Hallo,
vielen Dank für die Antwort, gerne poste ich die gewünschten Logfiles :=)
FRST.txt Code:
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 08-03-2017
durchgeführt von Waldemar (Administrator) auf WALDI-PC (10-03-2017 12:24:55)
Gestartet von D:\Downloads
Geladene Profile: Waldemar (Verfügbare Profile: Waldemar)
Platform: Windows 10 Pro Version 1607 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: IE)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Kingsoft Corporation) C:\Program Files (x86)\cmcm\Clean Master\cmcore.exe
(Kingsoft Corporation) C:\Program Files (x86)\kingsoft\kingsoft antivirus\kxescore.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
() C:\Program Files\EslWire\service\WireHelperSvc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Beepa P/L) D:\Program Files\Fraps\fraps.exe
(Microsoft Corporation) C:\Windows\System32\SppExtComObj.Exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Kingsoft Corporation) C:\Program Files (x86)\kingsoft\kingsoft antivirus\kxetray.exe
(REALiX) C:\Program Files\HWiNFO64\HWiNFO64.EXE
(Beepa P/L) D:\Program Files\Fraps\fraps64.dat
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Kingsoft Corporation) C:\Program Files (x86)\kingsoft\kingsoft antivirus\kwsprotect64.exe
(Nenad Hrg SoftwareOK) D:\Downloads\DesktopOK\DesktopOK_x64.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(JAM Software) D:\Downloads\TreeSize\TreeSizeFree.exe
(IObit) C:\Program Files (x86)\IObit\Driver Booster\4.2.0\Scheduler.exe
(Microsoft® Windows® Operating System) C:\Windows\System32\Taskmgr.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.693_none_42ff55c9655f38bf\TiWorker.exe
(Kingsoft Corporation) C:\Program Files (x86)\kingsoft\kingsoft antivirus\kcddltool.exe
(IObit) C:\Program Files (x86)\IObit\Driver Booster\4.2.0\UninstMon\PubMonitor.exe
(Kingsoft Corporation) C:\Program Files (x86)\kingsoft\kingsoft antivirus\kislive.exe
==================== Registry (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [114480 2016-10-27] (Panda Security, S.L.)
HKLM-x32\...\Run: [kxesc] => c:\program files (x86)\kingsoft\kingsoft antivirus\kxetray.exe [1816864 2017-03-09] (Kingsoft Corporation)
HKLM\...\Winlogon: [Userinit] C:\WINDOWS\SysWoW64\userinit.exe,
HKU\S-1-5-21-3194967007-1620309685-884015564-1001\...\Run: [DesktopOK] => D:\Downloads\DesktopOK\DesktopOK_x64.exe [552960 2017-01-12] (Nenad Hrg SoftwareOK)
ShellExecuteHooks: Kein Name - {1C49109E-0389-11E7-A53A-64006A5CFC23} - C:\Users\Waldemar\AppData\Roaming\Clergaiedtherpty\Vjition.dll -> Keine Datei
ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => -> Keine Datei
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> Keine Datei
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> Keine Datei
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> Keine Datei
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> Keine Datei
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> Keine Datei
Startup: C:\Users\Waldemar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP DeskJet 2130 series.lnk [2017-01-20]
ShortcutTarget: Tintenwarnungen überwachen - HP DeskJet 2130 series.lnk -> C:\Program Files\HP\HP DeskJet 2130 series\Bin\HPStatusBL.dll (Hewlett-Packard Development Company, LP)
GroupPolicyScripts: Beschränkung <======= ACHTUNG
GroupPolicyScripts\User: Beschränkung <======= ACHTUNG
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Winsock: Catalog5-x64 05 C:\WINDOWS\system32\NSBlockA.dll => Keine Datei
Winsock: Catalog5-x64 08 C:\WINDOWS\system32\NSBlockB.dll => Keine Datei
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{8718928d-cbeb-45ea-a621-800a9249001d}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{8c3f23f5-1014-4500-a899-84bea925823f}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{8c3f23f5-1014-4500-a899-84bea925823f}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{ba1bd942-7d0f-4613-ac8a-34ca658d5641}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{ba1bd942-7d0f-4613-ac8a-34ca658d5641}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{c62c2c67-591f-11e6-a59c-806e6f6e6963}: [NameServer] 8.8.8.8
Internet Explorer:
==================
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-05-17] (Microsoft Corporation)
Edge:
======
Edge Session Restore: HKU\S-1-5-21-3194967007-1620309685-884015564-1001 -> ist aktiviert.
FireFox:
========
FF DefaultProfile: e5v54rmq.default
FF ProfilePath: C:\Users\Waldemar\AppData\Roaming\Mozilla\Firefox\Profiles\e5v54rmq.default [2017-03-10]
FF user.js: detected! => C:\Users\Waldemar\AppData\Roaming\Mozilla\Firefox\Profiles\e5v54rmq.default\user.js [2016-03-02]
FF Homepage: Mozilla\Firefox\Profiles\e5v54rmq.default -> hxxp://www.t-online.de/
FF Extension: (FT DeepDark) - C:\Users\Waldemar\AppData\Roaming\Mozilla\Firefox\Profiles\e5v54rmq.default\Extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66} [2017-03-09]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-14] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2017-02-06] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2017-02-06] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [Keine Datei]
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2017-02-06] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @kingsfot.com/npkws -> c:\program files (x86)\kingsoft\kingsoft antivirus\npkws.dll [2017-03-09] (Kingsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2017-02-06] (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-3194967007-1620309685-884015564-1001: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2017-02-06] (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2016-04-19] (Tracker Software Products (Canada) Ltd.)
==================== Dienste (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1225216 2015-09-30] ()
R2 cmcore; c:\program files (x86)\cmcm\Clean Master\cmcore.exe [315208 2016-03-29] (Kingsoft Corporation)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1471168 2017-02-06] (Disc Soft Ltd)
R2 EslWireHelper; C:\Program Files\EslWire\service\WireHelperSvc.exe [663056 2016-04-12] ()
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation)
R2 kxescore; c:\program files (x86)\kingsoft\kingsoft antivirus\kxescore.exe [326376 2017-03-09] (Kingsoft Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [109816 2016-10-24] (Panda Security, S.L.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2124296 2017-03-08] (Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2185232 2017-03-08] (Electronic Arts)
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [86104 2016-07-19] (Panda Security, S.L.)
R2 PDF24; C:\Program Files (x86)\PDF24\pdf24.exe [217736 2017-02-23] (Geek Software GmbH)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2016-07-18] ()
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [48584 2016-10-27] (Panda Security, S.L.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ======================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R1 cryptfd; C:\WINDOWS\System32\drivers\cryptfd.sys [193448 2017-03-03] ()
S3 CySmb; C:\WINDOWS\System32\drivers\cysmb.sys [10752 2016-03-18] (Cypress Semiconductor, Inc.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [130688 2016-07-22] (Samsung Electronics Co., Ltd.)
S3 dpclat_driver; C:\WINDOWS\system32\drivers\dpclat_driver.sys [21232 2017-03-09] (Thesycon GmbH)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-01-30] (Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2016-01-30] (Disc Soft Ltd)
R3 e1cexpress; C:\WINDOWS\system32\DRIVERS\e1c65x64.sys [472016 2016-11-21] (Intel Corporation)
R0 ESLWireAC; C:\WINDOWS\System32\drivers\ESLWireACD.sys [108168 2016-10-19] (<Turtle Entertainment>)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77416 2017-01-20] ()
R1 HWiNFO32; C:\WINDOWS\system32\drivers\HWiNFO64A.SYS [27552 2015-12-25] (REALiX(tm))
R0 KAVBootC; C:\WINDOWS\System32\Drivers\KAVBootC64_ev.sys [63136 2017-03-09] (Kingsoft Corporation)
R1 KDHacker; c:\program files (x86)\kingsoft\kingsoft antivirus\security\kxescan\kdhacker64_ev.sys [209048 2017-03-09] (Kingsoft Corporation)
R2 kisknl; C:\WINDOWS\system32\drivers\kisknl.sys [317584 2017-03-09] (Kingsoft Corporation)
R1 kisnetm; c:\program files (x86)\kingsoft\kingsoft antivirus\security\ksnetm\kisnetm64_ev.sys [127128 2017-03-09] (Kingsoft Corporation)
R2 ksapi64; C:\WINDOWS\system32\drivers\ksapi64.sys [79000 2017-03-09] (Kingsoft Corporation)
S3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [68384 2015-06-11] (Logitech Inc.)
S3 LGPBTDD; C:\WINDOWS\System32\Drivers\LGPBTDD.sys [30728 2009-07-01] (Logitech Inc.)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [176584 2017-03-09] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [110536 2017-03-10] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-03-10] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [251848 2017-03-10] (Malwarebytes)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R1 NNSALPC; C:\WINDOWS\system32\DRIVERS\NNSALPC.sys [106928 2016-07-05] (Panda Security, S.L.)
R1 NNSHTTP; C:\WINDOWS\system32\DRIVERS\NNSHTTP.sys [211376 2016-07-05] (Panda Security, S.L.)
R1 NNSHTTPS; C:\WINDOWS\system32\DRIVERS\NNSHTTPS.sys [119728 2016-07-05] (Panda Security, S.L.)
R1 NNSIDS; C:\WINDOWS\system32\DRIVERS\NNSIDS.sys [125872 2016-07-05] (Panda Security, S.L.)
R1 NNSNAHSL; C:\WINDOWS\system32\DRIVERS\NNSNAHSL.sys [80152 2016-07-06] (Panda Security, S.L.)
R1 NNSPICC; C:\WINDOWS\system32\DRIVERS\NNSPICC.sys [116656 2016-07-05] (Panda Security, S.L.)
R1 NNSPIHSW; C:\WINDOWS\system32\DRIVERS\NNSPIHSW.sys [90032 2016-07-05] (Panda Security, S.L.)
R1 NNSPOP3; C:\WINDOWS\system32\DRIVERS\NNSPOP3.sys [135088 2016-07-05] (Panda Security, S.L.)
R1 NNSPROT; C:\WINDOWS\system32\DRIVERS\NNSPROT.sys [335792 2016-07-05] (Panda Security, S.L.)
R1 NNSPRV; C:\WINDOWS\system32\DRIVERS\NNSPRV.sys [197040 2016-07-05] (Panda Security, S.L.)
R1 NNSSMTP; C:\WINDOWS\system32\DRIVERS\NNSSMTP.sys [123312 2016-07-05] (Panda Security, S.L.)
R1 NNSSTRM; C:\WINDOWS\system32\DRIVERS\NNSSTRM.sys [278960 2016-07-05] (Panda Security, S.L.)
R1 NNSTLSC; C:\WINDOWS\system32\DRIVERS\NNSTLSC.sys [125360 2016-07-05] (Panda Security, S.L.)
R2 PSINAflt; C:\WINDOWS\system32\DRIVERS\PSINAflt.sys [179120 2016-10-24] (Panda Security, S.L.)
R2 PSINFile; C:\WINDOWS\System32\DRIVERS\PSINFile.sys [130992 2016-10-24] (Panda Security, S.L.)
R1 PSINKNC; C:\WINDOWS\system32\DRIVERS\PSINKNC.sys [207792 2016-10-24] (Panda Security, S.L.)
R2 PSINProc; C:\WINDOWS\System32\DRIVERS\PSINProc.sys [133552 2016-10-24] (Panda Security, S.L.)
R2 PSINProt; C:\WINDOWS\system32\DRIVERS\PSINProt.sys [146864 2016-10-24] (Panda Security, S.L.)
R2 PSINReg; C:\WINDOWS\system32\DRIVERS\PSINReg.sys [117168 2016-10-24] (Panda Security, S.L.)
U3 PSKMAD; C:\WINDOWS\System32\DRIVERS\PSKMAD.sys [72112 2016-08-09] (Panda Security, S.L.)
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2013-09-30] ()
S3 rspLLL; C:\WINDOWS\System32\DRIVERS\rspLLL64.sys [26368 2015-07-13] (Resplendence Software Projects Sp.)
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [14024 2016-10-24] ()
S3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [21984 2015-06-04] ()
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2016-03-28] (Apple, Inc.) [Datei ist nicht signiert]
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [36904 2016-02-18] (Wellbia.com Co., Ltd.)
S3 ALSysIO; \??\C:\Users\Waldemar\AppData\Local\Temp\ALSysIO64.sys [X] <==== ACHTUNG
S3 HdAudAddService; \SystemRoot\system32\DRIVERS\HdAudio.sys [X]
S3 HDAudBus; \SystemRoot\System32\drivers\HDAudBus.sys [X]
S3 intaud_WaveExtensible; \SystemRoot\system32\drivers\intelaud.sys [X]
S3 IntcAzAudAddService; \SystemRoot\system32\drivers\RTKVHD64.sys [X]
S3 iwdbus; \SystemRoot\System32\drivers\iwdbus.sys [X]
S4 nvlddmkm; \SystemRoot\system32\DRIVERS\nvlddmkm.sys [X]
S3 wfpgameprotect; \??\C:\Users\Waldemar\AppData\Local\Temp\9424.tmp.sys [X] <==== ACHTUNG
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-03-10 12:24 - 2017-03-10 12:24 - 00000000 ____D C:\FRST
2017-03-10 12:19 - 2017-03-10 12:19 - 00001195 _____ C:\Users\Public\Desktop\垃圾清理.lnk
2017-03-10 03:32 - 2017-03-10 12:16 - 00000000 ____D C:\Users\Waldemar\AppData\Local\VirtualStore
2017-03-09 22:30 - 2017-03-09 21:15 - 00063136 _____ (Kingsoft Corporation) C:\WINDOWS\system32\Drivers\kavbootc64_ev.sys
2017-03-09 22:30 - 2017-03-09 21:15 - 00053912 _____ (Kingsoft Corporation) C:\WINDOWS\system32\Drivers\kavbootc_ev.sys
2017-03-09 22:30 - 2017-03-09 21:11 - 00058096 _____ (Kingsoft Corporation) C:\WINDOWS\system32\Drivers\bootsafe64_ev.sys
2017-03-09 22:30 - 2017-03-09 21:11 - 00057072 _____ (Kingsoft Corporation) C:\WINDOWS\system32\Drivers\bootsafe_ev.sys
2017-03-09 20:18 - 2017-02-06 20:48 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-03-09 20:18 - 2017-02-06 20:48 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-03-09 20:11 - 2017-03-09 20:11 - 00000000 ____D C:\Users\Waldemar\AppData\Local\Kingsoft
2017-03-09 19:21 - 2017-03-09 19:58 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-03-09 19:11 - 2017-03-09 19:11 - 00000000 __SHD C:\Users\Waldemar\AppData\LocalLow\EmieBrowserModeList
2017-03-09 19:09 - 2017-03-09 19:09 - 00000000 ____D C:\Users\Waldemar\.android
2017-03-09 19:07 - 2017-03-09 19:14 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-03-09 18:59 - 2017-03-09 20:18 - 00003036 _____ C:\WINDOWS\System32\Tasks\Driver Booster SkipUAC (Waldemar)
2017-03-09 18:15 - 2017-03-09 18:15 - 00509413 _____ C:\Users\Waldemar\Desktop\scan.txt
2017-03-09 18:15 - 2017-03-09 18:15 - 00017124 _____ C:\Users\Waldemar\Desktop\scan.rar
2017-03-09 18:15 - 2017-03-09 18:15 - 00013873 _____ C:\Users\Waldemar\Desktop\AdwCleaner[S53].txt
2017-03-09 18:14 - 2017-03-09 18:14 - 00008192 _____ C:\WINDOWS\system32\Drivers\etc\hosts.bak
2017-03-09 18:00 - 2017-03-10 12:16 - 00251848 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-03-09 18:00 - 2017-03-10 12:16 - 00110536 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-03-09 18:00 - 2017-03-10 12:16 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-03-09 18:00 - 2017-03-09 19:21 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-03-09 18:00 - 2017-03-09 18:03 - 00176584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-03-09 18:00 - 2017-03-09 18:00 - 00001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-03-09 18:00 - 2017-03-09 18:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-03-09 17:59 - 2017-03-09 19:08 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-03-09 17:59 - 2017-03-09 17:59 - 00000000 ____D C:\Program Files\Malwarebytes
2017-03-09 17:59 - 2017-01-20 07:47 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-03-09 17:55 - 2017-03-10 12:16 - 00003218 _____ C:\WINDOWS\System32\Tasks\FRAPS
2017-03-09 17:48 - 2017-03-09 17:48 - 00000000 ____D C:\ProgramData\KRSHistory
2017-03-09 17:34 - 2017-03-10 12:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\金山毒霸
2017-03-09 17:34 - 2017-03-09 18:48 - 00000000 __SHD C:\KRECYCLE
2017-03-09 17:34 - 2017-03-09 18:10 - 00000000 ____D C:\Program Files (x86)\kingsoft
2017-03-09 17:34 - 2017-03-09 17:34 - 00317584 _____ (Kingsoft Corporation) C:\WINDOWS\system32\Drivers\kisknl_del.sys
2017-03-09 17:34 - 2017-03-09 17:34 - 00317584 _____ (Kingsoft Corporation) C:\WINDOWS\system32\Drivers\kisknl.sys
2017-03-09 17:34 - 2017-03-09 17:34 - 00130720 _____ (Kingsoft Corporation) C:\WINDOWS\system32\Drivers\kisnetm_ev.sys
2017-03-09 17:34 - 2017-03-09 17:34 - 00127128 _____ (Kingsoft Corporation) C:\WINDOWS\system32\Drivers\kisnetm64_ev.sys
2017-03-09 17:34 - 2017-03-09 17:34 - 00114488 _____ (Kingsoft Corporation) C:\WINDOWS\system32\Drivers\kisnetmxp.sys
2017-03-09 17:34 - 2017-03-09 17:34 - 00019352 _____ (Kingsoft Corporation) C:\WINDOWS\system32\Drivers\ksskrpr.sys
2017-03-09 17:34 - 2017-03-09 17:34 - 00000000 ____D C:\ProgramData\kdesk
2017-03-09 17:33 - 2017-03-09 17:33 - 00001762 __RSH C:\pagefile.$$$
2017-03-09 17:30 - 2017-03-09 17:30 - 00471968 _____ C:\WINDOWS\system32\ns.block
2017-03-09 17:26 - 2017-03-09 17:26 - 50053120 _____ C:\Program Files (x86)\GUT33A4.tmp
2017-03-09 17:26 - 2017-03-09 17:26 - 00000000 ____D C:\Program Files (x86)\GUM33A3.tmp
2017-03-09 17:25 - 2017-03-09 19:10 - 00000000 ____D C:\Program Files\1a750e6d6536a7c4fc4214c17c769657
2017-03-09 17:25 - 2017-03-09 17:53 - 00000000 ____D C:\Users\Waldemar\AppData\LocalLow\Temp
2017-03-09 17:25 - 2017-03-09 17:30 - 00000000 ____D C:\Program Files (x86)\Google
2017-03-09 17:25 - 2017-03-09 17:26 - 00000000 ____D C:\Program Files (x86)\UCBrowser
2017-03-09 17:25 - 2017-03-09 17:25 - 00000000 ____D C:\WINDOWS\system32\SSL
2017-03-09 17:25 - 2017-03-09 17:25 - 00000000 ____D C:\Users\Waldemar\AppData\Local\Google
2017-03-09 17:24 - 2017-03-09 17:24 - 00000000 ____D C:\WINDOWS\system32\sstmp
2017-03-09 17:24 - 2017-03-09 17:24 - 00000000 ____D C:\Users\Waldemar\AppData\Local\CrashRpt
2017-03-03 03:35 - 2017-03-03 03:35 - 00193448 _____ C:\WINDOWS\system32\Drivers\cryptfd.sys
2017-03-02 12:23 - 2017-03-02 12:23 - 00000000 __SHD C:\Users\Waldemar\AppData\Local\EmieBrowserModeList
2017-02-27 16:20 - 2017-02-27 16:20 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-WALDI-PC-Windows-10-Pro-(64-bit).dat
2017-02-27 14:22 - 2017-02-27 14:22 - 00001153 _____ C:\Users\Public\Desktop\PDF24.lnk
2017-02-27 14:22 - 2017-02-27 14:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
2017-02-22 11:24 - 2017-02-22 11:24 - 00004608 _____ C:\WINDOWS\SECOH-QAD.exe
2017-02-22 11:24 - 2017-02-22 11:24 - 00003584 _____ C:\WINDOWS\SECOH-QAD.dll
2017-02-21 21:33 - 2016-07-16 12:41 - 02716672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-02-21 21:05 - 2016-05-03 23:30 - 00077832 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2017-02-21 20:46 - 2017-02-21 20:46 - 00000000 ___SD C:\WINDOWS\SysWOW64\Nui
2017-02-21 20:46 - 2017-02-21 20:46 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-02-21 20:46 - 2017-02-21 20:46 - 00000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2017-02-21 20:46 - 2017-02-21 20:46 - 00000000 ___SD C:\WINDOWS\SysWOW64\Configuration
2017-02-21 20:46 - 2017-02-21 20:46 - 00000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2017-02-21 20:46 - 2017-02-21 20:46 - 00000000 ____D C:\WINDOWS\SysWOW64\winrm
2017-02-21 20:46 - 2017-02-21 20:46 - 00000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2017-02-21 20:46 - 2017-02-21 20:46 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2017-02-21 20:46 - 2017-02-21 20:46 - 00000000 ____D C:\WINDOWS\SysWOW64\slmgr
2017-02-21 20:46 - 2017-02-21 20:46 - 00000000 ____D C:\WINDOWS\SysWOW64\setup
2017-02-21 20:46 - 2017-02-21 20:46 - 00000000 ____D C:\WINDOWS\SysWOW64\ras
2017-02-21 20:46 - 2017-02-21 20:46 - 00000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2017-02-21 20:46 - 2017-02-21 20:46 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2017-02-21 20:46 - 2017-02-21 20:46 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2017-02-21 20:46 - 2017-02-21 20:46 - 00000000 ____D C:\WINDOWS\SysWOW64\MsDtc
2017-02-21 20:46 - 2017-02-21 20:46 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz
2017-02-21 20:46 - 2017-02-21 20:46 - 00000000 ____D C:\WINDOWS\SysWOW64\MailContactsCalendarSync
2017-02-21 20:46 - 2017-02-21 20:46 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-02-21 20:46 - 2017-02-21 20:46 - 00000000 ____D C:\WINDOWS\SysWOW64\Ipmi
2017-02-21 20:46 - 2017-02-21 20:46 - 00000000 ____D C:\WINDOWS\SysWOW64\InputMethod
2017-02-21 20:46 - 2017-02-21 20:46 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2017-02-21 20:46 - 2017-02-21 20:46 - 00000000 ____D C:\WINDOWS\SysWOW64\icsxml
2017-02-21 20:46 - 2017-02-21 20:46 - 00000000 ____D C:\WINDOWS\SysWOW64\downlevel
2017-02-21 20:46 - 2017-02-21 20:46 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-02-21 20:46 - 2017-02-21 20:46 - 00000000 ____D C:\WINDOWS\SysWOW64\de
2017-02-21 20:46 - 2017-02-21 20:46 - 00000000 ____D C:\WINDOWS\SysWOW64\com
2017-02-21 20:46 - 2017-02-21 20:46 - 00000000 ____D C:\WINDOWS\SysWOW64\Bthprops
2017-02-21 20:46 - 2017-02-21 20:46 - 00000000 ____D C:\WINDOWS\SysWOW64\AppLocker
2017-02-21 20:46 - 2017-02-21 20:46 - 00000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2017-02-21 20:46 - 2017-02-21 20:46 - 00000000 ____D C:\ProgramData\Comms
2017-02-21 20:00 - 2017-02-21 20:00 - 00000144 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-02-12 17:27 - 2017-03-09 17:55 - 00313793 ____N C:\WINDOWS\Minidump\030917-7578-01.dmp
2017-02-12 14:03 - 2017-02-12 14:03 - 00001814 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2017-02-12 14:03 - 2017-02-12 14:03 - 00000000 ____D C:\Program Files\DAEMON Tools Lite
2017-02-12 14:02 - 2017-02-12 14:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange PDF Viewer
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-03-10 12:21 - 2016-07-16 23:51 - 05469474 _____ C:\WINDOWS\system32\perfh007.dat
2017-03-10 12:21 - 2016-07-16 23:51 - 01520546 _____ C:\WINDOWS\system32\perfc007.dat
2017-03-10 12:21 - 2015-08-14 17:01 - 10720946 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-03-10 12:20 - 2016-11-18 15:21 - 00000000 ____D C:\Users\Waldemar\AppData\LocalLow\Mozilla
2017-03-10 12:17 - 2017-01-19 23:53 - 00000000 ____D C:\ProgramData\Kingsoft
2017-03-10 12:16 - 2016-11-25 12:08 - 00000000 __SHD C:\Users\Waldemar\IntelGraphicsProfiles
2017-03-10 12:16 - 2016-08-03 02:18 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-10 03:33 - 2016-07-16 07:04 - 00131072 _____ C:\WINDOWS\system32\config\BBI
2017-03-10 03:30 - 2016-08-03 02:13 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-03-09 21:31 - 2016-03-29 15:26 - 00121488 _____ (Kingsoft Corporation) C:\WINDOWS\system32\Drivers\ksapi.sys
2017-03-09 20:24 - 2015-08-20 00:38 - 00021232 _____ (Thesycon GmbH) C:\WINDOWS\system32\Drivers\dpclat_driver.sys
2017-03-09 20:18 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-03-09 20:09 - 2015-06-01 14:02 - 00000000 ____D C:\Users\Waldemar\AppData\Local\Packages
2017-03-09 20:06 - 2015-06-03 11:27 - 00000000 ____D C:\Users\Waldemar\AppData\Roaming\IObit
2017-03-09 19:59 - 2016-03-31 10:29 - 00000000 ____D C:\WINDOWS\pss
2017-03-09 19:23 - 2016-04-09 02:02 - 00000000 ____D C:\AdwCleaner
2017-03-09 19:09 - 2016-08-03 02:14 - 00000000 ____D C:\Users\Waldemar
2017-03-09 18:39 - 2015-10-03 11:02 - 00000849 _____ C:\Users\Waldemar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2017-03-09 18:02 - 2015-06-01 19:57 - 00000000 ____D C:\Users\Waldemar\AppData\Roaming\Geek Uninstaller
2017-03-09 17:55 - 2017-01-19 23:45 - 00000000 ____D C:\WINDOWS\Minidump
2017-03-09 17:52 - 2016-08-03 02:20 - 00000008 __RSH C:\ProgramData\ntuser.pol
2017-03-09 17:51 - 2013-08-22 16:36 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-03-09 17:50 - 2015-06-01 15:54 - 00000000 ____D C:\Program Files (x86)\Steam
2017-03-09 17:37 - 2015-06-01 18:17 - 00000000 ____D C:\Users\Waldemar\AppData\Roaming\TS3Client
2017-03-09 17:34 - 2016-03-29 15:26 - 00079000 _____ (Kingsoft Corporation) C:\WINDOWS\system32\Drivers\ksapi64.sys
2017-03-09 17:24 - 2016-07-16 23:56 - 00000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2017-03-09 15:54 - 2015-07-25 11:53 - 00000000 ____D C:\Users\Waldemar\AppData\Roaming\OBS
2017-03-09 11:49 - 2015-06-04 02:37 - 00000000 ____D C:\Users\Waldemar\AppData\Roaming\vlc
2017-03-09 01:51 - 2015-06-14 16:21 - 00000000 ____D C:\Program Files\JDownloader
2017-03-08 14:44 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF
2017-03-08 12:13 - 2015-06-14 16:47 - 00000000 ____D C:\Users\Waldemar\AppData\Roaming\Origin
2017-03-08 12:13 - 2015-06-14 16:45 - 00000000 ____D C:\ProgramData\Origin
2017-03-08 12:12 - 2015-06-14 16:45 - 00000000 ____D C:\Program Files (x86)\Origin
2017-03-08 09:20 - 2015-06-01 14:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-03-07 23:50 - 2016-09-21 13:28 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-03-07 18:02 - 2015-06-14 16:50 - 00000000 ____D C:\Users\Waldemar\AppData\Roaming\HLSW
2017-03-07 18:00 - 2015-09-24 18:50 - 00001155 _____ C:\Users\Waldemar\Desktop\MSI Afterburner.lnk
2017-03-07 16:08 - 2016-02-15 12:41 - 00000000 ____D C:\Program Files (x86)\DAoC Portal
2017-03-06 02:18 - 2016-04-06 02:43 - 00000000 ____D C:\Program Files (x86)\RivaTuner Statistics Server
2017-03-06 02:18 - 2015-09-24 18:50 - 00000000 ____D C:\Program Files (x86)\MSI Afterburner
2017-03-05 13:49 - 2016-05-09 18:24 - 00000791 _____ C:\Users\Waldemar\Desktop\Uthgard Launcher.lnk
2017-03-03 22:08 - 2016-09-24 15:53 - 00000000 ____D C:\Users\Waldemar\AppData\Local\PingPlotter 5
2017-03-03 20:11 - 2016-02-20 11:33 - 00000000 ____D C:\Users\Waldemar\AppData\Local\Ubisoft Game Launcher
2017-03-03 20:10 - 2015-06-30 13:05 - 00000000 ____D C:\Users\Waldemar\AppData\Roaming\Skype
2017-03-03 19:31 - 2016-10-29 19:30 - 00000000 ____D C:\ProgramData\Skype
2017-03-03 19:31 - 2015-06-30 13:05 - 00002642 _____ C:\Users\Public\Desktop\Skype.lnk
2017-03-03 19:31 - 2015-06-30 13:05 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-03-03 19:30 - 2015-08-14 16:54 - 00000000 ____D C:\ProgramData\Package Cache
2017-03-01 14:30 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-03-01 14:30 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-03-01 02:28 - 2015-11-14 19:03 - 00000000 ____D C:\Users\Waldemar\AppData\Roaming\TeamViewer
2017-02-28 21:37 - 2016-02-10 20:27 - 00000492 _____ C:\Users\Waldemar\Desktop\Lieder.txt
2017-02-28 11:57 - 2015-06-14 18:29 - 00001065 _____ C:\Users\Waldemar\Desktop\geek Uninstaller.lnk
2017-02-27 14:22 - 2015-07-05 15:28 - 00000000 ____D C:\Program Files (x86)\PDF24
2017-02-24 11:26 - 2016-10-26 20:51 - 00002365 _____ C:\Users\Public\Desktop\Driver Booster 4.lnk
2017-02-23 13:29 - 2015-06-01 15:07 - 138020592 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-02-23 13:29 - 2015-06-01 15:07 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-02-23 12:35 - 2016-11-18 20:06 - 00000451 _____ C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2017-02-22 14:24 - 2016-02-16 14:04 - 00000000 ____D C:\Program Files (x86)\Intel
2017-02-22 13:23 - 2015-06-01 16:19 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2017-02-21 22:14 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\rescache
2017-02-21 21:27 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-02-21 20:46 - 2016-07-16 12:47 - 00000000 ____D C:\PerfLogs
2017-02-21 20:18 - 2015-06-15 20:43 - 00007660 _____ C:\Users\Waldemar\AppData\Local\Resmon.ResmonCfg
2017-02-21 20:08 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2017-02-21 19:58 - 2016-04-29 19:05 - 00000000 ____D C:\Users\Waldemar\AppData\Local\ESL Wire Game Client
2017-02-17 15:34 - 2016-04-09 06:01 - 00000000 ___HD C:\Program Files (x86)\Temp
2017-02-17 15:33 - 2016-12-11 13:01 - 00000000 ____D C:\WINDOWS\system32\DAX3
2017-02-17 15:33 - 2016-08-03 02:13 - 00000000 ____D C:\WINDOWS\system32\DAX2
2017-02-14 16:33 - 2015-06-07 13:23 - 00000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-02-14 16:24 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-02-12 14:03 - 2015-06-14 18:11 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2017-02-12 14:02 - 2015-07-05 15:29 - 00001063 _____ C:\Users\Public\Desktop\PDF-Viewer.lnk
2017-02-12 14:02 - 2015-07-05 15:29 - 00000000 ____D C:\Program Files\Tracker Software
2017-02-10 16:36 - 2015-10-03 16:42 - 00000000 ____D C:\ProgramData\ProductData
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2017-03-09 17:26 - 2017-03-09 17:26 - 50053120 _____ () C:\Program Files (x86)\GUT33A4.tmp
2015-06-15 20:43 - 2017-02-21 20:18 - 0007660 _____ () C:\Users\Waldemar\AppData\Local\Resmon.ResmonCfg
Einige Dateien in TEMP:
====================
2017-03-10 03:02 - 2017-03-10 03:02 - 3957784 _____ (Geek Unіnstaller) C:\Users\Waldemar\AppData\Local\Temp\geek64.exe
==================== Bamital & volsnap ======================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2017-03-07 14:06
==================== Ende von FRST.txt ============================ Addition.txt Code:
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 08-03-2017
durchgeführt von Waldemar (10-03-2017 12:27:19)
Gestartet von D:\Downloads
Windows 10 Pro Version 1607 (X64) (2016-08-03 01:20:16)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-3194967007-1620309685-884015564-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3194967007-1620309685-884015564-503 - Limited - Disabled)
Gast (S-1-5-21-3194967007-1620309685-884015564-501 - Limited - Enabled)
Waldemar (S-1-5-21-3194967007-1620309685-884015564-1001 - Administrator - Enabled) => C:\Users\Waldemar
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: 金山毒霸铠甲防御 (Enabled - Up to date) {F12FA156-2AD6-E7A5-D9C3-B4D4353324BE}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: Panda Protection (Enabled - Up to date) {46AEFD02-ACA3-E038-1FA5-4A15EFD361E0}
AS: 金山毒霸铠甲防御 (Enabled - Up to date) {4A4E40B2-0CEC-E82B-E373-8FA64EB46E03}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Panda Protection (Enabled - Up to date) {FDCF1CE6-8A99-EFB6-2515-716794542B5D}
FW: Panda Firewall (Disabled) {7E957C27-E6CC-E160-34FA-E3201100269B}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
µTorrent (HKU\S-1-5-21-3194967007-1620309685-884015564-1001\...\uTorrent) (Version: 3.4.9.43085 - BitTorrent Inc.)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.7.2.45672 - Electronic Arts)
Battlefield: Bad Company™ 2 (HKLM-x32\...\{3AC8457C-0385-4BEA-A959-E095F05D6D67}) (Version: 1.0.1.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.7.1 - EA Digital Illusions CE AB)
CCleaner (HKLM\...\CCleaner) (Version: 5.27 - Piriform)
Clean Master (HKLM-x32\...\Clean Master) (Version: 1.0 - Cheetah Mobile)
Counter-Strike (HKLM-x32\...\Steam App 10) (Version: - Valve)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.5.1.0230 - Disc Soft Ltd)
DAoC Portal (HKLM-x32\...\{EC9359B3-2548-4DB1-B322-6D71A17501F9}) (Version: 2.8.2 - Dawn of Light)
Driver Booster 4.2 (HKLM-x32\...\Driver Booster_is1) (Version: 4.2.0 - IObit)
Electrum (HKU\S-1-5-21-3194967007-1620309685-884015564-1001\...\Electrum) (Version: 2.7.10 - Electrum Technologies GmbH)
ESL Wire 1.19.0 (HKLM\...\ESL Wire_is1) (Version: - Turtle Entertainment GmbH)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )
HP DeskJet 2130 series - Grundlegende Software für das Gerät (HKLM\...\{BBA1A677-EA75-4CAF-AB71-C5778BAA8BFA}) (Version: 35.0.61.54677 - Hewlett-Packard Co.)
HWiNFO64 Version 5.42 (HKLM\...\HWiNFO64_is1) (Version: 5.42 - Martin Malík - REALiX)
Intel® Chipsatz-Gerätesoftware (x32 Version: 10.1.1.8 - Intel(R) Corporation) Hidden
Malwarebytes Version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
MiniTool Partition Wizard Free 9.1 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Solution Ltd.)
Mozilla Firefox 52.0 (x64 de) (HKLM\...\Mozilla Firefox 52.0 (x64 de)) (Version: 52.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.0.0.6270 - Mozilla)
MSI Afterburner 4.3.0 (HKLM-x32\...\Afterburner) (Version: 4.3.0 - MSI Co., LTD)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.7 - F.J. Wechselberger)
NetSpeedMonitor 2.5.4.0 x64 (HKLM\...\{88F41EE2-949B-4B52-933D-C7F8F67BC1D2}) (Version: 2.5.4.0 - Florian Gilles)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
Origin (HKLM-x32\...\Origin) (Version: 10.4.5.25153 - Electronic Arts, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Panda Devices Agent (x32 Version: 1.03.08 - Panda Security) Hidden
Panda Devices Agent (x32 Version: 1.08.00 - Panda Security) Hidden
Panda Protection (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 18.00.00.0000 - Panda Security)
Panda Protection (Version: 8.85.00 - Panda Security) Hidden
PDF24 Creator 8.1.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.320.0 - Tracker Software Products Ltd)
PingPlotter 5 (x32 Version: 5.4.0.2599 - Pingman Tools, LLC) Hidden
PingPlotter 5 5.4.0 (HKLM-x32\...\PingPlotter 5 5.4.0.2599) (Version: 5.4.0.2599 - Pingman Tools, LLC)
RivaTuner Statistics Server 6.5.1 (HKLM-x32\...\RTSS) (Version: 6.5.1 - Unwinder)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.59.0 - Samsung Electronics Co., Ltd.)
Skype™ 7.33 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.33.104 - Skype Technologies S.A.)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.72365 - TeamViewer)
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUS_{5D2260D6-DB16-41DC-915B-A39BF4F66362}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3161988) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{E1C47F57-5CCA-4077-96A6-7BFD2A026ECD}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3161988) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{E1C47F57-5CCA-4077-96A6-7BFD2A026ECD}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3161988) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUS_{E1C47F57-5CCA-4077-96A6-7BFD2A026ECD}) (Version: - Microsoft)
Uplay (HKLM-x32\...\Uplay) (Version: 15.0 - Ubisoft)
Uthgard Launcher (HKU\S-1-5-21-3194967007-1620309685-884015564-1001\...\Uthgard Launcher) (Version: 1.00.00.00 - Uthgard)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
WinRAR 5.40 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
金山毒霸 (HKLM-x32\...\Kingsoft Internet Security) (Version: 2017.11.3.7 - Kingsoft Internet Security)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-3194967007-1620309685-884015564-1001_Classes\CLSID\{33C169DA-833A-456A-9059-F3D6D429ED42}\InprocServer32 -> C:\WINDOWS\system32\timedate.cpl (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3194967007-1620309685-884015564-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {02E10547-A84C-4F95-B2B4-1CF56313E419} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {2761DB85-5431-4477-A34F-9BB495FA98BE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {30BD7D48-478B-4202-9BB8-827C97606840} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => %SystemRoot%\System32\AutoWorkplace.exe
Task: {37A10AB4-4D8D-4CA0-AD06-D60FF9F5549B} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {37C4A448-6424-49D6-87A6-67657CEC1F61} - \{EBA88579-CE24-D37D-00CC-AC025582844F} -> Keine Datei <==== ACHTUNG
Task: {433347FA-79FE-4AF4-A278-47A75FC35A77} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {4CD142F8-6A02-4DD9-A185-399AF3D0B9AB} - \HWiNFO -> Keine Datei <==== ACHTUNG
Task: {5802C752-26B3-422B-A3D1-F388486E6BAB} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {5A491E9B-8428-4DEC-A68B-93E0FEA5DD21} - System32\Tasks\Driver Booster SkipUAC (Waldemar) => C:\Program Files (x86)\IObit\Driver Booster\4.2.0\DriverBooster.exe [2017-01-10] (IObit)
Task: {5C645C1D-36A6-4D89-9CB2-DBD11F096B6D} - System32\Tasks\FRAPS => D:\Program Files\Fraps\fraps.exe [2013-02-26] (Beepa P/L)
Task: {66A06FAC-60C2-4C60-A00F-0BA9C6009A70} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {67656E24-0EBB-46B2-9946-869129451708} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {6F188C7D-077F-44FA-AD1A-9F4672143CBF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {702362AF-0485-4E1D-BE86-643A32A9800B} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {72C6C250-174E-4154-9677-F8A7ADC25EEF} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG
Task: {84C2E2C8-579D-4591-90FE-ED440CB84885} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {91C89A48-0F32-444F-935B-C05C70E46593} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {97FC8EFA-192C-4D81-B756-1870E024D8FF} - \AMD Updater -> Keine Datei <==== ACHTUNG
Task: {A733B69F-B477-4FC7-8F0D-413B0A39FAAE} - \IVnL3iPwtc -> Keine Datei <==== ACHTUNG
Task: {AD390E6F-FA43-4598-8672-DD4BAA7C1B90} - \CreateExplorerShellUnelevatedTask -> Keine Datei <==== ACHTUNG
Task: {B8755F7E-7884-4D3A-8A86-A9E32B1D658A} - \{FF811904-482A-AEAF-536A-3E6574982BF1} -> Keine Datei <==== ACHTUNG
Task: {CAFFD876-EC45-4CE4-BA74-296752B05B5D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-02-23] (Microsoft Corporation)
Task: {CE400C3C-D14A-4AF3-817B-596CB01A07C5} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {D5E8B331-56C4-4ADA-A73D-634190FCC04A} - \Driver Booster Scheduler -> Keine Datei <==== ACHTUNG
Task: {F583DA50-49C4-46EB-91D0-AA1FA5C53A65} - \CCleanerSkipUAC -> Keine Datei <==== ACHTUNG
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-19 19:17 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2017-03-09 17:59 - 2017-01-20 07:47 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-03-09 18:00 - 2017-01-20 07:47 - 02829776 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll
2016-04-29 19:05 - 2016-04-12 13:39 - 00663056 _____ () C:\Program Files\EslWire\service\WireHelperSvc.exe
2016-04-29 19:05 - 2016-04-14 09:38 - 00214016 _____ () C:\Program Files\EslWire\service\NocIPC64.dll
2016-05-13 23:44 - 2016-07-18 23:02 - 00076888 _____ () C:\WINDOWS\SysWoW64\PnkBstrA.exe
2016-12-19 19:17 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-09-15 21:59 - 2016-09-07 05:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-12 09:56 - 2016-12-21 08:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-09-20 08:59 - 2017-03-08 12:12 - 02493440 _____ () C:\Program Files (x86)\Origin\libGLESv2.dll
2015-12-15 18:17 - 2015-12-15 18:17 - 00618544 _____ () C:\Program Files (x86)\Panda Security\Panda Security Protection\SQLite3.dll
2017-03-09 17:34 - 2017-03-09 17:34 - 00158368 _____ () c:\program files (x86)\kingsoft\kingsoft antivirus\zlib1.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\ProgramData\TEMP:5F91AB27 [222]
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PAexec => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PAexec => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
HKU\S-1-5-21-3194967007-1620309685-884015564-1001\Software\Classes\.exe: exefile => <===== ACHTUNG
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2013-08-22 14:25 - 2017-03-09 19:17 - 00000000 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-3194967007-1620309685-884015564-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Waldemar\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
DNS Servers: 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [{D7E0F84C-B5F7-4640-B3A1-21F03AFE62DF}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{F005A76C-DE67-4155-9CAE-203FEE240C3F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7B191F4D-6CEF-487D-8BD4-D84FEDFE34B4}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{945172B5-BEB7-49F6-A9E5-DB9738818469}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{C5D980D5-AE41-4D5C-93BB-1A8340A71F7C}C:\program files (x86)\steam\steamapps\common\half-life\hl.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\half-life\hl.exe
FirewallRules: [UDP Query User{57F5E667-BD96-4255-9CBE-E714A2F96A96}C:\program files (x86)\steam\steamapps\common\half-life\hl.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\half-life\hl.exe
FirewallRules: [{8510F33E-8AFE-463E-8728-78E56980FD55}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.2.0\DriverBooster.exe
FirewallRules: [{2D2ACC5D-0386-445B-AC0F-C29D41895CCD}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.2.0\DriverBooster.exe
FirewallRules: [{7A15CE63-C807-466C-AAEC-5D90A6330384}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.2.0\DBDownloader.exe
FirewallRules: [{84029264-93F6-49D3-9AC9-D4F7E14AAE14}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.2.0\DBDownloader.exe
FirewallRules: [{9A2A98F0-99D5-46ED-A52F-6310DE76DC81}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.2.0\AutoUpdate.exe
FirewallRules: [{9D5A41A7-50D8-47D0-9B62-964F69706C6D}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.2.0\AutoUpdate.exe
FirewallRules: [TCP Query User{3FF77E7D-5FF6-450A-B09B-6CB6DF9527E3}D:\program files\hlsw\hlsw.exe] => (Allow) D:\program files\hlsw\hlsw.exe
FirewallRules: [UDP Query User{16F0DE79-49C7-4012-82EA-74F623B93292}D:\program files\hlsw\hlsw.exe] => (Allow) D:\program files\hlsw\hlsw.exe
FirewallRules: [TCP Query User{CC242FD2-4ABC-4765-BE44-3B2862B633C9}D:\program files\mirc\mirc.exe] => (Allow) D:\program files\mirc\mirc.exe
FirewallRules: [UDP Query User{B52D8AF5-5585-45E7-9AB2-3D1F7801B0FA}D:\program files\mirc\mirc.exe] => (Allow) D:\program files\mirc\mirc.exe
FirewallRules: [TCP Query User{C5523549-E821-4AA2-8B55-ED60B894A719}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{55A8B015-AF00-4F3D-B1CC-1E5E7E6C21F4}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{0CC2A8B9-5926-4234-BA39-D5995539E8B4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{A127C6F2-DB26-4998-B993-EA50044B2467}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{231062F5-A41A-45FF-87AC-8C138547C1A2}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{1186AF0C-CC9C-438B-9EFA-ACF18DD75CF3}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Wiederherstellungspunkte =========================
ACHTUNG: Systemwiederherstellung ist deaktiviert
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (03/10/2017 12:21:24 PM) (Source: Software Protection Platform Service) (EventID: 8229) (User: )
Description: Fehler des Regelmoduls beim Ausführen einer oder mehrerer geplanter Aktionen.
Fehlercode:0x80070005
Pfad:SERIALIZE_INTERNAL
Argumente:<none>
Error: (03/10/2017 12:20:20 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
Error: (03/10/2017 12:18:32 PM) (Source: ESENT) (EventID: 454) (User: )
Description: svchost (1436) SRUJet: Unerwarteter Fehler "-1032" bei der Datenbankwiederherstellung.
Error: (03/10/2017 12:18:32 PM) (Source: ESENT) (EventID: 490) (User: )
Description: svchost (1436) SRUJet: Der Versuch, die Datei "C:\WINDOWS\system32\SRU\SRU.log" für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 5 (0x00000005): "Zugriff verweigert " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
Error: (03/10/2017 12:18:22 PM) (Source: ESENT) (EventID: 490) (User: )
Description: svchost (1436) SRUJet: Der Versuch, die Datei "C:\WINDOWS\system32\SRU\SRUDB.dat" für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 5 (0x00000005): "Zugriff verweigert " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
Error: (03/10/2017 12:18:12 PM) (Source: ESENT) (EventID: 490) (User: )
Description: svchost (1436) SRUJet: Der Versuch, die Datei "C:\WINDOWS\system32\SRU\SRUDB.dat" für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 5 (0x00000005): "Zugriff verweigert " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
Error: (03/10/2017 12:18:02 PM) (Source: ESENT) (EventID: 490) (User: )
Description: svchost (1436) SRUJet: Der Versuch, die Datei "C:\WINDOWS\system32\SRU\SRUDB.dat" für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 5 (0x00000005): "Zugriff verweigert " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
Error: (03/10/2017 12:17:52 PM) (Source: ESENT) (EventID: 490) (User: )
Description: svchost (1436) SRUJet: Der Versuch, die Datei "C:\WINDOWS\system32\SRU\SRUDB.dat" für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 5 (0x00000005): "Zugriff verweigert " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
Error: (03/10/2017 12:17:42 PM) (Source: ESENT) (EventID: 490) (User: )
Description: svchost (1436) SRUJet: Der Versuch, die Datei "C:\WINDOWS\system32\SRU\SRUDB.dat" für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 5 (0x00000005): "Zugriff verweigert " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
Error: (03/10/2017 12:17:32 PM) (Source: ESENT) (EventID: 490) (User: )
Description: svchost (1436) SRUJet: Der Versuch, die Datei "C:\WINDOWS\system32\SRU\SRUDB.dat" für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 5 (0x00000005): "Zugriff verweigert " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
Systemfehler:
=============
Error: (03/10/2017 12:19:23 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: Der Server "{784E29F4-5EBE-4279-9948-1E8FE941646D}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (03/10/2017 12:16:19 PM) (Source: Microsoft-Windows-Eventlog) (EventID: 22) (User: NT-AUTORITÄT)
Description: Der Ereignisprotokollierungsdienst hat einen Fehler beim Initialisieren der Veröffentlichung von Ressourcen für Kanal "Microsoft-RMS-MSIPC/Debug" erkannt. Falls ein direkter Kanal festgelegt ist, kann dies ein Hinweis darauf sein, dass auch das Protokollieren der Ressourcen nicht initialisiert werden konnte.
Error: (03/10/2017 12:16:19 PM) (Source: Microsoft-Windows-Eventlog) (EventID: 22) (User: NT-AUTORITÄT)
Description: Der Ereignisprotokollierungsdienst hat einen Fehler beim Initialisieren der Veröffentlichung von Ressourcen für Kanal "DebugChannel" erkannt. Falls ein direkter Kanal festgelegt ist, kann dies ein Hinweis darauf sein, dass auch das Protokollieren der Ressourcen nicht initialisiert werden konnte.
Error: (03/10/2017 12:16:18 PM) (Source: volmgr) (EventID: 49) (User: )
Description: Die Konfiguration der Auslagerungsdatei für das Absturzbild ist fehlgeschlagen. Stellen
Sie sicher, dass eine Auslagerungsdatei auf der Startpartition vorhanden ist und dass diese
groß genug ist, um den gesamten physischen Speicher abbilden zu können.
Error: (03/10/2017 12:16:14 PM) (Source: volmgr) (EventID: 49) (User: )
Description: Die Konfiguration der Auslagerungsdatei für das Absturzbild ist fehlgeschlagen. Stellen
Sie sicher, dass eine Auslagerungsdatei auf der Startpartition vorhanden ist und dass diese
groß genug ist, um den gesamten physischen Speicher abbilden zu können.
Error: (03/10/2017 03:32:51 AM) (Source: DCOM) (EventID: 10010) (User: WALDI-PC)
Description: Der Server "App.AppXwdz8g2fxr36xz0tdtagygnvemf85s7gg.mca" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (03/10/2017 03:32:50 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
und der APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (03/10/2017 03:32:27 AM) (Source: Microsoft-Windows-Eventlog) (EventID: 22) (User: NT-AUTORITÄT)
Description: Der Ereignisprotokollierungsdienst hat einen Fehler beim Initialisieren der Veröffentlichung von Ressourcen für Kanal "Microsoft-RMS-MSIPC/Debug" erkannt. Falls ein direkter Kanal festgelegt ist, kann dies ein Hinweis darauf sein, dass auch das Protokollieren der Ressourcen nicht initialisiert werden konnte.
Error: (03/10/2017 03:32:27 AM) (Source: Microsoft-Windows-Eventlog) (EventID: 22) (User: NT-AUTORITÄT)
Description: Der Ereignisprotokollierungsdienst hat einen Fehler beim Initialisieren der Veröffentlichung von Ressourcen für Kanal "DebugChannel" erkannt. Falls ein direkter Kanal festgelegt ist, kann dies ein Hinweis darauf sein, dass auch das Protokollieren der Ressourcen nicht initialisiert werden konnte.
Error: (03/10/2017 03:32:26 AM) (Source: volmgr) (EventID: 49) (User: )
Description: Die Konfiguration der Auslagerungsdatei für das Absturzbild ist fehlgeschlagen. Stellen
Sie sicher, dass eine Auslagerungsdatei auf der Startpartition vorhanden ist und dass diese
groß genug ist, um den gesamten physischen Speicher abbilden zu können.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz
Prozentuale Nutzung des RAM: 26%
Installierter physikalischer RAM: 7873.98 MB
Verfügbarer physikalischer RAM: 5765 MB
Summe virtueller Speicher: 10945.98 MB
Verfügbarer virtueller Speicher: 8527.7 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:118.46 GB) (Free:2.93 GB) NTFS
Drive d: (Lokaler Datenträger) (Fixed) (Total:3725.9 GB) (Free:1.57 GB) NTFS
Drive e: () (Fixed) (Total:931.5 GB) (Free:683.6 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: 803C068A)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=118.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 3726 GB) (Disk ID: 00000000)
Partition: GPT.
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 03F237E4)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=OF Extended)
==================== Ende von Addition.txt ============================ TDSSKiller.txt Code:
12:45:19.0662 0x0b1c TDSS rootkit removing tool 3.1.0.12 Nov 7 2016 07:10:01
12:45:22.0363 0x0b1c ============================================================
12:45:22.0363 0x0b1c Current date / time: 2017/03/10 12:45:22.0363
12:45:22.0363 0x0b1c SystemInfo:
12:45:22.0363 0x0b1c
12:45:22.0363 0x0b1c OS Version: 10.0.14393 ServicePack: 0.0
12:45:22.0363 0x0b1c Product type: Workstation
12:45:22.0363 0x0b1c ComputerName: WALDI-PC
12:45:22.0363 0x0b1c UserName: Waldemar
12:45:22.0363 0x0b1c Windows directory: C:\WINDOWS
12:45:22.0363 0x0b1c System windows directory: C:\WINDOWS
12:45:22.0363 0x0b1c Running under WOW64
12:45:22.0363 0x0b1c Processor architecture: Intel x64
12:45:22.0363 0x0b1c Number of processors: 4
12:45:22.0363 0x0b1c Page size: 0x1000
12:45:22.0363 0x0b1c Boot type: Normal boot
12:45:22.0363 0x0b1c CodeIntegrityOptions = 0x00000001
12:45:22.0363 0x0b1c ============================================================
12:45:22.0541 0x0b1c KLMD registered as C:\WINDOWS\system32\drivers\42120574.sys
12:45:22.0541 0x0b1c KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 14393.693, osProperties = 0x19
12:45:22.0694 0x0b1c System UUID: {B5EFAB99-30E0-88F6-86CB-9728D3AA76C9}
12:45:23.0185 0x0b1c Drive \Device\Harddisk0\DR0 - Size: 0x1DCF856000 ( 119.24 Gb ), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:45:23.0188 0x0b1c Drive \Device\Harddisk1\DR1 - Size: 0x3A3817D6000 ( 3726.02 Gb ), SectorSize: 0x200, Cylinders: 0x76C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:45:23.0188 0x0b1c Drive \Device\Harddisk2\DR2 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:45:23.0196 0x0b1c ============================================================
12:45:23.0196 0x0b1c \Device\Harddisk0\DR0:
12:45:23.0196 0x0b1c MBR partitions:
12:45:23.0196 0x0b1c \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAF000
12:45:23.0196 0x0b1c \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xAF800, BlocksNum 0xECEB000
12:45:23.0196 0x0b1c \Device\Harddisk1\DR1:
12:45:23.0196 0x0b1c GPT partitions:
12:45:23.0196 0x0b1c \Device\Harddisk1\DR1\Partition1: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {A4F28BE4-F15E-4585-919B-061A26EDEE41}, Name: Microsoft reserved partition, StartLBA 0x22, BlocksNum 0x40000
12:45:23.0196 0x0b1c \Device\Harddisk1\DR1\Partition2: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {944D942E-ED38-4F39-B4F1-905C8890A67E}, Name: Basic data partition, StartLBA 0x40800, BlocksNum 0xD1BCB000
12:45:23.0196 0x0b1c MBR partitions:
12:45:23.0196 0x0b1c \Device\Harddisk2\DR2:
12:45:23.0196 0x0b1c MBR partitions:
12:45:23.0197 0x0b1c \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F04, BlocksNum 0x74701ABD
12:45:23.0197 0x0b1c ============================================================
12:45:23.0197 0x0b1c C: <-> \Device\Harddisk0\DR0\Partition2
12:45:23.0215 0x0b1c D: <-> \Device\Harddisk1\DR1\Partition2
12:45:23.0218 0x0b1c E: <-> \Device\Harddisk2\DR2\Partition1
12:45:23.0218 0x0b1c ============================================================
12:45:23.0218 0x0b1c Initialize success
12:45:23.0218 0x0b1c ============================================================
12:45:54.0650 0x1a7c ============================================================
12:45:54.0650 0x1a7c Scan started
12:45:54.0650 0x1a7c Mode: Manual; SigCheck; TDLFS;
12:45:54.0650 0x1a7c ============================================================
12:45:54.0650 0x1a7c KSN ping started
12:45:54.0867 0x1a7c KSN ping finished: true
12:45:55.0438 0x1a7c ================ Scan system memory ========================
12:45:55.0438 0x1a7c System memory - ok
12:45:55.0439 0x1a7c ================ Scan services =============================
12:45:55.0465 0x1a7c 1394ohci - ok
12:45:55.0468 0x1a7c 3ware - ok
12:45:55.0472 0x1a7c ACPI - ok
12:45:55.0475 0x1a7c AcpiDev - ok
12:45:55.0477 0x1a7c acpiex - ok
12:45:55.0482 0x1a7c acpipagr - ok
12:45:55.0485 0x1a7c AcpiPmi - ok
12:45:55.0489 0x1a7c acpitime - ok
12:45:55.0493 0x1a7c ADP80XX - ok
12:45:55.0499 0x1a7c AFD - ok
12:45:55.0503 0x1a7c ahcache - ok
12:45:55.0507 0x1a7c AJRouter - ok
12:45:55.0510 0x1a7c ALG - ok
12:45:55.0517 0x1a7c ALSysIO - ok
12:45:55.0520 0x1a7c AmdK8 - ok
12:45:55.0524 0x1a7c AmdPPM - ok
12:45:55.0527 0x1a7c amdsata - ok
12:45:55.0531 0x1a7c amdsbs - ok
12:45:55.0534 0x1a7c amdxata - ok
12:45:55.0536 0x1a7c AppID - ok
12:45:55.0541 0x1a7c AppIDSvc - ok
12:45:55.0543 0x1a7c Appinfo - ok
12:45:55.0549 0x1a7c applockerfltr - ok
12:45:55.0551 0x1a7c AppMgmt - ok
12:45:55.0556 0x1a7c AppReadiness - ok
12:45:55.0559 0x1a7c AppVClient - ok
12:45:55.0563 0x1a7c AppvStrm - ok
12:45:55.0566 0x1a7c AppvVemgr - ok
12:45:55.0569 0x1a7c AppvVfs - ok
12:45:55.0574 0x1a7c AppXSvc - ok
12:45:55.0576 0x1a7c arcsas - ok
12:45:55.0582 0x1a7c [ 075C9C288BC9B4DE8C162D551A673BAD, 2B26371ABB6972638AB7444D36E5854FC68110056AAB068F46AAF2050E40E795 ] asmthub3 C:\WINDOWS\System32\drivers\asmthub3.sys
12:45:55.0717 0x1a7c asmthub3 - ok
12:45:55.0732 0x1a7c [ 48E2237B58C7BBC5F50891546B374B20, 0493A4162566F64B7027CA247D875856E2A9DB0703A5D3C220326C4FC6476075 ] asmtxhci C:\WINDOWS\System32\drivers\asmtxhci.sys
12:45:55.0752 0x1a7c asmtxhci - ok
12:45:55.0755 0x1a7c AsyncMac - ok
12:45:55.0758 0x1a7c atapi - ok
12:45:55.0760 0x1a7c AudioEndpointBuilder - ok
12:45:55.0763 0x1a7c Audiosrv - ok
12:45:55.0765 0x1a7c AxInstSV - ok
12:45:55.0768 0x1a7c b06bdrv - ok
12:45:55.0771 0x1a7c BasicDisplay - ok
12:45:55.0773 0x1a7c BasicRender - ok
12:45:55.0777 0x1a7c bcmfn - ok
12:45:55.0780 0x1a7c bcmfn2 - ok
12:45:55.0782 0x1a7c BDESVC - ok
12:45:55.0785 0x1a7c Beep - ok
12:45:55.0807 0x1a7c [ 12A7660F0666033B98510A1C45EE0C34, 280350B3E960479A0CE4848916804950CF241846162955EB9D12E725CFF0ADD7 ] BEService C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
12:45:55.0840 0x1a7c BEService - ok
12:45:55.0844 0x1a7c BFE - ok
12:45:55.0847 0x1a7c BITS - ok
12:45:55.0849 0x1a7c bowser - ok
12:45:55.0851 0x1a7c BrokerInfrastructure - ok
12:45:55.0854 0x1a7c BthAvrcpTg - ok
12:45:55.0857 0x1a7c BthHFEnum - ok
12:45:55.0860 0x1a7c bthhfhid - ok
12:45:55.0863 0x1a7c BthHFSrv - ok
12:45:55.0865 0x1a7c BTHMODEM - ok
12:45:55.0869 0x1a7c bthserv - ok
12:45:55.0873 0x1a7c buttonconverter - ok
12:45:55.0875 0x1a7c CapImg - ok
12:45:55.0878 0x1a7c cdfs - ok
12:45:55.0881 0x1a7c CDPSvc - ok
12:45:55.0883 0x1a7c CDPUserSvc - ok
12:45:55.0888 0x1a7c cdrom - ok
12:45:55.0891 0x1a7c CertPropSvc - ok
12:45:55.0893 0x1a7c cht4iscsi - ok
12:45:55.0896 0x1a7c cht4vbd - ok
12:45:55.0899 0x1a7c circlass - ok
12:45:55.0902 0x1a7c CLFS - ok
12:45:55.0905 0x1a7c ClipSVC - ok
12:45:55.0907 0x1a7c clreg - ok
12:45:55.0915 0x1a7c CmBatt - ok
12:45:55.0923 0x1a7c [ B937831896A32FE264B26DD97A3E432D, B13B26153422ADDE9A0DE197FE3F5990D97E85652E914DD9693DCDF0A9388D10 ] cmcore c:\program files (x86)\cmcm\Clean Master\cmcore.exe
12:45:55.0942 0x1a7c cmcore - ok
12:45:55.0945 0x1a7c CNG - ok
12:45:55.0947 0x1a7c cnghwassist - ok
12:45:55.0956 0x1a7c CompositeBus - ok
12:45:55.0959 0x1a7c COMSysApp - ok
12:45:55.0961 0x1a7c condrv - ok
12:45:55.0964 0x1a7c CoreMessagingRegistrar - ok
12:45:55.0978 0x1a7c [ A28D6FA203CE094BDE7ED8CEC6079E42, 5DCA8BA21F5FD0D9F00620E7592949ABCF3BA202CF7AF3D84F93DF7C13E2D4C9 ] cphs C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
12:45:56.0004 0x1a7c cphs - ok
12:45:56.0012 0x1a7c [ 373EC45C5E2E4C31D9A9BEDC084655E3, AF08349968B7822551FAEB54F9B7EE5ADAD7AE5C5C513E43AA760BA1D974982F ] cryptfd C:\WINDOWS\system32\drivers\cryptfd.sys
12:45:56.0028 0x1a7c cryptfd - ok
12:45:56.0031 0x1a7c CryptSvc - ok
12:45:56.0033 0x1a7c CSC - ok
12:45:56.0036 0x1a7c CscService - ok
12:45:56.0039 0x1a7c [ E12939C6D28957C960494DE2EEE30649, 883C02207A9D6DF5363C102DE4B31B3DDB5354B413F9C2FB77832C42EEE9C832 ] CySmb C:\WINDOWS\System32\drivers\cysmb.sys
12:45:56.0063 0x1a7c CySmb - ok
12:45:56.0066 0x1a7c dam - ok
12:45:56.0069 0x1a7c DcomLaunch - ok
12:45:56.0072 0x1a7c DcpSvc - ok
12:45:56.0075 0x1a7c defragsvc - ok
12:45:56.0077 0x1a7c DeviceAssociationService - ok
12:45:56.0080 0x1a7c DeviceInstall - ok
12:45:56.0083 0x1a7c DevQueryBroker - ok
12:45:56.0085 0x1a7c Dfsc - ok
12:45:56.0090 0x1a7c [ 0F4A5D01156B948B54550375498B08A2, 1CAE3D744429A06E9C9EC46AC6B216AB68154EF8FACDD0721C47902B83820F56 ] dg_ssudbus C:\WINDOWS\system32\DRIVERS\ssudbus.sys
12:45:56.0107 0x1a7c dg_ssudbus - ok
12:45:56.0110 0x1a7c Dhcp - ok
12:45:56.0113 0x1a7c diagnosticshub.standardcollector.service - ok
12:45:56.0115 0x1a7c DiagTrack - ok
12:45:56.0142 0x1a7c [ 7B00468816A1D485E38D22704EED5F5C, 5E0D554875DE906015AAD94B02C15D947F33FE6C7C7503D8CEEE06BAB6820064 ] Disc Soft Lite Bus Service C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
12:45:56.0187 0x1a7c Disc Soft Lite Bus Service - ok
12:45:56.0191 0x1a7c disk - ok
12:45:56.0194 0x1a7c DmEnrollmentSvc - ok
12:45:56.0197 0x1a7c dmvsc - ok
12:45:56.0199 0x1a7c dmwappushservice - ok
12:45:56.0202 0x1a7c Dnscache - ok
12:45:56.0206 0x1a7c dot3svc - ok
12:45:56.0209 0x1a7c [ 2283EECDF839CAA92D50A9F11C6B917D, 636519D3293FEB6779F089865C8C59A0763E720AFEFBAD46FDB164FC06B9127E ] dpclat_driver C:\WINDOWS\system32\drivers\dpclat_driver.sys
12:45:56.0222 0x1a7c dpclat_driver - ok
12:45:56.0225 0x1a7c DPS - ok
12:45:56.0227 0x1a7c drmkaud - ok
12:45:56.0230 0x1a7c DsmSvc - ok
12:45:56.0232 0x1a7c DsSvc - ok
12:45:56.0236 0x1a7c [ 679FF716052109392D870F6A6C4A3535, BEF1784448CCA4AF1D67ED68BD0C7CFE01A7719E98CACF92C2DCBFAA916DC57E ] dtlitescsibus C:\WINDOWS\System32\drivers\dtlitescsibus.sys
12:45:56.0250 0x1a7c dtlitescsibus - ok
12:45:56.0254 0x1a7c [ E23FDD696839A4790682CA66C48D3F2F, F5F0721BDA751968224E52E75D0C309A3E084C430CD98E85A55AF622D16B9A44 ] dtliteusbbus C:\WINDOWS\System32\drivers\dtliteusbbus.sys
12:45:56.0267 0x1a7c dtliteusbbus - ok
12:45:56.0270 0x1a7c DXGKrnl - ok
12:45:56.0280 0x1a7c [ 6C58703CA818801BC98EADA857FA405E, CEEF5E6D004A6FF7BA414C0FBECC148622EF2F13D561775CE2A804B110B10DC7 ] e1cexpress C:\WINDOWS\system32\DRIVERS\e1c65x64.sys
12:45:56.0301 0x1a7c e1cexpress - ok
12:45:56.0305 0x1a7c e1iexpress - ok
12:45:56.0308 0x1a7c EapHost - ok
12:45:56.0310 0x1a7c ebdrv - ok
12:45:56.0313 0x1a7c EFS - ok
12:45:56.0316 0x1a7c EhStorClass - ok
12:45:56.0318 0x1a7c EhStorTcgDrv - ok
12:45:56.0321 0x1a7c embeddedmode - ok
12:45:56.0324 0x1a7c EntAppSvc - ok
12:45:56.0326 0x1a7c ErrDev - ok
12:45:56.0332 0x1a7c [ D1B1853EC560BBFFE85DC716DE4154A8, 062E08A249F73651E8E3C12FCA4702894C5BAFC1016EF3BA4BC0D208F0C468F0 ] ESLWireAC C:\WINDOWS\system32\drivers\ESLWireACD.sys
12:45:56.0349 0x1a7c ESLWireAC - ok
12:45:56.0363 0x1a7c [ A2941FF542EFF81B32575EB964A89E48, E0C98E6648EF0B2E4819FA5656A8EF79855C39E0C1D43FCD08B36F1951FBF71A ] EslWireHelper C:\Program Files\EslWire\service\WireHelperSvc.exe
12:45:56.0387 0x1a7c EslWireHelper - ok
12:45:56.0391 0x1a7c [ BE8117569CAA36E03683CC1BACEA1347, F4C55264838166EFC8A05ED1BA36F13B9BAD500CC17204D4C814050B8C18E107 ] ESProtectionDriver C:\WINDOWS\system32\drivers\mbae64.sys
12:45:56.0407 0x1a7c ESProtectionDriver - ok
12:45:56.0411 0x1a7c EventSystem - ok
12:45:56.0414 0x1a7c exfat - ok
12:45:56.0416 0x1a7c fastfat - ok
12:45:56.0419 0x1a7c fdc - ok
12:45:56.0421 0x1a7c fdPHost - ok
12:45:56.0424 0x1a7c FDResPub - ok
12:45:56.0427 0x1a7c fhsvc - ok
12:45:56.0429 0x1a7c FileCrypt - ok
12:45:56.0433 0x1a7c FileInfo - ok
12:45:56.0436 0x1a7c Filetrace - ok
12:45:56.0439 0x1a7c flpydisk - ok
12:45:56.0442 0x1a7c FltMgr - ok
12:45:56.0445 0x1a7c FontCache - ok
12:45:56.0449 0x1a7c FontCache3.0.0.0 - ok
12:45:56.0451 0x1a7c FrameServer - ok
12:45:56.0455 0x1a7c FsDepends - ok
12:45:56.0457 0x1a7c Fs_Rec - ok
12:45:56.0464 0x1a7c fvevol - ok
12:45:56.0467 0x1a7c gencounter - ok
12:45:56.0469 0x1a7c genericusbfn - ok
12:45:56.0472 0x1a7c GPIOClx0101 - ok
12:45:56.0475 0x1a7c gpsvc - ok
12:45:56.0478 0x1a7c GpuEnergyDrv - ok
12:45:56.0480 0x1a7c HdAudAddService - ok
12:45:56.0483 0x1a7c HDAudBus - ok
12:45:56.0485 0x1a7c HidBatt - ok
12:45:56.0489 0x1a7c HidBth - ok
12:45:56.0491 0x1a7c hidi2c - ok
12:45:56.0494 0x1a7c hidinterrupt - ok
12:45:56.0496 0x1a7c HidIr - ok
12:45:56.0499 0x1a7c hidserv - ok
12:45:56.0502 0x1a7c HidUsb - ok
12:45:56.0505 0x1a7c HomeGroupListener - ok
12:45:56.0507 0x1a7c HomeGroupProvider - ok
12:45:56.0510 0x1a7c HpSAMD - ok
12:45:56.0513 0x1a7c HTTP - ok
12:45:56.0516 0x1a7c HvHost - ok
12:45:56.0518 0x1a7c hvservice - ok
12:45:56.0522 0x1a7c [ EF558A02D734A1403583E95CCEEC2487, F0D052DAF48A62E4A90D067BFCB5EE9563804DE68D0EA82E0E11C8D16AD19D29 ] HWiNFO32 C:\WINDOWS\system32\drivers\HWiNFO64A.SYS
12:45:56.0536 0x1a7c HWiNFO32 - ok
12:45:56.0539 0x1a7c hwpolicy - ok
12:45:56.0541 0x1a7c hyperkbd - ok
12:45:56.0544 0x1a7c i8042prt - ok
12:45:56.0547 0x1a7c iagpio - ok
12:45:56.0549 0x1a7c iai2c - ok
12:45:56.0553 0x1a7c iaLPSS2i_GPIO2 - ok
12:45:56.0556 0x1a7c iaLPSS2i_I2C - ok
12:45:56.0559 0x1a7c iaLPSSi_GPIO - ok
12:45:56.0561 0x1a7c iaLPSSi_I2C - ok
12:45:56.0564 0x1a7c iaStorAV - ok
12:45:56.0567 0x1a7c iaStorV - ok
12:45:56.0570 0x1a7c ibbus - ok
12:45:56.0576 0x1a7c [ 83FF82FE209E7997067B375DAD6CF23D, E312DD068E51DBF96A8232D7D1C9F158652FDA23649655F1102928B320795091 ] ICCS C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
12:45:56.0592 0x1a7c ICCS - ok
12:45:56.0596 0x1a7c icssvc - ok
12:45:56.0655 0x1a7c [ 9CE4D3A79D3180AC5A141E2F7E7137F4, 1D717D2156B78632895281779D2646AB066619EA1DB293A9505BF7C174F53271 ] igfx C:\WINDOWS\system32\DRIVERS\igdkmd64.sys
12:45:56.0741 0x1a7c igfx - ok
12:45:56.0754 0x1a7c [ 6A9C613D0F5F9676D128F39B63ACE45B, 027B9568C740E336C7CBBE952309E2719E8FFA14E7DFC2B85B49E0C0CE7D2149 ] igfxCUIService1.0.0.0 C:\WINDOWS\system32\igfxCUIService.exe
12:45:56.0779 0x1a7c igfxCUIService1.0.0.0 - ok
12:45:56.0782 0x1a7c IKEEXT - ok
12:45:56.0785 0x1a7c IndirectKmd - ok
12:45:56.0792 0x1a7c intaud_WaveExtensible - ok
12:45:56.0796 0x1a7c IntcAzAudAddService - ok
12:45:56.0809 0x1a7c [ 87871AB7AC797F922A6F3D4C874CED96, 2BCD89911E42827CD294DD7D1486A7845D1F98019E51958E0F488384401B2944 ] IntcDAud C:\WINDOWS\system32\DRIVERS\IntcDAud.sys
12:45:56.0831 0x1a7c IntcDAud - ok
12:45:56.0834 0x1a7c intelide - ok
12:45:56.0837 0x1a7c intelpep - ok
12:45:56.0841 0x1a7c intelppm - ok
12:45:56.0845 0x1a7c iorate - ok
12:45:56.0850 0x1a7c IpFilterDriver - ok
12:45:56.0853 0x1a7c iphlpsvc - ok
12:45:56.0858 0x1a7c IPMIDRV - ok
12:45:56.0861 0x1a7c IPNAT - ok
12:45:56.0865 0x1a7c irda - ok
12:45:56.0868 0x1a7c IRENUM - ok
12:45:56.0872 0x1a7c irmon - ok
12:45:56.0875 0x1a7c isapnp - ok
12:45:56.0878 0x1a7c iScsiPrt - ok
12:45:56.0882 0x1a7c iwdbus - ok
12:45:56.0886 0x1a7c [ 54D923C0C7B48896D2C1FFB481D197C8, BEC8FD08D8A56D2F913665D24239AF37ADCADA3F2E7EB2EAD2439D549B989AA7 ] KAVBootC C:\WINDOWS\system32\Drivers\KAVBootC64_ev.sys
12:45:56.0903 0x1a7c KAVBootC - ok
12:45:56.0907 0x1a7c kbdclass - ok
12:45:56.0910 0x1a7c kbdhid - ok
12:45:56.0926 0x1a7c [ 4F225FA978B91A5F2E9B59B634DB3AD0, D7F675E31D0D1A0996069E49F424CF013CE4082BDD4404545EF64DE7748302B2 ] KDHacker c:\program files (x86)\kingsoft\kingsoft antivirus\security\kxescan\kdhacker64_ev.sys
12:45:56.0946 0x1a7c KDHacker - ok
12:45:56.0951 0x1a7c kdnic - ok
12:45:56.0953 0x1a7c KeyIso - ok
12:45:56.0963 0x1a7c [ A455A2E35CBF9DE373B3C832FBBC870A, BA794235C3DB4EA80A1DCB94950EB96561962E151F61EFC190080E333242DE3E ] kisknl C:\WINDOWS\system32\drivers\kisknl.sys
12:45:56.0983 0x1a7c kisknl - ok
12:45:56.0989 0x1a7c [ 914866F1BD154F98E1DB2FBE98D82366, BD7EBB33AA7DF3936D82DD874187D24442CE1391F0815A8FCA812197B92E456A ] kisnetm c:\program files (x86)\kingsoft\kingsoft antivirus\security\ksnetm\kisnetm64_ev.sys
12:45:57.0005 0x1a7c kisnetm - ok
12:45:57.0010 0x1a7c [ 1341361CDD70EDA8A4E0CD5433A6B0BB, 1C1035A4E34284891427109802F866F5FA3B1E74123B8E91948796BD3578A9B1 ] ksapi64 C:\WINDOWS\system32\drivers\ksapi64.sys
12:45:57.0026 0x1a7c ksapi64 - ok
12:45:57.0030 0x1a7c KSecDD - ok
12:45:57.0034 0x1a7c KSecPkg - ok
12:45:57.0037 0x1a7c ksthunk - ok
12:45:57.0041 0x1a7c KtmRm - ok
12:45:57.0050 0x1a7c [ 7DACF31D3906C42DE3529BBA7F4F43CB, AE516A5EC2E01334EDB329C4268186A8810F31CBDCB8EDA9B8F4A3A393816BB9 ] kxescore c:\program files (x86)\kingsoft\kingsoft antivirus\kxescore.exe
12:45:57.0071 0x1a7c kxescore - ok
12:45:57.0076 0x1a7c LanmanServer - ok
12:45:57.0079 0x1a7c LanmanWorkstation - ok
12:45:57.0084 0x1a7c lfsvc - ok
12:45:57.0088 0x1a7c [ 17325C9B9ADB2BB99049936D0C9812C8, 70ADDC85FD5757BC9C4B97F382B25A19851FF8275021FFC04A81E208A604F83E ] LGBusEnum C:\WINDOWS\system32\drivers\LGBusEnum.sys
12:45:57.0106 0x1a7c LGBusEnum - ok
12:45:57.0110 0x1a7c [ C7AF05942E041D4B1F345ACF79993BB3, E8FAAE356C99A11F6CF17640FD9C67F87AFBFEFB70C458CB85178F2AD94DF848 ] LGJoyXlCore C:\WINDOWS\system32\drivers\LGJoyXlCore.sys
12:45:57.0130 0x1a7c LGJoyXlCore - ok
12:45:57.0134 0x1a7c [ F705A641C18DF31B48B5DBDA94B425E4, 1F47EE43CAFE5458E56467E127EE99B5FDBFF8B810CF92B232094B475DD42B21 ] LGPBTDD C:\WINDOWS\System32\Drivers\LGPBTDD.sys
12:45:57.0147 0x1a7c LGPBTDD - ok
12:45:57.0151 0x1a7c [ 1DDB8DE3D6EEF31EDCF4977B2D2FAACC, 24291B522A596E2D9A1CDAC192DB1C7422D5DD0E87E5C8A5F5E2CAA90296BF23 ] LGVirHid C:\WINDOWS\system32\drivers\LGVirHid.sys
12:45:57.0166 0x1a7c LGVirHid - ok
12:45:57.0169 0x1a7c LicenseManager - ok
12:45:57.0172 0x1a7c lltdio - ok
12:45:57.0175 0x1a7c lltdsvc - ok
12:45:57.0178 0x1a7c lmhosts - ok
12:45:57.0182 0x1a7c LSI_SAS - ok
12:45:57.0185 0x1a7c LSI_SAS2i - ok
12:45:57.0188 0x1a7c LSI_SAS3i - ok
12:45:57.0191 0x1a7c LSI_SSS - ok
12:45:57.0194 0x1a7c LSM - ok
12:45:57.0197 0x1a7c luafv - ok
12:45:57.0201 0x1a7c MapsBroker - ok
12:45:57.0207 0x1a7c [ 0E4AD4D8C0A8048C00CAD9CFA082A26E, 77DE05486CA6A3DFAF7DDF249C27BE0CED7B678623D19419FE2B414BBA1E6F8E ] MBAMChameleon C:\WINDOWS\system32\drivers\MBAMChameleon.sys
12:45:57.0224 0x1a7c MBAMChameleon - ok
12:45:57.0229 0x1a7c [ E8922903632E78D9E60375E117089088, DE4E17E923AF1DAE0F42990BFBBD35CE9E0FD0483059FEDAA7B5F98034ED23AF ] MBAMFarflt C:\WINDOWS\system32\drivers\farflt.sys
12:45:57.0244 0x1a7c MBAMFarflt - ok
12:45:57.0248 0x1a7c [ 88BD122C3A35DE63D75D382DF75554CE, ABDF59543CAD186A6ED4E66257205D9CF5047732A5DA74A96A28B468B41BC396 ] MBAMProtection C:\WINDOWS\system32\drivers\mbam.sys
12:45:57.0262 0x1a7c MBAMProtection - ok
12:45:57.0331 0x1a7c [ 804E3246E3E73D4A936F2F4BCDC53A2D, BF1F9B4AC292238FA6EE541E325B220F311977F9D87D5BC7F90AD058FBF0B35A ] MBAMService C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
12:45:57.0413 0x1a7c MBAMService - ok
12:45:57.0424 0x1a7c [ BDE2FC7213C0897524C1357BAAE30239, 1E1AB68145107429217E07A662477C86406E0188BE9F01CAC416AC13054D1A5E ] MBAMSwissArmy C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
12:45:57.0442 0x1a7c MBAMSwissArmy - ok
12:45:57.0445 0x1a7c megasas - ok
12:45:57.0448 0x1a7c megasas2i - ok
12:45:57.0451 0x1a7c megasr - ok
12:45:57.0458 0x1a7c [ 220B49994DCFAC3BB242A8C3047E58A2, B01EA1751CE80E357DB643938F603DAE11A7F88B7B1187D769C5A3209A932E64 ] MEIx64 C:\WINDOWS\System32\drivers\TeeDriverW8x64.sys
12:45:57.0478 0x1a7c MEIx64 - ok
12:45:57.0482 0x1a7c MessagingService - ok
12:45:57.0487 0x1a7c mlx4_bus - ok
12:45:57.0490 0x1a7c MMCSS - ok
12:45:57.0493 0x1a7c Modem - ok
12:45:57.0496 0x1a7c monitor - ok
12:45:57.0499 0x1a7c mouclass - ok
12:45:57.0501 0x1a7c mouhid - ok
12:45:57.0504 0x1a7c mountmgr - ok
12:45:57.0510 0x1a7c [ 3F3D10A165EC7E9B8298DD308512452D, 565AE2B47543446B41455400B4C8FBCC202E584436921BE332FC01D4080BA17A ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
12:45:57.0526 0x1a7c MozillaMaintenance - ok
12:45:57.0529 0x1a7c mpsdrv - ok
12:45:57.0532 0x1a7c MpsSvc - ok
12:45:57.0535 0x1a7c MRxDAV - ok
12:45:57.0538 0x1a7c mrxsmb - ok
12:45:57.0541 0x1a7c mrxsmb20 - ok
12:45:57.0544 0x1a7c MsBridge - ok
12:45:57.0547 0x1a7c MSDTC - ok
12:45:57.0553 0x1a7c Msfs - ok
12:45:57.0556 0x1a7c msgpiowin32 - ok
12:45:57.0559 0x1a7c mshidkmdf - ok
12:45:57.0562 0x1a7c mshidumdf - ok
12:45:57.0565 0x1a7c msisadrv - ok
12:45:57.0568 0x1a7c MSiSCSI - ok
12:45:57.0571 0x1a7c msiserver - ok
12:45:57.0574 0x1a7c MSKSSRV - ok
12:45:57.0577 0x1a7c MsLldp - ok
12:45:57.0580 0x1a7c MSPCLOCK - ok
12:45:57.0583 0x1a7c MSPQM - ok
12:45:57.0586 0x1a7c MsRPC - ok
12:45:57.0591 0x1a7c MsSecFlt - ok
12:45:57.0593 0x1a7c mssmbios - ok
12:45:57.0596 0x1a7c MSTEE - ok
12:45:57.0599 0x1a7c MTConfig - ok
12:45:57.0602 0x1a7c Mup - ok
12:45:57.0605 0x1a7c mvumis - ok
12:45:57.0611 0x1a7c [ 289F6579EE0D877BFCF1F92A8581F725, 8EC906AB2A161883535AF1DA29857BAD2857B03A6935C568C558D9FE54DCFC92 ] NanoServiceMain C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
12:45:57.0628 0x1a7c NanoServiceMain - ok
12:45:57.0632 0x1a7c NativeWifiP - ok
12:45:57.0635 0x1a7c NcaSvc - ok
12:45:57.0639 0x1a7c NcbService - ok
12:45:57.0642 0x1a7c NcdAutoSetup - ok
12:45:57.0644 0x1a7c ndfltr - ok
12:45:57.0648 0x1a7c NDIS - ok
12:45:57.0650 0x1a7c NdisCap - ok
12:45:57.0654 0x1a7c NdisImPlatform - ok
12:45:57.0657 0x1a7c NdisTapi - ok
12:45:57.0660 0x1a7c Ndisuio - ok
12:45:57.0663 0x1a7c NdisVirtualBus - ok
12:45:57.0666 0x1a7c NdisWan - ok
12:45:57.0669 0x1a7c ndiswanlegacy - ok
12:45:57.0672 0x1a7c ndproxy - ok
12:45:57.0675 0x1a7c Ndu - ok
12:45:57.0678 0x1a7c NetAdapterCx - ok
12:45:57.0681 0x1a7c NetBIOS - ok
12:45:57.0686 0x1a7c NetBT - ok
12:45:57.0689 0x1a7c Netlogon - ok
12:45:57.0692 0x1a7c Netman - ok
12:45:57.0695 0x1a7c netprofm - ok
12:45:57.0698 0x1a7c NetSetupSvc - ok
12:45:57.0703 0x1a7c NetTcpPortSharing - ok
12:45:57.0707 0x1a7c NgcCtnrSvc - ok
12:45:57.0710 0x1a7c NgcSvc - ok
12:45:57.0714 0x1a7c NlaSvc - ok
12:45:57.0719 0x1a7c [ AB0775C841CED2716C5DA038FEB4EEE9, 41FC1195B814DDEE24D2302E9E2C7B6C904E88C92BC4EB70848369F65A5BB4F4 ] NNSALPC C:\WINDOWS\system32\DRIVERS\NNSALPC.sys
12:45:57.0736 0x1a7c NNSALPC - ok
12:45:57.0743 0x1a7c [ 1362C5F15842E25F6FFAE684699212B1, 35198C54A2C91A96DDB74BDBC8098255EC1FE1100C64D4B1DA029A9B962CAE06 ] NNSHTTP C:\WINDOWS\system32\DRIVERS\NNSHTTP.sys
12:45:57.0762 0x1a7c NNSHTTP - ok
12:45:57.0767 0x1a7c [ E0AC1676BF5D35EA6C91B6DA88999BE4, 355D117C118FDEA7837056B618239B0E3D6FFD7783F31CE3CE36EB6138145FFB ] NNSHTTPS C:\WINDOWS\system32\DRIVERS\NNSHTTPS.sys
12:45:57.0784 0x1a7c NNSHTTPS - ok
12:45:57.0789 0x1a7c [ C3988C828211084548D1AE8F7607A38A, E4D4BCEF78B83724CDDE29E43170EE19E236518CB73D24B6B0CE318F4BE74B88 ] NNSIDS C:\WINDOWS\system32\DRIVERS\NNSIDS.sys
12:45:57.0808 0x1a7c NNSIDS - ok
12:45:57.0813 0x1a7c [ 82E4D19CA78E6F458BF8CADDCEC472D7, 391E9A9E47B4D88EFD185D7476EDEF0B3A076A20ECF40F974E17B0237EB8FF8E ] NNSNAHSL C:\WINDOWS\system32\DRIVERS\NNSNAHSL.sys
12:45:57.0830 0x1a7c NNSNAHSL - ok
12:45:57.0836 0x1a7c [ 0C048AD75EBF7F672B96C0BF05B544B3, 6090F64C3FDD2B33C331017AF5B30335E52B5938D56F8CCFC680E70B57517D87 ] NNSPICC C:\WINDOWS\system32\DRIVERS\NNSPICC.sys
12:45:57.0855 0x1a7c NNSPICC - ok
12:45:57.0861 0x1a7c [ 2747D1FC56531B7730E3E2BF1D4A6B9E, 77D277E3BBD4A31AC924DA7A44CA762594816BF5377715E5BCDA978B317FDA7D ] NNSPIHSW C:\WINDOWS\system32\DRIVERS\NNSPIHSW.sys
12:45:57.0879 0x1a7c NNSPIHSW - ok
12:45:57.0885 0x1a7c [ 6E8E7B5316DAF27CD919F9408FB87D5F, CAF530B7A0DFEA0ADA096E115B800F53A81884AF2710A5B4B912131D9C7F9FED ] NNSPOP3 C:\WINDOWS\system32\DRIVERS\NNSPOP3.sys
12:45:57.0905 0x1a7c NNSPOP3 - ok
12:45:57.0916 0x1a7c [ 9DBFA7CA238E9B1354511BF12B2A8908, AA0CCA6ABF3B01532013CFE9A244401AEDAE33C2360BA2EE1218C22CA7C621D5 ] NNSPROT C:\WINDOWS\system32\DRIVERS\NNSPROT.sys
12:45:57.0939 0x1a7c NNSPROT - ok
12:45:57.0946 0x1a7c [ 2E945D2B21EDBAFED2A652C8C5910A48, ED5FCB8311C7C01F7FC37CC4EAD4B458FC2047C347B486453E3D4D3BEE377110 ] NNSPRV C:\WINDOWS\system32\DRIVERS\NNSPRV.sys
12:45:57.0966 0x1a7c NNSPRV - ok
12:45:57.0972 0x1a7c [ B232F8BED95B4EEB61688CBB0291D5CA, 5C5100904950E230A49C906AE1AE3BCBFA59D63C2B8F690B6CA66285B8E4D459 ] NNSSMTP C:\WINDOWS\system32\DRIVERS\NNSSMTP.sys
12:45:57.0991 0x1a7c NNSSMTP - ok
12:45:57.0999 0x1a7c [ CF93020361BD51058B0CA1467C341A52, AA36B26AD075FFB8877063E107E310B46BE94DD0BA58C7F41F1CB963CDA2C436 ] NNSSTRM C:\WINDOWS\system32\DRIVERS\NNSSTRM.sys
12:45:58.0022 0x1a7c NNSSTRM - ok
12:45:58.0028 0x1a7c [ 9748643F2E1C1A5856BF63200F4B5B3B, E7CD2CC24679A63D721E38F57B27B22DFB8D8A8453C4B479D3433AF212EB6D9C ] NNSTLSC C:\WINDOWS\system32\DRIVERS\NNSTLSC.sys
12:45:58.0047 0x1a7c NNSTLSC - ok
12:45:58.0051 0x1a7c Npfs - ok
12:45:58.0055 0x1a7c npsvctrig - ok
12:45:58.0059 0x1a7c nsi - ok
12:45:58.0062 0x1a7c nsiproxy - ok
12:45:58.0068 0x1a7c NTFS - ok
12:45:58.0073 0x1a7c Null - ok
12:45:58.0076 0x1a7c nvlddmkm - ok
12:45:58.0080 0x1a7c nvraid - ok
12:45:58.0084 0x1a7c nvstor - ok
12:45:58.0087 0x1a7c OneSyncSvc - ok
12:45:58.0126 0x1a7c [ 241B7F92346973C10195AD7861596709, E0972047D202F539A8367E50DE278AF6103FA72C8E61F6D5B0DC1EA8FD338355 ] Origin Client Service C:\Program Files (x86)\Origin\OriginClientService.exe
12:45:58.0178 0x1a7c Origin Client Service - ok
12:45:58.0218 0x1a7c [ 685176200A9246175FB8EF95F6FF9EAF, 93A5F307B1DF545CA5334BBB81E5E388A3E7911A9FF6ECBC066A3A5E11300AE4 ] Origin Web Helper Service C:\Program Files (x86)\Origin\OriginWebHelperService.exe
12:45:58.0265 0x1a7c Origin Web Helper Service - ok
12:45:58.0274 0x1a7c [ 11E0B35479C895888BA3D7F619DCFFF3, 6ED82C19898101EC00BD64A9F90595C3D20AD2D2902AA8765B740FB3B9312DDF ] ose64 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:45:58.0293 0x1a7c ose64 - ok
12:45:58.0297 0x1a7c p2pimsvc - ok
12:45:58.0300 0x1a7c p2psvc - ok
12:45:58.0306 0x1a7c [ 823079C4FF6CE5AB1C61A332FFA8918E, D31EC3DF7F28875FE567D489000B2CC98D34ACB85598C584316047487E90985F ] PandaAgent C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
12:45:58.0320 0x1a7c PandaAgent - ok
12:45:58.0324 0x1a7c Parport - ok
12:45:58.0327 0x1a7c partmgr - ok
12:45:58.0331 0x1a7c PcaSvc - ok
12:45:58.0334 0x1a7c pci - ok
12:45:58.0337 0x1a7c pciide - ok
12:45:58.0340 0x1a7c pcmcia - ok
12:45:58.0343 0x1a7c pcw - ok
12:45:58.0347 0x1a7c pdc - ok
12:45:58.0354 0x1a7c [ 8EF3368E5559BC0FC68E8AFF07D55C33, FEB727868A8E6292DF755EBF418371E45549EA17A835351406F8D90AAC36CCDA ] PDF24 C:\Program Files (x86)\PDF24\pdf24.exe
12:45:58.0373 0x1a7c PDF24 - ok
12:45:58.0377 0x1a7c PEAUTH - ok
12:45:58.0380 0x1a7c PeerDistSvc - ok
12:45:58.0383 0x1a7c percsas2i - ok
12:45:58.0387 0x1a7c percsas3i - ok
12:45:58.0397 0x1a7c PerfHost - ok
12:45:58.0406 0x1a7c PhoneSvc - ok
12:45:58.0410 0x1a7c PimIndexMaintenanceSvc - ok
12:45:58.0415 0x1a7c pla - ok
12:45:58.0419 0x1a7c PlugPlay - ok
12:45:58.0422 0x1a7c PnkBstrA - ok
12:45:58.0426 0x1a7c PNRPAutoReg - ok
12:45:58.0429 0x1a7c PNRPsvc - ok
12:45:58.0433 0x1a7c PolicyAgent - ok
12:45:58.0438 0x1a7c Power - ok
12:45:58.0442 0x1a7c PptpMiniport - ok
12:45:58.0496 0x1a7c [ 7196D3C2E2E3129814C8DAB91F9A7D1E, 6763E4BF8E846B597E78778E520F5BADC95608BAA4EA0AC84971384B5D976DD7 ] PrintNotify C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
12:45:58.0598 0x1a7c PrintNotify - ok
12:45:58.0605 0x1a7c Processor - ok
12:45:58.0608 0x1a7c ProfSvc - ok
12:45:58.0612 0x1a7c Psched - ok
12:45:58.0618 0x1a7c [ CCDD6415F09592CBB168968649D5697C, 7968B3B52123BEDD36B158EB19D3C54FEBBB0FB778E8D82C9653C73D89765D73 ] PSINAflt C:\WINDOWS\system32\DRIVERS\PSINAflt.sys
12:45:58.0636 0x1a7c PSINAflt - ok
12:45:58.0641 0x1a7c [ 76D345AFFAB3C67C61BD005B0ED8FD78, FAD039103673E77671D23D91FA5E37C125AE28CC45D7AA21F44FBC73B3690883 ] PSINFile C:\WINDOWS\system32\DRIVERS\PSINFile.sys
12:45:58.0659 0x1a7c PSINFile - ok
12:45:58.0666 0x1a7c [ DCAA5C97EC3D6787252D3DC7CB889662, E0C1D2B406B2766B0582C775EF3F19AE8AC79782FB8051DBAF9564435AB69012 ] PSINKNC C:\WINDOWS\system32\DRIVERS\PSINKNC.sys
12:45:58.0685 0x1a7c PSINKNC - ok
12:45:58.0691 0x1a7c [ 740842FBB30BA828BB21CE7E7718488F, E65112A5E20F25FD138EF17C5344CE4B4B014AD2947E3F118F317D54F76F9F15 ] PSINProc C:\WINDOWS\system32\DRIVERS\PSINProc.sys
12:45:58.0708 0x1a7c PSINProc - ok
12:45:58.0714 0x1a7c [ 4623CDEA44E99AC1C701F256A5219E9F, D5C9B7B4AEEE338CE67202FF063307CBD0DE0CEB2E5959310F8F0287DFE60FF1 ] PSINProt C:\WINDOWS\system32\DRIVERS\PSINProt.sys
12:45:58.0732 0x1a7c PSINProt - ok
12:45:58.0737 0x1a7c [ 196F805801DE318E3B37258EE4242039, C5FE3213C6820400926A0628E0E4EC65D62FD5C07FA29711F1865381E016B2BA ] PSINReg C:\WINDOWS\system32\DRIVERS\PSINReg.sys
12:45:58.0754 0x1a7c PSINReg - ok
12:45:58.0759 0x1a7c [ 9746D407113028F9CDAC7031D717203E, 7F9A397038732678C52A73E5E2238AB3619E3C1FCB2CE41EFC8E5BD38D77F83E ] PSKMAD C:\WINDOWS\system32\DRIVERS\PSKMAD.sys
12:45:58.0776 0x1a7c PSKMAD - ok
12:45:58.0781 0x1a7c [ 4347D183A11CAD2D6F9198863793CA72, 381E44494570170CD2FE95658F2EF2C50A2DE273CF49C85E39D5CC44BB9244A8 ] PSUAService C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
12:45:58.0796 0x1a7c PSUAService - ok
12:45:58.0800 0x1a7c [ C32ECB99AD25E9A04F01C8665DF29EF8, 0489B3DEC6A33E50D8A48A8DAD3F5B923A81F7300E4A71358D90D2879BAC9AA2 ] pwdrvio C:\WINDOWS\system32\pwdrvio.sys
12:45:58.0820 0x1a7c pwdrvio - ok
12:45:58.0824 0x1a7c [ D619356B955EEFA642F5FF72755E8B3C, 1FD54978A77ACD6FBF1236E177ED074894743A9141E4169FE9AFE28680FC93C5 ] pwdspio C:\WINDOWS\system32\pwdspio.sys
12:45:58.0842 0x1a7c pwdspio - ok
12:45:58.0846 0x1a7c QWAVE - ok
12:45:58.0849 0x1a7c QWAVEdrv - ok
12:45:58.0852 0x1a7c RasAcd - ok
12:45:58.0856 0x1a7c RasAgileVpn - ok
12:45:58.0859 0x1a7c RasAuto - ok
12:45:58.0863 0x1a7c Rasl2tp - ok
12:45:58.0866 0x1a7c RasMan - ok
12:45:58.0869 0x1a7c RasPppoe - ok
12:45:58.0873 0x1a7c RasSstp - ok
12:45:58.0876 0x1a7c rdbss - ok
12:45:58.0881 0x1a7c rdpbus - ok
12:45:58.0884 0x1a7c RDPDR - ok
12:45:58.0892 0x1a7c RdpVideoMiniport - ok
12:45:58.0895 0x1a7c rdyboost - ok
12:45:58.0899 0x1a7c ReFSv1 - ok
12:45:58.0905 0x1a7c RemoteAccess - ok
12:45:58.0909 0x1a7c RemoteRegistry - ok
12:45:58.0913 0x1a7c RetailDemo - ok
12:45:58.0917 0x1a7c RmSvc - ok
12:45:58.0920 0x1a7c RpcEptMapper - ok
12:45:58.0923 0x1a7c RpcLocator - ok
12:45:58.0927 0x1a7c RpcSs - ok
12:45:58.0931 0x1a7c [ AD53BCEE2C4EE1BCE383D75030B0EDF6, C23D2441D8D2E7BBA4227399447C9F30C286861CC7D0BBC911A169C226BFE7BC ] rspLLL C:\WINDOWS\system32\DRIVERS\rspLLL64.sys
12:45:58.0945 0x1a7c rspLLL - ok
12:45:58.0948 0x1a7c rspndr - ok
12:45:58.0951 0x1a7c [ 6A094D8E4B00DD1D93EB494099E98478, D7DDF874304556F8A10942A29B3D387CB5155A7419F87813557FE728CB14806D ] RTCore64 C:\Program Files (x86)\MSI Afterburner\RTCore64.sys
12:45:58.0964 0x1a7c RTCore64 - ok
12:45:58.0968 0x1a7c s3cap - ok
12:45:58.0972 0x1a7c SamSs - ok
12:45:58.0975 0x1a7c sbp2port - ok
12:45:58.0979 0x1a7c SCardSvr - ok
12:45:58.0983 0x1a7c ScDeviceEnum - ok
12:45:58.0987 0x1a7c scfilter - ok
12:45:58.0990 0x1a7c Schedule - ok
12:45:58.0994 0x1a7c scmbus - ok
12:45:58.0997 0x1a7c scmdisk0101 - ok
12:45:59.0001 0x1a7c SCPolicySvc - ok
12:45:59.0004 0x1a7c sdbus - ok
12:45:59.0008 0x1a7c SDRSVC - ok
12:45:59.0011 0x1a7c sdstor - ok
12:45:59.0015 0x1a7c seclogon - ok
12:45:59.0019 0x1a7c [ 07F83829E7429E60298440CD1E601A6A, 9F1229CD8DD9092C27A01F5D56E3C0D59C2BB9F0139ABF042E56F343637FDA33 ] semav6msr64 C:\WINDOWS\system32\drivers\semav6msr64.sys
12:45:59.0033 0x1a7c semav6msr64 - ok
12:45:59.0036 0x1a7c SENS - ok
12:45:59.0039 0x1a7c Sense - ok
12:45:59.0043 0x1a7c SensorDataService - ok
12:45:59.0047 0x1a7c SensorService - ok
12:45:59.0051 0x1a7c SensrSvc - ok
12:45:59.0054 0x1a7c SerCx - ok
12:45:59.0058 0x1a7c SerCx2 - ok
12:45:59.0062 0x1a7c Serenum - ok
12:45:59.0065 0x1a7c Serial - ok
12:45:59.0068 0x1a7c sermouse - ok
12:45:59.0078 0x1a7c SessionEnv - ok
12:45:59.0082 0x1a7c sfloppy - ok
12:45:59.0085 0x1a7c SharedAccess - ok
12:45:59.0090 0x1a7c ShellHWDetection - ok
12:45:59.0094 0x1a7c shpamsvc - ok
12:45:59.0097 0x1a7c SiSRaid2 - ok
12:45:59.0101 0x1a7c SiSRaid4 - ok
12:45:59.0109 0x1a7c [ B72B80E6FF423C5011E745CB76DA9A08, 18A6B9D46E91AD4D463EB5CB832702392D2E162577F90C328B515FCE69FABD15 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
12:45:59.0133 0x1a7c SkypeUpdate - ok
12:45:59.0137 0x1a7c smphost - ok
12:45:59.0141 0x1a7c SmsRouter - ok
12:45:59.0148 0x1a7c SNMPTRAP - ok
12:45:59.0158 0x1a7c spaceport - ok
12:45:59.0162 0x1a7c SpbCx - ok
12:45:59.0171 0x1a7c [ 0FFE35F0B0CD5A324BBE22F02569AE3B, F4EE803EEFDB4EAEEDB3024C3516F1F9A202C77F4870D6B74356BBDE32B3B560 ] speedfan C:\WINDOWS\SysWOW64\speedfan.sys
12:45:59.0191 0x1a7c speedfan - ok
12:45:59.0194 0x1a7c Spooler - ok
12:45:59.0198 0x1a7c sppsvc - ok
12:45:59.0202 0x1a7c srv2 - ok
12:45:59.0206 0x1a7c srvnet - ok
12:45:59.0212 0x1a7c [ DF11D259C10C9D0DFCCBA1093C5DB1BD, A9AEF5D88DDDCE27A4640FE82CED92A4957C42F8E9EEDFC52DC128A66E0B43ED ] sscdbus C:\WINDOWS\System32\drivers\sscdbus.sys
12:45:59.0229 0x1a7c sscdbus - ok
12:45:59.0233 0x1a7c [ 3EF9386DC95BF2AE60D08367E5E4E785, BC75B656EC8D9497F2A10A5A7B226CB06F1664C044BAF2C10AB0AD884A0E364A ] sscdmdfl C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
12:45:59.0246 0x1a7c sscdmdfl - ok
12:45:59.0253 0x1a7c [ 00D2AA893C662A9EB9B779F6CA2B0DFB, D9DF6D5C7006A417F629C89FB94F735F807FB781242B5C7B1D82D08828FA2BA9 ] sscdmdm C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
12:45:59.0268 0x1a7c sscdmdm - ok
12:45:59.0272 0x1a7c SSDPSRV - ok
12:45:59.0276 0x1a7c SstpSvc - ok
12:45:59.0283 0x1a7c [ 37680AECA1BF2D430719A297F68ECD49, 64E6A2C077316CE4807F2F480324F4011003686F698CCB0AA93C659DAAE1FAB5 ] ssudmdm C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
12:45:59.0299 0x1a7c ssudmdm - ok
12:45:59.0315 0x1a7c [ 7DB9E612A2742ACEAB080B882E83141C, FFD1FA36E732F55223F3F4B5F845331DBB3073B023C2C5BF51A0E7680DEE7FA7 ] ss_conn_service C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
12:45:59.0340 0x1a7c ss_conn_service - ok
12:45:59.0344 0x1a7c StateRepository - ok
12:45:59.0370 0x1a7c [ 596DC69BB40A96FCA4B19D9D1E221E34, 3469D3B2E9A88E39C14AE2E3DD5EC3D91FBB88CA568D794555B397B50E64AB15 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
12:45:59.0405 0x1a7c Steam Client Service - ok
12:45:59.0411 0x1a7c stexstor - ok
12:45:59.0414 0x1a7c stisvc - ok
12:45:59.0418 0x1a7c storahci - ok
12:45:59.0422 0x1a7c storflt - ok
12:45:59.0425 0x1a7c stornvme - ok
12:45:59.0429 0x1a7c storqosflt - ok
12:45:59.0434 0x1a7c StorSvc - ok
12:45:59.0438 0x1a7c storufs - ok
12:45:59.0442 0x1a7c storvsc - ok
12:45:59.0446 0x1a7c svsvc - ok
12:45:59.0451 0x1a7c swenum - ok
12:45:59.0455 0x1a7c swprv - ok
12:45:59.0459 0x1a7c Synth3dVsc - ok
12:45:59.0462 0x1a7c SysMain - ok
12:45:59.0466 0x1a7c SystemEventsBroker - ok
12:45:59.0470 0x1a7c TabletInputService - ok
12:45:59.0474 0x1a7c TapiSrv - ok
12:45:59.0478 0x1a7c Tcpip - ok
12:45:59.0481 0x1a7c Tcpip6 - ok
12:45:59.0487 0x1a7c tcpipreg - ok
12:45:59.0493 0x1a7c tdx - ok
12:45:59.0667 0x1a7c [ 44449A0EB8EBD8DCBC3ED4BB62BA3A5F, 168197015D1E5ED71775250084C224A1100E0F989A6D1CC4102004E5AAD74F3A ] TeamViewer C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
12:45:59.0881 0x1a7c TeamViewer - ok
12:45:59.0898 0x1a7c terminpt - ok
12:45:59.0902 0x1a7c TermService - ok
12:45:59.0907 0x1a7c Themes - ok
12:45:59.0911 0x1a7c TieringEngineService - ok
12:45:59.0916 0x1a7c tiledatamodelsvc - ok
12:45:59.0920 0x1a7c TimeBrokerSvc - ok
12:45:59.0925 0x1a7c TPM - ok
12:45:59.0928 0x1a7c TrkWks - ok
12:45:59.0933 0x1a7c TrustedInstaller - ok
12:45:59.0940 0x1a7c tsusbflt - ok
12:45:59.0944 0x1a7c TsUsbGD - ok
12:45:59.0949 0x1a7c tsusbhub - ok
12:45:59.0952 0x1a7c tunnel - ok
12:45:59.0957 0x1a7c tzautoupdate - ok
12:45:59.0962 0x1a7c UASPStor - ok
12:45:59.0966 0x1a7c UcmCx0101 - ok
12:45:59.0970 0x1a7c UcmTcpciCx0101 - ok
12:45:59.0974 0x1a7c UcmUcsi - ok
12:45:59.0978 0x1a7c Ucx01000 - ok
12:45:59.0981 0x1a7c UdeCx - ok
12:45:59.0985 0x1a7c udfs - ok
12:45:59.0989 0x1a7c UEFI - ok
12:45:59.0993 0x1a7c UevAgentDriver - ok
12:45:59.0997 0x1a7c UevAgentService - ok
12:46:00.0001 0x1a7c Ufx01000 - ok
12:46:00.0005 0x1a7c UfxChipidea - ok
12:46:00.0008 0x1a7c ufxsynopsys - ok
12:46:00.0017 0x1a7c UI0Detect - ok
12:46:00.0021 0x1a7c umbus - ok
12:46:00.0025 0x1a7c UmPass - ok
12:46:00.0028 0x1a7c UmRdpService - ok
12:46:00.0032 0x1a7c UnistoreSvc - ok
12:46:00.0038 0x1a7c upnphost - ok
12:46:00.0042 0x1a7c UrsChipidea - ok
12:46:00.0046 0x1a7c UrsCx01000 - ok
12:46:00.0050 0x1a7c UrsSynopsys - ok
12:46:00.0055 0x1a7c [ F957092C63CD71D85903CA0D8370F473, 4DEC2FC20329F248135DA24CB6694FD972DCCE8B1BBEA8D872FDE41939E96AAF ] USBAAPL64 C:\WINDOWS\System32\Drivers\usbaapl64.sys
12:46:00.0065 0x1a7c USBAAPL64 - detected UnsignedFile.Multi.Generic ( 1 )
12:46:00.0511 0x1a7c Detect skipped due to KSN trusted
12:46:00.0511 0x1a7c USBAAPL64 - ok
12:46:00.0516 0x1a7c usbaudio - ok
12:46:00.0520 0x1a7c usbccgp - ok
12:46:00.0525 0x1a7c usbcir - ok
12:46:00.0529 0x1a7c usbehci - ok
12:46:00.0533 0x1a7c usbhub - ok
12:46:00.0538 0x1a7c USBHUB3 - ok
12:46:00.0542 0x1a7c usbohci - ok
12:46:00.0546 0x1a7c usbprint - ok
12:46:00.0552 0x1a7c [ 2EC7B2C8123236B1233A77281D378DF7, D97DB59C9CAE2B8B33C707E8CEA7A65BF88712842CC715D270F7432A99D21BB6 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:46:00.0574 0x1a7c usbscan - ok
12:46:00.0578 0x1a7c usbser - ok
12:46:00.0583 0x1a7c USBSTOR - ok
12:46:00.0587 0x1a7c usbuhci - ok
12:46:00.0592 0x1a7c USBXHCI - ok
12:46:00.0596 0x1a7c UserDataSvc - ok
12:46:00.0603 0x1a7c UserManager - ok
12:46:00.0608 0x1a7c UsoSvc - ok
12:46:00.0612 0x1a7c VaultSvc - ok
12:46:00.0617 0x1a7c vdrvroot - ok
12:46:00.0621 0x1a7c vds - ok
12:46:00.0626 0x1a7c VerifierExt - ok
12:46:00.0631 0x1a7c vhdmp - ok
12:46:00.0635 0x1a7c vhf - ok
12:46:00.0640 0x1a7c vmbus - ok
12:46:00.0644 0x1a7c VMBusHID - ok
12:46:00.0649 0x1a7c vmgid - ok
12:46:00.0653 0x1a7c vmicguestinterface - ok
12:46:00.0658 0x1a7c vmicheartbeat - ok
12:46:00.0662 0x1a7c vmickvpexchange - ok
12:46:00.0668 0x1a7c vmicrdv - ok
12:46:00.0672 0x1a7c vmicshutdown - ok
12:46:00.0677 0x1a7c vmictimesync - ok
12:46:00.0682 0x1a7c vmicvmsession - ok
12:46:00.0686 0x1a7c vmicvss - ok
12:46:00.0691 0x1a7c volmgr - ok
12:46:00.0695 0x1a7c volmgrx - ok
12:46:00.0701 0x1a7c volsnap - ok
12:46:00.0707 0x1a7c volume - ok
12:46:00.0711 0x1a7c vpci - ok
12:46:00.0716 0x1a7c vsmraid - ok
12:46:00.0720 0x1a7c VSS - ok
12:46:00.0725 0x1a7c VSTXRAID - ok
12:46:00.0729 0x1a7c vwifibus - ok
12:46:00.0734 0x1a7c vwififlt - ok
12:46:00.0739 0x1a7c W32Time - ok
12:46:00.0744 0x1a7c WacomPen - ok
12:46:00.0749 0x1a7c WalletService - ok
12:46:00.0753 0x1a7c wanarp - ok
12:46:00.0758 0x1a7c wanarpv6 - ok
12:46:00.0762 0x1a7c wbengine - ok
12:46:00.0767 0x1a7c WbioSrvc - ok
12:46:00.0772 0x1a7c wcifs - ok
12:46:00.0777 0x1a7c Wcmsvc - ok
12:46:00.0782 0x1a7c wcncsvc - ok
12:46:00.0786 0x1a7c wcnfs - ok
12:46:00.0791 0x1a7c WdBoot - ok
12:46:00.0795 0x1a7c [ A556768CC1FA4F36022BEE2F0EDE2566, 3A4BC9DE614F43CD94FA354A565C66B2E1E36C0608D84C6288010B97B9D811AA ] WDC_SAM C:\WINDOWS\System32\drivers\wdcsam64.sys
12:46:00.0815 0x1a7c WDC_SAM - ok
12:46:00.0819 0x1a7c Wdf01000 - ok
12:46:00.0824 0x1a7c WdFilter - ok
12:46:00.0828 0x1a7c WdiServiceHost - ok
12:46:00.0833 0x1a7c WdiSystemHost - ok
12:46:00.0837 0x1a7c wdiwifi - ok
12:46:00.0842 0x1a7c WdNisDrv - ok
12:46:00.0846 0x1a7c WdNisSvc - ok
12:46:00.0852 0x1a7c WebClient - ok
12:46:00.0857 0x1a7c Wecsvc - ok
12:46:00.0862 0x1a7c WEPHOSTSVC - ok
12:46:00.0867 0x1a7c wercplsupport - ok
12:46:00.0871 0x1a7c WerSvc - ok
12:46:00.0879 0x1a7c wfpgameprotect - ok
12:46:00.0883 0x1a7c WFPLWFS - ok
12:46:00.0888 0x1a7c WiaRpc - ok
12:46:00.0892 0x1a7c WIMMount - ok
12:46:00.0895 0x1a7c WinDefend - ok
12:46:00.0905 0x1a7c WindowsTrustedRT - ok
12:46:00.0909 0x1a7c WindowsTrustedRTProxy - ok
12:46:00.0913 0x1a7c WinHttpAutoProxySvc - ok
12:46:00.0917 0x1a7c WinMad - ok
12:46:00.0923 0x1a7c Winmgmt - ok
12:46:00.0927 0x1a7c WinRM - ok
12:46:00.0936 0x1a7c WINUSB - ok
12:46:00.0940 0x1a7c WinVerbs - ok
12:46:00.0945 0x1a7c wisvc - ok
12:46:00.0949 0x1a7c WlanSvc - ok
12:46:00.0953 0x1a7c wlidsvc - ok
12:46:00.0957 0x1a7c WmiAcpi - ok
12:46:00.0964 0x1a7c wmiApSrv - ok
12:46:00.0968 0x1a7c WMPNetworkSvc - ok
12:46:00.0973 0x1a7c Wof - ok
12:46:00.0980 0x1a7c WPDBusEnum - ok
12:46:00.0984 0x1a7c WpdUpFltr - ok
12:46:00.0988 0x1a7c WpnService - ok
12:46:00.0993 0x1a7c WpnUserService - ok
12:46:00.0999 0x1a7c ws2ifsl - ok
12:46:01.0004 0x1a7c wscsvc - ok
12:46:01.0008 0x1a7c WSearch - ok
12:46:01.0015 0x1a7c wuauserv - ok
12:46:01.0019 0x1a7c WudfPf - ok
12:46:01.0023 0x1a7c WUDFRd - ok
12:46:01.0028 0x1a7c wudfsvc - ok
12:46:01.0032 0x1a7c WUDFWpdFs - ok
12:46:01.0036 0x1a7c WwanSvc - ok
12:46:01.0041 0x1a7c XblAuthManager - ok
12:46:01.0045 0x1a7c XblGameSave - ok
12:46:01.0049 0x1a7c xboxgip - ok
12:46:01.0054 0x1a7c XboxNetApiSvc - ok
12:46:01.0058 0x1a7c [ C40AE9F959A8EDA4AF63E0E28185A8AC, D630EDDFC61D7816C764D588BCB1E9E3C5F92D3B387B204DACC67F9B1A62F6ED ] xhunter1 C:\WINDOWS\xhunter1.sys
12:46:01.0072 0x1a7c xhunter1 - ok
12:46:01.0076 0x1a7c xinputhid - ok
12:46:01.0087 0x1a7c ================ Scan global ===============================
12:46:01.0099 0x1a7c [ Global ] - ok
12:46:01.0099 0x1a7c ================ Scan MBR ==================================
12:46:01.0101 0x1a7c [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
12:46:01.0172 0x1a7c \Device\Harddisk0\DR0 - ok
12:46:01.0180 0x1a7c [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
12:46:01.0226 0x1a7c \Device\Harddisk1\DR1 - ok
12:46:01.0228 0x1a7c [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR2
12:46:01.0271 0x1a7c \Device\Harddisk2\DR2 - ok
12:46:01.0271 0x1a7c ================ Scan VBR ==================================
12:46:01.0273 0x1a7c [ E78D05455A3C32F877589341FED113D3 ] \Device\Harddisk0\DR0\Partition1
12:46:01.0274 0x1a7c \Device\Harddisk0\DR0\Partition1 - ok
12:46:01.0275 0x1a7c [ 58BDE02B2BD43E63BA5ABA410652B247 ] \Device\Harddisk0\DR0\Partition2
12:46:01.0276 0x1a7c \Device\Harddisk0\DR0\Partition2 - ok
12:46:01.0278 0x1a7c [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk1\DR1\Partition1
12:46:01.0278 0x1a7c \Device\Harddisk1\DR1\Partition1 - ok
12:46:01.0302 0x1a7c [ 0C52559B4A511C6427EC388A2402714B ] \Device\Harddisk1\DR1\Partition2
12:46:01.0303 0x1a7c \Device\Harddisk1\DR1\Partition2 - ok
12:46:01.0305 0x1a7c [ F040B03B34E69DAF547A16A2D56B27E9 ] \Device\Harddisk2\DR2\Partition1
12:46:01.0306 0x1a7c \Device\Harddisk2\DR2\Partition1 - ok
12:46:01.0306 0x1a7c ================ Scan generic autorun ======================
12:46:01.0364 0x1a7c [ A6A21A7D544675E98C040DA18904CF50, AACB578C297C7AC9FEBDAB4AD20235E5CFF6E3F260E76E6AE18D43DC57D69672 ] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
12:46:01.0419 0x1a7c Malwarebytes TrayApp - ok
12:46:01.0426 0x1a7c [ 1753FD4A08F7E4B22686E6D325CAAC59, DB90C8D0FA5987B9FCB6B223DE166BADDB53F8B4501972E0AD92D1AB91C9AAA4 ] C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
12:46:01.0442 0x1a7c PSUAMain - ok
12:46:01.0479 0x1a7c [ 4548DFD51063853B8F24261CFCA5A24A, 96B8D71AAF0D69C1A18D94FF14D49E9C43CFDE79F1CCCC01599B3CAFE2C71109 ] c:\program files (x86)\kingsoft\kingsoft antivirus\kxetray.exe
12:46:01.0519 0x1a7c kxesc - ok
12:46:01.0529 0x1a7c OneDriveSetup - ok
12:46:01.0530 0x1a7c OneDriveSetup - ok
12:46:01.0574 0x1a7c [ FAEFC9F31055FCCFE225C7704366032C, 8D9FC099C8899898F64DB2F2F3804A3E940D1BC20B1A119E1808F5162B7F81ED ] D:\Downloads\DesktopOK\DesktopOK_x64.exe
12:46:01.0596 0x1a7c DesktopOK - detected UnsignedFile.Multi.Generic ( 1 )
12:46:01.0733 0x1a7c Detect skipped due to KSN trusted
12:46:01.0733 0x1a7c DesktopOK - ok
12:46:01.0733 0x1a7c Waiting for KSN requests completion. In queue: 59
12:46:02.0757 0x1a7c AV detected via SS2: 金山毒霸铠甲防御, c:\program files (x86)\kingsoft\kingsoft antivirus\kxetray.exe ( 9.3.40587.17534 ), 0x51000 ( enabled : updated )
12:46:02.0759 0x1a7c AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.10.14393.187 ), 0x60100 ( disabled : updated )
12:46:02.0760 0x1a7c AV detected via SS2: Malwarebytes, C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe ( 3.0.0.138 ), 0x61000 ( enabled : updated )
12:46:02.0761 0x1a7c AV detected via SS2: Panda Protection, C:\Program Files (x86)\Panda Security\Panda Security Protection\PAV3WSC.exe ( 6.0.0.0 ), 0x71000 ( enabled : updated )
12:46:02.0762 0x1a7c FW detected via SS2: Panda Firewall, C:\Program Files (x86)\Panda Security\Panda Security Protection\PAV3WSC.exe ( 6.0.0.0 ), 0x72010 ( disabled )
12:46:02.0771 0x1a7c Win FW state via NFP2: enabled ( trusted )
12:46:02.0938 0x1a7c ============================================================
12:46:02.0938 0x1a7c Scan finished
12:46:02.0938 0x1a7c ============================================================
12:46:02.0943 0x1e34 Detected object count: 0
12:46:02.0943 0x1e34 Actual detected object count: 0 |