Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Überwachung, Datenschutz und Spam (https://www.trojaner-board.de/uberwachung-datenschutz-spam/)
-   -   Verbindungsprobleme hohe Auslastungen man in the middle ? (https://www.trojaner-board.de/190275-verbindungsprobleme-hohe-auslastungen-man-the-middle.html)

5lin 06.05.2018 14:01
Verbindungsprobleme hohe Auslastungen man in the middle ?
 
Hallo zusammen,

Ich habe verschiedene Probleme mit meinen Computern.
Jetzt gerade mit Windows 7 Professional 64 Bit mit aktuellen Updates undzwar habe ich permanent Probleme mit meiner Verbindung der einzige Browser der momentan funktioniert ist Firefox alle anderen Clienten funktionieren nicht Opera, Chrome etc. Meldungen wie NET::ERR_CERT_AUTHORITY_INVALID oder Ihre Verbindung ist nicht privat Sie können www.google.de im Moment nicht besuchen, weil die Website HSTS verwendet. Netzwerkfehler und -angriffe sind gewöhnlich vorübergehend. SSL Fehler werden mir angezeigt. Auch Firefox meldet gelegentlich während des Surfens OCSP Gesicherte Verbindung fehlgeschlagen.
Ich habe die gesamte Netzwerk Einstellungsumgebung statisch eingerichtet und alles mögliche versucht um eine stabile Verbindung hergestellt zu bekommen. Den DHCP habe ich im Router deaktiviert genauso wie alles andere unnötige Resourcen Last Upnp etc.

Mit Linux und dem Indicator Snort sowie Ettercap beaobachte ich die Lage und es kommen immer wieder Fehlermeldungen wie " Dns Spoof" oder Bad Traffic und ich vermute da ich auch das Problem bis vor kurzem hatte das ein ID Diebstahl nicht ausgeschlossen ist den sämtliche Passwörter wurden wahrscheinlich durch (Phishing Seiten 1 zu 1 zb Paypal) abgefangen letzte Woche erhielt ich von Web.de eine Rechnung für meinen kostenlosen Email Account für eine Dienstleistung die ich nicht mal in Anspruch genommen habe .. Könnte eine Router Komprimierung stat gefunden haben ? Ich habe es auch mal mit einem Rasp Pi versucht hinter dem Router mit OpenWRT dort kann ich zumindenst mit Iptables die Ips verwalten und mit tcpdump den Traffic beobachten ..

Aber zurück zum Anliegen könntet ihr mir Tips geben welche Programme hilfreich wären und bei der Auswertung der Logs behilflich sein ?

Gruss und sonnigen Tag aus dem hohen Norden

PS: Mit Gmer habe ich gestern mal bisschen nachgesehen parallel auf den andereren Rechner läuft gerade Rescue Disk Kaspersky mit VirenScan und es sind schon ein paar gefunden wurden.

Auszug Gmer:

Code:
GMER 2.2.19882 - hxxp://www.gmer.net
Rootkit scan 2018-05-06 02:02:40
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HDTxxx rev.V56OA7EA 465,76GB
Running: gmer.exe; Driver: C:\Users\nbmedia\AppData\Local\Temp\axddyfog.sys


---- Kernel code sections - GMER 2.2 ----

.text  C:\Windows\system32\ntoskrnl.exe!KiCpuId + 978                                                                                                                          fffff80002cb0de2 1 byte [21]
.text  C:\Windows\system32\ntoskrnl.exe!NtCallbackReturn + 912                                                                                                                fffff80002cb1d00 3 bytes [00, 28, B6]
.text  C:\Windows\system32\ntoskrnl.exe!NtCallbackReturn + 917                                                                                                                fffff80002cb1d05 14 bytes [22, 48, 02, 00, C7, FF, FF, ...]

---- Threads - GMER 2.2 ----

Thread  C:\Windows\system32\mmc.exe [2392:3120]                                                                                                                                000007fef4247abc
Thread  C:\Windows\system32\mmc.exe [2392:2708]                                                                                                                                000007fef410c364
Thread  C:\Windows\system32\mmc.exe [2392:1732]                                                                                                                                000007fefad02bb0
Thread  C:\Windows\system32\mmc.exe [2392:676]                                                                                                                                  000007fef410c364
Thread  C:\Windows\system32\mmc.exe [2392:4000]                                                                                                                                000007fef410272c
Thread  C:\Windows\system32\mmc.exe [2392:3388]                                                                                                                                000007fef410c364
Thread  C:\Windows\system32\mmc.exe [2392:3772]                                                                                                                                000007fef410c364
Thread  C:\Windows\system32\mmc.exe [2392:2052]                                                                                                                                000007fef410c364
Thread  C:\Windows\system32\mmc.exe [2392:3864]                                                                                                                                000007fef421a2e0

---- Disk sectors - GMER 2.2 ----

Disk    \Device\Harddisk0\DR0                                                                                                                                                  unknown MBR code

---- Files - GMER 2.2 ----

File    F:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.8010.5926.0_x64__8wekyb3d8bbwe\VFS\ProgramFilesCommonX64\Microsoft Shared                                  0 bytes
File    F:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.8010.5926.0_x64__8wekyb3d8bbwe\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16                        0 bytes
File    F:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.8010.5926.0_x64__8wekyb3d8bbwe\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\Cultures                0 bytes
File    F:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.8010.5926.0_x64__8wekyb3d8bbwe\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\Cultures\OFFICE.ODF    2195656 bytes executable
File    F:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.8010.5926.0_x64__8wekyb3d8bbwe\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\1033                    0 bytes
File    F:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.8010.5926.0_x64__8wekyb3d8bbwe\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\1033\MSOINTL.DLL        1661176 bytes executable
File    F:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.8010.5926.0_x64__8wekyb3d8bbwe\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\1033\msointl30.dll      73408 bytes executable
File    F:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.8010.5926.0_x64__8wekyb3d8bbwe\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ACECORE.DLL            2277656 bytes executable
File    F:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.8010.5926.0_x64__8wekyb3d8bbwe\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ACEDAO.DLL              629112 bytes executable
File    F:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.8010.5926.0_x64__8wekyb3d8bbwe\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ACEERR.DLL              56112 bytes executable
File    F:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.8010.5926.0_x64__8wekyb3d8bbwe\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ACEES.DLL              883544 bytes executable
File    F:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.8010.5926.0_x64__8wekyb3d8bbwe\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ACEEXCH.DLL            259400 bytes executable
File    F:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.8010.5926.0_x64__8wekyb3d8bbwe\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ACEEXCL.DLL            536880 bytes executable
File    F:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.8010.5926.0_x64__8wekyb3d8bbwe\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ACEODBC.DLL            351080 bytes executable
File    F:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.8010.5926.0_x64__8wekyb3d8bbwe\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ACEODDBS.DLL            31608 bytes executable
File    F:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.8010.5926.0_x64__8wekyb3d8bbwe\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ACEODEXL.DLL            31608 bytes executable
File    F:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.8010.5926.0_x64__8wekyb3d8bbwe\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ACEODTXT.DLL            31600 bytes executable
File    F:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.8010.5926.0_x64__8wekyb3d8bbwe\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ACEOLEDB.DLL            443208 bytes executable
File    F:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.8010.5926.0_x64__8wekyb3d8bbwe\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ACETXT.DLL              251696 bytes executable
File    F:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.8010.5926.0_x64__8wekyb3d8bbwe\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ACEWDAT.DLL            3065168 bytes executable
File    F:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.8010.5926.0_x64__8wekyb3d8bbwe\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ACEXBE.DLL              336688 bytes executable
File    F:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.8010.5926.0_x64__8wekyb3d8bbwe\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ADAL.DLL                999112 bytes executable
File    F:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.8010.5926.0_x64__8wekyb3d8bbwe\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\AirSpace.Etw.man        404608 bytes
File    F:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.8010.5926.0_x64__8wekyb3d8bbwe\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\AIRWER.DLL              98496 bytes executable
File    F:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.8010.5926.0_x64__8wekyb3d8bbwe\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\EXPSRV.DLL              491152 bytes executable
File    F:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.8010.5926.0_x64__8wekyb3d8bbwe\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\EXP_PDF.DLL            209136 bytes executable
File    F:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.8010.5926.0_x64__8wekyb3d8bbwe\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\EXP_XPS.DLL            102632 bytes executable
File    F:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.8010.5926.0_x64__8wekyb3d8bbwe\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\HeartbeatConfig.xml    4142 bytes
File    F:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.8010.5926.0_x64__8wekyb3d8bbwe\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSO.DLL                23011016 bytes executable
File    F:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.8010.5926.0_x64__8wekyb3d8bbwe\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\Mso20win32client.dll    4439744 bytes executable
File    F:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.8010.5926.0_x64__8wekyb3d8bbwe\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\Mso30win32client.dll    6475976 bytes executable
File    F:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.8010.5926.0_x64__8wekyb3d8bbwe\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSO40UIRES.DLL          4225792 bytes executable
File    F:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.8010.5926.0_x64__8wekyb3d8bbwe\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\Mso40UIwin32client.dll  9732864 bytes executable
File    F:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.8010.5926.0_x64__8wekyb3d8bbwe\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\mso50win32client.dll    76544 bytes executable
File    F:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.8010.5926.0_x64__8wekyb3d8bbwe\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\Mso98win32client.dll    7376640 bytes executable
File    F:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.8010.5926.0_x64__8wekyb3d8bbwe\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSO99LRES.DLL          13100800 bytes executable
File    F:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.8010.5926.0_x64__8wekyb3d8bbwe\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\Mso99Lwin32client.dll  7406272 bytes executable
File    F:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.8010.5926.0_x64__8wekyb3d8bbwe\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOICONS.EXE.6.ico      164052 bytes
File    F:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.8010.5926.0_x64__8wekyb3d8bbwe\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOIDCLIL.DLL          1446216 bytes executable
File    F:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.8010.5926.0_x64__8wekyb3d8bbwe\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOIDRES.DLL            830784 bytes executable
File    F:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.8010.5926.0_x64__8wekyb3d8bbwe\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOPRIV.DLL            75008 bytes executable
File    F:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.8010.5926.0_x64__8wekyb3d8bbwe\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MsoRes.dll              29384 bytes executable
File    F:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.8010.5926.0_x64__8wekyb3d8bbwe\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXEV.DLL              82120 bytes executable
File    F:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.8010.5926.0_x64__8wekyb3d8bbwe\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL            79624 bytes executable
File    F:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.8010.5926.0_x64__8wekyb3d8bbwe\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSPTLS.DLL              1522944 bytes executable
File    F:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.8010.5926.0_x64__8wekyb3d8bbwe\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSSOAP30.DLL            667368 bytes executable
File    F:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.8010.5926.0_x64__8wekyb3d8bbwe\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msvcp120.dll            660136 bytes executable
File    F:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.8010.5926.0_x64__8wekyb3d8bbwe\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msvcr120.dll            963240 bytes executable
File    F:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.8010.5926.0_x64__8wekyb3d8bbwe\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MUAUTH.CAB              7699 bytes
File    F:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.8010.5926.0_x64__8wekyb3d8bbwe\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MUOPTIN.DLL            38744 bytes executable
File    F:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.8010.5926.0_x64__8wekyb3d8bbwe\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\OFFREL.DLL              19136 bytes executable
File    F:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.8010.5926.0_x64__8wekyb3d8bbwe\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\OPTINPS.DLL            32072 bytes executable
File    F:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.8010.5926.0_x64__8wekyb3d8bbwe\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\oregres.dll            32968 bytes executable
File    F:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.8010.5926.0_x64__8wekyb3d8bbwe\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\RICHED20.DLL            2684624 bytes executable
File    F:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.8010.5926.0_x64__8wekyb3d8bbwe\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\VBAJET32.DLL            18584 bytes executable
File    F:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.8010.5926.0_x64__8wekyb3d8bbwe\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\WISC30.DLL              178984 bytes executable
File    F:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.8010.5926.0_x64__8wekyb3d8bbwe\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\WXPNSE.DLL              166672 bytes executable
File    F:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.8010.5926.0_x64__8wekyb3d8bbwe\VFS\SystemX64\concrt140.dll                                                334616 bytes
File    F:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.8010.5926.0_x64__8wekyb3d8bbwe\VFS\SystemX64\msvcp140.dll                                                  639728 bytes
File    F:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.8010.5926.0_x64__8wekyb3d8bbwe\VFS\SystemX64\vccorlib140.dll                                              394504 bytes
File    F:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.8010.5926.0_x64__8wekyb3d8bbwe\VFS\SystemX64\vcruntime140.dll                                              89328 bytes executable

---- EOF - GMER 2.2 ----

cosinus 07.05.2018 11:39
Zitat:
Ich habe verschiedene Probleme mit meinen Computern.
Aber bitte nicht alle Logs von allen Rechnern hier rein, sonst wirds totoal chaotisch und man kann nichts mehr richtig einem Rechner zuordnen. Pro Rechner also einen Strang wenn nötig aufmachen.

Zitat:
PS: Mit GMER habe ich gestern mal bisschen nachgesehen parallel auf den andereren Rechner läuft gerade Rescue Disk Kaspersky mit VirenScan und es sind schon ein paar gefunden wurden.
Versteh ich nicht, behandelst du die Rechner alle unterschiedlich? Außerdem kann niemand was mit "ein paar gefunden" etwas anfangen!

5lin 13.05.2018 00:18
RE
 
Hallo vielen Dank für deine Rückmeldung.

Im Bezug zu:

Zitat:
Aber bitte nicht alle Logs von allen Rechnern hier rein, sonst wirds totoal chaotisch und man kann nichts mehr richtig einem Rechner zuordnen. Pro Rechner also einen Strang wenn nötig aufmachen.
Gut dann bleibe ich mal bei einem Rechner und würde mich freuen wenn mir jemand behilflich sein könnte.

Zitat:
Versteh ich nicht, behandelst du die Rechner alle unterschiedlich? Außerdem kann niemand was mit "ein paar gefunden" etwas anfangen!
Ich hatte 2 Rechner an verschiedenen Monitoren dran gehabt und nicht mit dem Netz verbunden um ein Antivir Rescue Disk Test auf Festplatte vorzunehmen.

Gruss

cosinus 13.05.2018 13:45
Zitat:
Gut dann bleibe ich mal bei einem Rechner und würde mich freuen wenn mir jemand behilflich sein könnte.
Wie wärs denn wenn du endlich mal die Logs mit den Funden postest?

5lin 16.05.2018 19:53
RE
 
Liste der Anhänge anzeigen (Anzahl: 3)
Hallo welche Logdateien werden den benötigt ? Ich habe folgende Logdateien beigefügt.

adwcleaner | malwarebytes | prozessliste | Farbar + zusatz | HitmanPro

Meine Browser Opera | Chrome funktionieren leider immer noch nicht nur der Firefox funktioniert angemessen und meldet Fehler OSCP-Server Zertifikat Fehler immer öfter wie jetzt gerade als ich den Post senden wollte man gut das ich ihn parallel gespeichert habe :)



Gruss

Zitat:
Wie wärs denn wenn du endlich mal die Logs mit den Funden postest?
Hier der AdwCleaner
Code:
# -------------------------------
# Malwarebytes AdwCleaner 7.1.0.0
# -------------------------------
# Build:    04-12-2018
# Database: 2018-04-11.1
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    05-16-2018
# Duration: 00:00:01
# OS:      Windows 7 Professional
# Cleaned:  0
# Failed:  0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Prefetch
[+] Delete Tracing Keys
[+] Reset Windows Firewall
[+] Reset Hosts File
[+] Reset Chromium Policies
[+] Reset IE Policies
[+] Reset Proxy Settings
[+] Reset TCP/IP
[+] Reset Winsock

*************************


########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C02].txt ##########
Die Malware Bytes mbam.txt
Code:
Malwarebytes
www.malwarebytes.com

-Protokolldetails-
Scan-Datum: 16.05.18
Scan-Zeit: 15:42
Protokolldatei: f3c5b5a8-590e-11e8-873d-000000000000.json
Administrator: Ja

-Softwaredaten-
Version: 3.3.1.2183
Komponentenversion: 1.0.262
Version des Aktualisierungspakets: 1.0.3932
Lizenz: Kostenlos

-Systemdaten-
Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: nbmedia-PC\nbmedia

-Scan-Übersicht-
Scan-Typ: Bedrohungs-Scan
Ergebnis: Abgeschlossen
Gescannte Objekte: 292028
Erkannte Bedrohungen: 0
(keine bösartigen Elemente erkannt)
In die Quarantäne verschobene Bedrohungen: 0
(keine bösartigen Elemente erkannt)
Abgelaufene Zeit: 2 Std., 5 Min., 50 Sek.

-Scan-Optionen-
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Erkennung
PUM: Erkennung

-Scan-Details-
Prozess: 0
(keine bösartigen Elemente erkannt)

Modul: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)

Registrierungswert: 0
(keine bösartigen Elemente erkannt)

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Daten-Stream: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Datei: 0
(keine bösartigen Elemente erkannt)

Physischer Sektor: 0
(keine bösartigen Elemente erkannt)


(end)

Eine aktuelle Prozessliste

Code:
16.05.2018
17:50:19,20

Abbildname                    PID Sitzungsname      Sitz.-Nr. Speichernutzung
========================= ======== ================ =========== ===============
System Idle Process          0 Services                  0            24 K
System                            4 Services                  0          304 K
smss.exe                      304 Services                  0        1.324 K
csrss.exe                      412 Services                  0        4.624 K
csrss.exe                      480 Console                    1        66.476 K
wininit.exe                      488 Services                  0        4.956 K
winlogon.exe                  536 Console                    1        7.912 K
services.exe                  568 Services                  0        8.560 K
lsass.exe                      592 Services                  0        10.184 K
lsm.exe                        604 Services                  0        4.620 K
svchost.exe                    696 Services                  0        10.064 K
svchost.exe                    780 Services                  0        8.096 K
svchost.exe                    884 Services                  0        18.380 K
svchost.exe                    916 Services                  0      135.828 K
svchost.exe                    944 Services                  0        10.008 K
svchost.exe                    968 Services                  0        27.996 K
audiodg.exe                    340 Services                  0        16.336 K
svchost.exe                    428 Services                  0        6.060 K
igfxCUIService.exe            856 Services                0        7.448 K
spoolsv.exe                  1240 Services                  0        12.248 K
svchost.exe                  1272 Services                  0        11.604 K
svchost.exe                  1352 Services                  0        12.252 K
svchost.exe                  1384 Services                  0        9.048 K
IPROSetMonitor.exe          1408 Services              0        4.712 K
Service.exe                  1460 Services                  0        3.612 K
taskhost.exe                1760 Console                    1        11.476 K
PresentationFontCache.exe    1832 Services          0        18.112 K
dwm.exe                      1840 Console                    1        28.160 K
explorer.exe                  1868 Console                    1        42.032 K
igfxEM.exe                    1120 Console                    1        12.788 K
igfxHK.exe                    1188 Console                    1        10.048 K
igfxTray.exe                  316 Console                    1        11.944 K
DefenderDaemon.exe            1768 Console            1        5.776 K
SearchIndexer.exe            2212 Services              0        52.704 K
SearchProtocolHost.exe        2368 Services            0        12.060 K
explorer.exe                  2660 Console                    1        54.628 K
svchost.exe                    636 Services                  0        5.828 K
svchost.exe                  1508 Services                  0        41.484 K
notepad.exe                    128 Console                    1        11.700 K
wordpad.exe                  1100 Console                  1        37.276 K
SearchFilterHost.exe          1564 Services              0        13.548 K
taskeng.exe                  1616 Console                  1        6.836 K
CCleaner64.exe                2552 Console                1        23.004 K
cmd.exe                      2480 Console                    1        3.500 K
conhost.exe                  1880 Console                  1        5.668 K
tasklist.exe                  976 Console                    1        6.420 K
WmiPrvSE.exe                  3052 Services              0        7.148 K
-----


Zusätzliches Untersuchungsergebnis addition.txt

Code:
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 06.05.2018 01
durchgeführt von nbm (16-05-2018 17:53:13)
Gestartet von F:\
Windows 7 Professional Service Pack 1 (X64) (2017-08-22 01:52:17)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-2733620280-2250870883-269891465-500 - Administrator - Disabled)
ETB User (S-1-5-21-2733620280-2250870883-269891465-1003 - Limited - Enabled)
Gast (S-1-5-21-2733620280-2250870883-269891465-501 - Limited - Disabled)
nbm (S-1-5-21-2733620280-2250870883-269891465-1000 - Administrator - Enabled) => C:\Users\nbm
nico (S-1-5-21-2733620280-2250870883-269891465-1002 - Administrator - Enabled) => C:\Users\nico
user (S-1-5-21-2733620280-2250870883-269891465-1001 - Limited - Enabled) => C:\Users\user

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
Adobe Flash Player 28 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 28.0.0.137 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.137 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.3 (HKLM-x32\...\{175D1C2E-CEF4-4909-901D-52AF3CD8ECD2}) (Version: 12.3.1.201 - Adobe Systems, Inc)
Allgemeine Runtime Files (x86) (HKLM\...\{1F6D1DB5-82B5-41A4-85A2-0A382C142A35}_is1) (Version: 1.0.5.1 - Sereby Corporation)
BleachBit (HKLM-x32\...\BleachBit) (Version: 2.0 - BleachBit)
CCleaner (HKLM\...\CCleaner) (Version: 5.42 - Piriform)
DirectX 9.0c Extra Files (x86, x64) (HKLM\...\{8729E65B-8C12-4A42-B1FE-E4DA7ED52855}_is1) (Version: 1.10.06.0 - Sereby Corporation)
EaseUS Todo Backup Free 4.0 (HKLM-x32\...\EaseUS Todo Backup Free 4.0_is1) (Version: 4.0.0.2 - CHENGDU YIWO Tech Development Co., Ltd)
EasyBCD 2.3 (HKLM-x32\...\EasyBCD) (Version: 2.3 - NeoSmart Technologies)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 64.0.3282.186 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
HWiNFO64 Version 5.82 (HKLM\...\HWiNFO64_is1) (Version: 5.82 - Martin Malík - REALiX)
Intel(R) Network Connections 16.8.45.1 (HKLM\...\PROSetDX) (Version: 16.8.45.1 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4425 - Intel Corporation)
Java 10.0.1 (64-bit) (HKLM\...\{D33DF729-38BB-5651-9D40-93BFEFB5DCED}) (Version: 10.0.1.0 - Oracle Corporation)
Java 9.0.4 (64-bit) (HKLM\...\{885A3911-0760-5252-92C2-001B92997DEA}) (Version: 9.0.4.0 - Oracle Corporation)
Microsoft .NET Framework 4.7.1 (HKLM\...\{E0C7523C-686B-3EE6-8FB1-CB4339E30EDD}) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61187 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61186 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.7523 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61135 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61135 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61135 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61135 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61135 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61135 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61135 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61135 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{4ffaf7b8-a84a-4813-840c-8b1f1343ae54}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{dd1e9bde-2ad6-4e92-8c07-7d4723eab8b8}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.13.26020 (HKLM-x32\...\{7474cd6e-76cc-4257-837e-5b9261e526af}) (Version: 14.13.26020.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.13.26020 (HKLM-x32\...\{5c045b7f-e561-4794-91f8-c6cda0893107}) (Version: 14.13.26020.0 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (HKLM\...\Microsoft Visual J# 2.0 Redistributable Package - SE (x64)) (Version:  - Microsoft Corporation)
Mozilla Firefox 60.0 (x64 de) (HKLM\...\Mozilla Firefox 60.0 (x64 de)) (Version: 60.0 - Mozilla)
Mozilla Thunderbird 58.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 58.0 (x86 de)) (Version: 58.0 - Mozilla)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Opera Stable 52.0.2871.64 (HKLM-x32\...\Opera 52.0.2871.64) (Version: 52.0.2871.64 - Opera Software)
Shadow Defender (HKLM\...\{93A07A0D-454E-43d1-86A9-5DE9C5F4411A}) (Version: 1.4.0.672 - ShadowDefender.com)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WinRAR 5.21 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-2733620280-2250870883-269891465-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov)
ContextMenuHandlers1: [DefenderContextMenuExt] -> {5EE8E9E6-2853-4D28-B2DE-6529EDA0A294} => C:\Program Files\Shadow Defender\ShellExt.dll [2017-10-16] (SHADOWDEFENDER.COM)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-20] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-20] (Alexander Roshal)
ContextMenuHandlers2: [DefenderContextMenuExt] -> {5EE8E9E6-2853-4D28-B2DE-6529EDA0A294} => C:\Program Files\Shadow Defender\ShellExt.dll [2017-10-16] (SHADOWDEFENDER.COM)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov)
ContextMenuHandlers4: [DefenderContextMenuExt] -> {5EE8E9E6-2853-4D28-B2DE-6529EDA0A294} => C:\Program Files\Shadow Defender\ShellExt.dll [2017-10-16] (SHADOWDEFENDER.COM)
ContextMenuHandlers4: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2011-12-22] (CHENGDU YIWO Tech Development Co.,Ltd)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> Keine Datei
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-20] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-20] (Alexander Roshal)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {07E9BDE9-442F-49CC-BDCD-AFB5FB53A6EB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-04-12] (Piriform Ltd)
Task: {3C32EEEB-97B4-46ED-B3A5-2897A8A355F9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-04-23] (Google Inc.)
Task: {3D5B50C8-7B3F-4D3B-B24E-6672842B12AD} - System32\Tasks\Opera scheduled Autoupdate 1524436084 => C:\Program Files\Opera\launcher.exe [2018-04-10] (Opera Software)
Task: {7A7728F8-25C6-45C3-B2D2-FD46D6FFF1D2} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-04-12] (Piriform Ltd)
Task: {E8EEB67C-DAEA-4E0A-8E2D-1DFEC804EDE7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-04-23] (Adobe Systems Incorporated)
Task: {EE8DC84E-9E9F-48FA-B5B3-EF00AF7E2ACD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-04-23] (Google Inc.)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)


==================== Verknüpfungen & WMI ========================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)


==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2018-04-12 22:15 - 2018-04-12 22:15 - 000087936 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\Windows\Logs:Defender.log [0]

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{0CBD4F48-3751-475D-BE88-4F271385B672} => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{0CBD4F48-3751-475D-BE88-4F271385B672} => ""="Service"

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 04:34 - 2018-05-16 15:34 - 000000852 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-2733620280-2250870883-269891465-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\nbm\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Datenträger ist nicht mit dem Internet verbunden.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

MSCONFIG\startupreg: EaseUs Tray => "C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe"
MSCONFIG\startupreg: EaseUs Watch => "C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe

==================== Wiederherstellungspunkte =========================


==================== Fehlerhafte Geräte im Gerätemanager =============

Name: USB (Universal Serial Bus)-Controller
Description: USB (Universal Serial Bus)-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Microsoft PS/2-Maus
Description: Microsoft PS/2-Maus
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Standardtastatur (PS/2)
Description: Standardtastatur (PS/2)
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardtastaturen)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Standard-VGA-Grafikkarte
Description: Standard-VGA-Grafikkarte
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardgrafikkartentypen)
Service: vga
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Fast-Ethernet-Netzwerkkarte für Realtek RTL8139/810x-Familie
Description: Fast-Ethernet-Netzwerkkarte für Realtek RTL8139/810x-Familie
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek Semiconductor Corp.
Service: RTL8023x64
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (05/12/2018 11:45:05 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "F:\Autoruns\Autoruns.exe". Fehler in
Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.23403_none_2b180b30457f196c.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.23403_none_e36ad4593102f066.manifest.

Error: (05/12/2018 11:45:05 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "F:\Autoruns\autorunsc.exe". Fehler in
Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.23403_none_2b180b30457f196c.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.23403_none_e36ad4593102f066.manifest.

Error: (05/06/2018 11:26:13 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Der Index kann nicht initialisiert werden.

Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (05/06/2018 11:26:13 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Die Anwendung kann nicht initialisiert werden.

Kontext: Windows Anwendung

Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (05/06/2018 11:26:13 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog

Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (05/06/2018 11:26:13 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog

Details:
        Element nicht gefunden.  (HRESULT : 0x80070490) (0x80070490)

Error: (05/06/2018 11:26:13 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Plug-In in <Search.JetPropStore> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog

Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (05/06/2018 11:26:13 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Die Eigenschaftenspeicherdaten können von Windows Search nicht geladen werden.

Kontext: Windows Anwendung, SystemIndex Katalog

Details:
        Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800) (0xc0041800)


Systemfehler:
=============
Error: (05/16/2018 03:34:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Software Protection" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/16/2018 03:34:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/16/2018 03:34:51 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) HD Graphics Control Panel Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/16/2018 03:34:51 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) PROSet Monitoring Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/16/2018 03:34:51 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Shadow Defender Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/06/2018 11:26:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.

Error: (05/06/2018 11:26:39 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht.

Error: (05/06/2018 11:26:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.


==================== Speicherinformationen ===========================

Prozessor: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz
Prozentuale Nutzung des RAM: 30%
Installierter physikalischer RAM: 3970.1 MB
Verfügbarer physikalischer RAM: 2745.46 MB
Summe virtueller Speicher: 7938.36 MB
Verfügbarer virtueller Speicher: 6549.03 MB

==================== Laufwerke ================================

Drive c: (Windows 7 Professional 64 Bit) (Fixed) (Total:53.71 GB) (Free:4.18 GB) NTFS
Drive d: (Windows XP) (Fixed) (Total:35.1 GB) (Free:6.52 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive e: (Absicherung Daten) (Fixed) (Total:149.41 GB) (Free:4.87 GB) NTFS
Drive f: () (Fixed) (Total:75.68 GB) (Free:8.29 GB) NTFS


==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 014C23AE)
Partition 1: (Active) - (Size=35.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=53.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=75.7 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=193.2 GB) - (Type=0F Extended)

==================== Ende von Addition.txt ============================






Auszug von HitmanPro

[CODE]
Code:
HitmanPro 3.8.0.292
www.hitmanpro.com

  Computer name . . . . : NBMEDIA-PC
  Windows . . . . . . . : 6.1.1.7601.X64/4
  User name . . . . . . : nbmedia-PC\nbmedia
  UAC . . . . . . . . . : Enabled
  License . . . . . . . : Free

  Scan date . . . . . . : 2018-05-07 00:32:07
  Scan mode . . . . . . : Normal
  Scan duration . . . . : 8m 15s
  Disk access mode  . . : Direct disk access (SRB)
  Cloud . . . . . . . . : Internet
  Reboot  . . . . . . . : No

  Threats . . . . . . . : 0
  Traces  . . . . . . . : 13

  Objects scanned . . . : 1.559.214
  Files scanned . . . . : 86.575
  Remnants scanned  . . : 480.210 files / 992.429 keys

Suspicious files ____________________________________________________________

  C:\Users\nbm\Desktop\FRST64.exe
      Size . . . . . . . : 2.406.912 bytes
      Age  . . . . . . . : -0.0 days (2018-05-07 00:38:13)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 7C7B96FE8317AB023881F0389A380C1B6FA0750A6374C0BCD63712C4922B7733
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 26.0
        Program has no publisher information but prompts the user for permission elevation.
        Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
        Time indicates that the file appeared recently on this computer.
        Authors name is missing in version info. This is not common to most programs.
        Version control is missing. This file is probably created by an individual. This is not typical for most programs.
      Forensic Cluster
        -80.1s C:\Windows\Prefetch\FIREFOX.EXE-7BA6496F.pf
        -75.2s C:\Users\nbm\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\control_auth_cookie
        -74.2s C:\Users\nbm\AppData\Roaming\Mozilla\Firefox\Profiles\mc43te4n.nbm\browser-extension-data\@hoxx-vpn\storage.js
        -72.3s C:\Users\nbm\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\state
        -72.1s C:\Users\nbm\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite-wal
        -72.1s C:\Users\nbm\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite-shm
        -68.5s C:\Windows\Prefetch\TOR.EXE-4915909F.pf
        -65.3s C:\Users\nbm\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6525274CBC2077D43D7D17A33C868C4F
        -65.3s C:\Users\nbm\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6525274CBC2077D43D7D17A33C868C4F
        -64.4s C:\Users\nbm\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\torrc
        -62.0s C:\Users\nbm\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\cached-certs
        -61.4s C:\Users\nbm\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\cached-microdesc-consensus
        -60.7s C:\Users\nbm\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\cached-microdescs.new
        -54.4s C:\Users\nbm\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite
        -54.3s C:\Users\nbm\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite-wal
        -54.3s C:\Users\nbm\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite-shm
        -53.1s C:\Users\nbm\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite
        -51.0s C:\Users\nbm\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json
        -50.5s C:\Users\nbm\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\bookmarkbackups\
        -50.3s C:\Users\nbm\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\Caches\profile.default\directoryLinks.json
        -50.1s C:\Users\nbm\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\Caches\profile.default\frequencyCap.json
        -49.1s C:\Users\nbm\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\Caches\profile.default\thumbnails\
        -48.5s C:\Users\nbm\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json
        -44.0s C:\Users\nbm\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite
        -42.9s C:\Users\nbm\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4
        -40.9s C:\Users\nbm\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\mimeTypes.rdf
        -40.4s C:\Users\nbm\Desktop\Tor Browser\Browser\TorBrowser\UpdateInfo\
        -39.8s C:\Users\nbm\Desktop\Tor Browser\Browser\TorBrowser\UpdateInfo\updates\
        -39.8s C:\Users\nbm\Desktop\Tor Browser\Browser\TorBrowser\UpdateInfo\updates\0\
        -39.3s C:\Users\nbm\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\Caches\profile.default\safebrowsing\
        -39.3s C:\Users\nbm\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\Caches\profile.default\safebrowsing\test-malware-simple.sbstore
        -39.3s C:\Users\nbm\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\Caches\profile.default\safebrowsing\test-malware-simple.pset
        -39.2s C:\Users\nbm\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\Caches\profile.default\safebrowsing\test-phish-simple.sbstore
        -39.1s C:\Users\nbm\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\Caches\profile.default\safebrowsing\test-phish-simple.pset
        -39.1s C:\Users\nbm\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\Caches\profile.default\safebrowsing\test-unwanted-simple.sbstore
        -38.9s C:\Users\nbm\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\Caches\profile.default\safebrowsing\test-unwanted-simple.pset
        -38.9s C:\Users\nbm\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\Caches\profile.default\safebrowsing\test-track-simple.sbstore
        -38.8s C:\Users\nbm\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\Caches\profile.default\safebrowsing\test-track-simple.pset
        -38.8s C:\Users\nbm\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\Caches\profile.default\safebrowsing\test-trackwhite-simple.sbstore
        -38.7s C:\Users\nbm\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\Caches\profile.default\safebrowsing\test-trackwhite-simple.pset
        -38.7s C:\Users\nbm\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\Caches\profile.default\safebrowsing\test-block-simple.sbstore
        -38.6s C:\Users\nbm\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\Caches\profile.default\safebrowsing\test-block-simple.pset
        -38.6s C:\Users\nbm\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\Caches\profile.default\safebrowsing\test-flash-simple.sbstore
        -38.5s C:\Users\nbm\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\Caches\profile.default\safebrowsing\test-flash-simple.pset
        -38.5s C:\Users\nbm\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\Caches\profile.default\safebrowsing\testexcept-flash-simple.sbstore
        -38.4s C:\Users\nbm\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\Caches\profile.default\safebrowsing\testexcept-flash-simple.pset
        -38.4s C:\Users\nbm\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\Caches\profile.default\safebrowsing\test-flashallow-simple.sbstore
        -38.3s C:\Users\nbm\Desktop\Tor Browser\Browser\TorBrowser\UpdateInfo\updates\0\update.mar
        -38.3s C:\Users\nbm\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\Caches\profile.default\safebrowsing\test-flashallow-simple.pset
        -38.3s C:\Users\nbm\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\Caches\profile.default\safebrowsing\testexcept-flashallow-simple.sbstore
        -38.3s C:\Users\nbm\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\Caches\profile.default\safebrowsing\testexcept-flashallow-simple.pset
        -38.2s C:\Users\nbm\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\Caches\profile.default\safebrowsing\test-flashsubdoc-simple.sbstore
        -38.1s C:\Users\nbm\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\Caches\profile.default\safebrowsing\test-flashsubdoc-simple.pset
        -38.1s C:\Users\nbm\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\Caches\profile.default\safebrowsing\testexcept-flashsubdoc-simple.sbstore
        -38.1s C:\Users\nbm\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\Caches\profile.default\safebrowsing\testexcept-flashsubdoc-simple.pset
        -15.4s C:\Users\nbm\Desktop\FRST64.exe
        -13.8s C:\Users\nbm\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json
        -9.9s C:\Users\nbm\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js
          3.3s C:\Windows\Prefetch\DLLHOST.EXE-76936ED5.pf

  C:\Users\nbm\Desktop\top-optimierung\FRST64(1).exe
      Size . . . . . . . : 2.406.912 bytes
      Age  . . . . . . . : 0.2 days (2018-05-06 20:43:58)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 26256BFF6E8FF215821D754FEAC6D2C1C77A17AF68548145C20F93E7A8GGTZ6
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
        Program has no publisher information but prompts the user for permission elevation.
        Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
        Authors name is missing in version info. This is not common to most programs.
        Version control is missing. This file is probably created by an individual. This is not typical for most programs.
        Time indicates that the file appeared recently on this computer.

  C:\Windows\ServiceProfiles\LocalService\AppData\Local\~FontCache-System.dat
      Size . . . . . . . : 323.576 bytes
      Age  . . . . . . . : 257.4 days (2017-08-22 15:50:42)
      Entropy  . . . . . : 7.9
      SHA-256  . . . . . : 3BAFA7413EE9C59E3C7DD0E71E5EDDD9D2495CA6A23E82266C61586296DEET5
      Fuzzy  . . . . . . : 22.0
        Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
        The file name extension of this program is not common.
        Authors name is missing in version info. This is not common to most programs.
        Version control is missing. This file is probably created by an individual. This is not typical for most programs.
        The file is in use by one or more active processes.
        The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.

5lin 16.05.2018 19:56
RE farbar.txt
 
Siehe Anhang farbar.zip

cosinus 16.05.2018 22:23
Kaspersky-Log mit den Funden seh ich da immer noch nicht...
Und Logs sollen hier GRUNDSÄTZLICH NICHT in den Anhang. Sondern immer in CODE-Tags.

5lin 16.05.2018 23:55
RE
 
Alles klar danke für deine Hilfe soweit schonmal

Zitat:
Und Logs sollen hier GRUNDSÄTZLICH NICHT in den Anhang. Sondern immer in CODE-Tags.
Ja die Logdatei war zu gross für den Code Tag Sorry.


Hier der Auszug aus der Logdatei

Code:
Object '/run/media/livecd/Windows XP/e2de32t.nbm/Mail/Local Folders/startup24.sbd/Werbung Spam=>(message 0)=>[Subject: Account Verification][Date: Mon, 11 Jan 2016 23:14:06 +0700]=>verify.html=>(INFECTED_JS)' is infected with 'JS:Trojan.Script.DEF'
Object '/run/media/livecd/Windows XP/e2de32t.nbm/Mail/Local Folders/info@rechnungen.sbd/Werbung.sbd/Pa11=>(message 0)=>[Subject: Y o u r - A D - o n - 2  - M i l l i o n - W e b s i t e s][Date: Mon, 05 Dec 2011 13:05:13 -0800]=>BlogBlaster.htm' is infected with 'Trojan.Script.499892'
Object '/run/media/livecd/Windows XP/e2de32t.nbm/Mail/Local Folders/info@rechnungen.sbd/Werbung.sbd/Pa11=>(message 11)=>[Subject: How would you like 2 Million Sites linking to your ad ?][Date: Fri, 16 Dec 2011 01:48:33 -0800]=>BlogBlaster.htm' is infected with 'Trojan.Script.499892'
Object '/run/media/livecd/Windows XP/e2de32t.nbm/Mail/Local Folders/info@rechnungen.sbd/Werbung.sbd/Pa12=>(message 0)=>[Subject: Start earning 15 minutes from now][Date: Wed, 04 Jan 2012 11:50:51 -0800]=>eBayCashMachine.htm' is infected with 'Trojan.Script.505259'
Object '/run/media/livecd/Windows XP/e2de32t.nbm/Mail/Local Folders/info@rechnungen.sbd/Werbung.sbd/Pa12=>(message 1)=>[Subject: Submit to 2700+ quality directories][Date: Wed, 04 Jan 2012 18:53:07 -0800]=>LinkDirectorySubmitter.htm' is infected with 'Trojan.Script.506737'
Object '/run/media/livecd/Windows XP/e2de32t.nbm/Mail/Local Folders/info@rechnungen.sbd/Werbung.sbd/Pa12=>(message 3)=>[Subject: Make $15 in 15 minutes with surveys][Date: Mon, 16 Jan 2012 09:04:37 -0800]=>CashCreation.htm' is infected with 'Trojan.Script.603497'
Object '/run/media/livecd/Windows XP/e2de32t.nbm/Mail/Local Folders/info@rechnungen.sbd/Werbung.sbd/Pa12=>(message 6)=>[Subject: divert 1000s of fresh new visitors daily to Your web site][Date: Thu, 19 Jan 2012 23:28:24 -0800]=>InstantBooster.htm' is infected with 'Trojan.Script.505255'
Object '/run/media/livecd/Windows XP/e2de32t.nbm/Mail/Local Folders/info@rechnungen.sbd/Werbung.sbd/Pa12=>(message 7)=>[Subject: How To Get Quality Targeted Visitors For Free][Date: Thu, 19 Jan 2012 03:33:08 -0800]=>hitbooster.htm' is infected with 'Trojan.Script.499890'
Object '/run/media/livecd/Windows XP/e2de32t.nbm/Mail/Local Folders/info@rechnungen.sbd/Werbung.sbd/Pa12=>(message 9)=>[Subject: Make money on eBay 99% automatically!][Date: Fri, 21 Jan 2011 20:21:18 -0800]=>eBayCashMachine.htm' is infected with 'Trojan.Script.505259'
Object '/run/media/livecd/Windows XP/e2de32t.nbm/Mail/Local Folders/info@rechnungen.sbd/Werbung.sbd/Pa12=>(message 10)=>[Subject: receive more traffic by gaining a higher position in searc][Date: Sun, 22 Jan 2012 19:48:50 -0800]=>LinkDirectorySubmitter.htm' is infected with 'Trojan.Script.506737'
Object '/run/media/livecd/Windows XP/e2de32t.nbm/Mail/Local Folders/info@rechnungen.sbd/Werbung.sbd/Pa12=>(message 11)=>[Subject: Instantly boost your website's traffic][Date: Thu, 16 Feb 2012 23:48:31 -0800]=>InstantBooster.htm' is infected with 'Trojan.Script.505255'
Object '/run/media/livecd/Windows XP/e2de32t.nbm/Mail/Local Folders/info@rechnungen.sbd/Werbung.sbd/Pa12=>(message 14)=>[Subject: divert 1000s of fresh new visitors daily to Your web site][Date: Sat, 25 Feb 2012 18:16:52 -0800]=>InstantBooster.htm' is infected with 'Trojan.Script.505255'
Object '/run/media/livecd/Windows XP/e2de32t.nbm/Mail/Local Folders/info@rechnungen.sbd/Werbung.sbd/Pa12=>(message 16)=>[Subject: Make money on eBay 99% automatically!][Date: Mon, 27 Feb 2012 05:12:07 -0800]=>eBayCashMachine.htm' is infected with 'Trojan.Script.505259'
Object '/run/media/livecd/Windows XP/e2de32t.nbm/Mail/Local Folders/info@rechnungen.sbd/Werbung.sbd/Pa12=>(message 19)=>[Subject: receive more traffic by gaining a higher position in searc][Date: Wed, 29 Feb 2012 08:07:00 -0800]=>LinkDirectorySubmitter.htm' is infected with 'Trojan.Script.506737'
Object '/run/media/livecd/Windows XP/e2de32t.nbm/Mail/Local Folders/info@sms.sbd/Werbung.sbd/Pa12=>(message 2)=>[Subject: How To Get Quality Targeted Visitors For Free][Date: Thu, 20 Jan 2011 23:11:02 -0800]=>hitbooster.htm' is infected with 'Trojan.Script.499890'
Object '/run/media/livecd/Windows XP/e2de32t.nbm/Mail/Local Folders/info@sms.sbd/Werbung.sbd/Pa12=>(message 9)=>[Subject: How would you like unlimited hits to your website 15 minut][Date: Mon, 27 Feb 2012 14:15:19 -0800]=>hitbooster.htm' is infected with 'Trojan.Script.499890'
Object '/run/media/livecd/Windows XP/e2de32t.nbm/Mail/Local Folders/info@sms.sbd/Werbung.sbd/Pa13=>(message 7)=>[Subject: Get Permanent Forum Links To Improve Web Presence ][Date: Thu, 25 Apr 2013 11:26:12 +0300]=>FullDetails.html' is infected with 'Trojan.JS.Redirector.BQO'
Object '/run/media/livecd/Windows XP/e2de32t.nbm/Mail/Local Folders/info@sms.sbd/Werbung.sbd/Pa13=>(message 8)=>[Subject: Get Permanent Forum Links To Improve Web Presence ][Date: Fri, 26 Apr 2013 14:08:31 +0300]=>FullDetails.html' is infected with 'Trojan.JS.Redirector.BQO'
Object '/run/media/livecd/Windows XP/e2de32t.nbm/Mail/Local Folders/info@sms.sbd/Werbung.sbd/Pa13=>(message 10)=>[Subject: Enter Data Online][Date: Sat, 27 Apr 2013 23:57:07 +0300]=>FullDetails.html' is infected with 'Trojan.HTML.Redirector.DD'
Object '/run/media/livecd/Windows XP/e2de32t.nbm/Mail/Local Folders/info@sms.sbd/Werbung.sbd/Pa13=>(message 11)=>[Subject: Want to Build Perfectly SEO Optimized Page ][Date: Sun, 28 Apr 2013 19:46:06 +0300]=>FullDetails.html' is infected with 'Trojan.JS.Redirector.BQO'
Object '/run/media/livecd/Windows XP/e2de32t.nbm/Mail/Local Folders/info@sms.sbd/Werbung.sbd/Pa13=>(message 16)=>[Subject: Get Found Online, Get More Customers][Date: Wed, 03 Apr 2013 22:02:58 -0800]=>FullDetails.html' is infected with 'Trojan.JS.Redirector.BQO'
Object '/run/media/livecd/Windows XP/e2de32t.nbm/Mail/Local Folders/info@sms.sbd/Werbung.sbd/Pa13=>(message 19)=>[Subject: Get Permanent Forum Links To Improve Web Presence ][Date: Thu, 11 Apr 2013 22:26:27 +0300]=>FullDetails.html' is infected with 'Trojan.JS.Redirector.BQO'
Object '/run/media/livecd/Windows XP/e2de32t.nbm/Mail/Local Folders/info@sms.sbd/Werbung.sbd/Pa13=>(message 26)=>[Subject: Get Permanent Forum Links To Improve Web Presence ][Date: Thu, 16 May 2013 00:18:06 +0300]=>FullDetails.html' is infected with 'Trojan.JS.Redirector.BQO'
Object '/run/media/livecd/Windows XP/e2de32t.nbm/Mail/Local Folders/info@sms.sbd/Werbung.sbd/Pa13=>(message 30)=>[Subject: Enter Data Online][Date: Wed, 22 May 2013 00:49:01 +0300]=>FullDetails.html' is infected with 'Trojan.HTML.Redirector.DD'
Object '/run/media/livecd/Windows XP/e2de32t.nbm/Mail/Local Folders/info@sms.sbd/Werbung.sbd/Pa13=>(message 32)=>[Subject: Enter Data Online][Date: Wed, 26 Jun 2013 05:59:07 +0300]=>FullDetails.html' is infected with 'Trojan.HTML.Redirector.DD'
Object '/run/media/livecd/Windows XP/e2de32t.nbm/Mail/Local Folders/info@sms.sbd/Werbung.sbd/Pa13=>(message 34)=>[Subject: Increase Organic Traffic][Date: Wed, 26 Jun 2013 17:43:01 -0700]=>FullDetails.html' is infected with 'Trojan.HTML.Redirector.DD'
Object '/run/media/livecd/Windows XP/e2de32t.nbm/Mail/Local Folders/info@sms.sbd/Werbung.sbd/Pa13=>(message 36)=>[Subject: Get Permanent Forum Links To Improve Web Presence ][Date: Fri, 28 Jun 2013 01:05:39 +0300]=>FullDetails.html' is infected with 'Trojan.JS.Redirector.BQO'
Object '/run/media/livecd/Windows XP/e2de32t.nbm/Mail/Local Folders/info@sms.sbd/Werbung.sbd/Pa13=>(message 37)=>[Subject: Increase Organic Traffic][Date: Sat, 29 Jun 2013 15:15:43 -0700]=>FullDetails.html' is infected with 'Trojan.HTML.Redirector.DD'
Object '/run/media/livecd/Windows XP/e2de32t.nbm/Mail/Local Folders/info@flips.sbd/Werbung.sbd/Pa12=>(message 0)=>[Subject: How would you like unlimited hits to your website 15 minut][Date: Wed, 04 Jan 2012 01:18:32 -0800]=>hitbooster.htm' is infected with 'Trojan.Script.499890'
Object '/run/media/livecd/Windows XP/e2de32t.nbm/Mail/Local Folders/info@flips.sbd/Werbung.sbd/Pa12=>(message 1)=>[Subject: receive more traffic by gaining a higher position in searc][Date: Wed, 04 Jan 2012 17:34:32 -0800]=>LinkDirectorySubmitter.htm' is infected with 'Trojan.Script.506737'
Object '/run/media/livecd/Windows XP/e2de32t.nbm/Mail/Local Folders/info@flips.sbd/Werbung.sbd/Pa12=>(message 4)=>[Subject: You have made $30][Date: Mon, 16 Jan 2012 09:50:17 -0800]=>CashCreation.htm' is infected with 'Trojan.Script.603497'
Object '/run/media/livecd/Windows XP/e2de32t.nbm/Mail/Local Folders/info@flips.sbd/Werbung.sbd/Pa12=>(message 7)=>[Subject: How To Get Quality Targeted Visitors For Free][Date: Fri, 20 Jan 2012 01:35:15 -0800]=>hitbooster.htm' is infected with 'Trojan.Script.499890'
Object '/run/media/livecd/Windows XP/e2de32t.nbm/Mail/Local Folders/info@flips.sbd/Werbung.sbd/Pa12=>(message 8)=>[Subject: divert 1000s of fresh new visitors daily to Your web site][Date: Thu, 19 Jan 2012 06:58:56 -0800]=>InstantBooster.htm' is infected with 'Trojan.Script.505255'
Object '/run/media/livecd/Windows XP/e2de32t.nbm/Mail/Local Folders/info@flips.sbd/Werbung.sbd/Pa12=>(message 10)=>[Subject: Make money on eBay 99% automatically!][Date: Fri, 21 Jan 2011 10:26:43 -0800]=>eBayCashMachine.htm' is infected with 'Trojan.Script.505259'
Object '/run/media/livecd/Windows XP/e2de32t.nbm/Mail/Local Folders/info@flips.sbd/Werbung.sbd/Pa12=>(message 12)=>[Subject: Start earning 15 minutes from now][Date: Tue, 21 Feb 2012 08:32:01 -0800]=>CashCreation.htm' is infected with 'Trojan.Script.603497'
Object '/run/media/livecd/Windows XP/e2de32t.nbm/Mail/Local Folders/info@flips.sbd/Werbung.sbd/Pa12=>(message 14)=>[Subject: Can you afford to lose 300,000 potential customers per yea][Date: Sat, 25 Feb 2012 12:50:05 -0800]=>InstantBooster.htm' is infected with 'Trojan.Script.505255'
Object '/run/media/livecd/Windows XP/e2de32t.nbm/Mail/Local Folders/info@flips.sbd/Werbung.sbd/Pa12=>(message 16)=>[Subject: Make money on eBay 99% automatically!][Date: Mon, 27 Feb 2012 13:42:09 -0800]=>eBayCashMachine.htm' is infected with 'Trojan.Script.505259'
Object '/run/media/livecd/Windows XP/e2de32t.nbm/Mail/Local Folders/info@flips.sbd/Werbung.sbd/Pa12=>(message 17)=>[Subject: Have your own website traffic generator][Date: Tue, 28 Feb 2012 07:41:21 -0800]=>hitbooster.htm' is infected with 'Trojan.Script.499890'
Object '/run/media/livecd/Windows XP/e2de32t.nbm/Mail/Local Folders/info@flips.sbd/Werbung.sbd/Pa12=>(message 19)=>[Subject: receive more traffic by gaining a higher position in searc][Date: Wed, 29 Feb 2012 02:14:26 -0800]=>LinkDirectorySubmitter.htm' is infected with 'Trojan.Script.506737'
Object '/run/media/livecd/Windows XP/e2de32t.nbm/Mail/Local Folders/info@flips.sbd/Werbung.sbd/Pa13=>(message 8)=>[Subject: Alexa Rank Service to Increase Alexa Ranking][Date: Sun, 28 Apr 2013 04:00:07 -0700]=>FullDetails.html' is infected with 'Trojan.JS.Redirector.BQO'
Object '/run/media/livecd/Windows XP/e2de32t.nbm/Mail/Local Folders/info@flips.sbd/Werbung.sbd/Pa13=>(message 9)=>[Subject: Get Permanent Forum Links To Improve Web Presence ][Date: Sun, 28 Apr 2013 23:07:30 +0300]=>FullDetails.html' is infected with 'Trojan.JS.Redirector.BQO'
Object '/run/media/livecd/Windows XP/e2de32t.nbm/Mail/Local Folders/info@flips.sbd/Werbung.sbd/Pa13=>(message 10)=>[Subject: Alexa Rank Service to Increase Alexa Ranking][Date: Sat, 04 May 2013 02:16:59 -0700]=>FullDetails.html' is infected with 'Trojan.JS.Redirector.BQO'
Object '/run/media/livecd/Windows XP/e2de32t.nbm/Mail/Local Folders/info@flips.sbd/Werbung.sbd/Pa13=>(message 12)=>[Subject: Start promoting your new website][Date: Thu, 09 May 2013 04:31:40 +0300]=>FullDetails.html' is infected with 'Trojan.JS.Redirector.BQO'
Object '/run/media/livecd/Windows XP/e2de32t.nbm/Mail/Local Folders/info@flips.sbd/Werbung.sbd/Pa13=>(message 13)=>[Subject: Enter Data Online][Date: Fri, 10 May 2013 01:35:34 +0300]=>FullDetails.html' is infected with 'Trojan.HTML.Redirector.DD'
Object '/run/media/livecd/Windows XP/e2de32t.nbm/Mail/Local Folders/info@flips.sbd/Werbung.sbd/Pa13=>(message 14)=>[Subject: Get Permanent Forum Links To Improve Web Presence ][Date: Sat, 18 May 2013 11:21:12 +0300]=>FullDetails.html' is infected with 'Trojan.JS.Redirector.BQO'
Object '/run/media/livecd/Windows XP/e2de32t.nbm/Mail/Local Folders/info@ nbm.sbd/Werbung.sbd/Pa12=>(message 9)=>[Subject: How To Get Quality Targeted Visitors For Free][Date: Sat, 22 Jan 2011 00:46:29 -0800]=>hitbooster.htm' is infected with 'Trojan.Script.499890'
Object '/run/media/livecd/Windows XP/e2de32t.nbm/Mail/Local Folders/info@ nbm.sbd/Werbung.sbd/Pa12=>(message 15)=>[Subject: How would you like unlimited hits to your website 15 minut][Date: Tue, 28 Feb 2012 07:21:32 -0800]=>hitbooster.htm' is infected with 'Trojan.Script.499890'
Object '/run/media/livecd/Windows XP/e2de32t.nbm/Mail/Local Folders/info@ nbm.sbd/Werbung.sbd/Pa13=>(message 0)=>[Subject: Get Permanent Forum Links To Improve Web Presence ][Date: Wed, 24 Apr 2013 22:24:39 +0300]=>FullDetails.html' is infected with 'Trojan.JS.Redirector.BQO'
Object '/run/media/livecd/Windows XP/e2de32t.nbm/Mail/Local Folders/info@ nbm.sbd/Werbung.sbd/Pa13=>(message 7)=>[Subject: Want to Build Perfectly SEO Optimized Page ][Date: Sun, 28 Apr 2013 09:29:50 +0300]=>FullDetails.html' is infected with 'Trojan.JS.Redirector.BQO'
Object '/run/media/livecd/Absicherung Daten/email/.thunderbird/e2de32t.nbm/Mail/Local Folders/info@flips.sbd/Werbung.sbd/Pa12=>(message 0)=>[Subject: How would you like unlimited hits to your website 15 minut][Date: Wed, 04 Jan 2012 01:18:32 -0800]=>hitbooster.htm' is infected with 'Trojan.Script.499890'
Object '/run/media/livecd/Absicherung Daten/email/.thunderbird/e2de32t.nbm/Mail/Local Folders/info@flips.sbd/Werbung.sbd/Pa12=>(message 1)=>[Subject: receive more traffic by gaining a higher position in searc][Date: Wed, 04 Jan 2012 17:34:32 -0800]=>LinkDirectorySubmitter.htm' is infected with 'Trojan.Script.506737'
Object '/run/media/livecd/Absicherung Daten/email/.thunderbird/e2de32t.nbm/Mail/Local Folders/info@flips.sbd/Werbung.sbd/Pa12=>(message 4)=>[Subject: You have made $30][Date: Mon, 16 Jan 2012 09:50:17 -0800]=>CashCreation.htm' is infected with 'Trojan.Script.603497'
Object '/run/media/livecd/Absicherung Daten/email/.thunderbird/e2de32t.nbm/Mail/Local Folders/info@flips.sbd/Werbung.sbd/Pa12=>(message 7)=>[Subject: How To Get Quality Targeted Visitors For Free][Date: Fri, 20 Jan 2012 01:35:15 -0800]=>hitbooster.htm' is infected with 'Trojan.Script.499890'
Object '/run/media/livecd/Absicherung Daten/email/.thunderbird/e2de32t.nbm/Mail/Local Folders/info@flips.sbd/Werbung.sbd/Pa12=>(message 8)=>[Subject: divert 1000s of fresh new visitors daily to Your web site][Date: Thu, 19 Jan 2012 06:58:56 -0800]=>InstantBooster.htm' is infected with 'Trojan.Script.505255'
Object '/run/media/livecd/Absicherung Daten/email/.thunderbird/e2de32t.nbm/Mail/Local Folders/info@flips.sbd/Werbung.sbd/Pa12=>(message 10)=>[Subject: Make money on eBay 99% automatically!][Date: Fri, 21 Jan 2011 10:26:43 -0800]=>eBayCashMachine.htm' is infected with 'Trojan.Script.505259'
Object '/run/media/livecd/Absicherung Daten/email/.thunderbird/e2de32t.nbm/Mail/Local Folders/info@flips.sbd/Werbung.sbd/Pa12=>(message 12)=>[Subject: Start earning 15 minutes from now][Date: Tue, 21 Feb 2012 08:32:01 -0800]=>CashCreation.htm' is infected with 'Trojan.Script.603497'
Object '/run/media/livecd/Absicherung Daten/email/.thunderbird/e2de32t.nbm/Mail/Local Folders/info@flips.sbd/Werbung.sbd/Pa12=>(message 14)=>[Subject: Can you afford to lose 300,000 potential customers per yea][Date: Sat, 25 Feb 2012 12:50:05 -0800]=>InstantBooster.htm' is infected with 'Trojan.Script.505255'
Object '/run/media/livecd/Absicherung Daten/email/.thunderbird/e2de32t.nbm/Mail/Local Folders/info@flips.sbd/Werbung.sbd/Pa12=>(message 16)=>[Subject: Make money on eBay 99% automatically!][Date: Mon, 27 Feb 2012 13:42:09 -0800]=>eBayCashMachine.htm' is infected with 'Trojan.Script.505259'
Object '/run/media/livecd/Absicherung Daten/email/.thunderbird/e2de32t.nbm/Mail/Local Folders/info@flips.sbd/Werbung.sbd/Pa12=>(message 17)=>[Subject: Have your own website traffic generator][Date: Tue, 28 Feb 2012 07:41:21 -0800]=>hitbooster.htm' is infected with 'Trojan.Script.499890'
Object '/run/media/livecd/Absicherung Daten/email/.thunderbird/e2de32t.nbm/Mail/Local Folders/info@flips.sbd/Werbung.sbd/Pa12=>(message 19)=>[Subject: receive more traffic by gaining a higher position in searc][Date: Wed, 29 Feb 2012 02:14:26 -0800]=>LinkDirectorySubmitter.htm' is infected with 'Trojan.Script.506737'
Object '/run/media/livecd/Absicherung Daten/email/.thunderbird/e2de32t.nbm/Mail/Local Folders/info@flips.sbd/Werbung.sbd/Pa13=>(message 8)=>[Subject: Alexa Rank Service to Increase Alexa Ranking][Date: Sun, 28 Apr 2013 04:00:07 -0700]=>FullDetails.html' is infected with 'Trojan.JS.Redirector.BQO'
Object '/run/media/livecd/Absicherung Daten/email/.thunderbird/e2de32t.nbm/Mail/Local Folders/info@flips.sbd/Werbung.sbd/Pa13=>(message 9)=>[Subject: Get Permanent Forum Links To Improve Web Presence ][Date: Sun, 28 Apr 2013 23:07:30 +0300]=>FullDetails.html' is infected with 'Trojan.JS.Redirector.BQO'
Object '/run/media/livecd/Absicherung Daten/email/.thunderbird/e2de32t.nbm/Mail/Local Folders/info@flips.sbd/Werbung.sbd/Pa13=>(message 10)=>[Subject: Alexa Rank Service to Increase Alexa Ranking][Date: Sat, 04 May 2013 02:16:59 -0700]=>FullDetails.html' is infected with 'Trojan.JS.Redirector.BQO'
Object '/run/media/livecd/Absicherung Daten/email/.thunderbird/e2de32t.nbm/Mail/Local Folders/info@flips.sbd/Werbung.sbd/Pa13=>(message 12)=>[Subject: Start promoting your new website][Date: Thu, 09 May 2013 04:31:40 +0300]=>FullDetails.html' is infected with 'Trojan.JS.Redirector.BQO'
Object '/run/media/livecd/Absicherung Daten/email/.thunderbird/e2de32t.nbm/Mail/Local Folders/info@flips.sbd/Werbung.sbd/Pa13=>(message 13)=>[Subject: Enter Data Online][Date: Fri, 10 May 2013 01:35:34 +0300]=>FullDetails.html' is infected with 'Trojan.HTML.Redirector.DD'
Object '/run/media/livecd/Absicherung Daten/email/.thunderbird/e2de32t.nbm/Mail/Local Folders/info@flips.sbd/Werbung.sbd/Pa13=>(message 14)=>[Subject: Get Permanent Forum Links To Improve Web Presence ][Date: Sat, 18 May 2013 11:21:12 +0300]=>FullDetails.html' is infected with 'Trojan.JS.Redirector.BQO'
Object '/run/media/livecd/Absicherung Daten/email/.thunderbird/e2de32t.nbm/Mail/Local Folders/info@nbm.sbd/Werbung.sbd/Pa12=>(message 9)=>[Subject: How To Get Quality Targeted Visitors For Free][Date: Sat, 22 Jan 2011 00:46:29 -0800]=>hitbooster.htm' is infected with 'Trojan.Script.499890'
Object '/run/media/livecd/Absicherung Daten/email/.thunderbird/e2de32t.nbm/Mail/Local Folders/info@nbm.sbd/Werbung.sbd/Pa12=>(message 15)=>[Subject: How would you like unlimited hits to your website 15 minut][Date: Tue, 28 Feb 2012 07:21:32 -0800]=>hitbooster.htm' is infected with 'Trojan.Script.499890'
Object '/run/media/livecd/Absicherung Daten/email/.thunderbird/e2de32t.nbm/Mail/Local Folders/info@nbm.sbd/Werbung.sbd/Pa13=>(message 0)=>[Subject: Get Permanent Forum Links To Improve Web Presence ][Date: Wed, 24 Apr 2013 22:24:39 +0300]=>FullDetails.html' is infected with 'Trojan.JS.Redirector.BQO'
Object '/run/media/livecd/Absicherung Daten/email/.thunderbird/e2de32t.nbm/Mail/Local Folders/info@nbm.sbd/Werbung.sbd/Pa13=>(message 7)=>[Subject: Want to Build Perfectly SEO Optimized Page ][Date: Sun, 28 Apr 2013 09:29:50 +0300]=>FullDetails.html' is infected with 'Trojan.JS.Redirector.BQO'
Object '/run/media/livecd/Absicherung Daten/email/.thunderbird/e2de32t.nbm/Mail/Local Folders/info@rechnungen.sbd/Werbung.sbd/Pa11=>(message 0)=>[Subject: Y o u r - A D - o n - 2  - M i l l i o n - W e b s i t e s][Date: Mon, 05 Dec 2011 13:05:13 -0800]=>BlogBlaster.htm' is infected with 'Trojan.Script.499892'
Object '/run/media/livecd/Absicherung Daten/email/.thunderbird/e2de32t.nbm/Mail/Local Folders/info@rechnungen.sbd/Werbung.sbd/Pa11=>(message 11)=>[Subject: How would you like 2 Million Sites linking to your ad ?][Date: Fri, 16 Dec 2011 01:48:33 -0800]=>BlogBlaster.htm' is infected with 'Trojan.Script.499892'
Object '/run/media/livecd/Absicherung Daten/email/.thunderbird/e2de32t.nbm/Mail/Local Folders/info@rechnungen.sbd/Werbung.sbd/Pa12=>(message 0)=>[Subject: Start earning 15 minutes from now][Date: Wed, 04 Jan 2012 11:50:51 -0800]=>eBayCashMachine.htm' is infected with 'Trojan.Script.505259'
Object '/run/media/livecd/Absicherung Daten/email/.thunderbird/e2de32t.nbm/Mail/Local Folders/info@rechnungen.sbd/Werbung.sbd/Pa12=>(message 1)=>[Subject: Submit to 2700+ quality directories][Date: Wed, 04 Jan 2012 18:53:07 -0800]=>LinkDirectorySubmitter.htm' is infected with 'Trojan.Script.506737'
Object '/run/media/livecd/Absicherung Daten/email/.thunderbird/e2de32t.nbm/Mail/Local Folders/info@rechnungen.sbd/Werbung.sbd/Pa12=>(message 3)=>[Subject: Make $15 in 15 minutes with surveys][Date: Mon, 16 Jan 2012 09:04:37 -0800]=>CashCreation.htm' is infected with 'Trojan.Script.603497'
Object '/run/media/livecd/Absicherung Daten/email/.thunderbird/e2de32t.nbm/Mail/Local Folders/info@rechnungen.sbd/Werbung.sbd/Pa12=>(message 6)=>[Subject: divert 1000s of fresh new visitors daily to Your web site][Date: Thu, 19 Jan 2012 23:28:24 -0800]=>InstantBooster.htm' is infected with 'Trojan.Script.505255'
Object '/run/media/livecd/Absicherung Daten/email/.thunderbird/e2de32t.nbm/Mail/Local Folders/info@rechnungen.sbd/Werbung.sbd/Pa12=>(message 7)=>[Subject: How To Get Quality Targeted Visitors For Free][Date: Thu, 19 Jan 2012 03:33:08 -0800]=>hitbooster.htm' is infected with 'Trojan.Script.499890'
Object '/run/media/livecd/Absicherung Daten/email/.thunderbird/e2de32t.nbm/Mail/Local Folders/info@rechnungen.sbd/Werbung.sbd/Pa12=>(message 9)=>[Subject: Make money on eBay 99% automatically!][Date: Fri, 21 Jan 2011 20:21:18 -0800]=>eBayCashMachine.htm' is infected with 'Trojan.Script.505259'
Object '/run/media/livecd/Absicherung Daten/email/.thunderbird/e2de32t.nbm/Mail/Local Folders/info@rechnungen.sbd/Werbung.sbd/Pa12=>(message 10)=>[Subject: receive more traffic by gaining a higher position in searc][Date: Sun, 22 Jan 2012 19:48:50 -0800]=>LinkDirectorySubmitter.htm' is infected with 'Trojan.Script.506737'
Object '/run/media/livecd/Absicherung Daten/email/.thunderbird/e2de32t.nbm/Mail/Local Folders/info@rechnungen.sbd/Werbung.sbd/Pa12=>(message 11)=>[Subject: Instantly boost your website's traffic][Date: Thu, 16 Feb 2012 23:48:31 -0800]=>InstantBooster.htm' is infected with 'Trojan.Script.505255'
Object '/run/media/livecd/Absicherung Daten/email/.thunderbird/e2de32t.nbm/Mail/Local Folders/info@rechnungen.sbd/Werbung.sbd/Pa12=>(message 14)=>[Subject: divert 1000s of fresh new visitors daily to Your web site][Date: Sat, 25 Feb 2012 18:16:52 -0800]=>InstantBooster.htm' is infected with 'Trojan.Script.505255'
Object '/run/media/livecd/Absicherung Daten/email/.thunderbird/e2de32t.nbm/Mail/Local Folders/info@rechnungen.sbd/Werbung.sbd/Pa12=>(message 16)=>[Subject: Make money on eBay 99% automatically!][Date: Mon, 27 Feb 2012 05:12:07 -0800]=>eBayCashMachine.htm' is infected with 'Trojan.Script.505259'
Object '/run/media/livecd/Absicherung Daten/email/.thunderbird/e2de32t.nbm/Mail/Local Folders/info@rechnungen.sbd/Werbung.sbd/Pa12=>(message 19)=>[Subject: receive more traffic by gaining a higher position in searc][Date: Wed, 29 Feb 2012 08:07:00 -0800]=>LinkDirectorySubmitter.htm' is infected with 'Trojan.Script.506737'
Object '/run/media/livecd/Absicherung Daten/email/.thunderbird/e2de32t.nbm/Mail/Local Folders/info@sms.sbd/Werbung.sbd/Pa12=>(message 2)=>[Subject: How To Get Quality Targeted Visitors For Free][Date: Thu, 20 Jan 2011 23:11:02 -0800]=>hitbooster.htm' is infected with 'Trojan.Script.499890'
Object '/run/media/livecd/Absicherung Daten/email/.thunderbird/e2de32t.nbm/Mail/Local Folders/info@sms.sbd/Werbung.sbd/Pa12=>(message 9)=>[Subject: How would you like unlimited hits to your website 15 minut][Date: Mon, 27 Feb 2012 14:15:19 -0800]=>hitbooster.htm' is infected with 'Trojan.Script.499890'
Object '/run/media/livecd/Absicherung Daten/email/.thunderbird/e2de32t.nbm/Mail/Local Folders/info@sms.sbd/Werbung.sbd/Pa13=>(message 7)=>[Subject: Get Permanent Forum Links To Improve Web Presence ][Date: Thu, 25 Apr 2013 11:26:12 +0300]=>FullDetails.html' is infected with 'Trojan.JS.Redirector.BQO'
Object '/run/media/livecd/Absicherung Daten/email/.thunderbird/e2de32t.nbm/Mail/Local Folders/info@sms.sbd/Werbung.sbd/Pa13=>(message 8)=>[Subject: Get Permanent Forum Links To Improve Web Presence ][Date: Fri, 26 Apr 2013 14:08:31 +0300]=>FullDetails.html' is infected with 'Trojan.JS.Redirector.BQO'
Object '/run/media/livecd/Absicherung Daten/email/.thunderbird/e2de32t.nbm/Mail/Local Folders/info@sms.sbd/Werbung.sbd/Pa13=>(message 10)=>[Subject: Enter Data Online][Date: Sat, 27 Apr 2013 23:57:07 +0300]=>FullDetails.html' is infected with 'Trojan.HTML.Redirector.DD'
Object '/run/media/livecd/Absicherung Daten/email/.thunderbird/e2de32t.nbm/Mail/Local Folders/info@sms.sbd/Werbung.sbd/Pa13=>(message 11)=>[Subject: Want to Build Perfectly SEO Optimized Page ][Date: Sun, 28 Apr 2013 19:46:06 +0300]=>FullDetails.html' is infected with 'Trojan.JS.Redirector.BQO'
Object '/run/media/livecd/Absicherung Daten/email/.thunderbird/e2de32t.nbm/Mail/Local Folders/info@sms.sbd/Werbung.sbd/Pa13=>(message 16)=>[Subject: Get Found Online, Get More Customers][Date: Wed, 03 Apr 2013 22:02:58 -0800]=>FullDetails.html' is infected with 'Trojan.JS.Redirector.BQO'
Object '/run/media/livecd/Absicherung Daten/email/.thunderbird/e2de32t.nbm/Mail/Local Folders/info@sms.sbd/Werbung.sbd/Pa13=>(message 19)=>[Subject: Get Permanent Forum Links To Improve Web Presence ][Date: Thu, 11 Apr 2013 22:26:27 +0300]=>FullDetails.html' is infected with 'Trojan.JS.Redirector.BQO'
Object '/run/media/livecd/Absicherung Daten/email/.thunderbird/e2de32t.nbm/Mail/Local Folders/info@sms.sbd/Werbung.sbd/Pa13=>(message 26)=>[Subject: Get Permanent Forum Links To Improve Web Presence ][Date: Thu, 16 May 2013 00:18:06 +0300]=>FullDetails.html' is infected with 'Trojan.JS.Redirector.BQO'
Object '/run/media/livecd/Absicherung Daten/email/.thunderbird/e2de32t.nbm/Mail/Local Folders/info@sms.sbd/Werbung.sbd/Pa13=>(message 30)=>[Subject: Enter Data Online][Date: Wed, 22 May 2013 00:49:01 +0300]=>FullDetails.html' is infected with 'Trojan.HTML.Redirector.DD'
Object '/run/media/livecd/Absicherung Daten/email/.thunderbird/e2de32t.nbm/Mail/Local Folders/info@sms.sbd/Werbung.sbd/Pa13=>(message 32)=>[Subject: Enter Data Online][Date: Wed, 26 Jun 2013 05:59:07 +0300]=>FullDetails.html' is infected with 'Trojan.HTML.Redirector.DD'
Object '/run/media/livecd/Absicherung Daten/email/.thunderbird/e2de32t.nbm/Mail/Local Folders/info@sms.sbd/Werbung.sbd/Pa13=>(message 34)=>[Subject: Increase Organic Traffic][Date: Wed, 26 Jun 2013 17:43:01 -0700]=>FullDetails.html' is infected with ''
Object '/run/media/livecd/Absicherung Daten/email/.thunderbird/e2de32t.nbm/Mail/Local Folders/info@sms.sbd/Werbung.sbd/Pa13=>(message 36)=>[Subject: Get Permanent Forum Links To Improve Web Presence ][Date: Fri, 28 Jun 2013 01:05:39 +0300]=>FullDetails.html' is infected with 'Trojan.JS.Redirector.BQO'
Object '/run/media/livecd/Absicherung Daten/email/.thunderbird/e2de32t.nbm/Mail/Local Folders/info@sms.sbd/Werbung.sbd/Pa13=>(message 37)=>[Subject: Increase Organic Traffic][Date: Sat, 29 Jun 2013 15:15:43 -0700]=>FullDetails.html' is infected with 'Trojan.HTML.Redirector.DD'
Object '/run/media/livecd/Absicherung Daten/CB5126902W/2018-02-24--21-57-05_14.6.A.1.236/data.ext4.win000=>/data/data/com.google.android.gms/files/locale-filtered-resources--713762890-de.zip=>resources.arsc' is infected with 'Android.Monitor.Spyera.A'
Object '/run/media/livecd/Absicherung Daten/CB5126902W/2018-02-24--21-57-05_14.6.A.1.236/data.ext4.win000=>/data/app/com.google.android.gms-1/base.apk=>META-INF/MANIFEST.MF' is infected with 'Android.Monitor.Spyera.A'
Object '/run/media/livecd/Absicherung Daten/CB5126902W/2018-04-29--17-04-16_14.6.A.1.236/data.ext4.win000=>/data/data/com.google.android.gms/files/locale-filtered-resources-1204674557-de.zip=>resources.arsc' is infected with 'Android.Monitor.Spyera.A'
Object '/run/media/livecd/Absicherung Daten/CB5126902W/2018-04-29--17-04-16_14.6.A.1.236/data.ext4.win000=>/data/app/com.google.android.gms-2/base.apk=>META-INF/MANIFEST.MF' is infected with 'Android.Monitor.Spyera.A'
Object '/run/media/livecd/Windows 7 Professional 64 Bit/Users/nbm/Desktop/email/.thunderbird/e2de32t.nbm/Mail/Local Folders/info@flips.sbd/Werbung.sbd/Pa12=>(message 0)=>[Subject: How would you like unlimited hits to your website 15 minut][Date: Wed, 04 Jan 2012 01:18:32 -0800]=>hitbooster.htm' is infected with 'Trojan.Script.499890'
Object '/run/media/livecd/Windows 7 Professional 64 Bit/Users/nbm/Desktop/email/.thunderbird/e2de32t.nbm/Mail/Local Folders/info@flips.sbd/Werbung.sbd/Pa12=>(message 1)=>[Subject: receive more traffic by gaining a higher position in searc][Date: Wed, 04 Jan 2012 17:34:32 -0800]=>LinkDirectorySubmitter.htm' is infected with 'Trojan.Script.506737'
Object '/run/media/livecd/Windows 7 Professional 64 Bit/Users/nbm/Desktop/email/.thunderbird/e2de32t.nbm/Mail/Local Folders/info@flips.sbd/Werbung.sbd/Pa12=>(message 4)=>[Subject: You have made $30][Date: Mon, 16 Jan 2012 09:50:17 -0800]=>CashCreation.htm' is infected with 'Trojan.Script.603497'
Object '/run/media/livecd/Windows 7 Professional 64 Bit/Users/nbm/Desktop/email/.thunderbird/e2de32t.nbm/Mail/Local Folders/info@flips.sbd/Werbung.sbd/Pa12=>(message 7)=>[Subject: How To Get Quality Targeted Visitors For Free][Date: Fri, 20 Jan 2012 01:35:15 -0800]=>hitbooster.htm' is infected with 'Trojan.Script.499890'
Object '/run/media/livecd/Windows 7 Professional 64 Bit/Users/nbm/Desktop/email/.thunderbird/e2de32t.nbm/Mail/Local Folders/info@flips.sbd/Werbung.sbd/Pa12=>(message 8)=>[Subject: divert 1000s of fresh new visitors daily to Your web site][Date: Thu, 19 Jan 2012 06:58:56 -0800]=>InstantBooster.htm' is infected with 'Trojan.Script.505255'
Object '/run/media/livecd/Windows 7 Professional 64 Bit/Users/nbm/Desktop/email/.thunderbird/e2de32t.nbm/Mail/Local Folders/info@flips.sbd/Werbung.sbd/Pa12=>(message 10)=>[Subject: Make money on eBay 99% automatically!][Date: Fri, 21 Jan 2011 10:26:43 -0800]=>eBayCashMachine.htm' is infected with 'Trojan.Script.505259'
Object '/run/media/livecd/Windows 7 Professional 64 Bit/Users/nbm/Desktop/email/.thunderbird/e2de32t.nbm/Mail/Local Folders/info@flips.sbd/Werbung.sbd/Pa12=>(message 12)=>[Subject: Start earning 15 minutes from now][Date: Tue, 21 Feb 2012 08:32:01 -0800]=>CashCreation.htm' is infected with 'Trojan.Script.603497'
Object '/run/media/livecd/Windows 7 Professional 64 Bit/Users/nbm/Desktop/email/.thunderbird/e2de32t.nbm/Mail/Local Folders/info@flips.sbd/Werbung.sbd/Pa12=>(message 14)=>[Subject: Can you afford to lose 300,000 potential customers per yea][Date: Sat, 25 Feb 2012 12:50:05 -0800]=>InstantBooster.htm' is infected with 'Trojan.Script.505255'
Object '/run/media/livecd/Windows 7 Professional 64 Bit/Users/nbm/Desktop/email/.thunderbird/e2de32t.nbm/Mail/Local Folders/info@flips.sbd/Werbung.sbd/Pa12=>(message 16)=>[Subject: Make money on eBay 99% automatically!][Date: Mon, 27 Feb 2012 13:42:09 -0800]=>eBayCashMachine.htm' is infected with 'Trojan.Script.505259'
Object '/run/media/livecd/Windows 7 Professional 64 Bit/Users/nbm/Desktop/email/.thunderbird/e2de32t.nbm/Mail/Local Folders/info@flips.sbd/Werbung.sbd/Pa12=>(message 17)=>[Subject: Have your own website traffic generator][Date: Tue, 28 Feb 2012 07:41:21 -0800]=>hitbooster.htm' is infected with 'Trojan.Script.499890'
Object '/run/media/livecd/Windows 7 Professional 64 Bit/Users/nbm/Desktop/email/.thunderbird/e2de32t.nbm/Mail/Local Folders/info@flips.sbd/Werbung.sbd/Pa12=>(message 19)=>[Subject: receive more traffic by gaining a higher position in searc][Date: Wed, 29 Feb 2012 02:14:26 -0800]=>LinkDirectorySubmitter.htm' is infected with 'Trojan.Script.506737'
Object '/run/media/livecd/Windows 7 Professional 64 Bit/Users/nbm/Desktop/email/.thunderbird/e2de32t.nbm/Mail/Local Folders/info@flips.sbd/Werbung.sbd/Pa13=>(message 8)=>[Subject: Alexa Rank Service to Increase Alexa Ranking][Date: Sun, 28 Apr 2013 04:00:07 -0700]=>FullDetails.html' is infected with 'Trojan.JS.Redirector.BQO'
Object '/run/media/livecd/Windows 7 Professional 64 Bit/Users/nbm/Desktop/email/.thunderbird/e2de32t.nbm/Mail/Local Folders/info@flips.sbd/Werbung.sbd/Pa13=>(message 9)=>[Subject: Get Permanent Forum Links To Improve Web Presence ][Date: Sun, 28 Apr 2013 23:07:30 +0300]=>FullDetails.html' is infected with 'Trojan.JS.Redirector.BQO'
Object '/run/media/livecd/Windows 7 Professional 64 Bit/Users/nbm/Desktop/email/.thunderbird/e2de32t.nbm/Mail/Local Folders/info@flips.sbd/Werbung.sbd/Pa13=>(message 10)=>[Subject: Alexa Rank Service to Increase Alexa Ranking][Date: Sat, 04 May 2013 02:16:59 -0700]=>FullDetails.html' is infected with 'Trojan.JS.Redirector.BQO'
Object '/run/media/livecd/Windows 7 Professional 64 Bit/Users/nbm/Desktop/email/.thunderbird/e2de32t.nbm/Mail/Local Folders/info@flips.sbd/Werbung.sbd/Pa13=>(message 12)=>[Subject: Start promoting your new website][Date: Thu, 09 May 2013 04:31:40 +0300]=>FullDetails.html' is infected with 'Trojan.JS.Redirector.BQO'
Object '/run/media/livecd/Windows 7 Professional 64 Bit/Users/nbm/Desktop/email/.thunderbird/e2de32t.nbm/Mail/Local Folders/info@flips.sbd/Werbung.sbd/Pa13=>(message 13)=>[Subject: Enter Data Online][Date: Fri, 10 May 2013 01:35:34 +0300]=>FullDetails.html' is infected with 'Trojan.HTML.Redirector.DD'
Object '/run/media/livecd/Windows 7 Professional 64 Bit/Users/nbm/Desktop/email/.thunderbird/e2de32t.nbm/Mail/Local Folders/info@flips.sbd/Werbung.sbd/Pa13=>(message 14)=>[Subject: Get Permanent Forum Links To Improve Web Presence ][Date: Sat, 18 May 2013 11:21:12 +0300]=>FullDetails.html' is infected with 'Trojan.JS.Redirector.BQO'
Object '/run/media/livecd/Windows 7 Professional 64 Bit/Users/nbm/Desktop/email/.thunderbird/e2de32t.nbm/Mail/Local Folders/info@ nbm.sbd/Werbung.sbd/Pa12=>(message 9)=>[Subject: How To Get Quality Targeted Visitors For Free][Date: Sat, 22 Jan 2011 00:46:29 -0800]=>hitbooster.htm' is infected with 'Trojan.Script.499890'
Object '/run/media/livecd/Windows 7 Professional 64 Bit/Users/nbm/Desktop/email/.thunderbird/e2de32t.nbm/Mail/Local Folders/info@ nbm.sbd/Werbung.sbd/Pa12=>(message 15)=>[Subject: How would you like unlimited hits to your website 15 minut][Date: Tue, 28 Feb 2012 07:21:32 -0800]=>hitbooster.htm' is infected with 'Trojan.Script.499890'
Object '/run/media/livecd/Windows 7 Professional 64 Bit/Users/nbm/Desktop/email/.thunderbird/e2de32t.nbm/Mail/Local Folders/info@ nbm.sbd/Werbung.sbd/Pa13=>(message 0)=>[Subject: Get Permanent Forum Links To Improve Web Presence ][Date: Wed, 24 Apr 2013 22:24:39 +0300]=>FullDetails.html' is infected with 'Trojan.JS.Redirector.BQO'
Object '/run/media/livecd/Windows 7 Professional 64 Bit/Users/nbm/Desktop/email/.thunderbird/e2de32t.nbm/Mail/Local Folders/info@ nbm.sbd/Werbung.sbd/Pa13=>(message 7)=>[Subject: Want to Build Perfectly SEO Optimized Page ][Date: Sun, 28 Apr 2013 09:29:50 +0300]=>FullDetails.html' is infected with 'Trojan.JS.Redirector.BQO'
Object '/run/media/livecd/Windows 7 Professional 64 Bit/Users/nbm/Desktop/email/.thunderbird/e2de32t.nbm/Mail/Local Folders/info@rechnungen.sbd/Werbung.sbd/Pa11=>(message 0)=>[Subject: Y o u r - A D - o n - 2  - M i l l i o n - W e b s i t e s][Date: Mon, 05 Dec 2011 13:05:13 -0800]=>BlogBlaster.htm' is infected with 'Trojan.Script.499892'
Object '/run/media/livecd/Windows 7 Professional 64 Bit/Users/nbm/Desktop/email/.thunderbird/e2de32t.nbm/Mail/Local Folders/info@rechnungen.sbd/Werbung.sbd/Pa11=>(message 11)=>[Subject: How would you like 2 Million Sites linking to your ad ?][Date: Fri, 16 Dec 2011 01:48:33 -0800]=>BlogBlaster.htm' is infected with 'Trojan.Script.499892'
Object '/run/media/livecd/Windows 7 Professional 64 Bit/Users/nbm/Desktop/email/.thunderbird/e2de32t.nbm/Mail/Local Folders/info@rechnungen.sbd/Werbung.sbd/Pa12=>(message 0)=>[Subject: Start earning 15 minutes from now][Date: Wed, 04 Jan 2012 11:50:51 -0800]=>eBayCashMachine.htm' is infected with 'Trojan.Script.505259'
Object '/run/media/livecd/Windows 7 Professional 64 Bit/Users/nbm/Desktop/email/.thunderbird/e2de32t.nbm/Mail/Local Folders/info@rechnungen.sbd/Werbung.sbd/Pa12=>(message 1)=>[Subject: Submit to 2700+ quality directories][Date: Wed, 04 Jan 2012 18:53:07 -0800]=>LinkDirectorySubmitter.htm' is infected with 'Trojan.Script.506737'
Object '/run/media/livecd/Windows 7 Professional 64 Bit/Users/nbm/Desktop/email/.thunderbird/e2de32t.nbm/Mail/Local Folders/info@rechnungen.sbd/Werbung.sbd/Pa12=>(message 3)=>[Subject: Make $15 in 15 minutes with surveys][Date: Mon, 16 Jan 2012 09:04:37 -0800]=>CashCreation.htm' is infected with 'Trojan.Script.603497'
Object '/run/media/livecd/Windows 7 Professional 64 Bit/Users/nbm/Desktop/email/.thunderbird/e2de32t.nbm/Mail/Local Folders/info@rechnungen.sbd/Werbung.sbd/Pa12=>(message 6)=>[Subject: divert 1000s of fresh new visitors daily to Your web site][Date: Thu, 19 Jan 2012 23:28:24 -0800]=>InstantBooster.htm' is infected with 'Trojan.Script.505255'
Object '/run/media/livecd/Windows 7 Professional 64 Bit/Users/nbm/Desktop/email/.thunderbird/e2de32t.nbm/Mail/Local Folders/info@rechnungen.sbd/Werbung.sbd/Pa12=>(message 7)=>[Subject: How To Get Quality Targeted Visitors For Free][Date: Thu, 19 Jan 2012 03:33:08 -0800]=>hitbooster.htm' is infected with 'Trojan.Script.499890'
Object '/run/media/livecd/Windows 7 Professional 64 Bit/Users/nbm/Desktop/email/.thunderbird/e2de32t.nbm/Mail/Local Folders/info@rechnungen.sbd/Werbung.sbd/Pa12=>(message 9)=>[Subject: Make money on eBay 99% automatically!][Date: Fri, 21 Jan 2011 20:21:18 -0800]=>eBayCashMachine.htm' is infected with 'Trojan.Script.505259'
Object '/run/media/livecd/Windows 7 Professional 64 Bit/Users/nbm/Desktop/email/.thunderbird/e2de32t.nbm/Mail/Local Folders/info@rechnungen.sbd/Werbung.sbd/Pa12=>(message 10)=>[Subject: receive more traffic by gaining a higher position in searc][Date: Sun, 22 Jan 2012 19:48:50 -0800]=>LinkDirectorySubmitter.htm' is infected with 'Trojan.Script.506737'
Object '/run/media/livecd/Windows 7 Professional 64 Bit/Users/nbm/Desktop/email/.thunderbird/e2de32t.nbm/Mail/Local Folders/info@rechnungen.sbd/Werbung.sbd/Pa12=>(message 11)=>[Subject: Instantly boost your website's traffic][Date: Thu, 16 Feb 2012 23:48:31 -0800]=>InstantBooster.htm' is infected with 'Trojan.Script.505255'
Object '/run/media/livecd/Windows 7 Professional 64 Bit/Users/nbm/Desktop/email/.thunderbird/e2de32t.nbm/Mail/Local Folders/info@rechnungen.sbd/Werbung.sbd/Pa12=>(message 14)=>[Subject: divert 1000s of fresh new visitors daily to Your web site][Date: Sat, 25 Feb 2012 18:16:52 -0800]=>InstantBooster.htm' is infected with 'Trojan.Script.505255'
Object '/run/media/livecd/Windows 7 Professional 64 Bit/Users/nbm/Desktop/email/.thunderbird/e2de32t.nbm/Mail/Local Folders/info@rechnungen.sbd/Werbung.sbd/Pa12=>(message 16)=>[Subject: Make money on eBay 99% automatically!][Date: Mon, 27 Feb 2012 05:12:07 -0800]=>eBayCashMachine.htm' is infected with 'Trojan.Script.505259'
Object '/run/media/livecd/Windows 7 Professional 64 Bit/Users/nbm/Desktop/email/.thunderbird/e2de32t.nbm/Mail/Local Folders/info@rechnungen.sbd/Werbung.sbd/Pa12=>(message 19)=>[Subject: receive more traffic by gaining a higher position in searc][Date: Wed, 29 Feb 2012 08:07:00 -0800]=>LinkDirectorySubmitter.htm' is infected with 'Trojan.Script.506737'
Object '/run/media/livecd/Windows 7 Professional 64 Bit/Users/nbm/Desktop/email/.thunderbird/e2de32t.nbm/Mail/Local Folders/info@sms.sbd/Werbung.sbd/Pa12=>(message 2)=>[Subject: How To Get Quality Targeted Visitors For Free][Date: Thu, 20 Jan 2011 23:11:02 -0800]=>hitbooster.htm' is infected with 'Trojan.Script.499890'
Object '/run/media/livecd/Windows 7 Professional 64 Bit/Users/nbm/Desktop/email/.thunderbird/e2de32t.nbm/Mail/Local Folders/info@sms.sbd/Werbung.sbd/Pa12=>(message 9)=>[Subject: How would you like unlimited hits to your website 15 minut][Date: Mon, 27 Feb 2012 14:15:19 -0800]=>hitbooster.htm' is infected with 'Trojan.Script.499890'
Object '/run/media/livecd/Windows 7 Professional 64 Bit/Users/nbm/Desktop/email/.thunderbird/e2de32t.nbm/Mail/Local Folders/info@sms.sbd/Werbung.sbd/Pa13=>(message 7)=>[Subject: Get Permanent Forum Links To Improve Web Presence ][Date: Thu, 25 Apr 2013 11:26:12 +0300]=>FullDetails.html' is infected with 'Trojan.JS.Redirector.BQO'
Object '/run/media/livecd/Windows 7 Professional 64 Bit/Users/nbm/Desktop/email/.thunderbird/e2de32t.nbm/Mail/Local Folders/info@sms.sbd/Werbung.sbd/Pa13=>(message 8)=>[Subject: Get Permanent Forum Links To Improve Web Presence ][Date: Fri, 26 Apr 2013 14:08:31 +0300]=>FullDetails.html' is infected with 'Trojan.JS.Redirector.BQO'
Object '/run/media/livecd/Windows 7 Professional 64 Bit/Users/nbm/Desktop/email/.thunderbird/e2de32t.nbm/Mail/Local Folders/info@sms.sbd/Werbung.sbd/Pa13=>(message 10)=>[Subject: Enter Data Online][Date: Sat, 27 Apr 2013 23:57:07 +0300]=>FullDetails.html' is infected with 'Trojan.HTML.Redirector.DD'
Object '/run/media/livecd/Windows 7 Professional 64 Bit/Users/nbm/Desktop/email/.thunderbird/e2de32t.nbm/Mail/Local Folders/info@sms.sbd/Werbung.sbd/Pa13=>(message 11)=>[Subject: Want to Build Perfectly SEO Optimized Page ][Date: Sun, 28 Apr 2013 19:46:06 +0300]=>FullDetails.html' is infected with 'Trojan.JS.Redirector.BQO'
Object '/run/media/livecd/Windows 7 Professional 64 Bit/Users/nbm/Desktop/email/.thunderbird/e2de32t.nbm/Mail/Local Folders/info@sms.sbd/Werbung.sbd/Pa13=>(message 16)=>[Subject: Get Found Online, Get More Customers][Date: Wed, 03 Apr 2013 22:02:58 -0800]=>FullDetails.html' is infected with 'Trojan.JS.Redirector.BQO'
Object '/run/media/livecd/Windows 7 Professional 64 Bit/Users/nbm/Desktop/email/.thunderbird/e2de32t.nbm/Mail/Local Folders/info@sms.sbd/Werbung.sbd/Pa13=>(message 19)=>[Subject: Get Permanent Forum Links To Improve Web Presence ][Date: Thu, 11 Apr 2013 22:26:27 +0300]=>FullDetails.html' is infected with 'Trojan.JS.Redirector.BQO'
Object '/run/media/livecd/Windows 7 Professional 64 Bit/Users/nbm/Desktop/email/.thunderbird/e2de32t.nbm/Mail/Local Folders/info@sms.sbd/Werbung.sbd/Pa13=>(message 26)=>[Subject: Get Permanent Forum Links To Improve Web Presence ][Date: Thu, 16 May 2013 00:18:06 +0300]=>FullDetails.html' is infected with 'Trojan.JS.Redirector.BQO'
Object '/run/media/livecd/Windows 7 Professional 64 Bit/Users/nbm/Desktop/email/.thunderbird/e2de32t.nbm/Mail/Local Folders/info@sms.sbd/Werbung.sbd/Pa13=>(message 30)=>[Subject: Enter Data Online][Date: Wed, 22 May 2013 00:49:01 +0300]=>FullDetails.html' is infected with 'Trojan.HTML.Redirector.DD'
Object '/run/media/livecd/Windows 7 Professional 64 Bit/Users/nbm/Desktop/email/.thunderbird/e2de32t.nbm/Mail/Local Folders/info@sms.sbd/Werbung.sbd/Pa13=>(message 32)=>[Subject: Enter Data Online][Date: Wed, 26 Jun 2013 05:59:07 +0300]=>FullDetails.html' is infected with 'Trojan.HTML.Redirector.DD'
Object '/run/media/livecd/Windows 7 Professional 64 Bit/Users/nbm/Desktop/email/.thunderbird/e2de32t.nbm/Mail/Local Folders/info@sms.sbd/Werbung.sbd/Pa13=>(message 34)=>[Subject: Increase Organic Traffic][Date: Wed, 26 Jun 2013 17:43:01 -0700]=>FullDetails.html' is infected with 'Trojan.HTML.Redirector.DD'
Object '/run/media/livecd/Windows 7 Professional 64 Bit/Users/nbm/Desktop/email/.thunderbird/e2de32t.nbm/Mail/Local Folders/info@sms.sbd/Werbung.sbd/Pa13=>(message 36)=>[Subject: Get Permanent Forum Links To Improve Web Presence ][Date: Fri, 28 Jun 2013 01:05:39 +0300]=>FullDetails.html' is infected with 'Trojan.JS.Redirector.BQO'
Object '/run/media/livecd/Windows 7 Professional 64 Bit/Users/nbm/Desktop/email/.thunderbird/e2de32t.nbm/Mail/Local Folders/info@sms.sbd/Werbung.sbd/Pa13=>(message 37)=>[Subject: Increase Organic Traffic][Date: Sat, 29 Jun 2013 15:15:43 -0700]=>FullDetails.html' is infected with 'Trojan.HTML.Redirector.DD'
Object '/run/media/livecd/Windows 7 Professional 64 Bit/Users/nbmedia/Desktop/Desktop/netzwerk-tools/ca_setup_4.9.56.exe' is infected with 'Application.Hacktool.NQ'
Object '/run/media/livecd/Windows 7 Professional 64 Bit/Users/nbmedia/Desktop/TorBrowser/Browser/AccessibleMarshal.dll' is infected with 'Gen:Variant.Kazy.360819'

cosinus 17.05.2018 09:59
Die allermeisten Funde sind total irrelevant. Weil irgendwelche Funde in dödligen E-Mails. Die muss man löschen. Relevant ist höchstens das hier:

Code:
Object '/run/media/livecd/Absicherung Daten/CB5126902W/2018-02-24--21-57-05_14.6.A.1.236/data.ext4.win000=>/data/data/com.google.android.gms/files/locale-filtered-resources--713762890-de.zip=>resources.arsc' is infected with 'Android.Monitor.Spyera.A'
Object '/run/media/livecd/Absicherung Daten/CB5126902W/2018-02-24--21-57-05_14.6.A.1.236/data.ext4.win000=>/data/app/com.google.android.gms-1/base.apk=>META-INF/MANIFEST.MF' is infected with 'Android.Monitor.Spyera.A'
Object '/run/media/livecd/Absicherung Daten/CB5126902W/2018-04-29--17-04-16_14.6.A.1.236/data.ext4.win000=>/data/data/com.google.android.gms/files/locale-filtered-resources-1204674557-de.zip=>resources.arsc' is infected with 'Android.Monitor.Spyera.A'
Object '/run/media/livecd/Absicherung Daten/CB5126902W/2018-04-29--17-04-16_14.6.A.1.236/data.ext4.win000=>/data/app/com.google.android.gms-2/base.apk=>META-INF/MANIFEST.MF' is infected with 'Android.Monitor.Spyera.A'
Object '/run/media/livecd/Windows 7 Professional 64 Bit/Users/nbmedia/Desktop/Desktop/netzwerk-tools/ca_setup_4.9.56.exe' is infected with 'Application.Hacktool.NQ'
Object '/run/media/livecd/Windows 7 Professional 64 Bit/Users/nbmedia/Desktop/TorBrowser/Browser/AccessibleMarshal.dll' is infected with 'Gen:Variant.Kazy.360819'
Die ersten vier ist irgendein Android-Müll. Was machst du damit?
Der vorletzte Eintrag ist ein hacktool? ca_setup?
Letzter Eintrag: Müll im Tor-Browser

5lin 17.05.2018 13:38
RE
 
Hallo Cosinus,

Bei den relevanten Einträgen handelt es sich bei den ersten vier Einträgen um ein Backup was mittels twrp erstellt wurde. Bei den ca_setup.exe geht es um cain & Abel wollte das Programm zu Testzwecken ausprobieren um Sicherheitslucken im Netzwerk aufzuspüren. Wie der Müll beim Tor Browser hinzu gekommen ist weiß ich nicht...
Kann ich alles entfernen? Und wäre das Problem mit den Browsern behoben? Gruß

cosinus 17.05.2018 14:29
Die Funde sind alle ziemlich irrelevant.

Das andere FRST-Log muss noch in CODE-Tags gepostet werden.


Lesestoff:
Google Chrome

Offensichtlich nutzt du den Browser Chrome von Google. Ich muss von der Verwendung dieses Browsers aus Datenschutzgründen dringend abraten. Siehe auch Google: Chrome-Browser scannt lokale Dateien auf Windows-PCs

Installiere Mozilla Firefox, damit lassen sich auch Profildaten aus Chrome importieren, anschließend Google Chrome deinstallieren.

5lin 27.05.2018 20:11
RE
 
Hallo sorry das ich mich jetzt erst melde mir ist etwas dazwischen gekommen.

Ich dachte das es durch das beseitigen der Funde besser geworden ist aber irgentwie noch nicht sohabe ich das Gefühl.

Vorab ist das Problem mit Opera und Chrome immernoch nicht behoben und es sind weiterhin die SSL Fehler Zertifikate. Desweiteren habe ich permanent eine Standverbindung zur folgender Ip Adressen



Code:
[System Process]        0        TCP        nbm-pc        49448        fritz.box        http        TIME_WAIT        2        906        2        2.253                                               
[System Process]        0        TCP        nbm-pc        49450        fritz.box        http        TIME_WAIT        1        447        2        1.851                                               
[System Process]        0        TCP        nbm-pc        49456        fritz.box        http        TIME_WAIT        2        894        2        1.880                                               
[System Process]        0        TCP        nbm-pc        49457        fritz.box        http        TIME_WAIT                        1        947                                               
[System Process]        0        TCP        nbm-pc        49458        fritz.box        http        TIME_WAIT                        1        1.336                                               
[System Process]        0        TCP        nbm-pc        49459        fritz.box        http        TIME_WAIT        2        894        2        1.902                                               
[System Process]        0        TCP        nbm-pc        49460        fritz.box        http        TIME_WAIT        2        894        2        1.911                                               
[System Process]        0        TCP        nbm-pc        49462        fritz.box        http        TIME_WAIT        2        906        2        2.299                                               
[System Process]        0        TCP        nbm-pc        49463        fritz.box        http        TIME_WAIT        2        894        2        1.919                                               
[System Process]        0        TCP        nbm-pc        49465        fritz.box        http        TIME_WAIT        1        447        1        968                                               
[System Process]        0        TCP        nbm-pc        49467        fritz.box        http        TIME_WAIT        2        906        2        2.304                                               
[System Process]        0        TCP        nbm-pc        49468        fritz.box        http        TIME_WAIT        2        894        2        1.925                                               
[System Process]        0        TCP        nbm-pc        49469        fritz.box        http        TIME_WAIT        2        894        2        1.907                                               
Agent.exe        1396        TCP        nbm-PC        6864        nbm-PC        0        LISTENING                                                                               
firefox.exe        4664        TCP        nbm-PC        49215        localhost        49216        ESTABLISHED                        4.764        4.764                8                8               
firefox.exe        4664        TCP        nbm-PC        49216        localhost        49215        ESTABLISHED        4.764        4.764                        8                8                       
firefox.exe        4092        TCP        nbm-PC        49217        localhost        49218        ESTABLISHED                        747        747                                               
firefox.exe        4092        TCP        nbm-PC        49218        localhost        49217        ESTABLISHED        747        747                                                               
firefox.exe        4364        TCP        nbm-PC        49219        localhost        49220        ESTABLISHED                        4.911        4.911                                               
firefox.exe        4364        TCP        nbm-PC        49220        localhost        49219        ESTABLISHED        4.911        4.911                                                               
firefox.exe        4828        TCP        nbm-PC        49223        localhost        49224        ESTABLISHED                        4.585        4.585                                               
firefox.exe        4828        TCP        nbm-PC        49224        localhost        49223        ESTABLISHED        4.585        4.585                                                               
firefox.exe        4348        TCP        nbm-PC        49267        localhost        49268        ESTABLISHED                        318        318                                               
firefox.exe        4348        TCP        nbm-PC        49268        localhost        49267        ESTABLISHED        318        318                                                               
firefox.exe        4712        TCP        nbm-PC        49309        localhost        49310        ESTABLISHED                        6.508        6.508                                               
firefox.exe        4712        TCP        nbm-PC        49310        localhost        49309        ESTABLISHED        6.508        6.508                                                               
firefox.exe        4664        TCP        nbm-pc        49444        muc11s12-in-f3.1e100.net        https        ESTABLISHED        8        1.356        10        3.647                                               
firefox.exe        4664        TCP        nbm-pc        49445        fra07s29-in-f3.1e100.net        https        ESTABLISHED        24        3.797        267        341.650                                               
firefox.exe        4664        TCP        nbm-pc        49446        fra07s29-in-f14.1e100.net        https        ESTABLISHED        12        1.518        17        5.793                                               
firefox.exe        4664        TCP        nbm-pc        49447        104.16.192.247        https        ESTABLISHED        7        1.769        10        4.491                                               
firefox.exe        4664        TCP        nbm-pc        49449        151.101.112.133        https        ESTABLISHED        3        474        4        2.636        31        31        1        1               
firefox.exe        4664        TCP        nbm-pc        49451        fra15s11-in-f170.1e100.net        https        ESTABLISHED        13        1.990        44        47.697                                               
firefox.exe        4664        TCP        nbm-pc        49452        muc11s10-in-f10.1e100.net        https        ESTABLISHED        35        3.151        133        237.365                                               
firefox.exe        4664        TCP        nbm-pc        49453        muc11s10-in-f10.1e100.net        https        ESTABLISHED        45        3.863        125        279.410                                               
firefox.exe        4664        TCP        nbm-pc        49454        fra07s29-in-f14.1e100.net        https        ESTABLISHED        67        10.466        110        125.622                                               
firefox.exe        4664        TCP        nbm-pc        49455        fra16s14-in-f3.1e100.net        https        ESTABLISHED        6        595        11        4.297                                               
firefox.exe        4664        TCP        nbmedia-pc        49598        104.16.193.247        https        ESTABLISHED        8        1.815        12        4.565
opera.exe        3216        TCP        nbm-pc        49281        fritz.box        http        ESTABLISHED        55        25.032        81        83.110                                               
opera.exe        3216        TCP        nbm-pc        49318        151.101.112.133        https        ESTABLISHED        4        1.469        478        790.420                                               
opera.exe        3216        TCP        nbm-pc        49319        fritz.box        http        ESTABLISHED                                                                               
opera.exe        3216        TCP        nbm-pc        49320        fritz.box        http        ESTABLISHED        19        8.516        23        21.611                                               
opera.exe        3216        TCP        nbm-pc        49321        fritz.box        http        ESTABLISHED        3        1.365        4        3.880        459               
FRST64.exe        4744        TCP        nbmedia-pc        49481        104.20.129.30        http        ESTABLISHED        1        111        1        420                                               
FRST64.exe        4744        TCP        nbmedia-pc        49482        104.20.59.209        http        ESTABLISHED        1        136        2        778
lsass.exe        584        TCP        nbm-PC        49155        nbm-PC        0        LISTENING                                                                               
lsass.exe        584        TCPV6        nbm-pc        49155        nbm-pc        0        LISTENING                                                                               
services.exe        576        TCP        nbm-PC        49156        nbm-PC        0        LISTENING                                                                               
services.exe        576        TCPV6        nbm-pc        49156        nbm-pc        0        LISTENING                                                                               
svchost.exe        764        TCP        nbm-PC        epmap        nbm-PC        0        LISTENING                                                                               
svchost.exe        864        TCP        nbm-PC        49153        nbm-PC        0        LISTENING                                                                               
svchost.exe        956        TCP        nbm-PC        49154        nbm-PC        0        LISTENING                                                                               
svchost.exe        1572        UDP        nbm-PC        ssdp        *        *                                126        16.758                                               
svchost.exe        764        TCPV6        nbm-pc        epmap        nbm-pc        0        LISTENING                                                                               
svchost.exe        864        TCPV6        nbm-pc        49153        nbm-pc        0        LISTENING                                                                               
svchost.exe        956        TCPV6        nbm-pc        49154        nbm-pc        0        LISTENING                                                                               
svchost.exe        1572        UDPV6        [0:0:0:0:0:0:0:1]        1900        *        *                                                                                       
svchost.exe        864        UDPV6        [fe80:0:0:0:f8aa:daec:42ef:f00d]        546        *        *                                                                                       
svchost.exe        1320        UDP        nbm-PC        llmnr        *        *                                2        44                                               
svchost.exe        1572        UDPV6        [fe80:0:0:0:f8aa:daec:42ef:f00d]        1900        *        *                                                                                       
svchost.exe        1320        UDPV6        nbm-pc        5355        *        *                                                                                       
svchost.exe        1572        UDP        nbm-pc        ssdp        *        *                                                                                       
svchost.exe        1572        UDP        nbm-PC        61466        *        *                8        1.064                                                               
svchost.exe        1572        UDPV6        [0:0:0:0:0:0:0:1]        61465        *        *                                2        2                                               
wininit.exe        476        TCP        nbm-PC        49152        nbm-PC        0        LISTENING                                                                               
wininit.exe        476        TCPV6        nbm-pc        49152        nbm-pc        0        LISTENING
Die FRST.txt Datei packe ich auch gleich dazu
Code:
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 06.05.2018 01
durchgeführt von nbm (Administrator) auf nbm-PC (27-05-2018 20:47:57)
Gestartet von C:\Users\nbm\Desktop
Geladene Profile: nbm (Verfügbare Profile: nbm & user & nico)
Platform: Windows 7 Professional Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(SHADOWDEFENDER.COM) C:\Program Files\Shadow Defender\Service.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(SHADOWDEFENDER.COM) C:\Program Files\Shadow Defender\DefenderDaemon.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe
(Sysinternals - www.sysinternals.com) C:\Users\nbm\Desktop\Tcpview.exe
(Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe
(Opera Software) C:\Program Files\Opera\52.0.2871.64\opera.exe
(Opera Software) C:\Program Files\Opera\52.0.2871.64\opera_crashreporter.exe
(Opera Software) C:\Program Files\Opera\52.0.2871.64\opera.exe
(Opera Software) C:\Program Files\Opera\52.0.2871.64\opera.exe
(Opera Software) C:\Program Files\Opera\52.0.2871.64\opera.exe
(Opera Software) C:\Program Files\Opera\52.0.2871.64\opera.exe
(Opera Software) C:\Program Files\Opera\52.0.2871.64\opera.exe
(Opera Software) C:\Program Files\Opera\52.0.2871.64\opera.exe
(Opera Software) C:\Program Files\Opera\52.0.2871.64\opera.exe
(Opera Software) C:\Program Files\Opera\52.0.2871.64\opera.exe
(Opera Software) C:\Program Files\Opera\52.0.2871.64\opera.exe
(Opera Software) C:\Program Files\Opera\52.0.2871.64\opera.exe
(Opera Software) C:\Program Files\Opera\52.0.2871.64\opera.exe
(Opera Software) C:\Program Files\Opera\52.0.2871.64\opera.exe
(Opera Software) C:\Program Files\Opera\52.0.2871.64\opera.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe

==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [Shadow Defender Daemon] => C:\Program Files\Shadow Defender\DefenderDaemon.exe [601640 2018-04-22] (SHADOWDEFENDER.COM)
HKLM-x32\...\Run: [EaseUs Watch] => C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe [70792 2011-12-22] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [EaseUs Tray] => C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe [743560 2011-12-26] (CHENGDU YIWO Tech Development Co., Ltd)
HKU\S-1-5-21-2733620280-2250870883-269891465-1000\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-2733620280-2250870883-269891465-1000\...\Policies\Explorer: [NoRecentDocsNetHood] 1
HKU\S-1-5-21-2733620280-2250870883-269891465-1000\...\Policies\Explorer: [NoRecentDocsHistory] 1
HKU\S-1-5-21-2733620280-2250870883-269891465-1000\...\Policies\Explorer: [NoRecentDocsMenu] 1

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\..\Interfaces\{6AB148C1-AD49-437E-AD2F-9E368A549902}: [NameServer] 1.1.1.1,84.200.69.80
Tcpip\..\Interfaces\{AE913D8E-C42D-44BB-87CE-285A5228D57D}: [NameServer] 1.1.1.1,9.9.9.9

Internet Explorer:
==================
HKU\S-1-5-21-2733620280-2250870883-269891465-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

FireFox:
========
FF DefaultProfile: mc43te4n.nbm
FF DefaultProfile: vxuww1o3.Neu1
FF ProfilePath: C:\Users\nbm\AppData\Roaming\Mozilla\Firefox\Profiles\mc43te4n.nbm [2018-05-27]
FF Homepage: Mozilla\Firefox\Profiles\mc43te4n.nbm -> about:blank
FF NewTab: Mozilla\Firefox\Profiles\mc43te4n.nbm -> about:blank
FF Extension: (Hoxx VPN Proxy) - C:\Users\nbm\AppData\Roaming\Mozilla\Firefox\Profiles\mc43te4n.nbm\Extensions\@hoxx-vpn.xpi [2018-05-27]
FF Extension: (CanvasBlocker) - C:\Users\nbm\AppData\Roaming\Mozilla\Firefox\Profiles\mc43te4n.nbm\Extensions\CanvasBlocker@kkapsner.de.xpi [2018-05-27]
FF Extension: (HTTPS Everywhere) - C:\Users\nbm\AppData\Roaming\Mozilla\Firefox\Profiles\mc43te4n.nbm\Extensions\https-everywhere@eff.org.xpi [2018-04-23]
FF Extension: (uBlock Origin) - C:\Users\nbm\AppData\Roaming\Mozilla\Firefox\Profiles\mc43te4n.nbm\Extensions\uBlock0@raymondhill.net.xpi [2018-05-27]
FF Extension: (User Agent Switcher) - C:\Users\nbm\AppData\Roaming\Mozilla\Firefox\Profiles\mc43te4n.nbm\Extensions\user-agent-switcher@ninetailed.ninja.xpi [2018-04-23]
FF Extension: (Disconnect for Facebook™) - C:\Users\nbm\AppData\Roaming\Mozilla\Firefox\Profiles\mc43te4n.nbm\Extensions\{02bf35c3-6f86-4eb4-bea8-e70bc294a7dc}.xpi [2018-01-01]
FF Extension: (NoScript) - C:\Users\nbm\AppData\Roaming\Mozilla\Firefox\Profiles\mc43te4n.nbm\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2018-05-27]
FF Extension: (Smart HTTPS) - C:\Users\nbm\AppData\Roaming\Mozilla\Firefox\Profiles\mc43te4n.nbm\Extensions\{b3e677f4-1150-4387-8629-da738260a48e}.xpi [2018-04-23]
FF ProfilePath: C:\Users\nbm\AppData\Roaming\Mozilla\Firefox\Profiles\xmxrq7h3.user [2018-05-27]
FF Extension: (uBlock Origin) - C:\Users\nbm\AppData\Roaming\Mozilla\Firefox\Profiles\xmxrq7h3.user\Extensions\uBlock0@raymondhill.net.xpi [2018-01-01]
FF Extension: (NoScript) - C:\Users\nbm\AppData\Roaming\Mozilla\Firefox\Profiles\xmxrq7h3.user\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2018-01-01]
FF ProfilePath: C:\Users\nbm\AppData\Roaming\Mozilla\Firefox\Profiles\5rk41o67.nico-1524436225461 [2018-05-27]
FF ProfilePath: C:\Users\nbm\AppData\Roaming\Mozilla\Firefox\Firefox-Absicherung\Profiles\vxuww1o3.Neu2 [2018-05-27]
FF NewTab: Mozilla\Firefox\Firefox-Absicherung\Profiles\vxuww1o3.Neu2 -> about:blank
FF NetworkProxy: Mozilla\Firefox\Firefox-Absicherung\Profiles\vxuww1o3.Neu2 -> proxy_over_tls", false
FF Extension: (Hoxx VPN Proxy) - C:\Users\nbm\AppData\Roaming\Mozilla\Firefox\Firefox-Absicherung\Profiles\vxuww1o3.Neu2\Extensions\@hoxx-vpn.xpi [2017-02-15] [Legacy]
FF Extension: (No Resource URI Leak) - C:\Users\nbm\AppData\Roaming\Mozilla\Firefox\Firefox-Absicherung\Profiles\vxuww1o3.Neu2\Extensions\@no-resource-uri-leak.xpi [2017-02-15] [Legacy]
FF Extension: (Adguard AdBlocker) - C:\Users\nbm\AppData\Roaming\Mozilla\Firefox\Firefox-Absicherung\Profiles\vxuww1o3.Neu2\Extensions\adguardadblocker@adguard.com.xpi [2017-02-15] [Legacy]
FF Extension: (Clear Cache) - C:\Users\nbm\AppData\Roaming\Mozilla\Firefox\Firefox-Absicherung\Profiles\vxuww1o3.Neu2\Extensions\clearcache@michel.de.almeida.xpi [2017-02-15] [Legacy]
FF Extension: (HTTPS-Everywhere) - C:\Users\nbm\AppData\Roaming\Mozilla\Firefox\Firefox-Absicherung\Profiles\vxuww1o3.Neu2\Extensions\https-everywhere@eff.org [2017-08-22] [Legacy]
FF Extension: (uBlock Origin) - C:\Users\nbm\AppData\Roaming\Mozilla\Firefox\Firefox-Absicherung\Profiles\vxuww1o3.Neu2\Extensions\uBlock0@raymondhill.net.xpi [2017-02-15] [Legacy]
FF Extension: (User Agent Overrider) - C:\Users\nbm\AppData\Roaming\Mozilla\Firefox\Firefox-Absicherung\Profiles\vxuww1o3.Neu2\Extensions\useragentoverrider@qixinglu.com.xpi [2017-02-15] [Legacy]
FF Extension: (NoScript) - C:\Users\nbm\AppData\Roaming\Mozilla\Firefox\Firefox-Absicherung\Profiles\vxuww1o3.Neu2\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2017-02-15] [Legacy]
FF Extension: (BetterPrivacy) - C:\Users\nbm\AppData\Roaming\Mozilla\Firefox\Firefox-Absicherung\Profiles\vxuww1o3.Neu2\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2017-02-15] [Legacy]
FF Extension: (Kein Name) - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\vxuww1o3.Neu2\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [nicht gefunden]
FF Extension: (Kein Name) - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\vxuww1o3.Neu2\extensions\https-everywhere@eff.org [nicht gefunden]
FF Extension: (Kein Name) - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\vxuww1o3.Neu2\extensions\clearcache@michel.de.almeida.xpi [nicht gefunden]
FF Extension: (Kein Name) - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\vxuww1o3.Neu2\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [nicht gefunden]
FF ProfilePath: C:\Users\nbm\AppData\Roaming\Mozilla\Firefox\Firefox-Absicherung\Profiles\vxuww1o3.Neu1 [2018-05-27]
FF NewTab: Mozilla\Firefox\Firefox-Absicherung\Profiles\vxuww1o3.Neu1 -> about:blank
FF NetworkProxy: Mozilla\Firefox\Firefox-Absicherung\Profiles\vxuww1o3.Neu1 -> proxy_over_tls", false
FF Extension: (Hoxx VPN Proxy) - C:\Users\nbm\AppData\Roaming\Mozilla\Firefox\Firefox-Absicherung\Profiles\vxuww1o3.Neu1\Extensions\@hoxx-vpn.xpi [2017-02-15] [Legacy]
FF Extension: (No Resource URI Leak) - C:\Users\nbm\AppData\Roaming\Mozilla\Firefox\Firefox-Absicherung\Profiles\vxuww1o3.Neu1\Extensions\@no-resource-uri-leak.xpi [2017-02-15] [Legacy]
FF Extension: (Adguard AdBlocker) - C:\Users\nbm\AppData\Roaming\Mozilla\Firefox\Firefox-Absicherung\Profiles\vxuww1o3.Neu1\Extensions\adguardadblocker@adguard.com.xpi [2017-02-15] [Legacy]
FF Extension: (Clear Cache) - C:\Users\nbm\AppData\Roaming\Mozilla\Firefox\Firefox-Absicherung\Profiles\vxuww1o3.Neu1\Extensions\clearcache@michel.de.almeida.xpi [2017-02-15] [Legacy]
FF Extension: (HTTPS-Everywhere) - C:\Users\nbm\AppData\Roaming\Mozilla\Firefox\Firefox-Absicherung\Profiles\vxuww1o3.Neu1\Extensions\https-everywhere@eff.org [2017-08-22] [Legacy]
FF Extension: (uBlock Origin) - C:\Users\nbm\AppData\Roaming\Mozilla\Firefox\Firefox-Absicherung\Profiles\vxuww1o3.Neu1\Extensions\uBlock0@raymondhill.net.xpi [2017-02-15] [Legacy]
FF Extension: (User Agent Overrider) - C:\Users\nbm\AppData\Roaming\Mozilla\Firefox\Firefox-Absicherung\Profiles\vxuww1o3.Neu1\Extensions\useragentoverrider@qixinglu.com.xpi [2017-02-15] [Legacy]
FF Extension: (NoScript) - C:\Users\nbm\AppData\Roaming\Mozilla\Firefox\Firefox-Absicherung\Profiles\vxuww1o3.Neu1\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2017-02-15] [Legacy]
FF Extension: (BetterPrivacy) - C:\Users\nbm\AppData\Roaming\Mozilla\Firefox\Firefox-Absicherung\Profiles\vxuww1o3.Neu1\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2017-02-15] [Legacy]
FF Extension: (Kein Name) - C:\Users\nbm\AppData\Roaming\Mozilla\Firefox\Profiles\vxuww1o3.Neu1\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [nicht gefunden]
FF Extension: (Kein Name) - C:\Users\nbm\AppData\Roaming\Mozilla\Firefox\Profiles\vxuww1o3.Neu1\extensions\https-everywhere@eff.org [nicht gefunden]
FF Extension: (Kein Name) - C:\Users\nbm\AppData\Roaming\Mozilla\Firefox\Profiles\vxuww1o3.Neu1\extensions\clearcache@michel.de.almeida.xpi [nicht gefunden]
FF Extension: (Kein Name) - C:\Users\nbm\AppData\Roaming\Mozilla\Firefox\Profiles\vxuww1o3.Neu1\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [nicht gefunden]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-04-23] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-04-23] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)

Chrome:
=======
CHR Profile: C:\Users\nbm\AppData\Local\Google\Chrome\User Data\Default [2018-05-27]
CHR Extension: (Docs) - C:\Users\nbm\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-04-23]
CHR Extension: (Google Drive) - C:\Users\nbm\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-04-23]
CHR Extension: (YouTube) - C:\Users\nbm\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-04-23]
CHR Extension: (Google Mail) - C:\Users\nbm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-04-23]

Opera:
=======
OPR Extension: (AdGuard Werbeblocker) - C:\Users\nbm\AppData\Roaming\Opera Software\Opera Stable\Extensions\bopfaehpakahokaelnomggbohfbimcia [2018-04-23]
OPR Extension: (Browsec VPN - Free and Unlimited VPN) - C:\Users\nbm\AppData\Roaming\Opera Software\Opera Stable\Extensions\dknfpcdpbkjijldegonllfnnfhabjpde [2018-04-23]
OPR Extension: (HTTPS Everywhere) - C:\Users\nbm\AppData\Roaming\Opera Software\Opera Stable\Extensions\edaplhobcmdaneconioghljnnopmkhgm [2018-04-23]
OPR Extension: (No-Script Suite Lite) - C:\Users\nbm\AppData\Roaming\Opera Software\Opera Stable\Extensions\ipiopppcaojnchgoepoemlbdccogeije [2018-04-23]
OPR Extension: (uBlock Origin) - C:\Users\nbm\AppData\Roaming\Opera Software\Opera Stable\Extensions\kccohkcpppjjkkjppopfnflnebibpida [2018-04-23]

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [61064 2011-12-22] (CHENGDU YIWO Tech Development Co., Ltd) [Datei ist nicht signiert]
R2 Guard Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe [23176 2011-12-22] (CHENGDU YIWO Tech Development Co., Ltd) [Datei ist nicht signiert]
S4 gupdate; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-04-23] (Google Inc.) [Datei ist nicht signiert]
S4 gupdatem; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-04-23] (Google Inc.) [Datei ist nicht signiert]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319096 2016-04-14] (Intel Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2016-03-25] (Microsoft Corporation)
R2 {0CBD4F48-3751-475D-BE88-4F271385B672}; C:\Program Files\Shadow Defender\Service.exe [135160 2018-04-22] (SHADOWDEFENDER.COM) [Datei ist nicht signiert]

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R0 diskpt; C:\Windows\System32\drivers\diskpt.sys [464008 2017-10-15] (SHADOWDEFENDER.COM)
R0 EUBAKUP; C:\Windows\System32\drivers\eubakup.sys [57480 2011-12-22] (CHENGDU YIWO Tech Development Co., Ltd) [Datei ist nicht signiert]
R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [51336 2011-12-22] () [Datei ist nicht signiert]
R1 EUDSKACS; C:\Windows\system32\drivers\eudskacs.sys [19592 2011-12-22] (CHENGDU YIWO Tech Development Co., Ltd) [Datei ist nicht signiert]
R1 EUFDDISK; C:\Windows\system32\drivers\EuFdDisk.sys [189576 2011-12-22] (CHENGDU YIWO Tech Development Co., Ltd) [Datei ist nicht signiert]
R1 HWiNFO; C:\Windows\system32\drivers\HWiNFO64A.SYS [55960 2018-04-27] (REALiX(tm))
S3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [51712 2009-06-10] (Realtek Semiconductor Corporation )

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2018-05-27 20:21 - 2018-01-01 20:18 - 000000000 ____D C:\Users\nbm\AppData\LocalLow\Mozilla
2018-05-27 20:21 - 2017-08-22 23:24 - 000003946 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{D1D6A3CD-8E37-4739-A899-B9CB12FD1B91}
2018-05-27 20:20 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2018-05-27 20:14 - 2009-07-14 06:45 - 000022352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-05-27 20:14 - 2009-07-14 06:45 - 000022352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-05-27 20:11 - 2011-04-12 09:43 - 000698688 _____ C:\Windows\system32\perfh007.dat
2018-05-27 20:11 - 2011-04-12 09:43 - 000148828 _____ C:\Windows\system32\perfc007.dat
2018-05-27 20:11 - 2009-07-14 07:13 - 001618320 _____ C:\Windows\system32\PerfStringBackup.INI
2018-05-27 20:08 - 2018-04-01 02:20 - 000000000 ____D C:\Users\nbm\Desktop\Desktop Power
2018-05-27 20:06 - 2018-04-23 00:25 - 000000000 __SHD C:\Users\nbm\IntelGraphicsProfiles
2018-05-27 20:06 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-05-27 18:28 - 2017-08-23 01:43 - 000440832 ___SH C:\EUMONBMP.SYS
2018-05-27 16:31 - 2018-04-23 00:46 - 000000000 ____D C:\ProgramData\Package Cache
2018-05-27 16:30 - 2009-07-14 05:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2018-05-27 16:28 - 2018-04-23 00:48 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-05-27 16:28 - 2018-04-23 00:48 - 000000000 ____D C:\Windows\system32\Macromed
2018-05-27 16:28 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\system
2018-05-16 19:50 - 2018-01-01 20:58 - 000000600 _____ C:\Users\nbm\AppData\Local\PUTTY.RND
2018-05-16 19:50 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\AppCompat
2018-05-16 18:31 - 2017-08-22 22:56 - 000000000 ____D C:\Users\nbm\Desktop\Desktop NEU
2018-05-06 21:11 - 2017-08-22 22:55 - 000000000 ____D C:\Users\nbm\Desktop\top-optimierung
2018-05-06 20:08 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\rescache
2018-05-05 23:38 - 2018-04-23 00:34 - 000003544 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-05-05 23:38 - 2018-04-23 00:34 - 000003416 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-05-05 23:37 - 2017-08-22 23:15 - 000058128 _____ C:\Users\nbm\AppData\Local\GDIPFONTCACHEV1.DAT
2018-04-27 02:26 - 2009-07-14 06:45 - 000269760 _____ C:\Windows\system32\FNTCACHE.DAT
2018-04-27 02:25 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\tracing
2018-04-27 02:25 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\PolicyDefinitions
2018-04-27 02:23 - 2018-04-23 00:58 - 136971704 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-04-27 02:23 - 2018-04-23 00:58 - 136971704 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-04-27 01:55 - 2009-07-14 07:32 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2018-04-27 01:55 - 2009-07-14 07:32 - 000000000 ____D C:\Program Files\Windows Defender
2018-04-27 01:55 - 2009-07-14 07:32 - 000000000 ____D C:\Program Files\DVD Maker
2018-04-27 01:55 - 2009-07-14 07:32 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2018-04-27 01:55 - 2009-07-14 07:32 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2018-04-27 01:55 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\SysWOW64\Setup
2018-04-27 01:55 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\SysWOW64\Dism
2018-04-27 01:55 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\system32\Setup
2018-04-27 01:55 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\system32\oobe
2018-04-27 01:55 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\system32\Dism
2018-04-27 01:55 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\system32\AdvancedInstallers
2018-04-27 01:55 - 2009-07-14 05:20 - 000000000 ____D C:\Program Files\Common Files\System
2018-04-27 01:53 - 2009-07-14 04:36 - 000181760 _____ (Microsoft Corporation) C:\Windows\system32\msclmd.dll
2018-04-27 01:53 - 2009-07-14 04:36 - 000157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2017-08-22 03:56 - 2014-09-09 18:44 - 000017542 _____ () C:\Users\nbm\AppData\Local\amazon.ico
2018-01-01 20:58 - 2018-05-16 19:50 - 000000600 _____ () C:\Users\nbm\AppData\Local\PUTTY.RND
2008-02-05 13:28 - 2008-02-05 13:28 - 000000051 _____ () C:\Users\nbm\AppData\Local\setup.txt

==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2018-05-06 00:13

==================== Ende von FRST.txt ============================

Und die Addition.txt

Code:
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 06.05.2018 01
durchgeführt von nbm (27-05-2018 20:49:15)
Gestartet von C:\Users\nbm\Desktop
Windows 7 Professional Service Pack 1 (X64) (2017-08-22 01:52:17)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-2733620280-2250870883-269891465-500 - Administrator - Disabled)
ETB User (S-1-5-21-2733620280-2250870883-269891465-1004 - Limited - Enabled)
Gast (S-1-5-21-2733620280-2250870883-269891465-501 - Limited - Disabled)
nbm (S-1-5-21-2733620280-2250870883-269891465-1000 - Administrator - Enabled) => C:\Users\nbm
nico (S-1-5-21-2733620280-2250870883-269891465-1002 - Administrator - Enabled) => C:\Users\nico
user (S-1-5-21-2733620280-2250870883-269891465-1001 - Limited - Enabled) => C:\Users\user

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
BleachBit (HKLM-x32\...\BleachBit) (Version: 2.0 - BleachBit)
CCleaner (HKLM\...\CCleaner) (Version: 5.42 - Piriform)
DirectX 9.0c Extra Files (x86, x64) (HKLM\...\{8729E65B-8C12-4A42-B1FE-E4DA7ED52855}_is1) (Version: 1.10.06.0 - Sereby Corporation)
EaseUS Todo Backup Free 4.0 (HKLM-x32\...\EaseUS Todo Backup Free 4.0_is1) (Version: 4.0.0.2 - CHENGDU YIWO Tech Development Co., Ltd)
EasyBCD 2.3 (HKLM-x32\...\EasyBCD) (Version: 2.3 - NeoSmart Technologies)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 64.0.3282.186 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
HWiNFO64 Version 5.82 (HKLM\...\HWiNFO64_is1) (Version: 5.82 - Martin Malík - REALiX)
Intel(R) Network Connections 16.8.45.1 (HKLM\...\PROSetDX) (Version: 16.8.45.1 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4425 - Intel Corporation)
Microsoft .NET Framework 4.7.1 (HKLM\...\{E0C7523C-686B-3EE6-8FB1-CB4339E30EDD}) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Mozilla Firefox 60.0 (x64 de) (HKLM\...\Mozilla Firefox 60.0 (x64 de)) (Version: 60.0 - Mozilla)
Mozilla Thunderbird 58.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 58.0 (x86 de)) (Version: 58.0 - Mozilla)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Opera Stable 52.0.2871.64 (HKLM-x32\...\Opera 52.0.2871.64) (Version: 52.0.2871.64 - Opera Software)
Shadow Defender (HKLM\...\{93A07A0D-454E-43d1-86A9-5DE9C5F4411A}) (Version: 1.4.0.680 - ShadowDefender.com)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WinRAR 5.21 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-2733620280-2250870883-269891465-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov)
ContextMenuHandlers1: [DefenderContextMenuExt] -> {5EE8E9E6-2853-4D28-B2DE-6529EDA0A294} => C:\Program Files\Shadow Defender\ShellExt.dll [2018-04-22] (SHADOWDEFENDER.COM)
ContextMenuHandlers1: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2011-12-22] (CHENGDU YIWO Tech Development Co.,Ltd)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-20] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-20] (Alexander Roshal)
ContextMenuHandlers2: [DefenderContextMenuExt] -> {5EE8E9E6-2853-4D28-B2DE-6529EDA0A294} => C:\Program Files\Shadow Defender\ShellExt.dll [2018-04-22] (SHADOWDEFENDER.COM)
ContextMenuHandlers2: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2011-12-22] (CHENGDU YIWO Tech Development Co.,Ltd)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov)
ContextMenuHandlers4: [DefenderContextMenuExt] -> {5EE8E9E6-2853-4D28-B2DE-6529EDA0A294} => C:\Program Files\Shadow Defender\ShellExt.dll [2018-04-22] (SHADOWDEFENDER.COM)
ContextMenuHandlers4: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2011-12-22] (CHENGDU YIWO Tech Development Co.,Ltd)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> Keine Datei
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-20] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-20] (Alexander Roshal)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {07E9BDE9-442F-49CC-BDCD-AFB5FB53A6EB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-04-12] (Piriform Ltd)
Task: {3C32EEEB-97B4-46ED-B3A5-2897A8A355F9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-04-23] (Google Inc.)
Task: {3D5B50C8-7B3F-4D3B-B24E-6672842B12AD} - System32\Tasks\Opera scheduled Autoupdate 1524436084 => C:\Program Files\Opera\launcher.exe [2018-04-10] (Opera Software)
Task: {7A7728F8-25C6-45C3-B2D2-FD46D6FFF1D2} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-04-12] (Piriform Ltd)
Task: {EE8DC84E-9E9F-48FA-B5B3-EF00AF7E2ACD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-04-23] (Google Inc.)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)


==================== Verknüpfungen & WMI ========================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)


==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2018-04-23 00:28 - 2018-04-10 10:05 - 098766936 _____ () C:\Program Files\Opera\52.0.2871.64\opera_browser.dll
2018-04-23 00:28 - 2018-04-10 10:05 - 004439128 _____ () C:\Program Files\Opera\52.0.2871.64\libglesv2.dll
2018-04-23 00:28 - 2018-04-10 10:05 - 000100440 _____ () C:\Program Files\Opera\52.0.2871.64\libegl.dll
2018-05-27 18:23 - 2011-12-22 23:08 - 000051848 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CodeLog.dll
2018-05-27 18:23 - 2012-01-17 16:04 - 000027784 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CompressFile.dll
2018-05-27 18:23 - 2008-11-25 17:18 - 001291264 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\libxml2.dll
2018-05-27 18:23 - 2004-10-05 03:08 - 000055808 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\zlib1.dll
2018-05-27 18:23 - 2011-12-22 23:08 - 000114312 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ExchBackupSize.dll
2018-05-27 18:23 - 2011-12-22 23:08 - 000245896 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ExImage.dll
2018-05-27 18:23 - 2011-12-22 23:08 - 000069768 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumTapeDevice.dll
2018-05-27 18:23 - 2011-12-22 23:08 - 000064648 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbTapeBrowse.dll
2018-05-27 18:23 - 2011-12-23 15:15 - 000023176 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AccountManager.dll
2018-05-27 18:23 - 2011-12-22 23:08 - 000093832 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBFireWall.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\Windows\Logs:Defender.log [0]

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{0CBD4F48-3751-475D-BE88-4F271385B672} => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{0CBD4F48-3751-475D-BE88-4F271385B672} => ""="Service"

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 04:34 - 2018-05-16 15:34 - 000000852 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-2733620280-2250870883-269891465-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\nbm\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Datenträger ist nicht mit dem Internet verbunden.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==


==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{C59AD57B-48A3-47BC-B2A8-C1D2E9DA22B2}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
FirewallRules: [{8B572B37-8441-4FF3-B668-69F8DBF87BD1}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe

==================== Wiederherstellungspunkte =========================


==================== Fehlerhafte Geräte im Gerätemanager =============

Name: USB (Universal Serial Bus)-Controller
Description: USB (Universal Serial Bus)-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Microsoft PS/2-Maus
Description: Microsoft PS/2-Maus
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Intel(R) 82579LM Gigabit Network Connection
Description: Intel(R) 82579LM Gigabit Network Connection
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: e1cexpress
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: PCI-Kommunikationscontroller (einfach)
Description: PCI-Kommunikationscontroller (einfach)
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Serieller PCI-Anschluss
Description: Serieller PCI-Anschluss
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Standardtastatur (PS/2)
Description: Standardtastatur (PS/2)
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardtastaturen)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Standard-VGA-Grafikkarte
Description: Standard-VGA-Grafikkarte
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardgrafikkartentypen)
Service: vga
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: USB-Massenspeichergerät
Description: USB-Massenspeichergerät
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Kompatibles USB-Speichergerät
Service: USBSTOR
Problem: : Windows cannot use this hardware device because it has been prepared for safe removal, but it has not been removed from the computer. (Code 47)
Resolution: Unplug the device, and then plug it in again. Alternately, restart the computer to make the device available.

Name: Fast-Ethernet-Netzwerkkarte für Realtek RTL8139/810x-Familie
Description: Fast-Ethernet-Netzwerkkarte für Realtek RTL8139/810x-Familie
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek Semiconductor Corp.
Service: RTL8023x64
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (05/27/2018 08:37:06 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: Windows Search wird aufgrund eines Problems bei der Indizierung The catalog is corrupt beendet.

Kontext: Windows Anwendung, SystemIndex Katalog

Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (05/27/2018 08:37:06 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: Vom Suchdienst wurden beschädigte Datendateien im Index {id=3800} erkannt. Vom Dienst wird versucht, dieses Problem durch Neuerstellung des Indexes automatisch zu beheben.

Kontext: Windows Anwendung, SystemIndex Katalog

Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (05/27/2018 08:37:06 PM) (Source: ESENT) (EventID: 474) (User: )
Description: Windows (2852) Windows:  Bei Überprüfung der aus Datei "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb" bei Offset 31096832 (0x0000000001da8000) (Datenbankseite 948 (0x3B4)) für 32768 (0x00008000) Bytes gelesenen Datenbankseite ist durch eine Inkonsistenz der Seitenprüfsumme ein Fehler aufgetreten. Die erwartete Prüfsumme war [615e9ea150ff8efd:295d295db356bec2:f4ad0b52b90c4983:fc1d03e2f8c1b655], die tatsächliche Prüfsumme [9f6c9f6c592dda07:295d295db356bec2:f4ad0b52b90c4983:82bf82bf8fb163f2]. Fehler -1018 (0xfffffc06) bei Leseoperation. Wenn dieser Zustand andauert, stellen Sie die Datenbank aus einer vorherigen Sicherung wieder her. Dieses Problem ist vermutlich durch fehlerhafte Hardware bedingt. Wenden Sie sich für weitere Unterstützung bei der Diagnose des Problems an Ihren Hardwarehersteller.

Error: (05/27/2018 05:42:08 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Der Index kann nicht initialisiert werden.

Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (05/27/2018 05:42:08 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Die Anwendung kann nicht initialisiert werden.

Kontext: Windows Anwendung

Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (05/27/2018 05:42:08 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog

Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (05/27/2018 05:42:08 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog

Details:
        Element nicht gefunden.  (HRESULT : 0x80070490) (0x80070490)

Error: (05/27/2018 05:42:07 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Plug-In in <Search.JetPropStore> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog

Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)


Systemfehler:
=============
Error: (05/27/2018 08:08:57 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (05/27/2018 05:42:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.

Error: (05/27/2018 05:42:38 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht.

Error: (05/27/2018 05:42:08 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/27/2018 05:42:08 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073473535.

Error: (05/16/2018 03:34:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Software Protection" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/16/2018 03:34:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/16/2018 03:34:51 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) HD Graphics Control Panel Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


==================== Speicherinformationen ===========================

Prozessor: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz
Prozentuale Nutzung des RAM: 77%
Installierter physikalischer RAM: 3970.1 MB
Verfügbarer physikalischer RAM: 896.66 MB
Summe virtueller Speicher: 7938.36 MB
Verfügbarer virtueller Speicher: 4477.46 MB

==================== Laufwerke ================================

Drive c: (Windows 7 Professional 64 Bit) (Fixed) (Total:53.71 GB) (Free:5.94 GB) NTFS
Drive d: (Windows XP) (Fixed) (Total:35.1 GB) (Free:6.5 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive e: (Absicherung Daten) (Fixed) (Total:149.41 GB) (Free:5.3 GB) NTFS
Drive f: () (Fixed) (Total:75.68 GB) (Free:6.8 GB) NTFS


==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 014C23AE)
Partition 1: (Active) - (Size=35.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=53.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=75.7 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=193.2 GB) - (Type=0F Extended)

==================== Ende von Addition.txt ============================

cosinus 27.05.2018 20:13
Was willst du mit drei verschiedenen Browsern? Nimm Firefox und gut isses!


Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers



Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

5lin 27.05.2018 21:37
Frst.txt Zweiter Teil
 
Dazugehörige FRST.txt da Zeilen Code zulang
Code:
==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)


2018-05-27 20:47 - 2018-05-07 00:38 - 002406912 _____ (Farbar) C:\Users\nbm\Desktop\FRST64.exe
2018-05-27 20:19 - 2018-05-27 20:19 - 030429184 ___SH C:\diskpt0.sys
2018-05-27 18:48 - 2018-05-27 18:48 - 000004096 ___SH C:\{06DC907C-B9CB-4E41-A46B-DECC666D38EA}.CBM
2018-05-27 18:24 - 2018-05-27 18:24 - 000002154 _____ C:\Users\Public\Desktop\EaseUS Todo Backup Free 4.0.lnk
2018-05-27 18:24 - 2018-05-27 18:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Todo Backup  4.0
2018-05-27 18:23 - 2011-12-22 23:09 - 000025224 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\Windows\system32\fbnative.exe
2018-05-27 18:19 - 2012-09-21 05:00 - 101479672 _____ (CHENGDU YIWO Tech Development Co., Ltd ) C:\tb_free.4.0.0.2.exe
2018-05-27 16:28 - 2018-05-27 16:28 - 000000000 ____D C:\Users\nbm\AppData\Roaming\Sun
2018-05-20 21:24 - 2018-05-20 21:23 - 000000884 _____ C:\18_05_04_996_breitbandmessung.csv
2018-05-19 02:01 - 2018-05-19 02:01 - 000000000 ____D C:\Program Files\Common Files\Bitdefender
2018-05-16 18:33 - 2018-05-16 18:33 - 000000000 _____ C:\Windows\diskpt.dat
2018-05-16 18:32 - 2018-05-16 18:32 - 000001043 _____ C:\Users\Public\Desktop\Shadow Defender.lnk
2018-05-16 18:32 - 2018-05-16 18:32 - 000000064 _____ C:\Windows\diskpt.crt
2018-05-16 18:32 - 2018-05-16 18:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shadow Defender
2018-05-16 18:32 - 2017-10-15 12:40 - 000464008 _____ (SHADOWDEFENDER.COM) C:\Windows\system32\Drivers\diskpt.sys
2018-05-16 18:12 - 2018-05-16 18:12 - 000000000 ____D C:\Users\nbm\Desktop\Autoruns
2018-05-16 18:04 - 2018-05-16 18:04 - 000000000 ____D C:\ProgramData\HitmanPro
2018-05-16 18:00 - 2018-05-16 18:13 - 000000000 ____D C:\Users\nbm\Desktop\LogDateien-ALL
2018-05-16 17:51 - 2018-05-27 20:47 - 000000000 ____D C:\FRST
2018-05-16 15:40 - 2018-05-16 15:40 - 000000000 ____D C:\Program Files\Malwarebytes
2018-05-14 18:46 - 2018-05-26 22:18 - 000000000 ____D C:\RescueCD Logs
2018-05-06 23:30 - 2009-06-10 22:38 - 000092745 _____ C:\Users\nbm\Desktop\services.msc
2018-05-06 21:10 - 2018-05-06 21:10 - 000000000 ____D C:\Users\nbm\AppData\Roaming\Sareta S.r.l
2018-05-06 21:09 - 2018-05-06 21:09 - 000000000 ____D C:\Users\nbm\AppData\Roaming\BleachBit
2018-05-06 21:07 - 2018-05-27 20:15 - 000004128 _____ C:\Windows\System32\Tasks\CCleaner Update
2018-05-06 21:07 - 2018-05-06 21:07 - 000002798 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2018-05-06 21:07 - 2018-05-06 21:07 - 000001048 _____ C:\Users\nbm\Desktop\BleachBit.lnk
2018-05-06 21:07 - 2018-05-06 21:07 - 000000851 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-05-06 21:07 - 2018-05-06 21:07 - 000000000 ____D C:\Users\nbm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BleachBit
2018-05-06 21:07 - 2018-05-06 21:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-05-06 21:07 - 2018-05-06 21:07 - 000000000 ____D C:\Program Files\CCleaner
2018-05-06 21:07 - 2018-05-06 21:07 - 000000000 ____D C:\Program Files (x86)\BleachBit
2018-05-06 21:01 - 2018-05-06 21:02 - 000000000 ____D C:\Users\nbm\Desktop\svchost-tasklist
2018-05-05 23:19 - 2018-05-05 23:21 - 000000130 _____ C:\Users\nbm\Desktop\prozesse.bat
2018-04-27 23:01 - 2018-04-27 23:01 - 000000000 ____D C:\Users\nbm\AppData\Roaming\Shadow Defender
2018-04-27 22:56 - 2018-04-27 22:56 - 000000000 _____ C:\Windows\diskptex.dat
2018-04-27 22:37 - 2018-05-16 18:37 - 000000000 ____D C:\Program Files\Shadow Defender
2018-04-27 02:22 - 2017-03-07 16:05 - 000243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2018-04-27 02:22 - 2016-03-24 00:40 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2018-04-27 02:21 - 2016-03-24 00:40 - 003181568 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2018-04-27 02:19 - 2016-08-29 17:04 - 003229696 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2018-04-27 02:19 - 2016-08-29 16:55 - 002972672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2018-04-27 02:19 - 2016-07-07 17:08 - 000046080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2018-04-27 02:18 - 2016-07-22 16:58 - 000142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2018-04-27 02:18 - 2016-07-22 16:51 - 000123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2018-04-27 02:15 - 2015-01-09 05:14 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2018-04-27 02:14 - 2013-10-02 04:22 - 000056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2018-04-27 02:14 - 2013-10-02 04:11 - 000013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2018-04-27 02:14 - 2013-10-02 04:08 - 000012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2018-04-27 02:14 - 2013-10-02 03:48 - 000056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2018-04-27 02:14 - 2013-10-02 03:48 - 000018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2018-04-27 02:14 - 2013-10-02 03:29 - 000062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2018-04-27 02:14 - 2013-10-02 03:10 - 000044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2018-04-27 02:14 - 2013-10-02 02:15 - 001057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2018-04-27 02:14 - 2013-10-02 02:14 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2018-04-27 02:14 - 2013-10-02 02:14 - 000017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2018-04-27 02:14 - 2013-10-02 02:08 - 000083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2018-04-27 02:14 - 2013-10-02 02:01 - 000420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2018-04-27 02:14 - 2013-10-02 01:58 - 000053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2018-04-27 02:14 - 2013-10-02 01:31 - 001147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2018-04-27 02:14 - 2013-10-02 01:08 - 000855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2018-04-27 02:14 - 2013-10-02 00:34 - 001068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2018-04-27 02:14 - 2013-10-01 22:57 - 006578176 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2018-04-27 02:14 - 2013-10-01 22:55 - 005698048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2018-04-27 02:11 - 2012-08-23 16:10 - 000019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2018-04-27 02:11 - 2012-08-23 16:08 - 000030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2018-04-27 02:11 - 2012-08-23 13:12 - 000192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2018-04-27 02:11 - 2012-08-23 12:51 - 000228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2018-04-27 01:46 - 2016-03-25 21:03 - 000087040 _____ (Microsoft Corporation) C:\Windows\system32\uexfat.dll
2018-04-27 01:46 - 2016-03-25 20:59 - 000250880 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2018-04-27 01:46 - 2016-03-25 20:59 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\ksuser.dll
2018-04-27 01:46 - 2016-03-25 20:57 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\eappprxy.dll
2018-04-27 01:46 - 2016-03-25 20:57 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\fdWNet.dll
2018-04-27 01:46 - 2016-03-25 20:57 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\eventcls.dll
2018-04-27 01:46 - 2016-03-25 20:55 - 000080384 _____ (Microsoft Corporation) C:\Windows\system32\certprop.dll
2018-04-27 01:46 - 2016-03-25 20:55 - 000052736 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2018-04-27 01:46 - 2016-03-25 20:28 - 000193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2018-04-27 01:46 - 2016-03-25 20:28 - 000004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksuser.dll
2018-04-27 01:46 - 2016-03-25 20:26 - 000056320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappprxy.dll
2018-04-27 01:46 - 2016-03-25 20:03 - 000023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\serenum.sys
2018-04-27 01:46 - 2016-03-25 20:03 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\beep.sys
2018-04-27 01:46 - 2016-03-25 19:56 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\setspn.exe
2018-04-27 01:46 - 2016-03-25 19:50 - 000011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MRINFO.EXE
2018-04-27 01:46 - 2016-03-25 19:39 - 000328192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys
2018-04-27 01:46 - 2016-03-25 19:39 - 000079872 _____ (Microsoft Corporation) C:\Windows\system32\manage-bde.exe
2018-04-27 01:46 - 2016-03-25 19:38 - 000023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2018-04-27 01:46 - 2016-03-25 19:33 - 000024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fdWNet.dll
2018-04-27 01:46 - 2016-03-25 19:33 - 000016896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eventcls.dll
2018-04-27 01:46 - 2016-03-25 19:29 - 000068096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uexfat.dll
2018-04-27 01:45 - 2016-03-25 21:12 - 000245760 _____ (Microsoft Corporation) C:\Windows\system32\OxpsConverter.exe
2018-04-27 01:45 - 2016-03-25 21:09 - 000074984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys
2018-04-27 01:45 - 2016-03-25 21:09 - 000073448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2018-04-27 01:45 - 2016-03-25 21:09 - 000051944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\winhv.sys
2018-04-27 01:45 - 2016-03-25 21:09 - 000017128 _____ (VIA Technologies, Inc.) C:\Windows\system32\Drivers\viaide.sys
2018-04-27 01:45 - 2016-03-25 21:09 - 000017128 _____ (CMD Technology, Inc.) C:\Windows\system32\Drivers\cmdide.sys
2018-04-27 01:45 - 2016-03-25 21:09 - 000016616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelide.sys
2018-04-27 01:45 - 2016-03-25 21:09 - 000015080 _____ (Acer Laboratories Inc.) C:\Windows\system32\Drivers\aliide.sys
2018-04-27 01:45 - 2016-03-25 21:04 - 000577536 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
2018-04-27 01:45 - 2016-03-25 21:04 - 000441856 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
2018-04-27 01:45 - 2016-03-25 21:04 - 000396800 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2018-04-27 01:45 - 2016-03-25 21:04 - 000217088 _____ (Microsoft Corporation) C:\Windows\system32\wdmaud.drv
2018-04-27 01:45 - 2016-03-25 21:04 - 000088576 _____ (Microsoft Corporation) C:\Windows\system32\wecapi.dll
2018-04-27 01:45 - 2016-03-25 21:04 - 000084992 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2018-04-27 01:45 - 2016-03-25 21:04 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\wiarpc.dll
2018-04-27 01:45 - 2016-03-25 21:04 - 000045056 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
2018-04-27 01:45 - 2016-03-25 21:04 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\wshcon.dll
2018-04-27 01:45 - 2016-03-25 21:04 - 000024064 _____ (Microsoft Corporation) C:\Windows\system32\wsepno.dll
2018-04-27 01:45 - 2016-03-25 21:04 - 000017408 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll
2018-04-27 01:45 - 2016-03-25 21:03 - 000378880 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2018-04-27 01:45 - 2016-03-25 21:03 - 000263168 _____ (Microsoft Corporation) C:\Windows\system32\vpnike.dll
2018-04-27 01:45 - 2016-03-25 21:03 - 000146944 _____ (Microsoft Corporation) C:\Windows\system32\ulib.dll
2018-04-27 01:45 - 2016-03-25 21:03 - 000110592 _____ (Microsoft Corporation) C:\Windows\system32\userenv.dll
2018-04-27 01:45 - 2016-03-25 21:03 - 000095744 _____ (Microsoft Corporation) C:\Windows\system32\synceng.dll
2018-04-27 01:45 - 2016-03-25 21:03 - 000045568 _____ (Microsoft Corporation) C:\Windows\system32\usbmon.dll
2018-04-27 01:45 - 2016-03-25 21:03 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\vbisurf.ax
2018-04-27 01:45 - 2016-03-25 21:03 - 000038912 _____ (Microsoft Corporation) C:\Windows\system32\uxsms.dll
2018-04-27 01:45 - 2016-03-25 21:03 - 000038912 _____ (Microsoft Corporation) C:\Windows\system32\tcpmib.dll
2018-04-27 01:45 - 2016-03-25 21:03 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\tvratings.dll
2018-04-27 01:45 - 2016-03-25 21:03 - 000029184 _____ (Microsoft Corporation) C:\Windows\system32\version.dll
2018-04-27 01:45 - 2016-03-25 21:03 - 000024064 _____ (Microsoft Corporation) C:\Windows\system32\sisbkup.dll
2018-04-27 01:45 - 2016-03-25 21:03 - 000020480 _____ (Microsoft Corporation) C:\Windows\system32\tbs.dll
2018-04-27 01:45 - 2016-03-25 21:03 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\sscore.dll
2018-04-27 01:45 - 2016-03-25 21:02 - 000254464 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll
2018-04-27 01:45 - 2016-03-25 21:02 - 000251904 _____ (Microsoft Corporation) C:\Windows\system32\qdv.dll
2018-04-27 01:45 - 2016-03-25 21:02 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\rasppp.dll
2018-04-27 01:45 - 2016-03-25 21:02 - 000161280 _____ (Microsoft Corporation) C:\Windows\system32\regsvc.dll
2018-04-27 01:45 - 2016-03-25 21:02 - 000108032 _____ (Microsoft Corporation) C:\Windows\system32\psisrndr.ax
2018-04-27 01:45 - 2016-03-25 21:02 - 000095232 _____ (Microsoft Corporation) C:\Windows\system32\regapi.dll
2018-04-27 01:45 - 2016-03-25 21:02 - 000082432 _____ (Microsoft Corporation) C:\Windows\system32\SCardDlg.dll
2018-04-27 01:45 - 2016-03-25 21:02 - 000077312 _____ (Microsoft Corporation) C:\Windows\system32\rdpwsx.dll
2018-04-27 01:45 - 2016-03-25 21:02 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\rshx32.dll
2018-04-27 01:45 - 2016-03-25 21:02 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\seclogon.dll
2018-04-27 01:45 - 2016-03-25 21:01 - 001039872 _____ (Microsoft Corporation) C:\Windows\system32\opengl32.dll
2018-04-27 01:45 - 2016-03-25 21:01 - 000720896 _____ (Microsoft Corporation) C:\Windows\system32\odbc32.dll
2018-04-27 01:45 - 2016-03-25 21:01 - 000184320 _____ (Microsoft Corporation) C:\Windows\system32\prncache.dll
2018-04-27 01:45 - 2016-03-25 21:01 - 000163840 _____ (Microsoft Corporation) C:\Windows\system32\odbccp32.dll
2018-04-27 01:45 - 2016-03-25 21:01 - 000106496 _____ (Microsoft Corporation) C:\Windows\system32\odbccu32.dll
2018-04-27 01:45 - 2016-03-25 21:01 - 000106496 _____ (Microsoft Corporation) C:\Windows\system32\odbccr32.dll
2018-04-27 01:45 - 2016-03-25 21:01 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\pcaui.dll
2018-04-27 01:45 - 2016-03-25 21:01 - 000010240 _____ (Microsoft Corporation) C:\Windows\system32\oleacchooks.dll
2018-04-27 01:45 - 2016-03-25 21:00 - 000101376 _____ (Microsoft Corporation) C:\Windows\system32\ncpa.cpl
2018-04-27 01:45 - 2016-03-25 21:00 - 000053248 _____ (Microsoft Corporation) C:\Windows\system32\networkitemfactory.dll
2018-04-27 01:45 - 2016-03-25 21:00 - 000044544 _____ (Microsoft Corporation) C:\Windows\system32\vmbusres.dll
2018-04-27 01:45 - 2016-03-25 20:59 - 000268288 _____ (Microsoft Corporation) C:\Windows\system32\MSAC3ENC.DLL
2018-04-27 01:45 - 2016-03-25 20:59 - 000102912 _____ (Microsoft Corporation) C:\Windows\system32\kstvtune.ax
2018-04-27 01:45 - 2016-03-25 20:59 - 000091648 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll
2018-04-27 01:45 - 2016-03-25 20:59 - 000091648 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll
2018-04-27 01:45 - 2016-03-25 20:59 - 000075776 _____ (Microsoft Corporation) C:\Windows\system32\MSDvbNP.ax
2018-04-27 01:45 - 2016-03-25 20:59 - 000071168 _____ (Microsoft Corporation) C:\Windows\system32\l2gpstore.dll
2018-04-27 01:45 - 2016-03-25 20:59 - 000066048 _____ (Microsoft Corporation) C:\Windows\system32\ksxbar.ax
2018-04-27 01:45 - 2016-03-25 20:59 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\linkinfo.dll
2018-04-27 01:45 - 2016-03-25 20:59 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\mgmtapi.dll
2018-04-27 01:45 - 2016-03-25 20:58 - 000180736 _____ (Microsoft Corporation) C:\Windows\system32\ifsutil.dll
2018-04-27 01:45 - 2016-03-25 20:58 - 000168448 _____ (Microsoft Corporation) C:\Windows\system32\imm32.dll
2018-04-27 01:45 - 2016-03-25 20:58 - 000165376 _____ (Microsoft Corporation) C:\Windows\system32\glu32.dll
2018-04-27 01:45 - 2016-03-25 20:58 - 000083456 _____ (Microsoft Corporation) C:\Windows\system32\fveapibase.dll
2018-04-27 01:45 - 2016-03-25 20:58 - 000081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2018-04-27 01:45 - 2016-03-25 20:58 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\iscsilog.dll
2018-04-27 01:45 - 2016-03-25 20:58 - 000008192 _____ (Microsoft Corporation) C:\Windows\system32\KBDTUQ.DLL
2018-04-27 01:45 - 2016-03-25 20:58 - 000008192 _____ (Microsoft Corporation) C:\Windows\system32\KBDTUF.DLL
2018-04-27 01:45 - 2016-03-25 20:58 - 000007680 _____ (Microsoft Corporation) C:\Windows\system32\KBDINTAM.DLL
2018-04-27 01:45 - 2016-03-25 20:58 - 000007680 _____ (Microsoft Corporation) C:\Windows\system32\KBDINMAL.DLL
2018-04-27 01:45 - 2016-03-25 20:58 - 000007680 _____ (Microsoft Corporation) C:\Windows\system32\KBDINDEV.DLL
2018-04-27 01:45 - 2016-03-25 20:58 - 000007680 _____ (Microsoft Corporation) C:\Windows\system32\KBDINBEN.DLL
2018-04-27 01:45 - 2016-03-25 20:58 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2018-04-27 01:45 - 2016-03-25 20:58 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2018-04-27 01:45 - 2016-03-25 20:58 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2018-04-27 01:45 - 2016-03-25 20:58 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDINTEL.DLL
2018-04-27 01:45 - 2016-03-25 20:58 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDINPUN.DLL
2018-04-27 01:45 - 2016-03-25 20:58 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDINORI.DLL
2018-04-27 01:45 - 2016-03-25 20:58 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDINMAR.DLL
2018-04-27 01:45 - 2016-03-25 20:58 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDINKAN.DLL
2018-04-27 01:45 - 2016-03-25 20:58 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDINHIN.DLL
2018-04-27 01:45 - 2016-03-25 20:58 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDINGUJ.DLL
2018-04-27 01:45 - 2016-03-25 20:58 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDINBE2.DLL
2018-04-27 01:45 - 2016-03-25 20:58 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDINBE1.DLL
2018-04-27 01:45 - 2016-03-25 20:58 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDINASA.DLL
2018-04-27 01:45 - 2016-03-25 20:58 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll
2018-04-27 01:45 - 2016-03-25 20:58 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2018-04-27 01:45 - 2016-03-25 20:58 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL
2018-04-27 01:45 - 2016-03-25 20:58 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL
2018-04-27 01:45 - 2016-03-25 20:58 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2018-04-27 01:45 - 2016-03-25 20:57 - 000241152 _____ (Microsoft Corporation) C:\Windows\system32\els.dll
2018-04-27 01:45 - 2016-03-25 20:57 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc.dll
2018-04-27 01:45 - 2016-03-25 20:57 - 000057856 _____ (Microsoft Corporation) C:\Windows\system32\dot3dlg.dll
2018-04-27 01:45 - 2016-03-25 20:57 - 000046592 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2018-04-27 01:45 - 2016-03-25 20:57 - 000040448 _____ (Microsoft Corporation) C:\Windows\system32\dimsjob.dll
2018-04-27 01:45 - 2016-03-25 20:57 - 000037376 _____ (Microsoft Corporation) C:\Windows\system32\dtsh.dll
2018-04-27 01:45 - 2016-03-25 20:57 - 000013824 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcmonitor.dll
2018-04-27 01:45 - 2016-03-25 20:55 - 000594432 _____ (Microsoft Corporation) C:\Windows\system32\comdlg32.dll
2018-04-27 01:45 - 2016-03-25 20:55 - 000498688 _____ (Microsoft Corporation) C:\Windows\system32\cscui.dll
2018-04-27 01:45 - 2016-03-25 20:55 - 000254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2018-04-27 01:45 - 2016-03-25 20:55 - 000114688 _____ (Microsoft Corporation) C:\Windows\system32\AxInstSv.dll
2018-04-27 01:45 - 2016-03-25 20:55 - 000100864 _____ (Microsoft Corporation) C:\Windows\system32\bdesvc.dll
2018-04-27 01:45 - 2016-03-25 20:55 - 000095232 _____ (Microsoft Corporation) C:\Windows\system32\cca.dll
2018-04-27 01:45 - 2016-03-25 20:55 - 000069632 _____ C:\Windows\system32\BWContextHandler.dll
2018-04-27 01:45 - 2016-03-25 20:55 - 000065536 _____ (Microsoft Corporation) C:\Windows\system32\cryptdll.dll
2018-04-27 01:45 - 2016-03-25 20:55 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\bderepair.dll
2018-04-27 01:45 - 2016-03-25 20:55 - 000031744 _____ (Microsoft Corporation) C:\Windows\system32\AzSqlExt.dll
2018-04-27 01:45 - 2016-03-25 20:55 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2018-04-27 01:45 - 2016-03-25 20:55 - 000027648 _____ (Microsoft Corporation) C:\Windows\system32\brdgcfg.dll
2018-04-27 01:45 - 2016-03-25 20:55 - 000018432 _____ (Microsoft Corporation) C:\Windows\system32\cmstplua.dll
2018-04-27 01:45 - 2016-03-25 20:55 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\CIRCoInst.dll
2018-04-27 01:45 - 2016-03-25 20:54 - 000267776 _____ (Microsoft Corporation) C:\Windows\system32\activeds.dll
2018-04-27 01:45 - 2016-03-25 20:54 - 000213504 _____ (Microsoft Corporation) C:\Windows\system32\ActionQueue.dll
2018-04-27 01:45 - 2016-03-25 20:54 - 000161280 _____ (Microsoft Corporation) C:\Windows\system32\advpack.dll
2018-04-27 01:45 - 2016-03-25 20:33 - 000782336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webservices.dll
2018-04-27 01:45 - 2016-03-25 20:33 - 000458752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll
2018-04-27 01:45 - 2016-03-25 20:33 - 000316416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2018-04-27 01:45 - 2016-03-25 20:33 - 000308736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2018-04-27 01:45 - 2016-03-25 20:33 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdmaud.drv
2018-04-27 01:45 - 2016-03-25 20:33 - 000119808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imm32.dll
2018-04-27 01:45 - 2016-03-25 20:33 - 000083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\userenv.dll
2018-04-27 01:45 - 2016-03-25 20:33 - 000021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\version.dll
2018-04-27 01:45 - 2016-03-25 20:33 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTUQ.DLL
2018-04-27 01:45 - 2016-03-25 20:33 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTUF.DLL
2018-04-27 01:45 - 2016-03-25 20:33 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2018-04-27 01:45 - 2016-03-25 20:33 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2018-04-27 01:45 - 2016-03-25 20:33 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINTAM.DLL
2018-04-27 01:45 - 2016-03-25 20:33 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINORI.DLL
2018-04-27 01:45 - 2016-03-25 20:33 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINMAR.DLL
2018-04-27 01:45 - 2016-03-25 20:33 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINMAL.DLL
2018-04-27 01:45 - 2016-03-25 20:33 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINKAN.DLL
2018-04-27 01:45 - 2016-03-25 20:33 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINHIN.DLL
2018-04-27 01:45 - 2016-03-25 20:33 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINDEV.DLL
2018-04-27 01:45 - 2016-03-25 20:33 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINBEN.DLL
2018-04-27 01:45 - 2016-03-25 20:33 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL
2018-04-27 01:45 - 2016-03-25 20:33 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2018-04-27 01:45 - 2016-03-25 20:33 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2018-04-27 01:45 - 2016-03-25 20:33 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINTEL.DLL
2018-04-27 01:45 - 2016-03-25 20:33 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINPUN.DLL
2018-04-27 01:45 - 2016-03-25 20:33 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINGUJ.DLL
2018-04-27 01:45 - 2016-03-25 20:33 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINBE2.DLL
2018-04-27 01:45 - 2016-03-25 20:33 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINBE1.DLL
2018-04-27 01:45 - 2016-03-25 20:33 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINASA.DLL
2018-04-27 01:45 - 2016-03-25 20:33 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll
2018-04-27 01:45 - 2016-03-25 20:33 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2018-04-27 01:45 - 2016-03-25 20:33 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL
2018-04-27 01:45 - 2016-03-25 20:32 - 000108544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ulib.dll
2018-04-27 01:45 - 2016-03-25 20:32 - 000091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2018-04-27 01:45 - 2016-03-25 20:32 - 000031232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tcpmib.dll
2018-04-27 01:45 - 2016-03-25 20:31 - 000283136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdv.dll
2018-04-27 01:45 - 2016-03-25 20:31 - 000176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasppp.dll
2018-04-27 01:45 - 2016-03-25 20:31 - 000140800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp.dll
2018-04-27 01:45 - 2016-03-25 20:31 - 000117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\prncache.dll
2018-04-27 01:45 - 2016-03-25 20:31 - 000087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pcaui.dll
2018-04-27 01:45 - 2016-03-25 20:31 - 000075776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\psisrndr.ax
2018-04-27 01:45 - 2016-03-25 20:31 - 000072192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\regapi.dll
2018-04-27 01:45 - 2016-03-25 20:31 - 000066048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SCardDlg.dll
2018-04-27 01:45 - 2016-03-25 20:30 - 000791552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\opengl32.dll
2018-04-27 01:45 - 2016-03-25 20:30 - 000573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbc32.dll
2018-04-27 01:45 - 2016-03-25 20:30 - 000122880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbccp32.dll
2018-04-27 01:45 - 2016-03-25 20:30 - 000100352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncpa.cpl
2018-04-27 01:45 - 2016-03-25 20:28 - 000084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kstvtune.ax
2018-04-27 01:45 - 2016-03-25 20:28 - 000076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapistub.dll
2018-04-27 01:45 - 2016-03-25 20:28 - 000076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapi32.dll
2018-04-27 01:45 - 2016-03-25 20:28 - 000052736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetmib1.dll
2018-04-27 01:45 - 2016-03-25 20:28 - 000048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksxbar.ax
2018-04-27 01:45 - 2016-03-25 20:28 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\linkinfo.dll
2018-04-27 01:45 - 2016-03-25 20:28 - 000018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mgmtapi.dll
2018-04-27 01:45 - 2016-03-25 20:27 - 000179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\els.dll
2018-04-27 01:45 - 2016-03-25 20:27 - 000159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2018-04-27 01:45 - 2016-03-25 20:27 - 000148992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ifsutil.dll
2018-04-27 01:45 - 2016-03-25 20:27 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glu32.dll
2018-04-27 01:45 - 2016-03-25 20:27 - 000082944 _____ (Radius Inc.) C:\Windows\SysWOW64\iccvid.dll
2018-04-27 01:45 - 2016-03-25 20:26 - 000486400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comdlg32.dll
2018-04-27 01:45 - 2016-03-25 20:26 - 000210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2018-04-27 01:45 - 2016-03-25 20:26 - 000066560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cca.dll
2018-04-27 01:45 - 2016-03-25 20:26 - 000061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc.dll
2018-04-27 01:45 - 2016-03-25 20:26 - 000058368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdll.dll
2018-04-27 01:45 - 2016-03-25 20:26 - 000033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsjob.dll
2018-04-27 01:45 - 2016-03-25 20:25 - 000202752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\activeds.dll
2018-04-27 01:45 - 2016-03-25 20:25 - 000126464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advpack.dll
2018-04-27 01:45 - 2016-03-25 20:25 - 000031744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbrpm.sys
2018-04-27 01:45 - 2016-03-25 20:20 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\fixmapi.exe
2018-04-27 01:45 - 2016-03-25 20:16 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\WPDShextAutoplay.exe
2018-04-27 01:45 - 2016-03-25 20:13 - 000026624 _____ (Microsoft Corporation) C:\Windows\system32\qprocess.exe
2018-04-27 01:45 - 2016-03-25 20:13 - 000023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys
2018-04-27 01:45 - 2016-03-25 20:13 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdpipe.sys
2018-04-27 01:45 - 2016-03-25 20:11 - 000112128 _____ (Microsoft Corporation) C:\Windows\system32\taskkill.exe
2018-04-27 01:45 - 2016-03-25 20:11 - 000108032 _____ (Microsoft Corporation) C:\Windows\system32\tasklist.exe
2018-04-27 01:45 - 2016-03-25 20:09 - 000111104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\raspptp.sys
2018-04-27 01:45 - 2016-03-25 20:09 - 000092672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\raspppoe.sys
2018-04-27 01:45 - 2016-03-25 20:08 - 000125440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tunnel.sys
2018-04-27 01:45 - 2016-03-25 20:08 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys
2018-04-27 01:45 - 2016-03-25 20:08 - 000019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2018-04-27 01:45 - 2016-03-25 20:08 - 000016896 _____ (Microsoft Corporation) C:\Windows\system32\icsunattend.exe
2018-04-27 01:45 - 2016-03-25 20:07 - 000350208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\HdAudio.sys
2018-04-27 01:45 - 2016-03-25 20:07 - 000100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2018-04-27 01:45 - 2016-03-25 20:07 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwififlt.sys
2018-04-27 01:45 - 2016-03-25 20:07 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\umbus.sys
2018-04-27 01:45 - 2016-03-25 20:07 - 000025088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwifibus.sys
2018-04-27 01:45 - 2016-03-25 20:07 - 000018432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwifimp.sys
2018-04-27 01:45 - 2016-03-25 20:06 - 000069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2018-04-27 01:45 - 2016-03-25 20:03 - 000094208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\serial.sys
2018-04-27 01:45 - 2016-03-25 20:03 - 000033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdhid.sys
2018-04-27 01:45 - 2016-03-25 20:03 - 000014848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sffdisk.sys
2018-04-27 01:45 - 2016-03-25 20:03 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sffp_sd.sys
2018-04-27 01:45 - 2016-03-25 20:03 - 000013824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sffp_mmc.sys
2018-04-27 01:45 - 2016-03-25 19:59 - 000046592 _____ (Microsoft) C:\Windows\system32\fpb.rs
2018-04-27 01:45 - 2016-03-25 19:59 - 000043520 _____ (Microsoft) C:\Windows\system32\csrr.rs
2018-04-27 01:45 - 2016-03-25 19:59 - 000040960 _____ (Microsoft) C:\Windows\system32\cob-au.rs
2018-04-27 01:45 - 2016-03-25 19:59 - 000021504 _____ (Microsoft) C:\Windows\system32\grb.rs
2018-04-27 01:45 - 2016-03-25 19:56 - 000029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tvratings.dll
2018-04-27 01:45 - 2016-03-25 19:55 - 000070144 _____ (Microsoft Corporation) C:\Windows\system32\CertEnrollCtrl.exe
2018-04-27 01:45 - 2016-03-25 19:55 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\scfilter.sys
2018-04-27 01:45 - 2016-03-25 19:52 - 000080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tasklist.exe
2018-04-27 01:45 - 2016-03-25 19:52 - 000078336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskkill.exe
2018-04-27 01:45 - 2016-03-25 19:51 - 000015872 _____ (Microsoft Corporation) C:\Windows\system32\vmbuspipe.dll
2018-04-27 01:45 - 2016-03-25 19:50 - 000015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cmstplua.dll
2018-04-27 01:45 - 2016-03-25 19:50 - 000014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshrm.dll
2018-04-27 01:45 - 2016-03-25 19:49 - 000345088 _____ (Microsoft Corporation) C:\Windows\system32\cmd.exe
2018-04-27 01:45 - 2016-03-25 19:49 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dot3dlg.dll
2018-04-27 01:45 - 2016-03-25 19:49 - 000033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dtsh.dll
2018-04-27 01:45 - 2016-03-25 19:49 - 000011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcmonitor.dll
2018-04-27 01:45 - 2016-03-25 19:48 - 000030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\monitor.sys
2018-04-27 01:45 - 2016-03-25 19:47 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDINEN.DLL
2018-04-27 01:45 - 2016-03-25 19:44 - 000068608 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2018-04-27 01:45 - 2016-03-25 19:44 - 000027136 _____ (Microsoft Corporation) C:\Windows\system32\svchost.exe
2018-04-27 01:45 - 2016-03-25 19:43 - 000044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rshx32.dll
2018-04-27 01:45 - 2016-03-25 19:43 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshcon.dll
2018-04-27 01:45 - 2016-03-25 19:43 - 000024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2018-04-27 01:45 - 2016-03-25 19:42 - 000046592 _____ (Microsoft) C:\Windows\SysWOW64\fpb.rs
2018-04-27 01:45 - 2016-03-25 19:42 - 000043520 _____ (Microsoft) C:\Windows\SysWOW64\csrr.rs
2018-04-27 01:45 - 2016-03-25 19:42 - 000040960 _____ (Microsoft) C:\Windows\SysWOW64\cob-au.rs
2018-04-27 01:45 - 2016-03-25 19:42 - 000021504 _____ (Microsoft) C:\Windows\SysWOW64\grb.rs
2018-04-27 01:45 - 2016-03-25 19:41 - 000127488 _____ (Microsoft Corporation) C:\Windows\system32\Robocopy.exe
2018-04-27 01:45 - 2016-03-25 19:41 - 000039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2018-04-27 01:45 - 2016-03-25 19:41 - 000035328 _____ (Microsoft Corporation) C:\Windows\system32\sxstrace.exe
2018-04-27 01:45 - 2016-03-25 19:41 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\wowreg32.exe
2018-04-27 01:45 - 2016-03-25 19:41 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sscore.dll
2018-04-27 01:45 - 2016-03-25 19:40 - 000096768 _____ (Microsoft Corporation) C:\Windows\system32\fsutil.exe
2018-04-27 01:45 - 2016-03-25 19:40 - 000074752 _____ (Microsoft Corporation) C:\Windows\system32\reg.exe
2018-04-27 01:45 - 2016-03-25 19:40 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\format.com
2018-04-27 01:45 - 2016-03-25 19:39 - 000067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CertEnrollCtrl.exe
2018-04-27 01:45 - 2016-03-25 19:38 - 000015360 _____ (Microsoft Corporation) C:\Windows\fveupdate.exe
2018-04-27 01:45 - 2016-03-25 19:37 - 000058368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wecapi.dll
2018-04-27 01:45 - 2016-03-25 19:33 - 000302592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
2018-04-27 01:45 - 2016-03-25 19:31 - 000021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
2018-04-27 01:45 - 2016-03-25 19:29 - 000101888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Robocopy.exe
2018-04-27 01:45 - 2016-03-25 19:29 - 000074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fsutil.exe
2018-04-27 01:45 - 2016-03-25 19:29 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\reg.exe
2018-04-27 01:45 - 2016-03-25 19:29 - 000035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\format.com
2018-04-27 01:45 - 2016-03-25 19:29 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wowreg32.exe
2018-04-27 01:45 - 2016-03-25 19:28 - 000019456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sisbkup.dll
2018-04-27 01:45 - 2016-03-25 19:28 - 000015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tbs.dll
2018-04-27 01:45 - 2016-03-25 19:27 - 000020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2018-04-27 01:45 - 2015-06-03 22:25 - 000198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2018-04-27 01:45 - 2015-06-03 22:25 - 000087040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2018-04-27 01:44 - 2016-03-25 21:09 - 000166120 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstor.sys
2018-04-27 01:44 - 2016-03-25 21:09 - 000108776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mup.sys
2018-04-27 01:44 - 2016-03-25 21:09 - 000107752 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdsata.sys
2018-04-27 01:44 - 2016-03-25 21:09 - 000050408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdclass.sys
2018-04-27 01:44 - 2016-03-25 21:09 - 000027368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2018-04-27 01:44 - 2016-03-25 21:09 - 000020200 _____ (Microsoft Corporation) C:\Windows\system32\kdusb.dll
2018-04-27 01:44 - 2016-03-25 21:09 - 000019688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwf.sys
2018-04-27 01:44 - 2016-03-25 21:09 - 000019176 _____ (Microsoft Corporation) C:\Windows\system32\kd1394.dll
2018-04-27 01:44 - 2016-03-25 21:09 - 000017640 _____ (Microsoft Corporation) C:\Windows\system32\kdcom.dll
2018-04-27 01:44 - 2016-03-25 21:09 - 000015080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdide.sys
2018-04-27 01:44 - 2016-03-25 21:04 - 001160192 _____ (Microsoft Corporation) C:\Windows\system32\webservices.dll
2018-04-27 01:44 - 2016-03-25 21:04 - 000744448 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
2018-04-27 01:44 - 2016-03-25 21:04 - 000669184 _____ (Microsoft Corporation) C:\Windows\system32\WFSR.dll
2018-04-27 01:44 - 2016-03-25 21:04 - 000237568 _____ (Microsoft Corporation) C:\Windows\system32\wecsvc.dll
2018-04-27 01:44 - 2016-03-25 21:04 - 000236032 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2018-04-27 01:44 - 2016-03-25 21:04 - 000225280 _____ (Microsoft Corporation) C:\Windows\system32\WSDMon.dll
2018-04-27 01:44 - 2016-03-25 21:04 - 000217600 _____ (Microsoft Corporation) C:\Windows\system32\winmm.dll
2018-04-27 01:44 - 2016-03-25 21:04 - 000198656 _____ (Microsoft Corporation) C:\Windows\system32\xmllite.dll
2018-04-27 01:44 - 2016-03-25 21:04 - 000194048 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2018-04-27 01:44 - 2016-03-25 21:04 - 000150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2018-04-27 01:44 - 2016-03-25 21:04 - 000121344 _____ (Microsoft Corporation) C:\Windows\system32\wpdbusenum.dll
2018-04-27 01:44 - 2016-03-25 21:04 - 000118784 _____ (Microsoft Corporation) C:\Windows\system32\wkssvc.dll
2018-04-27 01:44 - 2016-03-25 21:04 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\WPDShServiceObj.dll
2018-04-27 01:44 - 2016-03-25 21:04 - 000098304 _____ (Microsoft Corporation) C:\Windows\system32\WSTPager.ax
2018-04-27 01:44 - 2016-03-25 21:04 - 000090112 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2018-04-27 01:44 - 2016-03-25 21:04 - 000059392 _____ (Microsoft Corporation) C:\Windows\system32\xolehlp.dll
2018-04-27 01:44 - 2016-03-25 21:04 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll
2018-04-27 01:44 - 2016-03-25 21:04 - 000046592 _____ (Microsoft Corporation) C:\Windows\system32\Wwanpref.dll
2018-04-27 01:44 - 2016-03-25 21:04 - 000029184 _____ (Microsoft Corporation) C:\Windows\system32\WinFax.dll
2018-04-27 01:44 - 2016-03-25 21:04 - 000019968 _____ (Microsoft Corporation) C:\Windows\system32\wlaninst.dll
2018-04-27 01:44 - 2016-03-25 21:03 - 000752128 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll
2018-04-27 01:44 - 2016-03-25 21:03 - 000581632 _____ (Microsoft Corporation) C:\Windows\system32\sxs.dll
2018-04-27 01:44 - 2016-03-25 21:03 - 000404480 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll
2018-04-27 01:44 - 2016-03-25 21:03 - 000402944 _____ (Microsoft Corporation) C:\Windows\system32\umpnpmgr.dll
2018-04-27 01:44 - 2016-03-25 21:03 - 000381440 _____ (Microsoft Corporation) C:\Windows\system32\w32time.dll
2018-04-27 01:44 - 2016-03-25 21:03 - 000332288 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2018-04-27 01:44 - 2016-03-25 21:03 - 000316416 _____ (Microsoft Corporation) C:\Windows\system32\tapisrv.dll
2018-04-27 01:44 - 2016-03-25 21:03 - 000294912 _____ (Microsoft Corporation) C:\Windows\system32\sti.dll
2018-04-27 01:44 - 2016-03-25 21:03 - 000256512 _____ (Microsoft Corporation) C:\Windows\system32\stobject.dll
2018-04-27 01:44 - 2016-03-25 21:03 - 000235520 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2018-04-27 01:44 - 2016-03-25 21:03 - 000197632 _____ (Microsoft Corporation) C:\Windows\system32\tscfgwmi.dll
2018-04-27 01:44 - 2016-03-25 21:03 - 000190976 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2018-04-27 01:44 - 2016-03-25 21:03 - 000164864 _____ (Microsoft Corporation) C:\Windows\system32\umpo.dll
2018-04-27 01:44 - 2016-03-25 21:03 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\tcpmonui.dll
2018-04-27 01:44 - 2016-03-25 21:03 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2018-04-27 01:44 - 2016-03-25 21:02 - 000613376 _____ (Microsoft Corporation) C:\Windows\system32\psisdecd.dll
2018-04-27 01:44 - 2016-03-25 21:02 - 000485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2018-04-27 01:44 - 2016-03-25 21:02 - 000425472 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2018-04-27 01:44 - 2016-03-25 21:02 - 000232960 _____ (Microsoft Corporation) C:\Windows\system32\scecli.dll
2018-04-27 01:44 - 2016-03-25 21:02 - 000230400 _____ (Microsoft Corporation) C:\Windows\system32\scrobj.dll
2018-04-27 01:44 - 2016-03-25 21:02 - 000225280 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2018-04-27 01:44 - 2016-03-25 21:02 - 000212480 _____ (Microsoft Corporation) C:\Windows\system32\sbeio.dll
2018-04-27 01:44 - 2016-03-25 21:02 - 000202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2018-04-27 01:44 - 2016-03-25 21:02 - 000128000 _____ (Microsoft Corporation) C:\Windows\system32\SessEnv.dll
2018-04-27 01:44 - 2016-03-25 21:02 - 000123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2018-04-27 01:44 - 2016-03-25 21:02 - 000123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2018-04-27 01:44 - 2016-03-25 21:02 - 000113152 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2018-04-27 01:44 - 2016-03-25 21:02 - 000033792 _____ (Microsoft Corporation) C:\Windows\system32\profprov.dll
2018-04-27 01:44 - 2016-03-25 21:01 - 000488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2018-04-27 01:44 - 2016-03-25 21:01 - 000413696 _____ (Microsoft Corporation) C:\Windows\system32\photowiz.dll
2018-04-27 01:44 - 2016-03-25 21:01 - 000331264 _____ (Microsoft Corporation) C:\Windows\system32\oleacc.dll
2018-04-27 01:44 - 2016-03-25 21:01 - 000212992 _____ (Microsoft Corporation) C:\Windows\system32\odbctrac.dll
2018-04-27 01:44 - 2016-03-25 21:01 - 000166912 _____ (Microsoft Corporation) C:\Windows\system32\powrprof.dll
2018-04-27 01:44 - 2016-03-25 21:01 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\oleprn.dll
2018-04-27 01:44 - 2016-03-25 21:01 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2018-04-27 01:44 - 2016-03-25 21:00 - 000288256 _____ (Microsoft Corporation) C:\Windows\system32\MSNP.ax
2018-04-27 01:44 - 2016-03-25 21:00 - 000229888 _____ (Microsoft Corporation) C:\Windows\system32\netiohlp.dll
2018-04-27 01:44 - 2016-03-25 21:00 - 000188416 _____ (Microsoft Corporation) C:\Windows\system32\netjoin.dll
2018-04-27 01:44 - 2016-03-25 21:00 - 000156672 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2018-04-27 01:44 - 2016-03-25 21:00 - 000089600 _____ (Microsoft Corporation) C:\Windows\system32\nci.dll
2018-04-27 01:44 - 2016-03-25 21:00 - 000066048 _____ (Microsoft Corporation) C:\Windows\system32\ncryptui.dll
2018-04-27 01:44 - 2016-03-25 21:00 - 000018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2018-04-27 01:44 - 2016-03-25 20:59 - 000799744 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2018-04-27 01:44 - 2016-03-25 20:59 - 000104960 _____ (Microsoft Corporation) C:\Windows\system32\Mpeg2Data.ax
2018-04-27 01:44 - 2016-03-25 20:59 - 000070144 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
2018-04-27 01:44 - 2016-03-25 20:59 - 000051200 _____ (Microsoft Corporation) C:\Windows\system32\lsmproxy.dll
2018-04-27 01:44 - 2016-03-25 20:59 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\Magnification.dll
2018-04-27 01:44 - 2016-03-25 20:59 - 000046080 _____ (Microsoft Corporation) C:\Windows\system32\msasn1.dll
2018-04-27 01:44 - 2016-03-25 20:59 - 000023040 _____ (Microsoft Corporation) C:\Windows\system32\lmhsvc.dll
2018-04-27 01:44 - 2016-03-25 20:59 - 000017408 _____ (Microsoft Corporation) C:\Windows\system32\localui.dll
2018-04-27 01:44 - 2016-03-25 20:58 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\imapi2.dll
2018-04-27 01:44 - 2016-03-25 20:58 - 000254464 _____ (Microsoft Corporation) C:\Windows\system32\iassam.dll
2018-04-27 01:44 - 2016-03-25 20:58 - 000226304 _____ (Microsoft Corporation) C:\Windows\system32\iasnap.dll
2018-04-27 01:44 - 2016-03-25 20:58 - 000187904 _____ (Microsoft Corporation) C:\Windows\system32\FXSUTILITY.dll
2018-04-27 01:44 - 2016-03-25 20:58 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\FXSCOMPOSERES.dll
2018-04-27 01:44 - 2016-03-25 20:58 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\icmui.dll
2018-04-27 01:44 - 2016-03-25 20:58 - 000020480 _____ (Microsoft Corporation) C:\Windows\system32\fvecerts.dll
2018-04-27 01:44 - 2016-03-25 20:57 - 001338880 _____ (Microsoft Corporation) C:\Windows\system32\diagperf.dll
2018-04-27 01:44 - 2016-03-25 20:57 - 000348160 _____ (Microsoft Corporation) C:\Windows\system32\eapp3hst.dll
2018-04-27 01:44 - 2016-03-25 20:57 - 000307200 _____ (Microsoft Corporation) C:\Windows\system32\efscore.dll
2018-04-27 01:44 - 2016-03-25 20:57 - 000303616 _____ (Microsoft Corporation) C:\Windows\system32\eapphost.dll
2018-04-27 01:44 - 2016-03-25 20:57 - 000297472 _____ (Microsoft Corporation) C:\Windows\system32\fdprint.dll
2018-04-27 01:44 - 2016-03-25 20:57 - 000263680 _____ (Microsoft Corporation) C:\Windows\system32\eappcfg.dll
2018-04-27 01:44 - 2016-03-25 20:57 - 000103936 _____ (Microsoft Corporation) C:\Windows\system32\eappgnui.dll
2018-04-27 01:44 - 2016-03-25 20:57 - 000103936 _____ (Microsoft Corporation) C:\Windows\system32\dot3msm.dll
2018-04-27 01:44 - 2016-03-25 20:57 - 000092672 _____ (Microsoft Corporation) C:\Windows\system32\devobj.dll
2018-04-27 01:44 - 2016-03-25 20:57 - 000084992 _____ (Microsoft Corporation) C:\Windows\system32\dot3api.dll
2018-04-27 01:44 - 2016-03-25 20:57 - 000057856 _____ (Microsoft Corporation) C:\Windows\system32\devrtl.dll
2018-04-27 01:44 - 2016-03-25 20:57 - 000056832 _____ (Microsoft Corporation) C:\Windows\system32\efslsaext.dll
2018-04-27 01:44 - 2016-03-25 20:57 - 000056832 _____ (Microsoft Corporation) C:\Windows\system32\dot3gpclnt.dll
2018-04-27 01:44 - 2016-03-25 20:57 - 000037888 _____ (Microsoft Corporation) C:\Windows\system32\efssvc.dll
2018-04-27 01:44 - 2016-03-25 20:57 - 000018944 _____ (Microsoft Corporation) C:\Windows\system32\dispex.dll
2018-04-27 01:44 - 2016-03-25 20:56 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
2018-04-27 01:44 - 2016-03-25 20:55 - 000240128 _____ (Microsoft Corporation) C:\Windows\system32\cscobj.dll
2018-04-27 01:44 - 2016-03-25 20:55 - 000207872 _____ (Microsoft Corporation) C:\Windows\system32\cfgmgr32.dll
2018-04-27 01:44 - 2016-03-25 20:55 - 000197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2018-04-27 01:44 - 2016-03-25 20:55 - 000194048 _____ (Microsoft Corporation) C:\Windows\system32\auditcse.dll
2018-04-27 01:44 - 2016-03-25 20:55 - 000080384 _____ (Microsoft Corporation) C:\Windows\system32\colbact.dll
2018-04-27 01:44 - 2016-03-25 20:55 - 000078848 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2018-04-27 01:44 - 2016-03-25 20:55 - 000058880 _____ (Microsoft Corporation) C:\Windows\system32\cmutil.dll
2018-04-27 01:44 - 2016-03-25 20:55 - 000052224 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2018-04-27 01:44 - 2016-03-25 20:55 - 000045568 _____ (Microsoft Corporation) C:\Windows\system32\cscapi.dll
2018-04-27 01:44 - 2016-03-25 20:55 - 000041984 _____ (Microsoft Corporation) C:\Windows\system32\cmlua.dll
2018-04-27 01:44 - 2016-03-25 20:55 - 000037376 _____ (Microsoft Corporation) C:\Windows\system32\cmcfg32.dll
2018-04-27 01:44 - 2016-03-25 20:55 - 000030208 _____ (Microsoft Corporation) C:\Windows\system32\cscdll.dll
2018-04-27 01:44 - 2016-03-25 20:55 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\cmpbk32.dll
2018-04-27 01:44 - 2016-03-25 20:55 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\bdeui.dll
2018-04-27 01:44 - 2016-03-25 20:54 - 000154624 _____ (Microsoft Corporation) C:\Windows\system32\aclui.dll
2018-04-27 01:44 - 2016-03-25 20:54 - 000071680 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2018-04-27 01:44 - 2016-03-25 20:47 - 000116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2018-04-27 01:44 - 2016-03-25 20:47 - 000095232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bridge.sys
2018-04-27 01:44 - 2016-03-25 20:33 - 000245760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2018-04-27 01:44 - 2016-03-25 20:33 - 000194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmm.dll
2018-04-27 01:44 - 2016-03-25 20:33 - 000180736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xmllite.dll
2018-04-27 01:44 - 2016-03-25 20:33 - 000158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2018-04-27 01:44 - 2016-03-25 20:33 - 000153600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VBICodec.ax
2018-04-27 01:44 - 2016-03-25 20:33 - 000121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2018-04-27 01:44 - 2016-03-25 20:33 - 000105984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WPDShServiceObj.dll
2018-04-27 01:44 - 2016-03-25 20:33 - 000075776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2018-04-27 01:44 - 2016-03-25 20:33 - 000027648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinFax.dll
2018-04-27 01:44 - 2016-03-25 20:32 - 000562176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2018-04-27 01:44 - 2016-03-25 20:32 - 000424448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2018-04-27 01:44 - 2016-03-25 20:32 - 000379904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sxs.dll
2018-04-27 01:44 - 2016-03-25 20:32 - 000346624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll
2018-04-27 01:44 - 2016-03-25 20:32 - 000271360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsmf.dll
2018-04-27 01:44 - 2016-03-25 20:32 - 000242176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tapisrv.dll
2018-04-27 01:44 - 2016-03-25 20:32 - 000228864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\stobject.dll
2018-04-27 01:44 - 2016-03-25 20:32 - 000202752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sti.dll
2018-04-27 01:44 - 2016-03-25 20:32 - 000181760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tcpipcfg.dll
2018-04-27 01:44 - 2016-03-25 20:32 - 000153088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2018-04-27 01:44 - 2016-03-25 20:32 - 000119296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SessEnv.dll
2018-04-27 01:44 - 2016-03-25 20:32 - 000087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2018-04-27 01:44 - 2016-03-25 20:32 - 000087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2018-04-27 01:44 - 2016-03-25 20:32 - 000078336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
2018-04-27 01:44 - 2016-03-25 20:32 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2018-04-27 01:44 - 2016-03-25 20:31 - 000465408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\psisdecd.dll
2018-04-27 01:44 - 2016-03-25 20:31 - 000428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2018-04-27 01:44 - 2016-03-25 20:31 - 000373248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2018-04-27 01:44 - 2016-03-25 20:31 - 000299008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\photowiz.dll
2018-04-27 01:44 - 2016-03-25 20:31 - 000206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qasf.dll
2018-04-27 01:44 - 2016-03-25 20:31 - 000175616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scecli.dll
2018-04-27 01:44 - 2016-03-25 20:31 - 000173568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrobj.dll
2018-04-27 01:44 - 2016-03-25 20:31 - 000163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2018-04-27 01:44 - 2016-03-25 20:31 - 000145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\powrprof.dll
2018-04-27 01:44 - 2016-03-25 20:31 - 000067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2018-04-27 01:44 - 2016-03-25 20:30 - 000319488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbcjt32.dll
2018-04-27 01:44 - 2016-03-25 20:30 - 000233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleacc.dll
2018-04-27 01:44 - 2016-03-25 20:30 - 000178688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netiohlp.dll
2018-04-27 01:44 - 2016-03-25 20:30 - 000163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbctrac.dll
2018-04-27 01:44 - 2016-03-25 20:30 - 000161280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netjoin.dll
2018-04-27 01:44 - 2016-03-25 20:30 - 000107520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleprn.dll
2018-04-27 01:44 - 2016-03-25 20:30 - 000086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbccu32.dll
2018-04-27 01:44 - 2016-03-25 20:30 - 000081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbccr32.dll
2018-04-27 01:44 - 2016-03-25 20:30 - 000078336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nci.dll
2018-04-27 01:44 - 2016-03-25 20:30 - 000060928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptui.dll
2018-04-27 01:44 - 2016-03-25 20:30 - 000018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
2018-04-27 01:44 - 2016-03-25 20:30 - 000016896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\npmproxy.dll
2018-04-27 01:44 - 2016-03-25 20:29 - 000204288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSNP.ax
2018-04-27 01:44 - 2016-03-25 20:29 - 000176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2018-04-27 01:44 - 2016-03-25 20:29 - 000111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2018-04-27 01:44 - 2016-03-25 20:28 - 000732672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imapi2fs.dll
2018-04-27 01:44 - 2016-03-25 20:28 - 000592384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2018-04-27 01:44 - 2016-03-25 20:28 - 000392704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imapi2.dll
2018-04-27 01:44 - 2016-03-25 20:28 - 000226304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSAC3ENC.DLL
2018-04-27 01:44 - 2016-03-25 20:28 - 000072704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Mpeg2Data.ax
2018-04-27 01:44 - 2016-03-25 20:28 - 000059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSDvbNP.ax
2018-04-27 01:44 - 2016-03-25 20:28 - 000057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\l2gpstore.dll
2018-04-27 01:44 - 2016-03-25 20:28 - 000033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msasn1.dll
2018-04-27 01:44 - 2016-03-25 20:27 - 000192512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iassam.dll
2018-04-27 01:44 - 2016-03-25 20:27 - 000157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iasnap.dll
2018-04-27 01:44 - 2016-03-25 20:27 - 000067584 _____ (Microsoft Corporation) C:\Windows\splwow64.exe
2018-04-27 01:44 - 2016-03-25 20:26 - 000974848 _____ (Microsoft Corporation) C:\Windows\system32\WFS.exe
Zitat:
Zitat von cosinus (Beitrag 1693268)
Was willst du mit drei verschiedenen Browsern? Nimm Firefox und gut isses!
Danke für Deine Nachricht ich nutze 3 Browser um die Auflösungen der verschiedenen Templates (Html, CSS)
zu testen bzgl der Auflösungen mit CSS da jeder Browser unterschiedlich Kompatibel ist.
Desweiteren nutze ich die Browser zu testzwecken um eben für Sicherheit zu sorgen es kann doch nicht möglich sein das permanent Verbindungsprobleme vorhanden sind und mal Firefox funktioniert und dann wieder meckert mit den OCSP Zertifikationstelle .. Und bei den anderen Browser erst garnicht die Möglichkeit besteht überhaupt zu surfen da gleich im vorderein SSL Fehler vorhanden sind. Meine Vermutung liegt dabei das es sich um ein "Man in the Middle " handelt der versucht die Verbindungen mittels Tls und SSL aufzubrechen und den Computer zu übernehmen.

Ich habe soeben im Schattenmodus zu Testzwecken die von dir angegebene Analyse
Malwarebytes Anti-Rootkit (MBAR) ausgeführt genau nach Anleitung und es wurde ein Trojaner Keylogger in einer Datei Namens rk_free_setup.exe gefunden leider wurde nach der Bereinigung der Computer neu hochgefahren und die Datei war vorhanden da ich im virtuellen Modus gewesen bin. ALSO habe ich Malwarebytes Anti-Rootkit (MBAR) erneut geladen ohne Schattenmodus und ausgeführt und es wurde merkwürdiger Weise nichts gefunden genaues Verfahren wie bereits in der Anleitung beschrieben. Was stimmt da nicht ??

Auszug Malwarebytes Anti-Rootkit (MBAR)
Code:
Malwarebytes Anti-Rootkit BETA 1.10.3.1001
www.malwarebytes.org

Database version:
  main:    v2018.05.27.03
  rootkit: v2018.05.27.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.18977
nbmedia :: nbm-PC [administrator]

27.05.2018 21:53:26
mbar-log-2018-05-27 (21-53-26).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 251308
Time elapsed: 13 minute(s), 10 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
Die system-log.txt
Code:
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.10.3.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.18977

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 3.192000 GHz
Memory total: 4162949120, free: 3006361600

Downloaded database version: v2018.05.27.03
Downloaded database version: v2018.05.27.03
Downloaded database version: v2018.01.20.01
=======================================
Initializing...
Driver version: 4.3.0.15
------------ Kernel report ------------
    05/27/2018 21:53:20
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\SYSTEM32\drivers\diskpt.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\EUBKMON.sys
\SystemRoot\system32\drivers\eubakup.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\drivers\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\??\C:\Windows\system32\drivers\HWiNFO64A.SYS
\??\C:\Windows\system32\drivers\EuFdDisk.sys
\??\C:\Windows\system32\drivers\eudskacs.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\vgapnp.sys
\SystemRoot\system32\drivers\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\serenum.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\drivers\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\drivers\usbccgp.sys
\SystemRoot\system32\drivers\USBD.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\drivers\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\drivers\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\11761BDA.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
----------- End -----------
Done!

Scan started
Database versions:
  main:    v2018.05.27.03
  rootkit: v2018.05.27.03

<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8004ae3060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004ae3ad0, DeviceName: Unknown, DriverName: \Driver\diskpt\
DevicePointer: 0xfffffa80049b2860, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8004ae3060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8004402370, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\partmgr\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 14C23AE

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 16065  Numsec = 73603072
    Partition is bootable
    Partition file system is NTFS

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 78124095  Numsec = 112640000
    Partition is not bootable
    Partition file system is NTFS

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 195870720  Numsec = 158715904
    Partition is not bootable
    Partition file system is NTFS

    Partition 3 type is Extended with LBA (0xf)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 354588609  Numsec = 405096511
    Partition is not bootable

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-16065-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-78124095-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-2-195870720-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-3-354588609-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.10.3.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.18977

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 3.192000 GHz
Memory total: 4162949120, free: 2936877056

Downloaded database version: v2018.05.27.03
Downloaded database version: v2018.05.27.03
Downloaded database version: v2018.01.20.01
=======================================
Initializing...
Driver version: 4.3.0.15
------------ Kernel report ------------
    05/27/2018 22:14:14
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\SYSTEM32\drivers\diskpt.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\EUBKMON.sys
\SystemRoot\system32\drivers\eubakup.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\drivers\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\??\C:\Windows\system32\drivers\HWiNFO64A.SYS
\??\C:\Windows\system32\drivers\EuFdDisk.sys
\??\C:\Windows\system32\drivers\eudskacs.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\vgapnp.sys
\SystemRoot\system32\drivers\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\serenum.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\drivers\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\drivers\usbccgp.sys
\SystemRoot\system32\drivers\USBD.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\drivers\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\drivers\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\172393A2.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
----------- End -----------
Done!

Scan started
Database versions:
  main:    v2018.05.27.03
  rootkit: v2018.05.27.03

<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8004ae3060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004ae3ad0, DeviceName: Unknown, DriverName: \Driver\diskpt\
DevicePointer: 0xfffffa80049b2860, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8004ae3060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8004402370, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\partmgr\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 14C23AE

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 16065  Numsec = 73603072
    Partition is bootable
    Partition file system is NTFS

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 78124095  Numsec = 112640000
    Partition is not bootable
    Partition file system is NTFS

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 195870720  Numsec = 158715904
    Partition is not bootable
    Partition file system is NTFS

    Partition 3 type is Extended with LBA (0xf)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 354588609  Numsec = 405096511
    Partition is not bootable

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Done!
Scan finished

5lin 27.05.2018 21:46
RE Keine sichere Verbindung und kein vollständiges Laden der Seite
 
Liste der Anhänge anzeigen (Anzahl: 1)
Siehe Grafik

cosinus 27.05.2018 22:15
Schädlinge suchen mit Kaspersky TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.



Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

5lin 27.05.2018 22:38
RE
 
TDSSKiller Logdatei
Code:
23:27:36.0974 0x0e48  TDSS rootkit removing tool 3.1.0.17 Apr 20 2018 12:12:17
23:27:41.0124 0x0e48  ============================================================
23:27:41.0124 0x0e48  Current date / time: 2018/05/27 23:27:41.0124
23:27:41.0124 0x0e48  SystemInfo:
23:27:41.0124 0x0e48 
23:27:41.0124 0x0e48  OS Version: 6.1.7601 ServicePack: 1.0
23:27:41.0124 0x0e48  Product type: Workstation
23:27:41.0124 0x0e48  ComputerName: NBM-PC
23:27:41.0124 0x0e48  UserName: nbm
23:27:41.0124 0x0e48  Windows directory: C:\Windows
23:27:41.0124 0x0e48  System windows directory: C:\Windows
23:27:41.0124 0x0e48  Running under WOW64
23:27:41.0124 0x0e48  Processor architecture: Intel x64
23:27:41.0124 0x0e48  Number of processors: 4
23:27:41.0124 0x0e48  Page size: 0x1000
23:27:41.0124 0x0e48  Boot type: Normal boot
23:27:41.0124 0x0e48  CodeIntegrityOptions = 0x00000001
23:27:41.0124 0x0e48  ============================================================
23:27:42.0574 0x0e48  KLMD registered as C:\Windows\system32\drivers\68612209.sys
23:27:42.0574 0x0e48  KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 7601.24094, osProperties = 0x1
23:27:43.0058 0x0e48  System UUID: {33FC85FA-C59B-8BFC-FFB5-FBEB4401EE86}
23:27:43.0526 0x0e48  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:27:43.0526 0x0e48  ============================================================
23:27:43.0526 0x0e48  \Device\Harddisk0\DR0:
23:27:43.0526 0x0e48  MBR partitions:
23:27:43.0526 0x0e48  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3EC1, BlocksNum 0x4631800
23:27:43.0526 0x0e48  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x4A8143F, BlocksNum 0x6B6C000
23:27:43.0526 0x0e48  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xBACC000, BlocksNum 0x975D000
23:27:43.0557 0x0e48  \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x1A9AA800, BlocksNum 0x12AD3800
23:27:43.0557 0x0e48  ============================================================
23:27:43.0620 0x0e48  C: <-> \Device\Harddisk0\DR0\Partition2
23:27:43.0682 0x0e48  D: <-> \Device\Harddisk0\DR0\Partition1
23:27:43.0713 0x0e48  E: <-> \Device\Harddisk0\DR0\Partition4
23:27:43.0760 0x0e48  F: <-> \Device\Harddisk0\DR0\Partition3
23:27:43.0760 0x0e48  ============================================================
23:27:43.0760 0x0e48  Initialize success
23:27:43.0760 0x0e48  ============================================================
23:29:13.0689 0x0974  ============================================================
23:29:13.0689 0x0974  Scan started
23:29:13.0689 0x0974  Mode: Manual; SigCheck; TDLFS;
23:29:13.0689 0x0974  ============================================================
23:29:13.0689 0x0974  KSN ping started
23:29:13.0814 0x0974  KSN ping finished: true
23:29:14.0360 0x0974  ================ Scan system memory ========================
23:29:14.0360 0x0974  System memory - ok
23:29:14.0360 0x0974  ================ Scan services =============================
23:29:14.0469 0x0974  [ E96ECC2315E4F7B42973CEAADC727C18, 8C8644580C8FBF7A772C20CC2DBBD1DE854A3CEF8ECFB986FA98577ED3540A61 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
23:29:14.0594 0x0974  1394ohci - ok
23:29:14.0625 0x0974  172393A2 - ok
23:29:14.0657 0x0974  [ DCA5495CA17AEB2F4FD8AC60812C3999, 20A3FC0349294584C340C76D674EE5CA37BA69C886DDA6886CBCCFA437A51BD8 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
23:29:14.0688 0x0974  ACPI - ok
23:29:14.0719 0x0974  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi        C:\Windows\system32\drivers\acpipmi.sys
23:29:14.0766 0x0974  AcpiPmi - ok
23:29:14.0813 0x0974  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx        C:\Windows\system32\drivers\adp94xx.sys
23:29:14.0828 0x0974  adp94xx - ok
23:29:14.0859 0x0974  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci        C:\Windows\system32\drivers\adpahci.sys
23:29:14.0875 0x0974  adpahci - ok
23:29:14.0891 0x0974  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320        C:\Windows\system32\drivers\adpu320.sys
23:29:14.0906 0x0974  adpu320 - ok
23:29:14.0922 0x0974  [ DC3A5D287DC3213E01B9F401D025D04E, 59963E62C9B2179BC64602269B624A51944B48936F5D49F61FB9FF73D0405FD9 ] AeLookupSvc    C:\Windows\System32\aelupsvc.dll
23:29:15.0015 0x0974  AeLookupSvc - ok
23:29:15.0078 0x0974  [ 0DC2A9882540DEA4A55B08785E09D8FC, 69B15724B0034F9915AACE109A6C596D6AF2DA350FC18C9A0CD98C81CB7EDEE3 ] AFD            C:\Windows\system32\drivers\afd.sys
23:29:15.0125 0x0974  AFD - ok
23:29:15.0156 0x0974  [ 466BF4170DC41BB939F1F9AB8F97F8F5, 603BF9DA00AABF2CC9FA89865EBCF0CDAADB77D147D0B9FC30480DA7D8215C61 ] agp440          C:\Windows\system32\drivers\agp440.sys
23:29:15.0171 0x0974  agp440 - ok
23:29:15.0203 0x0974  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG            C:\Windows\System32\alg.exe
23:29:15.0234 0x0974  ALG - ok
23:29:15.0249 0x0974  [ 56F1EA3065D386173EA976E7C8403E07, 9EE711A32D27B167F25FF3D2EF996431BB40815B48848F41C00FA9E80AD46A97 ] aliide          C:\Windows\system32\drivers\aliide.sys
23:29:15.0265 0x0974  aliide - ok
23:29:15.0265 0x0974  [ 9B66BA4D578B18A3A02607A49A46ED15, 8DB7004A1401694D37C81D060C7B6CC1A72ACB25204CF9A25157A355D9955D0E ] amdide          C:\Windows\system32\drivers\amdide.sys
23:29:15.0281 0x0974  amdide - ok
23:29:15.0312 0x0974  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8          C:\Windows\system32\drivers\amdk8.sys
23:29:15.0359 0x0974  AmdK8 - ok
23:29:15.0359 0x0974  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
23:29:15.0390 0x0974  AmdPPM - ok
23:29:15.0405 0x0974  [ AA8663311D3E7B711710AFAEE1825A2F, E75CD6FD4E03B5AA303CE950406D3F8C577A9EEDA866CE8EC1F8F065A1D6D0B2 ] amdsata        C:\Windows\system32\drivers\amdsata.sys
23:29:15.0421 0x0974  amdsata - ok
23:29:15.0437 0x0974  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
23:29:15.0452 0x0974  amdsbs - ok
23:29:15.0452 0x0974  [ 0B5BFDCF705BF9F462B151FC5BE428B8, 12755113A1022B10DB320D53AB2D6ACD3D529872EB937AB8E27423449AA5B470 ] amdxata        C:\Windows\system32\drivers\amdxata.sys
23:29:15.0468 0x0974  amdxata - ok
23:29:15.0499 0x0974  [ 97F6A05C12DCD5DD8D94F12207199F8F, 1E0477F53726357FD96A32553BAD58DE0DFD101CD7626B6832FE5EAAF1267ED8 ] AppID          C:\Windows\system32\drivers\appid.sys
23:29:15.0515 0x0974  AppID - ok
23:29:15.0530 0x0974  [ 2905C9ABD6DF9AFBC9B80C6E480B3923, 1DD0BCDD3FCC8F4ED4C4B333F001A2EEBE9A4D684D7D142651A61063DD5819D0 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
23:29:15.0561 0x0974  AppIDSvc - ok
23:29:15.0608 0x0974  [ D92C0D871FBA258CBF2126EABFE31447, 62E2C3CF0E3BB6A4C6AC101333728E447960B182C11F7B1900CA5C6E4B46D02C ] Appinfo        C:\Windows\System32\appinfo.dll
23:29:15.0639 0x0974  Appinfo - ok
23:29:15.0717 0x0974  [ B8B5C0BA38DDAA1C7CED37EB31B318E6, 23ADC6B393B37208CD6DC6F07DF66CC2AA734A200F8629992F11F240D0514B8C ] AppMgmt        C:\Windows\System32\appmgmts.dll
23:29:15.0749 0x0974  AppMgmt - ok
23:29:15.0780 0x0974  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc            C:\Windows\system32\drivers\arc.sys
23:29:15.0795 0x0974  arc - ok
23:29:15.0811 0x0974  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
23:29:15.0811 0x0974  arcsas - ok
23:29:15.0920 0x0974  [ B29B39713E36AEDC517AEF58321B52D9, 016FFC93CB5BA15E6FA48B3334F69E8D80D0FC9B51B0477B4D4CEE0186303ABC ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
23:29:15.0936 0x0974  aspnet_state - ok
23:29:15.0951 0x0974  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
23:29:16.0014 0x0974  AsyncMac - ok
23:29:16.0029 0x0974  [ C8AA50005E6461D5C2C247DBABBF2008, AD8A3FFCE945E8B9D4A3AECC0FFD6FC0484828502A902712E65F133CB54921E7 ] atapi          C:\Windows\system32\drivers\atapi.sys
23:29:16.0029 0x0974  atapi - ok
23:29:16.0076 0x0974  [ 67C717EC24FCAAE7B518D9E06AD036AB, F08550E4FCEC2899FACEF2A18CEE3D068D5911FFD2FF5534E4921E56FB0AEF59 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:29:16.0107 0x0974  AudioEndpointBuilder - ok
23:29:16.0123 0x0974  [ 67C717EC24FCAAE7B518D9E06AD036AB, F08550E4FCEC2899FACEF2A18CEE3D068D5911FFD2FF5534E4921E56FB0AEF59 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
23:29:16.0139 0x0974  AudioSrv - ok
23:29:16.0217 0x0974  [ D3AD54B05D8BA4535D3361F672F272C3, 29627C98475D062A836469EF1429233E2756B64B5809AD39530C648C73CABF3F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
23:29:16.0248 0x0974  AxInstSV - ok
23:29:16.0279 0x0974  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv        C:\Windows\system32\drivers\bxvbda.sys
23:29:16.0326 0x0974  b06bdrv - ok
23:29:16.0357 0x0974  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
23:29:16.0388 0x0974  b57nd60a - ok
23:29:16.0419 0x0974  [ A121235D24010DCACE05F4907ACF0B26, 4F5F048A30F996B55F62CAAEB553837CC6E3FD4E1093DBADCA9E96E87A2B2C45 ] BDESVC          C:\Windows\System32\bdesvc.dll
23:29:16.0451 0x0974  BDESVC - ok
23:29:16.0466 0x0974  [ B688235B47E8AC299B346692F736A562, C6981AC67C680D2B95B6509D753163D94413261A7931FD60CCAC4F43F28BB9A4 ] Beep            C:\Windows\system32\drivers\Beep.sys
23:29:16.0482 0x0974  Beep - ok
23:29:16.0575 0x0974  [ E3ED6C06462FDDE33100F7E45E8F5213, 71AA528F8912106FDAD83175A7529CF94B5B19093D2C63C25FAC198587286F87 ] BFE            C:\Windows\System32\bfe.dll
23:29:16.0622 0x0974  BFE - ok
23:29:16.0653 0x0974  [ B01E5A72DE3A2B3DC97BA042F90288DF, 33EC152C16E15371DB17AA276C4C2D1E136D57232EA86EA039032561E3C45237 ] BITS            C:\Windows\System32\qmgr.dll
23:29:16.0700 0x0974  BITS - ok
23:29:16.0716 0x0974  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
23:29:16.0731 0x0974  blbdrive - ok
23:29:16.0763 0x0974  [ ABA3984C822E4D3F889699912D85D6C5, 2251FA135CC290DA13DAE4743F393C7CC9E6A737C054707CB8D72C369D1FFACB ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
23:29:16.0809 0x0974  bowser - ok
23:29:16.0825 0x0974  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
23:29:16.0856 0x0974  BrFiltLo - ok
23:29:16.0856 0x0974  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
23:29:16.0887 0x0974  BrFiltUp - ok
23:29:16.0950 0x0974  [ 50CD4AB9E87E9A55A816ACD7FB5740B7, 6816E87FBAA1F43611C9DB822F8F105CACC1A1E9A995D0301B921F8C01D6328E ] Browser        C:\Windows\System32\browser.dll
23:29:16.0997 0x0974  Browser - ok
23:29:17.0028 0x0974  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid        C:\Windows\System32\Drivers\Brserid.sys
23:29:17.0059 0x0974  Brserid - ok
23:29:17.0059 0x0974  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
23:29:17.0090 0x0974  BrSerWdm - ok
23:29:17.0106 0x0974  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
23:29:17.0153 0x0974  BrUsbMdm - ok
23:29:17.0153 0x0974  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
23:29:17.0184 0x0974  BrUsbSer - ok
23:29:17.0184 0x0974  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
23:29:17.0215 0x0974  BTHMODEM - ok
23:29:17.0246 0x0974  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv        C:\Windows\system32\bthserv.dll
23:29:17.0277 0x0974  bthserv - ok
23:29:17.0309 0x0974  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
23:29:17.0340 0x0974  cdfs - ok
23:29:17.0371 0x0974  [ 7200A15FCDDECA736E97D2815A32A54F, 2696A042DFFEFAFBBA57C6464CECF6F2944CABCD70ECF09024347AD4EE12F597 ] cdrom          C:\Windows\system32\drivers\cdrom.sys
23:29:17.0402 0x0974  cdrom - ok
23:29:17.0449 0x0974  [ E37B315C170C8DE43592F416264A6C31, 41109BB6A3681763AB43F9BA8FDA58C1ECBEAD8258B5FF65F95AFA072468984A ] CertPropSvc    C:\Windows\System32\certprop.dll
23:29:17.0465 0x0974  CertPropSvc - ok
23:29:17.0480 0x0974  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
23:29:17.0511 0x0974  circlass - ok
23:29:17.0543 0x0974  [ 570AFE6421B88EFC2484556A33A0C1C9, 8FEEF40EF9061AC34E76F99DE04E5258E646D5CFFBDB86C38D76344D0765D056 ] CLFS            C:\Windows\system32\CLFS.sys
23:29:17.0558 0x0974  CLFS - ok
23:29:17.0621 0x0974  [ 382F277620C6C9FD8B9EED8BB658EBCF, 4414EB13A6C32D05BCD10088AD00E9D77FA697AB89434BF4B00F1FC4CC11FD1E ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:29:17.0636 0x0974  clr_optimization_v2.0.50727_32 - ok
23:29:17.0667 0x0974  [ A465B5783694F4DDBAED960293884713, 5518FA470C8D9C74E9E6DFF4A8EFFDBBA1DF9F2820E550348B91081B9E9032EE ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:29:17.0699 0x0974  clr_optimization_v2.0.50727_64 - ok
23:29:17.0761 0x0974  [ 7761FBD826C16A007D6386FBFB846241, 7E9DD121488C8652F33059EBCA648D2319B9D3328EEA3F2AEBA1BFB90C0805EB ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:29:17.0777 0x0974  clr_optimization_v4.0.30319_32 - ok
23:29:17.0792 0x0974  [ 35F81FD0318AFABFB1956431CFA3EAE5, E4CDF2E9558A237B28194BCB1ADA5E798C484E7B0262DAF1AB94A69F326CC91E ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:29:17.0808 0x0974  clr_optimization_v4.0.30319_64 - ok
23:29:17.0839 0x0974  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
23:29:17.0870 0x0974  CmBatt - ok
23:29:17.0886 0x0974  [ 4B47BBF1744551C2BE1469DAA66C1038, 6B70381FD0602C3A830026ED3CF10496700FD73098019EF51E6C22E95A08ABF1 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
23:29:17.0901 0x0974  cmdide - ok
23:29:18.0011 0x0974  [ A98CED39AD91B445E2E442A9BD67E8B4, B4189DEEF1C0EE22AE983119047B1A40FFDD8F3E163DFFABD7C2706231B0B1B0 ] CNG            C:\Windows\system32\Drivers\cng.sys
23:29:18.0042 0x0974  CNG - ok
23:29:18.0042 0x0974  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
23:29:18.0057 0x0974  Compbatt - ok
23:29:18.0089 0x0974  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
23:29:18.0120 0x0974  CompositeBus - ok
23:29:18.0135 0x0974  COMSysApp - ok
23:29:18.0229 0x0974  [ 00B22584505AA99F00A13A84D12D4209, F15133C4055DF1C79D78F3DFD3B5F436523B85E7CF4ADAF902F6AB459B471009 ] cphs            C:\Windows\SysWow64\IntelCpHeciSvc.exe
23:29:18.0291 0x0974  cphs - ok
23:29:18.0307 0x0974  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk        C:\Windows\system32\drivers\crcdisk.sys
23:29:18.0323 0x0974  crcdisk - ok
23:29:18.0354 0x0974  [ EC0550300E899BD69BDB5937E684D348, 982E5FB213F6DE07F061D4FE201CA69D99572398ED41C953E0B3358C3FD9EBF6 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
23:29:18.0401 0x0974  CryptSvc - ok
23:29:18.0447 0x0974  [ 44C86C4072E894344C551A3A23FAEF1F, 6B06B43C174138C5B81D3319736AC7CBF4DB3EF8455454A43705744EAA50D470 ] CSC            C:\Windows\system32\drivers\csc.sys
23:29:18.0479 0x0974  CSC - ok
23:29:18.0510 0x0974  [ 97CE1455725EB122AEA444164D8F7E26, 9E09515901349E6E44D25214F387A306F01FC793AFD013E45C5DCBF2471D399B ] CscService      C:\Windows\System32\cscsvc.dll
23:29:18.0541 0x0974  CscService - ok
23:29:18.0588 0x0974  [ BA6C9EE518A11DA4AD061B223EBED3D3, 0FDDEF3FFB375712567212BD7D31DA91AB97F8CE0D468C5FC6D4918CDF204B5A ] DcomLaunch      C:\Windows\system32\rpcss.dll
23:29:18.0635 0x0974  DcomLaunch - ok
23:29:18.0666 0x0974  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc      C:\Windows\System32\defragsvc.dll
23:29:18.0697 0x0974  defragsvc - ok
23:29:18.0713 0x0974  [ 7D2D2284833760A82308CF09F7618E8B, A78F9369D4614D305D2F8E3CD2C697107781DD83A695022A192B2D8E1E21A05D ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
23:29:18.0744 0x0974  DfsC - ok
23:29:18.0791 0x0974  [ 85B0455CB0DA3F8D48EA80CA87AF4BAF, E6A830E0F5A6DA0428A51DCE4C3B7BC654485E304913319263CEFC2D7E38D68D ] Dhcp            C:\Windows\system32\dhcpcore.dll
23:29:18.0822 0x0974  Dhcp - ok
23:29:18.0915 0x0974  [ EE9954237F15BE4DD9304D12E4D305ED, F295C9BAF20F0E669B673AFCC16B4969EE31B6A3808980DAB93D9B0F167DA3C0 ] DiagTrack      C:\Windows\system32\diagtrack.dll
23:29:18.0962 0x0974  DiagTrack - ok
23:29:18.0978 0x0974  [ 3322A9E3CD6CD76729CBD1D96C1C3103, D85541CF1F59A21C10C7A8494E2DDB8B4DCBBED49D11D55EC50367650D4206EE ] discache        C:\Windows\system32\drivers\discache.sys
23:29:18.0993 0x0974  discache - ok
23:29:19.0025 0x0974  [ 97659D0CEBCF0DB9C265D3DE1B116ECF, 70F6E01CF86B2CCCFBDC0E11A9AFC5E1C132F3830F8BEB7D003F912BC3C3EAE4 ] Disk            C:\Windows\system32\drivers\disk.sys
23:29:19.0040 0x0974  Disk - ok
23:29:19.0118 0x0974  [ 3AE7155EC3B4AD2CD002C897F5985E60, 0D0766D4261F063EA4754D173A17394C1433ACAE94A65E007B52245E9BA157B0 ] diskpt          C:\Windows\system32\drivers\diskpt.sys
23:29:19.0149 0x0974  diskpt - ok
23:29:19.0181 0x0974  [ 5DB085A8A6600BE6401F2B24EECB5415, 5FC5C7C1B4DB7BF6EFD0992E91DB41FD047E90D1ABA0B8F868CB72557F88FB13 ] dmvsc          C:\Windows\system32\drivers\dmvsc.sys
23:29:19.0196 0x0974  dmvsc - ok
23:29:19.0227 0x0974  [ 358D6EE69EE2BF3C96121B66DA63960D, E17666D2AFFA06E592B373564D6EBE59F922C98E55A3A344FB6E4668B0AF47C6 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
23:29:19.0274 0x0974  Dnscache - ok
23:29:19.0305 0x0974  [ 813E257D6A40EF6BEA4B10ECF1AB65D3, 0A6EA3229907DDF02E90486E66109C1EAE7891ECC68F44A7CE268EAAB7ACDE64 ] dot3svc        C:\Windows\System32\dot3svc.dll
23:29:19.0321 0x0974  dot3svc - ok
23:29:19.0368 0x0974  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS            C:\Windows\system32\dps.dll
23:29:19.0415 0x0974  DPS - ok
23:29:19.0446 0x0974  [ A1A42D99C70331B86B7B574598BDCA3A, DD04DD77CEC4F636CB02A7E9350FA710B079E7F2592003340A6B9394B0E36DCC ] drmkaud        C:\Windows\system32\drivers\drmkaud.sys
23:29:19.0477 0x0974  drmkaud - ok
23:29:19.0571 0x0974  [ 5CEF80AE869336376F550ECAE91E424A, 49152AC35556A5629AE7A4A762FDB2112FAD1C9CDB91E6196172809F74A3149A ] DXGKrnl        C:\Windows\System32\drivers\dxgkrnl.sys
23:29:19.0586 0x0974  DXGKrnl - ok
23:29:19.0633 0x0974  [ 03F4C5C12FC1C69F838DA723475EF650, 7D80623ED1060F904AF85B87620DF8DC153504FABC0E447C1D3A07D0372D7B9F ] e1cexpress      C:\Windows\system32\DRIVERS\e1c62x64.sys
23:29:19.0664 0x0974  e1cexpress - ok
23:29:19.0680 0x0974  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost        C:\Windows\System32\eapsvc.dll
23:29:19.0742 0x0974  EapHost - ok
23:29:19.0836 0x0974  [ 64585B1D85FF7566B99CED303A02F357, 7DE815A3FA7A3B61A3E86766E9959C1F75D1E9796E50BB0138A748156F785837 ] EaseUS Agent    C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
23:29:19.0867 0x0974  EaseUS Agent - detected UnsignedFile.Multi.Generic ( 1 )
23:29:20.0007 0x0974  Detect skipped due to KSN trusted
23:29:20.0007 0x0974  EaseUS Agent - ok
23:29:20.0132 0x0974  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv          C:\Windows\system32\drivers\evbda.sys
23:29:20.0226 0x0974  ebdrv - ok
23:29:20.0257 0x0974  [ A3FFECF43819C7162DF774E43C6C724C, FA75A08C0D523CFB405866D97F6B9DF15D63C59FE8F44C4E7C14220FAC8C22E2 ] EFS            C:\Windows\System32\lsass.exe
23:29:20.0257 0x0974  EFS - ok
23:29:20.0304 0x0974  [ D25D43B9DE6DC54F06C9A608DE332682, 498C3F3D24459A4692A89ABB8C8C4A93C997C5F9E47258FCEDA9733C0917F04E ] ehRecvr        C:\Windows\ehome\ehRecvr.exe
23:29:20.0335 0x0974  ehRecvr - ok
23:29:20.0351 0x0974  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched        C:\Windows\ehome\ehsched.exe
23:29:20.0382 0x0974  ehSched - ok
23:29:20.0413 0x0974  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor        C:\Windows\system32\drivers\elxstor.sys
23:29:20.0429 0x0974  elxstor - ok
23:29:20.0460 0x0974  [ 9002EED07FD7FCFF6B8C5C06B454AC19, 0FCEF7D930316FF267841009DF83F29A7D9CD6ED710128F493EC15EC99D9ACD6 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
23:29:20.0475 0x0974  ErrDev - ok
23:29:20.0538 0x0974  [ BF217BE3DB6907579C13438C6EFE002D, 313BEB15A4A9A516C6C3698736F19768ACA3714FEC9E9BAB6F5A0C99E5E083A6 ] EUBAKUP        C:\Windows\system32\drivers\eubakup.sys
23:29:20.0538 0x0974  EUBAKUP - detected UnsignedFile.Multi.Generic ( 1 )
23:29:20.0678 0x0974  Detect skipped due to KSN trusted
23:29:20.0678 0x0974  EUBAKUP - ok
23:29:20.0709 0x0974  [ 92E3BD1F7D6D29A10929C1F9F7660FC3, 24603D39F1B935A5571A2A4F0CCFBABDA3C9012EAB09549986AF84FF59359494 ] EUBKMON        C:\Windows\system32\drivers\EUBKMON.sys
23:29:20.0725 0x0974  EUBKMON - detected UnsignedFile.Multi.Generic ( 1 )
23:29:20.0881 0x0974  Detect skipped due to KSN trusted
23:29:20.0881 0x0974  EUBKMON - ok
23:29:20.0881 0x0974  [ D17446353E4FEE5B7D710610E8B18AC4, C345D6D4F06886FA9889E6151ACF868CAF7780AA6258DFA07E4D4D23F0E57050 ] EUDSKACS        C:\Windows\system32\drivers\eudskacs.sys
23:29:20.0912 0x0974  EUDSKACS - detected UnsignedFile.Multi.Generic ( 1 )
23:29:21.0053 0x0974  Detect skipped due to KSN trusted
23:29:21.0053 0x0974  EUDSKACS - ok
23:29:21.0084 0x0974  [ 8AD925DA2E4BCD1A6E657A7248CCDED2, EB8A578960E8A7D5E3D585C4C62105EE4E1462F15E219A3E37FF3157908ED23A ] EUFDDISK        C:\Windows\system32\drivers\EuFdDisk.sys
23:29:21.0115 0x0974  EUFDDISK - detected UnsignedFile.Multi.Generic ( 1 )
23:29:21.0255 0x0974  Detect skipped due to KSN trusted
23:29:21.0255 0x0974  EUFDDISK - ok
23:29:21.0287 0x0974  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem    C:\Windows\system32\es.dll
23:29:21.0333 0x0974  EventSystem - ok
23:29:21.0380 0x0974  [ 7E45F8B117419ABA3BB26579F6E70324, 03FE86519860153E1BE571F10ACC9BA58FFB5A661C5C3EBDF3B77973BCD96C84 ] exfat          C:\Windows\system32\drivers\exfat.sys
23:29:21.0396 0x0974  exfat - ok
23:29:21.0411 0x0974  [ 6EDFA237D25433C03F42FBFDB16BDD24, A30F89A40F7AFC475D3C2D3591FB9AFC06AE3FEBC915FDCB24ED77946FBA4E2C ] fastfat        C:\Windows\system32\drivers\fastfat.sys
23:29:21.0427 0x0974  fastfat - ok
23:29:21.0474 0x0974  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax            C:\Windows\system32\fxssvc.exe
23:29:21.0505 0x0974  Fax - ok
23:29:21.0521 0x0974  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc            C:\Windows\system32\drivers\fdc.sys
23:29:21.0552 0x0974  fdc - ok
23:29:21.0567 0x0974  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost        C:\Windows\system32\fdPHost.dll
23:29:21.0645 0x0974  fdPHost - ok
23:29:21.0661 0x0974  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
23:29:21.0708 0x0974  FDResPub - ok
23:29:21.0739 0x0974  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
23:29:21.0739 0x0974  FileInfo - ok
23:29:21.0755 0x0974  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace      C:\Windows\system32\drivers\filetrace.sys
23:29:21.0786 0x0974  Filetrace - ok
23:29:21.0786 0x0974  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
23:29:21.0801 0x0974  flpydisk - ok
23:29:21.0833 0x0974  [ DC591A7A196E99EFB5A48D708CB989FD, 1C34C0A4AEEE977D290EF5E79C3B13B1F1F18E051F49815013D360F62458D82A ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
23:29:21.0864 0x0974  FltMgr - ok
23:29:21.0942 0x0974  [ 785F474FB5E67E448E1931C98E8D0ABC, 911697D580CBF508A6F4A52D4F95A6976CF9A0EC3549076A8D0B5C8BD947C989 ] FontCache      C:\Windows\system32\FntCache.dll
23:29:21.0973 0x0974  FontCache - ok
23:29:22.0020 0x0974  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:29:22.0051 0x0974  FontCache3.0.0.0 - ok
23:29:22.0098 0x0974  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends      C:\Windows\system32\drivers\FsDepends.sys
23:29:22.0098 0x0974  FsDepends - ok
23:29:22.0145 0x0974  [ EC4F611CEB6B65672EEF06928C2CEB8C, 1DA5FEE52A85AEC36476CB00064451CF8550B39DE4FCC0820AE74FDB1F10BF28 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
23:29:22.0160 0x0974  Fs_Rec - ok
23:29:22.0207 0x0974  [ 21B39456D89EE661F20F08082292DC9F, B866F33A5649DC004E56D3378FC831684EDC60437A0A3C3C98003EC39786EDD0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
23:29:22.0223 0x0974  fvevol - ok
23:29:22.0254 0x0974  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
23:29:22.0269 0x0974  gagp30kx - ok
23:29:22.0332 0x0974  [ E4AE497857409127ED57562AF913A903, 262ADD713B1FBF6200550967D1F8635B55D01BBD8FA2E753536E71A4EC87867B ] gpsvc          C:\Windows\System32\gpsvc.dll
23:29:22.0379 0x0974  gpsvc - ok
23:29:22.0410 0x0974  [ A6A4223573CFCF87843CFCB3A9C237C7, EFF78F1C6F709649F54511B233D24744D197A05865C4189BA0B6F57CB73564A0 ] Guard Agent    C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe
23:29:22.0425 0x0974  Guard Agent - detected UnsignedFile.Multi.Generic ( 1 )
23:29:22.0550 0x0974  Detect skipped due to KSN trusted
23:29:22.0550 0x0974  Guard Agent - ok
23:29:22.0613 0x0974  [ 605CCC9CE1839BC5583017DF7CAE27A6, F1F67830FC3531DFBDAF5315F59422438AB9F243D89491AC75D1818E7ED98B5D ] gupdate        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:29:22.0644 0x0974  gupdate - detected UnsignedFile.Multi.Generic ( 1 )
23:29:22.0784 0x0974  Detect skipped due to KSN trusted
23:29:22.0800 0x0974  gupdate - ok
23:29:22.0815 0x0974  [ 605CCC9CE1839BC5583017DF7CAE27A6, F1F67830FC3531DFBDAF5315F59422438AB9F243D89491AC75D1818E7ED98B5D ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:29:22.0831 0x0974  gupdatem - detected UnsignedFile.Multi.Generic ( 1 )
23:29:22.0831 0x0974  Detect skipped due to KSN trusted
23:29:22.0831 0x0974  gupdatem - ok
23:29:22.0862 0x0974  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
23:29:22.0893 0x0974  hcw85cir - ok
23:29:22.0940 0x0974  [ 345AC81C44BC37685725D78CB641F28F, BAC680DBF6A43DF48ADBEDEB128DC2B7D69AF4257619C0D70ED750A6615758E4 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:29:22.0971 0x0974  HdAudAddService - ok
23:29:23.0003 0x0974  [ 45DAAFD1056B8942C5038EFFD285658D, 5529F911F71A38614DCF7194E799DF79E846F87048099BCE9CB2C7DD96E9469E ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
23:29:23.0018 0x0974  HDAudBus - ok
23:29:23.0018 0x0974  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt        C:\Windows\system32\drivers\HidBatt.sys
23:29:23.0049 0x0974  HidBatt - ok
23:29:23.0065 0x0974  [ 387C19A65ECADEB9D27E80F27D882FCF, E389ACA137C5EA7021CDB8488E85D0055A41153D68A481216585C3579FE63932 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
23:29:23.0081 0x0974  HidBth - ok
23:29:23.0112 0x0974  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr          C:\Windows\system32\drivers\hidir.sys
23:29:23.0143 0x0974  HidIr - ok
23:29:23.0174 0x0974  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv        C:\Windows\system32\hidserv.dll
23:29:23.0221 0x0974  hidserv - ok
23:29:23.0252 0x0974  [ 6F5E5CC271EB0C17688D892A3D4B83F6, 4CFF9821099DCD377AC4E2EC45BAB7007C144DCF72F260AC841D0211E212792F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
23:29:23.0268 0x0974  HidUsb - ok
23:29:23.0299 0x0974  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
23:29:23.0330 0x0974  hkmsvc - ok
23:29:23.0346 0x0974  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
23:29:23.0361 0x0974  HomeGroupListener - ok
23:29:23.0377 0x0974  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
23:29:23.0408 0x0974  HomeGroupProvider - ok
23:29:23.0455 0x0974  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
23:29:23.0455 0x0974  HpSAMD - ok
23:29:23.0595 0x0974  [ 93C367EA831FB39DEE3BA96539A187FB, 8B912152CA8B89B4429278F93163481BAA07E2D940EE61CE1B7AD178AB13E105 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
23:29:23.0627 0x0974  HTTP - ok
23:29:23.0658 0x0974  [ BC2A060F09418D1C52AADA2C961620A0, A9E4900AF173BE749B3B0C09BF29126CDA576B29CC23606A4C56F4B3670A79CA ] HWiNFO          C:\Windows\system32\drivers\HWiNFO64A.SYS
23:29:23.0689 0x0974  HWiNFO - ok
23:29:23.0705 0x0974  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
23:29:23.0705 0x0974  hwpolicy - ok
23:29:23.0736 0x0974  [ 55CCD3E5E4DA18FCF0598F42249D47DF, 9F1EF7E8A1E80C7EEFE60B1F93E42C58B8C5C110F026442DEFC0EE3A1D0EAC0E ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
23:29:23.0767 0x0974  i8042prt - ok
23:29:23.0798 0x0974  [ 58A8CCA18210A9096B626B08EACC0B28, FF01194265CE1E2C14D0DF44FEFF32574092376B263C9A9871BB4F04531D017E ] iaStorV        C:\Windows\system32\drivers\iaStorV.sys
23:29:23.0829 0x0974  iaStorV - ok
23:29:23.0876 0x0974  [ 83FF82FE209E7997067B375DAD6CF23D, E312DD068E51DBF96A8232D7D1C9F158652FDA23649655F1102928B320795091 ] ICCS            C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
23:29:23.0892 0x0974  ICCS - ok
23:29:23.0970 0x0974  [ 0845EA9630319721B01E49E0A659E109, D4ACF05337E4ED5699124893443092C7969F38FC9A5C72AE185D01950BAC99DF ] idsvc          C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:29:24.0001 0x0974  idsvc - ok
23:29:24.0032 0x0974  IEEtwCollectorService - ok
23:29:24.0188 0x0974  [ 6AD680D27A4EB39FE2839310FDC7F86D, 40DAA3A6B479FF2A24C6A8B78FC65F7D1E8E44072204AFF64A70CEA0E55CB813 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
23:29:24.0875 0x0974  igfx - ok
23:29:24.0906 0x0974  [ F2C9250B57B5AE73A90A297AF6310D90, 1AB2BCCC136C5953B1EEA9618328A6277E7B6BEE25435325EC2B5742C3C42C6F ] igfxCUIService1.0.0.0 C:\Windows\system32\igfxCUIService.exe
23:29:24.0937 0x0974  igfxCUIService1.0.0.0 - ok
23:29:24.0968 0x0974  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp          C:\Windows\system32\drivers\iirsp.sys
23:29:24.0968 0x0974  iirsp - ok
23:29:25.0015 0x0974  [ 25AF7D5C819F19D7C97F4A9607F2609A, 70142B97F1087E20758AFECF5A7AB2EC1FDBBF68019A3BEC6C49F168650FEFC8 ] IKEEXT          C:\Windows\System32\ikeext.dll
23:29:25.0046 0x0974  IKEEXT - ok
23:29:25.0109 0x0974  [ 87871AB7AC797F922A6F3D4C874CED96, 2BCD89911E42827CD294DD7D1486A7845D1F98019E51958E0F488384401B2944 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
23:29:25.0155 0x0974  IntcDAud - ok
23:29:25.0202 0x0974  [ 4A9EB8AC8959C580ADCADDBDBBEBE033, F7386FB51D4A2138A3BA0B76FE0FB6D0F6DF8AC4837345FCBD51308863D46D01 ] Intel(R) PROSet Monitoring Service C:\Windows\system32\IProsetMonitor.exe
23:29:25.0218 0x0974  Intel(R) PROSet Monitoring Service - ok
23:29:25.0233 0x0974  [ 74D9B6BDA6F9CDAF7E19F5A33B63EBC9, 2304AE8ED2FCBD550B83E74795E8CBEDDE45CE99E7C506E0AF4CB39A77FC6C18 ] intelide        C:\Windows\system32\drivers\intelide.sys
23:29:25.0249 0x0974  intelide - ok
23:29:25.0280 0x0974  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
23:29:25.0296 0x0974  intelppm - ok
23:29:25.0327 0x0974  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum      C:\Windows\system32\ipbusenum.dll
23:29:25.0358 0x0974  IPBusEnum - ok
23:29:25.0374 0x0974  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:29:25.0405 0x0974  IpFilterDriver - ok
23:29:25.0452 0x0974  [ 83185D9DB2C3944B296531B95FAB49FE, B570B4777AEE924A4C075692748843BC65C3479BC07E4B7856883B5E9604F364 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
23:29:25.0483 0x0974  iphlpsvc - ok
23:29:25.0514 0x0974  [ 63C9FB04EECFA385BC092D9B41E85990, 2B25E9586A635894E02A81097D9ABF53942A5A19A96AC71E1FD56573E5E69A76 ] IPMIDRV        C:\Windows\system32\drivers\IPMIDrv.sys
23:29:25.0530 0x0974  IPMIDRV - ok
23:29:25.0561 0x0974  [ 9774AA4661A30E0ADCEA48B5A1B9F4B7, 7D1697A93FFF1C0F77D29A6D609623AC895420CCCD3C81BBD0105C0F2E52E143 ] IPNAT          C:\Windows\system32\drivers\ipnat.sys
23:29:25.0577 0x0974  IPNAT - ok
23:29:25.0608 0x0974  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
23:29:25.0623 0x0974  IRENUM - ok
23:29:25.0655 0x0974  [ 905E9D664F38B93B53FA05422165F5B5, 5B0D8869C73836378C234FAA407DE047F5F638D3E872B246A1AC74BE44BBD7DD ] isapnp          C:\Windows\system32\drivers\isapnp.sys
23:29:25.0655 0x0974  isapnp - ok
23:29:25.0686 0x0974  [ 7A9C4A7DAE277FC177D60E4C75164763, 53DFE03F97912676BB31F3B84CD34A404696C3B8BCDB5D6BFFAFEB6B535BB4C0 ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
23:29:25.0686 0x0974  iScsiPrt - ok
23:29:25.0717 0x0974  [ C3CEAAF93C02A205B0712DEF98BAE544, DEAB391D0A8C454F2423D37D7DAA77B3DAA04F7B50DD76867FD4CD797A5874FB ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
23:29:25.0717 0x0974  kbdclass - ok
23:29:25.0733 0x0974  [ 73DD773AC3F96B229AF7C6BB0D9009FE, 5DDEC781A3A31B764D02DEE234CAAFE386F90A7284A6B09B13B081195E784631 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
23:29:25.0748 0x0974  kbdhid - ok
23:29:25.0764 0x0974  [ A3FFECF43819C7162DF774E43C6C724C, FA75A08C0D523CFB405866D97F6B9DF15D63C59FE8F44C4E7C14220FAC8C22E2 ] KeyIso          C:\Windows\system32\lsass.exe
23:29:25.0779 0x0974  KeyIso - ok
23:29:25.0811 0x0974  [ 3AD32A7492566426ACE83DAE4F2B8E47, 73246F37F3BA740C727DD82B5D85731EAA067E2F6221749FBC0A0087F0E191BE ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
23:29:25.0811 0x0974  KSecDD - ok
23:29:25.0842 0x0974  [ DD0240A36E1CE9F1600D2A4ADF540AB2, 939429D9FB75EA2CDD4E835023D3D854FFBE2B5F260C7534EF8592C79FFC4963 ] KSecPkg        C:\Windows\system32\Drivers\ksecpkg.sys
23:29:25.0857 0x0974  KSecPkg - ok
23:29:25.0857 0x0974  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk        C:\Windows\system32\drivers\ksthunk.sys
23:29:25.0889 0x0974  ksthunk - ok
23:29:25.0920 0x0974  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm          C:\Windows\system32\msdtckrm.dll
23:29:25.0951 0x0974  KtmRm - ok
23:29:25.0998 0x0974  [ 119AE0B67CEE5F761304DFCA3C8EE1B5, 0EDED6FA4ACFD86281B9F05D375261286363C52AA38C86089B50CA0C586BF910 ] LanmanServer    C:\Windows\system32\srvsvc.dll
23:29:26.0013 0x0974  LanmanServer - ok
23:29:26.0029 0x0974  [ 3B86086F7362872AB55983FE225F9E5E, 88092F7C2F21116C01983748AA24BA01CA1402E50F8AD952E40E6662EC73CE78 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:29:26.0045 0x0974  LanmanWorkstation - ok
23:29:26.0076 0x0974  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
23:29:26.0107 0x0974  lltdio - ok
23:29:26.0123 0x0974  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc        C:\Windows\System32\lltdsvc.dll
23:29:26.0169 0x0974  lltdsvc - ok
23:29:26.0185 0x0974  [ 15BAC3E8DC159C701671F3C9D9F86D7F, 750F60062C81B7860292EE9BF47272265E1562B80635B83003B6BD82B624A87A ] lmhosts        C:\Windows\System32\lmhsvc.dll
23:29:26.0201 0x0974  lmhosts - ok
23:29:26.0232 0x0974  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
23:29:26.0232 0x0974  LSI_FC - ok
23:29:26.0247 0x0974  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS        C:\Windows\system32\drivers\lsi_sas.sys
23:29:26.0263 0x0974  LSI_SAS - ok
23:29:26.0263 0x0974  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
23:29:26.0263 0x0974  LSI_SAS2 - ok
23:29:26.0279 0x0974  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
23:29:26.0294 0x0974  LSI_SCSI - ok
23:29:26.0310 0x0974  [ 5416CEB2916BBE635288C4D1075B045E, BEFF99052206C0D774CFFF14AC3305C397726B289B17666C2AD2706C261F2FF0 ] luafv          C:\Windows\system32\drivers\luafv.sys
23:29:26.0325 0x0974  luafv - ok
23:29:26.0388 0x0974  [ 24C3F7C13C2490BFE9CD6AC40B9EAA5E, CE9D5EF18CE74EEEB404E56ECD36CAE87C8E66CCA1C01F31E6823A6BB61E65F1 ] mbamchameleon  C:\Windows\system32\drivers\mbamchameleon.sys
23:29:26.0403 0x0974  mbamchameleon - ok
23:29:26.0435 0x0974  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc        C:\Windows\system32\Mcx2Svc.dll
23:29:26.0435 0x0974  Mcx2Svc - ok
23:29:26.0450 0x0974  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas        C:\Windows\system32\drivers\megasas.sys
23:29:26.0450 0x0974  megasas - ok
23:29:26.0466 0x0974  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
23:29:26.0481 0x0974  MegaSR - ok
23:29:26.0497 0x0974  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS          C:\Windows\system32\mmcss.dll
23:29:26.0528 0x0974  MMCSS - ok
23:29:26.0544 0x0974  [ DFDA7308112839CE14D5F2C92B62607A, 098833170511DE6F65CCDD6A9EC38B01961A3627528467D92504EA7FAEFE480D ] Modem          C:\Windows\system32\drivers\modem.sys
23:29:26.0559 0x0974  Modem - ok
23:29:26.0591 0x0974  [ 419D67778CA8B7DFFB39DF3FCE3EE351, 6E6AEECA191DAC838EB2DC8BC341E37F3E4F28458E85E7E1A87174D57E4DCF34 ] monitor        C:\Windows\system32\drivers\monitor.sys
23:29:26.0606 0x0974  monitor - ok
23:29:26.0637 0x0974  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
23:29:26.0653 0x0974  mouclass - ok
23:29:26.0684 0x0974  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
23:29:26.0715 0x0974  mouhid - ok
23:29:26.0747 0x0974  [ 072D8646E23ECF8A3F5F0157017B4DB6, EBFB1459ECC5AF94C94FB49CEBC724542612680F0777E24B5AA6E062C0EE5D94 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
23:29:26.0762 0x0974  mountmgr - ok
23:29:26.0778 0x0974  [ AE8932E3B623A75B547F8CB71D70C469, DDF5B8FB3080E0EF1F2970B8F02314F9F16A7E275D53AC81518B272F18D4E317 ] mpio            C:\Windows\system32\drivers\mpio.sys
23:29:26.0793 0x0974  mpio - ok
23:29:26.0793 0x0974  [ 6D9BB8B53394B62540A3971FCE2BE8DB, C1942B2F3C6A4282FE39FCE5DCF46FA446D4F086F2F9ABDED9A4163A83A253B8 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
23:29:26.0825 0x0974  mpsdrv - ok
23:29:26.0871 0x0974  [ 92B4079384B8BE97AEE3CA8B43E0AAEB, 0AB87851F91274DDB19E21052E1D66FF76BA031D39A716EB4242BC5C0AC4ADB7 ] MpsSvc          C:\Windows\system32\mpssvc.dll
23:29:26.0918 0x0974  MpsSvc - ok
23:29:26.0949 0x0974  [ 98DB1790F0A584E0A2528B92B052417F, 9AA04CA73AFE599810CD233B9CEC212E16D44DCEDF5C7D0181C7257F498068B5 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
23:29:26.0949 0x0974  MRxDAV - ok
23:29:26.0981 0x0974  [ 441EF1EAAB2C3D72C008E0E04B6893ED, 0D635C510155988839D38227E7AF55679657DA33A2B3917DA0F68400180F7F5E ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
23:29:26.0996 0x0974  mrxsmb - ok
23:29:27.0043 0x0974  [ F66F7BB60A5C877C5BF67295E972D5D1, 6D6A25E81EEC7BEAEAD5E216049898062CCAFB4C7719B83CB34113BFE0B4075D ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:29:27.0090 0x0974  mrxsmb10 - ok
23:29:27.0152 0x0974  [ 118CBEA1AEFA2A976623F13BFC8A8B05, 74AA21854A664AD60BFB478546D152ECE729D193FAA179054D1A37C5B3F716C2 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:29:27.0183 0x0974  mrxsmb20 - ok
23:29:27.0215 0x0974  [ 0C7033B1EF362F6C1F74E3E41B2306B8, 81EA18896C56FE3057CEF48F4555832CFF72A85E36234819F2401736195E96D1 ] msahci          C:\Windows\system32\drivers\msahci.sys
23:29:27.0215 0x0974  msahci - ok
23:29:27.0246 0x0974  [ A75ADF411CF22D1C57AE40773BE51CDC, 9A210238AF65EC488431DD2A9A63B66F8619289162051489312F28960F67CDAD ] msdsm          C:\Windows\system32\drivers\msdsm.sys
23:29:27.0246 0x0974  msdsm - ok
23:29:27.0261 0x0974  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC          C:\Windows\System32\msdtc.exe
23:29:27.0293 0x0974  MSDTC - ok
23:29:27.0308 0x0974  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
23:29:27.0339 0x0974  Msfs - ok
23:29:27.0339 0x0974  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf      C:\Windows\System32\drivers\mshidkmdf.sys
23:29:27.0371 0x0974  mshidkmdf - ok
23:29:27.0402 0x0974  [ 6FE3DBEEA730A857CA3DF603B7DEADA2, CFB2F88799BD8D4D6B435C88B0B12D6E3EE83428B8EBE4C9DAACE25F03E7EABB ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
23:29:27.0402 0x0974  msisadrv - ok
23:29:27.0433 0x0974  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI        C:\Windows\system32\iscsiexe.dll
23:29:27.0464 0x0974  MSiSCSI - ok
23:29:27.0464 0x0974  msiserver - ok
23:29:27.0480 0x0974  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV        C:\Windows\system32\drivers\MSKSSRV.sys
23:29:27.0511 0x0974  MSKSSRV - ok
23:29:27.0511 0x0974  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
23:29:27.0542 0x0974  MSPCLOCK - ok
23:29:27.0542 0x0974  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM          C:\Windows\system32\drivers\MSPQM.sys
23:29:27.0573 0x0974  MSPQM - ok
23:29:27.0589 0x0974  [ 94275393BB85D1E2B74BFEFEC386B4A0, D1E8B2AFB5B0E0B4670887F15A4EDFF88B1C91AF052B2C687590AF05AC560C18 ] MsRPC          C:\Windows\system32\drivers\MsRPC.sys
23:29:27.0605 0x0974  MsRPC - ok
23:29:27.0620 0x0974  [ 1FC0BF25FFCB9F751BCBC6C6AC577078, D48313C4A3E711F3E2AFEC87E3C78B9230A96438CEC92857F8B454E2D1602E84 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
23:29:27.0620 0x0974  mssmbios - ok
23:29:27.0636 0x0974  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE          C:\Windows\system32\drivers\MSTEE.sys
23:29:27.0667 0x0974  MSTEE - ok
23:29:27.0667 0x0974  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
23:29:27.0698 0x0974  MTConfig - ok
23:29:27.0714 0x0974  [ ADF51F0215E71361B35FA2C5D3F49D66, A4065BE1BB0C9F8B012CAC840DB951F4AB10DAB08B771BC277136FCAFF939A7B ] Mup            C:\Windows\system32\Drivers\mup.sys
23:29:27.0714 0x0974  Mup - ok
23:29:27.0745 0x0974  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
23:29:27.0776 0x0974  napagent - ok
23:29:27.0807 0x0974  [ 9FB2A095B1166CB3C9A06651863B3452, 808105C59C2D28C390FDE0CA48690A5CD052DE3D7F7327864EB45F80187D5BE9 ] NativeWifiP    C:\Windows\system32\DRIVERS\nwifi.sys
23:29:27.0839 0x0974  NativeWifiP - ok
23:29:27.0885 0x0974  [ 261F27367EB6EA6478B940811F0A6F03, C5924B8B00E93DA9B8B1DBAA05A4D53BB1720C2FFA9B3EDA63CB20A64F59808B ] NDIS            C:\Windows\system32\drivers\ndis.sys
23:29:27.0917 0x0974  NDIS - ok
23:29:27.0948 0x0974  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap        C:\Windows\system32\DRIVERS\ndiscap.sys
23:29:27.0979 0x0974  NdisCap - ok
23:29:28.0026 0x0974  [ 3F217F77899654833B650ED6A1372BE4, BB351A685D8F05E8066716F7346D28F950FB263D6C4F6957D908EA602FFF0681 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
23:29:28.0057 0x0974  NdisTapi - ok
23:29:28.0088 0x0974  [ A17CC85238E2D08E0C44A8FE3DC3B192, 8823B58F111991ACC95A4BAADC8E0033A2EE334056C07B989FEC2499567F599A ] Ndisuio        C:\Windows\system32\DRIVERS\ndisuio.sys
23:29:28.0119 0x0974  Ndisuio - ok
23:29:28.0135 0x0974  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan        C:\Windows\system32\DRIVERS\ndiswan.sys
23:29:28.0182 0x0974  NdisWan - ok
23:29:28.0182 0x0974  [ E46AF308E96F7730F59B0F250A884CD6, F5D00B950AAE1F38E295385C934FDC6C24608E65A8357317AE889947A2FE2BDC ] NDProxy        C:\Windows\system32\drivers\NDProxy.sys
23:29:28.0197 0x0974  NDProxy - ok
23:29:28.0229 0x0974  [ 2E19EB10185992AB08BC3688AACA4CE2, D9E3A5CFE8887B7F66239000116723FAA119107870A6FB65FD6F108CE5C9D9EB ] NetBIOS        C:\Windows\system32\DRIVERS\netbios.sys
23:29:28.0244 0x0974  NetBIOS - ok
23:29:28.0291 0x0974  [ 734837208CAFD6E0959A7A0333C95C9D, 0B7CD6E3CE43ABE021DBE6516492E326265EC0273F2F4297187CE70602CB8CE1 ] NetBT          C:\Windows\system32\DRIVERS\netbt.sys
23:29:28.0322 0x0974  NetBT - ok
23:29:28.0338 0x0974  [ A3FFECF43819C7162DF774E43C6C724C, FA75A08C0D523CFB405866D97F6B9DF15D63C59FE8F44C4E7C14220FAC8C22E2 ] Netlogon        C:\Windows\system32\lsass.exe
23:29:28.0353 0x0974  Netlogon - ok
23:29:28.0369 0x0974  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
23:29:28.0416 0x0974  Netman - ok
23:29:28.0494 0x0974  [ 51CD641EFF20C9FFBA2C0F72C269795E, ADA16CBCF4C915EDE7BB57C5B6562077918380C55D9E967B87421A24BD43DDE7 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:29:28.0509 0x0974  NetMsmqActivator - ok
23:29:28.0525 0x0974  [ 51CD641EFF20C9FFBA2C0F72C269795E, ADA16CBCF4C915EDE7BB57C5B6562077918380C55D9E967B87421A24BD43DDE7 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:29:28.0541 0x0974  NetPipeActivator - ok
23:29:28.0556 0x0974  [ 66439DA1B5658290E15EC0A8DA95F71B, C00361B01EBC3903EC4DD0F0DC9888BB0723C92902D785A9BAD7CC9D521E31DA ] netprofm        C:\Windows\System32\netprofm.dll
23:29:28.0587 0x0974  netprofm - ok
23:29:28.0603 0x0974  [ 51CD641EFF20C9FFBA2C0F72C269795E, ADA16CBCF4C915EDE7BB57C5B6562077918380C55D9E967B87421A24BD43DDE7 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:29:28.0603 0x0974  NetTcpActivator - ok
23:29:28.0619 0x0974  [ 51CD641EFF20C9FFBA2C0F72C269795E, ADA16CBCF4C915EDE7BB57C5B6562077918380C55D9E967B87421A24BD43DDE7 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:29:28.0619 0x0974  NetTcpPortSharing - ok
23:29:28.0650 0x0974  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960        C:\Windows\system32\drivers\nfrd960.sys
23:29:28.0665 0x0974  nfrd960 - ok
23:29:28.0697 0x0974  [ 93DEDBE8E24F31962755E6AA4AC2D7B0, 368B3F48F230514F496CE24339EC8943A87A6BB9815912AE192B73837AB3E3B7 ] NlaSvc          C:\Windows\System32\nlasvc.dll
23:29:28.0712 0x0974  NlaSvc - ok
23:29:28.0728 0x0974  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
23:29:28.0759 0x0974  Npfs - ok
23:29:28.0775 0x0974  [ 668B9EFF5CCA4542F435D2CD9CE3C778, 7409EF35D1DC0DE2BAB752694981FFA1F1855C7F11310366B80BD1EC3513262E ] nsi            C:\Windows\system32\nsisvc.dll
23:29:28.0790 0x0974  nsi - ok
23:29:28.0806 0x0974  [ BE313E566EEA2A4B7F9AAC9782A567D4, 377C624737B1A4FBC1DFF988F029B8ED9A368827C33A4FEEBA1B7937A87C2B47 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
23:29:28.0837 0x0974  nsiproxy - ok
23:29:28.0915 0x0974  [ A97B92D11270695B15C3663BCCB737D3, 3C5AF4C85A3121359C9E8BB66CC10ECDA48766C765E1D83D107D5DF21BE24756 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
23:29:28.0962 0x0974  Ntfs - ok
23:29:28.0977 0x0974  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
23:29:29.0009 0x0974  Null - ok
23:29:29.0040 0x0974  [ C58189F39002E5E483C0B8BF728E8343, E86730A549F5F35B97109B16A84C32DCD51AC6379D911C1B7379AF449C76FA11 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
23:29:29.0055 0x0974  nvraid - ok
23:29:29.0055 0x0974  [ 77497B64AEAC221A081D2EE7C80B1CF4, 9C887206C24AD2BB276D2F21DCD882F824DF4A9D38731C20B12DAD392F623122 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
23:29:29.0071 0x0974  nvstor - ok
23:29:29.0102 0x0974  [ 7425A6B64F5D37D0565F2581B886E5E3, 877095624C4EAE13A5814117EEEF515842FFF77C9823DA83BC01FA6B8D9E8A6B ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
23:29:29.0102 0x0974  nv_agp - ok
23:29:29.0118 0x0974  [ C1E10246E2F0436D0AFD147E8F28391F, 740488612F06A0876A7347D90C9D0EB01204F68AB1F5DD9ED579533BA8DAED6B ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
23:29:29.0149 0x0974  ohci1394 - ok
23:29:29.0165 0x0974  [ 64FB16C5849444F0CFD403C83D9579A1, CDF3730453C9D469140F88BAC41181DD8AA2C7B2432961826E2379F2535F5293 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
23:29:29.0196 0x0974  p2pimsvc - ok
23:29:29.0211 0x0974  [ 79DB2B358BF0B152F15D1C5A525233BD, 374D9E8D7FBBC3EB14BDC651378120FCB075A36404F1E76A3F291F89CD5C3362 ] p2psvc          C:\Windows\system32\p2psvc.dll
23:29:29.0243 0x0974  p2psvc - ok
23:29:29.0243 0x0974  [ 0E75370C05A7AB23E3B05840BA9E1935, F1C77B265A8DDB966A69434484D5AC90987B72C43EAC87E6C6A7EE7704537915 ] Parport        C:\Windows\system32\drivers\parport.sys
23:29:29.0258 0x0974  Parport - ok
23:29:29.0274 0x0974  [ B38E9BF9A0A43B0E84731CE83541D710, 759DB5086A2966B506B0A22583C60FCCEEFEEE760CA734A65BEC129509F1EAA4 ] partmgr        C:\Windows\system32\drivers\partmgr.sys
23:29:29.0274 0x0974  partmgr - ok
23:29:29.0305 0x0974  [ 3CD83692C43D87088E85E3C916146FFB, 9E812535E8FBA045FDA30F68E9EB2031132C37721D542A2DC9D4C33E2B137FCF ] PcaSvc          C:\Windows\System32\pcasvc.dll
23:29:29.0336 0x0974  PcaSvc - ok
23:29:29.0352 0x0974  [ 481DADB90C1D4E9F19328079C7A9E63D, DA8946D89F0D59F2A17512B9029EB17B2909CF99B70CF4BA7258012E95008ABD ] pci            C:\Windows\system32\drivers\pci.sys
23:29:29.0367 0x0974  pci - ok
23:29:29.0367 0x0974  [ 7D7E0DC331C675B35627B9E2C4ED1B4B, D7898C6638B9DF29DA7614A1EA10CFC4A9095813665275DC91010A56D2D89209 ] pciide          C:\Windows\system32\drivers\pciide.sys
23:29:29.0383 0x0974  pciide - ok
23:29:29.0399 0x0974  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
23:29:29.0414 0x0974  pcmcia - ok
23:29:29.0430 0x0974  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw            C:\Windows\system32\drivers\pcw.sys
23:29:29.0445 0x0974  pcw - ok
23:29:29.0477 0x0974  [ EA4D67448BE493D543F1730D6CD04694, 24717C5E41B7CA522F3330EF2228B6685E710A5259396E9887A1C1E7A413F8CA ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
23:29:29.0492 0x0974  PEAUTH - ok
23:29:29.0586 0x0974  [ C59E17D5E30972ECA28A72004795AEA7, 24CE4698F578BB6BE51101BA083C5E4A6A1AA449439C125BA3E5793E54260525 ] PeerDistSvc    C:\Windows\system32\peerdistsvc.dll
23:29:29.0633 0x0974  PeerDistSvc - ok
23:29:29.0695 0x0974  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
23:29:29.0726 0x0974  PerfHost - ok
23:29:29.0804 0x0974  [ BC5F8C5C7ACCD0B884FCB8B67616F537, 5C99E9D7E7095CED52B1F5F4A569E54F124602C573DD2B25731E0D57FDA22A27 ] pla            C:\Windows\system32\pla.dll
23:29:29.0867 0x0974  pla - ok
23:29:29.0929 0x0974  [ 9AB25C0B739B432819F0D141BEB3B38A, 354AEB215643B49FB729789BBDB9037B6FA10A538AF1262D882972952D651004 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
23:29:29.0976 0x0974  PlugPlay - ok
23:29:30.0007 0x0974  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg    C:\Windows\system32\pnrpauto.dll
23:29:30.0023 0x0974  PNRPAutoReg - ok
23:29:30.0038 0x0974  [ 64FB16C5849444F0CFD403C83D9579A1, CDF3730453C9D469140F88BAC41181DD8AA2C7B2432961826E2379F2535F5293 ] PNRPsvc        C:\Windows\system32\pnrpsvc.dll
23:29:30.0054 0x0974  PNRPsvc - ok
23:29:30.0085 0x0974  [ 80D6B0563ED2BF10656B1D4748331082, B7E6B5E1148B7EE537E8D5C3A65450876B61CD45A395267D08699746E98AD574 ] PolicyAgent    C:\Windows\System32\ipsecsvc.dll
23:29:30.0101 0x0974  PolicyAgent - ok
23:29:30.0132 0x0974  [ 94A61BDF895925BAD2A36417E3FBF706, 22F3ABC273C66B64D0C0353B388902368307415E8EBA488DA6C6C1E1330E3D0C ] Power          C:\Windows\system32\umpo.dll
23:29:30.0147 0x0974  Power - ok
23:29:30.0179 0x0974  [ 0E13F3D32ED2C76B3485294E43040738, 8CCEEC4D2B5F41704A0393AF299811B305B140C944B16C6D40B58AC5FF7BC548 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
23:29:30.0210 0x0974  PptpMiniport - ok
23:29:30.0225 0x0974  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor      C:\Windows\system32\drivers\processr.sys
23:29:30.0257 0x0974  Processor - ok
23:29:30.0303 0x0974  [ 1EA789C00B0ACAD75193CDC6F8829015, C5E830992AC71E5969FCA2825700224812888CD33F84D94EFA60F39AD8FF9B57 ] ProfSvc        C:\Windows\system32\profsvc.dll
23:29:30.0335 0x0974  ProfSvc - ok
23:29:30.0335 0x0974  [ A3FFECF43819C7162DF774E43C6C724C, FA75A08C0D523CFB405866D97F6B9DF15D63C59FE8F44C4E7C14220FAC8C22E2 ] ProtectedStorage C:\Windows\system32\lsass.exe
23:29:30.0335 0x0974  ProtectedStorage - ok
23:29:30.0381 0x0974  [ 4CE827A5433451551E99C2C1D20E4A43, B2E0806BB5C32A9126584941EE92526BFD45BB9EE18D7E598A2FFE7AAB495930 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
23:29:30.0397 0x0974  Psched - ok
23:29:30.0459 0x0974  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
23:29:30.0491 0x0974  ql2300 - ok
23:29:30.0506 0x0974  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
23:29:30.0522 0x0974  ql40xx - ok
23:29:30.0537 0x0974  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE          C:\Windows\system32\qwave.dll
23:29:30.0553 0x0974  QWAVE - ok
23:29:30.0569 0x0974  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
23:29:30.0584 0x0974  QWAVEdrv - ok
23:29:30.0600 0x0974  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
23:29:30.0631 0x0974  RasAcd - ok
23:29:30.0693 0x0974  [ FCBC6E55B7EAFEE6E26B5AF77441DD2A, CCAB8711CBFD9435609FBF0C0F2013FF5E5174BC23A6DD0B3142147F6770937E ] RasAgileVpn    C:\Windows\system32\DRIVERS\AgileVpn.sys
23:29:30.0709 0x0974  RasAgileVpn - ok
23:29:30.0725 0x0974  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto        C:\Windows\System32\rasauto.dll
23:29:30.0771 0x0974  RasAuto - ok
23:29:30.0787 0x0974  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp        C:\Windows\system32\DRIVERS\rasl2tp.sys
23:29:30.0818 0x0974  Rasl2tp - ok
23:29:30.0834 0x0974  [ F674C89CC5835F2EB6E914150F59C0D4, 1B753FFCCFDD44E0CC705DE8DBCCAC146D70E8C066564C056A969230929582E5 ] RasMan          C:\Windows\System32\rasmans.dll
23:29:30.0849 0x0974  RasMan - ok
23:29:30.0881 0x0974  [ 64908FACD0C3EAE09E4FDF251A4B2792, 1A8F7D28B7A6366B081F774EAC08C92DEC21F03B8BC74B0A918B6AB7CA67B682 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
23:29:30.0896 0x0974  RasPppoe - ok
23:29:30.0927 0x0974  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp        C:\Windows\system32\DRIVERS\rassstp.sys
23:29:30.0990 0x0974  RasSstp - ok
23:29:31.0037 0x0974  [ FB45727105E27756B3252572A138FA19, B11A375C7377C2DD02175921F5A3BBD23191207DE76DB220ACF72BD5CF74E09A ] rdbss          C:\Windows\system32\DRIVERS\rdbss.sys
23:29:31.0052 0x0974  rdbss - ok
23:29:31.0068 0x0974  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
23:29:31.0083 0x0974  rdpbus - ok
23:29:31.0083 0x0974  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
23:29:31.0115 0x0974  RDPCDD - ok
23:29:31.0130 0x0974  [ 596C9872717441BF3550927731C1AFE6, 571EDE0CCE575283BAE2C9633CE8B775EDC874DD393711484A2319D39E9B20CD ] RDPDR          C:\Windows\system32\drivers\rdpdr.sys
23:29:31.0161 0x0974  RDPDR - ok
23:29:31.0177 0x0974  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
23:29:31.0224 0x0974  RDPENCDD - ok
23:29:31.0239 0x0974  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
23:29:31.0271 0x0974  RDPREFMP - ok
23:29:31.0302 0x0974  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
23:29:31.0317 0x0974  RdpVideoMiniport - ok
23:29:31.0333 0x0974  [ 79062C89658D3E71097E0CB7A85B7E46, 22DE59A0C2DC3207A759DD5570CC0988F31F4DDA64D165D68A4A170D8CB9C2C2 ] RDPWD          C:\Windows\system32\drivers\RDPWD.sys
23:29:31.0364 0x0974  RDPWD - ok
23:29:31.0380 0x0974  [ F4287A980C0AA41DE3073F053E5EA73C, 04A386884DE32C6813486FD2D8FD9B9B275758CE5354459D8862A60E7F134833 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
23:29:31.0411 0x0974  rdyboost - ok
23:29:31.0427 0x0974  [ 0301EEE83B03229F555C6F8025FB5540, 3ABBA482E59FF9FC831A0FEA75A8C937BAE5077108A0EB3F89205C72FEDC2CD9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
23:29:31.0442 0x0974  RemoteAccess - ok
23:29:31.0473 0x0974  [ 71AD40FFF94D90B86748952022ECED2D, A2AEF7FC3B062D2EE2D70B4CA1CE23E353685F7E51F23F5CD493683275CCB0FB ] RemoteRegistry  C:\Windows\system32\regsvc.dll
23:29:31.0505 0x0974  RemoteRegistry - ok
23:29:31.0520 0x0974  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
23:29:31.0551 0x0974  RpcEptMapper - ok
23:29:31.0567 0x0974  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
23:29:31.0583 0x0974  RpcLocator - ok
23:29:31.0614 0x0974  [ BA6C9EE518A11DA4AD061B223EBED3D3, 0FDDEF3FFB375712567212BD7D31DA91AB97F8CE0D468C5FC6D4918CDF204B5A ] RpcSs          C:\Windows\system32\rpcss.dll
23:29:31.0629 0x0974  RpcSs - ok
23:29:31.0645 0x0974  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
23:29:31.0676 0x0974  rspndr - ok
23:29:31.0723 0x0974  [ 68DD0457D18FCCEF7384AE84022F0C86, 82C02EDB30D4FA1145AB1818F9FCE0B73FEB1B94C138B5513794F25FAC85F2CC ] RTL8023x64      C:\Windows\system32\DRIVERS\Rtnic64.sys
23:29:31.0739 0x0974  RTL8023x64 - ok
23:29:31.0770 0x0974  [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap          C:\Windows\system32\drivers\vms3cap.sys
23:29:31.0801 0x0974  s3cap - ok
23:29:31.0801 0x0974  [ A3FFECF43819C7162DF774E43C6C724C, FA75A08C0D523CFB405866D97F6B9DF15D63C59FE8F44C4E7C14220FAC8C22E2 ] SamSs          C:\Windows\system32\lsass.exe
23:29:31.0832 0x0974  SamSs - ok
23:29:31.0848 0x0974  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
23:29:31.0848 0x0974  sbp2port - ok
23:29:31.0879 0x0974  [ 9C7ECDB7D4F0113621D0C2806D634DEC, A2CD66F1BB6329309B9423D72112299F6E24F09B8B0F2FB82EFEE57ED67E5C85 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
23:29:31.0910 0x0974  SCardSvr - ok
23:29:31.0926 0x0974  [ 53CE84F6E4FABFC5AB47375546E1303D, 8FA3B1063ED1EE8B4771DDC5A8CA87AA93E1F0FB7B7A206E0AFFAEBF707FCB6E ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
23:29:31.0941 0x0974  scfilter - ok
23:29:32.0004 0x0974  [ E5A1E7B40B5086E643705B2D85A139C4, 0B298C16689C8AA475396C9BEAF1032A156A0D7986931337D47FE3AF72228026 ] Schedule        C:\Windows\system32\schedsvc.dll
23:29:32.0051 0x0974  Schedule - ok
23:29:32.0066 0x0974  [ E37B315C170C8DE43592F416264A6C31, 41109BB6A3681763AB43F9BA8FDA58C1ECBEAD8258B5FF65F95AFA072468984A ] SCPolicySvc    C:\Windows\System32\certprop.dll
23:29:32.0082 0x0974  SCPolicySvc - ok
23:29:32.0113 0x0974  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
23:29:32.0129 0x0974  SDRSVC - ok
23:29:32.0160 0x0974  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
23:29:32.0175 0x0974  secdrv - ok
23:29:32.0207 0x0974  [ B17F80360153B9DCED601108B74BDC25, 8AAE54EB719442EADDA8C67887A311838083B848BB714B4C8AF44BF4E9A7B75E ] seclogon        C:\Windows\system32\seclogon.dll
23:29:32.0238 0x0974  seclogon - ok
23:29:32.0253 0x0974  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
23:29:32.0331 0x0974  SENS - ok
23:29:32.0363 0x0974  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
23:29:32.0394 0x0974  SensrSvc - ok
23:29:32.0425 0x0974  [ 38B4E056D31DF16EC0EB5884F65B1979, 58EF8363103702352B9BB9F4DB47E388E86193F3C93E7392523BCC86A76B46FE ] Serenum        C:\Windows\system32\drivers\serenum.sys
23:29:32.0472 0x0974  Serenum - ok
23:29:32.0503 0x0974  [ F9DF63C7E70CBAC77EB07E454B35AB2A, 4FB02E23F48BE9876EE4C6B1CD6B7DAFBD7AE1FD7C61B42B3A1C617F46053EC6 ] Serial          C:\Windows\system32\drivers\serial.sys
23:29:32.0534 0x0974  Serial - ok
23:29:32.0550 0x0974  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
23:29:32.0565 0x0974  sermouse - ok
23:29:32.0597 0x0974  [ 8E7762634E03FE9B8774C73309563BAD, 9A56D9E0CE17EA31EC0299F24CF55DF9F3C5462D0EB66BD4165851570BA71670 ] SessionEnv      C:\Windows\system32\sessenv.dll
23:29:32.0628 0x0974  SessionEnv - ok
23:29:32.0643 0x0974  [ 5E332126E8DBAB045A21D623EA5A0488, C9EBEEDDD8DBE38CFF061FC6C3E487E871E6C56C06AEBCE0C0CDF5566CD0827D ] sffdisk        C:\Windows\system32\drivers\sffdisk.sys
23:29:32.0659 0x0974  sffdisk - ok
23:29:32.0659 0x0974  [ C7CF5601AEBC0AFD053C065998E312B1, 72FB7E64D06B73A9C27ACDEC3B96C8474CF0202FE3C00D51E573965F5CBC74FC ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
23:29:32.0675 0x0974  sffp_mmc - ok
23:29:32.0675 0x0974  [ 4530300DB74296B77FCC9E549E0C3752, 8F830353CBF103EC5B7A95FEF5164E31619121BEBB4940F4405435A71F7207BE ] sffp_sd        C:\Windows\system32\drivers\sffp_sd.sys
23:29:32.0675 0x0974  sffp_sd - ok
23:29:32.0706 0x0974  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy        C:\Windows\system32\drivers\sfloppy.sys
23:29:32.0721 0x0974  sfloppy - ok
23:29:32.0753 0x0974  [ 595D3A71FDAF4ADB4227E4F8FA31FC59, 988F20A2F8B8B56524C82B4B2F6E1C7E7471FD44AB5BA85A468A7B3E51117308 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
23:29:32.0784 0x0974  SharedAccess - ok
23:29:32.0846 0x0974  [ 4B247D567187961DCBAA98FD13D8EB39, 8758021A5303A2EF2DF7549AA3719CE927FCA13D497DD0AE9F4A4BF55EEF8D2F ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:29:32.0877 0x0974  ShellHWDetection - ok
23:29:32.0893 0x0974  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
23:29:32.0893 0x0974  SiSRaid2 - ok
23:29:32.0893 0x0974  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
23:29:32.0909 0x0974  SiSRaid4 - ok
23:29:32.0909 0x0974  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb            C:\Windows\system32\DRIVERS\smb.sys
23:29:32.0940 0x0974  Smb - ok
23:29:32.0955 0x0974  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
23:29:32.0987 0x0974  SNMPTRAP - ok
23:29:32.0987 0x0974  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr          C:\Windows\system32\drivers\spldr.sys
23:29:33.0002 0x0974  spldr - ok
23:29:33.0033 0x0974  [ 8003D39B386EDCCFB08DC21AACC0683A, 99D6A4DBE810335A69AE3053DC4B6AAC267639AD7F9C568431FA0714F6E71F30 ] Spooler        C:\Windows\System32\spoolsv.exe
23:29:33.0065 0x0974  Spooler - ok
23:29:33.0221 0x0974  [ 19907FFEF003698B25D6D58AD38A256A, BFAFEE132EF82A29ECF69BE37E9A4A12641F22CEB015B9103D3AE200E64EBC03 ] sppsvc          C:\Windows\system32\sppsvc.exe
23:29:33.0330 0x0974  sppsvc - ok
23:29:33.0361 0x0974  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify    C:\Windows\system32\sppuinotify.dll
23:29:33.0408 0x0974  sppuinotify - ok
23:29:33.0439 0x0974  [ 8980499A526581794A20B12E2E264661, 76C9AF4D95137F1258ACE45C1E254386F21A7900006FB151C8718875C8CA688B ] srv            C:\Windows\system32\DRIVERS\srv.sys
23:29:33.0470 0x0974  srv - ok
23:29:33.0486 0x0974  [ 9B90A439B97EBBD2A9ABEFFBBC1EEC71, F40C5285205A2D50F1D5F4FCD5D3990597BD39B38AD82D439BC2D51D5BB6F666 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
23:29:33.0501 0x0974  srv2 - ok
23:29:33.0517 0x0974  [ 9E30361776E07AD940791927A0FC9B3A, 1B8FBC780BEEA1DB23861584C44F0EB55CC6B3817AF714020EBA675E38DF98B5 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
23:29:33.0533 0x0974  srvnet - ok
23:29:33.0564 0x0974  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV        C:\Windows\System32\ssdpsrv.dll
23:29:33.0595 0x0974  SSDPSRV - ok
23:29:33.0595 0x0974  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc        C:\Windows\system32\sstpsvc.dll
23:29:33.0642 0x0974  SstpSvc - ok
23:29:33.0657 0x0974  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
23:29:33.0673 0x0974  stexstor - ok
23:29:33.0704 0x0974  [ 82848B4B4D2E4987844C7DC51AAF7313, 2A91F1411228D5B2BFA3B531FE756BFC50C2E84604D1E29724E8CF5964189BE2 ] stisvc          C:\Windows\System32\wiaservc.dll
23:29:33.0735 0x0974  stisvc - ok
23:29:33.0751 0x0974  [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt        C:\Windows\system32\drivers\vmstorfl.sys
23:29:33.0767 0x0974  storflt - ok
23:29:33.0782 0x0974  [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc        C:\Windows\system32\storsvc.dll
23:29:33.0813 0x0974  StorSvc - ok
23:29:33.0829 0x0974  [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc        C:\Windows\system32\drivers\storvsc.sys
23:29:33.0829 0x0974  storvsc - ok
23:29:33.0845 0x0974  [ 10DCD3BDFA785E1482EC02304A7E9B96, DBD348388F5B17F2620A9D40D1191A51BA6CDAF15E37503630D859FB144486A1 ] swenum          C:\Windows\system32\drivers\swenum.sys
23:29:33.0860 0x0974  swenum - ok
23:29:33.0891 0x0974  [ EFF602790C7B1407510BB6FCCE487D97, BF42D990287773F3FA75486078DDC0C97E3FC43E3C2BB640AA0F9FEA894DB6D8 ] swprv          C:\Windows\System32\swprv.dll
23:29:33.0923 0x0974  swprv - ok
23:29:34.0001 0x0974  [ 15CF7B24AA64FE958CAEA00274838B1C, 820F7CF1CCD036A1871D728C1CC80D9E9BB5E3BD5D9C7BC822B1711D8DB79707 ] SysMain        C:\Windows\system32\sysmain.dll
23:29:34.0047 0x0974  SysMain - ok
23:29:34.0079 0x0974  [ AD359C53941A6AC57FB935E7E9F1D16E, 6D53065ECE8E928CC045E16B7618D866C121EBA6C6CBDADC97C2B0DC8D8CF9FC ] TabletInputService C:\Windows\System32\TabSvc.dll
23:29:34.0110 0x0974  TabletInputService - ok
23:29:34.0125 0x0974  [ A58C3A68BD01A3A96E3244A8C15CE585, D9EED5BF3E06BC1636A17652171847C4E7C2F541DA818221E37D2B4F201ECDA8 ] TapiSrv        C:\Windows\System32\tapisrv.dll
23:29:34.0157 0x0974  TapiSrv - ok
23:29:34.0250 0x0974  [ 8A54B9C4206FBAB2CEE3525CFD365241, 009D2C45797D512F6B973BAE6FECA67C9BAE6B2C726A916D7168230ADDC769DC ] Tcpip          C:\Windows\system32\drivers\tcpip.sys
23:29:34.0297 0x0974  Tcpip - ok
23:29:34.0344 0x0974  [ 8A54B9C4206FBAB2CEE3525CFD365241, 009D2C45797D512F6B973BAE6FECA67C9BAE6B2C726A916D7168230ADDC769DC ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
23:29:34.0391 0x0974  TCPIP6 - ok
23:29:34.0406 0x0974  [ 7FE5586314EE7D6AA8483264A089E5AF, 4E3EA68713A45C22F1B9A1AA125E15D06D0C5E637B815537431ADFB6D7563879 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
23:29:34.0422 0x0974  tcpipreg - ok
23:29:34.0438 0x0974  [ 5FB705F7D93059B059900F2C6F7DE76B, F5AEF8C3DA8042FA04124F58B32B66ADF76107DB63D5D1D7B7D9511135524550 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
23:29:34.0453 0x0974  TDPIPE - ok
23:29:34.0453 0x0974  [ CEB11D6BB417E3E26CD0FEFDCAD5A052, 4AB18D67ACAAA66D527E3CA73267C8FC0ABFD9E11866D8849668E5E13F7A783C ] TDTCP          C:\Windows\system32\drivers\tdtcp.sys
23:29:34.0469 0x0974  TDTCP - ok
23:29:34.0484 0x0974  [ 4DD986720F7CB7A8A5D1226793097B9A, 9020375B45E9C966BF44CF425C127D7E0EC82EB99C7047F225C25402FF97743D ] tdx            C:\Windows\system32\DRIVERS\tdx.sys
23:29:34.0516 0x0974  tdx - ok
23:29:34.0547 0x0974  [ AC24D7A7D9EEDE11E2926F9001BEAFB5, 04F8FEC125B70A292DF4748925064CBDDF6D8FFF596ACD1EB063425E22505472 ] TermDD          C:\Windows\system32\drivers\termdd.sys
23:29:34.0547 0x0974  TermDD - ok
23:29:34.0609 0x0974  [ 30A3A5BE7A486ADB5E20FFE4324362BF, 81F9B5E10478316F250466B24BCBFA77B38DA9CF43223FAC4CF37379E5DE49E0 ] TermService    C:\Windows\System32\termsrv.dll
23:29:34.0640 0x0974  TermService - ok
23:29:34.0656 0x0974  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
23:29:34.0687 0x0974  Themes - ok
23:29:34.0703 0x0974  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER    C:\Windows\system32\mmcss.dll
23:29:34.0718 0x0974  THREADORDER - ok
23:29:34.0750 0x0974  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
23:29:34.0765 0x0974  TrkWks - ok
23:29:34.0796 0x0974  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:29:34.0843 0x0974  TrustedInstaller - ok
23:29:34.0859 0x0974  [ 2CF58216424757ED29605B4F18EC443C, 9D523FC075F7F41A17F60617670A976A8F2F2943444515DC3834720BDC37DFA0 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
23:29:34.0890 0x0974  tssecsrv - ok
23:29:34.0937 0x0974  [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
23:29:34.0968 0x0974  TsUsbFlt - ok
23:29:34.0999 0x0974  [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD        C:\Windows\system32\drivers\TsUsbGD.sys
23:29:35.0030 0x0974  TsUsbGD - ok
23:29:35.0062 0x0974  [ 06BC523D39A2E6A9FBAED812C7A5ED6B, F3E2D2B24F52465223D790A8618825024617220FF19AC19006FDCED98739D74F ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
23:29:35.0077 0x0974  tunnel - ok
23:29:35.0093 0x0974  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
23:29:35.0108 0x0974  uagp35 - ok
23:29:35.0140 0x0974  [ 8DE87C94A4938BF4C21C310077DB22BD, 11DCBD0B7B00BC5D51D9575F90083D9F7C57FDB317AAD638EC775EFD9419574E ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
23:29:35.0186 0x0974  udfs - ok
23:29:35.0202 0x0974  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect      C:\Windows\system32\UI0Detect.exe
23:29:35.0202 0x0974  UI0Detect - ok
23:29:35.0233 0x0974  [ B70E26A57F35ECA5199E6D6B9592A67C, 8ECCEEA69A69FBDC4AFEB2EC306FCEE6B569370F599D76F4CFDEAF77A0CD018C ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
23:29:35.0264 0x0974  uliagpkx - ok
23:29:35.0264 0x0974  [ C77B614D818386596EC5540E318AE034, EE4B6D5E612E3C927CFC6C8E9E979CFAEC47EA160FFA4602014B7C8D4644EC58 ] umbus          C:\Windows\system32\drivers\umbus.sys
23:29:35.0311 0x0974  umbus - ok
23:29:35.0327 0x0974  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
23:29:35.0358 0x0974  UmPass - ok
23:29:35.0389 0x0974  [ CA64FB0D366F3FE8FA20971E35CA0D7C, EF827666C26CF959B7A015BEB576BB603A516A804DDD14B35B745C60AE10C3FC ] UmRdpService    C:\Windows\System32\umrdp.dll
23:29:35.0436 0x0974  UmRdpService - ok
23:29:35.0452 0x0974  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
23:29:35.0483 0x0974  upnphost - ok
23:29:35.0530 0x0974  [ 9E68E917FB4B5C983438969643F53BEF, 7148BF1E7AFAFA025A51AA9A26B90ED85328B41C7F7791CB3460D9CF53245985 ] usbccgp        C:\Windows\system32\drivers\usbccgp.sys
23:29:35.0545 0x0974  usbccgp - ok
23:29:35.0576 0x0974  [ 710EE0EEDFF1DB5089397CCBBBD80C58, E6336A6292557FBE49B94F07DF0195A186D5EB2FF137E5AD6DD435F4AC525373 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
23:29:35.0592 0x0974  usbcir - ok
23:29:35.0639 0x0974  [ 3F9D3902CE931E2A28DD8452AE915B67, C8BF042DD84FB2E3AE7FCDBA65923611FCBDAFD6410E42A5E58F8995D99AE16C ] usbehci        C:\Windows\system32\drivers\usbehci.sys
23:29:35.0654 0x0974  usbehci - ok
23:29:35.0686 0x0974  [ 86B65EEBC03B936DE8B26E5A18D98FA2, 2981CF5A0FB6B6FE0A38363EA4804DB743C45E3E6E72DC3A2260F583377717C8 ] usbhub          C:\Windows\system32\drivers\usbhub.sys
23:29:35.0701 0x0974  usbhub - ok
23:29:35.0732 0x0974  [ 099C2931C6F73EB1B9E13C560F61B50D, 83B64A52173243526E380C8FA0D913C7B07C2AF1806ECC4EC0D0B5523A7CBFAA ] usbohci        C:\Windows\system32\drivers\usbohci.sys
23:29:35.0764 0x0974  usbohci - ok
23:29:35.0779 0x0974  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\drivers\usbprint.sys
23:29:35.0795 0x0974  usbprint - ok
23:29:35.0795 0x0974  [ 18C50A2277BCB1509A27F91A07377263, 8034DF1A6841E029482B6843DFF906E9FBD3F26B8A317191145A670EB07AC0DA ] USBSTOR        C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:29:35.0826 0x0974  USBSTOR - ok
23:29:35.0842 0x0974  [ 5D7651347C7D702F4A5DE53603DC024F, F55532D13AB2FF6D4B6058113AF2710AC5C87059C9000942CF517198BABCD6F5 ] usbuhci        C:\Windows\system32\drivers\usbuhci.sys
23:29:35.0842 0x0974  usbuhci - ok
23:29:35.0873 0x0974  [ 0FD209CC2F2A2B17D07CE2D977087088, E68280D69CF6499B2182AF4257F282D0700B79BA94B2C0B393B049A99BC786F5 ] UxSms          C:\Windows\System32\uxsms.dll
23:29:35.0888 0x0974  UxSms - ok
23:29:35.0904 0x0974  [ A3FFECF43819C7162DF774E43C6C724C, FA75A08C0D523CFB405866D97F6B9DF15D63C59FE8F44C4E7C14220FAC8C22E2 ] VaultSvc        C:\Windows\system32\lsass.exe
23:29:35.0920 0x0974  VaultSvc - ok
23:29:35.0935 0x0974  [ 7BDCE021786C3DCCFD2C22EBF643EE36, 92842E529EBDE9A9A9408287182BF1ECD8737C1DA39AF20570528CBD37D43228 ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
23:29:35.0951 0x0974  vdrvroot - ok
23:29:35.0982 0x0974  [ 57295E9336C4AE8408725B6246BA6B9A, 58994C975E3378EE29A2A6127CF32EDDA4FF0D64881AE11C36D464DF718A2167 ] vds            C:\Windows\System32\vds.exe
23:29:35.0998 0x0974  vds - ok
23:29:36.0029 0x0974  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga            C:\Windows\system32\DRIVERS\vgapnp.sys
23:29:36.0044 0x0974  vga - ok
23:29:36.0060 0x0974  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave        C:\Windows\System32\drivers\vga.sys
23:29:36.0091 0x0974  VgaSave - ok
23:29:36.0122 0x0974  [ FF0E9994E61F7D9778DB1C4E6F3F25F5, F160278446BB09F136AA7678F2920A5F0101A29C2B8E90D3A472AC53DBECC212 ] vhdmp          C:\Windows\system32\drivers\vhdmp.sys
23:29:36.0138 0x0974  vhdmp - ok
23:29:36.0138 0x0974  [ 2B6E179E984F5A11521F8FE1EA6BAE83, AF9B3C0826C8F9CC7DB37CF4385AD365B623FB03293C5AF907077799F202A7C7 ] viaide          C:\Windows\system32\drivers\viaide.sys
23:29:36.0154 0x0974  viaide - ok
23:29:36.0154 0x0974  [ 8F64E493D31328784CAD66101E674377, AEDB807BF395254AEFEBCC20B109EB3B2BAB6597C160EE396F623BC727B4FEAB ] vmbus          C:\Windows\system32\drivers\vmbus.sys
23:29:36.0169 0x0974  vmbus - ok
23:29:36.0200 0x0974  [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
23:29:36.0216 0x0974  VMBusHID - ok
23:29:36.0247 0x0974  [ 8EDE91FBAC7BF7605323C517C717A253, 8441DBE652E8922B888649FF8F37D5593FD8938E3AFFB69323184DE8E4A5EBDB ] volmgr          C:\Windows\system32\drivers\volmgr.sys
23:29:36.0263 0x0974  volmgr - ok
23:29:36.0325 0x0974  [ 85C5468BC395819AE2A0C747334BA14C, 75EB4751F90F3347229442A5622539383CE0B1834EE7B995260D0D433BA2E25F ] volmgrx        C:\Windows\system32\drivers\volmgrx.sys
23:29:36.0341 0x0974  volmgrx - ok
23:29:36.0372 0x0974  [ B52F1F5F55CD773BA89E5739B82E9C34, FBA4EC1EB9564B9EEFB1477AF54FE8862B8F52DCC518CB659B8862697C417A7B ] volsnap        C:\Windows\system32\drivers\volsnap.sys
23:29:36.0388 0x0974  volsnap - ok
23:29:36.0419 0x0974  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid        C:\Windows\system32\drivers\vsmraid.sys
23:29:36.0450 0x0974  vsmraid - ok
23:29:36.0512 0x0974  [ A6B355943A77FC59B4BE54F6CC2C1A06, 422DE0C69A4F34FAD576663587F6BD03A48E20C96F1283D803F7667A288B962D ] VSS            C:\Windows\system32\vssvc.exe
23:29:36.0544 0x0974  VSS - ok
23:29:36.0575 0x0974  [ BFCBFD74A7D673AF8311F236AA15D0AF, AE52D49121A6FB173D30DA6F3901A934A1F6C8FF9CF0DCEE8954FE05F111A063 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
23:29:36.0590 0x0974  vwifibus - ok
23:29:36.0622 0x0974  [ 77B02662D2485F43C096B32FC7A99B48, 7DB0EE090311CD1BC25629F4EA6F6E72F4B67287B753B02E9F76183A797D1C2F ] W32Time        C:\Windows\system32\w32time.dll
23:29:36.0653 0x0974  W32Time - ok
23:29:36.0653 0x0974  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
23:29:36.0668 0x0974  WacomPen - ok
23:29:36.0700 0x0974  [ DC4CB3626E7423B9D83CF1B4857FDF15, 36BC894AC01A2A493D408F9F6B65064E901882F038A8A74CA4F21735D283E46F ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
23:29:36.0715 0x0974  WANARP - ok
23:29:36.0715 0x0974  [ DC4CB3626E7423B9D83CF1B4857FDF15, 36BC894AC01A2A493D408F9F6B65064E901882F038A8A74CA4F21735D283E46F ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
23:29:36.0715 0x0974  Wanarpv6 - ok
23:29:36.0793 0x0974  [ 01037578F5CFE26D347296A03E0801C0, 91405FB934EFD8D0FE9B51CECBB977814B359C2EE1F409E62717C230362D7AFC ] wbengine        C:\Windows\system32\wbengine.exe
23:29:36.0840 0x0974  wbengine - ok
23:29:36.0856 0x0974  [ 55E42FA7B170579F9F95AC5A405F82FD, 1F3DA26D8395B9AF53ADCE075FA24E48FF4AA7553FC0F8CAF696B3F032EA6545 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
23:29:36.0887 0x0974  WbioSrvc - ok
23:29:36.0918 0x0974  [ 79E3903FD75A22386326B542F17A2563, 3CCCE0BCDE12240BE7E108A8C0A959A33C8462A0DE8510F28FA0107C4A9A1F05 ] wcncsvc        C:\Windows\System32\wcncsvc.dll
23:29:36.0949 0x0974  wcncsvc - ok
23:29:36.0965 0x0974  [ 35050F01D00E7E72A2449EB6F9ABF8B4, CF45943E14D2418E83CF4DC836D3AFE4ED61186B6B9DA25EF745DC6FBB07FAC5 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:29:36.0996 0x0974  WcsPlugInService - ok
23:29:37.0012 0x0974  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
23:29:37.0027 0x0974  Wd - ok
23:29:37.0074 0x0974  [ 37CE6867FC4A6827009A713A9737262C, D8890524F4EF358E35C4A992BEAF7C8FB5ED647FE4D899D3CF608C2201E218A5 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
23:29:37.0105 0x0974  Wdf01000 - ok
23:29:37.0121 0x0974  [ E8E4226F02B3CDC87FC53C9406F3BEA0, 2CF36989DCC2B534C4E55F95F52C911BD364735D2089D8195E5CB913268A5757 ] WdiServiceHost  C:\Windows\system32\wdi.dll
23:29:37.0136 0x0974  WdiServiceHost - ok
23:29:37.0152 0x0974  [ E8E4226F02B3CDC87FC53C9406F3BEA0, 2CF36989DCC2B534C4E55F95F52C911BD364735D2089D8195E5CB913268A5757 ] WdiSystemHost  C:\Windows\system32\wdi.dll
23:29:37.0152 0x0974  WdiSystemHost - ok
23:29:37.0183 0x0974  [ EE841B6D1F2B9508D3ABAE52AC05A94F, F1AE981FCDBFC4672A4EABABD41382E93762EFC2EDAD96E75530E7ACA5AF1FD8 ] WebClient      C:\Windows\System32\webclnt.dll
23:29:37.0214 0x0974  WebClient - ok
23:29:37.0246 0x0974  [ D833A60DE407802A3A4894DD3B2E2AFB, CBB0CA5300A6F67D12EF0BE76F7EA30DE1C64C02D3CF1F835E36C5AD866A1D66 ] Wecsvc          C:\Windows\system32\wecsvc.dll
23:29:37.0277 0x0974  Wecsvc - ok
23:29:37.0308 0x0974  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport  C:\Windows\System32\wercplsupport.dll
23:29:37.0339 0x0974  wercplsupport - ok
23:29:37.0355 0x0974  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
23:29:37.0386 0x0974  WerSvc - ok
23:29:37.0402 0x0974  [ 7575DC87DF112AC0C6E95A0F87915CDC, 1EC63A4CC0AC3341F639A5483F1A0B710E148DCB2DDA16ADCDDDED6E5EECE549 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
23:29:37.0417 0x0974  WfpLwf - ok
23:29:37.0448 0x0974  [ EACC800ECF26D82A063BC8E49EE1D8BF, DB14CDF030EDD10E174F44AA6EDC953964EC5E26D219480C776C29378BF84314 ] WiaRpc          C:\Windows\System32\wiarpc.dll
23:29:37.0526 0x0974  WiaRpc - ok
23:29:37.0542 0x0974  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
23:29:37.0558 0x0974  WIMMount - ok
23:29:37.0589 0x0974  WinDefend - ok
23:29:37.0604 0x0974  WinHttpAutoProxySvc - ok
23:29:37.0651 0x0974  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt        C:\Windows\system32\wbem\WMIsvc.dll
23:29:37.0714 0x0974  Winmgmt - ok
23:29:37.0807 0x0974  [ EBDA1B0F15CB9B2CBCC6C94824E4E054, C51314F7D611E4903DA00EFA8EB99365414436324D256083CE0B5A8E055E8E06 ] WinRM          C:\Windows\system32\WsmSvc.dll
23:29:37.0870 0x0974  WinRM - ok
23:29:37.0932 0x0974  [ 4B7912EB80820EAC543EE54806EFCAF0, 4D9186F9FE80F03C85C4DC73342EE5870DF1021BD29974BE33557CEA0D524667 ] Wlansvc        C:\Windows\System32\wlansvc.dll
23:29:37.0963 0x0974  Wlansvc - ok
23:29:37.0994 0x0974  [ 43471A750D4F3918AC92F5131AE252D3, E843AA1555262F521B924BBB1505474757E1BB9540FCCF93BC0BE2059F497C87 ] WmiAcpi        C:\Windows\system32\drivers\wmiacpi.sys
23:29:38.0026 0x0974  WmiAcpi - ok
23:29:38.0057 0x0974  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
23:29:38.0072 0x0974  wmiApSrv - ok
23:29:38.0119 0x0974  WMPNetworkSvc - ok
23:29:38.0135 0x0974  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
23:29:38.0166 0x0974  WPCSvc - ok
23:29:38.0197 0x0974  [ 74D81AAA1AAAA9F74A978D9584EF0CB6, C4377E29C80004767CD9EB66B343DF46A96373A0F92F3D5A6D3536DFB3E3F226 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
23:29:38.0244 0x0974  WPDBusEnum - ok
23:29:38.0260 0x0974  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl        C:\Windows\system32\drivers\ws2ifsl.sys
23:29:38.0306 0x0974  ws2ifsl - ok
23:29:38.0322 0x0974  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
23:29:38.0338 0x0974  wscsvc - ok
23:29:38.0338 0x0974  WSearch - ok
23:29:38.0447 0x0974  [ 88009DB9E1166B6B6713A858C176FECD, CBF4C63D3C5D14AF3C3F0D9C48E5AC9E7A4323BFB0363E9948FD801963BE1467 ] wuauserv        C:\Windows\system32\wuaueng.dll
23:29:38.0509 0x0974  wuauserv - ok
23:29:38.0525 0x0974  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
23:29:38.0540 0x0974  WudfPf - ok
23:29:38.0556 0x0974  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
23:29:38.0587 0x0974  WUDFRd - ok
23:29:38.0603 0x0974  [ 1685B0232BF1306A31DFBC04F36A32B9, E4D98D1636E0E16F7EEAA6E2991307D66A5BA235D4CAF6293F423012E4D6B6B0 ] wudfsvc        C:\Windows\System32\WUDFSvc.dll
23:29:38.0618 0x0974  wudfsvc - ok
23:29:38.0650 0x0974  [ 13E19A9868C6E1C9F5584D571DDA7D76, 05F0BFA9C1F089EF35EBA85B9B142CF2AC5BDF82968073739E2950CB8444B4BA ] WwanSvc        C:\Windows\System32\wwansvc.dll
23:29:38.0665 0x0974  WwanSvc - ok
23:29:38.0728 0x0974  [ 7FEC6AACD1F3E34BBBBA39AD0A2A1A41, 8457FD7B259C16EAF9029FBD9B73488EB362ED217C8BCF88E39168FFA8700A0D ] {0CBD4F48-3751-475D-BE88-4F271385B672} C:\Program Files\Shadow Defender\Service.exe
23:29:38.0743 0x0974  {0CBD4F48-3751-475D-BE88-4F271385B672} - detected UnsignedFile.Multi.Generic ( 1 )
23:29:38.0884 0x0974  Detect skipped due to KSN trusted
23:29:38.0884 0x0974  {0CBD4F48-3751-475D-BE88-4F271385B672} - ok
23:29:38.0884 0x0974  ================ Scan global ===============================
23:29:38.0899 0x0974  [ CEC94EC582DBBAD9461EB2BE2BE319A6, A0FAACC5790D8B813415FB55BB56C5DBD1A9E04BD2CE29BB8671D706F4DA1DF6 ] C:\Windows\system32\basesrv.dll
23:29:38.0946 0x0974  [ 918CB3600FEB645E1BBF0DF148D4FF0C, E592F8C2B623FAD1AD0F29D5A9C43B80F92AC603C68B9878E5CC264FA8BF0152 ] C:\Windows\system32\winsrv.dll
23:29:38.0962 0x0974  [ 918CB3600FEB645E1BBF0DF148D4FF0C, E592F8C2B623FAD1AD0F29D5A9C43B80F92AC603C68B9878E5CC264FA8BF0152 ] C:\Windows\system32\winsrv.dll
23:29:38.0977 0x0974  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
23:29:38.0993 0x0974  [ 38382A6B73FB37EF692DCBD882AB1FC4, 66B8501C3797C8B4525CD8EC2B141A8751D7A163E24E249C3E1DE42F7C055889 ] C:\Windows\system32\services.exe
23:29:39.0008 0x0974  [ Global ] - ok
23:29:39.0008 0x0974  ================ Scan MBR ==================================
23:29:39.0008 0x0974  [ 0792F22BCC85CFD3B28324561FFFCABB ] \Device\Harddisk0\DR0
23:29:39.0289 0x0974  \Device\Harddisk0\DR0 - ok
23:29:39.0289 0x0974  ================ Scan VBR ==================================
23:29:39.0289 0x0974  [ 3F7FB39F84AECC17F5458B358A4E95D3 ] \Device\Harddisk0\DR0\Partition1
23:29:39.0289 0x0974  \Device\Harddisk0\DR0\Partition1 - ok
23:29:39.0289 0x0974  [ 5359BEB92AB3BDDFFEBF841A473267C7 ] \Device\Harddisk0\DR0\Partition2
23:29:39.0289 0x0974  \Device\Harddisk0\DR0\Partition2 - ok
23:29:39.0305 0x0974  [ 1C2762618CC34653149FDB13BE62FD57 ] \Device\Harddisk0\DR0\Partition3
23:29:39.0305 0x0974  \Device\Harddisk0\DR0\Partition3 - ok
23:29:39.0320 0x0974  [ 367E528BC90C7CF4713AAB0C62C95E82 ] \Device\Harddisk0\DR0\Partition4
23:29:39.0320 0x0974  \Device\Harddisk0\DR0\Partition4 - ok
23:29:39.0320 0x0974  ================ Scan generic autorun ======================
23:29:39.0367 0x0974  [ 9B638E2037DF40C2729B76617FB1F412, 31D01BF46A3AB29CB6786B213924B1E5A7558D30C5755E4DA21253C670C6F04A ] C:\Program Files\Shadow Defender\DefenderDaemon.exe
23:29:39.0414 0x0974  Shadow Defender Daemon - detected UnsignedFile.Multi.Generic ( 1 )
23:29:39.0554 0x0974  Detect skipped due to KSN trusted
23:29:39.0554 0x0974  Shadow Defender Daemon - ok
23:29:39.0601 0x0974  [ FE62B4C0F1FFCA8D6554CF03CF7F88DD, A899DD307BCD12B8F8D1DF03F700FFD44EBF7EA779E4046F9056FB07198F8BBC ] C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe
23:29:39.0617 0x0974  EaseUs Watch - detected UnsignedFile.Multi.Generic ( 1 )
23:29:39.0757 0x0974  Detect skipped due to KSN trusted
23:29:39.0757 0x0974  EaseUs Watch - ok
23:29:39.0820 0x0974  [ 76E76FF6BEAC12705AB7A19814E4BA31, D1248C74637CEC06ABB79D3ECBB0B72E295B552E559C32F5F168929AE186CBEA ] C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe
23:29:39.0835 0x0974  EaseUs Tray - detected UnsignedFile.Multi.Generic ( 1 )
23:29:39.0960 0x0974  Detect skipped due to KSN trusted
23:29:39.0960 0x0974  EaseUs Tray - ok
23:29:40.0054 0x0974  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
23:29:40.0100 0x0974  Sidebar - ok
23:29:40.0116 0x0974  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
23:29:40.0147 0x0974  mctadmin - ok
23:29:40.0163 0x0974  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
23:29:40.0194 0x0974  Sidebar - ok
23:29:40.0194 0x0974  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
23:29:40.0210 0x0974  mctadmin - ok
23:29:40.0210 0x0974  Waiting for KSN requests completion. In queue: 58
23:29:41.0411 0x0974  Win FW state via NFP2: enabled ( trusted )
23:29:41.0582 0x0974  ============================================================
23:29:41.0582 0x0974  Scan finished
23:29:41.0582 0x0974  ============================================================
23:29:41.0582 0x1778  Detected object count: 0
23:29:41.0582 0x1778  Actual detected object count: 0

cosinus 27.05.2018 23:11
Auch da keine Schädlinge zu sehen.

Bitte erstelle im Firefox ein neues Profil und lösche das alte siehe --> http://support.mozilla.com/de/kb/Profile%20verwalten

Sichere - falls wichtig - vorher wichtige Lesezeichen, gespeicherte Passwörter etc.

5lin 12.06.2018 21:50
RE
 
Vielen Dank für deine Hilfe.
Das Problem mit den Zertifikate (Windows 7) habe bereits beheben können.
Dann habe ich Testweise ein neues Firefox Profil erstellt und erstmal die Einstellungen konfiguriert bevor ich mich wieder ins Internet begebe. Einfach mal ohne Addons etc.

Danach habe ich die Internetverbindung hergestellt und erstmal nachgeschaut ohne irgendetwas zu machen.

Komischerweise wird wieder eine Verbindung aufgebaut.

Code:
[System Process]        0        TCP        nbmedia-pc        49192        ocsp.comodoca.com        http        TIME_WAIT                                                                               
[System Process]        0        TCP        nbmedia-pc        49197        ocsp.comodoca.com        http        TIME_WAIT                                                                               
[System Process]        0        TCP        nbmedia-pc        49198        ocsp.comodoca.com        http        TIME_WAIT                                                                               
Agent.exe        1356        TCP        nbmedia-PC        6864        nbmedia-PC        0        LISTENING                                                                               
firefox.exe        3780        TCP        nbmedia-PC        49159        localhost        49160        ESTABLISHED                                                                               
firefox.exe        3780        TCP        nbmedia-PC        49160        localhost        49159        ESTABLISHED                                                                               
firefox.exe        2924        TCP        nbmedia-PC        49163        localhost        49164        ESTABLISHED                                                                               
firefox.exe        2924        TCP        nbmedia-PC        49164        localhost        49163        ESTABLISHED                                                                               
firefox.exe        2432        TCP        nbmedia-PC        49165        localhost        49166        ESTABLISHED                                                                               
firefox.exe        2432        TCP        nbmedia-PC        49166        localhost        49165        ESTABLISHED                                                                               
firefox.exe        3780        TCP        nbmedia-pc        49207        151.101.112.133        https        ESTABLISHED                                                                               
lsass.exe        512        TCP        nbmedia-PC        49155        nbmedia-PC        0        LISTENING                                                                               
lsass.exe        512        TCPV6        nbmedia-pc        49155        nbmedia-pc        0        LISTENING                                                                               
opera.exe        720        TCP        nbmedia-pc        49174        192.168.178.1        http        ESTABLISHED                                                                               
opera.exe        720        TCP        nbmedia-pc        49175        192.168.178.1        http        ESTABLISHED                                                                               
opera.exe        720        TCP        nbmedia-pc        49178        192.168.178.1        http        ESTABLISHED        2        894        2        1.901        447        954        1        1               
opera.exe        720        TCP        nbmedia-pc        49180        192.168.178.1        http        ESTABLISHED                                                                               
opera.exe        720        TCP        nbmedia-pc        49189        77.111.244.116        https        ESTABLISHED                                                                               
opera.exe        720        TCP        nbmedia-pc        49190        a2-16-186-120.deploy.static.akamaitechnologies.com        http        ESTABLISHED                                                                               
opera.exe        720        TCP        nbmedia-pc        49194        n30-03-09-vip.lb.opera.technology        https        ESTABLISHED                                                                               
opera.exe        720        TCP        nbmedia-pc        49195        93.184.220.29        http        ESTABLISHED                                                                               
opera.exe        720        TCP        nbmedia-pc        49201        192.168.178.1        http        ESTABLISHED                                                                               
opera.exe        720        TCP        nbmedia-pc        49202        n25-05-10.lb.opera.technology        https        ESTABLISHED                                                                               
opera.exe        720        TCP        nbmedia-pc        49203        151.101.14.2        https        ESTABLISHED                        333        548.878                                               
opera.exe        720        TCP        nbmedia-pc        49206        151.101.112.234        http        ESTABLISHED                                                                               
services.exe        504        TCP        nbmedia-PC        49156        nbmedia-PC        0        LISTENING                                                                               
services.exe        504        TCPV6        nbmedia-pc        49156        nbmedia-pc        0        LISTENING                                                                               
svchost.exe        704        TCP        nbmedia-PC        epmap        nbmedia-PC        0        LISTENING                                                                               
svchost.exe        852        TCP        nbmedia-PC        49153        nbmedia-PC        0        LISTENING                                                                               
svchost.exe        944        TCP        nbmedia-PC        49154        nbmedia-PC        0        LISTENING                                                                               
svchost.exe        1144        TCP        nbmedia-pc        49188        a2-16-186-120.deploy.static.akamaitechnologies.com        http        ESTABLISHED                                                                               
svchost.exe        920        UDP        nbmedia-PC        ntp        *        *                                                                                       
svchost.exe        2716        UDP        nbmedia-PC        ssdp        *        *                                                                                       
svchost.exe        2716        UDP        nbmedia-pc        ssdp        *        *                                                                                       
svchost.exe        1144        UDP        nbmedia-PC        llmnr        *        *                                                                                       
svchost.exe        2716        UDP        nbmedia-PC        60401        *        *                                                                                       
svchost.exe        704        TCPV6        nbmedia-pc        epmap        nbmedia-pc        0        LISTENING                                                                               
svchost.exe        852        TCPV6        nbmedia-pc        49153        nbmedia-pc        0        LISTENING                                                                               
svchost.exe        944        TCPV6        nbmedia-pc        49154        nbmedia-pc        0        LISTENING                                                                               
svchost.exe        920        UDPV6        nbmedia-pc        123        *        *                                                                                       
svchost.exe        2716        UDPV6        [0:0:0:0:0:0:0:1]        1900        *        *                                                                                       
svchost.exe        2716        UDPV6        [0:0:0:0:0:0:0:1]        60400        *        *                                                                                       
System        4        TCP        nbmedia-PC        microsoft-ds        nbmedia-PC        0        LISTENING                                                                               
System        4        TCPV6        nbmedia-pc        microsoft-ds        nbmedia-pc        0        LISTENING                                                                               
wininit.exe        408        TCP        nbmedia-PC        49152        nbmedia-PC        0        LISTENING                                                                               
wininit.exe        408        TCPV6        nbmedia-pc        49152        nbmedia-pc        0        LISTENING
Was sind das für Verbindungen und woher kommen Sie? Die 151.101.1/24 Route habe ich andauernd dran. Grüße

5lin 19.08.2018 18:37
Und vorallem was ist ocsp.comodoca.com für ein Systemprozess ?

Bootsektor 27.08.2018 16:12
Gar keiner, das ist die Homepage von comodo. Ocsp ist ein Netzwerkprotokoll.... bin wieder weg. :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 18:52 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130