756FE06FC98E ] pcmcia C:\WINDOWS\system32\drivers\pcmcia.sys
14:01:35.0272 0x17f8 pcmcia - ok
14:01:35.0288 0x17f8 [ BF28771D1436C88BE1D297D3098B0F7D, 5F7630916A76A8CF31289E9C577F522B999C74C39E541CD40E62BD53004BEF74 ] pcw C:\WINDOWS\system32\drivers\pcw.sys
14:01:35.0334 0x17f8 pcw - ok
14:01:35.0366 0x17f8 [ ED54A75050211DC77F9B98C41E026858, F92FB59ADE88469EAA50E91D43165C68CC32FDE11595A0069FD43103A674FE44 ] pdc C:\WINDOWS\system32\drivers\pdc.sys
14:01:35.0397 0x17f8 pdc - ok
14:01:35.0631 0x17f8 [ DFEF059EBBDC137DD242326EB67770C7, FEA245E7316A0567D4A0930F96C502BCB37350C80742F3FFEA668512EC5B9225 ] PDF Architect 4 C:\Program Files\PDF Architect 4\ws.exe
14:01:35.0850 0x17f8 PDF Architect 4 - ok
14:01:35.0928 0x17f8 [ 82AA78BB5365D76F5D9EF4A978BFEF5A, C5A99C748E1E43134CEADEF89CD439E411465242741241B38BA99032710D84A7 ] PDF Architect 4 CrashHandler C:\Program Files\PDF Architect 4\crash-handler-ws.exe
14:01:36.0038 0x17f8 PDF Architect 4 CrashHandler - ok
14:01:36.0116 0x17f8 [ 462724DA4AD38C159F8AFDB8F6A55BE2, 189F5C1B470DF6EAF9E02A8E294FA3B33DBCAD36695C6C17747B1D56FE8FC78D ] PDF Architect 4 Creator C:\Program Files\PDF Architect 4\creator-ws.exe
14:01:36.0194 0x17f8 PDF Architect 4 Creator - ok
14:01:36.0335 0x17f8 [ 08DAD53D89403158FC493FABAE217773, 833BF76818B984FE26A87A8DB75BA15A1143C9FCC0BBB5A8708656C7C09D6A28 ] PDF Architect 4 Manager C:\ProgramData\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe
14:01:36.0428 0x17f8 PDF Architect 4 Manager - ok
14:01:36.0506 0x17f8 [ 0ECEE590F2E2EF969FB74A6FC583A1E6, 1C611D9225C863CF32125F684B324C58BDE1942F4F283F5674133200AC505D44 ] PEAUTH C:\WINDOWS\system32\drivers\peauth.sys
14:01:36.0616 0x17f8 PEAUTH - ok
14:01:36.0741 0x17f8 [ 8E3C640FFF5A963F570233AE99C0FFF3, 3DE978B005BF2E88BA858CE37D9E27BD3584642B8412E22C300A1E739743838A ] PerfHost C:\WINDOWS\SysWow64\perfhost.exe
14:01:36.0803 0x17f8 PerfHost - ok
14:01:37.0131 0x17f8 [ 70B39E7241F750A248798CE82C44596D, 54A72199EB277EE586611DCBC21654786FD2196F91D5884C4F531297893CC3EC ] pla C:\WINDOWS\system32\pla.dll
14:01:37.0337 0x17f8 pla - ok
14:01:37.0400 0x17f8 [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] PlugPlay C:\WINDOWS\system32\umpnpmgr.dll
14:01:37.0446 0x17f8 PlugPlay - ok
14:01:37.0478 0x17f8 [ 4570F8A37D221660F3A09D6F4DD4BA94, 0EA190CFFA53DF9CCA2D53A4EF1BCB837BA3F2489A3AC5BD11F6D6ED811D118E ] PNRPAutoReg C:\WINDOWS\system32\pnrpauto.dll
14:01:37.0525 0x17f8 PNRPAutoReg - ok
14:01:37.0587 0x17f8 [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] PNRPsvc C:\WINDOWS\system32\pnrpsvc.dll
14:01:37.0665 0x17f8 PNRPsvc - ok
14:01:37.0728 0x17f8 [ BDD52AB4AEBB8B1904568DBD0CCB70CB, C3D1DBA349C79B43DCDD9EF5255C5EE973EFB844235B808B5EF9B63A51FF00AA ] PolicyAgent C:\WINDOWS\System32\ipsecsvc.dll
14:01:37.0806 0x17f8 PolicyAgent - ok
14:01:37.0837 0x17f8 [ C8DD82C3035E60D671B8CC5DF128D3A9, 6AABF632CBEDA9A7B553BC9134FF100CB6FDC88000D499D2883408FCEDD97576 ] Power C:\WINDOWS\system32\umpo.dll
14:01:37.0931 0x17f8 Power - ok
14:01:38.0197 0x17f8 [ 346F352E17EA5793C726D3F6582BA855, 5CD830CDCC73335EDC58D26D1BC8B8830DA885CA6D1E21BB7EE763354B5C35EA ] PrintNotify C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
14:01:38.0509 0x17f8 PrintNotify - ok
14:01:38.0587 0x17f8 [ ECD373F9571C745894367CC2635EA44F, E08B2A1017DAE1BF10B986DAFAD14BDE20D79703E0EF3A8C700A3753908C1392 ] Processor C:\WINDOWS\System32\drivers\processr.sys
14:01:38.0634 0x17f8 Processor - ok
14:01:38.0681 0x17f8 [ 6E409D818C6B342544EAE741B1422B85, B4ADFB7809FC42C432C984C3AC13FAFD1B7AD53BCC7FB16E86371DE4C829DD1A ] ProfSvc C:\WINDOWS\system32\profsvc.dll
14:01:38.0775 0x17f8 ProfSvc - ok
14:01:38.0806 0x17f8 [ AF038FA3D3748B7595FE7096AD803696, 55263B2424BE1F59F16050C8A0A3B16B2A3A4C212051170DE8A49AC387BE1386 ] Ps2Kb2Hid C:\WINDOWS\System32\drivers\aPs2Kb2Hid.sys
14:01:38.0837 0x17f8 Ps2Kb2Hid - ok
14:01:38.0869 0x17f8 [ FC0141B4A5AD6D637D883C1A89FC45C5, DCE8942C02EEDAE7A57707CA60CAC3A8CD6BA68E6571E405CA882D4DD6D69E43 ] Psched C:\WINDOWS\system32\DRIVERS\pacer.sys
14:01:38.0931 0x17f8 Psched - ok
14:01:38.0994 0x17f8 [ DAA9DEE0A5D5F238C4EE54C2C7FB67C5, 7EC8C603BD92699AC35BDCD294F13BEE90D5C2C195FD93A3F16928BFCF53CA93 ] QWAVE C:\WINDOWS\system32\qwave.dll
14:01:39.0087 0x17f8 QWAVE - ok
14:01:39.0119 0x17f8 [ 83868EB2924E6BC21A54337C65D614D1, 8D1BE01EBD190231153B867C32120DC8FBFBD32050448A778134D435D76A0B07 ] QWAVEdrv C:\WINDOWS\system32\drivers\qwavedrv.sys
14:01:39.0165 0x17f8 QWAVEdrv - ok
14:01:39.0197 0x17f8 [ B337B1F1E82A83E20A1743E008E25C0F, A2E8AF041B4CAB78AEE28A2147A189FF0F9D2FCEFB167D60FBBA0A787A5A5BE7 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:01:39.0244 0x17f8 RasAcd - ok
14:01:39.0290 0x17f8 [ 044638489B4A5FE5334F46C5314A0826, E06CC2A9EF369794DAD69FBB5AFD1676D4283DDAB2AD5E3EFE454C473F62F955 ] RasAuto C:\WINDOWS\System32\rasauto.dll
14:01:39.0353 0x17f8 RasAuto - ok
14:01:39.0431 0x17f8 [ F83B38FCD4F69157B3D158433FA149CC, AB103BD3E2B3B134CB355C556DF70BCF0CF4DB11EFF7DB4A9876D5AA43D81293 ] RasMan C:\WINDOWS\System32\rasmans.dll
14:01:39.0540 0x17f8 RasMan - ok
14:01:39.0587 0x17f8 [ 5247F308C4103CDC4FE12AE1D235800A, E567CD33CA1897D53795E071B7AFBAF98B2C8F725F8BED0BA90F5EF611520E48 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:01:39.0634 0x17f8 RasPppoe - ok
14:01:39.0681 0x17f8 [ A1A5E79C0D1352AFDC08328A623DA051, 01546DDE6F1FF159A7EB7F2BF104910445D3D863F1F37DEA695579BA60D84280 ] rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:01:39.0790 0x17f8 rdbss - ok
14:01:39.0822 0x17f8 [ 6B21EBF892CD8CACB71669B35AB5DE32, 0AD8E14FEF16FB2559F5FC8AFBC9D49E4E24F43CF65F480DBF9FAB593269B419 ] rdpbus C:\WINDOWS\System32\drivers\rdpbus.sys
14:01:39.0884 0x17f8 rdpbus - ok
14:01:39.0915 0x17f8 [ 680C1DAE268B6FB67FA21B389A8B79EF, 856911F77BDD8830C3D683EBE8AF399FB3A54C7D8D0B34EA37D903377F0A39BD ] RDPDR C:\WINDOWS\system32\drivers\rdpdr.sys
14:01:39.0994 0x17f8 RDPDR - ok
14:01:40.0025 0x17f8 [ BC8A79C625568DDB7DCA49D0C2741A64, AB0A7ED9EC2282EC0356D27EA4F70515943E41C2112428B787636B8BEC278933 ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys
14:01:40.0056 0x17f8 RdpVideoMiniport - ok
14:01:40.0119 0x17f8 [ A26AEC49F318FEE141DDDB2C5F99B3E6, 246AD79FF27E79DEDCB0AAA7C22A8EA6349DEDAC863413A1E378E68FD94C9C4F ] rdyboost C:\WINDOWS\system32\drivers\rdyboost.sys
14:01:40.0167 0x17f8 rdyboost - ok
14:01:40.0260 0x17f8 [ 615DFD97DEA56CE1C3A52185A3038FF8, 707BF5F9FAE478A12656D15013F507CC1335E7B72BD21CA99BB813CB95E37BC0 ] ReFS C:\WINDOWS\system32\drivers\ReFS.sys
14:01:40.0385 0x17f8 ReFS - ok
14:01:40.0432 0x17f8 [ 0CF7CB56BF2D5E9DBCEE0185CB626FAD, 2BD2E2FB1D2EADD1F70EF55E8523C353F95D4FEB1BAD5017FA4D94F790F27825 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
14:01:40.0495 0x17f8 RemoteAccess - ok
14:01:40.0542 0x17f8 [ AC8785B53F8436058C90450DA1840AE7, CC1FFC2713910211F8A6AD532DBB9253ACD188CBD784F1BE6613DF382825A3C1 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
14:01:40.0651 0x17f8 RemoteRegistry - ok
14:01:40.0682 0x17f8 [ CF59781FCB68F859EB6C835ED285211D, E979014C07BF45F4F27E4433ED6B8FA618E4416CB01075FBF52CB2536EC63984 ] RfButtonDriverService C:\Windows\RfBtnSvc64.exe
14:01:40.0714 0x17f8 RfButtonDriverService - ok
14:01:40.0761 0x17f8 [ 65B9FDE300A6DECC03BA44C4616DCAD6, CAD992982733DD20282A3453DC4E554AE1FC077C35479C0CA4E8BC3A9DCD3BB0 ] RpcEptMapper C:\WINDOWS\System32\RpcEpMap.dll
14:01:40.0807 0x17f8 RpcEptMapper - ok
14:01:40.0854 0x17f8 [ A737B433ABAF3F2DCB2BD7B4CC582B26, 3B5706B0CF0969A9F82060FD4DCC745F2D83C066B663FE8A4F0F493B64032C9C ] RpcLocator C:\WINDOWS\system32\locator.exe
14:01:40.0886 0x17f8 RpcLocator - ok
14:01:40.0979 0x17f8 [ E4220FD9C7F1579D9C5F9DFB00427841, 77740122A01A08F18CC82A4BB3F00EC59F29EE10779092F872572C264F6728D0 ] RpcSs C:\WINDOWS\system32\rpcss.dll
14:01:41.0089 0x17f8 RpcSs - ok
14:01:41.0136 0x17f8 [ 2D05A5508F4685412F2B89E8C2189ABC, 82F12B4E0E73411A121EFD35FBD3B44CBBC0AE96ACFBB45D8C3C3777E2EA320D ] rspndr C:\WINDOWS\system32\DRIVERS\rspndr.sys
14:01:41.0182 0x17f8 rspndr - ok
14:01:41.0198 0x17f8 [ 1A063730F221B2746FF00457AE17E4F0, 39A3C258CBFE3BC566C63528C9020A3BC9409736AE5289C08A7BA471D8409263 ] s3cap C:\WINDOWS\System32\drivers\vms3cap.sys
14:01:41.0245 0x17f8 s3cap - ok
14:01:41.0276 0x17f8 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] SamSs C:\WINDOWS\system32\lsass.exe
14:01:41.0323 0x17f8 SamSs - ok
14:01:41.0370 0x17f8 [ C624A1B32211C3166EDB3F4AB02A30B7, 6B2A4607DB52D74242787ED9DF9067058983D310431D8612D2B0236E6201E681 ] sbp2port C:\WINDOWS\system32\drivers\sbp2port.sys
14:01:41.0401 0x17f8 sbp2port - ok
14:01:41.0464 0x17f8 [ 74A3B67F03877D06B09B1B40C5ED582E, A8FF9BF416F0BF365BFB4E1796859825C811A74B5E54DDDCE8345193BEEBE206 ] SCardSvr C:\WINDOWS\System32\SCardSvr.dll
14:01:41.0557 0x17f8 SCardSvr - ok
14:01:41.0604 0x17f8 [ 8B9C4D55B4A536FB01C360DDB9533574, 9B939FE68F6F9C171ED0D91E2CE1E67515295D34EC23606BCDFD097DCC8CFD4A ] ScDeviceEnum C:\WINDOWS\System32\ScDeviceEnum.dll
14:01:41.0682 0x17f8 ScDeviceEnum - ok
14:01:41.0714 0x17f8 [ 13BEA6C882D4D877A5A85CA149C86BC1, 8E9BE5C2A36D5881D9985C3A31309FE03966EA13A3541D3C5B542AB67FA0D55F ] scfilter C:\WINDOWS\system32\DRIVERS\scfilter.sys
14:01:41.0761 0x17f8 scfilter - ok
14:01:41.0886 0x17f8 [ 3151A020E03DDE31AAC49F35C5EFB4DB, 5ABB1103009979F86C862357E28F37C2744979F2C99F7CF6ABB4EB1B8416B3F6 ] Schedule C:\WINDOWS\system32\schedsvc.dll
14:01:42.0042 0x17f8 Schedule - ok
14:01:42.0089 0x17f8 [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] SCPolicySvc C:\WINDOWS\System32\certprop.dll
14:01:42.0136 0x17f8 SCPolicySvc - ok
14:01:42.0198 0x17f8 [ C54B6B2170BF628FD42F799A66956D75, BCF460A124CAA6F1F1A9A7BCBDCC2D5E39B0404D96B7C9FFAC806E041782B91E ] sdbus C:\WINDOWS\System32\drivers\sdbus.sys
14:01:42.0261 0x17f8 sdbus - ok
14:01:42.0307 0x17f8 [ 0B1E929D11A8E358106955603FAC65E8, A5EC91BFC0873EC6AB1D0DB4E91654BD35339BD680E7E82DA2DC64996B4AE515 ] sdstor C:\WINDOWS\System32\drivers\sdstor.sys
14:01:42.0339 0x17f8 sdstor - ok
14:01:42.0370 0x17f8 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\WINDOWS\system32\drivers\secdrv.sys
14:01:42.0432 0x17f8 secdrv - ok
14:01:42.0464 0x17f8 [ 6627154693B6C2B8A59727F5B38728E8, F08251EE3436400295F120D48F3763E6F11BBF4132D674AD3E8112B6B3538455 ] seclogon C:\WINDOWS\system32\seclogon.dll
14:01:42.0526 0x17f8 seclogon - ok
14:01:42.0558 0x17f8 [ 81FE9A81EDF8016816C9E91FBFBF7D35, 87FB92A3D15F312F0B9C423EF851061A944B013E5668D8C9A441B4DC0EB690AF ] SENS C:\WINDOWS\System32\sens.dll
14:01:42.0636 0x17f8 SENS - ok
14:01:42.0667 0x17f8 [ 6E4012AE67F09F867EF620C8D5524C0B, 63933E51F8E413E63481369CE2F9FD224560550FBD3BD2B4573E9F4AD88708A2 ] SensrSvc C:\WINDOWS\system32\sensrsvc.dll
14:01:42.0761 0x17f8 SensrSvc - ok
14:01:42.0808 0x17f8 [ DB2FF24CE0BDD15FE75870AFE312BA89, 7DB0D978C92CD0A0A81F7AB46FE323B4929CEA01585B0F330921E6DFA7DE1B85 ] SerCx C:\WINDOWS\system32\drivers\SerCx.sys
14:01:42.0839 0x17f8 SerCx - ok
14:01:42.0901 0x17f8 [ 0044B31F93946D5D41982314381FE431, 95B8A94BA9EF770F29ACD5B23D447EC2B6CF1CB3D0030343BA1550AC31F6E2A5 ] SerCx2 C:\WINDOWS\system32\drivers\SerCx2.sys
14:01:42.0933 0x17f8 SerCx2 - ok
14:01:42.0964 0x17f8 [ 3CD600C089C1251BEEB4CD4CD5164F9E, D9F81951B4454B24E821E33ACA53A851A61F3135E8EC6FBE6761A1A3E1CDCBE2 ] Serenum C:\WINDOWS\System32\drivers\serenum.sys
14:01:43.0011 0x17f8 Serenum - ok
14:01:43.0042 0x17f8 [ D864381BC9C725FAB01D94C060660166, 132FED95222BBE3B0B25B3F1F0EFC5903D04564BD047BA4D2042AD51E3FDA724 ] Serial C:\WINDOWS\System32\drivers\serial.sys
14:01:43.0104 0x17f8 Serial - ok
14:01:43.0151 0x17f8 [ 148195AE95D9BC7375A08846439FDAC1, 3A2F78FD18AA7A6D659921E19335E943894530874AC5AB5E7219CEF28FA54F7A ] sermouse C:\WINDOWS\System32\drivers\sermouse.sys
14:01:43.0200 0x17f8 sermouse - ok
14:01:43.0279 0x17f8 [ 3A2F1A7472C3B7CC9B89C8516C726488, 9BCBBAC10C900EA7B30822B463A77EE5067F217C4B490857A09E5277983CB89B ] SessionEnv C:\WINDOWS\system32\sessenv.dll
14:01:43.0372 0x17f8 SessionEnv - ok
14:01:43.0419 0x17f8 [ 472B7A5AC181C050888DB454663DD764, C950A8615D57BFD455E18880398350642B2E1D6B951EC9754FD8D429F3418835 ] sfloppy C:\WINDOWS\System32\drivers\sfloppy.sys
14:01:43.0466 0x17f8 sfloppy - ok
14:01:43.0529 0x17f8 [ 8081FF3DAE8159FE8956B09BC29CE983, AC0F305AEE8B1AB2E1275F1D33EC1D2F3E23F234F831BD9D41F415A94A19D3AB ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
14:01:43.0607 0x17f8 SharedAccess - ok
14:01:43.0700 0x17f8 [ 7FD9A61A3523A61FC135D61D6E160314, 409E1CF7A62FD90CBC31AEAFBB7230B02DBEC6CFCA2D266D221A7643FAEBA13B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
14:01:43.0833 0x17f8 ShellHWDetection - ok
14:01:43.0864 0x17f8 [ 2F518D13DD6F3053837FE606F1A2EA1F, 64109296CE95BD233525688A350D575CF97B9464659AA07CF78B307B6ADBC835 ] SiSRaid2 C:\WINDOWS\system32\drivers\SiSRaid2.sys
14:01:43.0895 0x17f8 SiSRaid2 - ok
14:01:43.0942 0x17f8 [ 1AC9A200A9C49C4508F04AAFFCA34A3F, 972BCB2A39169155F74111FAC74ACCD8F50E34EADCF087833B0980827627BBF4 ] SiSRaid4 C:\WINDOWS\system32\drivers\sisraid4.sys
14:01:43.0973 0x17f8 SiSRaid4 - ok
14:01:44.0067 0x17f8 [ 9A66A87BBC0EC4463042959B7C0D4AC1, 2E61DC50AD4A4D4782F3271BAD010137DA9A6AFC46C7568C709F68C7621DCD40 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
14:01:44.0145 0x17f8 SkypeUpdate - ok
14:01:44.0177 0x17f8 [ 3C84DCCE5B322F745A75CA8BA3A0F6B3, 1FB94A8A1C63D6FDB82E28ED5B696B3CB1F64183A89A3B5153B266C292CB7815 ] smphost C:\WINDOWS\System32\smphost.dll
14:01:44.0239 0x17f8 smphost - ok
14:01:44.0286 0x17f8 [ D0EB0DF8C603BBA084351A92732B1CBE, E24ED8F78EF41C1BC17386AE4BBCE0DC892C5B89B12C03FC9FB61D359B13F1B4 ] SNMPTRAP C:\WINDOWS\System32\snmptrap.exe
14:01:44.0348 0x17f8 SNMPTRAP - ok
14:01:44.0427 0x17f8 [ B45AE0970B2D66CCE756DE6989E23EEC, 8393CF2DC4F65CD48D4D7B3C8C2D29E26728593B652D6CEAB65B50AEDA0884B7 ] spaceport C:\WINDOWS\system32\drivers\spaceport.sys
14:01:44.0505 0x17f8 spaceport - ok
14:01:44.0552 0x17f8 [ F337BE11071818FC3F5DC2940B6BDE34, D5CFF00E5DF37045F71AEE101AC9B270EBB29F372F404757B58600E9966C7E4D ] SpbCx C:\WINDOWS\system32\drivers\SpbCx.sys
14:01:44.0583 0x17f8 SpbCx - ok
14:01:44.0677 0x17f8 [ 2E3976C857D7230EC8D2B2276E688255, C0A6A84369CB3E709A6FFEBED2B38AB62D731B79D052D6D6FA8EF855BC428778 ] Spooler C:\WINDOWS\System32\spoolsv.exe
14:01:44.0817 0x17f8 Spooler - ok
14:01:45.0276 0x17f8 [ C993A0B97BECD3AAF5158E3869878465, 8B86F37DEFCBE55DE507D830EC4980EBB39B3CCA30C2B3E76B588AAB282A50FC ] sppsvc C:\WINDOWS\system32\sppsvc.exe
14:01:45.0980 0x17f8 sppsvc - ok
14:01:46.0136 0x17f8 [ D6786650A26543FFF83806057458B96E, 1002A5E6338255ACF9E7DD901378CB8BCE0FC6A7503C6D78EEBF8BAD619ECBC4 ] SRTSP C:\WINDOWS\System32\Drivers\NSx64\1606000.08E\SRTSP64.SYS
14:01:46.0245 0x17f8 SRTSP - ok
14:01:46.0292 0x17f8 [ BA2ABBEA69BD1866C973DE11CB0CE9F8, 7A04BC2F4DA9A69A996911CC429064D24CF51F4046A2EE688D4326B44C9EDAFB ] SRTSPX C:\WINDOWS\system32\drivers\NSx64\1606000.08E\SRTSPX64.SYS
14:01:46.0323 0x17f8 SRTSPX - ok
14:01:46.0386 0x17f8 [ 8003E034E3EA0E29DA54215A770FC27C, 28AB1FDEA372D33540A26DAE413A10336409D33B91F51DC0AE144D451022A2A7 ] srv C:\WINDOWS\system32\DRIVERS\srv.sys
14:01:46.0480 0x17f8 srv - ok
14:01:46.0573 0x17f8 [ 00D8AC8E3053290BDE6EA2FB6810D2FC, 957FEF84CBBAE71829529AE99A1B24F52D7831BD666442D0132FBB825409A75D ] srv2 C:\WINDOWS\system32\DRIVERS\srv2.sys
14:01:46.0683 0x17f8 srv2 - ok
14:01:46.0714 0x17f8 [ D047CD668E6277FD80F0C613946F034C, BD0209E7FD89F9295D4DE48C9652DF2A2990277C16AFA473B96704B1CBD2F338 ] srvnet C:\WINDOWS\system32\DRIVERS\srvnet.sys
14:01:46.0777 0x17f8 srvnet - ok
14:01:46.0824 0x17f8 [ CF6C3037839CF78421A94F9060C2886F, CA98C180AE03F5BE8FEFFBA75BD98DEE2AD4FA975E1EF83215C9CD2476946811 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
14:01:46.0933 0x17f8 SSDPSRV - ok
14:01:46.0980 0x17f8 [ 198A737DBA666F4808D62E9A8277A6B7, 90B6E5E2ACE95D850C913A3A1DA1F966C44955C530004C228FA93B2A536F5C27 ] SstpSvc C:\WINDOWS\system32\sstpsvc.dll
14:01:47.0058 0x17f8 SstpSvc - ok
14:01:47.0105 0x17f8 [ 366DEA74BBA65B362BCCFC6FC2ADFD8B, 4D28122AB9D8DAB724021E6513B4474BD34FCEDF47769B1D27AC7551FCA002F8 ] stexstor C:\WINDOWS\system32\drivers\stexstor.sys
14:01:47.0136 0x17f8 stexstor - ok
14:01:47.0214 0x17f8 [ 63E9CE568CF1192771A5F0460DE7D2B9, C27B21FD2C14AD41A59EF62EB8AC95C08EB13CCB1CEECD8378B8CDD4DC352E69 ] stisvc C:\WINDOWS\System32\wiaservc.dll
14:01:47.0339 0x17f8 stisvc - ok
14:01:47.0370 0x17f8 [ 0ED2E318ABB68C1A35A8B8038BDB4C90, 5C3ABC245F4BCFE64E646D9C0E2F5E211244956C84D03084C71FF6A7E0CDED30 ] storahci C:\WINDOWS\system32\drivers\storahci.sys
14:01:47.0417 0x17f8 storahci - ok
14:01:47.0433 0x17f8 [ 8B9486B64E5FC17FB9CC04CA10B77A34, C1EAC9D27DC83E4C56B890D97988C3CCFAE3877309610601F2E3FFFE97686D43 ] storflt C:\WINDOWS\system32\drivers\vmstorfl.sys
14:01:47.0464 0x17f8 storflt - ok
14:01:47.0495 0x17f8 [ 6B06E2D11E604BE2B1A406C4CB3B90DE, 2DDEA1568A85AD64FCE5D10D348304FCD9BE6E96C2313353EF70A2933306D188 ] stornvme C:\WINDOWS\system32\drivers\stornvme.sys
14:01:47.0527 0x17f8 stornvme - ok
14:01:47.0558 0x17f8 [ A45F5AC9D8069D0EC66E3CA73103073B, 996788F1C58E016E8E5CF3FD1D220A3C40AFFD6C21361A34636415DB12E0D381 ] StorSvc C:\WINDOWS\system32\storsvc.dll
14:01:47.0620 0x17f8 StorSvc - ok
14:01:47.0636 0x17f8 [ 548759755BC73DAD663250239D7E0B9F, D31A05A8CE800B539420B6E545F1F4BF6E4B02EAF8366DE89CAF13A83C6CA48D ] storvsc C:\WINDOWS\system32\drivers\storvsc.sys
14:01:47.0683 0x17f8 storvsc - ok
14:01:47.0714 0x17f8 [ E395BE02F80A79A6CF973BA38DBB8135, 4C6F85B0EB8E7725BA720F9742561D229726C0D7C17505D1E79F19A5626F6325 ] svsvc C:\WINDOWS\system32\svsvc.dll
14:01:47.0761 0x17f8 svsvc - ok
14:01:47.0792 0x17f8 [ 65454187E0F8B6C0DCECB0287D06EC43, 87550000CF5B3C1DF3E69633934AFE8554AE40B6638F190D3185AD63F1D7A2EE ] swenum C:\WINDOWS\System32\drivers\swenum.sys
14:01:47.0824 0x17f8 swenum - ok
14:01:47.0886 0x17f8 [ 1C71D72D4997A284128FBEE770726330, 21682BDE74A1108FED1124FB1EA35A03CBFA94ABE1B89CC0FADB4DD82596C43E ] swprv C:\WINDOWS\System32\swprv.dll
14:01:48.0011 0x17f8 swprv - ok
14:01:48.0152 0x17f8 [ 6F227CF9E64364578E2DABD1EF6E51A4, D5223B441A319D4C57FDBEA9BFBB8E5C95CA6F7B6AE6F4029BCE84A5CCE51B33 ] SymEFASI C:\WINDOWS\system32\drivers\NSx64\1606000.08E\SYMEFASI64.SYS
14:01:48.0324 0x17f8 SymEFASI - ok
14:01:48.0355 0x17f8 [ 1DE0CBF15AC67AE0E5B456ADEFB89493, C764815313BB4332279730AA02531A448A1D32F5B6D5689FF04549406A5B5212 ] SymELAM C:\WINDOWS\system32\drivers\NSx64\1606000.08E\SymELAM.sys
14:01:48.0402 0x17f8 SymELAM - ok
14:01:48.0464 0x17f8 [ 6DF8F618B93C821630C9BAA8DA3FAAAF, 553972D63F3347291EC8370AB910F741EF1DA61BC74FBA4192EF6E1DF567FB99 ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
14:01:48.0496 0x17f8 SymEvent - ok
14:01:48.0543 0x17f8 [ EC8538693C84E5B85014CB0F4174A8B7, 570D4193A5616A65962D086048D51C37BE166B77ED7293DF3E8871A502831261 ] SymIRON C:\WINDOWS\system32\drivers\NSx64\1606000.08E\Ironx64.SYS
14:01:48.0605 0x17f8 SymIRON - ok
14:01:48.0683 0x17f8 [ 751C968945EFD42469FE52D6CE384196, 3386681036909F60A249951009822190EFB1C390D2F46E7EFE44893F28D0F31C ] SymNetS C:\WINDOWS\System32\Drivers\NSx64\1606000.08E\SYMNETS.SYS
14:01:48.0761 0x17f8 SymNetS - ok
14:01:48.0886 0x17f8 [ 7E85DB0463AD2403AE84AD162B162279, 996C42ECAFC6E24C623068AFAFCC0A2612526333AF9315F7536C6D40C2570632 ] SysMain C:\WINDOWS\system32\sysmain.dll
14:01:49.0043 0x17f8 SysMain - ok
14:01:49.0105 0x17f8 [ D73DBBB96CEE90C2856164AAD8543425, D11ADB5D4C5DD355314CA656D375D0062CAE7462E866F94F1B26D5803F65DCB2 ] SystemEventsBroker C:\WINDOWS\System32\SystemEventsBrokerServer.dll
14:01:49.0199 0x17f8 SystemEventsBroker - ok
14:01:49.0246 0x17f8 [ D6A71B95ACF71ACA63B67232059F1BCD, C5CEC032E7AB507500D1CC7A4E65DA6322412C798201A9D770CBDE892E50DFC8 ] TabletInputService C:\WINDOWS\System32\TabSvc.dll
14:01:49.0355 0x17f8 TabletInputService - ok
14:01:49.0386 0x17f8 [ 5A5BAB1CA9621E73E25EE4744B67CDA6, 479EBD7BAE1E2AD431153FDC016742F7A8D824716EAB1A4CA87EBBD21D61DECD ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
14:01:49.0496 0x17f8 TapiSrv - ok
14:01:49.0683 0x17f8 [ 1C8560E3A37A9D4F25B7769C3E3D4163, 3246F3CD6C9EA2BD874822D594A0FAC68A9DE0612C0893B50B8A3D5F1E9B0B33 ] Tcpip C:\WINDOWS\system32\drivers\tcpip.sys
14:01:49.0965 0x17f8 Tcpip - ok
14:01:50.0152 0x17f8 [ 1C8560E3A37A9D4F25B7769C3E3D4163, 3246F3CD6C9EA2BD874822D594A0FAC68A9DE0612C0893B50B8A3D5F1E9B0B33 ] TCPIP6 C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:01:50.0418 0x17f8 TCPIP6 - ok
14:01:50.0465 0x17f8 [ 41CF802064F72E55F50CA0A221FD36D4, 70ABCDF9E96611E8C83042C581575E26649FE479475E8E118CD3FF6CB1C84C3F ] tcpipreg C:\WINDOWS\system32\drivers\tcpipreg.sys
14:01:50.0527 0x17f8 tcpipreg - ok
14:01:50.0574 0x17f8 [ E0BD2D83875464FEEEB242CBA8B7E073, A3067165128F36035FA9F3CBA55CFED736E180C495497FA7332B3D97908C3D90 ] tdx C:\WINDOWS\system32\DRIVERS\tdx.sys
14:01:50.0637 0x17f8 tdx - ok
14:01:50.0683 0x17f8 [ 232D185D2337F141311D0CF1983E1431, 02EB56D3F26174AF1741C1A444CE30DE84D5BAF583C1A52C7A953BCC52445547 ] terminpt C:\WINDOWS\System32\drivers\terminpt.sys
14:01:50.0715 0x17f8 terminpt - ok
14:01:50.0824 0x17f8 [ C50997E282576DA492EBA66B059D4196, EBD793CB396F9503376207FA60353F5672DEDB620C8E01C8D6AE0030B3B03339 ] TermService C:\WINDOWS\System32\termsrv.dll
14:01:50.0980 0x17f8 TermService - ok
14:01:51.0012 0x17f8 [ 2180DBCE75B914E5E5BBFFFAAE97AA21, 8000AECC8855903DB50ABA7E304396D1FCEAE8DC9ADD4FC50275CF24B4D914DE ] Themes C:\WINDOWS\system32\themeservice.dll
14:01:51.0090 0x17f8 Themes - ok
14:01:51.0121 0x17f8 [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] THREADORDER C:\WINDOWS\system32\mmcss.dll
14:01:51.0168 0x17f8 THREADORDER - ok
14:01:51.0199 0x17f8 [ B5ED9CC61798C7D44BD535D40B89EFB5, 1BDCEAA9AF2096381870D92129C748F4EE06A1167ABA9367B9DD43BAF27E3F5B ] TimeBroker C:\WINDOWS\System32\TimeBrokerServer.dll
14:01:51.0309 0x17f8 TimeBroker - ok
14:01:51.0387 0x17f8 [ 80A2FC1A089A71F2DBE5D8394FFB009F, DEA30E751F6EA42E43E16869713FC7E37832B15DAFA0062B1798DFA476981385 ] TPM C:\WINDOWS\system32\drivers\tpm.sys
14:01:51.0434 0x17f8 TPM - ok
14:01:51.0449 0x17f8 [ 884113C2BB703FE806C8608B75F34831, 24DE5750CA4363455412BABB0B1FAB08497153E8F158ED44958F100410F93506 ] TrkWks C:\WINDOWS\System32\trkwks.dll
14:01:51.0528 0x17f8 TrkWks - ok
14:01:51.0574 0x17f8 [ 44A94FB4C76528D2382FFE04B05827C3, B0BCDF7CD1D65E61A9061D539D83527A89B69583958F8A26C6BF9766C1B61E0C ] TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe
14:01:51.0637 0x17f8 TrustedInstaller - ok
14:01:51.0684 0x17f8 [ BF8F54CA37E9C9D6582C31C5761F8C93, 337C566792F6FB9B7FD5D1D4384B767CFE4CF5DBB2E4688CCC36CBB018A0DD0F ] TsUsbFlt C:\WINDOWS\system32\drivers\tsusbflt.sys
14:01:51.0746 0x17f8 TsUsbFlt - ok
14:01:51.0778 0x17f8 [ 20185BEB7512EDE4EFECDFA148AC9F99, 6F539478493C0F87F3DDF67A4A6D4D41E9474EEF21434E856350CE149A34EA9F ] TsUsbGD C:\WINDOWS\System32\drivers\TsUsbGD.sys
14:01:51.0856 0x17f8 TsUsbGD - ok
14:01:51.0903 0x17f8 [ E85916632CD3B9E9B546968DB950BF42, DECE3852C763CC6293C7D1B772296C43A0AE1E47BBCC4979C96B3B2AD70413F3 ] tunnel C:\WINDOWS\system32\DRIVERS\tunnel.sys
14:01:51.0981 0x17f8 tunnel - ok
14:01:52.0028 0x17f8 [ F6EEAD052943B5A3104C1405BB856C54, FE422813E6C1012E9F392EFF2AE4C6D3A4DBD9CB2BD5E6A5CAB57D4E89A29468 ] uagp35 C:\WINDOWS\system32\drivers\uagp35.sys
14:01:52.0059 0x17f8 uagp35 - ok
14:01:52.0090 0x17f8 [ FE6067B1FD4E63650C667B33D080565B, 2C330ED00E49BA55E25564230E0DFB8A35F2B5320EB18D4AF7CAACFA9A449044 ] UASPStor C:\WINDOWS\System32\drivers\uaspstor.sys
14:01:52.0137 0x17f8 UASPStor - ok
14:01:52.0168 0x17f8 [ 69CC6087483FCE6AEBF1DF5AE791044F, 64A2699447049F77A4A5469537F81124114978BF356C079B123B79782EDC760A ] UBHelper C:\Windows\system32\drivers\UBHelper.sys
14:01:52.0184 0x17f8 UBHelper - ok
14:01:52.0215 0x17f8 [ 807F8CF3E973305FC435C61CBBEE2A49, 43CDEAC2BFC5091C11DFC0E7F7171AF9A598AE56CB056C3CF382AE7807F79EF0 ] UCX01000 C:\WINDOWS\System32\drivers\ucx01000.sys
14:01:52.0262 0x17f8 UCX01000 - ok
14:01:52.0324 0x17f8 [ C61EAF8E1E4B2F62BA4FDF457440B2C6, 961F76A789925234AC27F56AAE34556FA06088D71580B42C24B0BC209EAFD67E ] udfs C:\WINDOWS\system32\DRIVERS\udfs.sys
14:01:52.0434 0x17f8 udfs - ok
14:01:52.0465 0x17f8 [ 9578691F297E1B1F519970FE6D47CB21, 080C352AAF22A16A4F3C4AB4DCEA5BFA656457C73F735CEBA30516FDACCF6301 ] UEFI C:\WINDOWS\System32\drivers\UEFI.sys
14:01:52.0496 0x17f8 UEFI - ok
14:01:52.0543 0x17f8 [ A867F0F978EE64C87FADC3B100869EE4, 2686BE85F963D0D0BB275E92E5B543280D8742CF10772303E3189D0719B6A277 ] UI0Detect C:\WINDOWS\system32\UI0Detect.exe
14:01:52.0606 0x17f8 UI0Detect - ok
14:01:52.0653 0x17f8 [ 5EAB5117DDB24FC4D39E6FFFCF1837B9, 2BC709240867F161E94BE6625A04F478EAAA3EEE7BC7C37ED0DFA9EEA5928E98 ] uliagpkx C:\WINDOWS\system32\drivers\uliagpkx.sys
14:01:52.0684 0x17f8 uliagpkx - ok
14:01:52.0715 0x17f8 [ DA34C39A18E60E7C3FA0630566408034, 2F162504214053894C72760D9933D01DBF3578609FE5E2376C3272818599FE32 ] umbus C:\WINDOWS\System32\drivers\umbus.sys
14:01:52.0762 0x17f8 umbus - ok
14:01:52.0793 0x17f8 [ AE8294875E5446E359B1E8035D40C05E, AE0357BAB47C07C3576BC76951CD258C009BC5A1B93259D2122A841BD9CDA8FA ] UmPass C:\WINDOWS\System32\drivers\umpass.sys
14:01:52.0840 0x17f8 UmPass - ok
14:01:52.0887 0x17f8 [ A023F267A262D5DA6CE1436D9C5E8FD9, 92AD7AF91184C244A7E392F49663143193A80D5D81114546A00F18227DE31D23 ] UmRdpService C:\WINDOWS\System32\umrdp.dll
14:01:52.0996 0x17f8 UmRdpService - ok
14:01:53.0106 0x17f8 [ DBE2E6388379D5CC78099650541E9566, 1914BC929F109A49FB18ED31F239A9813A010B0A3914BC8CD0D6A94A67A072D7 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
14:01:53.0170 0x17f8 UNS - ok
14:01:53.0248 0x17f8 [ C98493DD8E6A50154FAC75C15E1C36BB, CECD1C826C8F7AF05468871BF6A0ACDBB6B0202F4F87F48C6D367E5BD699E800 ] upnphost C:\WINDOWS\System32\upnphost.dll
14:01:53.0341 0x17f8 upnphost - ok
14:01:53.0388 0x17f8 [ F957092C63CD71D85903CA0D8370F473, 4DEC2FC20329F248135DA24CB6694FD972DCCE8B1BBEA8D872FDE41939E96AAF ] USBAAPL64 C:\WINDOWS\System32\Drivers\usbaapl64.sys
14:01:53.0451 0x17f8 USBAAPL64 - ok
14:01:53.0498 0x17f8 [ FF78D053A05E5A394F4E3C1816CC65A8, 5DAE02414271231F5FDBB751AFEB99874779B467947020815D4AE54432D4269D ] usbccgp C:\WINDOWS\System32\drivers\usbccgp.sys
14:01:53.0529 0x17f8 usbccgp - ok
14:01:53.0576 0x17f8 [ 0139248F6B95CF0D837B5B46A2722D40, 38E3E704E0364F07732DB418AEBD126B040FB3CDB7D78EA36E8605D50D528A80 ] usbcir C:\WINDOWS\System32\drivers\usbcir.sys
14:01:53.0623 0x17f8 usbcir - ok
14:01:53.0670 0x17f8 [ C996CBEF922B5653A01E3F50DDCE2F86, 231EB5A36E7EE242197E796D3B4AB12F945D2C8570587BC8D57D45530A0C59B4 ] usbehci C:\WINDOWS\System32\drivers\usbehci.sys
14:01:53.0701 0x17f8 usbehci - ok
14:01:53.0763 0x17f8 [ CD81683F4553677B9BF5163A922153EB, 6B304B0D68B9BFF0245EC755CDAAF9DF59DF3A081727E32CB66672929F0DBC50 ] usbhub C:\WINDOWS\System32\drivers\usbhub.sys
14:01:53.0841 0x17f8 usbhub - ok
14:01:53.0920 0x17f8 [ 5C90D5379B53590FBB24BBAD4FA682EE, DC036340510C1C0999AB1CB845F8E6EB8B7696BAC9BBE6E936454C0000D1E9D4 ] USBHUB3 C:\WINDOWS\System32\drivers\UsbHub3.sys
14:01:53.0998 0x17f8 USBHUB3 - ok
14:01:54.0045 0x17f8 [ A0F0484C97D6441ED6A75D7426ECCC9E, FF928ADE1C5464E581BF929F7383D5762D110EA6C7E31A6F0887EA7357ADBEFE ] usbohci C:\WINDOWS\System32\drivers\usbohci.sys
14:01:54.0092 0x17f8 usbohci - ok
14:01:54.0123 0x17f8 [ 4D655E3B684BE9B0F7FFD8A2935C348C, 3A7FC1748C5AEA8CFE0E7C22ADC77E3DCA475455FC16D9C6A5C16EB5E949A516 ] usbprint C:\WINDOWS\System32\drivers\usbprint.sys
14:01:54.0201 0x17f8 usbprint - ok
14:01:54.0248 0x17f8 [ 9D168BFA334D47BE404367EB58D4E130, 23279CBE6ACBD074E7B268BA2EDA14E2255C41F8117173B2BBE653D8259ECFA2 ] USBSTOR C:\WINDOWS\System32\drivers\USBSTOR.SYS
14:01:54.0295 0x17f8 USBSTOR - ok
14:01:54.0326 0x17f8 [ FC974B03C8B87455F44F734C8F31A3C8, D69F6EE8030F7DF96FF151D9EAA6AE65417ACAC5A267C7DB96E9611D5BC42D2C ] usbuhci C:\WINDOWS\System32\drivers\usbuhci.sys
14:01:54.0373 0x17f8 usbuhci - ok
14:01:54.0435 0x17f8 [ 5C8F604F6DC74177CDD8372D7B1ADFF0, C1DE9A37A7A01CCCBFCE13C1E5B26683F620AB21EDA5A14C82022E2F49C84484 ] usbvideo C:\WINDOWS\System32\Drivers\usbvideo.sys
14:01:54.0482 0x17f8 usbvideo - ok
14:01:54.0545 0x17f8 [ 44603DA5A87FB491EF59C889EBBB4DDB, 59AA9B6B0B5D66F9312CD3F999D0D9F12F1A2C5D230365AD7287CD71FD86961C ] USBXHCI C:\WINDOWS\System32\drivers\USBXHCI.SYS
14:01:54.0623 0x17f8 USBXHCI - ok
14:01:54.0654 0x17f8 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] VaultSvc C:\WINDOWS\system32\lsass.exe
14:01:54.0685 0x17f8 VaultSvc - ok
14:01:54.0732 0x17f8 [ FEB26E3B8345A7E8D62F945C4AE86562, 3AAFE87C402FC8E92542DFE60EC9540559863065F88D429A16D7B1BF829223FF ] vdrvroot C:\WINDOWS\system32\drivers\vdrvroot.sys
14:01:54.0763 0x17f8 vdrvroot - ok
14:01:54.0873 0x17f8 [ 8A4D808D1EC7C1C47B2C8BF488A9A07A, 63C07312ADB6F8A8BDE93361C30AC63DAB4DE1141AF54630EEF11E54B0BF983D ] vds C:\WINDOWS\System32\vds.exe
14:01:55.0060 0x17f8 vds - ok
14:01:55.0092 0x17f8 [ A026EDEAA5EECAE0B08E2748B616D4BD, 2525A54DC7F49DDFBB999C22BF3FAB6D9E9F70C0806E58D81E90AC59F9F46089 ] VerifierExt C:\WINDOWS\system32\drivers\VerifierExt.sys
14:01:55.0138 0x17f8 VerifierExt - ok
14:01:55.0217 0x17f8 [ 34CAF69BF4166AB40BFF0ED068FF6F91, BF5DA4F85A2C537DD76A3271956EC5BDB9ABC495FAA9371037F608152BE2725D ] vhdmp C:\WINDOWS\System32\drivers\vhdmp.sys
14:01:55.0311 0x17f8 vhdmp - ok
14:01:55.0342 0x17f8 [ 06D38968028E9AB19DE9B618C7B6D199, 62022297A47F440D1C82CA0B0E57C0C8E9D5033D83DD3B40492B218DF65EBF68 ] viaide C:\WINDOWS\system32\drivers\viaide.sys
14:01:55.0373 0x17f8 viaide - ok
14:01:55.0389 0x17f8 [ 511AD3FF957A0127E6BD336FF6F89C38, 55325BFD0857A1204F7F6F8ED8C91C07B0E20A50402105708E7365ECD9E25A21 ] vmbus C:\WINDOWS\system32\drivers\vmbus.sys
14:01:55.0420 0x17f8 vmbus - ok
14:01:55.0451 0x17f8 [ DA40BEA0A863CE768C940CA9723BF81F, 567C0C3F422325635808B0CF76E05D3B6187F96845C33F85F92F98C9FE53A5B8 ] VMBusHID C:\WINDOWS\System32\drivers\VMBusHID.sys
14:01:55.0498 0x17f8 VMBusHID - ok
14:01:55.0561 0x17f8 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicguestinterface C:\WINDOWS\System32\ICSvc.dll
14:01:55.0654 0x17f8 vmicguestinterface - ok
14:01:55.0701 0x17f8 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicheartbeat C:\WINDOWS\System32\ICSvc.dll
14:01:55.0779 0x17f8 vmicheartbeat - ok
14:01:55.0811 0x17f8 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmickvpexchange C:\WINDOWS\System32\ICSvc.dll
14:01:55.0889 0x17f8 vmickvpexchange - ok
14:01:55.0920 0x17f8 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicrdv C:\WINDOWS\System32\ICSvc.dll
14:01:55.0998 0x17f8 vmicrdv - ok
14:01:56.0045 0x17f8 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicshutdown C:\WINDOWS\System32\ICSvc.dll
14:01:56.0107 0x17f8 vmicshutdown - ok
14:01:56.0154 0x17f8 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmictimesync C:\WINDOWS\System32\ICSvc.dll
14:01:56.0232 0x17f8 vmictimesync - ok
14:01:56.0264 0x17f8 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicvss C:\WINDOWS\System32\ICSvc.dll
14:01:56.0342 0x17f8 vmicvss - ok
14:01:56.0373 0x17f8 [ 436E1A724E7E683F6B612D3D58F04241, 939B5EF0090DF3759295F88402FD0EA33F499DDA9F89E5D0E90D1F9AED65D491 ] volmgr C:\WINDOWS\system32\drivers\volmgr.sys
14:01:56.0436 0x17f8 volmgr - ok
14:01:56.0498 0x17f8 [ CCB9E901F7254BF96D28EB1B0E5329B7, F0E3CA4EFA544CDAEF4092284CF3EC7DF07F806A770285E281816457AD8813F5 ] volmgrx C:\WINDOWS\system32\drivers\volmgrx.sys
14:01:56.0576 0x17f8 volmgrx - ok
14:01:56.0639 0x17f8 [ 17F7B0F2298D97F4B6C7A69511033D3D, 5BDFC225F31553786726808FB7952940FC05CA72B3977D684056F42AFAA59565 ] volsnap C:\WINDOWS\system32\drivers\volsnap.sys
14:01:56.0717 0x17f8 volsnap - ok
14:01:56.0748 0x17f8 [ DAC438FB5FF85A9E72806E2341D5D732, B1D1EFCA8C588A6BF53CEC941CC59702C366F15C7D5943431736EC857E57C0A2 ] vpci C:\WINDOWS\System32\drivers\vpci.sys
14:01:56.0795 0x17f8 vpci - ok
14:01:56.0826 0x17f8 [ 4539F45F9F4C9757A86A56C949421E07, DEC362314B2C66414F39354AFE79C02B18BF4EEF90787FB58307F6EB62237E2C ] vsmraid C:\WINDOWS\system32\drivers\vsmraid.sys
14:01:56.0873 0x17f8 vsmraid - ok
14:01:57.0014 0x17f8 [ D0CBA7B3531CCF2ADB985856D5F92434, 7FCBBCAF1AA85DCE8D75FB38DC4848AE12E8DD913CEBBC37BCD3D0123F0A3CAB ] VSS C:\WINDOWS\system32\vssvc.exe
14:01:57.0201 0x17f8 VSS - ok
14:01:57.0248 0x17f8 [ 0849B7260F26FE05EA56DED0672E2F4B, 7EAC0E7988F45CB4133A15932955B7B03CE715C967A3BAC9999D81543EBCAEC5 ] VSTXRAID C:\WINDOWS\system32\drivers\vstxraid.sys
14:01:57.0342 0x17f8 VSTXRAID - ok
14:01:57.0373 0x17f8 [ BE970C369E43B509C1EDA2B8FA7CECB0, 18951F2AA842A0795AA79A4E164EE925A35E6270EBE4C4CDB19D0A891830E383 ] vwifibus C:\WINDOWS\System32\drivers\vwifibus.sys
14:01:57.0436 0x17f8 vwifibus - ok
14:01:57.0451 0x17f8 [ 6B26AD573CCDD5209DF4397438B76354, 2C8AC314EC471F6D8B0B12D49D621360A10DCADA7C52E73596730C954FF89FCF ] vwififlt C:\WINDOWS\system32\DRIVERS\vwififlt.sys
14:01:57.0514 0x17f8 vwififlt - ok
14:01:57.0530 0x17f8 [ 0B48E0DFB44EE475F4FD8A8EE599AF30, 28271D4CA0C642304CD8826A3D514F44E3391F9D6D07A1595BB30CE65E7E3494 ] vwifimp C:\WINDOWS\system32\DRIVERS\vwifimp.sys
14:01:57.0592 0x17f8 vwifimp - ok
14:01:57.0655 0x17f8 [ DC821E811EFBB65CDD77FBB8B6ECA385, B7C8AACDF81DBA298F2F384983D36B269876C31F0398D89BF9070217A069B96F ] W32Time C:\WINDOWS\system32\w32time.dll
14:01:57.0733 0x17f8 W32Time - ok
14:01:57.0764 0x17f8 [ 0910AB9ED404C1434E2D0376C2AD5D8B, 62585CA5F1375BDA440D28D5DF1ADDC9DE3DDFA196D49BBFF3456A5A09EE1C6B ] WacomPen C:\WINDOWS\System32\drivers\wacompen.sys
14:01:57.0826 0x17f8 WacomPen - ok
14:01:57.0967 0x17f8 [ 139D842E5FB75A1E2F0212FBD7B0E457, F29F73B56865C5EBBE89B8F92AEFE2DB19E5C29A94D2E006A23243C23A41AE79 ] wbengine C:\WINDOWS\system32\wbengine.exe
14:01:57.0967 0x1584 Object required for P2P: [ 51B3AC0560848CD6D65AC2033E293113 ] MsLldp
14:01:58.0186 0x17f8 wbengine - ok
14:01:58.0248 0x17f8 [ 0F1DFA2FED73FA78B8C3CDE332A870F6, 1089F6F585F5350D349A640EBD3117832DF6B3657EB6667CB00AE217E04ACA17 ] WbioSrvc C:\WINDOWS\System32\wbiosrvc.dll
14:01:58.0358 0x17f8 WbioSrvc - ok
14:01:58.0389 0x17f8 [ 0EAEC313B24837613621B4A2536ED382, 61C194ED7FA7D65BBE61A546D5FCA52F52AB08324E084D3EC23C9706E9BF0175 ] Wcmsvc C:\WINDOWS\System32\wcmsvc.dll
14:01:58.0483 0x17f8 Wcmsvc - ok
14:01:58.0530 0x17f8 [ F6B4C2280FF7C7156AC8A4687B9DA35E, 1899D584D7469BB49355D84080051E2575B033E6312009D9C6C1DD3F7F9AA4C5 ] wcncsvc C:\WINDOWS\System32\wcncsvc.dll
14:01:58.0608 0x17f8 wcncsvc - ok
14:01:58.0639 0x17f8 [ B7BF1D783F5B2484E8CE1C0C78257F16, 468601199FCCF63DBAE86EE6B8825EA85B2A1EE177413353FFA2CC9CA5249FCD ] WcsPlugInService C:\WINDOWS\System32\WcsPlugInService.dll
14:01:58.0717 0x17f8 WcsPlugInService - ok
14:01:58.0764 0x17f8 [ 81285DDC994F03379DB46419300B2DCB, 98D3622E11F375718AEA1DE3B5F0104DDAB4F96B6D4C19788C14F7B338A6F235 ] WdBoot C:\WINDOWS\system32\drivers\WdBoot.sys
14:01:58.0811 0x17f8 WdBoot - ok
14:01:58.0889 0x17f8 [ CB6C63FF8342B467E2EF76E98D5B934D, BE017CE91E3BAB293DE6ECF143797CCE3F33CC63024437472B4E38C6961AD884 ] Wdf01000 C:\WINDOWS\system32\drivers\Wdf01000.sys
14:01:58.0998 0x17f8 Wdf01000 - ok
14:01:59.0061 0x17f8 [ 26B8FED3F3B85F5F0C4BD03FD00B9941, 7F94FE7954498223B33C025258DB588A3AC9FF25C58EEAD204514FD20652FE40 ] WdFilter C:\WINDOWS\system32\drivers\WdFilter.sys
14:01:59.0123 0x17f8 WdFilter - ok
14:01:59.0170 0x17f8 [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiServiceHost C:\WINDOWS\system32\wdi.dll
14:01:59.0233 0x17f8 WdiServiceHost - ok
14:01:59.0248 0x17f8 [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiSystemHost C:\WINDOWS\system32\wdi.dll
14:01:59.0295 0x17f8 WdiSystemHost - ok
14:01:59.0342 0x17f8 [ CE67080F00E0AF32755096CEA6430ABA, 0E5D626F9F76C0BC63B2D246AD66D9CBF7D92F34B56398417BCFD0C331DBD282 ] WdNisDrv C:\WINDOWS\system32\Drivers\WdNisDrv.sys
14:01:59.0389 0x17f8 WdNisDrv - ok
14:01:59.0420 0x17f8 WdNisSvc - ok
14:01:59.0467 0x17f8 [ 40F83492DB9ABBA59773A45FB487C8B2, 0D0DE0B0C9B929FEFD2674CCF17F5F2FC4B16EAB8E1981BBCE51B0305FD7D75E ] WebClient C:\WINDOWS\System32\webclnt.dll
14:01:59.0561 0x17f8 WebClient - ok
14:01:59.0623 0x17f8 [ 384E1D04FE20845B2559D292F17A9FA1, AD3B0B2B2219691AC30FEEC8AFDB3BBB74B51BB7D02038AE2B4DEA514E245315 ] Wecsvc C:\WINDOWS\system32\wecsvc.dll
14:01:59.0702 0x17f8 Wecsvc - ok
14:01:59.0717 0x17f8 [ 455014F4E48B67EBE0F032E2B0E06BF2, A36435784A034B27056A0E606683A20C69F1B0AB2B6BAEDEAEAA190F6287CAEF ] WEPHOSTSVC C:\WINDOWS\system32\wephostsvc.dll
14:01:59.0780 0x17f8 WEPHOSTSVC - ok
14:01:59.0795 0x17f8 [ F13DBA57CEA9B7074B95EDCA6AD2635E, 1D9BA4841EF1343A5D9096B5FE27FC65DC1901D6683DD13516171638549666B5 ] wercplsupport C:\WINDOWS\System32\wercplsupport.dll
14:01:59.0873 0x17f8 wercplsupport - ok
14:01:59.0889 0x17f8 [ FD7E58B6AA3EABF2D12B9762A20E11E4, 4C5E2E246C5C70074866BB3DBC2AAF483ECE4345004CCB8D1FE285047268685D ] WerSvc C:\WINDOWS\System32\WerSvc.dll
14:01:59.0967 0x17f8 WerSvc - ok
14:02:00.0014 0x17f8 [ 715ABA3DD164D06457A2A3C92F6EA9D5, E6F8269D2FFC4A548B65724C0A3F53756ED15E47229861FBD40B656EE40FE166 ] WFPLWFS C:\WINDOWS\system32\DRIVERS\wfplwfs.sys
14:02:00.0045 0x17f8 WFPLWFS - ok
14:02:00.0077 0x17f8 [ 8C840E1FD7584E74BD0CC1EA581EC187, 148E534A94B4882E7396B13FABE17407802292E7890713540080D03D5629C81D ] WiaRpc C:\WINDOWS\System32\wiarpc.dll
14:02:00.0139 0x17f8 WiaRpc - ok
14:02:00.0186 0x17f8 [ 5F66B7BB330AA80067FC66149A692620, 92C5D7115A168A23108B65EEEB5FBA8FA43D781855355792596D2419160263C2 ] WIMMount C:\WINDOWS\system32\drivers\wimmount.sys
14:02:00.0217 0x17f8 WIMMount - ok
14:02:00.0217 0x17f8 WinDefend - ok
14:02:00.0311 0x17f8 [ 10DAD6A7FC617A221313BD584E3C3A00, F139B878668ECF38FE59831E8595A207D5CEEE76C6FFDA8C9F735435E601A763 ] WinHttpAutoProxySvc C:\WINDOWS\system32\winhttp.dll
14:02:00.0452 0x1584 Object send P2P result: true
14:02:00.0452 0x1584 Object required for P2P: [ 277AA7EB724E9D50908778FF3ECC70AA ] NS
14:02:00.0467 0x17f8 WinHttpAutoProxySvc - ok
14:02:00.0545 0x17f8 [ FC8BD690321216C32BB58B035B6D5674, D61698DB19D9DB2593B60B6BA13F7B7735667206F41D751D507135469D6D3CDD ] Winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
14:02:00.0623 0x17f8 Winmgmt - ok
14:02:00.0842 0x17f8 [ 427873F889F2F508BE8BE982219CE578, CA8DCFB774BF0F747295A7A0CB46A6177DE12AD6BD58266182206C41A3C9001E ] WinRM C:\WINDOWS\system32\WsmSvc.dll
14:02:01.0155 0x17f8 WinRM - ok
14:02:01.0250 0x17f8 [ 3AF1FA17F1C4ACBDB660D8F98B1A9C13, 99B0851410B462685F6705EBF832D10943FB9634030B02D15BF5D0C66F26F2C2 ] WinUsb C:\WINDOWS\system32\DRIVERS\WinUsb.sys
14:02:01.0282 0x17f8 WinUsb - ok
14:02:01.0453 0x17f8 [ DC079BA8390089E4EBCA63D27EEA3ECB, 4D549217A68292E2B16C09FD9F84317011EE54A2DAF4E2AB85554267DF0D3249 ] WlanSvc C:\WINDOWS\System32\wlansvc.dll
14:02:01.0641 0x17f8 WlanSvc - ok
14:02:01.0782 0x17f8 [ 06BF5897949A8F24893F792E876B71F5, 9D3719492A86BF52A56E2EA798FD6FDB5862A03F6D360FCC4B0CEA9BE9792AE4 ] wlidsvc C:\WINDOWS\system32\wlidsvc.dll
14:02:01.0969 0x17f8 wlidsvc - ok
14:02:02.0016 0x17f8 [ 2834D9D3B4F554A39C72F00EA3F0E128, D10124343C67FE9A0B711AD569BB8080495FCEA0ECEF9AC3F3FBD6865F436A44 ] WmiAcpi C:\WINDOWS\System32\drivers\wmiacpi.sys
14:02:02.0063 0x17f8 WmiAcpi - ok
14:02:02.0110 0x17f8 [ B96F7A1236C3F21212DE2C40A3DDB005, 5A29EBB6DA036E303611EB1304192655021405BB05452FD37886DDE604FF0D9D ] wmiApSrv C:\WINDOWS\system32\wbem\WmiApSrv.exe
14:02:02.0172 0x17f8 wmiApSrv - ok
14:02:02.0204 0x17f8 WMPNetworkSvc - ok
14:02:02.0235 0x17f8 [ 7FC5667DF73D4B04AA457CC3A4180E09, CB7B014945DCA16B6D120DBE0E5876C4C867A4ACD3C3536AEADC14B908613D4E ] Wof C:\WINDOWS\system32\drivers\Wof.sys
14:02:02.0266 0x17f8 Wof - ok
14:02:02.0422 0x17f8 [ EDFA5CEDBE174FAAA4A09A6B297AEA42, 5998FE15462E4AD9C7B1444E5E2C17BD470DA3A5D474A0A118E02E47DADC678A ] workfolderssvc C:\WINDOWS\system32\workfolderssvc.dll
14:02:02.0625 0x17f8 workfolderssvc - ok
14:02:02.0672 0x17f8 [ A2468CC3509394A33C4C32F99563D845, 62690C7D41F382DF74B8F4B942647842858E37DE35FF2DE028192E4D09ABB2C5 ] wpcfltr C:\WINDOWS\system32\DRIVERS\wpcfltr.sys
14:02:02.0704 0x17f8 wpcfltr - ok
14:02:02.0750 0x17f8 [ 19F4DF69876DA7E9C4965351560FE6B7, 127247A7964F55EE3AF842D25120F5ACD387632BEE2BF3D28FAC05840CEA19BA ] WPCSvc C:\WINDOWS\System32\wpcsvc.dll
14:02:02.0813 0x17f8 WPCSvc - ok
14:02:02.0829 0x17f8 [ 2ADE11F3D84709C5F6781E4C59F11683, F003C43396CF8FCF44EAB87583650DB4D2A233322D28D6A78D1694945D9073BB ] WPDBusEnum C:\WINDOWS\system32\wpdbusenum.dll
14:02:02.0922 0x17f8 WPDBusEnum - ok
14:02:02.0938 0x1584 Object send P2P result: true
14:02:02.0954 0x17f8 [ 9F2904B55F6CECCD1A8D986B5CE2609A, E19ED4DD3CEF3A22C058FC324824604FB3FC98A029C94E6C2A3389F938D680B6 ] WpdUpFltr C:\WINDOWS\system32\drivers\WpdUpFltr.sys
14:02:02.0969 0x1584 Object required for P2P: [ EC8538693C84E5B85014CB0F4174A8B7 ] SymIRON
14:02:02.0985 0x17f8 WpdUpFltr - ok
14:02:03.0016 0x17f8 [ AE072B0339D0A18E455DC21666CAD572, AB1DAEA25E2C7AD610818D4B4783F6D4190D85EBB3963BBAD410E8CEA7899EDB ] ws2ifsl C:\WINDOWS\system32\drivers\ws2ifsl.sys
14:02:03.0079 0x17f8 ws2ifsl - ok
14:02:03.0110 0x17f8 [ 501D5EFAB9711039479AE48401386D2B, C8C1184DE93E9D2C4E8A60E4E9980745C4E5470E5DA9B59165D18705330ADEFE ] wscsvc C:\WINDOWS\System32\wscsvc.dll
14:02:03.0188 0x17f8 wscsvc - ok
14:02:03.0219 0x17f8 [ F586F3F1BF962FE9AE4316E0D896B22F, 8D0AD48D79294567123D943D0F5B6D5A32D7A82B129A24DC821D3095AFAA100B ] WSDPrintDevice C:\WINDOWS\System32\drivers\WSDPrint.sys
14:02:03.0266 0x17f8 WSDPrintDevice - ok
14:02:03.0297 0x17f8 [ 58035FD3369879E02D65989C44D27450, B9245DB5C17F7CE94FAA20AB4B0D06A4DFB6133C6E82343758CDC713EB64DFEF ] WSDScan C:\WINDOWS\system32\DRIVERS\WSDScan.sys
14:02:03.0344 0x17f8 WSDScan - ok
14:02:03.0360 0x17f8 WSearch - ok
14:02:03.0626 0x17f8 [ 6B2D71124C1EA86B74412F414C42431D, 078CC6C9667EF6BDA3E6900BC26A5A5B030CAA66928A6BBB7B7DC43C5C199EDC ] WSService C:\WINDOWS\System32\WSService.dll
14:02:04.0032 0x17f8 WSService - ok
14:02:04.0336 0x17f8 [ 020F47C655ED1F63BBA834AA53575D5C, 7E36BB83B937CEA8B5D1EAF1DF63D32D64CA8045DA377DF5237D2F4DC16574CC ] wuauserv C:\WINDOWS\system32\wuaueng.dll
14:02:04.0695 0x17f8 wuauserv - ok
14:02:04.0742 0x17f8 [ 481286719402E4BAEFEA0604AB1B5113, F3CF65DF2AB39F79AE4C1335831408418E40726706E0242677E8B96B0FAD988F ] WudfPf C:\WINDOWS\system32\drivers\WudfPf.sys
14:02:04.0805 0x17f8 WudfPf - ok
14:02:04.0867 0x17f8 [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFRd C:\WINDOWS\System32\drivers\WUDFRd.sys
14:02:04.0930 0x17f8 WUDFRd - ok
14:02:04.0961 0x17f8 [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFSensorLP C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
14:02:05.0008 0x17f8 WUDFSensorLP - ok
14:02:05.0039 0x17f8 [ 51D28F7F1F888DDCF2C67DCF3B79A5D3, 74FF2936AFCEB9A36175D5B00EB91A5AD614B52BE3FB3FA9B994A025A484D2B7 ] wudfsvc C:\WINDOWS\System32\WUDFSvc.dll
14:02:05.0101 0x17f8 wudfsvc - ok
14:02:05.0133 0x17f8 [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdFs C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
14:02:05.0180 0x17f8 WUDFWpdFs - ok
14:02:05.0195 0x17f8 [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdMtp C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
14:02:05.0242 0x17f8 WUDFWpdMtp - ok
14:02:05.0305 0x17f8 [ A0900F8F628B5AF6841414EB3CF11E50, 8A531F2472FF4B4D895D469D28C215C834ECADBEF539894B8F3F606079A86184 ] WwanSvc C:\WINDOWS\System32\wwansvc.dll
14:02:05.0414 0x17f8 WwanSvc - ok
14:02:05.0461 0x1584 Object send P2P result: true
14:02:05.0461 0x1584 Object required for P2P: [ BF8F54CA37E9C9D6582C31C5761F8C93 ] TsUsbFlt
14:02:05.0476 0x17f8 [ BB1842E3AA602B401F7692718B0D0F9A, 6DE508F6CC917D046E61730706C70EF2965B12A7A31F180C22DF8BFA30C0CF67 ] ZAtheros Wlan Agent C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe
14:02:05.0508 0x17f8 ZAtheros Wlan Agent - detected UnsignedFile.Multi.Generic ( 1 )
14:02:07.0937 0x1584 Object send P2P result: true
14:02:08.0000 0x17f8 Detect skipped due to KSN trusted
14:02:08.0000 0x17f8 ZAtheros Wlan Agent - ok
14:02:08.0015 0x17f8 ================ Scan global ===============================
14:02:08.0078 0x17f8 [ 3500AF0BA2EF095BF313EEB75D2366C6, C755E57B02BFA82151A182DF964349859575570EA5C3FBA81F747B8D2134A4D0 ] C:\WINDOWS\system32\basesrv.dll
14:02:08.0140 0x17f8 [ EAB311B0A7A8EA0346F14F08D4BC8F46, 11168E4074679F8A69DA714C0ABD0C68BA49D171B379343F14783C9C563202CA ] C:\WINDOWS\system32\winsrv.dll
14:02:08.0218 0x17f8 [ 3600ED7EA8AED849E20700551C0BD63B, 4A8C346C1646E80B58EF93F87F915A41E05CA2E993BB1C96955AE62A0669AF66 ] C:\WINDOWS\system32\sxssrv.dll
14:02:08.0296 0x17f8 [ E0C7813A97CA7947FF5C18A8F3B61A45, 083BB4F3B20419C87DB656F1465E5F782ACDE76838CDE6207F26AAD035C69DE0 ] C:\WINDOWS\system32\services.exe
14:02:08.0343 0x17f8 [ Global ] - ok
14:02:08.0343 0x17f8 ================ Scan MBR ==================================
14:02:08.0359 0x17f8 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
14:02:08.0531 0x17f8 \Device\Harddisk0\DR0 - ok
14:02:08.0531 0x17f8 ================ Scan VBR ==================================
14:02:08.0531 0x17f8 [ BDBB58FF38356C8BF312B42A56881714 ] \Device\Harddisk0\DR0\Partition1
14:02:08.0531 0x17f8 \Device\Harddisk0\DR0\Partition1 - ok
14:02:08.0562 0x17f8 [ 281AD14AB821B0B35325FD6428072A24 ] \Device\Harddisk0\DR0\Partition2
14:02:08.0578 0x17f8 \Device\Harddisk0\DR0\Partition2 - ok
14:02:08.0593 0x17f8 [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition3
14:02:08.0593 0x17f8 \Device\Harddisk0\DR0\Partition3 - ok
14:02:08.0609 0x17f8 [ 97903DD257F445670EB7B9E98EBA539F ] \Device\Harddisk0\DR0\Partition4
14:02:08.0609 0x17f8 \Device\Harddisk0\DR0\Partition4 - ok
14:02:08.0656 0x17f8 [ 335E23B295A469F19996516EFB2F15E5 ] \Device\Harddisk0\DR0\Partition5
14:02:08.0687 0x17f8 \Device\Harddisk0\DR0\Partition5 - ok
14:02:08.0703 0x17f8 [ 0DF8930D3B9D7D56EF071B4B5F3DB589 ] \Device\Harddisk0\DR0\Partition6
14:02:08.0718 0x17f8 \Device\Harddisk0\DR0\Partition6 - ok
14:02:08.0718 0x17f8 ================ Scan generic autorun ======================
14:02:08.0750 0x17f8 ETDCtrl - ok
14:02:09.0656 0x17f8 [ 834A309C2FDF52FC09353F348CFE1235, FF8D5B0C4D8DEF3B313E11B01D6A2A29758E8721EF2EC0AAC2DB3C9AAF399276 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
14:02:10.0687 0x17f8 RTHDVCPL - ok
14:02:10.0828 0x17f8 [ 223AD0CA4092AEFFE0D0DE25502A3DB6, D7A0E5639D329C8245515712125C7C489645B70A06A4F6D1DBE06BA7BD3C96DC ] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe
14:02:10.0922 0x17f8 CanonSolutionMenu - ok
14:02:10.0969 0x17f8 [ 1BF113E377E570DB915EE7D228E594D6, FF4D198D412CA21C49E0A3E6FE52EAD69786B305429095B5BD25CB4FAFD33B51 ] C:\Program Files\iTunes\iTunesHelper.exe
14:02:11.0000 0x17f8 iTunesHelper - ok
14:02:11.0062 0x17f8 [ 0C3154D0620F974AD5C4E8D87626C8CF, 4E6B751F9C0D5D4833A12166BC5142E0A7402E98D00F570926ED9CA0936A8007 ] C:\WINDOWS\system32\igfxtray.exe
14:02:11.0109 0x17f8 IgfxTray - ok
14:02:11.0141 0x17f8 [ E4AA3D28753EF9DB333FE40079993B09, ECC60BAA7D21EF97CDA17F45277FBFE52B2169155DDB157E34A7AE2EC1BEC185 ] C:\WINDOWS\system32\hkcmd.exe
14:02:11.0203 0x17f8 HotKeysCmds - ok
14:02:11.0234 0x17f8 [ CF40080765D6F66FA93318C0DB6C7D1F, 015EE5BE439DAC6D3F7C7471EEF554C11F28947492E3F7AA14BB72622C327DCD ] C:\WINDOWS\system32\igfxpers.exe
14:02:11.0297 0x17f8 Persistence - ok
14:02:11.0437 0x17f8 [ 704A01D402F0275877E7FA1BB151D997, 585C8B31599FFF0EF9B1DF9FD63979E498D2A601497780E07706A99A359AB8B8 ] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
14:02:11.0484 0x17f8 BakupManagerTray - ok
14:02:11.0500 0x17f8 mcui_exe - ok
14:02:11.0562 0x17f8 [ 9F3B239443E7AF5840454D8D3A0772CF, 82E135AA844B3170D030CE27259BF7BACBA1FA18670C10B74BD3F402CA9AD29E ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
14:02:11.0578 0x17f8 APSDaemon - ok
14:02:11.0656 0x17f8 [ 08E7173D1B74095335052459200CB1EA, 5B6EB8A65B5F451BF6115EB7CD1355E5870E6D764F22D767D13216BF17C5668F ] C:\Program Files (x86)\QuickTime\QTTask.exe
14:02:11.0734 0x17f8 QuickTime Task - detected UnsignedFile.Multi.Generic ( 1 )
14:02:15.0020 0x17f8 Detect skipped due to KSN trusted
14:02:15.0020 0x17f8 QuickTime Task - ok
14:02:15.0176 0x17f8 [ 82F68EBA0FCEA46BA8919D6A264A833E, 093140F47B047134D36A1D195BC01AA1A17B4B0215C7617A3FF846BC405651E6 ] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
14:02:15.0270 0x17f8 EEventManager - ok
14:02:15.0410 0x17f8 [ 764BE29C9F78D949191C995B9BA4492A, A42EADC8546859A717F149C044235410B5908837B471889B281195C860AC558D ] C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATINFE.EXE
14:02:15.0457 0x17f8 EPLTarget\P0000000000000000 - ok
14:02:15.0520 0x17f8 [ 764BE29C9F78D949191C995B9BA4492A, A42EADC8546859A717F149C044235410B5908837B471889B281195C860AC558D ] C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATINFE.EXE
14:02:15.0567 0x17f8 EPLTarget\P0000000000000001 - ok
14:02:16.0629 0x17f8 [ 79B65FCC2AC6169B0B898F2894C61221, 5D4801D5D3C8E60F02D93E07B0068471C37B7E25359786A868DBC391D9E4E9DD ] C:\Program Files\CCleaner\CCleaner64.exe
14:02:17.0629 0x17f8 CCleaner Monitoring - ok
14:02:17.0645 0x17f8 Waiting for KSN requests completion. In queue: 4
14:02:18.0661 0x17f8 Waiting for KSN requests completion. In queue: 4
14:02:19.0677 0x17f8 Waiting for KSN requests completion. In queue: 4
14:02:20.0145 0x0d58 Object required for P2P: [ 79B65FCC2AC6169B0B898F2894C61221 ] C:\Program Files\CCleaner\CCleaner64.exe
14:02:20.0692 0x17f8 Waiting for KSN requests completion. In queue: 1
14:02:21.0693 0x17f8 Waiting for KSN requests completion. In queue: 1
14:02:22.0693 0x0d58 Object send P2P result: true
14:02:22.0740 0x17f8 AV detected via SS2: Norton Security, C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\WSCStub.exe ( 22.6.0.0 ), 0x51000 ( enabled : updated )
14:02:22.0771 0x17f8 AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.8.207.0 ), 0x60100 ( disabled : updated )
14:02:22.0787 0x17f8 FW detected via SS2: Norton Security, C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\WSCStub.exe ( 22.6.0.0 ), 0x51010 ( enabled )
14:02:25.0216 0x17f8 ============================================================
14:02:25.0216 0x17f8 Scan finished
14:02:25.0216 0x17f8 ============================================================
14:02:25.0231 0x0c1c Detected object count: 0
14:02:25.0231 0x0c1c Actual detected object count: 0
|
|
14.05.2016, 13:27
| #4 |
| /// TB-Ausbilder | Windows 8, Malware: Schrift verändert, Programme lassen sich nicht öffnen Servus, Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers |
|
14.05.2016, 17:19
| #5 |
| | Windows 8, Malware: Schrift verändert, Programme lassen sich nicht öffnen Hallo, anbei die Logfile: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org
Database version:
main: v2016.05.14.03
rootkit: v2016.05.06.01
Windows 8.1 x64 NTFS
Internet Explorer 11.0.9600.18321
****:: ****[administrator]
14.05.2016 14:44:21
mbar-log-2016-05-14 (14-44-21).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 352453
Time elapsed: 1 hour(s), 30 minute(s), 30 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
|
|
15.05.2016, 15:38
| #6 |
| /// TB-Ausbilder | Windows 8, Malware: Schrift verändert, Programme lassen sich nicht öffnen Servus, Schritt 1 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 2 Downloade Dir bitte  Malwarebytes Anti-Malware
Schritt 3 Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Schritt 4
Bitte poste mit deiner nächsten Antwort
|
|
15.05.2016, 18:51
| #7 |
| | Windows 8, Malware: Schrift verändert, Programme lassen sich nicht öffnen Hallo, Schritt 1: Code:
ATTFilter # AdwCleaner v5.116 - Bericht erstellt am 15/05/2016 um 18:13:40
# Aktualisiert am 09/05/2016 von Xplode
# Datenbank : 2016-05-15.1 [Server]
# Betriebssystem : Windows 8.1 (X64)
# Benutzername : **** - ****
# Gestartet von : C:\Users\****\Desktop\AdwCleaner_5.116.exe
# Option : Löschen
# Unterstützung : hxxp://toolslib.net/forum
***** [ Dienste ] *****
***** [ Ordner ] *****
[-] Ordner gelöscht : C:\Users\****\AppData\LocalLow\Browser-Security
[-] Ordner gelöscht : C:\Users\****\AppData\Roaming\Browser-Security
***** [ Dateien ] *****
***** [ DLLs ] *****
***** [ WMI ] *****
***** [ Verknüpfungen ] *****
***** [ Aufgabenplanung ] *****
***** [ Registrierungsdatenbank ] *****
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
[-] Schlüssel gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E6D66045-F951-4DBF-962E-993B4FB6A9E0}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8DBC5A0A-31C4-46C7-B252-6B593EA11A87}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Browser-Security
[-] Schlüssel gelöscht : HKU\.DEFAULT\Software\AppDataLow\Software\Browser App
[-] Schlüssel gelöscht : HKU\S-1-5-21-988491291-3693754129-3637727364-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Browser App
[-] Schlüssel gelöscht : HKU\S-1-5-21-988491291-3693754129-3637727364-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Crossrider
[-] Schlüssel gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
[-] Schlüssel gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
[-] Schlüssel gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
***** [ Internetbrowser ] *****
*************************
:: "Tracing" Schlüssel gelöscht
:: Proxy Einstellungen zurückgesetzt
:: Winsock Einstellungen zurückgesetzt
:: Internet Explorer Richtlinien gelöscht
:: Chrome Richtlinien gelöscht
*************************
C:\AdwCleaner\AdwCleaner[C1].txt - [2456 Bytes] - [15/05/2016 18:13:40]
C:\AdwCleaner\AdwCleaner[S1].txt - [2571 Bytes] - [15/05/2016 18:09:40]
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2602 Bytes] ##########
Schritt 2: Es wurden 158 Bedrohungen gefunden, aber es ist nichts in der Quarantäne gelandet. Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Update, 15.05.2016 18:22, SYSTEM, ****, Manual, Rootkit Database, 2016.2.8.1, 2016.5.6.1, Update, 15.05.2016 18:22, SYSTEM, ****, Manual, Remediation Database, 2016.2.12.1, 2016.5.11.1, Update, 15.05.2016 18:22, SYSTEM, ****, Manual, Domain Database, 2016.2.16.8, 2016.5.14.2, Update, 15.05.2016 18:22, SYSTEM, ****, Manual, Malware Database, 2016.2.16.6, 2016.5.15.4, Update, 15.05.2016 18:22, SYSTEM, ****, Manual, IP Database, 2016.2.8.1, 2016.5.13.3, Scan, 15.05.2016 18:45, SYSTEM, ****, Manual, Start: 15.05.2016 18:22, Dauer: 22 Min. 21 Sek., Bedrohungssuchlauf, Abgeschlossen, 0 Malware-Erkennung, 0 Nicht-Malware-Erkennungen, (end) Schritt 3: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 8.1 x64
Ran by **** (Administrator) on 15.05.2016 at 19:02:36,51
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 2
Failed to delete: C:\ProgramData\pdfforge (Folder)
Successfully deleted: C:\Users\****\AppData\Local\com (Folder)
Registry: 5
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{81968A3C-C8C0-45D1-BFD4-D6DB6F96682E} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{38279E1A-7019-40C1-B579-E99DFB3312E8} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{38279E1A-7019-40C1-B579-E99DFB3312E8} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{23FD9C33-A9E1-48A1-8404-E5925CF1C8E1} (Registry Value)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15.05.2016 at 19:08:53,27
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:14-05-2016
durchgeführt von ****(Administrator) auf MAHAKALA (15-05-2016 19:17:57)
Gestartet von C:\Users\****\Desktop
Geladene Profile: ****(Verfügbare Profile: ****)
Platform: Windows 8.1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: IE)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\epson\MyEpson Portal\mepService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\ns.exe
(pdfforge GmbH) C:\Program Files\PDF Architect 4\creator-ws.exe
(© pdfforge GmbH.) C:\ProgramData\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\ns.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(Atheros) C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2864016 2012-08-10] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-03-18] (CANON INC.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)
HKLM-x32\...\Run: [BakupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [533056 2012-07-31] (NTI Corporation)
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-10-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1065024 2014-05-02] (SEIKO EPSON CORPORATION)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8698584 2016-04-15] (Piriform Ltd)
HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\MountPoints2: {8bd572ec-0797-11e6-8813-b888e35995e8} - "E:\launcher.exe"
HKU\S-1-5-21-988491291-3693754129-3637727364-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [788480 2014-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security\Engine64\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security\Engine64\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security\Engine64\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Erinnerungen für Microsoft Works-Kalender.lnk [2012-11-07]
ShortcutTarget: Erinnerungen für Microsoft Works-Kalender.lnk -> C:\Program Files (x86)\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe (Microsoft® Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2012-11-07]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO 6.0.lnk [2012-11-07]
ShortcutTarget: PHOTOfunSTUDIO 6.0.lnk -> C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Panasonic Corporation)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{16E1A48C-24CA-46F1-A02B-217A385BD710}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{DFAE735E-3E64-4567-9493-D47B56B073FA}: [DhcpNameServer] 192.168.2.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NS&pvid=22.5.0.124
HKU\S-1-5-21-988491291-3693754129-3637727364-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
SearchScopes: HKU\.DEFAULT -> {e4a1ece8-ed94-4f93-80ea-75f978ceaf24} URL =
SearchScopes: HKU\S-1-5-21-988491291-3693754129-3637727364-1001 -> {e4a1ece8-ed94-4f93-80ea-75f978ceaf24} URL =
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine64\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-04-29] (Microsoft Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-04-29] (Microsoft Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-988491291-3693754129-3637727364-1001 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL [2001-01-22] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-04-29] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-04-29] (Microsoft Corporation)
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_197.dll [2016-03-23] ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\system32\npDeployJava1.dll [2013-06-12] (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_197.dll [2016-03-23] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-27] (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2014-07-05]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.0.124\coFFAddon
FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.0.124\coFFAddon [2016-03-07]
FF HKLM\...\Firefox\Extensions: [pdf_architect_4_conv@pdfarchitect.org] - C:\Program Files\PDF Architect 4\resources\pdfarchitect4firefoxextension
FF Extension: PDF Architect 4 Creator - C:\Program Files\PDF Architect 4\resources\pdfarchitect4firefoxextension [2016-02-14] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.0.124\coFFAddon
Chrome:
=======
CHR Profile: C:\Users\Sabrina Mum Tami\AppData\Local\Google\Chrome\User Data\default
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\Exts\Chrome.crx [2016-03-06]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\Exts\Chrome.crx [2016-03-06]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-04-29] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-04-29] (Microsoft Corporation)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2415760 2012-07-27] (Acer Incorporated)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [466064 2012-07-31] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [659600 2012-07-31] (Acer Incorporated)
R2 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [662592 2014-07-23] (SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 MyEpson Portal Service; C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe [703984 2014-09-22] (SEIKO EPSON CORPORATION)
R2 NS; C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\NS.exe [289080 2016-02-26] (Symantec Corporation)
S3 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-07-31] (NTI Corporation)
S3 PDF Architect 4; C:\Program Files\PDF Architect 4\ws.exe [2417376 2016-01-15] (pdfforge GmbH)
S3 PDF Architect 4 CrashHandler; C:\Program Files\PDF Architect 4\crash-handler-ws.exe [1038048 2016-01-15] (pdfforge GmbH)
R2 PDF Architect 4 Creator; C:\Program Files\PDF Architect 4\creator-ws.exe [851168 2016-01-15] (pdfforge GmbH)
R2 PDF Architect 4 Manager; C:\ProgramData\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe [959248 2015-10-05] (© pdfforge GmbH.)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-08-25] (Dritek System INC.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2016-04-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2016-04-04] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe [81536 2012-08-01] (Atheros) [Datei ist nicht signiert]
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security\NortonData\22.5.0.124\Definitions\BASHDefs\20160502.001\BHDrvx64.sys [1766640 2016-03-09] (Symantec Corporation)
R1 ccSet_NS; C:\Windows\system32\drivers\NSx64\1606000.08E\ccSetx64.sys [173808 2015-07-11] (Symantec Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497392 2016-05-04] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156912 2016-05-04] (Symantec Corporation)
S3 ewusbnet; C:\Windows\system32\DRIVERS\ewusbnet.sys [138752 2012-12-03] (Huawei Technologies Co., Ltd.) [Datei ist nicht signiert]
S3 ew_hwusbdev; C:\Windows\system32\DRIVERS\ew_hwusbdev.sys [117248 2012-12-03] (Huawei Technologies Co., Ltd.) [Datei ist nicht signiert]
S3 hwdatacard; C:\Windows\system32\DRIVERS\ewusbmdm.sys [121600 2012-12-03] (Huawei Technologies Co., Ltd.) [Datei ist nicht signiert]
R1 IDSVia64; C:\Program Files (x86)\Norton Security\NortonData\22.5.0.124\Definitions\IPSDefs\20160510.005\IDSvia64.sys [876248 2016-05-13] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Security\NortonData\22.5.0.124\Definitions\VirusDefs\20160514.005\ENG64.SYS [138488 2016-02-19] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security\NortonData\22.5.0.124\Definitions\VirusDefs\20160514.005\EX64.SYS [2148080 2016-02-19] (Symantec Corporation)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-08-25] (Dritek System Inc.)
R3 SRTSP; C:\Windows\System32\Drivers\NSx64\1606000.08E\SRTSP64.SYS [928504 2016-02-24] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NSx64\1606000.08E\SRTSPX64.SYS [50936 2015-07-11] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NSx64\1606000.08E\SYMEFASI64.SYS [1621232 2016-02-24] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NSx64\1606000.08E\SymELAM.sys [24192 2015-07-11] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-07-27] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NSx64\1606000.08E\Ironx64.SYS [295664 2016-02-24] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NSx64\1606000.08E\SYMNETS.SYS [577768 2016-02-24] (Symantec Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2016-04-04] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2016-04-04] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2016-04-04] (Microsoft Corporation)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-05-15 19:17 - 2016-05-15 19:18 - 00018109 _____ C:\Users\****\Desktop\FRST.txt
2016-05-15 19:16 - 2016-05-15 19:16 - 02382336 _____ (Farbar) C:\Users\****\Desktop\FRST64.exe
2016-05-15 19:08 - 2016-05-15 19:08 - 00001390 _____ C:\Users\****Desktop\JRT.txt
2016-05-15 19:01 - 2016-05-15 19:01 - 01610816 _____ (Malwarebytes) C:\Users\****\Desktop\JRT.exe
2016-05-15 18:57 - 2016-05-15 18:57 - 00000731 _____ C:\Users\****\Desktop\mbam.txt
2016-05-15 18:21 - 2016-05-15 18:22 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-05-15 18:21 - 2016-05-15 18:21 - 00001154 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2016-05-15 18:21 - 2016-05-15 18:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2016-05-15 18:20 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-05-15 18:20 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-05-15 18:20 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-05-15 18:19 - 2016-05-15 18:19 - 22851472 _____ (Malwarebytes ) C:\Users\****\Desktop\mbam-setup-2.2.1.1043.exe
2016-05-15 18:07 - 2016-05-15 18:13 - 00000000 ____D C:\AdwCleaner
2016-05-15 18:06 - 2016-05-15 18:06 - 03640384 _____ C:\Users\****\Desktop\AdwCleaner_5.116.exe
2016-05-14 14:43 - 2016-05-14 18:03 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-05-14 14:42 - 2016-05-14 18:03 - 00000000 ____D C:\Users\****\Desktop\mbar
2016-05-14 14:40 - 2016-05-14 14:41 - 16563352 _____ (Malwarebytes Corp.) C:\Users\****\Desktop\mbar-1.09.3.1001.exe
2016-05-14 13:59 - 2016-05-14 14:27 - 00236376 _____ C:\TDSSKiller.3.1.0.9_14.05.2016_13.59.41_log.txt
2016-05-14 13:58 - 2016-05-14 13:58 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\****\Desktop\tdsskiller.exe
2016-05-13 13:37 - 2016-05-14 10:35 - 00000614 _____ C:\WINDOWS\ntbtlog.txt
2016-05-13 13:32 - 2016-05-13 13:32 - 00002812 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2016-05-13 13:32 - 2016-05-13 13:32 - 00000874 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-05-13 13:32 - 2016-05-13 13:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-05-13 13:32 - 2016-05-13 13:32 - 00000000 ____D C:\Program Files\CCleaner
2016-05-13 13:30 - 2016-05-13 13:30 - 06882192 _____ (Piriform Ltd) C:\Users\****\Desktop\ccsetup517.exe
2016-05-12 21:51 - 2016-05-15 19:17 - 00000000 ____D C:\FRST
2016-05-11 14:19 - 2016-04-22 22:54 - 25816576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-05-11 14:19 - 2016-04-22 22:06 - 20349952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-05-11 14:19 - 2016-04-22 21:19 - 15414784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-05-11 14:19 - 2016-04-22 20:54 - 13811200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-05-11 14:19 - 2016-04-06 23:13 - 00561960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-05-11 14:19 - 2016-04-06 23:13 - 00137976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncrypt.dll
2016-05-11 14:19 - 2016-04-06 20:20 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2016-05-11 14:19 - 2016-04-06 20:19 - 00401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-05-11 14:19 - 2016-04-06 20:19 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-05-11 14:19 - 2016-04-06 19:49 - 00120384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncrypt.dll
2016-05-11 14:19 - 2016-04-06 19:40 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2016-05-11 14:19 - 2016-04-06 18:57 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-05-11 14:19 - 2016-04-06 18:52 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-05-11 14:19 - 2016-04-06 18:20 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2016-05-11 14:19 - 2016-04-06 17:48 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-05-11 14:18 - 2016-04-22 22:15 - 00571904 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-05-11 14:18 - 2016-04-22 22:14 - 02893312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-05-11 14:18 - 2016-04-22 22:08 - 06052864 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-05-11 14:18 - 2016-04-22 22:00 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-05-11 14:18 - 2016-04-22 21:35 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-05-11 14:18 - 2016-04-22 21:29 - 02285568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-05-11 14:18 - 2016-04-22 21:24 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-05-11 14:18 - 2016-04-22 21:23 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-05-11 14:18 - 2016-04-22 21:17 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2016-05-11 14:18 - 2016-04-22 21:14 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-05-11 14:18 - 2016-04-22 21:14 - 00725504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-05-11 14:18 - 2016-04-22 21:14 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-05-11 14:18 - 2016-04-22 21:12 - 02131968 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-05-11 14:18 - 2016-04-22 20:58 - 04611072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-05-11 14:18 - 2016-04-22 20:58 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-05-11 14:18 - 2016-04-22 20:53 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2016-05-11 14:18 - 2016-04-22 20:52 - 02596864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-05-11 14:18 - 2016-04-22 20:52 - 00693248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-05-11 14:18 - 2016-04-22 20:52 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-05-11 14:18 - 2016-04-22 20:51 - 02056192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-05-11 14:18 - 2016-04-22 20:40 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-05-11 14:18 - 2016-04-22 20:29 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-05-11 14:18 - 2016-04-22 20:27 - 02121216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-05-11 14:18 - 2016-04-22 20:24 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-05-11 14:18 - 2016-04-22 20:23 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-05-11 14:13 - 2016-04-10 09:48 - 00738096 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10level9.dll
2016-05-11 14:13 - 2016-04-10 09:48 - 00613624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10level9.dll
2016-05-11 14:13 - 2016-04-10 06:14 - 01380600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-05-11 14:13 - 2016-04-10 00:07 - 01097728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-05-11 14:13 - 2016-04-09 23:58 - 00534016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2016-05-11 14:13 - 2016-04-09 23:50 - 00375296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2016-05-11 14:13 - 2016-03-31 08:50 - 01307328 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2016-05-11 14:13 - 2016-03-31 05:40 - 00747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2016-05-11 14:13 - 2016-03-12 02:49 - 02466136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-05-11 14:13 - 2016-03-12 02:47 - 00160160 _____ (Microsoft Corporation) C:\WINDOWS\system32\IPHLPAPI.DLL
2016-05-11 14:13 - 2016-03-12 02:47 - 00121912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IPHLPAPI.DLL
2016-05-11 14:13 - 2016-03-10 18:55 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\webio.dll
2016-05-11 14:13 - 2016-03-10 18:42 - 00413696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webio.dll
2016-05-11 14:12 - 2016-04-10 06:21 - 01763376 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-05-11 14:12 - 2016-04-10 06:21 - 01489088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-05-11 14:12 - 2016-03-29 03:42 - 07446368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-05-11 14:12 - 2016-03-16 03:58 - 00442712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-05-11 14:12 - 2016-03-16 03:58 - 00332632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-05-11 14:12 - 2016-03-14 18:50 - 00316760 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2016-05-11 14:12 - 2016-03-10 19:03 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsparse.dll
2016-05-11 14:12 - 2016-03-10 18:52 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2016-05-11 14:12 - 2016-03-10 18:48 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsparse.dll
2016-05-11 14:12 - 2016-03-05 19:44 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2016-05-11 14:12 - 2016-03-05 19:04 - 00192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2016-05-11 14:12 - 2016-02-27 20:28 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-05-11 14:12 - 2016-02-27 19:57 - 03273728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2016-05-11 14:12 - 2016-02-27 19:19 - 03820544 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2016-05-11 14:12 - 2016-02-27 18:32 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-05-11 14:11 - 2016-04-10 07:37 - 01549144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-05-11 14:11 - 2016-04-10 01:29 - 04169216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-05-11 14:09 - 2016-04-11 08:21 - 00074584 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2016-05-01 19:10 - 2016-05-01 19:10 - 13570423 _____ C:\Users\****\Desktop\****.pdf
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-05-15 19:02 - 2015-12-09 23:48 - 00000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2016-05-15 18:48 - 2016-04-05 09:48 - 00000937 _____ C:\WINDOWS\Tasks\EPSON XP-225 Series Update {8FC657E6-EBAA-44EA-9A7F-D11B9FC0FC4A}.job
2016-05-15 18:33 - 2014-09-10 10:56 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-05-15 18:24 - 2012-11-07 21:20 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-988491291-3693754129-3637727364-1001
2016-05-15 18:23 - 2016-03-08 19:23 - 00000937 _____ C:\WINDOWS\Tasks\EPSON XP-225 Series Update {D75D1A13-8C20-4FDE-AF0E-C481B240F4CF}.job
2016-05-15 18:21 - 2014-08-01 14:25 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware
2016-05-15 18:20 - 2014-11-21 05:35 - 01776918 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-05-15 18:20 - 2014-11-21 04:45 - 00765582 _____ C:\WINDOWS\system32\perfh007.dat
2016-05-15 18:20 - 2014-11-21 04:45 - 00159366 _____ C:\WINDOWS\system32\perfc007.dat
2016-05-15 18:20 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\Inf
2016-05-15 18:15 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-05-15 18:14 - 2013-08-22 15:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-05-15 18:04 - 2016-04-04 17:21 - 00003974 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{625E70C5-5775-4E96-B5D0-68ED29186B29}
2016-05-14 18:23 - 2013-06-10 14:34 - 00000000 ____D C:\Users\****\AppData\Roaming\Skype
2016-05-14 17:07 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache
2016-05-14 11:25 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-05-13 14:10 - 2012-11-07 22:10 - 00000000 ____D C:\Users\****\Desktop\****
2016-05-13 13:37 - 2014-08-05 16:24 - 00605696 ___SH C:\Users\****\Desktop\Thumbs.db
2016-05-13 13:34 - 2016-04-04 14:21 - 00000000 ___DC C:\WINDOWS\Panther
2016-05-13 13:34 - 2016-02-14 15:51 - 00000000 ____D C:\Users\****\AppData\Local\PDFCreator
2016-05-13 13:34 - 2016-02-14 15:47 - 00000000 ____D C:\Program Files\PDFCreator
2016-05-13 13:34 - 2013-05-24 20:31 - 00000000 ____D C:\Users\****\Tracing
2016-05-13 13:34 - 2012-11-07 23:37 - 00000000 ____D C:\Users\****\AppData\Local\CrashDumps
2016-05-13 13:34 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\ModemLogs
2016-05-13 10:41 - 2015-07-21 17:04 - 00000000 ____D C:\Users\****\AppData\Local\NPE
2016-05-13 10:34 - 2015-09-12 17:16 - 00000000 ____D C:\NPE
2016-05-12 21:20 - 2012-12-11 18:50 - 00000000 ____D C:\Users\****\AppData\Local\ElevatedDiagnostics
2016-05-12 16:53 - 2016-04-04 12:40 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-05-12 14:43 - 2013-08-22 16:44 - 00479848 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-05-11 22:08 - 2014-11-21 13:01 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-05-11 22:08 - 2014-11-21 13:01 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-11 16:29 - 2016-04-04 13:36 - 00000000 ____D C:\Users\****
2016-05-11 14:38 - 2014-11-21 05:13 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-11 14:37 - 2014-01-06 19:23 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-05-11 14:24 - 2013-01-06 10:17 - 139319312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-05-11 14:08 - 2016-04-13 18:29 - 01737088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-05-11 14:08 - 2016-04-13 18:29 - 01663184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-05-11 14:08 - 2016-04-13 18:29 - 01523208 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-05-11 14:08 - 2016-04-13 18:29 - 01501488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-05-11 14:08 - 2016-04-13 18:29 - 01490120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-05-11 14:08 - 2016-04-13 18:29 - 01358952 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-05-11 14:08 - 2016-04-13 18:29 - 00246784 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-05-09 12:32 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2016-05-07 17:11 - 2014-08-03 23:44 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-05-07 16:18 - 2016-04-08 17:02 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2016-05-07 16:18 - 2016-04-08 17:02 - 00000000 ___SD C:\WINDOWS\system32\GWX
2016-05-07 13:18 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-05-04 18:26 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-05-01 19:15 - 2016-02-29 12:43 - 00000000 ____D C:\Users\****\Desktop\Bilder ****
2016-05-01 19:15 - 2012-11-07 22:08 - 00000000 ____D C:\Users\****\Desktop\****
2016-05-01 17:58 - 2012-11-07 22:10 - 00000000 ____D C:\Users\****\Desktop\Eigene Bilder
2016-05-01 17:52 - 2012-11-07 22:10 - 00000000 ____D C:\Users\****\Desktop\Mum
2016-05-01 17:36 - 2013-06-10 14:34 - 00000000 ____D C:\ProgramData\Skype
2016-05-01 16:30 - 2012-11-07 21:49 - 00000000 ____D C:\Users\****\Desktop\Eigene Dateien
2016-04-29 19:16 - 2013-08-22 17:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-23 13:02 - 2016-02-14 15:52 - 00000000 ____D C:\Users\****\AppData\Roaming\PDF Architect 4
2016-04-15 17:53 - 2013-08-22 17:36 - 00000000 ___RD C:\WINDOWS\ToastData
Einige Dateien in TEMP:
====================
C:\Users\****\AppData\Local\Temp\libeay32.dll
C:\Users\****\AppData\Local\Temp\msvcr120.dll
C:\Users\****\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2016-05-14 16:16
==================== Ende von FRST.txt ============================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:14-05-2016
durchgeführt von **** (2016-05-15 19:19:39)
Gestartet von C:\Users\****\Desktop
Windows 8.1 (X64) (2016-04-04 15:14:26)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-988491291-3693754129-3637727364-500 - Administrator - Disabled)
Gast (S-1-5-21-988491291-3693754129-3637727364-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-988491291-3693754129-3637727364-1003 - Limited - Enabled)
**** (S-1-5-21-988491291-3693754129-3637727364-1001 - Administrator - Enabled) => C:\Users\****
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Norton Security (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Security (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
"Professionelle Entwicklungsberichte Nov 2011" (HKLM-x32\...\{58F076B2-160B-47F5-96FF-93AD12BF5A91}) (Version: - )
7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
Acer Backup Manager (HKLM-x32\...\InstallShield_{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}) (Version: 4.0.0.0053 - NTI Corporation)
Acer Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3003 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3003 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3006 - Acer Incorporated)
AcerCloud (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.01.3112 - Acer Incorporated)
AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.00.3103 - Acer Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.197 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.13) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
Apple Application Support (32-Bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Backup Manager v4 (x32 Version: 4.0.0.0053 - NTI Corporation) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Broadcom Card Reader Driver Installer (HKLM\...\{F0A7DF2F-0BE0-470F-B137-D7A19F977189}) (Version: 15.4.4.2 - Broadcom Corporation)
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.17 - Piriform)
clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.01.3107 - Acer Incorporated)
clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.01.3107 - Acer Incorporated)
clear.fi SDK - Video 2 (x32 Version: 2.1.1910 - CyberLink Corp.) Hidden
clear.fi SDK- Movie 2 (x32 Version: 2.1.1910 - CyberLink Corp.) Hidden
CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3103_44819 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Epson Customer Research Participation (HKLM\...\{B26449A6-6007-4460-B4FE-C4776115BCEA}) (Version: 1.70.0000 - EPSON)
Epson Event Manager (HKLM-x32\...\{0F13C24A-FFE2-4CD0-8E0B-DC804E0A0E0B}) (Version: 3.10.0035 - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON XP-225 Series Printer Uninstall (HKLM\...\EPSON XP-225 Series) (Version: - SEIKO EPSON Corporation)
EPSON-Handbücher (HKLM-x32\...\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}) (Version: 1.32.0.0 - SEIKO EPSON CORPORATION)
EpsonNet Print (HKLM\...\{DF5200AB-5AE6-4598-846B-8ABC3AE121B1}) (Version: 3.0.2.0 - SEIKO EPSON Corporation)
ETDWare PS/2-X64 11.6.4.001_WHQL (HKLM\...\Elantech) (Version: 11.6.4.001 - ELAN Microelectronic Corp.)
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version: - NCsoft Corporation, Ltd.)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3002 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.)
Launch Manager (HKLM-x32\...\LManager) (Version: 7.0.4 - Acer Inc.)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3002 - Acer Incorporated)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Manager (x32 Version: 4.0.1.25166 - 2015 pdfforge GmbH. All rights reserved) Hidden
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Word 2002 (HKLM-x32\...\{911B0407-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2701.01 - Microsoft Corporation)
Microsoft Works 2000 (HKLM-x32\...\{56364334-9530-11D2-BFFC-00C04FA329AA}) (Version: 1.0.0.0000 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
MyEpson Portal (HKLM-x32\...\MyEpson Portal) (Version: - SEIKO EPSON Corporation)
MyEpson Portal (x32 Version: 1.1.1.0 - SEIKO EPSON CORPORATION) Hidden
MyWinLocker (Version: 4.0.14.35 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.35 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.24 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.24 - Egis Technology Inc.) Hidden
Norton Security (HKLM-x32\...\NS) (Version: 22.6.0.142 - Symantec Corporation)
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9008 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.9008 - NTI Corporation) Hidden
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.01.3102 - Acer)
Office Addin 2003 (HKLM-x32\...\{1FCC073B-CC01-4443-AD20-E559F66E6E83}) (Version: 2.01.3102 - Acer)
PDF Architect 4 (HKLM-x32\...\PDF Architect 4) (Version: 4.0.34.26215 - pdfforge GmbH)
PDF Architect 4 Create Module (Version: 4.0.12.26604 - pdfforge GmbH) Hidden
PDF Architect 4 Edit Module (Version: 4.0.12.26604 - pdfforge GmbH) Hidden
PDF Architect 4 View Module (Version: 4.0.12.26604 - pdfforge GmbH) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.2.2 - pdfforge)
PHOTOfunSTUDIO 6.0 (HKLM-x32\...\{B62A8A6F-5E48-4336-BF13-1632D5921872}) (Version: 6.00.135 - Panasonic Corporation)
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.05 - Qualcomm Atheros)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.1.0.9134 - Microsoft Corporation)
Skype™ 7.23 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.23.105 - Skype Technologies S.A.)
Spotify (HKLM-x32\...\Spotify) (Version: 0.8.4.99.ga249b5f1 - Spotify AB)
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {10736420-5957-43CF-BF62-417377C3D1E8} - System32\Tasks\Norton Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\SymErr.exe [2016-02-10] (Symantec Corporation)
Task: {17E4CA9F-25FD-494E-BB74-B84A209FCA12} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2012-06-22] ()
Task: {2DAC27BB-1A79-4EF9-8ECC-6D01F43A2564} - System32\Tasks\EPSON XP-225 Series Update {D75D1A13-8C20-4FDE-AF0E-C481B240F4CF} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSNFE.EXE [2013-11-22] (SEIKO EPSON CORPORATION)
Task: {436F583E-A7BB-4A03-9094-9749B83FB01B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {5031E43D-8433-478B-ADEF-ED7A3609D51E} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2012-07-13] ()
Task: {52FCA6DD-779B-4BC3-B9D0-537B54822E31} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-04-15] (Piriform Ltd)
Task: {5F97D955-A579-4638-865C-D7CBEEE30D30} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe
Task: {7C3C82A6-F5FF-49E6-84A8-3BCCD8C3CEFD} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2012-07-31] (Acer Incorporated)
Task: {98CEFDC9-4187-453C-A3B4-C49FB9152592} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2012-07-12] (Egis Technology Inc.)
Task: {9AFE1707-0536-49B5-BA05-62AF5F32C1BB} - System32\Tasks\{D0F9DC7E-8E00-45C9-A792-528F83A68E0A} => pcalua.exe -a "C:\Users\****\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\01R11QL1\mbam-setup-2.0.2.1012 (1).exe" -d "C:\Users\****\Desktop"
Task: {A216B98E-7CA4-4CFF-AB91-1102339303CF} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [2016-02-26] (Symantec Corporation)
Task: {AA3C6505-461B-4708-88F3-302AEC1180D2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {B8AEBA0C-A090-4602-A612-C906D0E29740} - System32\Tasks\EPSON XP-225 Series Update {8FC657E6-EBAA-44EA-9A7F-D11B9FC0FC4A} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSNFE.EXE [2013-11-22] (SEIKO EPSON CORPORATION)
Task: {C1B8D457-8CE8-4301-9F85-89E525B0F0A4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-03-23] (Adobe Systems Incorporated)
Task: {D73D4D28-307E-4653-AA96-4B4B6B4957E2} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\WSCStub.exe [2016-02-26] (Symantec Corporation)
Task: {DB52C38A-7BED-4C11-8C09-4DA13108FB1A} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-07-04] (CyberLink)
Task: {F83191E3-E913-4DC2-BE22-C614E7BF5FB0} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2012-07-12] (Egis Technology Inc.)
Task: {FD69F983-B019-4F42-80F6-5AB7D7CED2C2} - System32\Tasks\Norton Security\Norton Error Processor => C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\SymErr.exe [2016-02-10] (Symantec Corporation)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\EPSON XP-225 Series Update {8FC657E6-EBAA-44EA-9A7F-D11B9FC0FC4A}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSNFE.EXE:/EXE:{8FC657E6-EBAA-44EA-9A7F-D11B9FC0FC4A} /F:Update WORKGROUP\****$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\EPSON XP-225 Series Update {D75D1A13-8C20-4FDE-AF0E-C481B240F4CF}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSNFE.EXE:/EXE:{D75D1A13-8C20-4FDE-AF0E-C481B240F4CF} /F:Update WORKGROUP\****$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2015-02-13 05:20 - 2015-02-13 05:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 06:45 - 2015-10-13 06:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-06-22 03:12 - 2012-06-22 03:12 - 01407568 _____ () C:\Program Files (x86)\EgisTec MyWinLocker\x64\LIBEAY32.dll
2012-08-25 22:47 - 2012-06-25 19:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [119]
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
IE restricted site: HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\100sexlinks.com -> 100sexlinks.com
Da befinden sich 5317 mehr Seiten.
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-988491291-3693754129-3637727364-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\****\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist deaktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: c2cautoupdatesvc => 2
MSCONFIG\Services: c2cpnrsvc => 2
MSCONFIG\Services: iPod Service => 3
HKLM\...\StartupApproved\StartupFolder: => "PHOTOfunSTUDIO 6.0.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Microsoft Office.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Erinnerungen für Microsoft Works-Kalender.lnk"
HKLM\...\StartupApproved\Run: => "CanonMyPrinter"
HKLM\...\StartupApproved\Run: => "ETDCtrl"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "AnyProtect Scanner"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{FEE7A7CC-82D3-4011-B640-F4626DD122F4}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{AB5F27BF-22F4-4712-8084-FF660BE08D34}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{AA0888C6-F92B-4C7C-9CAD-2D282D3A50E0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8A0D8D67-94B9-4CCE-AAAC-E3C57773677E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{407EE37A-623F-4966-B21D-C99C799713ED}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{4FA73748-5938-4CEB-894E-B453B1AFEFE6}] => (Allow) D:\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [{2F2C4377-FD70-4B2C-940A-23A1AEE3FC05}] => (Allow) D:\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [UDP Query User{3A605BF0-3665-45A1-B819-DAEA51300DE9}C:\users\****\appdata\local\temp\jivexviewer\jre\bin\jivex[dv] light] => (Block) C:\users\****\appdata\local\temp\jivexviewer\jre\bin\jivex[dv] light
FirewallRules: [TCP Query User{49424576-D9E3-45AB-98E6-CD3E6B303893}C:\users\****\appdata\local\temp\jivexviewer\jre\bin\jivex[dv] light] => (Block) C:\users\****\appdata\local\temp\jivexviewer\jre\bin\jivex[dv] light
FirewallRules: [{65233150-7EFD-41C0-8387-BAC1BD0226A3}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{D97855A8-6D9E-405C-B26C-57C2A67DCD80}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{9392600C-2155-4D0C-A283-F2A30B1AA7A3}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{1DAC8AE4-CF71-4936-8C9F-DD78BDD24DE8}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{ACEC3427-8DD9-437E-B80C-1A9B4375BD75}] => (Allow) LPort=1900
FirewallRules: [{2CA2DA71-C8F1-49BD-88FD-266F4210D32B}] => (Allow) LPort=2869
FirewallRules: [{A14C80E4-F2C0-440C-B990-41612E96744B}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{33B99F81-3ADA-4D69-9F1B-61623CB17BFE}] => (Allow) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
FirewallRules: [{3351F186-2F38-480A-9D6E-7B48414D7190}] => (Allow) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
FirewallRules: [{3ACE7494-CA27-4075-A6B0-6F03864C8498}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{1B98F366-B2FF-45B9-B109-33C742CE2AD3}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{7A4A2624-F555-4B06-92E0-903EA15BD562}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{9F0D0792-05DF-46B5-BF0C-E36242E677CF}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{392902D1-E492-4B23-A44B-E9B4D4E872E9}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{EFBD8867-1604-4351-9BE8-E66425FC88EA}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{BDCF4A59-7BE8-4236-BAF1-280105E652EA}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{F143CCBD-402C-466A-9476-0ADF1DDD5964}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{D1972B30-34CD-4F27-B47A-27CD1F7720C0}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Movie\PlayMovie.exe
FirewallRules: [{27AB78F4-1F3E-47D4-A937-F64B5E5119CC}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\MusicPlayer.exe
FirewallRules: [{DF271C76-9D93-4AE2-B943-B49EF449A610}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\VideoPlayer.exe
FirewallRules: [{F6CD36E9-A5FB-4979-A36C-E738FA98B9FC}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{5E05036C-890F-460A-BE90-3C56C4C5E808}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{C0E8E1E8-1E7D-400A-BBA9-ADF8D4A95716}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{1BF54D06-9CE1-4C4D-BC29-CAC9E9C28219}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{03E3A4AB-FE05-4653-BEB7-BA72A94EAED0}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{F26F30F2-C88D-42D7-9F3B-7E265807388E}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{08C68545-463C-4FFA-9420-B8448073C336}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{CBE26A28-4749-4E1F-8568-114A76816C14}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{E82CAC18-872F-42EB-8783-E55F1BB9DB71}] => (Allow) C:\Program Files (x86)\NTI\Acer Backup Manager\FileExplorer.exe
FirewallRules: [{4D211644-52DE-4B61-99A1-6263E6D00570}] => (Allow) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
FirewallRules: [{686F6810-3EE6-4DE8-A966-3824652A6A7D}] => (Allow) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManager.exe
==================== Wiederherstellungspunkte =========================
29-04-2016 19:16:24 Geplanter Prüfpunkt
05-05-2016 12:35:57 Windows Update
11-05-2016 14:20:46 Windows Update
12-05-2016 22:30:00 Norton_Power_Eraser_20160512222953487
15-05-2016 19:02:42 JRT Pre-Junkware Removal
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (05/14/2016 11:33:26 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
Error: (05/14/2016 10:51:41 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
Error: (05/13/2016 03:42:09 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ****)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (05/13/2016 03:42:09 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ****)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (05/13/2016 03:42:09 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ****)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.People“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (05/13/2016 03:42:00 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ****)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (05/13/2016 03:42:00 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Mahakala)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (05/13/2016 02:48:45 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20911 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: a28
Startzeit: 01d1ad150471ce73
Endzeit: 4294967295
Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe
Berichts-ID: fe7b57d2-1908-11e6-881e-b888e35995e8
Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1
Error: (05/13/2016 10:52:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: WINWORD.EXE, Version: 10.0.2627.0, Zeitstempel: 0x3a9cdbe7
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0018f87c
ID des fehlerhaften Prozesses: 0xc44
Startzeit der fehlerhaften Anwendung: 0xWINWORD.EXE0
Pfad der fehlerhaften Anwendung: WINWORD.EXE1
Pfad des fehlerhaften Moduls: WINWORD.EXE2
Berichtskennung: WINWORD.EXE3
Vollständiger Name des fehlerhaften Pakets: WINWORD.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: WINWORD.EXE5
Error: (05/13/2016 10:40:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: WINWORD.EXE, Version: 10.0.2627.0, Zeitstempel: 0x3a9cdbe7
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0018f87c
ID des fehlerhaften Prozesses: 0x3a0
Startzeit der fehlerhaften Anwendung: 0xWINWORD.EXE0
Pfad der fehlerhaften Anwendung: WINWORD.EXE1
Pfad des fehlerhaften Moduls: WINWORD.EXE2
Berichtskennung: WINWORD.EXE3
Vollständiger Name des fehlerhaften Pakets: WINWORD.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: WINWORD.EXE5
Systemfehler:
=============
Error: (05/15/2016 06:23:14 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: ****)
Description: 0x8000002a116\??\C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \S-1-5-21-988491291-3693754129-3637727364-1001-0-ntuser.dat
Error: (05/15/2016 06:22:54 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: ****)
Description: 0x8000002a116\??\C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \S-1-5-21-988491291-3693754129-3637727364-1001-0-ntuser.dat
Error: (05/15/2016 06:14:09 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056
Error: (05/15/2016 06:13:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (05/15/2016 06:13:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Management and Security Application User Notification Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/15/2016 06:13:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "ePower Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/15/2016 06:13:38 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (05/15/2016 06:13:38 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Dritek RF Button Command Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 3000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (05/15/2016 06:13:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "PDF Architect 4 Manager" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/15/2016 06:13:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "PDF Architect 4 Creator" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Pentium(R) CPU B960 @ 2.20GHz
Prozentuale Nutzung des RAM: 23%
Installierter physikalischer RAM: 8005.28 MB
Verfügbarer physikalischer RAM: 6096.94 MB
Summe virtueller Speicher: 9285.28 MB
Verfügbarer virtueller Speicher: 7533.72 MB
==================== Laufwerke ================================
Drive c: (Acer) (Fixed) (Total:445.75 GB) (Free:368.23 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 659D2CAA)
Partition: GPT.
==================== Ende von Addition.txt ============================
|
|
16.05.2016, 11:29
| #8 |
| /// TB-Ausbilder | Windows 8, Malware: Schrift verändert, Programme lassen sich nicht öffnen Servus, Lesestoff  MBAM-Funde posten: So gehts...Manchmal ist es wichtig zu wissen, welche Schadprogramme im Vorfeld ohne Anweisung der Helfer schon gelöscht wurden. Daher benötige ich den Inhalt der Logdatei, in welcher der Suchlauf protokolliert wurde.
 |
|
16.05.2016, 14:39
| #9 |
| | Windows 8, Malware: Schrift verändert, Programme lassen sich nicht öffnenCode:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Update, 15.05.2016 18:22, SYSTEM, ****, Manual, Rootkit Database, 2016.2.8.1, 2016.5.6.1, Update, 15.05.2016 18:22, SYSTEM, ****, Manual, Remediation Database, 2016.2.12.1, 2016.5.11.1, Update, 15.05.2016 18:22, SYSTEM, ****, Manual, Domain Database, 2016.2.16.8, 2016.5.14.2, Update, 15.05.2016 18:22, SYSTEM, ****, Manual, Malware Database, 2016.2.16.6, 2016.5.15.4, Update, 15.05.2016 18:22, SYSTEM, ****, Manual, IP Database, 2016.2.8.1, 2016.5.13.3, Scan, 15.05.2016 18:45, SYSTEM, ****, Manual, Start: 15.05.2016 18:22, Dauer: 22 Min. 21 Sek., Bedrohungssuchlauf, Abgeschlossen, 0 Malware-Erkennung, 0 Nicht-Malware-Erkennungen, (end) Da Malwarebytes da noch nicht durchlief, hatte ich es später neu installiert. Jedenfalls läuft inzwischen der Laptop wieder problemlos. LG |
|
17.05.2016, 09:16
| #10 | |
| /// TB-Ausbilder | Windows 8, Malware: Schrift verändert, Programme lassen sich nicht öffnenZitat:
  AdwCleaner hat z. B. noch Adware entfernt, die Norton scheinbar nicht entdeckt hat. Und wieder hast du die Logdatei der Echtzeitüberwachung von MBAM gepostet, nicht die des Suchlaufs.... Schau mal unter C:\Programdata\Malwarebytes\Malwarebytes' Anti-Malware\Logs\ nach, dort sollten Dateien wie MBAM****.xml sein, die will ich haben, nicht die protection-logs. Ich will die Logdatei mit den 158 Funden von MBAM sehen... wo ist diese Logdatei? Geändert von M-K-D-B (17.05.2016 um 10:06 Uhr) |
|
18.05.2016, 17:16
| #11 |
| | Windows 8, Malware: Schrift verändert, Programme lassen sich nicht öffnen Ich suche die Logdatei raus... Als ich Malwarebytes durchlaufen lies, wurde das zum Schluss angezeigt, dass es soviele Funde gab. LG C:\Programdata\Malwarebytes\Malwarebytes' Anti-Malware\Logs\ konnte ich nicht finden, sondern nur den Ordner mbar und da ist keine Datei mit dem Namen mbam****.xml vorhanden  Gut zu wissen, dass der Adw Cleaner auch noch Adware gefunden hat. Wie kann ich denn die Datei sonst noch finden? Bin echt aufgeschmissen :-( |
|
19.05.2016, 14:17
| #12 |
| /// TB-Ausbilder | Windows 8, Malware: Schrift verändert, Programme lassen sich nicht öffnen Servus, wie läuft der Rechner aktuell? machen wir mit FRST weiter:
|
und 
und speichere die Logdatei auf Deinem Desktop.
. 
