Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Win 7 64 bit Programme lassen sich nicht starten, System stürzt ab, nach seltsamem Windows Update

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 14.12.2014, 12:27   #1
laures
 
Win 7 64 bit Programme lassen sich nicht starten, System stürzt ab, nach seltsamem Windows Update - Standard

Win 7 64 bit Programme lassen sich nicht starten, System stürzt ab, nach seltsamem Windows Update



Hallo zusammen,

am Freitag gab es ein angebliches Windows Update, Kategorie wichtig, sehr geringe Dateigröße. Seit der Installation habe ich die folgenden Probleme:
- es gibt keinen einzigen Systemwiederherstellungspunkt mehr
- sehe ich mir die Win Updates an, sagt das System es wurde Freitag nichts installiert
- Virenchecker F-Secure und Avira finden nichts, CC Cleaner läßt sich starten, stürzt aber ab, sobald ich eine Aktion starte
- Office 365, insbesondere Outlook, startet nicht mehr, Reparatur, auch die "intensive" Variante, hatte keine Wirkung
- Browser kann ich starten, IE funktioniert okay, Chrome lädt Seiten nicht
- Systemperformance = 0
- 3x Bluescreen gehabt, dauernde Abstürze, Rechner wacht aus Standby nicht mehr richtig auf
- Check der Festplatte ergab keine Probleme
- Daten kann ich auf externer Festplatte sichern

Mein USB Stick mit der Sicherung wurde leider am Donnerstag (TIMING!) von der Putzperle aufgesaugt und entsorgt, so dass ich jetzt wie der Depp vor dem Problem stehe.

Kann mir bitte jemand helfen, bin mir nicht sicher, ob es ein Virus ist, oder ob der Laptop nach knapp über einem Jahr den Geist aufgibt! Bin extrem verzweifelt und für jede Unterstützung sehr dankbar.

Gruß & Dank,
Laures

EDIT: Habe ein GMER logfile, aber kann es nicht anhängen, weil zu groß. Kann ich es splitten und wenn ja, wo am besten?


FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-12-2014
Ran by Nörpel (administrator) on NIKKI on 14-12-2014 13:33:54
Running from C:\Users\Nörpel\Downloads
Loaded Profiles: Nörpel & UpdatusUser (Available profiles: Nörpel & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Firebird Project) C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\CCF_Reputation\fsorsp.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVCM.EXE
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(H+H Software GmbH) C:\Program Files (x86)\Virtual CD v10\System\VC10SecS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Western Digital) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(TuneClone.COM) C:\Program Files\TuneClone\TuneClone.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
() C:\Users\Nörpel\AppData\Local\Amazon Music\Amazon Music Helper.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\EnergyCut\EnergyCut.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSHDLL64.EXE
(Firebird Project) C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\fsgk32.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\fssm32.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
() C:\Users\Nörpel\Downloads\Defogger.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-03] (Adobe Systems Incorporated)
HKLM\...\Run: [TuneClone] => C:\Program Files\TuneClone\TuneClone.exe [4550656 2012-02-24] (TuneClone.COM)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [8079408 2014-09-12] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [6199128 2014-09-12] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [F-Secure Manager] => C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE [310312 2014-06-24] (F-Secure Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395656 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153992 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\EnergyCut\utilty.exe [1581056 2007-04-27] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [EnergyCut] => C:\Program Files (x86)\Lenovo\EnergyCut\EnergyCut.exe [1167360 2007-03-09] (Lenovo (Beijing) Limited)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [F-Secure Hoster (666)] => C:\Program Files (x86)\F-Secure\fshoster32.exe [187432 2014-07-08] (F-Secure Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-11-24] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [124208 2014-10-22] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3940675302-785021557-2801149589-1000\...\Run: [VideoDownloaderUltimate] => C:\ProgramData\VideoDownloaderUltimateWinApp\VideoDownloaderUltimate.exe [870008 2014-11-08] (Link64 GmbH)
HKU\S-1-5-21-3940675302-785021557-2801149589-1000\...\Run: [Amazon Music] => C:\Users\Nörpel\AppData\Local\Amazon Music\Amazon Music Helper.exe [6277952 2014-11-19] ()
HKU\S-1-5-21-3940675302-785021557-2801149589-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-3940675302-785021557-2801149589-1000\...\RunOnce: [Adobe Speed Launcher] => 1418543255
HKU\S-1-5-21-3940675302-785021557-2801149589-1000\...\MountPoints2: {9f1cb577-0312-11e3-98d7-f4b7e2f1b2d2} - E:\SISetup.exe
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [184048 2013-12-26] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [156256 2013-12-26] (NVIDIA Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: F-Secure Browsing Protection -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\browser\install\fs_ie_https\fs_ie_https64.dll (F-Secure Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: F-Secure Browsing Protection -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\browser\install\fs_ie_https\fs_ie_https.dll (F-Secure Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
Toolbar: HKLM-x32 - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GmbH)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Nörpel\AppData\Roaming\Mozilla\Firefox\Profiles\ur5wwrnu.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3940675302-785021557-2801149589-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Nörpel\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll No File
FF Extension: Avira Browser Safety - C:\Users\Nörpel\AppData\Roaming\Mozilla\Firefox\Profiles\ur5wwrnu.default\Extensions\abs@avira.com [2014-12-13]
FF Extension: No Name - C:\Users\Nörpel\AppData\Roaming\Mozilla\Firefox\Profiles\ur5wwrnu.default\Extensions\{3ECB0610-B265-46A4-9BA8-CC4B1B256FAC} [2013-09-13]
FF Extension: Hilfe Assistent - C:\Users\Nörpel\AppData\Roaming\Mozilla\Firefox\Profiles\ur5wwrnu.default\Extensions\{} [2014-11-04]
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-08-17]
FF HKLM-x32\...\Firefox\Extensions: [{6fe60cba-b80c-4394-8128-96b46aa7c821}] - C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\browser\deploy\fs_firefox_https
FF Extension: Browsing Protection - C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\browser\deploy\fs_firefox_https [2014-11-19]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.de/
CHR Profile: C:\Users\Nörpel\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Nörpel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-20]
CHR Extension: (Adblock Plus) - C:\Users\Nörpel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-09-20]
CHR Extension: (Video Downloader professional) - C:\Users\Nörpel\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2014-09-20]
CHR Extension: (XKit) - C:\Users\Nörpel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpfgeeomkfdefkckijiabdbogjkdaecd [2014-10-30]
CHR Extension: (Social Fixer for Facebook) - C:\Users\Nörpel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb [2014-09-20]
CHR Extension: (Browsing Protection by F-Secure) - C:\Users\Nörpel\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmjjnhpacphpjmnnlnccpfmhkcloaade [2014-09-20]
CHR Extension: (Gutscheinaffe) - C:\Users\Nörpel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfoleljfffgljekfndmmfbcmhkgeellb [2014-09-20]
CHR Extension: (Google Wallet) - C:\Users\Nörpel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-20]
CHR Extension: (Tumblr Savior) - C:\Users\Nörpel\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefddkjnflmjbclpnnoegglmmdfkidip [2014-09-20]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [jmjjnhpacphpjmnnlnccpfmhkcloaade] - C:/Program Files (x86)/F-Secure/apps/CCF_Scanning/bin/browser/install/fs_chrome_https/fs_chrome_https.crx [2014-06-25]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

Locked "vdrv1000" service was unlocked successfully. <===== ATTENTION

R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-17] (Adobe Systems Incorporated)
R2 AdobeActiveFileMonitor12.0; C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [181152 2013-09-25] (Adobe Systems Incorporated)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [164656 2014-10-22] (Avira Operations GmbH & Co. KG)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
R2 FirebirdGuardianDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe [98304 2010-09-17] (Firebird Project) [File not signed]
R3 FirebirdServerDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe [3735552 2010-09-17] (Firebird Project) [File not signed]
R2 fshoster; C:\Program Files (x86)\F-Secure\fshoster32.exe [187432 2014-07-08] (F-Secure Corporation)
R3 FSMA; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE [216104 2014-06-24] (F-Secure Corporation)
R2 FSORSPClient; C:\Program Files (x86)\F-Secure\apps\CCF_Reputation\fsorsp.exe [60456 2014-06-24] (F-Secure Corporation)
R2 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2079520 2012-05-17] (Microsoft Corp.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] ()
R2 nlsX86cc; C:\Windows\SysWOW64\nlssrv32.exe [66560 2012-02-27] (Nalpeiron Ltd.) [File not signed]
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 VC10SecS; C:\Program Files (x86)\Virtual CD v10\System\VC10SecS.exe [147464 2013-01-08] (H+H Software GmbH)
S2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1157056 2012-09-19] (Western Digital )
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [248248 2012-09-19] (Western Digital)
S2 WDRulesService; C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [1177536 2012-09-19] (Western Digital )
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-11-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-11-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-11-24] (Avira Operations GmbH & Co. KG)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [134696 2012-02-02] (Broadcom Corporation.)
R3 F-Secure Gatekeeper; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [207400 2014-11-19] (F-Secure Corporation)
R1 F-Secure HIPS; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\HIPS\drivers\fshs.sys [71112 2014-11-18] (F-Secure Corporation)
R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [56016 2014-11-19] ()
R3 fsni; C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\fsni64.sys [89640 2014-12-02] (F-Secure Corporation)
R1 fsvista; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [13352 2014-06-24] ()
R3 L1C; C:\Windows\System32\DRIVERS\L1C60x64.sys [99440 2012-03-02] (Qualcomm Atheros Co., Ltd.)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-12-24] (Marvell Semiconductor, Inc.)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation)
R3 SmbDrvIntel; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [27408 2012-03-26] (Synaptics Incorporated)
R0 tclondrv; C:\Windows\System32\DRIVERS\tclondrv.sys [26856 2012-02-24] (TuneClone Software)
R1 vdrv1000; C:\Windows\System32\DRIVERS\vdrv1000.sys [226080 2012-12-06] (H+H Software GmbH)
S3 HH10Help.sys; \??\C:\Windows\system32\drivers\HH10Help.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-14 13:33 - 2014-12-14 13:34 - 00024605 _____ () C:\Users\Nörpel\Downloads\FRST.txt
2014-12-14 13:31 - 2014-12-14 13:34 - 00000000 ____D () C:\FRST
2014-12-14 13:30 - 2014-12-14 13:30 - 02119168 _____ (Farbar) C:\Users\Nörpel\Downloads\FRST64.exe
2014-12-14 13:30 - 2014-12-14 13:30 - 00000474 _____ () C:\Users\Nörpel\Desktop\defogger_disable.log
2014-12-14 13:30 - 2014-12-14 13:30 - 00000000 _____ () C:\Users\Nörpel\defogger_reenable
2014-12-14 13:29 - 2014-12-14 13:29 - 00050477 _____ () C:\Users\Nörpel\Downloads\Defogger.exe
2014-12-14 08:47 - 2014-12-14 08:47 - 00000000 ____D () C:\Users\Nörpel\Documents\TuneClone
2014-12-13 17:54 - 2014-12-13 17:54 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-12-13 17:50 - 2014-12-13 17:50 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-13 17:49 - 2014-12-13 17:49 - 00000000 ____D () C:\Users\Nörpel\AppData\Roaming\Avira
2014-12-13 17:46 - 2014-12-13 17:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-12-13 17:45 - 2014-12-13 17:53 - 00000000 ____D () C:\ProgramData\Avira
2014-12-13 17:45 - 2014-12-13 17:53 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-12-13 17:45 - 2014-11-24 10:23 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-12-13 17:45 - 2014-11-24 10:23 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-12-13 17:45 - 2014-11-24 10:23 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-12-13 17:40 - 2014-12-13 17:43 - 154051656 _____ () C:\Users\Nörpel\Downloads\avira_free_antivirus468_de.exe
2014-12-13 16:08 - 2014-12-13 16:08 - 00294792 _____ () C:\Windows\Minidump\121314-62618-01.dmp
2014-12-13 13:28 - 2014-12-13 13:28 - 00131072 ___HT () C:\Users\Nörpel\Documents\~backup.pst.tmp
2014-12-13 09:48 - 2014-12-13 10:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-12-13 09:45 - 2014-12-13 09:46 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-12-13 09:37 - 2014-12-13 09:37 - 00000000 ____D () C:\Users\Nörpel\AppData\Local\F-Secure
2014-12-12 20:06 - 2014-12-12 20:07 - 00294696 _____ () C:\Windows\Minidump\121214-23259-01.dmp
2014-12-12 14:57 - 2014-12-12 14:57 - 80455980 _____ () C:\Users\Nörpel\Downloads\Stephen Colbert interviewing Smaug - YouTube.mp4
2014-12-11 18:44 - 2014-12-11 18:44 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-11 14:28 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-11 14:28 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-11 13:54 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-11 13:54 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-11 13:53 - 2014-12-04 03:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-11 13:53 - 2014-12-04 03:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-11 13:53 - 2014-12-04 03:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-11 13:53 - 2014-12-04 03:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-11 13:53 - 2014-12-04 03:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-11 13:53 - 2014-12-04 03:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-11 13:53 - 2014-12-04 03:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-11 13:53 - 2014-12-02 00:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-11 13:50 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-11 13:50 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-11 13:50 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-11 13:50 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-11 13:50 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-11 13:50 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-11 13:50 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-11 13:50 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-11 13:50 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-11 13:50 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-11 13:50 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-11 13:50 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-11 13:50 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-11 13:50 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-11 13:50 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-11 13:50 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-11 13:50 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-11 13:50 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-11 13:50 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-11 13:50 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-11 13:50 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-11 13:49 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-11 13:49 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-11 13:49 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-11 13:49 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-11 13:49 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-11 13:49 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-11 13:49 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-11 13:49 - 2014-11-22 03:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-11 13:49 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-11 13:49 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-11 13:49 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-11 13:49 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-11 13:49 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-11 13:49 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-11 13:49 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-11 13:49 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-11 13:49 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-11 13:49 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-11 13:49 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-11 13:49 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-11 13:49 - 2014-11-22 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-11 13:49 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-11 13:49 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-11 13:49 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-11 13:49 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-11 13:49 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-11 13:49 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-11 13:49 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-11 13:49 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-11 13:49 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-11 13:49 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-11 13:49 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-11 13:49 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-11 13:49 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-11 13:48 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-11 13:41 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-11 13:40 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-11 13:40 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-11 13:40 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-11 13:40 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-11 13:40 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-11 13:40 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-11 13:40 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-11 13:40 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-11 13:40 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-11 13:40 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-11 13:40 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-11 13:39 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-11 13:32 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-11 13:32 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-10 22:24 - 2014-12-10 22:25 - 31821362 _____ () C:\Users\Nörpel\Downloads\the-making-of-nine-kisses 31255_1_great-performers_wg_480p.mp4
2014-12-10 18:51 - 2014-12-10 18:52 - 08378025 _____ () C:\Users\Nörpel\Downloads\This Years Great Actors in 9 Kisses - NYTimescom.mp4
2014-12-09 21:12 - 2014-12-09 21:12 - 03981488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-12-09 19:59 - 2014-12-09 20:10 - 320480110 _____ () C:\Users\Nörpel\Downloads\nomad.zip
2014-12-08 22:07 - 2014-12-08 22:14 - 456103772 _____ () C:\Users\Nörpel\Downloads\wunsch.mkv
2014-12-03 17:22 - 2014-12-03 17:22 - 00001009 _____ () C:\Users\Nörpel\Desktop\VirtualDJ Broadcaster.lnk
2014-12-03 17:22 - 2014-12-03 17:22 - 00000000 ____D () C:\Users\Nörpel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ
2014-12-03 17:14 - 2014-12-03 17:15 - 38225644 _____ () C:\Users\Nörpel\Downloads\install_virtualdj_broadcaster_v7.4.2.msi
2014-12-02 22:19 - 2014-12-02 22:19 - 17154537 _____ () C:\Users\Nörpel\Downloads\The Hobbit The Battle of the Five Armies Benedict Cumberbatch Smaug Behind the Scenes Interview - YouTube.mp4
2014-12-01 21:56 - 2014-12-01 21:56 - 17107593 _____ () C:\Users\Nörpel\Downloads\Richard Armitage Interview #1 - Hobbit The Battle of the Five Armies World Premiere - YouTube.mp4
2014-12-01 21:56 - 2014-12-01 21:56 - 14537117 _____ () C:\Users\Nörpel\Downloads\Tom Hiddleston's interview after winning Best Actor at Evening Standard Theatre Awards 2014 - YouTube.mp4
2014-12-01 21:02 - 2014-12-01 21:13 - 903727347 _____ () C:\Users\Nörpel\Downloads\89. TOM HIDDLESTON 2009 from Shakespeare's Globe Theatre on Vimeo.mp4
2014-12-01 20:06 - 2014-12-01 20:18 - 903727347 _____ () C:\Users\Nörpel\Downloads\Globe Player  Shakespeares Globe.mp4
2014-12-01 18:08 - 2014-12-01 18:24 - 269778568 _____ () C:\Users\Nörpel\Downloads\Evening Standard Theatre Awards.mp4
2014-11-30 18:27 - 2014-11-30 18:27 - 10144653 _____ () C:\Users\Nörpel\Downloads\Tom Hiddleston- how Shakespeare seeped into my bones – video.mp4
2014-11-28 18:55 - 2014-11-28 18:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mIRC
2014-11-28 18:49 - 2014-11-28 18:49 - 02471776 _____ (mIRC Co. Ltd.) C:\Users\Nörpel\Downloads\mirc738.exe
2014-11-28 17:46 - 2014-11-28 17:46 - 00021358 _____ () C:\Users\Nörpel\Downloads\theme_#40_-_crepuscular.txt
2014-11-27 22:00 - 2014-11-27 22:00 - 00024424 _____ () C:\Users\Nörpel\Downloads\storiesbeforebedtime.htm
2014-11-25 18:38 - 2014-11-25 18:38 - 00076781 _____ () C:\Users\Nörpel\Downloads\pass.pkpass
2014-11-23 17:14 - 2014-11-23 17:15 - 17711760 _____ (Adobe Systems Inc.) C:\Users\Nörpel\Downloads\AdobeAIRInstaller (1).exe
2014-11-22 17:29 - 2014-11-22 17:30 - 08584743 _____ () C:\Users\Nörpel\Downloads\Tom Hiddleston Funny Moments.mp4
2014-11-22 17:28 - 2014-11-22 17:30 - 07571087 _____ () C:\Users\Nörpel\Downloads\Tom Hiddleston and Clark Gregg Interview - Comic Con 2010.mp4
2014-11-22 17:27 - 2014-11-22 17:30 - 32956046 _____ () C:\Users\Nörpel\Downloads\Tom Hiddleston Live Below The Line Day 5.mp4
2014-11-22 17:26 - 2014-11-22 17:27 - 09969377 _____ () C:\Users\Nörpel\Downloads\Coriolanus - Until the end of time.mp4
2014-11-20 21:59 - 2014-11-20 21:59 - 00000000 ____D () C:\Windows\SysWOW64\NV
2014-11-20 21:59 - 2014-11-20 21:59 - 00000000 ____D () C:\Windows\system32\NV
2014-11-19 17:37 - 2014-11-19 17:37 - 00000657 _____ () C:\Windows\fsav_db_setup.log
2014-11-19 17:35 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 17:35 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-19 17:35 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 17:35 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-19 17:34 - 2014-11-19 17:37 - 00070484 _____ () C:\Windows\FSAVINST.LOG
2014-11-19 17:34 - 2014-11-19 17:37 - 00012806 _____ () C:\Windows\FSAVCSIN.LOG
2014-11-19 17:34 - 2014-11-19 17:37 - 00004258 _____ () C:\Windows\fstnbins.LOG
2014-11-19 17:34 - 2014-11-19 17:37 - 00004203 _____ () C:\Windows\FSGKIAIN.log
2014-11-19 17:34 - 2014-11-19 17:37 - 00003969 _____ () C:\Windows\fsavunin.log
2014-11-19 17:34 - 2014-11-19 17:37 - 00001837 _____ () C:\Windows\FSLDIN.LOG
2014-11-19 17:34 - 2014-11-19 17:34 - 00019322 _____ () C:\Windows\fspplugin.log
2014-11-19 17:33 - 2014-11-19 17:37 - 04127734 _____ () C:\Windows\FSISU.log
2014-11-19 17:33 - 2014-11-19 17:37 - 00931286 _____ () C:\Windows\FSSFM.log
2014-11-19 17:33 - 2014-11-19 17:37 - 00816896 _____ () C:\Windows\FSSETUP.log
2014-11-19 17:33 - 2014-11-19 17:37 - 00135798 _____ () C:\Windows\FSPROD.log
2014-11-19 17:33 - 2014-11-19 17:37 - 00090137 _____ () C:\Windows\RunSetup.log
2014-11-19 17:33 - 2014-11-19 17:36 - 00140701 _____ () C:\Windows\FSDEPH.log
2014-11-19 17:17 - 2014-11-19 17:17 - 00001943 _____ () C:\Users\Public\Desktop\F-Secure.lnk
2014-11-19 17:17 - 2014-11-19 17:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\F-Secure

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-14 13:34 - 2013-08-09 23:17 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-14 13:30 - 2013-08-09 19:59 - 00000000 ____D () C:\Users\Nörpel
2014-12-14 13:12 - 2013-08-14 07:07 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-14 12:55 - 2013-08-09 01:50 - 01747458 _____ () C:\Windows\WindowsUpdate.log
2014-12-14 10:42 - 2014-09-22 16:35 - 00003121 _____ () C:\Windows\setupact.log
2014-12-14 09:11 - 2013-12-12 09:57 - 00000000 ____D () C:\Users\Nörpel\AppData\Local\882DAF1D-8434-4E53-A1C5-213DF6125504.aplzod
2014-12-14 09:11 - 2013-08-11 07:21 - 00000000 ____D () C:\Users\Nörpel\Documents\Outlook-Dateien
2014-12-14 09:03 - 2009-07-14 05:45 - 00028912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-14 09:02 - 2009-07-14 05:45 - 00028912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-14 08:47 - 2013-08-09 23:17 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-14 08:45 - 2014-09-29 09:04 - 00189196 _____ () C:\Windows\PFRO.log
2014-12-14 08:45 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-14 02:12 - 2013-08-10 00:29 - 00000000 ____D () C:\Users\Nörpel\AppData\Local\Adobe
2014-12-13 16:08 - 2014-10-16 17:54 - 706277181 _____ () C:\Windows\MEMORY.DMP
2014-12-13 16:08 - 2014-01-01 21:28 - 00000000 ____D () C:\Windows\Minidump
2014-12-13 15:10 - 2009-07-14 05:45 - 00517744 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-13 10:08 - 2013-08-09 20:04 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-12-13 10:08 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-12-13 09:58 - 2013-08-09 23:17 - 00113296 _____ () C:\Users\Nörpel\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-12 20:51 - 2013-08-09 23:25 - 00000000 ____D () C:\Users\Nörpel\AppData\Roaming\mIRC
2014-12-12 19:52 - 2013-08-11 13:38 - 00000000 ____D () C:\Users\Nörpel\Documents\fanfic
2014-12-12 10:29 - 2014-11-04 18:39 - 00000000 ____D () C:\Users\Nörpel\AppData\Local\dtag
2014-12-12 08:32 - 2013-08-09 23:18 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-11 19:16 - 2013-08-12 15:41 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-11 18:45 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-11 18:44 - 2014-05-06 16:59 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-11 18:43 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-11 18:21 - 2013-08-13 08:27 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-11 17:45 - 2013-08-10 00:57 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-09 21:13 - 2013-08-14 07:07 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-09 21:13 - 2013-08-14 07:07 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-09 21:13 - 2013-08-14 07:07 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-08 22:15 - 2013-12-11 18:00 - 00000000 ____D () C:\Users\Nörpel\AppData\Roaming\vlc
2014-12-07 19:14 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-12-05 19:58 - 2013-08-09 20:04 - 00000000 ____D () C:\Users\Nörpel\AppData\Local\Microsoft Help
2014-12-03 17:22 - 2014-08-13 17:54 - 00000000 ____D () C:\Users\Nörpel\Documents\VirtualDJ
2014-12-03 17:22 - 2014-08-13 17:54 - 00000000 ____D () C:\Program Files (x86)\VirtualDJ
2014-12-01 22:04 - 2014-06-27 17:00 - 00001188 _____ () C:\Users\Nörpel\Desktop\Amazon Music.lnk
2014-12-01 21:13 - 2014-09-06 09:53 - 00000000 ____D () C:\ProgramData\VideoDownloaderUltimateWinApp
2014-11-28 18:55 - 2013-08-09 23:25 - 00000951 _____ () C:\Users\Public\Desktop\mIRC.lnk
2014-11-28 18:55 - 2013-08-09 23:25 - 00000000 ____D () C:\Program Files (x86)\mIRC
2014-11-26 20:15 - 2013-12-04 13:35 - 00000651 _____ () C:\Users\Nörpel\Documents\pnpk.txt
2014-11-20 21:59 - 2013-08-10 08:07 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-11-19 17:44 - 2014-11-04 18:39 - 00000000 ____D () C:\Users\Nörpel\AppData\Local\mquadr.at
2014-11-19 17:44 - 2013-08-09 21:34 - 00056016 _____ () C:\Windows\system32\Drivers\fsbts.sys
2014-11-19 17:40 - 2013-08-09 21:27 - 00000000 ____D () C:\Program Files (x86)\F-Secure
2014-11-19 17:36 - 2013-08-09 21:33 - 00020499 _____ () C:\Windows\prodsett_copy.ini
2014-11-19 17:24 - 2013-08-09 21:26 - 00000000 ____D () C:\ProgramData\F-Secure
2014-11-16 19:14 - 2013-08-23 13:13 - 00001456 _____ () C:\Users\Nörpel\AppData\Local\Adobe Für Web speichern 12.0 Prefs
2014-11-14 19:29 - 2013-08-09 23:17 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-14 19:28 - 2013-08-09 23:17 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

Some content of TEMP:
====================
C:\Users\Nörpel\AppData\Local\Temp\avgnt.exe
C:\Users\Nörpel\AppData\Local\Temp\mirc738.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-07 19:04

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-12-2014
Ran by Nörpel at 2014-12-14 13:35:02
Running from C:\Users\Nörpel\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Antivirus (Enabled - Up to date) {0F70A6C4-76E4-6A3B-2695-519F428B1C20}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Antivirus (Enabled - Up to date) {B4114720-50DE-65B5-1C25-6AED390C569D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Photoshop Elements 11 (HKLM-x32\...\Adobe Photoshop Elements 11) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.6 64-bit (HKLM\...\{D19E99C2-6D9D-4075-B446-B4387EAF70A5}) (Version: 5.6.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 11 (HKLM\...\PremElem110) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 11 (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Premiere Elements 12 (HKLM\...\PremElem120) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 12 (Version: 12.0 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Amazon Music (HKU\S-1-5-21-3940675302-785021557-2801149589-1000\...\Amazon Amazon Music) (Version: 3.7.0.693 - Amazon Services LLC)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audible Download Manager (HKLM-x32\...\AudibleDownloadManager) (Version: 6.6.0.15 - Audible, Inc.)
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 1995259134.48.56.36965610 - Audible, Inc.)
Avira (HKLM-x32\...\{4241d738-563d-4685-803c-e58b90a2e5e8}) (Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Biet-O-Matic v2.14.12 (HKLM-x32\...\Biet-O-Matic v2.14.12) (Version: 2.14.12 - BOM Development Team)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version:  - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version:  - )
Canon Utilities Digital Photo Professional (HKLM-x32\...\Digital Photo Professional) (Version: 3.12.52.0 - Canon Inc.)
Canon Utilities EOS Sample Music (HKLM-x32\...\EOS Sample Music) (Version: 1.0.1.1 - Canon Inc.)
Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.12.11.0 - Canon Inc.)
Canon Utilities ImageBrowser EX (HKLM-x32\...\ImageBrowser EX) (Version: 1.4.0.5 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.12.2.0 - Canon Inc.)
CanoScan LiDE 110 Scanner Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_cnq2414) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.1.0.0 - Citrix Systems, Inc.)
Computer Security 14.115.100.0 (release) (x32 Version: 14.115.100.0 - F-Secure Corporation) Hidden
Dropbox (HKU\S-1-5-21-3940675302-785021557-2801149589-1000\...\Dropbox) (Version: 2.10.28 - Dropbox, Inc.)
Elements 11 Organizer (x32 Version: 11.0 - Ihr Firmenname) Hidden
Elements 12 Organizer (x32 Version: 12.0 - Ihr Firmenname) Hidden
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 7.0.3.4 - Lenovo)
Energy Management (x32 Version: 7.0.3.4 - Lenovo) Hidden
EnergyCut (HKLM-x32\...\{6E127727-CE4B-40E4-9A7D-9D65CDE0A15C}) (Version: 1.00 - Lenovo)
Firebird 2.5.0.26074 (Win32) (HKLM-x32\...\FBDBServer_2_5_is1) (Version: 2.5.0.26074 - Firebird Project)
Flixster (HKLM-x32\...\com.wb.DC2) (Version: 0.1.26 - Warner Bros. Entertainment Inc.)
Flixster (x32 Version: 0.1.26 - Warner Bros. Entertainment Inc.) Hidden
Free MP4 Video Converter version 5.0.32.1230 (HKLM-x32\...\Free MP4 Video Converter_is1) (Version: 5.0.32.1230 - DVDVideoSoft Ltd.)
F-Secure (HKLM-x32\...\F-Secure ServiceEnabler 666) (Version: 2.15.358.0 - F-Secure Corporation)
F-Secure (x32 Version: 2.15.358.0 - F-Secure Corporation) Hidden
F-Secure CCF Reputation (x32 Version: 2.0.1337.0 - F-Secure) Hidden
F-Secure CCF Scanning 1.51.111.300 (release) (x32 Version: 1.51.111.300 - F-Secure Corporation) Hidden
F-Secure Network CCF 1.02.141 (x32 Version: 1.02.141 - F-Secure Corporation) Hidden
F-Secure SafeSearch 1.03.159.0 (release) (x32 Version: 1.03.159.0 - F-Secure Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version:  - )
hppusgP1100P1560P1600Series (x32 Version: 1.0.0.1 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{2AAF09D5-4B3F-4975-B6A9-ECE2631FC942}) (Version: 4.0.5.20 - Apple Inc.)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) 3.0 + High Speed (HKLM\...\{2C0E6BD4-65B1-4E82-B2AC-43EFFC8F100C}) (Version: 15.0.0.0059 - Intel Corporation)
Intel® PROSet/Wireless WiFi-Software (HKLM\...\{DF7756DD-656A-45C3-BA71-74673E8259A9}) (Version: 15.00.0000.0642 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 365 Small Business Premium - de-de (HKLM\...\O365SmallBusPremRetail - de-de) (Version: 15.0.4675.1002 - Microsoft Corporation)
Microsoft Office Live Meeting 2007 (HKLM-x32\...\{0309B99E-C7EA-414C-AC53-A78061277595}) (Version: 8.0.6362.223 - Microsoft Corporation)
Microsoft Online Services-Anmeldeassistent (HKLM\...\{46E637E2-AC34-4B45-B5DF-D20903A3DB61}) (Version: 7.250.4303.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft_VC90_CRT_x86 (HKLM-x32\...\{DF2035BE-5820-4965-BD97-7FAF8D4A7879}) (Version: 1.0.0 - Microsoft Corporation)
mIRC (HKLM-x32\...\mIRC) (Version: 7.38 - mIRC Co. Ltd.)
Mozilla Firefox 23.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 23.0 (x86 de)) (Version: 23.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 23.0 - Mozilla)
MSI to redistribute MS VS2005 CRT libraries (HKLM-x32\...\{A8D93648-9F7F-407D-915C-62044644C3DA}) (Version: 8.0.50727.42 - The Firebird Project)
NVIDIA Grafiktreiber 327.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.62 - NVIDIA Corporation)
NVIDIA Update 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1002 - Microsoft Corporation) Hidden
Online Plug-in (x32 Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden
Online Safety 2.115.2783.1598 (x32 Version: 2.115.2783.1598 - F-Secure Corporation) Hidden
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.1 - pdfforge)
Portrait Professional 11.3 (HKLM-x32\...\PortraitProfessional11_is1) (Version: 11.3 - Anthropics Technology Ltd.)
PRE11 STI 64Installer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PRE12 STI 64Installer (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
PSE11 STI Installer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Saal Design Software (HKLM-x32\...\SaalDesignSoftware) (Version: 3.2.11 - SSW Software GmbH)
Saal Design Software (x32 Version: 3.2.11 - SSW Software GmbH) Hidden
SAM Broadcaster v4 (HKLM-x32\...\SAM3) (Version: v4 - Spacial Audio Solutions, LLC)
Self-Service Plug-in (x32 Version: 4.1.0.41738 - Citrix Systems, Inc.) Hidden
Silver Efex Pro 2 (HKLM-x32\...\Silver Efex Pro 2) (Version: 2.0.0.4 - Nik Software, Inc.)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
TeamSpeak 3 Client (HKU\S-1-5-21-3940675302-785021557-2801149589-1000\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.29947 - TeamViewer)
TuneClone 2.20 (HKLM\...\TuneClone_is1) (Version:  - TuneClone.com)
TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.89 - TuneUp Software) Hidden
TuneUp Utilities 2014 (x32 Version: 14.0.1000.89 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (x32 Version: 13.0.3000.132 - TuneUp Software) Hidden
TweetDeck (HKLM-x32\...\{E2031233-3B7C-4DFC-9319-197626C011C3}) (Version: 3.1.3 - Twitter, Inc.)
VideoDownloaderUltimate (HKU\S-1-5-21-3940675302-785021557-2801149589-1000\...\VideoDownloaderUltimateWinApp) (Version: 1.0.1.25 - Link64)
Virtual CD v10 (HKLM-x32\...\{10C51313-A308-4B40-90E3-B368D5882660}) (Version: 10.00.0 - H+H Software GmbH)
Virtual DJ Broadcaster - Atomix Productions (HKLM-x32\...\Virtual DJ Broadcaster - Atomix Productions) (Version:  - )
VirtualDJ Broadcaster (HKLM-x32\...\{3575B758-28E1-4AA8-AFC4-D597CC4C7B14}) (Version: 7.4.2 - Atomix Productions)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WD SmartWare (HKLM\...\{6FE8A1DA-8CA6-4801-BF0F-0F2FED143FF4}) (Version: 1.6.4.7 - Western Digital Technologies, Inc.)
Windows-Treiberpaket - Lenovo (ACPIVPC) System  (12/15/2011 7.1.0.1) (HKLM\...\99841829BE839365AA67B2AD0E50D371F59F8A1E) (Version: 12/15/2011 7.1.0.1 - Lenovo)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3940675302-785021557-2801149589-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Nörpel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3940675302-785021557-2801149589-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nörpel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3940675302-785021557-2801149589-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nörpel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3940675302-785021557-2801149589-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nörpel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3940675302-785021557-2801149589-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nörpel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3940675302-785021557-2801149589-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nörpel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3940675302-785021557-2801149589-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nörpel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3940675302-785021557-2801149589-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nörpel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3940675302-785021557-2801149589-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nörpel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {04F0F09A-C80B-42C4-BDEC-025F8AE069C7} - System32\Tasks\AdobeAAMUpdater-1.0-Nikki-Nörpel => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-06-03] (Adobe Systems Incorporated)
Task: {23CB8F4A-7347-42B4-A501-596FA776B4E8} - System32\Tasks\{86543869-AF17-4FE5-9A09-7CA58286CF44} => pcalua.exe -a "C:\Program Files (x86)\Xobni\UninstallerWizard.exe"
Task: {410A26EC-C56F-46E1-8D9D-D7ACB5BA4533} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-09] (Google Inc.)
Task: {435EA097-488D-44A4-B1E9-A2AADCE022D9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09] (Adobe Systems Incorporated)
Task: {4C09990C-8614-4513-8288-E5B000965511} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {563D8042-AD99-4162-955E-1BD54EA44D2A} - System32\Tasks\{2A53FE39-BA48-4BE9-B6F4-69A911F157D3} => pcalua.exe -a "C:\Users\Nörpel\Downloads\l1egc02us24 (6).exe" -d C:\Users\Nörpel\Downloads
Task: {5A70E517-2F45-444F-B04A-7F78241531B4} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {66CD5069-17A8-404C-A8C5-92F70776F13D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A9AC62CD-9E33-4657-B259-46274BB18374} - System32\Tasks\{D9BAB9D6-9A37-4FBD-A330-8B43D378F0F9} => pcalua.exe -a "C:\Users\Nörpel\Downloads\l1egc02us24 (1).exe" -d C:\Users\Nörpel\Downloads
Task: {E671DB88-890B-43C1-BDE5-F4DEB617ED41} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)
Task: {F54F85C1-8E2D-47FF-BE31-54EC02812535} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-09] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-08-12 07:37 - 2012-08-31 14:03 - 00288768 _____ () C:\Windows\System32\HP1100LM.DLL
2013-08-12 07:37 - 2012-08-31 14:02 - 00074240 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HP1100PP.DLL
2013-08-10 08:07 - 2013-10-29 00:38 - 00097568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-09-12 19:56 - 2014-09-12 19:54 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2014-09-12 19:56 - 2014-09-12 19:54 - 01509936 _____ () C:\Program Files (x86)\Lenovo\Energy Management\EMWpfUI.dll
2012-03-10 15:31 - 2014-09-12 19:54 - 00012336 _____ () C:\Program Files (x86)\Lenovo\Energy Management\de-DE\EMWpfUI.resources.dll
2014-09-12 19:56 - 2014-09-12 19:54 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2014-06-27 17:00 - 2014-11-19 01:55 - 06277952 _____ () C:\Users\Nörpel\AppData\Local\Amazon Music\Amazon Music Helper.exe
2012-10-08 10:42 - 2013-12-26 19:42 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2014-12-13 09:45 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-12-14 13:29 - 2014-12-14 13:29 - 00050477 _____ () C:\Users\Nörpel\Downloads\Defogger.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\ProgramData\TEMP:0B174FAE

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ImageBrowser EX Agent.lnk => C:\Windows\pss\ImageBrowser EX Agent.lnk.CommonStartup
MSCONFIG\startupreg: (default) => 
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CanonSolutionMenuEx => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: HPUsageTrackingLEDM => "C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT LEDM\"
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: VC10Player => C:\Program Files (x86)\Virtual CD v10\System\VC10Play.exe
MSCONFIG\startupreg: WD Quick View => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-3940675302-785021557-2801149589-500 - Administrator - Disabled)
Gast (S-1-5-21-3940675302-785021557-2801149589-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3940675302-785021557-2801149589-1003 - Limited - Enabled)
Nörpel (S-1-5-21-3940675302-785021557-2801149589-1000 - Administrator - Enabled) => C:\Users\Nörpel
UpdatusUser (S-1-5-21-3940675302-785021557-2801149589-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/14/2014 01:35:08 PM) (Source: FSecure-FSecure-F-Secure DeepGuard) (EventID: 103) (User: )
Description: 1  2014-12-14  13:35:08+02:00  NIKKI  SYSTEM  F-Secure DeepGuard
 Application was blocked. This was determined to be a high-risk application by system control heuristics.
 Application path: \\?\c:\windows\mod_frst.exe
 File hash: 4bb423ae4bf7b46ba1cd43c521cf9314c03cf8c4

Error: (12/14/2014 00:56:42 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Aus einem der folgenden Gründe kann nicht auf die Datei "C:\Program Files (x86)\F-Secure\fs_ccf_guts2_plugin_32.dll" zugegriffen werden:
Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit der gespeicherten Datei bzw. den auf dem Computer installierten
Speichertreibern, oder der Datenträger fehlt.
Das Programm F-Secure Host Process wurde wegen dieses Fehlers geschlossen.

Programm: F-Secure Host Process
Datei: C:\Program Files (x86)\F-Secure\fs_ccf_guts2_plugin_32.dll

Der Fehlerwert ist im Abschnitt "Zusätzliche Dateien" aufgelistet.
Benutzeraktion
1. Öffnen Sie die Datei erneut.
Diese Situation ist eventuell ein temporäres Problem, das selbstständig behoben wird, wenn das Programm erneut ausgeführt wird.
2.
Wenn Sie weiterhin nicht auf die Datei zugreifen können und
	- diese sich im Netzwerk befindet, 
dann sollte der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem besteht und dass eine Verbindung mit dem Server hergestellt werden kann.
	- diese sich auf einem Wechseldatenträger, wie z. B. einer Diskette oder einer CD, befindet, überprüfen Sie, ob der Datenträger richtig in den Computer eingelegt ist.
3. Überprüfen und reparieren Sie das Dateisystem, indem Sie CHKDSK ausführen. Klicken Sie dazu im Menü "Start" auf "Ausführen", geben Sie CMD ein, und klicken Sie auf "OK". Geben Sie an der Eingabeaufforderung CHKDSK /F ein, und drücken Sie die EINGABETASTE.
4. Stellen Sie die Datei von einer Sicherungskopie wieder her, wenn das Problem weiterhin besteht.
5. Überprüfen Sie, ob andere Dateien auf demselben Datenträger geöffnet werden können. Falls dies nicht möglich ist, ist der Datenträger eventuell beschädigt. 
Wenden Sie sich an den Administrator oder den Hersteller der Computerhardware, um weitere Unterstützung zu erhalten, wenn es sich um eine Festplatte handelt.

Zusätzliche Daten
Fehlerwert: C0000185
Datenträgertyp: 3

Error: (12/14/2014 00:56:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: fshoster32.exe, Version: 1.5.833.0, Zeitstempel: 0x53a88800
Name des fehlerhaften Moduls: fs_ccf_guts2_plugin_32.dll, Version: 2.1.271.0, Zeitstempel: 0x5436a2be
Ausnahmecode: 0xc0000006
Fehleroffset: 0x0001b000
ID des fehlerhaften Prozesses: 0x8f0
Startzeit der fehlerhaften Anwendung: 0xfshoster32.exe0
Pfad der fehlerhaften Anwendung: fshoster32.exe1
Pfad des fehlerhaften Moduls: fshoster32.exe2
Berichtskennung: fshoster32.exe3

Error: (12/14/2014 10:42:28 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 46769

Error: (12/14/2014 10:42:28 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 46769

Error: (12/14/2014 10:42:28 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/14/2014 10:42:13 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 31184

Error: (12/14/2014 10:42:13 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 31184

Error: (12/14/2014 10:42:13 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/14/2014 10:41:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15584


System errors:
=============
Error: (12/14/2014 01:14:17 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (12/14/2014 01:14:17 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (12/14/2014 01:14:16 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (12/14/2014 00:57:55 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "F-Secure Dll Hoster" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (12/14/2014 00:56:14 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst fshoster erreicht.

Error: (12/14/2014 10:42:23 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Microsoft Office-Klick-und-Los-Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (12/14/2014 10:42:11 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ShellHWDetection erreicht.

Error: (12/14/2014 10:41:41 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ShellHWDetection erreicht.

Error: (12/14/2014 10:41:11 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst iphlpsvc erreicht.

Error: (12/14/2014 10:40:41 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst SysMain erreicht.


Microsoft Office Sessions:
=========================
Error: (12/14/2014 01:35:08 PM) (Source: FSecure-FSecure-F-Secure DeepGuard) (EventID: 103) (User: )
Description: 1  2014-12-14  13:35:08+02:00  NIKKI  SYSTEM  F-Secure DeepGuard
 Application was blocked. This was determined to be a high-risk application by system control heuristics.
 Application path: \\?\c:\windows\mod_frst.exe
 File hash: 4bb423ae4bf7b46ba1cd43c521cf9314c03cf8c4

Error: (12/14/2014 00:56:42 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: C:\Program Files (x86)\F-Secure\fs_ccf_guts2_plugin_32.dllF-Secure Host ProcessC00001853

Error: (12/14/2014 00:56:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: fshoster32.exe1.5.833.053a88800fs_ccf_guts2_plugin_32.dll2.1.271.05436a2bec00000060001b0008f001d0177207e00decC:\Program Files (x86)\F-Secure\fshoster32.exeC:\Program Files (x86)\F-Secure\fs_ccf_guts2_plugin_32.dll44333eb9-8388-11e4-8ec9-f4b7e2f1b2d2

Error: (12/14/2014 10:42:28 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 46769

Error: (12/14/2014 10:42:28 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 46769

Error: (12/14/2014 10:42:28 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/14/2014 10:42:13 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 31184

Error: (12/14/2014 10:42:13 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 31184

Error: (12/14/2014 10:42:13 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/14/2014 10:41:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15584


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-3230M CPU @ 2.60GHz
Percentage of memory in use: 31%
Total physical RAM: 8094.36 MB
Available physical RAM: 5549.66 MB
Total Pagefile: 16186.89 MB
Available Pagefile: 13112.77 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:901.13 GB) (Free:99.66 GB) NTFS
Drive d: (penny dreadful) (CDROM) (Total:4.38 GB) (Free:1.95 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: C3FFC3FF)
Partition 1: (Active) - (Size=29.3 GB) - (Type=0C)
Partition 2: (Not Active) - (Size=901.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=1.1 GB) - (Type=12)

==================== End Of Log ============================
         

Geändert von laures (14.12.2014 um 13:08 Uhr) Grund: frst dateien angehängt

Alt 14.12.2014, 13:21   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Win 7 64 bit Programme lassen sich nicht starten, System stürzt ab, nach seltsamem Windows Update - Standard

Win 7 64 bit Programme lassen sich nicht starten, System stürzt ab, nach seltsamem Windows Update



hi,

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________

__________________

Alt 14.12.2014, 13:31   #3
laures
 
Win 7 64 bit Programme lassen sich nicht starten, System stürzt ab, nach seltsamem Windows Update - Standard

Win 7 64 bit Programme lassen sich nicht starten, System stürzt ab, nach seltsamem Windows Update



Lieben Dank, Schrauber, für die schnelle Reaktion! Leider (oder gottseidank?) kein Befund, hier der Report:

Code:
ATTFilter
14:26:58.0669 0x148c  TDSS rootkit removing tool 3.0.0.42 Dec 12 2014 00:35:20
14:27:19.0698 0x148c  ============================================================
14:27:19.0698 0x148c  Current date / time: 2014/12/14 14:27:19.0698
14:27:19.0698 0x148c  SystemInfo:
14:27:19.0698 0x148c  
14:27:19.0698 0x148c  OS Version: 6.1.7601 ServicePack: 1.0
14:27:19.0698 0x148c  Product type: Workstation
14:27:19.0698 0x148c  ComputerName: NIKKI
14:27:19.0698 0x148c  UserName: Nörpel
14:27:19.0698 0x148c  Windows directory: C:\Windows
14:27:19.0698 0x148c  System windows directory: C:\Windows
14:27:19.0698 0x148c  Running under WOW64
14:27:19.0698 0x148c  Processor architecture: Intel x64
14:27:19.0698 0x148c  Number of processors: 4
14:27:19.0698 0x148c  Page size: 0x1000
14:27:19.0698 0x148c  Boot type: Normal boot
14:27:19.0698 0x148c  ============================================================
14:27:23.0348 0x148c  KLMD registered as C:\Windows\system32\drivers\92383009.sys
14:27:23.0785 0x148c  System UUID: {7C54C566-447E-42AD-C2A7-8C694DB37DA6}
14:27:24.0378 0x148c  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:27:24.0394 0x148c  ============================================================
14:27:24.0394 0x148c  \Device\Harddisk0\DR0:
14:27:24.0394 0x148c  MBR partitions:
14:27:24.0394 0x148c  \Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x3A9A172
14:27:24.0394 0x148c  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3A9A1B1, BlocksNum 0x70A419B1
14:27:24.0394 0x148c  ============================================================
14:27:24.0425 0x148c  C: <-> \Device\Harddisk0\DR0\Partition2
14:27:24.0425 0x148c  ============================================================
14:27:24.0425 0x148c  Initialize success
14:27:24.0425 0x148c  ============================================================
14:28:02.0524 0x1ad8  ============================================================
14:28:02.0524 0x1ad8  Scan started
14:28:02.0524 0x1ad8  Mode: Manual; SigCheck; TDLFS; 
14:28:02.0524 0x1ad8  ============================================================
14:28:02.0524 0x1ad8  KSN ping started
14:28:05.0333 0x1ad8  KSN ping finished: true
14:28:07.0300 0x1ad8  ================ Scan system memory ========================
14:28:07.0300 0x1ad8  System memory - ok
14:28:07.0300 0x1ad8  ================ Scan services =============================
14:28:07.0487 0x1ad8  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
14:28:07.0627 0x1ad8  1394ohci - ok
14:28:07.0783 0x1ad8  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
14:28:07.0846 0x1ad8  ACPI - ok
14:28:07.0877 0x1ad8  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
14:28:07.0986 0x1ad8  AcpiPmi - ok
14:28:08.0049 0x1ad8  [ 5E813B11629007309E4FC0F0FD2B7C30, A8FDC3994D236248B7FAEA572E987C8D5903AF5305E06D624909DE786FA811BA ] ACPIVPC         C:\Windows\system32\DRIVERS\AcpiVpc.sys
14:28:08.0095 0x1ad8  ACPIVPC - ok
14:28:08.0267 0x1ad8  [ BF3818B441955E4D438EC72F06F1FE61, 091A80D6A8887B4B5AFF8D12CB5A96AF4A04B125C13BED815B3A776778CD3190 ] AdobeActiveFileMonitor11.0 C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
14:28:08.0314 0x1ad8  AdobeActiveFileMonitor11.0 - ok
14:28:08.0532 0x1ad8  [ 430C19CB511FD6E0DDCD44B42B1810DA, 2EE9FFB0B6DEC653327D8932EC731D81FF86C64A67CD37AABD2022CF04AA487C ] AdobeActiveFileMonitor12.0 C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe
14:28:08.0579 0x1ad8  AdobeActiveFileMonitor12.0 - ok
14:28:08.0688 0x1ad8  [ 4C72FDD915D62EAEF149BD9C73AB9CF4, 8EA45A1B88DFD819F0ADA3AF36D464E1BF52574269592370E0CC8D0490680E1F ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:28:08.0735 0x1ad8  AdobeARMservice - ok
14:28:08.0922 0x1ad8  [ 749F94C424524285DCDA84D695ABC12F, E5AD194AF5B8B4FDB3976D3E3F9EF942DECFEC4EBAA9881A8EF7707BB781E4AD ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:28:09.0250 0x1ad8  AdobeFlashPlayerUpdateSvc - ok
14:28:09.0328 0x1ad8  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
14:28:09.0406 0x1ad8  adp94xx - ok
14:28:09.0468 0x1ad8  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
14:28:09.0624 0x1ad8  adpahci - ok
14:28:09.0687 0x1ad8  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
14:28:09.0733 0x1ad8  adpu320 - ok
14:28:09.0780 0x1ad8  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
14:28:09.0874 0x1ad8  AeLookupSvc - ok
14:28:09.0967 0x1ad8  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
14:28:10.0061 0x1ad8  AFD - ok
14:28:10.0092 0x1ad8  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
14:28:10.0139 0x1ad8  agp440 - ok
14:28:10.0171 0x1ad8  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
14:28:10.0249 0x1ad8  ALG - ok
14:28:10.0280 0x1ad8  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
14:28:10.0327 0x1ad8  aliide - ok
14:28:10.0374 0x1ad8  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
14:28:10.0421 0x1ad8  amdide - ok
14:28:10.0421 0x1ad8  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
14:28:10.0452 0x1ad8  AmdK8 - ok
14:28:10.0452 0x1ad8  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
14:28:10.0483 0x1ad8  AmdPPM - ok
14:28:10.0546 0x1ad8  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
14:28:10.0608 0x1ad8  amdsata - ok
14:28:10.0655 0x1ad8  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
14:28:10.0686 0x1ad8  amdsbs - ok
14:28:10.0702 0x1ad8  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
14:28:10.0717 0x1ad8  amdxata - ok
14:28:10.0764 0x1ad8  [ 449D90F1FB6402773C2F1ECCEAE15F74, D432D3F9D9AD14C70324B13C0A82A5BADC0EA4927B2E49B8BC31A5DEE6440374 ] AMPPAL          C:\Windows\system32\DRIVERS\AMPPAL.sys
14:28:10.0858 0x1ad8  AMPPAL - ok
14:28:10.0858 0x1ad8  [ 449D90F1FB6402773C2F1ECCEAE15F74, D432D3F9D9AD14C70324B13C0A82A5BADC0EA4927B2E49B8BC31A5DEE6440374 ] AMPPALP         C:\Windows\system32\DRIVERS\amppal.sys
14:28:10.0904 0x1ad8  AMPPALP - ok
14:28:11.0029 0x1ad8  [ AB6E5B9333101E414D8F04BC570064F1, 4BB20C0ECE2C655B8E3A40E8C69A7B6974B73D3585AEDF47A0C52582D17BDAF6 ] AMPPALR3        C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
14:28:11.0076 0x1ad8  AMPPALR3 - ok
14:28:11.0357 0x1ad8  [ C2700D35AA42311A32DF7EA09630B401, 35B305916DB91EBC86CA70AF23140684F57CF527A0ADE099A79610335C61E861 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
14:28:11.0404 0x1ad8  AntiVirSchedulerService - ok
14:28:11.0482 0x1ad8  [ C2700D35AA42311A32DF7EA09630B401, 35B305916DB91EBC86CA70AF23140684F57CF527A0ADE099A79610335C61E861 ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
14:28:11.0528 0x1ad8  AntiVirService - ok
14:28:11.0591 0x1ad8  [ 80B9412C4DE09147581FC935FB4C97AB, 0C9661F7B5EF7F9D61981790B7AB64E3375BD117962166619D0CC546A2D014D3 ] AppID           C:\Windows\system32\drivers\appid.sys
14:28:11.0684 0x1ad8  AppID - ok
14:28:11.0716 0x1ad8  [ F71CA01C24FC3798A717B5A6F682F9AD, 8CF1C209E7BBBAD02D6D087293C0B681CDA3170AF119CA2916C2708D8801E749 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
14:28:11.0747 0x1ad8  AppIDSvc - ok
14:28:11.0809 0x1ad8  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
14:28:11.0918 0x1ad8  Appinfo - ok
14:28:12.0121 0x1ad8  [ 650D03E40F93FAE323CB841F80368E5C, F67B97CFDCE2EE9294977725268EFDB0DD724BD16E7ED5BFCA45375AA8EBA5BB ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:28:12.0184 0x1ad8  Apple Mobile Device - ok
14:28:12.0246 0x1ad8  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
14:28:12.0262 0x1ad8  arc - ok
14:28:12.0277 0x1ad8  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
14:28:12.0308 0x1ad8  arcsas - ok
14:28:12.0480 0x1ad8  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
14:28:12.0527 0x1ad8  aspnet_state - ok
14:28:12.0574 0x1ad8  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
14:28:12.0620 0x1ad8  AsyncMac - ok
14:28:12.0652 0x1ad8  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
14:28:12.0667 0x1ad8  atapi - ok
14:28:12.0745 0x1ad8  [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:28:12.0854 0x1ad8  AudioEndpointBuilder - ok
14:28:12.0886 0x1ad8  [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioSrv        C:\Windows\System32\Audiosrv.dll
14:28:12.0932 0x1ad8  AudioSrv - ok
14:28:13.0026 0x1ad8  [ 1B87A1F2FA5B91AC1A7D171B8D952441, 4CB21F6567021DAE6B2E35B9BA84D015580E2DDFEBEB1AA9637BD93F42883DD2 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
14:28:13.0088 0x1ad8  avgntflt - ok
14:28:13.0135 0x1ad8  [ AF61774060F277FE45CBD3A9A8E7D45A, 2F96DC9735BAF017603D72A258BF7A772BF8C4AFECB5AA0CAD8F8E3CCAA0F2B5 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
14:28:13.0182 0x1ad8  avipbb - ok
14:28:13.0339 0x1ad8  [ F21955927D1C99206A8B91DE2CCE85E1, 26A6155CF46123C489CBE19B5B3E3B0D9ED02C9388E57058724B0FFB7D7C08B5 ] Avira.OE.ServiceHost C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
14:28:13.0401 0x1ad8  Avira.OE.ServiceHost - ok
14:28:13.0433 0x1ad8  [ 390184FAD8FCC1B6DA25AEBAE928C3B6, 537B0E0FAE080B55D70E990BBA0F7F22903CA340F6A42039BAD617A8ECF59119 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
14:28:13.0495 0x1ad8  avkmgr - ok
14:28:13.0557 0x1ad8  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
14:28:13.0635 0x1ad8  AxInstSV - ok
14:28:13.0713 0x1ad8  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
14:28:13.0791 0x1ad8  b06bdrv - ok
14:28:13.0838 0x1ad8  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
14:28:13.0885 0x1ad8  b57nd60a - ok
14:28:13.0932 0x1ad8  [ BC9E4469FE2CE605902D4C8BB09E8236, 13C906DEE487E46037F6DAB82CD65B49CECCA8A7BAC9E1FFD34767AA288A9B76 ] bcbtums         C:\Windows\system32\drivers\bcbtums.sys
14:28:13.0947 0x1ad8  bcbtums - ok
14:28:14.0150 0x1ad8  [ FBC76C8D561D0AD159EF9452D9F328F6, 3A1A3E8ED48316ACF833554C50CAA3278C980F139332E9F35D889F1C46532FAA ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl664.sys
14:28:14.0322 0x1ad8  BCM43XX - ok
14:28:14.0369 0x1ad8  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
14:28:14.0415 0x1ad8  BDESVC - ok
14:28:14.0462 0x1ad8  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
14:28:14.0493 0x1ad8  Beep - ok
14:28:14.0571 0x1ad8  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
14:28:14.0649 0x1ad8  BFE - ok
14:28:14.0712 0x1ad8  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
14:28:14.0852 0x1ad8  BITS - ok
14:28:14.0899 0x1ad8  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
14:28:14.0946 0x1ad8  blbdrive - ok
14:28:15.0024 0x1ad8  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
14:28:15.0071 0x1ad8  Bonjour Service - ok
14:28:15.0117 0x1ad8  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
14:28:15.0211 0x1ad8  bowser - ok
14:28:15.0258 0x1ad8  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
14:28:15.0289 0x1ad8  BrFiltLo - ok
14:28:15.0305 0x1ad8  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
14:28:15.0320 0x1ad8  BrFiltUp - ok
14:28:15.0383 0x1ad8  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
14:28:15.0492 0x1ad8  Browser - ok
14:28:15.0507 0x1ad8  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
14:28:15.0570 0x1ad8  Brserid - ok
14:28:15.0570 0x1ad8  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
14:28:15.0585 0x1ad8  BrSerWdm - ok
14:28:15.0601 0x1ad8  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
14:28:15.0617 0x1ad8  BrUsbMdm - ok
14:28:15.0617 0x1ad8  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
14:28:15.0632 0x1ad8  BrUsbSer - ok
14:28:15.0710 0x1ad8  [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
14:28:15.0757 0x1ad8  BthEnum - ok
14:28:15.0757 0x1ad8  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
14:28:15.0788 0x1ad8  BTHMODEM - ok
14:28:15.0819 0x1ad8  [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
14:28:15.0851 0x1ad8  BthPan - ok
14:28:15.0944 0x1ad8  [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
14:28:16.0022 0x1ad8  BTHPORT - ok
14:28:16.0085 0x1ad8  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
14:28:16.0147 0x1ad8  bthserv - ok
14:28:16.0178 0x1ad8  [ 588762F716C2B7A2054AFBC3D58E5C21, CD44B0200B2E0A81073563BE84ECF9C092F4B5E9DC166A8F0690D6272913CCB7 ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
14:28:16.0194 0x1ad8  BTHSSecurityMgr - ok
14:28:16.0225 0x1ad8  [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
14:28:16.0273 0x1ad8  BTHUSB - ok
14:28:16.0304 0x1ad8  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
14:28:16.0335 0x1ad8  cdfs - ok
14:28:16.0398 0x1ad8  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
14:28:16.0444 0x1ad8  cdrom - ok
14:28:16.0491 0x1ad8  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
14:28:16.0538 0x1ad8  CertPropSvc - ok
14:28:16.0585 0x1ad8  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
14:28:16.0616 0x1ad8  circlass - ok
14:28:16.0678 0x1ad8  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
14:28:16.0756 0x1ad8  CLFS - ok
14:28:17.0193 0x1ad8  [ 7E526C5B4DD233EBCF1EA3EC211E2913, 9DC99F18454001AF5462C773C174E2D6E503316550C7E9D7824E9CBC503FCA3B ] ClickToRunSvc   C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
14:28:17.0271 0x1ad8  ClickToRunSvc - ok
14:28:17.0365 0x1ad8  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:28:17.0427 0x1ad8  clr_optimization_v2.0.50727_32 - ok
14:28:17.0490 0x1ad8  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:28:17.0552 0x1ad8  clr_optimization_v2.0.50727_64 - ok
14:28:17.0692 0x1ad8  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:28:17.0786 0x1ad8  clr_optimization_v4.0.30319_32 - ok
14:28:17.0817 0x1ad8  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:28:17.0848 0x1ad8  clr_optimization_v4.0.30319_64 - ok
14:28:17.0895 0x1ad8  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
14:28:17.0958 0x1ad8  CmBatt - ok
14:28:18.0004 0x1ad8  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
14:28:18.0036 0x1ad8  cmdide - ok
14:28:18.0114 0x1ad8  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\Windows\system32\Drivers\cng.sys
14:28:18.0192 0x1ad8  CNG - ok
14:28:18.0207 0x1ad8  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
14:28:18.0223 0x1ad8  Compbatt - ok
14:28:18.0238 0x1ad8  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
14:28:18.0270 0x1ad8  CompositeBus - ok
14:28:18.0285 0x1ad8  COMSysApp - ok
14:28:18.0441 0x1ad8  [ 815F3180B5117E42E422188E9CCC89C6, 69E539D33F3B9F3562FE4B21D853EEBB15DBD2106509FEBD476D04562F34AC08 ] cphs            C:\Windows\SysWow64\IntelCpHeciSvc.exe
14:28:18.0504 0x1ad8  cphs - ok
14:28:18.0519 0x1ad8  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
14:28:18.0550 0x1ad8  crcdisk - ok
14:28:18.0597 0x1ad8  [ 19D511CC455C19DE1ADF60E6C39C85B6, 2A05DD5EF3D0BEC2C9F4EA186E0E2D0F7BE0BF6A473D51194B09D33773AC7FAA ] CryptSvc        C:\Windows\system32\cryptsvc.dll
14:28:18.0675 0x1ad8  CryptSvc - ok
14:28:18.0769 0x1ad8  [ A193FAE9BF40D981C3094252B17DE601, 585E9F48676DA26DBD30398E4D0E33378D25CB726EFA973E48B69F31C96A6E4E ] ctxusbm         C:\Windows\system32\DRIVERS\ctxusbm.sys
14:28:18.0816 0x1ad8  ctxusbm - ok
14:28:18.0909 0x1ad8  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
14:28:18.0972 0x1ad8  DcomLaunch - ok
14:28:19.0018 0x1ad8  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
14:28:19.0096 0x1ad8  defragsvc - ok
14:28:19.0128 0x1ad8  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
14:28:19.0174 0x1ad8  DfsC - ok
14:28:19.0206 0x1ad8  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
14:28:19.0284 0x1ad8  Dhcp - ok
14:28:19.0300 0x1ad8  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
14:28:19.0347 0x1ad8  discache - ok
14:28:19.0378 0x1ad8  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
14:28:19.0425 0x1ad8  Disk - ok
14:28:19.0456 0x1ad8  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
14:28:19.0487 0x1ad8  Dnscache - ok
14:28:19.0550 0x1ad8  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
14:28:19.0643 0x1ad8  dot3svc - ok
14:28:19.0659 0x1ad8  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
14:28:19.0706 0x1ad8  DPS - ok
14:28:19.0753 0x1ad8  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
14:28:19.0815 0x1ad8  drmkaud - ok
14:28:19.0893 0x1ad8  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
14:28:19.0955 0x1ad8  DXGKrnl - ok
14:28:20.0018 0x1ad8  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
14:28:20.0080 0x1ad8  EapHost - ok
14:28:20.0221 0x1ad8  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
14:28:20.0345 0x1ad8  ebdrv - ok
14:28:20.0408 0x1ad8  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS             C:\Windows\System32\lsass.exe
14:28:20.0470 0x1ad8  EFS - ok
14:28:20.0564 0x1ad8  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
14:28:20.0642 0x1ad8  ehRecvr - ok
14:28:20.0642 0x1ad8  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
14:28:20.0689 0x1ad8  ehSched - ok
14:28:20.0751 0x1ad8  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
14:28:20.0798 0x1ad8  elxstor - ok
14:28:20.0813 0x1ad8  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
14:28:20.0829 0x1ad8  ErrDev - ok
14:28:20.0938 0x1ad8  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
14:28:21.0016 0x1ad8  EventSystem - ok
14:28:21.0125 0x1ad8  [ 64D25284A4E9D11CA0722AF3F30FD970, C7C40CA8AC444F7B0F88086396C17316348480EBA09109222897B5A42AD655DF ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
14:28:21.0172 0x1ad8  EvtEng - ok
14:28:21.0219 0x1ad8  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
14:28:21.0266 0x1ad8  exfat - ok
14:28:21.0500 0x1ad8  [ 8FEB62E2C1D6567A716B3B120538BCB5, 29CF57EF335E5FFE092479A664C222125BC00F86E26DFAC9291060930B693EB2 ] F-Secure Gatekeeper C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys
14:28:21.0547 0x1ad8  F-Secure Gatekeeper - ok
14:28:21.0656 0x1ad8  [ 2B3714CB78B4561A205805E770D9B7F9, 43F91FF80167665D708724DA34DF1F7F9BEC4C425C0D3723776D0008048EE4C0 ] F-Secure HIPS   C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\HIPS\drivers\fshs.sys
14:28:21.0703 0x1ad8  F-Secure HIPS - ok
14:28:21.0749 0x1ad8  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
14:28:21.0812 0x1ad8  fastfat - ok
14:28:21.0874 0x1ad8  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
14:28:21.0983 0x1ad8  Fax - ok
14:28:21.0983 0x1ad8  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
14:28:21.0999 0x1ad8  fdc - ok
14:28:22.0046 0x1ad8  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
14:28:22.0139 0x1ad8  fdPHost - ok
14:28:22.0155 0x1ad8  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
14:28:22.0217 0x1ad8  FDResPub - ok
14:28:22.0233 0x1ad8  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
14:28:22.0249 0x1ad8  FileInfo - ok
14:28:22.0264 0x1ad8  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
14:28:22.0295 0x1ad8  Filetrace - ok
14:28:22.0374 0x1ad8  [ 1A18EBD87AA9FBF6EFE8CFADA08D0275, 9D355F0F6826E1749341B4C8B7F17722C8C5BFE01EA7DA05D2416F964353C746 ] FirebirdGuardianDefaultInstance C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe
14:28:22.0421 0x1ad8  FirebirdGuardianDefaultInstance - detected UnsignedFile.Multi.Generic ( 1 )
14:28:24.0792 0x1ad8  Detect skipped due to KSN trusted
14:28:24.0792 0x1ad8  FirebirdGuardianDefaultInstance - ok
14:28:24.0917 0x1ad8  [ 53C740150C082AAF3C7D21C1D6A9FF98, 62FD4087EC719744D4D89C6C990331ADCC376C2D86D16D7D280B1DFA49E52381 ] FirebirdServerDefaultInstance C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe
14:28:25.0120 0x1ad8  FirebirdServerDefaultInstance - detected UnsignedFile.Multi.Generic ( 1 )
14:28:27.0491 0x1ad8  Detect skipped due to KSN trusted
14:28:27.0491 0x1ad8  FirebirdServerDefaultInstance - ok
14:28:27.0616 0x1ad8  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
14:28:27.0678 0x1ad8  flpydisk - ok
14:28:27.0881 0x1ad8  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
14:28:27.0928 0x1ad8  FltMgr - ok
14:28:28.0022 0x1ad8  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
14:28:28.0115 0x1ad8  FontCache - ok
14:28:28.0193 0x1ad8  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:28:28.0240 0x1ad8  FontCache3.0.0.0 - ok
14:28:28.0318 0x1ad8  [ F59F2C574AA5D84477EB89F87C938F16, 0F3905D56440F9216911F7338061CFB8BEF243DDF9DC1E5D57254874EBBFA629 ] fsbts           C:\Windows\system32\Drivers\fsbts.sys
14:28:28.0365 0x1ad8  fsbts - ok
14:28:28.0396 0x1ad8  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
14:28:28.0427 0x1ad8  FsDepends - ok
14:28:28.0505 0x1ad8  [ 3847AEC05D4D2D524C877093E6D5C05E, FAB8490669306AB4BC779BE5BDF84FA68D6EAEF7AD6CD4C0AE9277AA914EA821 ] fshoster        C:\Program Files (x86)\F-Secure\fshoster32.exe
14:28:28.0552 0x1ad8  fshoster - ok
14:28:28.0692 0x1ad8  [ 0D09B16B49BE19C133753DBAB041925A, DB666862AA6606646F5D374E5EE2A8FC384F51E5DFC29C799055ADC052A4D3D2 ] FSMA            C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE
14:28:28.0739 0x1ad8  FSMA - ok
14:28:28.0895 0x1ad8  [ B5DCB9A95EF5FA3FFD536778D94BC246, FDADE8EECD9523D9E0AA117E5CE27C6A98911809F88631BACAA1DA82ED41B924 ] fsni            C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\fsni64.sys
14:28:29.0925 0x1ad8  fsni - ok
14:28:30.0190 0x1ad8  [ 9AC82AA16FD028E515607D9AB485EF99, 246C8FC9189DFA7E83F0EB4CDDE048FCE52EFF42A0767805CE4E3BB628B9B0A6 ] FSORSPClient    C:\Program Files (x86)\F-Secure\apps\CCF_Reputation\fsorsp.exe
14:28:30.0346 0x1ad8  FSORSPClient - ok
14:28:30.0455 0x1ad8  [ BDC821334C7C770ADB21F8C166DE8525, 9C39C83AEF79D480BF62B4EA72646BE80830210103E021CAA17CD6A450588400 ] fsvista         C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys
14:28:30.0486 0x1ad8  fsvista - ok
14:28:30.0533 0x1ad8  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
14:28:30.0549 0x1ad8  Fs_Rec - ok
14:28:30.0596 0x1ad8  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
14:28:30.0642 0x1ad8  fvevol - ok
14:28:30.0705 0x1ad8  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
14:28:30.0736 0x1ad8  gagp30kx - ok
14:28:30.0767 0x1ad8  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:28:30.0798 0x1ad8  GEARAspiWDM - ok
14:28:30.0845 0x1ad8  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
14:28:30.0923 0x1ad8  gpsvc - ok
14:28:30.0986 0x1ad8  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:28:31.0095 0x1ad8  gupdate - ok
14:28:31.0095 0x1ad8  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:28:31.0126 0x1ad8  gupdatem - ok
14:28:31.0157 0x1ad8  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
14:28:31.0220 0x1ad8  hcw85cir - ok
14:28:31.0282 0x1ad8  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:28:31.0329 0x1ad8  HdAudAddService - ok
14:28:31.0376 0x1ad8  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
14:28:33.0060 0x1ad8  HDAudBus - ok
14:28:33.0123 0x1ad8  HH10Help.sys - ok
14:28:33.0123 0x1ad8  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
14:28:33.0263 0x1ad8  HidBatt - ok
14:28:33.0279 0x1ad8  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
14:28:33.0404 0x1ad8  HidBth - ok
14:28:33.0497 0x1ad8  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
14:28:33.0575 0x1ad8  HidIr - ok
14:28:33.0622 0x1ad8  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
14:28:33.0731 0x1ad8  hidserv - ok
14:28:33.0872 0x1ad8  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
14:28:34.0043 0x1ad8  HidUsb - ok
14:28:34.0121 0x1ad8  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
14:28:34.0277 0x1ad8  hkmsvc - ok
14:28:34.0308 0x1ad8  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:28:34.0496 0x1ad8  HomeGroupListener - ok
14:28:34.0527 0x1ad8  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:28:34.0574 0x1ad8  HomeGroupProvider - ok
14:28:34.0605 0x1ad8  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
14:28:34.0636 0x1ad8  HpSAMD - ok
14:28:34.0730 0x1ad8  [ B557F0B6F3B22E6F67EE314B378DFAB2, FBD15AE7943C66A179E59D36C935930EF1884286931344315A9D2C601017C090 ] HPSIService     C:\Windows\system32\HPSIsvc.exe
14:28:34.0792 0x1ad8  HPSIService - ok
14:28:34.0870 0x1ad8  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
14:28:35.0010 0x1ad8  HTTP - ok
14:28:35.0026 0x1ad8  huawei_enumerator - ok
14:28:35.0057 0x1ad8  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
14:28:35.0291 0x1ad8  hwpolicy - ok
14:28:35.0322 0x1ad8  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
14:28:35.0338 0x1ad8  i8042prt - ok
14:28:35.0416 0x1ad8  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
14:28:35.0837 0x1ad8  iaStorV - ok
14:28:35.0931 0x1ad8  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:28:36.0024 0x1ad8  idsvc - ok
14:28:36.0071 0x1ad8  IEEtwCollectorService - ok
14:28:36.0258 0x1ad8  [ 348214F96642FD4FEF630DE021BA3540, B6A7D2EA41F6866F5AFF5022BB459E5AFF683FF2FF470B84F3E911C8AEC47C30 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
14:28:36.0446 0x1ad8  igfx - ok
14:28:36.0492 0x1ad8  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
14:28:36.0555 0x1ad8  iirsp - ok
14:28:36.0648 0x1ad8  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
14:28:36.0726 0x1ad8  IKEEXT - ok
14:28:36.0773 0x1ad8  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
14:28:36.0789 0x1ad8  intelide - ok
14:28:36.0836 0x1ad8  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
14:28:36.0867 0x1ad8  intelppm - ok
14:28:36.0929 0x1ad8  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
14:28:36.0992 0x1ad8  IPBusEnum - ok
14:28:37.0023 0x1ad8  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:28:37.0054 0x1ad8  IpFilterDriver - ok
14:28:37.0132 0x1ad8  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
14:28:37.0194 0x1ad8  iphlpsvc - ok
14:28:37.0194 0x1ad8  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
14:28:37.0226 0x1ad8  IPMIDRV - ok
14:28:37.0226 0x1ad8  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
14:28:37.0288 0x1ad8  IPNAT - ok
14:28:37.0397 0x1ad8  [ 7FAE5B6CDB18B0B2E81F32869F595022, D873A7EE94749E1700E8F6B8BB7B485AE1B0B83388D63BE06335720498D4794F ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
14:28:37.0444 0x1ad8  iPod Service - ok
14:28:37.0444 0x1ad8  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
14:28:37.0475 0x1ad8  IRENUM - ok
14:28:37.0491 0x1ad8  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
14:28:37.0506 0x1ad8  isapnp - ok
14:28:37.0553 0x1ad8  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
14:28:37.0584 0x1ad8  iScsiPrt - ok
14:28:37.0647 0x1ad8  [ 023896E23B61543A15A230EED996D911, 2F8D15B67AB2C1E87EA46F2CB9DBA564865D89DEA93A83B44A9B148883B96731 ] iusb3hub        C:\Windows\system32\DRIVERS\iusb3hub.sys
14:28:37.0709 0x1ad8  iusb3hub - ok
14:28:37.0787 0x1ad8  [ 7FAEC13F1ADD619F4B5B2D2CBF841E8E, E7ED64DD26FD4EA04C2C32C33BDA16FB985F3C6F1F8451480A0D24375B7F57AC ] iusb3xhc        C:\Windows\system32\DRIVERS\iusb3xhc.sys
14:28:37.0865 0x1ad8  iusb3xhc - ok
14:28:37.0912 0x1ad8  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
14:28:37.0959 0x1ad8  kbdclass - ok
14:28:38.0006 0x1ad8  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
14:28:38.0037 0x1ad8  kbdhid - ok
14:28:38.0068 0x1ad8  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso          C:\Windows\system32\lsass.exe
14:28:38.0115 0x1ad8  KeyIso - ok
14:28:38.0162 0x1ad8  [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
14:28:38.0193 0x1ad8  KSecDD - ok
14:28:38.0271 0x1ad8  [ 41774FF331F609EF442B7398EE6202B1, AD67DA06A74895C384F4A1F1CF47050DAEE9C6CE8AD12F1A116FC977B6C3A864 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
14:28:38.0349 0x1ad8  KSecPkg - ok
14:28:38.0380 0x1ad8  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
14:28:38.0458 0x1ad8  ksthunk - ok
14:28:38.0505 0x1ad8  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
14:28:38.0583 0x1ad8  KtmRm - ok
14:28:38.0645 0x1ad8  [ 99BE60E2B4ED89DDA716636C5E961FF3, D06BEFAF93AD373EDB4F9A102A60ECBF5329BD8FF1C5296C732ADC0633C7127E ] L1C             C:\Windows\system32\DRIVERS\L1C60x64.sys
14:28:38.0676 0x1ad8  L1C - ok
14:28:38.0723 0x1ad8  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
14:28:38.0786 0x1ad8  LanmanServer - ok
14:28:38.0817 0x1ad8  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:28:38.0864 0x1ad8  LanmanWorkstation - ok
14:28:38.0957 0x1ad8  [ BE166935083F9C38EDFDC21B9A7A679B, 89C64DBE58E1B974208AAAA5CC757C599B1439C205C3C48BF16BA054A06DBC94 ] LHDmgr          C:\Windows\system32\DRIVERS\LhdX64.sys
14:28:39.0004 0x1ad8  LHDmgr - ok
14:28:39.0051 0x1ad8  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
14:28:39.0144 0x1ad8  lltdio - ok
14:28:39.0222 0x1ad8  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
14:28:39.0269 0x1ad8  lltdsvc - ok
14:28:39.0300 0x1ad8  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
14:28:39.0363 0x1ad8  lmhosts - ok
14:28:39.0410 0x1ad8  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
14:28:39.0456 0x1ad8  LSI_FC - ok
14:28:39.0488 0x1ad8  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
14:28:39.0519 0x1ad8  LSI_SAS - ok
14:28:39.0550 0x1ad8  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
14:28:39.0612 0x1ad8  LSI_SAS2 - ok
14:28:39.0644 0x1ad8  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
14:28:39.0675 0x1ad8  LSI_SCSI - ok
14:28:39.0690 0x1ad8  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
14:28:39.0737 0x1ad8  luafv - ok
14:28:39.0784 0x1ad8  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
14:28:39.0831 0x1ad8  Mcx2Svc - ok
14:28:39.0846 0x1ad8  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
14:28:39.0878 0x1ad8  megasas - ok
14:28:39.0893 0x1ad8  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
14:28:39.0940 0x1ad8  MegaSR - ok
14:28:39.0987 0x1ad8  [ 772A1DEEDFDBC244183B5C805D1B7D85, 7D821B8DF1F174E5414FFDEAB5207DB687740E9842F7203600AEBA086945AFC9 ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
14:28:40.0018 0x1ad8  MEIx64 - ok
14:28:40.0034 0x1ad8  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
14:28:40.0080 0x1ad8  MMCSS - ok
14:28:40.0080 0x1ad8  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
14:28:40.0127 0x1ad8  Modem - ok
14:28:40.0174 0x1ad8  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
14:28:40.0221 0x1ad8  monitor - ok
14:28:40.0252 0x1ad8  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
14:28:40.0268 0x1ad8  mouclass - ok
14:28:40.0299 0x1ad8  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\drivers\mouhid.sys
14:28:40.0314 0x1ad8  mouhid - ok
14:28:40.0330 0x1ad8  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
14:28:40.0361 0x1ad8  mountmgr - ok
14:28:40.0424 0x1ad8  [ E6DB6C61739E18906DC2C4191F6EDEA2, F0A9CCC19C7C99B7FBB3B47B95B042307500A62D8DB372275078E653BC07257B ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
14:28:40.0502 0x1ad8  MozillaMaintenance - ok
14:28:40.0548 0x1ad8  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
14:28:40.0595 0x1ad8  mpio - ok
14:28:40.0642 0x1ad8  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
14:28:40.0720 0x1ad8  mpsdrv - ok
14:28:40.0782 0x1ad8  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
14:28:40.0845 0x1ad8  MpsSvc - ok
14:28:40.0876 0x1ad8  [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
14:28:40.0923 0x1ad8  MRxDAV - ok
14:28:40.0954 0x1ad8  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
14:28:41.0032 0x1ad8  mrxsmb - ok
14:28:41.0032 0x1ad8  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:28:41.0094 0x1ad8  mrxsmb10 - ok
14:28:41.0110 0x1ad8  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:28:41.0126 0x1ad8  mrxsmb20 - ok
14:28:41.0157 0x1ad8  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
14:28:41.0250 0x1ad8  msahci - ok
14:28:41.0297 0x1ad8  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
14:28:41.0344 0x1ad8  msdsm - ok
14:28:41.0360 0x1ad8  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
14:28:41.0406 0x1ad8  MSDTC - ok
14:28:41.0453 0x1ad8  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
14:28:41.0516 0x1ad8  Msfs - ok
14:28:41.0562 0x1ad8  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
14:28:41.0640 0x1ad8  mshidkmdf - ok
14:28:41.0640 0x1ad8  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
14:28:41.0656 0x1ad8  msisadrv - ok
14:28:41.0703 0x1ad8  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
14:28:41.0750 0x1ad8  MSiSCSI - ok
14:28:41.0750 0x1ad8  msiserver - ok
14:28:41.0796 0x1ad8  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
14:28:41.0874 0x1ad8  MSKSSRV - ok
14:28:42.0046 0x1ad8  [ 47A616802531735DF88CD331739D6E97, 28A28794186CC0B5EC5A3838C7CAE16B9DCE2C0BD5873F59CE59F8F4EDA4268B ] msoidsvc        C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
14:28:42.0124 0x1ad8  msoidsvc - ok
14:28:42.0155 0x1ad8  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
14:28:42.0186 0x1ad8  MSPCLOCK - ok
14:28:42.0186 0x1ad8  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
14:28:42.0218 0x1ad8  MSPQM - ok
14:28:42.0249 0x1ad8  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
14:28:42.0280 0x1ad8  MsRPC - ok
14:28:42.0296 0x1ad8  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
14:28:42.0311 0x1ad8  mssmbios - ok
14:28:42.0327 0x1ad8  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
14:28:42.0358 0x1ad8  MSTEE - ok
14:28:42.0358 0x1ad8  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
14:28:42.0389 0x1ad8  MTConfig - ok
14:28:42.0405 0x1ad8  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
14:28:42.0436 0x1ad8  Mup - ok
14:28:42.0467 0x1ad8  [ 705E9675014EB688BEDD967B1ABECF19, 7FA4B0A5120DD415C5D3F3BE56C69455647029332DC2E9B4E9874AF3C34F89AD ] mvusbews        C:\Windows\system32\Drivers\mvusbews.sys
14:28:42.0498 0x1ad8  mvusbews - ok
14:28:42.0545 0x1ad8  [ E3B58E3011B207C5289D11173B30E298, 68BDF7DE4FD5E38D33DBAD2A2E05E32BABA8BBD85DBC4364AF7CD62C54C6B539 ] MyWiFiDHCPDNS   C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
14:28:42.0592 0x1ad8  MyWiFiDHCPDNS - ok
14:28:42.0654 0x1ad8  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
14:28:42.0748 0x1ad8  napagent - ok
14:28:42.0779 0x1ad8  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
14:28:42.0842 0x1ad8  NativeWifiP - ok
14:28:42.0935 0x1ad8  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
14:28:43.0060 0x1ad8  NDIS - ok
14:28:43.0107 0x1ad8  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
14:28:43.0154 0x1ad8  NdisCap - ok
14:28:43.0200 0x1ad8  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
14:28:43.0232 0x1ad8  NdisTapi - ok
14:28:43.0247 0x1ad8  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
14:28:43.0294 0x1ad8  Ndisuio - ok
14:28:43.0294 0x1ad8  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
14:28:43.0341 0x1ad8  NdisWan - ok
14:28:43.0341 0x1ad8  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
14:28:43.0388 0x1ad8  NDProxy - ok
14:28:43.0434 0x1ad8  [ EE00C544C025958AF50C7B199F3C8595, D774DB020D9C46D1AA0B2DB9FA2C36C4A9C38D904CC6929695321D32ACA0D4D1 ] Netaapl         C:\Windows\system32\DRIVERS\netaapl64.sys
14:28:43.0497 0x1ad8  Netaapl - ok
14:28:43.0497 0x1ad8  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
14:28:43.0544 0x1ad8  NetBIOS - ok
14:28:43.0575 0x1ad8  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
14:28:43.0637 0x1ad8  NetBT - ok
14:28:43.0684 0x1ad8  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon        C:\Windows\system32\lsass.exe
14:28:43.0700 0x1ad8  Netlogon - ok
14:28:43.0746 0x1ad8  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
14:28:43.0793 0x1ad8  Netman - ok
14:28:43.0996 0x1ad8  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:28:44.0090 0x1ad8  NetMsmqActivator - ok
14:28:44.0105 0x1ad8  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:28:44.0121 0x1ad8  NetPipeActivator - ok
14:28:44.0168 0x1ad8  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
14:28:44.0230 0x1ad8  netprofm - ok
14:28:44.0246 0x1ad8  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:28:44.0261 0x1ad8  NetTcpActivator - ok
14:28:44.0277 0x1ad8  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:28:44.0292 0x1ad8  NetTcpPortSharing - ok
14:28:44.0324 0x1ad8  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
14:28:44.0355 0x1ad8  nfrd960 - ok
14:28:44.0386 0x1ad8  [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc          C:\Windows\System32\nlasvc.dll
14:28:44.0402 0x1ad8  NlaSvc - ok
14:28:44.0526 0x1ad8  [ B1EF4686961986DFFB7FE8F18E6FCB5B, 562F144DAA8C2D6E4D55C7ABEF1DB52FC67F1A09E03CD700E27DFC3A4920E271 ] nlsX86cc        C:\Windows\SysWOW64\nlssrv32.exe
14:28:44.0589 0x1ad8  nlsX86cc - detected UnsignedFile.Multi.Generic ( 1 )
14:28:46.0976 0x1ad8  Detect skipped due to KSN trusted
14:28:46.0976 0x1ad8  nlsX86cc - ok
14:28:47.0007 0x1ad8  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
14:28:47.0069 0x1ad8  Npfs - ok
14:28:47.0132 0x1ad8  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
14:28:47.0194 0x1ad8  nsi - ok
14:28:47.0194 0x1ad8  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
14:28:47.0241 0x1ad8  nsiproxy - ok
14:28:47.0553 0x1ad8  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
14:28:47.0646 0x1ad8  Ntfs - ok
14:28:47.0662 0x1ad8  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
14:28:47.0724 0x1ad8  Null - ok
14:28:48.0130 0x1ad8  [ 86B50CE257C74E378FC2686B8A1F8B30, 944093E5182FD076A93D8D9C06979E2B031A310217DFF0B2723CB136EE517772 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:28:48.0614 0x1ad8  nvlddmkm - ok
14:28:48.0660 0x1ad8  [ 3C4C982A745D50EEF29A59927E4E37CD, DB1C833FDA7873D00578C281EC808A6A303D0B569141E5F08FC6369F84AF8318 ] nvpciflt        C:\Windows\system32\DRIVERS\nvpciflt.sys
14:28:48.0676 0x1ad8  nvpciflt - ok
14:28:48.0754 0x1ad8  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
14:28:48.0879 0x1ad8  nvraid - ok
14:28:48.0910 0x1ad8  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
14:28:48.0972 0x1ad8  nvstor - ok
14:28:49.0082 0x1ad8  [ F44DF61D9B1C1269862CF4E135B64590, 7E6579A63A6E2E75C9CA752A5D16896C1677F6B7461C9ED9E1962B97946E716B ] nvsvc           C:\Windows\system32\nvvsvc.exe
14:28:49.0128 0x1ad8  nvsvc - ok
14:28:49.0269 0x1ad8  [ 845AF450F71A11B7358C6EFE9A76A894, 8042DF2402D00E210536552AC8202F6112F75C2F1506B0BED8DD3F04AF7BEF3F ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
14:28:49.0378 0x1ad8  nvUpdatusService - ok
14:28:49.0425 0x1ad8  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
14:28:49.0487 0x1ad8  nv_agp - ok
14:28:49.0503 0x1ad8  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
14:28:49.0534 0x1ad8  ohci1394 - ok
14:28:49.0628 0x1ad8  [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B, 0340E77E8EC2ADC21B8DDD9C9CC95B3F4BCAFD54618A333C72D7D9587D593B83 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:28:49.0690 0x1ad8  ose - ok
14:28:49.0955 0x1ad8  [ FE9C0029E1AF26350D9985D00520E5C8, 967079CCF7B2CBD4B48C9F076675C26AF93A1CEC26C96811F279414E34004EE6 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:28:50.0127 0x1ad8  osppsvc - ok
14:28:50.0205 0x1ad8  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
14:28:50.0267 0x1ad8  p2pimsvc - ok
14:28:50.0283 0x1ad8  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
14:28:50.0345 0x1ad8  p2psvc - ok
14:28:50.0376 0x1ad8  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
14:28:50.0439 0x1ad8  Parport - ok
14:28:50.0470 0x1ad8  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
14:28:50.0548 0x1ad8  partmgr - ok
14:28:50.0626 0x1ad8  [ 256390425414F90FCBC12F525A84EB11, A4992020BF6A239AD8A77125426E2C39980C9ABC971C4DBCB24B358F946AD7F9 ] PcaSvc          C:\Windows\System32\pcasvc.dll
14:28:50.0720 0x1ad8  PcaSvc - ok
14:28:50.0735 0x1ad8  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
14:28:50.0813 0x1ad8  pci - ok
14:28:50.0844 0x1ad8  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
14:28:50.0891 0x1ad8  pciide - ok
14:28:50.0907 0x1ad8  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
14:28:50.0969 0x1ad8  pcmcia - ok
14:28:50.0969 0x1ad8  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
14:28:51.0000 0x1ad8  pcw - ok
14:28:51.0125 0x1ad8  [ 20372BE109FEE1C37E2D5216680DB9EB, 2C3737FB3C6BCF81D0A7293667412DDEA649A8AEA40B7ADCFCB9893E8B3C4AF3 ] PDF Architect Helper Service C:\Program Files (x86)\PDF Architect\HelperService.exe
14:28:51.0219 0x1ad8  PDF Architect Helper Service - ok
14:28:51.0266 0x1ad8  [ B90A279073A815A4AA2C45A09EE004FA, 9EA27630C47F5FF99CBBE513C113F3ED01FABA0D59B9D9637764027BCC6EA24A ] PDF Architect Service C:\Program Files (x86)\PDF Architect\ConversionService.exe
14:28:51.0312 0x1ad8  PDF Architect Service - ok
14:28:51.0359 0x1ad8  [ 946010CDFA91469351B22E2620CEBCD8, F099C92706D42ADC289B72724F7932E5D4F62A427AEC967DDB0A1D728AE59A63 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
14:28:51.0422 0x1ad8  PEAUTH - ok
14:28:51.0453 0x1ad8  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
14:28:51.0500 0x1ad8  PerfHost - ok
14:28:51.0609 0x1ad8  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
14:28:51.0687 0x1ad8  pla - ok
14:28:51.0780 0x1ad8  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
14:28:51.0858 0x1ad8  PlugPlay - ok
14:28:51.0874 0x1ad8  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
14:28:51.0905 0x1ad8  PNRPAutoReg - ok
14:28:51.0952 0x1ad8  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
14:28:51.0983 0x1ad8  PNRPsvc - ok
14:28:52.0061 0x1ad8  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
14:28:52.0139 0x1ad8  PolicyAgent - ok
14:28:52.0186 0x1ad8  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
14:28:52.0248 0x1ad8  Power - ok
14:28:52.0311 0x1ad8  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
14:28:52.0358 0x1ad8  PptpMiniport - ok
14:28:52.0404 0x1ad8  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
14:28:52.0451 0x1ad8  Processor - ok
14:28:52.0482 0x1ad8  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc         C:\Windows\system32\profsvc.dll
14:28:52.0529 0x1ad8  ProfSvc - ok
14:28:52.0545 0x1ad8  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:28:52.0560 0x1ad8  ProtectedStorage - ok
14:28:52.0607 0x1ad8  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
14:28:52.0670 0x1ad8  Psched - ok
14:28:52.0716 0x1ad8  [ 07D57B890DD5693A6AB660CBAE8F91B4, 934895A41C116056E22FE3298418332A9F4280F96E96EEE06C977A4925395674 ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
14:28:52.0779 0x1ad8  PxHlpa64 - ok
14:28:52.0935 0x1ad8  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
14:28:53.0013 0x1ad8  ql2300 - ok
14:28:53.0028 0x1ad8  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
14:28:53.0060 0x1ad8  ql40xx - ok
14:28:53.0122 0x1ad8  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
14:28:53.0184 0x1ad8  QWAVE - ok
14:28:53.0231 0x1ad8  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
14:28:53.0294 0x1ad8  QWAVEdrv - ok
14:28:53.0325 0x1ad8  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
14:28:53.0372 0x1ad8  RasAcd - ok
14:28:53.0434 0x1ad8  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
14:28:53.0528 0x1ad8  RasAgileVpn - ok
14:28:53.0543 0x1ad8  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
14:28:53.0590 0x1ad8  RasAuto - ok
14:28:53.0590 0x1ad8  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
14:28:53.0637 0x1ad8  Rasl2tp - ok
14:28:53.0668 0x1ad8  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
14:28:53.0715 0x1ad8  RasMan - ok
14:28:53.0730 0x1ad8  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
14:28:53.0762 0x1ad8  RasPppoe - ok
14:28:53.0777 0x1ad8  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
14:28:53.0824 0x1ad8  RasSstp - ok
14:28:53.0824 0x1ad8  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
14:28:53.0871 0x1ad8  rdbss - ok
14:28:53.0902 0x1ad8  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
14:28:53.0918 0x1ad8  rdpbus - ok
14:28:53.0964 0x1ad8  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
14:28:54.0011 0x1ad8  RDPCDD - ok
14:28:54.0058 0x1ad8  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
14:28:54.0105 0x1ad8  RDPENCDD - ok
14:28:54.0120 0x1ad8  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
14:28:54.0152 0x1ad8  RDPREFMP - ok
14:28:54.0292 0x1ad8  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
14:28:54.0354 0x1ad8  RdpVideoMiniport - ok
14:28:54.0417 0x1ad8  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
14:28:54.0495 0x1ad8  RDPWD - ok
14:28:54.0542 0x1ad8  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
14:28:54.0604 0x1ad8  rdyboost - ok
14:28:54.0651 0x1ad8  [ F3AF2B43F35DBB3A0EB9FEEEC7D62217, 5BFB97BFE94F52CE02DFB2B7E8A9AD34AE489B77BA689F63D733EFB65548D734 ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
14:28:54.0682 0x1ad8  RegSrvc - ok
14:28:54.0698 0x1ad8  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
14:28:54.0744 0x1ad8  RemoteAccess - ok
14:28:54.0776 0x1ad8  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
14:28:54.0807 0x1ad8  RemoteRegistry - ok
14:28:54.0869 0x1ad8  [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
14:28:54.0916 0x1ad8  RFCOMM - ok
14:28:54.0947 0x1ad8  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
14:28:54.0994 0x1ad8  RpcEptMapper - ok
14:28:55.0010 0x1ad8  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
14:28:55.0041 0x1ad8  RpcLocator - ok
14:28:55.0134 0x1ad8  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
14:28:55.0197 0x1ad8  RpcSs - ok
14:28:55.0244 0x1ad8  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
14:28:55.0275 0x1ad8  rspndr - ok
14:28:55.0368 0x1ad8  [ 88AB579F407A3D02918B8DCC4E6E34B3, 2CEEA32598C067A803B0360CD7E9760B0EED62AEE10086CED72D9130F8FDBA37 ] RSUSBVSTOR      C:\Windows\system32\Drivers\RtsUVStor.sys
14:28:55.0415 0x1ad8  RSUSBVSTOR - ok
14:28:55.0462 0x1ad8  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs           C:\Windows\system32\lsass.exe
14:28:55.0478 0x1ad8  SamSs - ok
14:28:55.0524 0x1ad8  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
14:28:55.0556 0x1ad8  sbp2port - ok
14:28:55.0602 0x1ad8  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
14:28:55.0680 0x1ad8  SCardSvr - ok
14:28:55.0696 0x1ad8  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
14:28:55.0727 0x1ad8  scfilter - ok
14:28:55.0790 0x1ad8  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
14:28:55.0899 0x1ad8  Schedule - ok
14:28:55.0946 0x1ad8  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
14:28:55.0977 0x1ad8  SCPolicySvc - ok
14:28:56.0024 0x1ad8  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
14:28:56.0117 0x1ad8  SDRSVC - ok
14:28:56.0148 0x1ad8  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
14:28:56.0211 0x1ad8  secdrv - ok
14:28:56.0242 0x1ad8  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
14:28:56.0289 0x1ad8  seclogon - ok
14:28:56.0320 0x1ad8  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
14:28:56.0367 0x1ad8  SENS - ok
14:28:56.0398 0x1ad8  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
14:28:56.0493 0x1ad8  SensrSvc - ok
14:28:56.0524 0x1ad8  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\drivers\serenum.sys
14:28:56.0571 0x1ad8  Serenum - ok
14:28:56.0602 0x1ad8  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\drivers\serial.sys
14:28:56.0633 0x1ad8  Serial - ok
14:28:56.0664 0x1ad8  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
14:28:56.0711 0x1ad8  sermouse - ok
14:28:56.0727 0x1ad8  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
14:28:56.0789 0x1ad8  SessionEnv - ok
14:28:56.0789 0x1ad8  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
14:28:56.0805 0x1ad8  sffdisk - ok
14:28:56.0805 0x1ad8  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
14:28:56.0836 0x1ad8  sffp_mmc - ok
14:28:56.0836 0x1ad8  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
14:28:56.0851 0x1ad8  sffp_sd - ok
14:28:56.0851 0x1ad8  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
14:28:56.0883 0x1ad8  sfloppy - ok
14:28:56.0914 0x1ad8  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
14:28:56.0976 0x1ad8  SharedAccess - ok
14:28:57.0023 0x1ad8  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:28:57.0117 0x1ad8  ShellHWDetection - ok
14:28:57.0163 0x1ad8  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
14:28:57.0319 0x1ad8  SiSRaid2 - ok
14:28:57.0366 0x1ad8  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
14:28:57.0538 0x1ad8  SiSRaid4 - ok
14:28:57.0631 0x1ad8  [ 050A4112B00BCA2E13314CDE48C1DEEE, 86C679CD494DEEB984372BF954EFBB8982AC7995FBF89FCF83BC228991D1B825 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
14:28:57.0725 0x1ad8  SkypeUpdate - ok
14:28:57.0772 0x1ad8  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
14:28:57.0834 0x1ad8  Smb - ok
14:28:57.0897 0x1ad8  [ B9EECC2BDA778921C2B49F828B88CDD4, ADC07147CAAE79BC178080B5DF66C21FD2F235DD770B22E955FC2141706877DE ] SmbDrvIntel     C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys
14:28:57.0943 0x1ad8  SmbDrvIntel - ok
14:28:58.0021 0x1ad8  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
14:28:58.0068 0x1ad8  SNMPTRAP - ok
14:28:58.0084 0x1ad8  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
14:28:58.0115 0x1ad8  spldr - ok
14:28:58.0162 0x1ad8  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
14:28:58.0224 0x1ad8  Spooler - ok
14:28:58.0349 0x1ad8  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
14:28:58.0505 0x1ad8  sppsvc - ok
14:28:58.0505 0x1ad8  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
14:28:58.0536 0x1ad8  sppuinotify - ok
14:28:58.0583 0x1ad8  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
14:28:58.0661 0x1ad8  srv - ok
14:28:58.0786 0x1ad8  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
14:28:58.0848 0x1ad8  srv2 - ok
14:28:58.0864 0x1ad8  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
14:28:58.0911 0x1ad8  srvnet - ok
14:28:58.0942 0x1ad8  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
14:28:59.0035 0x1ad8  SSDPSRV - ok
14:28:59.0051 0x1ad8  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
14:28:59.0082 0x1ad8  SstpSvc - ok
14:28:59.0129 0x1ad8  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
14:28:59.0176 0x1ad8  stexstor - ok
14:28:59.0223 0x1ad8  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
14:28:59.0269 0x1ad8  stisvc - ok
14:28:59.0285 0x1ad8  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
14:28:59.0316 0x1ad8  swenum - ok
14:28:59.0347 0x1ad8  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
14:28:59.0379 0x1ad8  swprv - ok
14:28:59.0488 0x1ad8  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
14:28:59.0566 0x1ad8  SysMain - ok
14:28:59.0581 0x1ad8  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:28:59.0613 0x1ad8  TabletInputService - ok
14:28:59.0644 0x1ad8  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
14:28:59.0691 0x1ad8  TapiSrv - ok
14:28:59.0706 0x1ad8  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
14:28:59.0737 0x1ad8  TBS - ok
14:28:59.0769 0x1ad8  [ BB7C91D0E97AA8126212838D32DCC83C, A32599E53AAAB21A5222B4BB261885FA3930AF968C1B17463920F6AD670668DE ] tclondrv        C:\Windows\system32\DRIVERS\tclondrv.sys
14:28:59.0800 0x1ad8  tclondrv - ok
14:29:00.0081 0x1ad8  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
14:29:00.0205 0x1ad8  Tcpip - ok
14:29:00.0268 0x1ad8  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
14:29:00.0330 0x1ad8  TCPIP6 - ok
14:29:00.0361 0x1ad8  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
14:29:00.0408 0x1ad8  tcpipreg - ok
14:29:00.0439 0x1ad8  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
14:29:00.0486 0x1ad8  TDPIPE - ok
14:29:00.0517 0x1ad8  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
14:29:00.0549 0x1ad8  TDTCP - ok
14:29:00.0580 0x1ad8  [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
14:29:00.0658 0x1ad8  tdx - ok
14:29:01.0204 0x1ad8  [ 3438EFDC30F7A41D3598ED60BBF6CF2A, 342B8E78DF6B4BA641C5CCB5B1343B363B770681F0794A809728789E3BE56E46 ] TeamViewer9     C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
14:29:01.0375 0x1ad8  TeamViewer9 - ok
14:29:01.0438 0x1ad8  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
14:29:01.0485 0x1ad8  TermDD - ok
14:29:01.0547 0x1ad8  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
14:29:01.0656 0x1ad8  TermService - ok
14:29:01.0719 0x1ad8  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
14:29:01.0781 0x1ad8  Themes - ok
14:29:01.0812 0x1ad8  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
14:29:01.0859 0x1ad8  THREADORDER - ok
14:29:01.0890 0x1ad8  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
14:29:01.0953 0x1ad8  TrkWks - ok
14:29:02.0062 0x1ad8  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:29:02.0124 0x1ad8  TrustedInstaller - ok
14:29:02.0171 0x1ad8  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
14:29:02.0218 0x1ad8  tssecsrv - ok
14:29:02.0296 0x1ad8  [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
14:29:02.0389 0x1ad8  TsUsbFlt - ok
14:29:02.0421 0x1ad8  [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
14:29:02.0514 0x1ad8  TsUsbGD - ok
14:29:02.0733 0x1ad8  TuneUpUtilitiesDrv - ok
14:29:02.0795 0x1ad8  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
14:29:02.0904 0x1ad8  tunnel - ok
14:29:02.0920 0x1ad8  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
14:29:02.0935 0x1ad8  uagp35 - ok
14:29:02.0967 0x1ad8  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
14:29:03.0013 0x1ad8  udfs - ok
14:29:03.0045 0x1ad8  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
14:29:03.0076 0x1ad8  UI0Detect - ok
14:29:03.0107 0x1ad8  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
14:29:03.0138 0x1ad8  uliagpkx - ok
14:29:03.0201 0x1ad8  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
14:29:03.0247 0x1ad8  umbus - ok
14:29:03.0279 0x1ad8  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
14:29:03.0294 0x1ad8  UmPass - ok
14:29:03.0325 0x1ad8  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
14:29:03.0372 0x1ad8  upnphost - ok
14:29:03.0419 0x1ad8  [ 5C3BE22E485B9BF11FCEFDC676C728D0, F55061066ECF6920D56518A677BB538C18B7F1BB150ED6DB3591408F44E8D53A ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
14:29:03.0466 0x1ad8  USBAAPL64 - ok
14:29:03.0513 0x1ad8  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
14:29:03.0606 0x1ad8  usbaudio - ok
14:29:03.0637 0x1ad8  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
14:29:03.0731 0x1ad8  usbccgp - ok
14:29:03.0793 0x1ad8  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
14:29:03.0887 0x1ad8  usbcir - ok
14:29:03.0903 0x1ad8  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
14:29:03.0918 0x1ad8  usbehci - ok
14:29:03.0965 0x1ad8  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
14:29:04.0012 0x1ad8  usbhub - ok
14:29:04.0027 0x1ad8  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\drivers\usbohci.sys
14:29:04.0059 0x1ad8  usbohci - ok
14:29:04.0105 0x1ad8  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
14:29:04.0152 0x1ad8  usbprint - ok
14:29:04.0199 0x1ad8  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
14:29:04.0277 0x1ad8  usbscan - ok
14:29:04.0308 0x1ad8  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:29:04.0386 0x1ad8  USBSTOR - ok
14:29:04.0386 0x1ad8  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
14:29:04.0417 0x1ad8  usbuhci - ok
14:29:04.0433 0x1ad8  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
14:29:04.0464 0x1ad8  usbvideo - ok
14:29:04.0495 0x1ad8  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
14:29:04.0542 0x1ad8  UxSms - ok
14:29:04.0573 0x1ad8  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc        C:\Windows\system32\lsass.exe
14:29:04.0589 0x1ad8  VaultSvc - ok
14:29:04.0854 0x1ad8  [ EB73C0C918F281D52C5993288A02569F, D65C5406B97DDEE0658AD23CDF6D8BC8131930907A5BD158E2581E487527997D ] VC10SecS        C:\Program Files (x86)\Virtual CD v10\System\VC10SecS.exe
14:29:04.0901 0x1ad8  VC10SecS - ok
14:29:04.0963 0x1ad8  [ F0FAF3FB9B138F8CAFB65ECFFE9F4AB6, E0869E4E9271B484209BB44E6E17D99BE6CEA08A983132C0D69FA373202B14D7 ] vcd10bus        C:\Windows\system32\DRIVERS\vcd10bus.sys
14:29:05.0026 0x1ad8  vcd10bus - ok
14:29:05.0057 0x1ad8  [ B61BDFD94D4C7B37BF4C898B32BA6396, 4D4DAAFCFDCA6495FE50D77988067023262AE0448148E899AC1C8FAA20A18437 ] vdrv1000        C:\Windows\system32\DRIVERS\vdrv1000.sys
14:29:05.0088 0x1ad8  vdrv1000 - ok
14:29:05.0151 0x1ad8  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
14:29:05.0182 0x1ad8  vdrvroot - ok
14:29:05.0213 0x1ad8  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
14:29:05.0275 0x1ad8  vds - ok
14:29:05.0322 0x1ad8  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
14:29:05.0353 0x1ad8  vga - ok
14:29:05.0353 0x1ad8  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
14:29:05.0400 0x1ad8  VgaSave - ok
14:29:05.0400 0x1ad8  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
14:29:05.0431 0x1ad8  vhdmp - ok
14:29:05.0463 0x1ad8  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
14:29:05.0478 0x1ad8  viaide - ok
14:29:05.0494 0x1ad8  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
14:29:05.0509 0x1ad8  volmgr - ok
14:29:05.0587 0x1ad8  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
14:29:05.0634 0x1ad8  volmgrx - ok
14:29:05.0650 0x1ad8  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
14:29:05.0681 0x1ad8  volsnap - ok
14:29:05.0712 0x1ad8  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
14:29:05.0743 0x1ad8  vsmraid - ok
14:29:05.0806 0x1ad8  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
14:29:05.0899 0x1ad8  VSS - ok
14:29:05.0899 0x1ad8  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
14:29:05.0931 0x1ad8  vwifibus - ok
14:29:05.0977 0x1ad8  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] VWiFiFlt        C:\Windows\system32\DRIVERS\vwififlt.sys
14:29:06.0040 0x1ad8  VWiFiFlt - ok
14:29:06.0040 0x1ad8  [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
14:29:06.0071 0x1ad8  vwifimp - ok
14:29:06.0118 0x1ad8  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
14:29:06.0165 0x1ad8  W32Time - ok
14:29:06.0180 0x1ad8  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
14:29:06.0211 0x1ad8  WacomPen - ok
14:29:06.0258 0x1ad8  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
14:29:06.0289 0x1ad8  WANARP - ok
14:29:06.0321 0x1ad8  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
14:29:06.0383 0x1ad8  Wanarpv6 - ok
14:29:06.0414 0x1ad8  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
14:29:06.0508 0x1ad8  wbengine - ok
14:29:06.0508 0x1ad8  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
14:29:06.0555 0x1ad8  WbioSrvc - ok
14:29:06.0570 0x1ad8  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
14:29:06.0601 0x1ad8  wcncsvc - ok
14:29:06.0648 0x1ad8  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:29:06.0679 0x1ad8  WcsPlugInService - ok
14:29:06.0711 0x1ad8  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
14:29:06.0726 0x1ad8  Wd - ok
14:29:07.0179 0x1ad8  [ 96C4C98FE4866C16FC64E4578A0AA975, 978942885AE949BC131E991B8FB6C773FA4F925E5CF5EC653F3E1ED8CCB8886F ] WDBackup        C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
14:29:07.0272 0x1ad8  WDBackup - ok
14:29:07.0335 0x1ad8  [ A3D04EBF5227886029B4532F20D026F7, D90F7B9C176008675DA0B5FD7E4973CBC2A04172CEDF8FB7D3B3B4F27B5440D7 ] WDC_SAM         C:\Windows\system32\DRIVERS\wdcsam64.sys
14:29:07.0397 0x1ad8  WDC_SAM - ok
14:29:07.0475 0x1ad8  [ 80F8944EA183004D6EDCBBDCEC166404, AA89D6A49AB0B0E049485977E36E54A06AB1BC7D92DD3924AA8A12C5005BF5F6 ] WDDriveService  C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
14:29:07.0522 0x1ad8  WDDriveService - ok
14:29:07.0693 0x1ad8  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
14:29:07.0756 0x1ad8  Wdf01000 - ok
14:29:07.0803 0x1ad8  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
14:29:07.0959 0x1ad8  WdiServiceHost - ok
14:29:07.0959 0x1ad8  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
14:29:07.0974 0x1ad8  WdiSystemHost - ok
14:29:08.0271 0x1ad8  [ FD2D1C60CDBDFAB63EF182539D8FFC2D, 6774CACC3EAC8764E860C2AABD6F3843AD2C8E6E8D4943B3785E8C7A85FAB1E0 ] WDRulesService  C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
14:29:08.0333 0x1ad8  WDRulesService - ok
14:29:08.0364 0x1ad8  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
14:29:08.0411 0x1ad8  WebClient - ok
14:29:08.0442 0x1ad8  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
14:29:08.0489 0x1ad8  Wecsvc - ok
14:29:08.0505 0x1ad8  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
14:29:08.0551 0x1ad8  wercplsupport - ok
14:29:08.0567 0x1ad8  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
14:29:08.0614 0x1ad8  WerSvc - ok
14:29:08.0661 0x1ad8  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
14:29:08.0692 0x1ad8  WfpLwf - ok
14:29:08.0707 0x1ad8  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
14:29:08.0739 0x1ad8  WIMMount - ok
14:29:08.0754 0x1ad8  WinDefend - ok
14:29:08.0770 0x1ad8  WinHttpAutoProxySvc - ok
14:29:08.0848 0x1ad8  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
14:29:08.0941 0x1ad8  Winmgmt - ok
14:29:09.0222 0x1ad8  [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM           C:\Windows\system32\WsmSvc.dll
14:29:09.0331 0x1ad8  WinRM - ok
14:29:09.0378 0x1ad8  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
14:29:09.0425 0x1ad8  WinUsb - ok
14:29:09.0565 0x1ad8  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
14:29:09.0628 0x1ad8  Wlansvc - ok
14:29:09.0628 0x1ad8  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
14:29:09.0643 0x1ad8  WmiAcpi - ok
14:29:09.0675 0x1ad8  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
14:29:09.0721 0x1ad8  wmiApSrv - ok
14:29:09.0768 0x1ad8  WMPNetworkSvc - ok
14:29:09.0831 0x1ad8  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
14:29:09.0893 0x1ad8  WPCSvc - ok
14:29:09.0909 0x1ad8  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
14:29:09.0955 0x1ad8  WPDBusEnum - ok
14:29:09.0987 0x1ad8  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
14:29:10.0065 0x1ad8  ws2ifsl - ok
14:29:10.0096 0x1ad8  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
14:29:10.0111 0x1ad8  wscsvc - ok
14:29:10.0127 0x1ad8  WSearch - ok
14:29:10.0236 0x1ad8  [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv        C:\Windows\system32\wuaueng.dll
14:29:10.0314 0x1ad8  wuauserv - ok
14:29:10.0361 0x1ad8  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
14:29:11.0250 0x1ad8  WudfPf - ok
14:29:11.0453 0x1ad8  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
14:29:11.0749 0x1ad8  WUDFRd - ok
14:29:11.0905 0x1ad8  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
14:29:11.0952 0x1ad8  wudfsvc - ok
14:29:12.0030 0x1ad8  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
14:29:12.0139 0x1ad8  WwanSvc - ok
14:29:12.0233 0x1ad8  [ 74713CB32792F9C7632DAA7DA22CA974, 1B1D907F8F18AE22E36F371EE6417D068C01FB4F9413571444AF3845A27F3C4D ] ZeroConfigService C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
14:29:12.0311 0x1ad8  ZeroConfigService - ok
14:29:12.0327 0x1ad8  ================ Scan global ===============================
14:29:12.0389 0x1ad8  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
14:29:12.0420 0x1ad8  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
14:29:12.0451 0x1ad8  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
14:29:12.0483 0x1ad8  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
14:29:12.0576 0x1ad8  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
14:29:12.0576 0x1ad8  [ Global ] - ok
14:29:12.0576 0x1ad8  ================ Scan MBR ==================================
14:29:12.0607 0x1ad8  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
14:29:13.0044 0x1ad8  \Device\Harddisk0\DR0 - ok
14:29:13.0044 0x1ad8  ================ Scan VBR ==================================
14:29:13.0044 0x1ad8  [ 1F604F352C2592364EBF38AC840311FB ] \Device\Harddisk0\DR0\Partition1
14:29:13.0138 0x1ad8  \Device\Harddisk0\DR0\Partition1 - ok
14:29:13.0153 0x1ad8  [ 335000047A1CF3C56B00B74809BC13AC ] \Device\Harddisk0\DR0\Partition2
14:29:13.0216 0x1ad8  \Device\Harddisk0\DR0\Partition2 - ok
14:29:13.0216 0x1ad8  ================ Scan generic autorun ======================
14:29:13.0263 0x1ad8  [ BE49AF92F13030E188DBE8E2841D173A, AFC312A888F63D34E4F4E27A3FF50D5569BCAF0DD061671CC661E778FEC02EEB ] C:\Windows\system32\igfxtray.exe
14:29:13.0309 0x1ad8  IgfxTray - ok
14:29:13.0699 0x1ad8  [ 79C9B6A7836DC358216036A1EBA31B62, 9E3987ED10C5CFCD06A2DCBC4E0838004F97A1527527749EF3CC7C5EC5AC2597 ] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
14:29:13.0777 0x1ad8  AdobeAAMUpdater-1.0 - ok
14:29:14.0417 0x1ad8  [ 60D1853C0AFF0B660388B6CAB75BCDB3, 0385555C97BD6E21301E3BCF487B6B8D752E31E836377F6A5813FD21F3D730AC ] C:\Program Files\TuneClone\TuneClone.exe
14:29:14.0620 0x1ad8  TuneClone - detected UnsignedFile.Multi.Generic ( 1 )
14:29:16.0991 0x1ad8  Detect skipped due to KSN trusted
14:29:16.0991 0x1ad8  TuneClone - ok
14:29:17.0568 0x1ad8  [ 2DCF8AE74898973BC9A3E689D60F4795, 7427F77C3CF25733298EDF170C3D8443202BE900A17921927FAF56FD07AE52A8 ] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
14:29:17.0755 0x1ad8  Energy Management - ok
14:29:17.0974 0x1ad8  [ B8639E972CA8340F87CB99D28D82120B, BFB305D975D061554E296ED36D025606EEF221B10EBB4C298A02A78596BA2CA6 ] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe
14:29:18.0114 0x1ad8  EnergyUtility - ok
14:29:18.0426 0x1ad8  [ 5B4A4463F59E1FE798FE28E3A16AE68A, 33F9DDA97D853D2CFE56468E810B6BD2D1AB427C15E57E5601F35090DD41CB38 ] C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE
14:29:18.0489 0x1ad8  F-Secure Manager - ok
14:29:18.0567 0x1ad8  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
14:29:18.0723 0x1ad8  Sidebar - ok
14:29:18.0738 0x1ad8  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
14:29:18.0769 0x1ad8  mctadmin - ok
14:29:18.0785 0x1ad8  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
14:29:18.0847 0x1ad8  Sidebar - ok
14:29:18.0847 0x1ad8  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
14:29:18.0879 0x1ad8  mctadmin - ok
14:29:19.0035 0x1ad8  [ D6AC59D8854B893E9D5AD12E7AFF4C8D, D8BD4EEF86355F4DA416A78CB2CB236AD0253703253850D32FDF638864ADE0CD ] C:\ProgramData\VideoDownloaderUltimateWinApp\VideoDownloaderUltimate.exe
14:29:19.0175 0x1ad8  VideoDownloaderUltimate - ok
14:29:20.0844 0x1ad8  [ FB02263BA280CEF662316EF78D3B9C74, B40E6EF424291E787367AE93A1430C643034D2A3DF68AFBF54819F61DB099AA9 ] C:\Users\Nörpel\AppData\Local\Amazon Music\Amazon Music Helper.exe
14:29:21.0141 0x1ad8  Amazon Music - ok
14:29:21.0297 0x1ad8  [ EC58C1A9A3281CE0C8FCC05BDBFECB37, 3738BBC112346B32F686F1CB4B4AAD89B06AA1F8FB2D333BC2D2F554212A0A59 ] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
14:29:21.0375 0x1ad8  iCloudServices - ok
14:29:21.0375 0x1ad8  Adobe Speed Launcher - ok
14:29:21.0421 0x1ad8  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
14:29:21.0499 0x1ad8  Sidebar - ok
14:29:21.0531 0x1ad8  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
14:29:21.0562 0x1ad8  mctadmin - ok
14:29:21.0562 0x1ad8  Waiting for KSN requests completion. In queue: 12
14:29:22.0576 0x1ad8  Waiting for KSN requests completion. In queue: 12
14:29:23.0590 0x1ad8  Waiting for KSN requests completion. In queue: 12
14:29:24.0729 0x1ad8  AV detected via SS2: Avira Desktop, C:\Program Files (x86)\Avira\AntiVir Desktop\wsctool.exe ( 14.0.7.440 ), 0x41000 ( enabled : updated )
14:29:24.0760 0x1ad8  AV detected via SS2: Antivirus, C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\fsavwsch.exe ( 11.0.20110.0 ), 0x41000 ( enabled : updated )
14:29:24.0791 0x1ad8  Win FW state via NFP2: enabled
14:29:27.0242 0x1ad8  ============================================================
14:29:27.0242 0x1ad8  Scan finished
14:29:27.0242 0x1ad8  ============================================================
14:29:27.0242 0x1788  Detected object count: 0
14:29:27.0242 0x1788  Actual detected object count: 0
         
__________________

Alt 14.12.2014, 19:46   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Win 7 64 bit Programme lassen sich nicht starten, System stürzt ab, nach seltsamem Windows Update - Standard

Win 7 64 bit Programme lassen sich nicht starten, System stürzt ab, nach seltsamem Windows Update



hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 14.12.2014, 21:01   #5
laures
 
Win 7 64 bit Programme lassen sich nicht starten, System stürzt ab, nach seltsamem Windows Update - Standard

Win 7 64 bit Programme lassen sich nicht starten, System stürzt ab, nach seltsamem Windows Update



Danke nochmals, Schrauber. Ich weiß es zu schätzen, was Ihr hier tut. Hat was gedauert, der Scan und der Reboot, aber hier das Logfile:

Code:
ATTFilter
ComboFix 14-12-14.01 - Nörpel 14.12.2014  21:14:27.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8094.5589 [GMT 1:00]
ausgeführt von:: c:\users\N÷rpel\Desktop\ComboFix.exe
AV: Antivirus *Disabled/Updated* {0F70A6C4-76E4-6A3B-2695-519F428B1C20}
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Antivirus *Disabled/Updated* {B4114720-50DE-65B5-1C25-6AED390C569D}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
 ADS - Windows: deleted 0 bytes in 1 streams. 
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\users\Nörpel\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\users\NRPEL~1\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\windows\msdownld.tmp
c:\windows\wininit.ini
H:\Autorun.inf
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-11-14 bis 2014-12-14  ))))))))))))))))))))))))))))))
.
.
2014-12-14 12:31 . 2014-12-14 12:35	--------	d-----w-	C:\FRST
2014-12-13 16:50 . 2014-12-13 16:50	--------	d-----w-	c:\programdata\Package Cache
2014-12-13 16:49 . 2014-12-13 16:49	--------	d-----w-	c:\users\Nörpel\AppData\Roaming\Avira
2014-12-13 16:45 . 2014-11-24 09:23	28600	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2014-12-13 16:45 . 2014-11-24 09:23	131608	----a-w-	c:\windows\system32\drivers\avipbb.sys
2014-12-13 16:45 . 2014-11-24 09:23	119272	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2014-12-13 16:45 . 2014-12-13 16:53	--------	d-----w-	c:\program files (x86)\Avira
2014-12-13 16:45 . 2014-12-13 16:53	--------	d-----w-	c:\programdata\Avira
2014-12-13 09:08 . 2014-12-13 09:26	--------	d-----w-	c:\programdata\regid.1991-06.com.microsoft
2014-12-13 08:45 . 2014-12-13 08:46	--------	d-----w-	c:\program files\Microsoft Office 15
2014-12-13 08:37 . 2014-12-13 08:37	--------	d-----w-	c:\users\Nörpel\AppData\Local\F-Secure
2014-12-11 17:44 . 2014-12-11 17:44	--------	d-----w-	c:\windows\system32\appraiser
2014-12-11 13:28 . 2014-10-18 01:33	3209728	----a-w-	c:\windows\SysWow64\mf.dll
2014-12-11 13:28 . 2014-10-18 02:05	4121600	----a-w-	c:\windows\system32\mf.dll
2014-12-11 12:54 . 2014-11-11 03:09	1424384	----a-w-	c:\windows\system32\WindowsCodecs.dll
2014-12-11 12:54 . 2014-11-11 02:44	1230336	----a-w-	c:\windows\SysWow64\WindowsCodecs.dll
2014-12-11 12:53 . 2014-12-01 23:28	1232040	----a-w-	c:\windows\system32\aitstatic.exe
2014-12-11 12:53 . 2014-12-04 02:50	192000	----a-w-	c:\windows\system32\aepic.dll
2014-12-11 12:53 . 2014-12-04 02:44	1083392	----a-w-	c:\windows\system32\aeinv.dll
2014-12-11 12:53 . 2014-12-04 02:50	741376	----a-w-	c:\windows\system32\invagent.dll
2014-12-11 12:53 . 2014-12-04 02:50	413184	----a-w-	c:\windows\system32\generaltel.dll
2014-12-11 12:53 . 2014-12-04 02:50	396800	----a-w-	c:\windows\system32\devinv.dll
2014-12-11 12:53 . 2014-12-04 02:50	227328	----a-w-	c:\windows\system32\aepdu.dll
2014-12-11 12:48 . 2014-11-22 03:13	25059840	----a-w-	c:\windows\system32\mshtml.dll
2014-12-11 12:48 . 2014-11-22 03:00	10949120	----a-w-	c:\program files\Internet Explorer\F12Resources.dll
2014-12-11 12:41 . 2014-11-11 01:46	119296	----a-w-	c:\windows\system32\drivers\tdx.sys
2014-12-11 12:40 . 2014-10-30 02:03	165888	----a-w-	c:\windows\system32\charmap.exe
2014-12-11 12:40 . 2014-10-30 01:45	155136	----a-w-	c:\windows\SysWow64\charmap.exe
2014-12-11 12:40 . 2014-10-03 02:12	2020352	----a-w-	c:\windows\system32\WsmSvc.dll
2014-12-11 12:40 . 2014-10-03 01:45	1177088	----a-w-	c:\windows\SysWow64\WsmSvc.dll
2014-12-11 12:40 . 2014-10-03 02:12	310272	----a-w-	c:\windows\system32\WsmWmiPl.dll
2014-12-11 12:40 . 2014-10-03 02:11	266240	----a-w-	c:\windows\system32\WSManHTTPConfig.exe
2014-12-11 12:40 . 2014-10-03 02:12	346624	----a-w-	c:\windows\system32\WSManMigrationPlugin.dll
2014-12-11 12:40 . 2014-10-03 02:12	181248	----a-w-	c:\windows\system32\WsmAuto.dll
2014-12-11 12:40 . 2014-10-03 01:45	248832	----a-w-	c:\windows\SysWow64\WSManMigrationPlugin.dll
2014-12-11 12:40 . 2014-10-03 01:45	214016	----a-w-	c:\windows\SysWow64\WsmWmiPl.dll
2014-12-11 12:40 . 2014-10-03 01:44	198656	----a-w-	c:\windows\SysWow64\WSManHTTPConfig.exe
2014-12-11 12:39 . 2014-10-03 01:45	145920	----a-w-	c:\windows\SysWow64\WsmAuto.dll
2014-12-11 12:32 . 2014-11-08 03:16	2048	----a-w-	c:\windows\system32\tzres.dll
2014-12-11 12:32 . 2014-11-08 02:45	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2014-12-09 20:12 . 2014-12-09 20:12	3981488	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-12-03 06:31 . 2014-12-03 06:31	227048	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2014-11-26 00:59 . 2014-11-26 00:59	20640	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\VSTO\10.0\1031\VSTOLoaderUI.dll
2014-11-26 00:59 . 2014-11-26 00:59	11424	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\VSTO\10.0\1031\VSTOInstallerUI.dll
2014-11-20 20:59 . 2014-11-20 20:59	--------	d-----w-	c:\windows\SysWow64\NV
2014-11-20 20:59 . 2014-11-20 20:59	--------	d-----w-	c:\windows\system32\NV
2014-11-19 16:35 . 2014-11-11 03:08	241152	----a-w-	c:\windows\system32\pku2u.dll
2014-11-19 16:35 . 2014-11-11 03:08	728064	----a-w-	c:\windows\system32\kerberos.dll
2014-11-19 16:35 . 2014-11-11 02:44	186880	----a-w-	c:\windows\SysWow64\pku2u.dll
2014-11-19 16:35 . 2014-11-11 02:44	550912	----a-w-	c:\windows\SysWow64\kerberos.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-13 09:07 . 2014-03-07 19:59	590536	----a-w-	c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2014-12-11 16:45 . 2013-08-09 23:57	112710672	----a-w-	c:\windows\system32\MRT.exe
2014-12-09 20:13 . 2013-08-14 06:07	71344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-09 20:13 . 2013-08-14 06:07	701104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-11-19 16:44 . 2013-08-09 20:34	56016	----a-w-	c:\windows\system32\drivers\fsbts.sys
2014-10-30 03:00 . 2014-10-30 03:00	829264	----a-w-	c:\windows\system32\msvcr100.dll
2014-10-30 03:00 . 2014-10-30 03:00	608080	----a-w-	c:\windows\system32\msvcp100.dll
2014-10-30 01:49 . 2014-10-30 01:49	773968	----a-w-	c:\windows\SysWow64\msvcr100.dll
2014-10-30 01:49 . 2014-10-30 01:49	421200	----a-w-	c:\windows\SysWow64\msvcp100.dll
2014-10-25 01:57 . 2014-11-12 17:00	77824	----a-w-	c:\windows\system32\packager.dll
2014-10-25 01:32 . 2014-11-12 17:00	67584	----a-w-	c:\windows\SysWow64\packager.dll
2014-10-18 02:05 . 2014-11-12 16:43	861696	----a-w-	c:\windows\system32\oleaut32.dll
2014-10-18 01:33 . 2014-11-12 16:43	571904	----a-w-	c:\windows\SysWow64\oleaut32.dll
2014-10-14 02:16 . 2014-11-12 17:15	155064	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2014-10-14 02:13 . 2014-11-12 17:15	683520	----a-w-	c:\windows\system32\termsrv.dll
2014-10-14 02:13 . 2014-11-12 17:12	3241984	----a-w-	c:\windows\system32\msi.dll
2014-10-14 02:12 . 2014-11-12 17:15	1460736	----a-w-	c:\windows\system32\lsasrv.dll
2014-10-14 02:09 . 2014-11-12 17:14	146432	----a-w-	c:\windows\system32\msaudite.dll
2014-10-14 02:07 . 2014-11-12 17:15	681984	----a-w-	c:\windows\system32\adtschema.dll
2014-10-14 01:50 . 2014-11-12 17:14	22016	----a-w-	c:\windows\SysWow64\secur32.dll
2014-10-14 01:50 . 2014-11-12 17:12	2363904	----a-w-	c:\windows\SysWow64\msi.dll
2014-10-14 01:49 . 2014-11-12 17:14	96768	----a-w-	c:\windows\SysWow64\sspicli.dll
2014-10-14 01:47 . 2014-11-12 17:14	146432	----a-w-	c:\windows\SysWow64\msaudite.dll
2014-10-14 01:46 . 2014-11-12 17:15	681984	----a-w-	c:\windows\SysWow64\adtschema.dll
2014-10-10 00:57 . 2014-11-12 17:00	3198976	----a-w-	c:\windows\system32\win32k.sys
2014-10-03 02:12 . 2014-11-12 17:06	500224	----a-w-	c:\windows\system32\AUDIOKSE.dll
2014-10-03 02:11 . 2014-11-12 17:06	284672	----a-w-	c:\windows\system32\EncDump.dll
2014-10-03 02:11 . 2014-11-12 17:06	680960	----a-w-	c:\windows\system32\audiosrv.dll
2014-10-03 02:11 . 2014-11-12 17:06	440832	----a-w-	c:\windows\system32\AudioEng.dll
2014-10-03 02:11 . 2014-11-12 17:06	296448	----a-w-	c:\windows\system32\AudioSes.dll
2014-10-03 01:44 . 2014-11-12 17:06	442880	----a-w-	c:\windows\SysWow64\AUDIOKSE.dll
2014-10-03 01:44 . 2014-11-12 17:06	374784	----a-w-	c:\windows\SysWow64\AudioEng.dll
2014-10-03 01:44 . 2014-11-12 17:06	195584	----a-w-	c:\windows\SysWow64\AudioSes.dll
2014-10-02 12:23 . 2014-10-02 12:23	94208	----a-w-	c:\windows\SysWow64\QuickTimeVR.qtx
2014-10-02 12:23 . 2014-10-02 12:23	69632	----a-w-	c:\windows\SysWow64\QuickTime.qts
2014-10-01 12:28 . 2013-09-13 15:01	3736888	------w-	c:\windows\SysWow64\M2ElevatedNetworkAdapters.dll
2014-10-01 12:28 . 2013-09-13 15:01	4201784	------w-	c:\windows\SysWow64\m2ElevatedCalls.dll
2014-09-25 02:08 . 2014-10-01 15:11	371712	----a-w-	c:\windows\system32\qdvd.dll
2014-09-25 01:40 . 2014-10-01 15:11	519680	----a-w-	c:\windows\SysWow64\qdvd.dll
2014-09-19 09:42 . 2014-11-12 17:05	210944	----a-w-	c:\windows\system32\wdigest.dll
2014-09-19 09:42 . 2014-11-12 17:04	86528	----a-w-	c:\windows\system32\TSpkg.dll
2014-09-19 09:42 . 2014-11-12 17:05	342016	----a-w-	c:\windows\system32\schannel.dll
2014-09-19 09:42 . 2014-11-12 17:05	309760	----a-w-	c:\windows\system32\ncrypt.dll
2014-09-19 09:42 . 2014-11-12 17:05	314880	----a-w-	c:\windows\system32\msv1_0.dll
2014-09-19 09:42 . 2014-11-12 17:04	22016	----a-w-	c:\windows\system32\credssp.dll
2014-09-19 09:23 . 2014-11-12 17:04	172032	----a-w-	c:\windows\SysWow64\wdigest.dll
2014-09-19 09:23 . 2014-11-12 17:04	65536	----a-w-	c:\windows\SysWow64\TSpkg.dll
2014-09-19 09:23 . 2014-11-12 17:05	248832	----a-w-	c:\windows\SysWow64\schannel.dll
2014-09-19 09:23 . 2014-11-12 17:05	221184	----a-w-	c:\windows\SysWow64\ncrypt.dll
2014-09-19 09:23 . 2014-11-12 17:05	259584	----a-w-	c:\windows\SysWow64\msv1_0.dll
2014-09-19 09:23 . 2014-11-12 17:04	17408	----a-w-	c:\windows\SysWow64\credssp.dll
2013-12-04 16:58 . 2013-12-04 16:58	49940480	----a-w-	c:\program files (x86)\GUT7563.tmp
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-12-13 09:16	1729744	----a-w-	c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-12-13 09:16	1729744	----a-w-	c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-12-13 09:16	1729744	----a-w-	c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	131480	----a-w-	c:\users\Nörpel\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	131480	----a-w-	c:\users\Nörpel\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	131480	----a-w-	c:\users\Nörpel\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VideoDownloaderUltimate"="c:\programdata\VideoDownloaderUltimateWinApp\VideoDownloaderUltimate.exe" [2014-11-08 870008]
"Amazon Music"="c:\users\Nörpel\AppData\Local\Amazon Music\Amazon Music Helper.exe" [2014-11-19 6277952]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2014-10-17 43816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"F-Secure Manager"="c:\program files (x86)\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE" [2014-06-24 310312]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2013-10-01 395656]
"Redirector"="c:\program files (x86)\Citrix\ICA Client\redirector.exe" [2013-10-01 153992]
"EnergyUtility"="c:\program files (x86)\Lenovo\EnergyCut\utilty.exe" [2007-04-27 1581056]
"EnergyCut"="c:\program files (x86)\Lenovo\EnergyCut\EnergyCut.exe" [2007-03-09 1167360]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-11-20 1021128]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-10-15 157480]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-10-02 421888]
"F-Secure Hoster (666)"="c:\program files (x86)\F-Secure\fshoster32.exe" [2014-07-08 187432]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-11-24 702768]
"Avira Systray"="c:\program files (x86)\Avira\My Avira\Avira.OE.Systray.exe" [2014-10-22 124208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u msoidssp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protokoll;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 HH10Help.sys;HH10Help.sys;c:\windows\system32\drivers\HH10Help.sys;c:\windows\SYSNATIVE\drivers\HH10Help.sys [x]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys;c:\windows\SYSNATIVE\Drivers\mvusbews.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys;c:\windows\SYSNATIVE\Drivers\fsbts.sys [x]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys;c:\windows\SYSNATIVE\DRIVERS\LhdX64.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 tclondrv;tclondrv;c:\windows\system32\DRIVERS\tclondrv.sys;c:\windows\SYSNATIVE\DRIVERS\tclondrv.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x]
S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files (x86)\F-Secure\apps\ComputerSecurity\HIPS\drivers\fshs.sys;c:\program files (x86)\F-Secure\apps\ComputerSecurity\HIPS\drivers\fshs.sys [x]
S1 fsvista;F-Secure Vista Support Driver;c:\program files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys;c:\program files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [x]
S1 vdrv1000;vdrv1000;c:\windows\system32\DRIVERS\vdrv1000.sys;c:\windows\SYSNATIVE\DRIVERS\vdrv1000.sys [x]
S2 AdobeActiveFileMonitor11.0;Adobe Active File Monitor V11;c:\program files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [x]
S2 AdobeActiveFileMonitor12.0;Adobe Active File Monitor V12;c:\program files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 ClickToRunSvc;Microsoft Office-Klick-und-Los-Dienst;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe;c:\program files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe [x]
S2 fshoster;F-Secure Dll Hoster;c:\program files (x86)\F-Secure\fshoster32.exe;c:\program files (x86)\F-Secure\fshoster32.exe [x]
S2 FSORSPClient;F-Secure ORSP Client;c:\program files (x86)\F-Secure\apps\CCF_Reputation\fsorsp.exe;c:\program files (x86)\F-Secure\apps\CCF_Reputation\fsorsp.exe [x]
S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe;c:\windows\SYSNATIVE\HPSIsvc.exe [x]
S2 msoidsvc;Microsoft Online Services Sign-in Assistant;c:\program files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE;c:\program files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [x]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\nlssrv32.exe;c:\windows\SysWOW64\nlssrv32.exe [x]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe;c:\program files (x86)\PDF Architect\HelperService.exe [x]
S2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe;c:\program files (x86)\PDF Architect\ConversionService.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S2 VC10SecS;Virtual CD v10 Management Service;c:\program files (x86)\Virtual CD v10\System\VC10SecS.exe;c:\program files (x86)\Virtual CD v10\System\VC10SecS.exe [x]
S2 WDBackup;WD Backup;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [x]
S2 WDDriveService;WD Drive Manager;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [x]
S2 WDRulesService;WD Rules;c:\program files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe;c:\program files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [x]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys;c:\windows\SYSNATIVE\DRIVERS\AcpiVpc.sys [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed - Virtueller Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys;c:\program files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [x]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe;c:\program files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe [x]
S3 fsni;fsni;c:\program files (x86)\F-Secure\apps\CCF_Scanning\bin\fsni64.sys;c:\program files (x86)\F-Secure\apps\CCF_Scanning\bin\fsni64.sys [x]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C60x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C60x64.sys [x]
S3 SmbDrvIntel;SmbDrvIntel;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
S3 vcd10bus;Virtual CD v10 Bus Enumerator;c:\windows\system32\DRIVERS\vcd10bus.sys;c:\windows\SYSNATIVE\DRIVERS\vcd10bus.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-12-12 07:22	1087816	----a-w-	c:\program files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-12-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-14 20:13]
.
2014-12-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-09 22:17]
.
2014-12-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-09 22:17]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-12-13 09:16	2334928	----a-w-	c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-12-13 09:16	2334928	----a-w-	c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-12-13 09:16	2334928	----a-w-	c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	164760	----a-w-	c:\users\Nörpel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	164760	----a-w-	c:\users\Nörpel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	164760	----a-w-	c:\users\Nörpel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	164760	----a-w-	c:\users\Nörpel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 172144]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2013-06-03 472984]
"TuneClone"="c:\program files\TuneClone\TuneClone.exe" [2012-02-24 4550656]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2014-09-12 8079408]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2014-09-12 6199128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
Trusted Zone: sharepoint.com\christineschmidt
Trusted Zone: sharepoint.com\christineschmidt-admin
Trusted Zone: sharepoint.com\christineschmidt-my
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Nörpel\AppData\Roaming\Mozilla\Firefox\Profiles\ur5wwrnu.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fshoster]
"ImagePath"="\"c:\program files (x86)\F-Secure\fshoster32.exe\" -hosterid:0"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{25A3A431-30BB-47C8-AD6A-E1063801134F}"=hex:51,66,7a,6c,4c,1d,38,12,5f,a7,b0,
   21,89,7e,a6,02,d2,7c,a2,46,3d,5f,57,5b
"{3A2D5EBA-F86D-4BD3-A177-019765996711}"=hex:51,66,7a,6c,4c,1d,38,12,d4,5d,3e,
   3e,5f,b6,bd,0e,de,61,42,d7,60,c7,23,05
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
   b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
   fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
   b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:29,25,c6,00,ef,bd,ce,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,98,1d,72,1b,8d,9b,dc,41,b7,27,6f,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,98,1d,72,1b,8d,9b,dc,41,b7,27,6f,\
.
[HKEY_USERS\S-1-5-21-3940675302-785021557-2801149589-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{878021E0-E3FF-FFFC-FA0D-D064AECC4E7F}*]
"hanjhmmacdlpmbbj"=hex:6a,61,69,6e,70,67,69,6e,63,64,64,6d,6b,69,6f,6d,65,70,
   69,6c,00,00
"iahdfpigjlifghahgp"=hex:63,61,65,6e,6f,69,00,01
"iadkfchjenhggnkfnb"=hex:6a,61,69,6e,70,67,69,6e,63,64,64,6d,6b,69,6f,6d,65,70,
   69,6c,00,00
"dbgklghbfdafnonfadknkidfcjoafafgaelkbdhi"=hex:6a,62,70,6a,6f,6b,69,70,6f,66,
   6b,68,6b,69,6e,62,6e,70,68,61,65,6c,65,6b,6c,62,69,66,6f,63,70,6e,6e,6c,6b,\
"jbgklghbfdafnonfadknjjncmaafecjbkngnpbbeianiilklbnik"=hex:6f,61,62,64,69,66,
   63,62,65,68,6d,66,70,67,6f,62,69,61,6f,6c,6a,64,68,6e,65,6f,6f,6d,6e,61,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\F-Secure\My Services Agent\Protected]
@Denied: ) (Everyone)
"AgentIdentifier"="b7ad7f1d-c79d-4d80-9a0b-d67384eb1523"
"AuthorizationCode"=""
"666_AgentIdentifier"="b7ad7f1d-c79d-4d80-9a0b-d67384eb1523"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\FSGK32.EXE
c:\program files (x86)\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE
c:\program files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\fssm32.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-12-14  21:47:14 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-12-14 20:47
.
Vor Suchlauf: 11 Verzeichnis(se), 105.534.889.984 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 109.455.675.392 Bytes frei
.
- - End Of File - - CB7D08B69993A603E33D1FF893A2544E
A36C5E4F47E84449FF07ED3517B43A31
         


Alt 15.12.2014, 18:35   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Win 7 64 bit Programme lassen sich nicht starten, System stürzt ab, nach seltsamem Windows Update - Standard

Win 7 64 bit Programme lassen sich nicht starten, System stürzt ab, nach seltsamem Windows Update



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
--> Win 7 64 bit Programme lassen sich nicht starten, System stürzt ab, nach seltsamem Windows Update

Alt 15.12.2014, 20:17   #7
laures
 
Win 7 64 bit Programme lassen sich nicht starten, System stürzt ab, nach seltsamem Windows Update - Standard

Win 7 64 bit Programme lassen sich nicht starten, System stürzt ab, nach seltsamem Windows Update



Und wieder bedanke ich mich!
Malwarebytes hat einiges gefunden und ich hatte beim Restart das Gefühl, als ob alles jetzt schneller geht....

Hier sind die gewünschten Logs:
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 15.12.2014
Suchlauf-Zeit: 19:48:23
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2014.12.15.04
Rootkit Datenbank: v2014.12.14.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Nörpel

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 390637
Verstrichene Zeit: 25 Min, 24 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 0
(Keine schädliche Elemente erkannt)

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
         
Code:
ATTFilter
# AdwCleaner v4.105 - Bericht erstellt am 15/12/2014 um 20:48:20
# Aktualisiert 08/12/2014 von Xplode
# Database : 2014-12-13.4 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Nörpel - NIKKI
# Gestartet von : C:\Users\Nörpel\Desktop\AdwCleaner_4.105.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\Nörpel\AppData\Roaming\pdfforge
Datei Gelöscht : C:\Users\Nörpel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lyricsmode.com_0.localstorage
Datei Gelöscht : C:\Users\Nörpel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lyricsmode.com_0.localstorage-journal

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]
Schlüssel Gelöscht : HKCU\Software\Bitberry
Schlüssel Gelöscht : HKCU\Software\OCS

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v23.0 (de)


-\\ Google Chrome v39.0.2171.95

[C:\Users\Nörpel\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://int.search-results.com/web?q={searchTerms}&o=15527&l=dis&prt=NIS&chn=retail&geo=DE&ver=19&gct=sb&qsrc=2869
[C:\Users\Nörpel\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.softonic.de/s/{searchTerms}

*************************

AdwCleaner[R0].txt - [2126 octets] - [15/12/2014 20:37:05]
AdwCleaner[S0].txt - [1950 octets] - [15/12/2014 20:48:20]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2010 octets] ##########
         
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 7 Home Premium x64
Ran by N”rpel on 15.12.2014 at 21:05:07,95
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15.12.2014 at 21:09:58,58
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Und auch den FRST noch:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-12-2014
Ran by Nörpel (administrator) on NIKKI on 15-12-2014 21:13:04
Running from C:\Users\Nörpel\Downloads
Loaded Profiles: Nörpel & UpdatusUser (Available profiles: Nörpel & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(TuneClone.COM) C:\Program Files\TuneClone\TuneClone.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Firebird Project) C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe
() C:\Users\Nörpel\AppData\Local\Amazon Music\Amazon Music Helper.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\CCF_Reputation\fsorsp.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\fsgk32.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\EnergyCut\EnergyCut.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(H+H Software GmbH) C:\Program Files (x86)\Virtual CD v10\System\VC10SecS.exe
(Western Digital) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE
(Firebird Project) C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSHDLL64.EXE
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\fssm32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Western Digital ) C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
(Western Digital ) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-03] (Adobe Systems Incorporated)
HKLM\...\Run: [TuneClone] => C:\Program Files\TuneClone\TuneClone.exe [4550656 2012-02-24] (TuneClone.COM)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [8079408 2014-09-12] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [6199128 2014-09-12] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [F-Secure Manager] => C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE [310312 2014-06-24] (F-Secure Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395656 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153992 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\EnergyCut\utilty.exe [1581056 2007-04-27] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [EnergyCut] => C:\Program Files (x86)\Lenovo\EnergyCut\EnergyCut.exe [1167360 2007-03-09] (Lenovo (Beijing) Limited)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [F-Secure Hoster (666)] => C:\Program Files (x86)\F-Secure\fshoster32.exe [187432 2014-07-08] (F-Secure Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-11-24] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3940675302-785021557-2801149589-1000\...\Run: [VideoDownloaderUltimate] => C:\ProgramData\VideoDownloaderUltimateWinApp\VideoDownloaderUltimate.exe [870008 2014-11-08] (Link64 GmbH)
HKU\S-1-5-21-3940675302-785021557-2801149589-1000\...\Run: [Amazon Music] => C:\Users\Nörpel\AppData\Local\Amazon Music\Amazon Music Helper.exe [6277952 2014-11-19] ()
HKU\S-1-5-21-3940675302-785021557-2801149589-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [184048 2013-12-26] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [156256 2013-12-26] (NVIDIA Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3940675302-785021557-2801149589-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3940675302-785021557-2801149589-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3940675302-785021557-2801149589-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: F-Secure Browsing Protection -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\browser\install\fs_ie_https\fs_ie_https64.dll (F-Secure Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: F-Secure Browsing Protection -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\browser\install\fs_ie_https\fs_ie_https.dll (F-Secure Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Nörpel\AppData\Roaming\Mozilla\Firefox\Profiles\ur5wwrnu.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3940675302-785021557-2801149589-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Nörpel\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll No File
FF Extension: Avira Browser Safety - C:\Users\Nörpel\AppData\Roaming\Mozilla\Firefox\Profiles\ur5wwrnu.default\Extensions\abs@avira.com [2014-12-13]
FF Extension: No Name - C:\Users\Nörpel\AppData\Roaming\Mozilla\Firefox\Profiles\ur5wwrnu.default\Extensions\{3ECB0610-B265-46A4-9BA8-CC4B1B256FAC} [2013-09-13]
FF Extension: Hilfe Assistent - C:\Users\Nörpel\AppData\Roaming\Mozilla\Firefox\Profiles\ur5wwrnu.default\Extensions\{} [2014-11-04]
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-08-17]
FF HKLM-x32\...\Firefox\Extensions: [{6fe60cba-b80c-4394-8128-96b46aa7c821}] - C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\browser\deploy\fs_firefox_https
FF Extension: Browsing Protection - C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\browser\deploy\fs_firefox_https [2014-11-19]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.de/
CHR Profile: C:\Users\Nörpel\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Nörpel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-20]
CHR Extension: (Adblock Plus) - C:\Users\Nörpel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-09-20]
CHR Extension: (Video Downloader professional) - C:\Users\Nörpel\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2014-09-20]
CHR Extension: (XKit) - C:\Users\Nörpel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpfgeeomkfdefkckijiabdbogjkdaecd [2014-10-30]
CHR Extension: (Social Fixer for Facebook) - C:\Users\Nörpel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb [2014-09-20]
CHR Extension: (Browsing Protection by F-Secure) - C:\Users\Nörpel\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmjjnhpacphpjmnnlnccpfmhkcloaade [2014-09-20]
CHR Extension: (Gutscheinaffe) - C:\Users\Nörpel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfoleljfffgljekfndmmfbcmhkgeellb [2014-09-20]
CHR Extension: (Google Wallet) - C:\Users\Nörpel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-20]
CHR Extension: (Tumblr Savior) - C:\Users\Nörpel\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefddkjnflmjbclpnnoegglmmdfkidip [2014-09-20]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [jmjjnhpacphpjmnnlnccpfmhkcloaade] - C:/Program Files (x86)/F-Secure/apps/CCF_Scanning/bin/browser/install/fs_chrome_https/fs_chrome_https.crx [2014-06-25]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-17] (Adobe Systems Incorporated)
R2 AdobeActiveFileMonitor12.0; C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [181152 2013-09-25] (Adobe Systems Incorporated)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
R2 FirebirdGuardianDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe [98304 2010-09-17] (Firebird Project) [File not signed]
R3 FirebirdServerDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe [3735552 2010-09-17] (Firebird Project) [File not signed]
R2 fshoster; C:\Program Files (x86)\F-Secure\fshoster32.exe [187432 2014-07-08] (F-Secure Corporation)
R3 FSMA; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE [216104 2014-06-24] (F-Secure Corporation)
R2 FSORSPClient; C:\Program Files (x86)\F-Secure\apps\CCF_Reputation\fsorsp.exe [60456 2014-06-24] (F-Secure Corporation)
R2 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2079520 2012-05-17] (Microsoft Corp.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] ()
R2 nlsX86cc; C:\Windows\SysWOW64\nlssrv32.exe [66560 2012-02-27] (Nalpeiron Ltd.) [File not signed]
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 VC10SecS; C:\Program Files (x86)\Virtual CD v10\System\VC10SecS.exe [147464 2013-01-08] (H+H Software GmbH)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1157056 2012-09-19] (Western Digital )
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [248248 2012-09-19] (Western Digital)
R2 WDRulesService; C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [1177536 2012-09-19] (Western Digital )
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-11-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-11-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-11-24] (Avira Operations GmbH & Co. KG)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [134696 2012-02-02] (Broadcom Corporation.)
R3 F-Secure Gatekeeper; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [207400 2014-11-19] (F-Secure Corporation)
R1 F-Secure HIPS; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\HIPS\drivers\fshs.sys [71112 2014-11-18] (F-Secure Corporation)
R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [56016 2014-11-19] ()
R3 fsni; C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\fsni64.sys [89640 2014-12-02] (F-Secure Corporation)
R1 fsvista; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [13352 2014-06-24] ()
R3 L1C; C:\Windows\System32\DRIVERS\L1C60x64.sys [99440 2012-03-02] (Qualcomm Atheros Co., Ltd.)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-12-24] (Marvell Semiconductor, Inc.)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation)
R3 SmbDrvIntel; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [27408 2012-03-26] (Synaptics Incorporated)
R0 tclondrv; C:\Windows\System32\DRIVERS\tclondrv.sys [26856 2012-02-24] (TuneClone Software)
R1 vdrv1000; C:\Windows\System32\DRIVERS\vdrv1000.sys [226080 2012-12-06] (H+H Software GmbH)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 HH10Help.sys; \??\C:\Windows\system32\drivers\HH10Help.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-15 21:09 - 2014-12-15 21:09 - 00000626 _____ () C:\Users\Nörpel\Desktop\JRT.txt
2014-12-15 21:04 - 2014-12-15 21:04 - 00000000 ____D () C:\Windows\ERUNT
2014-12-15 20:54 - 2014-12-15 20:54 - 00002090 _____ () C:\Users\Nörpel\Desktop\AdwCleaner[S0].txt
2014-12-15 20:53 - 2014-12-15 20:53 - 00000000 ____D () C:\Users\Nörpel\Documents\TuneClone
2014-12-15 20:36 - 2014-12-15 20:36 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-12-15 20:32 - 2014-12-15 20:48 - 00000000 ____D () C:\AdwCleaner
2014-12-15 20:18 - 2014-12-15 20:18 - 00001205 _____ () C:\Users\Nörpel\Desktop\mbam.txt
2014-12-15 19:47 - 2014-12-15 19:48 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-15 19:46 - 2014-12-15 19:46 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-12-15 19:46 - 2014-12-15 19:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-12-15 19:45 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-15 19:45 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-15 19:45 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-15 19:44 - 2014-12-15 19:46 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-12-15 19:44 - 2014-12-15 19:44 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-15 19:37 - 2014-12-15 19:41 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Nörpel\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-15 19:37 - 2014-12-15 19:37 - 02166272 _____ () C:\Users\Nörpel\Desktop\AdwCleaner_4.105.exe
2014-12-15 19:37 - 2014-12-15 19:37 - 01707646 _____ (Thisisu) C:\Users\Nörpel\Desktop\JRT.exe
2014-12-14 21:47 - 2014-12-14 21:47 - 00032708 _____ () C:\ComboFix.txt
2014-12-14 21:10 - 2014-12-14 21:47 - 00000000 ____D () C:\Qoobox
2014-12-14 21:10 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-12-14 21:10 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-12-14 21:10 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-12-14 21:10 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-12-14 21:10 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-12-14 21:10 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-12-14 21:10 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-12-14 21:10 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-12-14 21:09 - 2014-12-14 21:43 - 00000000 ____D () C:\Windows\erdnt
2014-12-14 21:01 - 2014-12-14 21:02 - 05601641 ____R (Swearware) C:\Users\Nörpel\Desktop\ComboFix.exe
2014-12-14 16:15 - 2014-12-14 16:15 - 01188194 _____ () C:\Users\Nörpel\Downloads\ProcessExplorer.zip
2014-12-14 14:23 - 2014-12-14 14:26 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\Nörpel\Downloads\tdsskiller.exe
2014-12-14 13:57 - 2014-12-14 13:57 - 00174788 _____ () C:\Users\Nörpel\Desktop\gmer.log
2014-12-14 13:39 - 2014-12-14 13:39 - 00380416 _____ () C:\Users\Nörpel\Downloads\Gmer-19357.exe
2014-12-14 13:35 - 2014-12-14 13:35 - 00030699 _____ () C:\Users\Nörpel\Downloads\Addition.txt
2014-12-14 13:33 - 2014-12-15 21:13 - 00025170 _____ () C:\Users\Nörpel\Downloads\FRST.txt
2014-12-14 13:31 - 2014-12-15 21:13 - 00000000 ____D () C:\FRST
2014-12-14 13:30 - 2014-12-14 13:30 - 02119168 _____ (Farbar) C:\Users\Nörpel\Downloads\FRST64.exe
2014-12-14 13:30 - 2014-12-14 13:30 - 00000474 _____ () C:\Users\Nörpel\Desktop\defogger_disable.log
2014-12-14 13:30 - 2014-12-14 13:30 - 00000000 _____ () C:\Users\Nörpel\defogger_reenable
2014-12-14 13:29 - 2014-12-14 13:29 - 00050477 _____ () C:\Users\Nörpel\Downloads\Defogger.exe
2014-12-13 17:50 - 2014-12-15 20:36 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-13 17:49 - 2014-12-13 17:49 - 00000000 ____D () C:\Users\Nörpel\AppData\Roaming\Avira
2014-12-13 17:46 - 2014-12-15 20:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-12-13 17:45 - 2014-12-15 20:35 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-12-13 17:45 - 2014-12-13 17:53 - 00000000 ____D () C:\ProgramData\Avira
2014-12-13 17:45 - 2014-11-24 10:23 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-12-13 17:45 - 2014-11-24 10:23 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-12-13 17:45 - 2014-11-24 10:23 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-12-13 17:40 - 2014-12-13 17:43 - 154051656 _____ () C:\Users\Nörpel\Downloads\avira_free_antivirus468_de.exe
2014-12-13 16:08 - 2014-12-13 16:08 - 00294792 _____ () C:\Windows\Minidump\121314-62618-01.dmp
2014-12-13 13:28 - 2014-12-13 13:28 - 00131072 ___HT () C:\Users\Nörpel\Documents\~backup.pst.tmp
2014-12-13 09:48 - 2014-12-13 10:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-12-13 09:45 - 2014-12-13 09:46 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-12-13 09:37 - 2014-12-13 09:37 - 00000000 ____D () C:\Users\Nörpel\AppData\Local\F-Secure
2014-12-12 20:06 - 2014-12-12 20:07 - 00294696 _____ () C:\Windows\Minidump\121214-23259-01.dmp
2014-12-12 14:57 - 2014-12-12 14:57 - 80455980 _____ () C:\Users\Nörpel\Downloads\Stephen Colbert interviewing Smaug - YouTube.mp4
2014-12-11 18:44 - 2014-12-11 18:44 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-11 14:28 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-11 14:28 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-11 13:54 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-11 13:54 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-11 13:53 - 2014-12-04 03:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-11 13:53 - 2014-12-04 03:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-11 13:53 - 2014-12-04 03:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-11 13:53 - 2014-12-04 03:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-11 13:53 - 2014-12-04 03:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-11 13:53 - 2014-12-04 03:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-11 13:53 - 2014-12-04 03:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-11 13:53 - 2014-12-02 00:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-11 13:50 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-11 13:50 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-11 13:50 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-11 13:50 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-11 13:50 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-11 13:50 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-11 13:50 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-11 13:50 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-11 13:50 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-11 13:50 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-11 13:50 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-11 13:50 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-11 13:50 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-11 13:50 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-11 13:50 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-11 13:50 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-11 13:50 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-11 13:50 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-11 13:50 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-11 13:50 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-11 13:50 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-11 13:49 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-11 13:49 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-11 13:49 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-11 13:49 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-11 13:49 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-11 13:49 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-11 13:49 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-11 13:49 - 2014-11-22 03:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-11 13:49 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-11 13:49 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-11 13:49 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-11 13:49 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-11 13:49 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-11 13:49 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-11 13:49 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-11 13:49 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-11 13:49 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-11 13:49 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-11 13:49 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-11 13:49 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-11 13:49 - 2014-11-22 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-11 13:49 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-11 13:49 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-11 13:49 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-11 13:49 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-11 13:49 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-11 13:49 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-11 13:49 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-11 13:49 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-11 13:49 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-11 13:49 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-11 13:49 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-11 13:49 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-11 13:49 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-11 13:48 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-11 13:41 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-11 13:40 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-11 13:40 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-11 13:40 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-11 13:40 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-11 13:40 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-11 13:40 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-11 13:40 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-11 13:40 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-11 13:40 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-11 13:40 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-11 13:40 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-11 13:39 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-11 13:32 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-11 13:32 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-10 22:24 - 2014-12-10 22:25 - 31821362 _____ () C:\Users\Nörpel\Downloads\the-making-of-nine-kisses 31255_1_great-performers_wg_480p.mp4
2014-12-10 18:51 - 2014-12-10 18:52 - 08378025 _____ () C:\Users\Nörpel\Downloads\This Years Great Actors in 9 Kisses - NYTimescom.mp4
2014-12-09 21:12 - 2014-12-09 21:12 - 03981488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-12-09 19:59 - 2014-12-09 20:10 - 320480110 _____ () C:\Users\Nörpel\Downloads\nomad.zip
2014-12-08 22:07 - 2014-12-08 22:14 - 456103772 _____ () C:\Users\Nörpel\Downloads\wunsch.mkv
2014-12-03 17:22 - 2014-12-03 17:22 - 00001009 _____ () C:\Users\Nörpel\Desktop\VirtualDJ Broadcaster.lnk
2014-12-03 17:22 - 2014-12-03 17:22 - 00000000 ____D () C:\Users\Nörpel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ
2014-12-03 17:14 - 2014-12-03 17:15 - 38225644 _____ () C:\Users\Nörpel\Downloads\install_virtualdj_broadcaster_v7.4.2.msi
2014-12-02 22:19 - 2014-12-02 22:19 - 17154537 _____ () C:\Users\Nörpel\Downloads\The Hobbit The Battle of the Five Armies Benedict Cumberbatch Smaug Behind the Scenes Interview - YouTube.mp4
2014-12-01 21:56 - 2014-12-01 21:56 - 17107593 _____ () C:\Users\Nörpel\Downloads\Richard Armitage Interview #1 - Hobbit The Battle of the Five Armies World Premiere - YouTube.mp4
2014-12-01 21:56 - 2014-12-01 21:56 - 14537117 _____ () C:\Users\Nörpel\Downloads\Tom Hiddleston's interview after winning Best Actor at Evening Standard Theatre Awards 2014 - YouTube.mp4
2014-12-01 21:02 - 2014-12-01 21:13 - 903727347 _____ () C:\Users\Nörpel\Downloads\89. TOM HIDDLESTON 2009 from Shakespeare&#39;s Globe Theatre on Vimeo.mp4
2014-12-01 20:06 - 2014-12-01 20:18 - 903727347 _____ () C:\Users\Nörpel\Downloads\Globe Player  Shakespeares Globe.mp4
2014-12-01 18:08 - 2014-12-01 18:24 - 269778568 _____ () C:\Users\Nörpel\Downloads\Evening Standard Theatre Awards.mp4
2014-11-30 18:27 - 2014-11-30 18:27 - 10144653 _____ () C:\Users\Nörpel\Downloads\Tom Hiddleston- how Shakespeare seeped into my bones – video.mp4
2014-11-28 18:55 - 2014-11-28 18:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mIRC
2014-11-28 18:49 - 2014-11-28 18:49 - 02471776 _____ (mIRC Co. Ltd.) C:\Users\Nörpel\Downloads\mirc738.exe
2014-11-28 17:46 - 2014-11-28 17:46 - 00021358 _____ () C:\Users\Nörpel\Downloads\theme_#40_-_crepuscular.txt
2014-11-27 22:00 - 2014-11-27 22:00 - 00024424 _____ () C:\Users\Nörpel\Downloads\storiesbeforebedtime.htm
2014-11-25 18:38 - 2014-11-25 18:38 - 00076781 _____ () C:\Users\Nörpel\Downloads\pass.pkpass
2014-11-23 17:14 - 2014-11-23 17:15 - 17711760 _____ (Adobe Systems Inc.) C:\Users\Nörpel\Downloads\AdobeAIRInstaller (1).exe
2014-11-22 17:29 - 2014-11-22 17:30 - 08584743 _____ () C:\Users\Nörpel\Downloads\Tom Hiddleston Funny Moments.mp4
2014-11-22 17:28 - 2014-11-22 17:30 - 07571087 _____ () C:\Users\Nörpel\Downloads\Tom Hiddleston and Clark Gregg Interview - Comic Con 2010.mp4
2014-11-22 17:27 - 2014-11-22 17:30 - 32956046 _____ () C:\Users\Nörpel\Downloads\Tom Hiddleston Live Below The Line Day 5.mp4
2014-11-22 17:26 - 2014-11-22 17:27 - 09969377 _____ () C:\Users\Nörpel\Downloads\Coriolanus - Until the end of time.mp4
2014-11-20 21:59 - 2014-11-20 21:59 - 00000000 ____D () C:\Windows\SysWOW64\NV
2014-11-20 21:59 - 2014-11-20 21:59 - 00000000 ____D () C:\Windows\system32\NV
2014-11-19 17:37 - 2014-11-19 17:37 - 00000657 _____ () C:\Windows\fsav_db_setup.log
2014-11-19 17:35 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 17:35 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-19 17:35 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 17:35 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-19 17:34 - 2014-11-19 17:37 - 00070484 _____ () C:\Windows\FSAVINST.LOG
2014-11-19 17:34 - 2014-11-19 17:37 - 00012806 _____ () C:\Windows\FSAVCSIN.LOG
2014-11-19 17:34 - 2014-11-19 17:37 - 00004258 _____ () C:\Windows\fstnbins.LOG
2014-11-19 17:34 - 2014-11-19 17:37 - 00004203 _____ () C:\Windows\FSGKIAIN.log
2014-11-19 17:34 - 2014-11-19 17:37 - 00003969 _____ () C:\Windows\fsavunin.log
2014-11-19 17:34 - 2014-11-19 17:37 - 00001837 _____ () C:\Windows\FSLDIN.LOG
2014-11-19 17:34 - 2014-11-19 17:34 - 00019322 _____ () C:\Windows\fspplugin.log
2014-11-19 17:33 - 2014-11-19 17:37 - 04127734 _____ () C:\Windows\FSISU.log
2014-11-19 17:33 - 2014-11-19 17:37 - 00931286 _____ () C:\Windows\FSSFM.log
2014-11-19 17:33 - 2014-11-19 17:37 - 00816896 _____ () C:\Windows\FSSETUP.log
2014-11-19 17:33 - 2014-11-19 17:37 - 00135798 _____ () C:\Windows\FSPROD.log
2014-11-19 17:33 - 2014-11-19 17:37 - 00090137 _____ () C:\Windows\RunSetup.log
2014-11-19 17:33 - 2014-11-19 17:36 - 00140701 _____ () C:\Windows\FSDEPH.log
2014-11-19 17:17 - 2014-11-19 17:17 - 00001943 _____ () C:\Users\Public\Desktop\F-Secure.lnk
2014-11-19 17:17 - 2014-11-19 17:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\F-Secure

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-15 21:12 - 2013-08-14 07:07 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-15 21:06 - 2009-07-14 05:45 - 00028912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-15 21:06 - 2009-07-14 05:45 - 00028912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-15 20:53 - 2013-08-09 23:17 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-15 20:51 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-15 20:50 - 2014-09-29 09:04 - 00193652 _____ () C:\Windows\PFRO.log
2014-12-15 20:50 - 2014-09-22 16:35 - 00003401 _____ () C:\Windows\setupact.log
2014-12-15 20:49 - 2013-08-09 01:50 - 01792896 _____ () C:\Windows\WindowsUpdate.log
2014-12-15 20:34 - 2013-08-09 23:17 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-15 20:32 - 2011-04-12 08:43 - 00703176 _____ () C:\Windows\system32\perfh007.dat
2014-12-15 20:32 - 2011-04-12 08:43 - 00150784 _____ () C:\Windows\system32\perfc007.dat
2014-12-15 20:31 - 2009-07-14 06:13 - 01629212 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-15 20:18 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Speech
2014-12-15 16:10 - 2013-12-12 09:57 - 00000000 ____D () C:\Users\Nörpel\AppData\Local\882DAF1D-8434-4E53-A1C5-213DF6125504.aplzod
2014-12-15 16:10 - 2013-08-11 07:21 - 00000000 ____D () C:\Users\Nörpel\Documents\Outlook-Dateien
2014-12-15 13:11 - 2013-08-11 13:38 - 00000000 ____D () C:\Users\Nörpel\Documents\fanfic
2014-12-15 12:29 - 2013-12-04 13:35 - 00000713 _____ () C:\Users\Nörpel\Documents\pnpk.txt
2014-12-15 09:39 - 2013-08-10 00:29 - 00000000 ____D () C:\Users\Nörpel\AppData\Local\Adobe
2014-12-14 21:47 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-12-14 21:35 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-12-14 13:30 - 2013-08-09 19:59 - 00000000 ____D () C:\Users\Nörpel
2014-12-13 16:08 - 2014-10-16 17:54 - 706277181 _____ () C:\Windows\MEMORY.DMP
2014-12-13 16:08 - 2014-01-01 21:28 - 00000000 ____D () C:\Windows\Minidump
2014-12-13 15:10 - 2009-07-14 05:45 - 00517744 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-13 10:08 - 2013-08-09 20:04 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-12-13 10:08 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-12-13 09:58 - 2013-08-09 23:17 - 00113296 _____ () C:\Users\Nörpel\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-12 20:51 - 2013-08-09 23:25 - 00000000 ____D () C:\Users\Nörpel\AppData\Roaming\mIRC
2014-12-12 10:29 - 2014-11-04 18:39 - 00000000 ____D () C:\Users\Nörpel\AppData\Local\dtag
2014-12-12 08:32 - 2013-08-09 23:18 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-11 19:16 - 2013-08-12 15:41 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-11 18:45 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-11 18:44 - 2014-05-06 16:59 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-11 18:43 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-11 18:21 - 2013-08-13 08:27 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-11 17:45 - 2013-08-10 00:57 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-09 21:13 - 2013-08-14 07:07 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-09 21:13 - 2013-08-14 07:07 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-09 21:13 - 2013-08-14 07:07 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-08 22:15 - 2013-12-11 18:00 - 00000000 ____D () C:\Users\Nörpel\AppData\Roaming\vlc
2014-12-07 19:14 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-12-05 19:58 - 2013-08-09 20:04 - 00000000 ____D () C:\Users\Nörpel\AppData\Local\Microsoft Help
2014-12-03 17:22 - 2014-08-13 17:54 - 00000000 ____D () C:\Users\Nörpel\Documents\VirtualDJ
2014-12-03 17:22 - 2014-08-13 17:54 - 00000000 ____D () C:\Program Files (x86)\VirtualDJ
2014-12-01 22:04 - 2014-06-27 17:00 - 00001188 _____ () C:\Users\Nörpel\Desktop\Amazon Music.lnk
2014-12-01 21:13 - 2014-09-06 09:53 - 00000000 ____D () C:\ProgramData\VideoDownloaderUltimateWinApp
2014-11-28 18:55 - 2013-08-09 23:25 - 00000951 _____ () C:\Users\Public\Desktop\mIRC.lnk
2014-11-28 18:55 - 2013-08-09 23:25 - 00000000 ____D () C:\Program Files (x86)\mIRC
2014-11-20 21:59 - 2013-08-10 08:07 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-11-19 17:44 - 2014-11-04 18:39 - 00000000 ____D () C:\Users\Nörpel\AppData\Local\mquadr.at
2014-11-19 17:44 - 2013-08-09 21:34 - 00056016 _____ () C:\Windows\system32\Drivers\fsbts.sys
2014-11-19 17:40 - 2013-08-09 21:27 - 00000000 ____D () C:\Program Files (x86)\F-Secure
2014-11-19 17:36 - 2013-08-09 21:33 - 00020499 _____ () C:\Windows\prodsett_copy.ini
2014-11-19 17:24 - 2013-08-09 21:26 - 00000000 ____D () C:\ProgramData\F-Secure
2014-11-16 19:14 - 2013-08-23 13:13 - 00001456 _____ () C:\Users\Nörpel\AppData\Local\Adobe Für Web speichern 12.0 Prefs

Some content of TEMP:
====================
C:\Users\Nörpel\AppData\Local\Temp\avgnt.exe
C:\Users\Nörpel\AppData\Local\Temp\Quarantine.exe
C:\Users\Nörpel\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-07 19:04

==================== End Of Log ============================
         
--- --- ---

Alt 16.12.2014, 18:33   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Win 7 64 bit Programme lassen sich nicht starten, System stürzt ab, nach seltsamem Windows Update - Standard

Win 7 64 bit Programme lassen sich nicht starten, System stürzt ab, nach seltsamem Windows Update




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 17.12.2014, 16:37   #9
laures
 
Win 7 64 bit Programme lassen sich nicht starten, System stürzt ab, nach seltsamem Windows Update - Standard

Win 7 64 bit Programme lassen sich nicht starten, System stürzt ab, nach seltsamem Windows Update



Hallo Schrauber,

viele, viele Probleme, aber das ist eine Story für einen anderen Tag! ^^

Sorry, hat länger gedauert, der ESET war von gestern abend 21:00 bis heute morgen 7:00,als ich aus dem Haus mußte, nicht fertig. Und nach der Deinstallation und dem Versuch, Security Check laufen zu lassen, ist der Rechner erstmal gepflegt verstorben und brauchte ne halbe Stunde, um wieder überhaupt was zu machen.

SECURITY CHECK meldete "unsupported operating system" und weigerte sich, zu kooperieren. Habe trotzdem ein neues FRST gezogen. Wohl bekomm's!

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=f28f25768e2fb54caee410f9ac441489
# engine=21584
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-12-17 01:29:39
# local_time=2014-12-17 02:29:39 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 99 89229 2005579 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 26523979 170452829 0 0
# scanned=773069
# found=1
# cleaned=0
# scan_time=65598
sh=9434866971DD357600C9F2B1E31B7893C3A070F0 ft=1 fh=4f14aeb246e47811 vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Nörpel\Downloads\PDFCreator-1_7_1_setup.exe"
         



FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-12-2014
Ran by Nörpel (administrator) on NIKKI on 17-12-2014 17:32:03
Running from C:\Users\Nörpel\Downloads
Loaded Profiles: Nörpel & UpdatusUser (Available profiles: Nörpel & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Firebird Project) C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\CCF_Reputation\fsorsp.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\fsgk32.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVCM.EXE
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(H+H Software GmbH) C:\Program Files (x86)\Virtual CD v10\System\VC10SecS.exe
(Western Digital) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital ) C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Western Digital ) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE
(Firebird Project) C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\fssm32.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSHDLL64.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(TuneClone.COM) C:\Program Files\TuneClone\TuneClone.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
() C:\Users\Nörpel\AppData\Local\Amazon Music\Amazon Music Helper.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\EnergyCut\EnergyCut.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Western Digital ) C:\Program Files\Western Digital\WD SmartWare\WDLockedFiles.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-03] (Adobe Systems Incorporated)
HKLM\...\Run: [TuneClone] => C:\Program Files\TuneClone\TuneClone.exe [4550656 2012-02-24] (TuneClone.COM)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [8079408 2014-09-12] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [6199128 2014-09-12] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [F-Secure Manager] => C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE [310312 2014-06-24] (F-Secure Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395656 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153992 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\EnergyCut\utilty.exe [1581056 2007-04-27] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [EnergyCut] => C:\Program Files (x86)\Lenovo\EnergyCut\EnergyCut.exe [1167360 2007-03-09] (Lenovo (Beijing) Limited)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [F-Secure Hoster (666)] => C:\Program Files (x86)\F-Secure\fshoster32.exe [187432 2014-07-08] (F-Secure Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-11-24] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3940675302-785021557-2801149589-1000\...\Run: [VideoDownloaderUltimate] => C:\ProgramData\VideoDownloaderUltimateWinApp\VideoDownloaderUltimate.exe [870008 2014-11-08] (Link64 GmbH)
HKU\S-1-5-21-3940675302-785021557-2801149589-1000\...\Run: [Amazon Music] => C:\Users\Nörpel\AppData\Local\Amazon Music\Amazon Music Helper.exe [6277952 2014-11-19] ()
HKU\S-1-5-21-3940675302-785021557-2801149589-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-3940675302-785021557-2801149589-1000\...\RunOnce: [Adobe Speed Launcher] => 1418833415
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [184048 2013-12-26] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [156256 2013-12-26] (NVIDIA Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3940675302-785021557-2801149589-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3940675302-785021557-2801149589-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3940675302-785021557-2801149589-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trojaner-board.de/plagege...n-bekaempfung/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3940675302-785021557-2801149589-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: F-Secure Browsing Protection -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\browser\install\fs_ie_https\fs_ie_https64.dll (F-Secure Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: F-Secure Browsing Protection -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\browser\install\fs_ie_https\fs_ie_https.dll (F-Secure Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Nörpel\AppData\Roaming\Mozilla\Firefox\Profiles\ur5wwrnu.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3940675302-785021557-2801149589-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Nörpel\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll No File
FF Extension: Avira Browser Safety - C:\Users\Nörpel\AppData\Roaming\Mozilla\Firefox\Profiles\ur5wwrnu.default\Extensions\abs@avira.com [2014-12-13]
FF Extension: No Name - C:\Users\Nörpel\AppData\Roaming\Mozilla\Firefox\Profiles\ur5wwrnu.default\Extensions\{3ECB0610-B265-46A4-9BA8-CC4B1B256FAC} [2013-09-13]
FF Extension: Hilfe Assistent - C:\Users\Nörpel\AppData\Roaming\Mozilla\Firefox\Profiles\ur5wwrnu.default\Extensions\{} [2014-11-04]
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-08-17]
FF HKLM-x32\...\Firefox\Extensions: [{6fe60cba-b80c-4394-8128-96b46aa7c821}] - C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\browser\deploy\fs_firefox_https
FF Extension: Browsing Protection - C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\browser\deploy\fs_firefox_https [2014-11-19]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.de/
CHR Profile: C:\Users\Nörpel\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Nörpel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-20]
CHR Extension: (Adblock Plus) - C:\Users\Nörpel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-09-20]
CHR Extension: (Video Downloader professional) - C:\Users\Nörpel\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2014-09-20]
CHR Extension: (XKit) - C:\Users\Nörpel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpfgeeomkfdefkckijiabdbogjkdaecd [2014-10-30]
CHR Extension: (Social Fixer for Facebook) - C:\Users\Nörpel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb [2014-09-20]
CHR Extension: (Browsing Protection by F-Secure) - C:\Users\Nörpel\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmjjnhpacphpjmnnlnccpfmhkcloaade [2014-09-20]
CHR Extension: (Gutscheinaffe) - C:\Users\Nörpel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfoleljfffgljekfndmmfbcmhkgeellb [2014-09-20]
CHR Extension: (Google Wallet) - C:\Users\Nörpel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-20]
CHR Extension: (Tumblr Savior) - C:\Users\Nörpel\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefddkjnflmjbclpnnoegglmmdfkidip [2014-09-20]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [jmjjnhpacphpjmnnlnccpfmhkcloaade] - C:/Program Files (x86)/F-Secure/apps/CCF_Scanning/bin/browser/install/fs_chrome_https/fs_chrome_https.crx [2014-06-25]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-17] (Adobe Systems Incorporated)
R2 AdobeActiveFileMonitor12.0; C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [181152 2013-09-25] (Adobe Systems Incorporated)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
R2 FirebirdGuardianDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe [98304 2010-09-17] (Firebird Project) [File not signed]
R3 FirebirdServerDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe [3735552 2010-09-17] (Firebird Project) [File not signed]
R2 fshoster; C:\Program Files (x86)\F-Secure\fshoster32.exe [187432 2014-07-08] (F-Secure Corporation)
R3 FSMA; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE [216104 2014-06-24] (F-Secure Corporation)
R2 FSORSPClient; C:\Program Files (x86)\F-Secure\apps\CCF_Reputation\fsorsp.exe [60456 2014-06-24] (F-Secure Corporation)
R2 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2079520 2012-05-17] (Microsoft Corp.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] ()
R2 nlsX86cc; C:\Windows\SysWOW64\nlssrv32.exe [66560 2012-02-27] (Nalpeiron Ltd.) [File not signed]
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 VC10SecS; C:\Program Files (x86)\Virtual CD v10\System\VC10SecS.exe [147464 2013-01-08] (H+H Software GmbH)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1157056 2012-09-19] (Western Digital )
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [248248 2012-09-19] (Western Digital)
R2 WDRulesService; C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [1177536 2012-09-19] (Western Digital )
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-11-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-11-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-11-24] (Avira Operations GmbH & Co. KG)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [134696 2012-02-02] (Broadcom Corporation.)
R3 F-Secure Gatekeeper; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [207400 2014-11-19] (F-Secure Corporation)
R1 F-Secure HIPS; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\HIPS\drivers\fshs.sys [71112 2014-11-18] (F-Secure Corporation)
R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [56016 2014-11-19] ()
R3 fsni; C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\fsni64.sys [89640 2014-12-02] (F-Secure Corporation)
R1 fsvista; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [13352 2014-06-24] ()
R3 L1C; C:\Windows\System32\DRIVERS\L1C60x64.sys [99440 2012-03-02] (Qualcomm Atheros Co., Ltd.)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-12-24] (Marvell Semiconductor, Inc.)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation)
R3 SmbDrvIntel; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [27408 2012-03-26] (Synaptics Incorporated)
R0 tclondrv; C:\Windows\System32\DRIVERS\tclondrv.sys [26856 2012-02-24] (TuneClone Software)
R1 vdrv1000; C:\Windows\System32\DRIVERS\vdrv1000.sys [226080 2012-12-06] (H+H Software GmbH)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 HH10Help.sys; \??\C:\Windows\system32\drivers\HH10Help.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-17 17:31 - 2014-12-17 17:31 - 00000000 ____D () C:\Users\Nörpel\Downloads\FRST-OlderVersion
2014-12-17 17:23 - 2014-12-17 17:23 - 00000000 ____D () C:\Users\Nörpel\Documents\TuneClone
2014-12-17 15:15 - 2014-12-17 15:15 - 00300368 _____ () C:\Windows\Minidump\121714-34476-01.dmp
2014-12-16 20:32 - 2014-12-16 20:32 - 00852490 _____ () C:\Users\Nörpel\Desktop\SecurityCheck.exe
2014-12-16 20:11 - 2014-12-16 20:14 - 02347384 _____ (ESET) C:\Users\Nörpel\Downloads\esetsmartinstaller_deu.exe
2014-12-16 15:35 - 2014-12-16 15:36 - 54374278 _____ () C:\Users\Nörpel\Downloads\.mp4
2014-12-16 14:42 - 2014-12-16 14:41 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-12-15 21:09 - 2014-12-15 21:09 - 00000626 _____ () C:\Users\Nörpel\Desktop\JRT.txt
2014-12-15 21:04 - 2014-12-15 21:04 - 00000000 ____D () C:\Windows\ERUNT
2014-12-15 20:54 - 2014-12-15 20:54 - 00002090 _____ () C:\Users\Nörpel\Desktop\AdwCleaner[S0].txt
2014-12-15 20:36 - 2014-12-15 20:36 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-12-15 20:32 - 2014-12-15 20:48 - 00000000 ____D () C:\AdwCleaner
2014-12-15 20:18 - 2014-12-15 20:18 - 00001205 _____ () C:\Users\Nörpel\Desktop\mbam.txt
2014-12-15 19:47 - 2014-12-15 19:48 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-15 19:46 - 2014-12-15 19:46 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-12-15 19:46 - 2014-12-15 19:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-12-15 19:45 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-15 19:45 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-15 19:45 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-15 19:44 - 2014-12-15 19:46 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-12-15 19:44 - 2014-12-15 19:44 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-15 19:37 - 2014-12-15 19:41 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Nörpel\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-15 19:37 - 2014-12-15 19:37 - 02166272 _____ () C:\Users\Nörpel\Desktop\AdwCleaner_4.105.exe
2014-12-15 19:37 - 2014-12-15 19:37 - 01707646 _____ (Thisisu) C:\Users\Nörpel\Desktop\JRT.exe
2014-12-14 21:47 - 2014-12-14 21:47 - 00032708 _____ () C:\ComboFix.txt
2014-12-14 21:10 - 2014-12-14 21:47 - 00000000 ____D () C:\Qoobox
2014-12-14 21:10 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-12-14 21:10 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-12-14 21:10 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-12-14 21:10 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-12-14 21:10 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-12-14 21:10 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-12-14 21:10 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-12-14 21:10 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-12-14 21:09 - 2014-12-14 21:43 - 00000000 ____D () C:\Windows\erdnt
2014-12-14 21:01 - 2014-12-14 21:02 - 05601641 ____R (Swearware) C:\Users\Nörpel\Desktop\ComboFix.exe
2014-12-14 16:15 - 2014-12-14 16:15 - 01188194 _____ () C:\Users\Nörpel\Downloads\ProcessExplorer.zip
2014-12-14 14:23 - 2014-12-14 14:26 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\Nörpel\Downloads\tdsskiller.exe
2014-12-14 13:57 - 2014-12-14 13:57 - 00174788 _____ () C:\Users\Nörpel\Desktop\gmer.log
2014-12-14 13:39 - 2014-12-14 13:39 - 00380416 _____ () C:\Users\Nörpel\Downloads\Gmer-19357.exe
2014-12-14 13:35 - 2014-12-14 13:35 - 00030699 _____ () C:\Users\Nörpel\Downloads\Addition.txt
2014-12-14 13:33 - 2014-12-17 17:32 - 00025706 _____ () C:\Users\Nörpel\Downloads\FRST.txt
2014-12-14 13:31 - 2014-12-17 17:32 - 00000000 ____D () C:\FRST
2014-12-14 13:30 - 2014-12-17 17:31 - 02121216 _____ (Farbar) C:\Users\Nörpel\Downloads\FRST64.exe
2014-12-14 13:30 - 2014-12-14 13:30 - 00000474 _____ () C:\Users\Nörpel\Desktop\defogger_disable.log
2014-12-14 13:30 - 2014-12-14 13:30 - 00000000 _____ () C:\Users\Nörpel\defogger_reenable
2014-12-14 13:29 - 2014-12-14 13:29 - 00050477 _____ () C:\Users\Nörpel\Downloads\Defogger.exe
2014-12-13 17:50 - 2014-12-15 20:36 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-13 17:49 - 2014-12-13 17:49 - 00000000 ____D () C:\Users\Nörpel\AppData\Roaming\Avira
2014-12-13 17:46 - 2014-12-15 20:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-12-13 17:45 - 2014-12-15 20:35 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-12-13 17:45 - 2014-12-13 17:53 - 00000000 ____D () C:\ProgramData\Avira
2014-12-13 17:45 - 2014-11-24 10:23 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-12-13 17:45 - 2014-11-24 10:23 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-12-13 17:45 - 2014-11-24 10:23 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-12-13 17:40 - 2014-12-13 17:43 - 154051656 _____ () C:\Users\Nörpel\Downloads\avira_free_antivirus468_de.exe
2014-12-13 16:08 - 2014-12-13 16:08 - 00294792 _____ () C:\Windows\Minidump\121314-62618-01.dmp
2014-12-13 13:28 - 2014-12-13 13:28 - 00131072 ___HT () C:\Users\Nörpel\Documents\~backup.pst.tmp
2014-12-13 09:48 - 2014-12-13 10:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-12-13 09:45 - 2014-12-13 09:46 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-12-13 09:37 - 2014-12-13 09:37 - 00000000 ____D () C:\Users\Nörpel\AppData\Local\F-Secure
2014-12-12 20:06 - 2014-12-12 20:07 - 00294696 _____ () C:\Windows\Minidump\121214-23259-01.dmp
2014-12-12 14:57 - 2014-12-12 14:57 - 80455980 _____ () C:\Users\Nörpel\Downloads\Stephen Colbert interviewing Smaug - YouTube.mp4
2014-12-11 18:44 - 2014-12-11 18:44 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-11 14:28 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-11 14:28 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-11 13:54 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-11 13:54 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-11 13:53 - 2014-12-04 03:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-11 13:53 - 2014-12-04 03:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-11 13:53 - 2014-12-04 03:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-11 13:53 - 2014-12-04 03:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-11 13:53 - 2014-12-04 03:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-11 13:53 - 2014-12-04 03:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-11 13:53 - 2014-12-04 03:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-11 13:53 - 2014-12-02 00:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-11 13:50 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-11 13:50 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-11 13:50 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-11 13:50 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-11 13:50 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-11 13:50 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-11 13:50 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-11 13:50 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-11 13:50 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-11 13:50 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-11 13:50 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-11 13:50 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-11 13:50 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-11 13:50 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-11 13:50 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-11 13:50 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-11 13:50 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-11 13:50 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-11 13:50 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-11 13:50 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-11 13:50 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-11 13:49 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-11 13:49 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-11 13:49 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-11 13:49 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-11 13:49 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-11 13:49 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-11 13:49 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-11 13:49 - 2014-11-22 03:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-11 13:49 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-11 13:49 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-11 13:49 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-11 13:49 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-11 13:49 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-11 13:49 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-11 13:49 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-11 13:49 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-11 13:49 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-11 13:49 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-11 13:49 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-11 13:49 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-11 13:49 - 2014-11-22 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-11 13:49 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-11 13:49 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-11 13:49 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-11 13:49 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-11 13:49 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-11 13:49 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-11 13:49 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-11 13:49 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-11 13:49 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-11 13:49 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-11 13:49 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-11 13:49 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-11 13:49 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-11 13:48 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-11 13:41 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-11 13:40 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-11 13:40 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-11 13:40 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-11 13:40 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-11 13:40 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-11 13:40 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-11 13:40 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-11 13:40 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-11 13:40 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-11 13:40 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-11 13:40 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-11 13:39 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-11 13:32 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-11 13:32 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-10 22:24 - 2014-12-10 22:25 - 31821362 _____ () C:\Users\Nörpel\Downloads\the-making-of-nine-kisses 31255_1_great-performers_wg_480p.mp4
2014-12-10 18:51 - 2014-12-10 18:52 - 08378025 _____ () C:\Users\Nörpel\Downloads\This Years Great Actors in 9 Kisses - NYTimescom.mp4
2014-12-09 21:12 - 2014-12-09 21:12 - 03981488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-12-09 19:59 - 2014-12-09 20:10 - 320480110 _____ () C:\Users\Nörpel\Downloads\nomad.zip
2014-12-08 22:07 - 2014-12-08 22:14 - 456103772 _____ () C:\Users\Nörpel\Downloads\wunsch.mkv
2014-12-03 17:22 - 2014-12-03 17:22 - 00001009 _____ () C:\Users\Nörpel\Desktop\VirtualDJ Broadcaster.lnk
2014-12-03 17:22 - 2014-12-03 17:22 - 00000000 ____D () C:\Users\Nörpel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ
2014-12-03 17:14 - 2014-12-03 17:15 - 38225644 _____ () C:\Users\Nörpel\Downloads\install_virtualdj_broadcaster_v7.4.2.msi
2014-12-02 22:19 - 2014-12-02 22:19 - 17154537 _____ () C:\Users\Nörpel\Downloads\The Hobbit The Battle of the Five Armies Benedict Cumberbatch Smaug Behind the Scenes Interview - YouTube.mp4
2014-12-01 21:56 - 2014-12-01 21:56 - 17107593 _____ () C:\Users\Nörpel\Downloads\Richard Armitage Interview #1 - Hobbit The Battle of the Five Armies World Premiere - YouTube.mp4
2014-12-01 21:56 - 2014-12-01 21:56 - 14537117 _____ () C:\Users\Nörpel\Downloads\Tom Hiddleston's interview after winning Best Actor at Evening Standard Theatre Awards 2014 - YouTube.mp4
2014-12-01 21:02 - 2014-12-01 21:13 - 903727347 _____ () C:\Users\Nörpel\Downloads\89. TOM HIDDLESTON 2009 from Shakespeare&#39;s Globe Theatre on Vimeo.mp4
2014-12-01 20:06 - 2014-12-01 20:18 - 903727347 _____ () C:\Users\Nörpel\Downloads\Globe Player  Shakespeares Globe.mp4
2014-12-01 18:08 - 2014-12-01 18:24 - 269778568 _____ () C:\Users\Nörpel\Downloads\Evening Standard Theatre Awards.mp4
2014-11-30 18:27 - 2014-11-30 18:27 - 10144653 _____ () C:\Users\Nörpel\Downloads\Tom Hiddleston- how Shakespeare seeped into my bones – video.mp4
2014-11-28 18:55 - 2014-11-28 18:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mIRC
2014-11-28 18:49 - 2014-11-28 18:49 - 02471776 _____ (mIRC Co. Ltd.) C:\Users\Nörpel\Downloads\mirc738.exe
2014-11-28 17:46 - 2014-11-28 17:46 - 00021358 _____ () C:\Users\Nörpel\Downloads\theme_#40_-_crepuscular.txt
2014-11-27 22:00 - 2014-11-27 22:00 - 00024424 _____ () C:\Users\Nörpel\Downloads\storiesbeforebedtime.htm
2014-11-25 18:38 - 2014-11-25 18:38 - 00076781 _____ () C:\Users\Nörpel\Downloads\pass.pkpass
2014-11-23 17:14 - 2014-11-23 17:15 - 17711760 _____ (Adobe Systems Inc.) C:\Users\Nörpel\Downloads\AdobeAIRInstaller (1).exe
2014-11-22 17:29 - 2014-11-22 17:30 - 08584743 _____ () C:\Users\Nörpel\Downloads\Tom Hiddleston Funny Moments.mp4
2014-11-22 17:28 - 2014-11-22 17:30 - 07571087 _____ () C:\Users\Nörpel\Downloads\Tom Hiddleston and Clark Gregg Interview - Comic Con 2010.mp4
2014-11-22 17:27 - 2014-11-22 17:30 - 32956046 _____ () C:\Users\Nörpel\Downloads\Tom Hiddleston Live Below The Line Day 5.mp4
2014-11-22 17:26 - 2014-11-22 17:27 - 09969377 _____ () C:\Users\Nörpel\Downloads\Coriolanus - Until the end of time.mp4
2014-11-20 21:59 - 2014-11-20 21:59 - 00000000 ____D () C:\Windows\SysWOW64\NV
2014-11-20 21:59 - 2014-11-20 21:59 - 00000000 ____D () C:\Windows\system32\NV
2014-11-19 17:37 - 2014-11-19 17:37 - 00000657 _____ () C:\Windows\fsav_db_setup.log
2014-11-19 17:35 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 17:35 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-19 17:35 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 17:35 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-19 17:34 - 2014-11-19 17:37 - 00070484 _____ () C:\Windows\FSAVINST.LOG
2014-11-19 17:34 - 2014-11-19 17:37 - 00012806 _____ () C:\Windows\FSAVCSIN.LOG
2014-11-19 17:34 - 2014-11-19 17:37 - 00004258 _____ () C:\Windows\fstnbins.LOG
2014-11-19 17:34 - 2014-11-19 17:37 - 00004203 _____ () C:\Windows\FSGKIAIN.log
2014-11-19 17:34 - 2014-11-19 17:37 - 00003969 _____ () C:\Windows\fsavunin.log
2014-11-19 17:34 - 2014-11-19 17:37 - 00001837 _____ () C:\Windows\FSLDIN.LOG
2014-11-19 17:34 - 2014-11-19 17:34 - 00019322 _____ () C:\Windows\fspplugin.log
2014-11-19 17:33 - 2014-11-19 17:37 - 04127734 _____ () C:\Windows\FSISU.log
2014-11-19 17:33 - 2014-11-19 17:37 - 00931286 _____ () C:\Windows\FSSFM.log
2014-11-19 17:33 - 2014-11-19 17:37 - 00816896 _____ () C:\Windows\FSSETUP.log
2014-11-19 17:33 - 2014-11-19 17:37 - 00135798 _____ () C:\Windows\FSPROD.log
2014-11-19 17:33 - 2014-11-19 17:37 - 00090137 _____ () C:\Windows\RunSetup.log
2014-11-19 17:33 - 2014-11-19 17:36 - 00140701 _____ () C:\Windows\FSDEPH.log
2014-11-19 17:17 - 2014-11-19 17:17 - 00001943 _____ () C:\Users\Public\Desktop\F-Secure.lnk
2014-11-19 17:17 - 2014-11-19 17:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\F-Secure

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-17 17:23 - 2013-08-09 23:17 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-17 17:12 - 2013-08-14 07:07 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-17 16:35 - 2013-08-09 23:17 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-17 15:30 - 2013-08-09 01:50 - 01828929 _____ () C:\Windows\WindowsUpdate.log
2014-12-17 15:30 - 2009-07-14 05:45 - 00028912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-17 15:30 - 2009-07-14 05:45 - 00028912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-17 15:15 - 2014-09-22 16:35 - 00003513 _____ () C:\Windows\setupact.log
2014-12-17 15:15 - 2014-01-01 21:28 - 00000000 ____D () C:\Windows\Minidump
2014-12-17 15:15 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-17 15:14 - 2014-10-16 17:54 - 709661757 _____ () C:\Windows\MEMORY.DMP
2014-12-17 15:14 - 2014-09-29 09:04 - 00194494 _____ () C:\Windows\PFRO.log
2014-12-16 20:10 - 2011-04-12 08:43 - 00703176 _____ () C:\Windows\system32\perfh007.dat
2014-12-16 20:10 - 2011-04-12 08:43 - 00150784 _____ () C:\Windows\system32\perfc007.dat
2014-12-16 20:10 - 2009-07-14 06:13 - 01629212 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-15 20:20 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Speech
2014-12-15 16:10 - 2013-12-12 09:57 - 00000000 ____D () C:\Users\Nörpel\AppData\Local\882DAF1D-8434-4E53-A1C5-213DF6125504.aplzod
2014-12-15 16:10 - 2013-08-11 07:21 - 00000000 ____D () C:\Users\Nörpel\Documents\Outlook-Dateien
2014-12-15 13:11 - 2013-08-11 13:38 - 00000000 ____D () C:\Users\Nörpel\Documents\fanfic
2014-12-15 12:29 - 2013-12-04 13:35 - 00000713 _____ () C:\Users\Nörpel\Documents\pnpk.txt
2014-12-15 09:39 - 2013-08-10 00:29 - 00000000 ____D () C:\Users\Nörpel\AppData\Local\Adobe
2014-12-14 21:47 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-12-14 21:35 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-12-14 13:30 - 2013-08-09 19:59 - 00000000 ____D () C:\Users\Nörpel
2014-12-13 15:10 - 2009-07-14 05:45 - 00517744 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-13 10:08 - 2013-08-09 20:04 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-12-13 10:08 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-12-13 09:58 - 2013-08-09 23:17 - 00113296 _____ () C:\Users\Nörpel\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-12 20:51 - 2013-08-09 23:25 - 00000000 ____D () C:\Users\Nörpel\AppData\Roaming\mIRC
2014-12-12 10:29 - 2014-11-04 18:39 - 00000000 ____D () C:\Users\Nörpel\AppData\Local\dtag
2014-12-12 08:32 - 2013-08-09 23:18 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-11 19:16 - 2013-08-12 15:41 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-11 18:45 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-11 18:44 - 2014-05-06 16:59 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-11 18:43 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-11 18:21 - 2013-08-13 08:27 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-11 17:45 - 2013-08-10 00:57 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-09 21:13 - 2013-08-14 07:07 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-09 21:13 - 2013-08-14 07:07 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-09 21:13 - 2013-08-14 07:07 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-08 22:15 - 2013-12-11 18:00 - 00000000 ____D () C:\Users\Nörpel\AppData\Roaming\vlc
2014-12-07 19:14 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-12-05 19:58 - 2013-08-09 20:04 - 00000000 ____D () C:\Users\Nörpel\AppData\Local\Microsoft Help
2014-12-03 17:22 - 2014-08-13 17:54 - 00000000 ____D () C:\Users\Nörpel\Documents\VirtualDJ
2014-12-03 17:22 - 2014-08-13 17:54 - 00000000 ____D () C:\Program Files (x86)\VirtualDJ
2014-12-01 22:04 - 2014-06-27 17:00 - 00001188 _____ () C:\Users\Nörpel\Desktop\Amazon Music.lnk
2014-12-01 21:13 - 2014-09-06 09:53 - 00000000 ____D () C:\ProgramData\VideoDownloaderUltimateWinApp
2014-11-28 18:55 - 2013-08-09 23:25 - 00000951 _____ () C:\Users\Public\Desktop\mIRC.lnk
2014-11-28 18:55 - 2013-08-09 23:25 - 00000000 ____D () C:\Program Files (x86)\mIRC
2014-11-20 21:59 - 2013-08-10 08:07 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-11-19 17:44 - 2014-11-04 18:39 - 00000000 ____D () C:\Users\Nörpel\AppData\Local\mquadr.at
2014-11-19 17:44 - 2013-08-09 21:34 - 00056016 _____ () C:\Windows\system32\Drivers\fsbts.sys
2014-11-19 17:40 - 2013-08-09 21:27 - 00000000 ____D () C:\Program Files (x86)\F-Secure
2014-11-19 17:36 - 2013-08-09 21:33 - 00020499 _____ () C:\Windows\prodsett_copy.ini
2014-11-19 17:24 - 2013-08-09 21:26 - 00000000 ____D () C:\ProgramData\F-Secure

Some content of TEMP:
====================
C:\Users\Nörpel\AppData\Local\Temp\avgnt.exe
C:\Users\Nörpel\AppData\Local\Temp\Quarantine.exe
C:\Users\Nörpel\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-07 19:04

==================== End Of Log ============================
         
--- --- ---

Alt 17.12.2014, 20:09   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Win 7 64 bit Programme lassen sich nicht starten, System stürzt ab, nach seltsamem Windows Update - Standard

Win 7 64 bit Programme lassen sich nicht starten, System stürzt ab, nach seltsamem Windows Update



Bestehen aktuell noch Probleme mit dem Rechner?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 18.12.2014, 05:43   #11
laures
 
Win 7 64 bit Programme lassen sich nicht starten, System stürzt ab, nach seltsamem Windows Update - Standard

Win 7 64 bit Programme lassen sich nicht starten, System stürzt ab, nach seltsamem Windows Update



Outlook macht Probleme, will nicht starten, System ist langsam.
Aber ich seh schon eine deutliche Besserung.

Und genau, als ich diesen Post abgeschickt hatte, ist der Rechner wieder komplett abgeraucht.

Alt 18.12.2014, 20:06   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Win 7 64 bit Programme lassen sich nicht starten, System stürzt ab, nach seltsamem Windows Update - Standard

Win 7 64 bit Programme lassen sich nicht starten, System stürzt ab, nach seltsamem Windows Update



Lade Dir bitte Bluescreenview und installiere es:
BlueScreenView - Download - Filepony

Öffnen und den aktuellsten Dump analysieren lassen (macht das Tool automatisch).
Output hier posten.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 18.12.2014, 20:22   #13
laures
 
Win 7 64 bit Programme lassen sich nicht starten, System stürzt ab, nach seltsamem Windows Update - Standard

Win 7 64 bit Programme lassen sich nicht starten, System stürzt ab, nach seltsamem Windows Update



Na, dann ist ja gut, dass er passenderweise grad nochmal abgesemmelt ist.

Code:
ATTFilter
==================================================
Dump File         : 121814-20202-01.dmp
Crash Time        : 18.12.2014 20:44:09
Bug Check String  : KERNEL_DATA_INPAGE_ERROR
Bug Check Code    : 0x0000007a
Parameter 1       : fffff6fc`400159f0
Parameter 2       : ffffffff`c0000185
Parameter 3       : 00000000`1d60fbe0
Parameter 4       : fffff880`02b3e000
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75bc0
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.18526 (win7sp1_gdr.140706-1506)
Processor         : x64
Crash Address     : ntoskrnl.exe+75bc0
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\Windows\Minidump\121814-20202-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 296.616
Dump File Time    : 18.12.2014 20:45:28
==================================================
         

Alt 19.12.2014, 18:45   #14
schrauber
/// the machine
/// TB-Ausbilder
 

Win 7 64 bit Programme lassen sich nicht starten, System stürzt ab, nach seltsamem Windows Update - Standard

Win 7 64 bit Programme lassen sich nicht starten, System stürzt ab, nach seltsamem Windows Update



Zitat:
Bug Check String : KERNEL_DATA_INPAGE_ERROR
Bug Check Code : 0x0000007a
Parameter 1 : fffff6fc`400159f0
Parameter 2 : ffffffff`c0000185
RAM testen.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 19.12.2014, 21:03   #15
laures
 
Win 7 64 bit Programme lassen sich nicht starten, System stürzt ab, nach seltsamem Windows Update - Standard

Win 7 64 bit Programme lassen sich nicht starten, System stürzt ab, nach seltsamem Windows Update



Sir, yes, SIR!

Windows Speichertesttool findet keinen Fehler, zeigt allerdings das Protokoll nicht nochmals an, obwohl es in der Beschreibung drinsteht.
Hab darum MemTest runtergeladen, der aber auch nix findet.

Hast Du nochn Tip?
Bin völlig verzweifelt, hab mich grad selbstständig gemacht und kann mir jetzt eigentlich keinen neuen Laptop für privat leisten, weil ich ein "offizielles" Arbeitsnotebook gekauft hab.

PS: Hab nach Lektüre auf microsoft.com auch mal DirectX überprüft, ist aber auch befundlos.

Antwort

Themen zu Win 7 64 bit Programme lassen sich nicht starten, System stürzt ab, nach seltsamem Windows Update
bluescreen, dvdvideosoft ltd., fehlercode 0x5, fehlercode 0xc0000006, fehlercode windows, festplatte, installation, kernel_data_inpage_error 0x0000007a, probleme, programme, stürzt ab, usb stick, win32/installmonetizer.aq, windows 7 64 bit home, windows update, windows update virus



Ähnliche Themen: Win 7 64 bit Programme lassen sich nicht starten, System stürzt ab, nach seltsamem Windows Update


  1. Programme lassen sich nicht mehr starten
    Plagegeister aller Art und deren Bekämpfung - 17.04.2015 (11)
  2. Nach Installation von DVDstyler kein Internet mehr und Programme lassen sich nicht starten
    Plagegeister aller Art und deren Bekämpfung - 27.01.2015 (13)
  3. Windows 8.1: Nach Vieren befall lassen sich einige Programme nicht Installieren/öffnen
    Alles rund um Windows - 12.09.2014 (22)
  4. Programme lassen sich nicht starten, angebliches Update, Trojaner?
    Log-Analyse und Auswertung - 28.06.2012 (1)
  5. nach gewisser zeit lassen sich programme nicht mehr starten, windows xp...
    Plagegeister aller Art und deren Bekämpfung - 04.02.2012 (1)
  6. Windows Recovery entfernt? Daten fehlen, Programme lassen sich nicht starten
    Log-Analyse und Auswertung - 06.05.2011 (1)
  7. Installierte Programme lassen sich nicht mehr starten
    Plagegeister aller Art und deren Bekämpfung - 19.11.2010 (7)
  8. Defense Center, nach Entfernen lassen sich Programme nicht mehr starten
    Plagegeister aller Art und deren Bekämpfung - 06.09.2010 (7)
  9. MS Office Programme lassen sich nicht mehr starten
    Alles rund um Windows - 31.01.2010 (9)
  10. PC langsam , Programme lassen sich meist nicht starten
    Log-Analyse und Auswertung - 17.11.2008 (0)
  11. Wichtige Programme (eScan, Hijackthis,...) lassen sich nicht starten
    Plagegeister aller Art und deren Bekämpfung - 05.08.2008 (1)
  12. Programme Starten nicht richtig und lassen sich nicht beenden
    Plagegeister aller Art und deren Bekämpfung - 08.09.2007 (1)
  13. Probleme mit dem PC, Programme lassen sich nicht starten
    Log-Analyse und Auswertung - 22.07.2007 (4)
  14. Programme verschwinden / lassen sich nicht mehr starten
    Log-Analyse und Auswertung - 15.06.2007 (1)
  15. Hilfe!!!! Programme lassen sich nicht mehr starten nach registry cleaner!
    Alles rund um Windows - 25.09.2006 (3)
  16. PC "friert" nach kurzer Benutzung ein, Programme lassen sich nicht starten...
    Log-Analyse und Auswertung - 17.08.2006 (3)
  17. Nach kurzen Internetbesuch lassen sich diverse Programme nicht mehr starten
    Plagegeister aller Art und deren Bekämpfung - 28.09.2005 (2)

Zum Thema Win 7 64 bit Programme lassen sich nicht starten, System stürzt ab, nach seltsamem Windows Update - Hallo zusammen, am Freitag gab es ein angebliches Windows Update, Kategorie wichtig, sehr geringe Dateigröße. Seit der Installation habe ich die folgenden Probleme: - es gibt keinen einzigen Systemwiederherstellungspunkt mehr - Win 7 64 bit Programme lassen sich nicht starten, System stürzt ab, nach seltsamem Windows Update...
Archiv
Du betrachtest: Win 7 64 bit Programme lassen sich nicht starten, System stürzt ab, nach seltsamem Windows Update auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.