DHL Mail geöffnet

infra · 05.03.2015, 20:01

Hallo!

Habe gestern ein Fake Mail von DHL bekommen und da ich ein Paket erwarte, hab ich es ohne groß nachzudenken geöffnet. Ich kann aber nicht mehr sagen, ob ich auch die zip datei geöffnet habe. Jedenfalls ist im Firefox Browser eine weiße Seite erschienen.
Habe anschließend AVIRA laufen lassen, welches 12 Schadprogramme gefunden hat, wobei ich nicht sagen kann, ob dort besagte Dateien dabei waren.
Das Mail hab ich sofort gelöscht und alle wichtigen Passwörter (Mail, Facebook, Amazon) geändert.

Bis jetzt ist noch nix anders geworden am PC, bin aber da nicht bewandert (sonst wär ich ja nicht hier im Forum

)

Ich hoffe ihr könnt mir da weiterhelfen -habe schon etwas nachgelesen "Was muss ich vor meinem ersten Thema beachten", weiß aber nicht genau, was ich jetzt tatsächlich am Rechner installieren soll...

Und mich würde auch interessieren, was denn diese Schadsoftware im DHL mail auf meinem PC kaputt macht.

Mein PC ist ein MedionAkoya E6232
Mit Windows 8.1
Prozessor: Intel Core i3-3110M CPU @ 2,40GHz
Installierter RAM: 4,00GB (3,87GB verwendbar)
64-bit-Betriebssystem
falls das wichtig ist.

Danke schon im Voraus!

Lg infra

schrauber · 05.03.2015, 20:02

Hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

infra · 05.03.2015, 20:08

Wow, das geht ja schnell bei euch!

FRST.txt

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-03-2015 01
Ran by Ingrid (administrator) on MEDIONAKOYA on 05-03-2015 20:05:51
Running from C:\Users\Ingrid\Downloads
Loaded Profiles: Ingrid (Available profiles: Ingrid & Engelbert)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\WisLMSvc.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Dropbox, Inc.) C:\Users\Ingrid\AppData\Roaming\Dropbox\bin\Dropbox.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Wistron) C:\Program Files (x86)\Launch Manager\HotkeyApp.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\OSD.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\WButton.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12921488 2012-07-02] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-07-10] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-16] (Synaptics Incorporated)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-20] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [258576 2012-07-30] (CyberLink Corp.)
HKLM-x32\...\Run: [HotkeyApp] => C:\Program Files (x86)\Launch Manager\HotkeyApp.exe [320824 2012-08-16] (Wistron)
HKLM-x32\...\Run: [LMgrVolOSD] => C:\Program Files (x86)\Launch Manager\OSD.exe [348960 2012-08-13] (Wistron Corp.)
HKLM-x32\...\Run: [Wbutton] => C:\Program Files (x86)\Launch Manager\Wbutton.exe [388408 2012-08-13] (Wistron Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1
HKU\S-1-5-21-4156227800-406557986-4036214441-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7416088 2015-02-19] (Piriform Ltd)
HKU\S-1-5-21-4156227800-406557986-4036214441-1001\...\MountPoints2: {3821c64a-aa1d-11e4-bec5-685d43eda18d} - "F:\HTC_Sync_Manager_PC.exe" 
HKU\S-1-5-21-4156227800-406557986-4036214441-1001\...\MountPoints2: {cbc7deca-71b2-11e4-bebb-685d43eda18d} - "G:\HTC_Sync_Manager_PC.exe" 
HKU\S-1-5-21-4156227800-406557986-4036214441-1001\...\MountPoints2: {d8aabef1-250d-11e2-be87-685d43eda18d} - "F:\LaunchU3.exe" -a
HKU\S-1-5-21-4156227800-406557986-4036214441-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Ribbons.scr [130048 2013-08-22] (Microsoft Corporation)
Startup: C:\Users\Ingrid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Ingrid\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ingrid\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ingrid\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ingrid\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ingrid\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ingrid\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ingrid\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ingrid\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-4156227800-406557986-4036214441-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4156227800-406557986-4036214441-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138 10.0.0.138

FireFox:
========
FF ProfilePath: C:\Users\Ingrid\AppData\Roaming\Mozilla\Firefox\Profiles\jqz4t3rt.default
FF Homepage: hxxp://www.google.at/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Ingrid\AppData\Roaming\Mozilla\Firefox\Profiles\jqz4t3rt.default\searchplugins\21839f0c-9d92-4158-870a-dcc44f2f1a49.xml
FF SearchPlugin: C:\Users\Ingrid\AppData\Roaming\Mozilla\Firefox\Profiles\jqz4t3rt.default\searchplugins\6947181e-4383-4852-ba93-2417fd59f471.xml
FF SearchPlugin: C:\Users\Ingrid\AppData\Roaming\Mozilla\Firefox\Profiles\jqz4t3rt.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\Ingrid\AppData\Roaming\Mozilla\Firefox\Profiles\jqz4t3rt.default\searchplugins\google-maps.xml
FF Extension: Download videos and MP3s from YouTube - C:\Users\Ingrid\AppData\Roaming\Mozilla\Firefox\Profiles\jqz4t3rt.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900} [2015-01-02]
FF Extension: YouTube Video and Audio Downloader - C:\Users\Ingrid\AppData\Roaming\Mozilla\Firefox\Profiles\jqz4t3rt.default\Extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi [2014-12-05]
FF Extension: Download YouTube Videos as MP4 - C:\Users\Ingrid\AppData\Roaming\Mozilla\Firefox\Profiles\jqz4t3rt.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2015-01-02]
FF Extension: Adblock Plus - C:\Users\Ingrid\AppData\Roaming\Mozilla\Firefox\Profiles\jqz4t3rt.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-09-03]
FF HKU\S-1-5-21-4156227800-406557986-4036214441-1001\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Ingrid\AppData\Roaming\Mozilla\Firefox\Profiles\jqz4t3rt.default\extensions\cliqz@cliqz.com
FF HKU\S-1-5-21-4156227800-406557986-4036214441-1001\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2015-01-02]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2711736 2015-01-13] (Microsoft Corporation)
R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [70952 2011-04-13] (CyberLink)
R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [312616 2011-04-13] (CyberLink)
R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-07-09] (Intel Corporation) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-20] (Intel Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-07-18] ()
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [386344 2010-08-19] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R3 WisLMSvc; C:\Program Files (x86)\Launch Manager\WisLMSvc.exe [118560 2012-08-13] (Wistron Corp.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2699568 2012-07-18] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 HtcVCom32; C:\Windows\system32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (QUALCOMM Incorporated)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-09-04] (Intel Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-16] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-16] (Synaptics Incorporated)
S3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [48096 2012-08-09] (Windows (R) Win 7 DDK provider)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188384 2012-08-09] (Windows (R) Win 7 DDK provider)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-05 20:05 - 2015-03-05 20:06 - 00018061 _____ () C:\Users\Ingrid\Downloads\FRST.txt
2015-03-05 20:05 - 2015-03-05 20:06 - 00000000 ____D () C:\FRST
2015-03-05 20:05 - 2015-03-05 20:05 - 02092544 _____ (Farbar) C:\Users\Ingrid\Downloads\FRST64.exe
2015-03-04 18:17 - 2015-03-04 18:17 - 00003076 _____ () C:\WINDOWS\System32\Tasks\{8B33741E-6FB7-4F51-AB19-230B701DE64C}
2015-03-03 23:13 - 2015-03-03 23:13 - 00030881 _____ () C:\Users\Ingrid\AppData\Local\recently-used.xbel
2015-03-02 09:07 - 2015-03-04 18:09 - 00001744 _____ () C:\WINDOWS\setupact.log
2015-03-02 09:07 - 2015-03-02 09:07 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-02-26 19:17 - 2015-02-26 19:17 - 00000838 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-02-25 18:52 - 2014-12-13 22:28 - 00513488 _____ () C:\WINDOWS\SysWOW64\locale.nls
2015-02-25 18:52 - 2014-12-13 22:28 - 00513488 _____ () C:\WINDOWS\system32\locale.nls
2015-02-25 18:52 - 2014-10-29 02:27 - 01200128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2015-02-25 18:52 - 2014-10-29 02:27 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2015-02-25 18:52 - 2014-10-29 02:04 - 00868352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2015-02-25 18:52 - 2014-10-29 02:04 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2015-02-24 16:21 - 2015-02-24 17:02 - 00000000 ____D () C:\Users\Ingrid\Desktop\KOPIE Schule
2015-02-21 10:44 - 2014-04-16 00:35 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2015-02-21 10:44 - 2014-04-16 00:34 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2015-02-21 10:14 - 2015-02-21 11:03 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-02-21 10:14 - 2015-02-21 10:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-02-21 10:14 - 2015-02-21 10:14 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-21 10:14 - 2015-02-21 10:14 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-02-21 10:14 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-02-21 10:14 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-02-21 10:14 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-02-21 10:06 - 2015-02-21 10:09 - 00000000 ____D () C:\AdwCleaner
2015-02-19 23:07 - 2015-02-19 23:07 - 00055594 _____ () C:\Users\Ingrid\Downloads\Anhänge_2015219.zip
2015-02-17 11:53 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-02-17 11:53 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-02-14 14:07 - 2015-02-04 00:38 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-02-14 14:07 - 2015-02-04 00:08 - 00761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-02-14 14:07 - 2015-02-04 00:08 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-02-14 14:07 - 2015-02-03 00:11 - 01098752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-02-14 14:07 - 2015-02-03 00:11 - 00894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-02-14 14:07 - 2015-02-03 00:11 - 00609280 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-02-14 14:07 - 2015-01-19 19:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-02-14 14:07 - 2014-12-19 09:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-02-14 14:07 - 2014-12-19 09:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-02-14 14:07 - 2014-12-09 00:12 - 00391526 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-02-14 13:16 - 2015-01-15 23:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-02-14 13:16 - 2015-01-15 23:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-02-14 13:16 - 2015-01-14 05:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-02-14 13:16 - 2015-01-14 04:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-02-14 13:16 - 2014-10-29 03:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2015-02-14 13:16 - 2014-10-29 03:50 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2015-02-14 13:16 - 2014-10-29 03:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2015-02-14 13:16 - 2014-10-29 03:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2015-02-14 13:16 - 2014-10-29 02:31 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-02-14 13:15 - 2015-01-13 23:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-02-14 13:15 - 2015-01-13 23:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-02-14 13:15 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-02-14 13:15 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-02-14 13:15 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-02-14 13:15 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-02-14 13:15 - 2015-01-12 03:34 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-02-14 13:15 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-02-14 13:15 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-02-14 13:15 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-02-14 13:15 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-02-14 13:15 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-02-14 13:15 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-02-14 13:15 - 2015-01-12 02:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-02-14 13:15 - 2015-01-12 02:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-02-14 13:15 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-02-14 13:15 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-02-14 13:15 - 2015-01-12 02:48 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-02-14 13:15 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-02-14 13:15 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-02-14 13:15 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-02-14 13:15 - 2015-01-12 02:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-02-14 13:15 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-02-14 13:15 - 2015-01-12 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-02-14 13:15 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-02-14 13:15 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-02-14 13:15 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-02-14 13:15 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-02-14 13:15 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-02-14 13:15 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-02-14 13:15 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-02-14 13:15 - 2015-01-10 10:10 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-02-14 13:15 - 2015-01-10 10:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-02-14 13:15 - 2015-01-10 09:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-02-14 13:15 - 2015-01-10 08:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-02-14 13:15 - 2015-01-10 07:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-02-14 13:15 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-02-14 13:15 - 2014-12-09 02:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-02-14 13:15 - 2014-10-29 03:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-02-14 13:15 - 2014-10-29 03:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-02-14 13:15 - 2014-10-29 02:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-02-14 13:15 - 2014-10-29 02:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-02-14 13:15 - 2014-10-29 02:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2015-02-14 13:15 - 2014-10-29 02:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2015-02-14 13:15 - 2014-10-29 02:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2015-02-14 13:15 - 2014-10-29 02:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2015-02-14 13:14 - 2015-01-12 02:58 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-02-14 13:14 - 2015-01-12 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-02-14 13:14 - 2015-01-12 02:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-02-14 13:14 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-02-14 13:14 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-02-14 13:14 - 2015-01-10 09:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-02-10 09:15 - 2015-02-10 09:20 - 00000000 ____D () C:\Users\Ingrid\Desktop\JMLA 2015
2015-02-07 15:37 - 2015-02-07 15:37 - 00000000 ____D () C:\Users\Ingrid\AppData\Roaming\inkscape
2015-02-07 15:33 - 2015-02-07 15:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inkscape 0.91
2015-02-07 15:33 - 2015-02-07 15:34 - 00000000 ____D () C:\Program Files\Inkscape
2015-02-05 08:50 - 2015-02-05 08:50 - 00534401 _____ () C:\Users\Ingrid\Desktop\LK-D_ngerrechner_20150202_CC.xlsx
2015-02-04 19:53 - 2015-02-04 19:54 - 13672916 _____ () C:\Users\Ingrid\Downloads\WD0267.wmv
2015-02-04 19:25 - 2015-02-04 19:25 - 00000000 ____D () C:\WINDOWS\fr
2015-02-04 19:25 - 2015-02-04 19:25 - 00000000 ____D () C:\WINDOWS\en
2015-02-04 19:25 - 2015-02-04 19:25 - 00000000 ____D () C:\WINDOWS\de
2015-02-04 19:25 - 2015-02-04 19:25 - 00000000 ____D () C:\WINDOWS\da
2015-02-04 19:24 - 2015-02-04 19:24 - 00001325 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2015-02-04 19:24 - 2015-02-04 19:24 - 00000000 ____D () C:\WINDOWS\sl
2015-02-04 19:24 - 2015-02-04 19:24 - 00000000 ____D () C:\WINDOWS\nl
2015-02-04 19:24 - 2015-02-04 19:24 - 00000000 ____D () C:\WINDOWS\it
2015-02-04 19:24 - 2015-02-04 19:24 - 00000000 ____D () C:\WINDOWS\hu
2015-02-04 19:22 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_7.dll
2015-02-04 19:22 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_7.dll
2015-02-04 19:22 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_5.dll
2015-02-04 19:22 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_5.dll
2015-02-04 19:22 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_43.dll
2015-02-04 19:22 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_43.dll
2015-02-04 19:22 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_43.dll
2015-02-04 19:22 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_43.dll
2015-02-04 19:22 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_42.dll
2015-02-04 19:22 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_42.dll
2015-02-04 19:22 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_32.dll
2015-02-04 19:22 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_32.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-05 20:05 - 2014-08-28 14:53 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-03-05 20:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-03-05 19:26 - 2015-01-23 20:08 - 01349679 _____ () C:\WINDOWS\WindowsUpdate.log
2015-03-05 19:12 - 2014-12-05 18:11 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4156227800-406557986-4036214441-1001
2015-03-05 19:07 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-03-05 19:00 - 2014-09-10 10:21 - 00003946 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{09D0AB75-F41B-4916-8A4E-6B470C25F5F9}
2015-03-05 18:58 - 2014-09-02 10:13 - 00000000 ____D () C:\Users\Ingrid\AppData\Roaming\Dropbox
2015-03-05 18:58 - 2014-08-28 19:33 - 00000000 __RDO () C:\Users\Ingrid\OneDrive
2015-03-05 18:58 - 2013-08-20 10:27 - 00000000 ___RD () C:\Users\Ingrid\Dropbox
2015-03-05 18:58 - 2012-10-31 15:58 - 00000000 ____D () C:\Users\Ingrid\Documents\Youcam
2015-03-05 10:37 - 2014-03-18 11:03 - 01780340 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-03-05 10:37 - 2014-03-18 10:25 - 00766620 _____ () C:\WINDOWS\system32\perfh007.dat
2015-03-05 10:37 - 2014-03-18 10:25 - 00159902 _____ () C:\WINDOWS\system32\perfc007.dat
2015-03-05 10:36 - 2014-01-01 17:05 - 00000000 ____D () C:\Users\Ingrid\Desktop\Druck
2015-03-04 18:30 - 2015-01-26 10:15 - 00005150 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for MEDIONAKOYA-Ingrid MedionAkoya
2015-03-03 23:13 - 2014-12-05 20:25 - 00000000 ____D () C:\Users\Ingrid\.gimp-2.8
2015-03-03 19:52 - 2014-08-26 20:19 - 00000000 ____D () C:\Users\Ingrid\AppData\Local\Packages
2015-03-03 19:00 - 2015-01-24 14:35 - 00000000 ____D () C:\Users\Ingrid\AppData\Local\gtk-2.0
2015-03-03 14:17 - 2014-09-02 20:30 - 00295552 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-03-02 09:07 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-02 09:06 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-28 15:40 - 2012-11-03 14:16 - 00000000 ____D () C:\Users\Ingrid\Desktop\Musikkapelle
2015-02-27 16:14 - 2014-08-28 20:35 - 00000072 _____ () C:\Users\Public\LMDebug.log
2015-02-27 15:56 - 2013-11-06 14:04 - 00000000 ____D () C:\Users\Ingrid\Desktop\Betrieb
2015-02-26 20:50 - 2014-10-24 16:55 - 00000000 ____D () C:\Users\Ingrid\Desktop\Ideensammlung
2015-02-26 19:17 - 2014-12-05 17:53 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-26 08:47 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-25 15:43 - 2013-07-10 09:01 - 00000000 ____D () C:\Users\Ingrid\Desktop\Fotos ordnen
2015-02-25 07:38 - 2014-08-28 18:56 - 00000000 ____D () C:\Users\Ingrid
2015-02-24 13:14 - 2014-08-28 19:34 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-02-21 21:55 - 2014-12-01 14:02 - 00000000 ____D () C:\Temp
2015-02-21 11:50 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-02-21 09:14 - 2014-11-16 16:29 - 00000000 ____D () C:\Users\Ingrid\Documents\Outlook-Dateien
2015-02-17 11:41 - 2013-08-22 15:44 - 00518504 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-17 11:39 - 2014-08-28 14:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-16 20:37 - 2013-08-04 10:16 - 00000000 ____D () C:\Users\Ingrid\Desktop\LAMBACH
2015-02-16 20:36 - 2015-02-01 17:13 - 00000000 ____D () C:\Users\Ingrid\AppData\Local\Windows Live
2015-02-15 11:01 - 2014-08-27 21:56 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-15 10:56 - 2014-08-27 21:56 - 116773704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-02-15 10:55 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-02-15 10:53 - 2014-12-17 10:57 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-02-15 10:53 - 2014-08-28 11:04 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-02-14 13:08 - 2014-09-02 10:17 - 00001036 _____ () C:\Users\Ingrid\Desktop\Dropbox.lnk
2015-02-14 13:08 - 2014-09-02 10:15 - 00000000 ____D () C:\Users\Ingrid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-05 09:03 - 2014-09-03 11:00 - 00000000 ____D () C:\Users\Ingrid\AppData\Local\Microsoft Help
2015-02-04 20:05 - 2014-08-28 14:53 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-02-04 19:23 - 2012-08-14 06:31 - 00001394 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2015-02-04 19:23 - 2012-08-14 06:31 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2015-02-03 20:31 - 2013-08-22 16:38 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-02-03 20:31 - 2013-08-22 16:38 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2015-03-03 23:13 - 2015-03-03 23:13 - 0030881 _____ () C:\Users\Ingrid\AppData\Local\recently-used.xbel
2012-08-14 08:16 - 2012-08-14 08:16 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\Ingrid\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpudrezf.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-03 19:45

==================== End Of Log ============================

--- --- ---

Addition

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-03-2015 01
Ran by Ingrid at 2015-03-05 20:07:13
Running from C:\Users\Ingrid\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.3124 - CyberLink Corp.)
CyberLink PhotoNow (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.7717 - CyberLink Corp.)
CyberLink PowerDirector (Version: 9.0.0.3815c - CyberLink Corp.) Hidden
CyberLink PowerRecover (HKLM-x32\...\InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.7.0.0814 - CyberLink Corp.)
CyberLink PowerRecover (Version: 5.7.0.0814 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-4156227800-406557986-4036214441-1001\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
FORTE 5 - Free Edition (HKLM-x32\...\FORTE 5 Free) (Version: 5 - FORTE)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Fotogalerija (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Fotótár (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Free YouTube to MP3 Converter version 3.12.50.1111 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.50.1111 - DVDVideoSoft Ltd.)
Galerie de photos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
HappyFoto-Designer 5.2 (HKLM-x32\...\HappyFoto-Designer_is1) (Version:  - )
Inkscape 0.91 (HKLM\...\{81922150-317E-4BB0-A31D-FF1C14F707C5}) (Version: 0.91 - inkscape.org)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (HKLM\...\{89478C31-5CE8-461A-9084-9A0AF059F84F}) (Version: 15.5.0.0344 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{7854AA22-A2F0-4F29-A2E9-D0C5A2B685E7}) (Version: 2.5.0.0248 - Motorola Solutions, Inc)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{EDBA2433-0910-4C72-8C5B-8FEDAE3EF18E}) (Version: 3.5.34.0 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{99FDAE3B-6905-45A6-8F73-595363AAD3D1}) (Version: 15.05.1000.1411 - Intel Corporation)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Launch Manager (HKLM-x32\...\{D0846526-66DD-4DC9-A02C-98F9A2806812}) (Version: 1.5.1.8 - Wistron Corp.)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Medion Home Cinema 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
Medion Home Cinema 10 (x32 Version: 10.1924 - CyberLink Corp.) Hidden
Microsoft Office Professional Plus 2013 - de-de (HKLM\...\ProPlusRetail - de-de) (Version: 15.0.4693.1002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{4fd02573-5f12-4ae4-8027-c63f8e1115af}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
PhotoFiltre 7 (HKU\S-1-5-21-4156227800-406557986-4036214441-1001\...\PhotoFiltre 7) (Version:  - )
Raccolta foto (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6680 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.30136 - Realtek Semiconductor Corp.)
Sweet Home 3D version 4.5 (HKLM\...\Sweet Home 3D_is1) (Version:  - eTeks)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.5 - Synaptics Incorporated)
Tinypic 3.18 (HKLM-x32\...\{E3723A04-A894-4036-A78E-282E18F43C0A}_is1) (Version: Tinypic 3.18 - E. Fiedler)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4156227800-406557986-4036214441-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Ingrid\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4156227800-406557986-4036214441-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-4156227800-406557986-4036214441-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Ingrid\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4156227800-406557986-4036214441-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ingrid\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4156227800-406557986-4036214441-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ingrid\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4156227800-406557986-4036214441-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ingrid\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4156227800-406557986-4036214441-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ingrid\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4156227800-406557986-4036214441-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ingrid\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4156227800-406557986-4036214441-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ingrid\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4156227800-406557986-4036214441-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ingrid\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4156227800-406557986-4036214441-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ingrid\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points  =========================

14-02-2015 13:39:48 Windows Update
21-02-2015 10:43:28 Windows Update
26-02-2015 08:46:31 Windows Update
04-03-2015 23:11:03 Avira DE-Cleaner - 04.03.2015 23:11

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {09492DC1-8637-4663-980B-87FE9DA5AC12} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-12-30] (Microsoft Corporation)
Task: {263A1B03-1914-4553-80DD-2B710CFFA9C8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {439E049E-8BD5-45E9-8765-0A9FE27D486D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-01-06] (Microsoft Corporation)
Task: {4AA6AD71-5F5D-46F6-80CC-607D20814022} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)
Task: {4DEACA03-F6FF-46B1-B064-15E1156ACFDF} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-16] (Synaptics Incorporated)
Task: {833EC72E-1879-486B-89F4-056A851B68DA} - System32\Tasks\{8B33741E-6FB7-4F51-AB19-230B701DE64C} => pcalua.exe -a F:\avira_free_antivirus_de.exe -d F:\
Task: {8D441A50-57EF-4261-A665-CAE3EFF812DA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-02-19] (Piriform Ltd)
Task: {9FB1EF0C-B210-4DDF-ACA4-9ACC562561F9} - System32\Tasks\Microsoft Office 15 Sync Maintenance for MEDIONAKOYA-Ingrid MedionAkoya => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-01-06] (Microsoft Corporation)
Task: {C1806E7E-F5DE-4B23-9B0F-4581B5870E0A} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-12-30] (Microsoft Corporation)
Task: {CE5D3994-A0F7-4572-BD24-26A3F029E832} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-01-06] (Microsoft Corporation)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Loaded Modules (whitelisted) ==============

2011-06-21 06:42 - 2011-06-21 06:42 - 00034304 _____ () C:\WINDOWS\System32\sst3cl6.dll
2014-09-02 10:18 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-10-17 15:27 - 2013-10-17 15:27 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2012-08-14 07:15 - 2010-08-19 10:43 - 00386344 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2015-02-19 22:40 - 2015-02-19 22:40 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2015-02-21 16:56 - 2015-02-21 16:56 - 00016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\65ab5ad0d4eb2393fbe01f49897af024\PSIClient.ni.dll
2012-08-14 07:45 - 2012-06-25 18:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00750080 _____ () C:\Users\Ingrid\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-05 18:58 - 2015-03-05 18:58 - 00043008 _____ () c:\users\ingrid\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpudrezf.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00047616 _____ () C:\Users\Ingrid\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00865280 _____ () C:\Users\Ingrid\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00200704 _____ () C:\Users\Ingrid\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2012-08-14 07:13 - 2012-06-08 04:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 10:34 - 2012-06-08 10:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2015-01-28 07:32 - 2015-01-28 07:33 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Engelbert\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Ingrid\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Ingrid\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Ingrid\SkyDrive.old:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4156227800-406557986-4036214441-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Ingrid\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\ryeatsunset.jpg
DNS Servers: 10.0.0.138

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-4156227800-406557986-4036214441-500 - Administrator - Disabled)
Engelbert (S-1-5-21-4156227800-406557986-4036214441-1004 - Limited - Enabled) => C:\Users\Engelbert
Gast (S-1-5-21-4156227800-406557986-4036214441-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4156227800-406557986-4036214441-1006 - Limited - Enabled)
Ingrid (S-1-5-21-4156227800-406557986-4036214441-1001 - Administrator - Enabled) => C:\Users\Ingrid

==================== Faulty Device Manager Devices =============

Name: USB-IF xHCI USB Host Controller
Description: USB-IF xHCI USB Host Controller
Class Guid: {8a2edc79-c759-46f2-88af-9d4efe3b5eee}
Manufacturer: Intel Corporation
Service: XHCIPort
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (03/04/2015 09:06:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20689 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1b70

Startzeit: 01d056b5f3388ca3

Endzeit: 4294967295

Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Berichts-ID: e72766e1-c2a9-11e4-becc-685d43eda18d

Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1

Error: (03/04/2015 08:39:53 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20689 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: c84

Startzeit: 01d056b2442e37b6

Endzeit: 4294967295

Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Berichts-ID: 381f1c16-c2a6-11e4-becc-685d43eda18d

Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1

Error: (03/04/2015 07:01:33 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20689 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 10e4

Startzeit: 01d056a317233561

Endzeit: 4294967295

Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Berichts-ID: 0b4dce92-c297-11e4-becc-685d43eda18d

Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1

Error: (03/04/2015 06:09:50 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (03/04/2015 03:31:06 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MEDIONAKOYA)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (03/04/2015 11:38:35 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (03/04/2015 10:37:53 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MEDIONAKOYA)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail“ ist folgender Fehler aufgetreten: -2147220995. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (03/03/2015 09:02:28 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1". Fehler in Manifest- oder Richtliniendatei "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" in Zeile  UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition: UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (03/03/2015 07:46:58 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1". Fehler in Manifest- oder Richtliniendatei "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" in Zeile  UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition: UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (03/02/2015 09:24:33 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005


System errors:
=============
Error: (03/05/2015 00:56:00 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (03/04/2015 06:14:10 PM) (Source: disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk1\DR7.

Error: (03/04/2015 06:14:10 PM) (Source: disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk1\DR7.

Error: (03/04/2015 06:14:10 PM) (Source: disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk1\DR7.

Error: (03/04/2015 06:14:10 PM) (Source: disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk1\DR7.

Error: (03/04/2015 06:14:10 PM) (Source: disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk1\DR7.

Error: (03/04/2015 06:14:10 PM) (Source: disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk1\DR7.

Error: (03/04/2015 06:14:10 PM) (Source: disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk1\DR7.

Error: (03/04/2015 06:14:10 PM) (Source: disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk1\DR7.

Error: (03/04/2015 06:14:10 PM) (Source: disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk1\DR7.


Microsoft Office Sessions:
=========================
Error: (03/04/2015 09:06:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.206891b7001d056b5f3388ca34294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exee72766e1-c2a9-11e4-becc-685d43eda18dmicrosoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (03/04/2015 08:39:53 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20689c8401d056b2442e37b64294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe381f1c16-c2a6-11e4-becc-685d43eda18dmicrosoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (03/04/2015 07:01:33 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.2068910e401d056a3172335614294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe0b4dce92-c297-11e4-becc-685d43eda18dmicrosoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (03/04/2015 06:09:50 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestF:\esetsmartinstaller_enu.exe

Error: (03/04/2015 03:31:06 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MEDIONAKOYA)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927141

Error: (03/04/2015 11:38:35 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (03/04/2015 10:37:53 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MEDIONAKOYA)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2147220995

Error: (03/03/2015 09:02:28 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files\Microsoft Office 15\root\office15\lync.exe.ManifestC:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL1

Error: (03/03/2015 07:46:58 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files\Microsoft Office 15\root\office15\lync.exe.ManifestC:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL1

Error: (03/02/2015 09:24:33 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005


CodeIntegrity Errors:
===================================
  Date: 2015-03-04 18:35:13.169
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-03-04 18:35:13.028
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-03-04 18:35:12.841
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-03-04 18:35:12.716
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-03-04 18:35:12.497
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-03-04 18:35:12.372
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-03-04 18:35:12.200
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-03-04 18:35:12.075
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-03-04 18:35:11.825
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-03-04 18:35:11.184
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i3-3110M CPU @ 2.40GHz
Percentage of memory in use: 61%
Total physical RAM: 3961.8 MB
Available physical RAM: 1531.31 MB
Total Pagefile: 5881.8 MB
Available Pagefile: 2877.49 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:869.21 GB) (Free:662.5 GB) NTFS
Drive d: (Recover) (Fixed) (Total:60 GB) (Free:43.3 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================

schrauber · 06.03.2015, 10:49

hi,

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

infra · 06.03.2015, 11:54

Mbar log

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2015.03.06.02
  rootkit: v2015.02.25.01

Windows 8.1 x64 NTFS
Internet Explorer 11.0.9600.17631
Ingrid :: MEDIONAKOYA [administrator]

06.03.2015 11:27:43
mbar-log-2015-03-06 (11-27-43).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 469303
Time elapsed: 23 minute(s), 12 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

Kaspersky log

Code:

ATTFilter

11:52:44.0722 0x1720  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
11:52:44.0722 0x1720  UEFI system
11:52:47.0613 0x1720  ============================================================
11:52:47.0613 0x1720  Current date / time: 2015/03/06 11:52:47.0613
11:52:47.0613 0x1720  SystemInfo:
11:52:47.0613 0x1720  
11:52:47.0613 0x1720  OS Version: 6.3.9600 ServicePack: 0.0
11:52:47.0613 0x1720  Product type: Workstation
11:52:47.0613 0x1720  ComputerName: MEDIONAKOYA
11:52:47.0613 0x1720  UserName: Ingrid
11:52:47.0613 0x1720  Windows directory: C:\WINDOWS
11:52:47.0613 0x1720  System windows directory: C:\WINDOWS
11:52:47.0613 0x1720  Running under WOW64
11:52:47.0613 0x1720  Processor architecture: Intel x64
11:52:47.0613 0x1720  Number of processors: 4
11:52:47.0613 0x1720  Page size: 0x1000
11:52:47.0613 0x1720  Boot type: Normal boot
11:52:47.0613 0x1720  ============================================================
11:52:49.0848 0x1720  KLMD registered as C:\WINDOWS\system32\drivers\58695329.sys
11:52:52.0348 0x1720  System UUID: {7124E041-2113-76C6-B8F1-7D2B3492A48A}
11:52:53.0770 0x1720  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:52:53.0785 0x1720  ============================================================
11:52:53.0785 0x1720  \Device\Harddisk0\DR0:
11:52:53.0785 0x1720  GPT partitions:
11:52:53.0785 0x1720  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {A2B807A5-FA66-4934-A490-E130D29DD428}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0x96000
11:52:53.0785 0x1720  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {1DF6D85E-3EB9-439C-AE15-8A8F18A6057F}, Name: EFI system partition, StartLBA 0x96800, BlocksNum 0x32000
11:52:53.0785 0x1720  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {966B66C2-42DA-4517-9ACC-C0971FCF0A4D}, Name: Microsoft reserved partition, StartLBA 0xC8800, BlocksNum 0x40000
11:52:53.0785 0x1720  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {873B4143-88D5-4854-82DC-A39D90BB1BFB}, Name: Basic data partition, StartLBA 0x108800, BlocksNum 0x6CA6D800
11:52:53.0785 0x1720  \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {3ACA333B-3240-4F5A-9982-F990307DC57F}, Name: , StartLBA 0x6CB76000, BlocksNum 0xE1000
11:52:53.0785 0x1720  \Device\Harddisk0\DR0\Partition6: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {752669CE-4A79-4766-A4F6-03A4AB0D4982}, Name: , StartLBA 0x6CC57000, BlocksNum 0xAF000
11:52:53.0785 0x1720  \Device\Harddisk0\DR0\Partition7: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {FAD4E572-F682-4EDA-821E-177761F5F106}, Name: Basic data partition, StartLBA 0x6CD06000, BlocksNum 0x7800000
11:52:53.0785 0x1720  \Device\Harddisk0\DR0\Partition8: GPT, TypeGUID: {8D7F0CC6-879E-47F6-A767-0ED8FD3B0659}, UniqueGUID: {E15EFC0C-8D0C-4788-A0B1-3F6C346F05D9}, Name: Basic data partition, StartLBA 0x74506000, BlocksNum 0x200800
11:52:53.0785 0x1720  MBR partitions:
11:52:53.0785 0x1720  ============================================================
11:52:53.0801 0x1720  C: <-> \Device\Harddisk0\DR0\Partition4
11:52:53.0895 0x1720  D: <-> \Device\Harddisk0\DR0\Partition7
11:52:53.0895 0x1720  ============================================================
11:52:53.0895 0x1720  Initialize success
11:52:53.0895 0x1720  ============================================================
11:53:09.0614 0x1a60  ============================================================
11:53:09.0614 0x1a60  Scan started
11:53:09.0614 0x1a60  Mode: Manual; SigCheck; TDLFS; 
11:53:09.0614 0x1a60  ============================================================
11:53:09.0614 0x1a60  KSN ping started
11:53:12.0020 0x1a60  KSN ping finished: true
11:53:13.0145 0x1a60  ================ Scan system memory ========================
11:53:13.0145 0x1a60  System memory - ok
11:53:13.0145 0x1a60  ================ Scan services =============================
11:53:13.0364 0x1a60  [ E1832BD9FD7E0FC2DC9FA5935DE3E8C1, 41FF7418887AFC8B9C96EF21C5950DD342CC9E3C0D87AFD60A05B988C1D6CC23 ] 1394ohci        C:\WINDOWS\System32\drivers\1394ohci.sys
11:53:13.0505 0x1a60  1394ohci - ok
11:53:13.0536 0x1a60  [ AD508A1A46EC21B740AB31C28EFDFDB1, 9B1046CF0B80723149BD359B55CC0B8B3ABBEAA9038469F542A4C345C503FB02 ] 3ware           C:\WINDOWS\system32\drivers\3ware.sys
11:53:13.0536 0x1a60  3ware - ok
11:53:13.0583 0x1a60  [ 9539F7917B4B6D92C90F0FAA6B86C605, B4C284E8EECC2E7025053A3320EFDC9F47BCA9828853AD2A805DB826CA4AC27E ] ACPI            C:\WINDOWS\system32\drivers\ACPI.sys
11:53:13.0614 0x1a60  ACPI - ok
11:53:13.0630 0x1a60  [ AC8279D229398BCF05C3154ADCA86813, 083E86CBE53244D24C334DB1511C77025133AE7875191845764B890A8CA5AFA9 ] acpiex          C:\WINDOWS\system32\Drivers\acpiex.sys
11:53:13.0646 0x1a60  acpiex - ok
11:53:13.0661 0x1a60  [ A8970D9BF23CD309E0403978A1B58F3F, 9946C8477104EEC7DB197E2222F9905307F101C398CCED4B5FD0F86A5622C791 ] acpipagr        C:\WINDOWS\System32\drivers\acpipagr.sys
11:53:13.0692 0x1a60  acpipagr - ok
11:53:13.0724 0x1a60  [ 111A89C99C5B4F1A7BCE5F643DD86F65, 41A2E49FF443927D05F7EF638518108227852984E68D4663C8761178C0B84A45 ] AcpiPmi         C:\WINDOWS\System32\drivers\acpipmi.sys
11:53:13.0786 0x1a60  AcpiPmi - ok
11:53:13.0802 0x1a60  [ 5758387D68A20AE7D3245011B07E36E7, 77832E200E8B0D259552F6F60FE454A887E3EBBB9EA2F3590E6645289A04E293 ] acpitime        C:\WINDOWS\System32\drivers\acpitime.sys
11:53:13.0817 0x1a60  acpitime - ok
11:53:13.0911 0x1a60  [ FC5B75CA6A1DA31EDD4F8D53F5540B98, CDC445F2790ADFC4C5568C40D4DA8BB95CD71991665B38AEC3D84571C99C3520 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
11:53:13.0927 0x1a60  AdobeARMservice - ok
11:53:14.0036 0x1a60  [ 080255CDCB878813B481B8C348D47D8E, 75808821FBC732D0504795B8F85852E4C01D3B412989A1E597E1295CFF7B7A45 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
11:53:14.0036 0x1a60  AdobeFlashPlayerUpdateSvc - ok
11:53:14.0083 0x1a60  [ 7C1FDF1B48298CBA7CE4BDD4978951AD, 80F4D536E1231B30E836F72ADC8814AE6AA9FEC573FB5F3F965FAC8ABCCAF0F8 ] ADP80XX         C:\WINDOWS\system32\drivers\ADP80XX.SYS
11:53:14.0130 0x1a60  ADP80XX - ok
11:53:14.0161 0x1a60  [ 0F17D49BE041B7EFF1D33BF1414E7AC6, F8B536B60903814DF88DAF535753288537EF0993E42AA4E734EDA8D68B24C7AB ] AeLookupSvc     C:\WINDOWS\System32\aelupsvc.dll
11:53:14.0192 0x1a60  AeLookupSvc - ok
11:53:14.0239 0x1a60  [ 374E27295F0A9DCAA8FC96370F9BEEA5, 51C394E0C2322D7D093941A1B8766171B5D1F47DF2FE0834209492891EA7D999 ] AFD             C:\WINDOWS\system32\drivers\afd.sys
11:53:14.0286 0x1a60  AFD - ok
11:53:14.0302 0x1a60  [ 7DFAEBA9AD62D20102B576D5CAC45EC8, 9FA5207335303D1E8E9A3C9E1FB82C09AD21B04382F69D777A67E48EE91D2093 ] agp440          C:\WINDOWS\system32\drivers\agp440.sys
11:53:14.0317 0x1a60  agp440 - ok
11:53:14.0349 0x1a60  [ F0CB6DB513CAC393D04A0FCE0A59E1BF, E6EE159D0E6B1F666946B1FE421874044E89BB2EB60A521BAA111A1229FA7B2D ] ahcache         C:\WINDOWS\system32\DRIVERS\ahcache.sys
11:53:14.0411 0x1a60  ahcache - ok
11:53:14.0442 0x1a60  [ A91D8E1E433EFB32551BCE69037E1CE7, 41DFDD5B56918D19D09DFB3E4B07460AA85647A8647ABBBB906158D8D6653290 ] ALG             C:\WINDOWS\System32\alg.exe
11:53:14.0489 0x1a60  ALG - ok
11:53:14.0505 0x1a60  [ 7589DE749DB6F71A68489DCE04158729, 5F35EDD50737985595C9D6703237CA2ADE49AA5443331020899698EB5114A0FB ] AmdK8           C:\WINDOWS\System32\drivers\amdk8.sys
11:53:14.0552 0x1a60  AmdK8 - ok
11:53:14.0567 0x1a60  [ B46D2D89AFF8A9490FA8C98C7A5616E3, BE0765B5423B690E0F097FECD9717FAA95BFDFFDC6CF1B93DE5A19A1B7797879 ] AmdPPM          C:\WINDOWS\System32\drivers\amdppm.sys
11:53:14.0599 0x1a60  AmdPPM - ok
11:53:14.0630 0x1a60  [ D2BF2F94A47D332814910FD47C6BBCD2, FE273D77D119D958676E1197D9EA7B008E3B05C6192B1962A81D4223ED204C35 ] amdsata         C:\WINDOWS\system32\drivers\amdsata.sys
11:53:14.0630 0x1a60  amdsata - ok
11:53:14.0661 0x1a60  [ A8E04943C7BBA7219AA50400272C3C6E, 794C0BD12DF0392654E9A37AE4A24B5BE2D83F1F24F74DD48A1A0BF3AB8B1FF8 ] amdsbs          C:\WINDOWS\system32\drivers\amdsbs.sys
11:53:14.0677 0x1a60  amdsbs - ok
11:53:14.0692 0x1a60  [ CEA5F4F27CFC08E3A44D576811B35F50, 89DF64B81BD109BAABAE93A4603C1617241219F38DDAF325EFE6BD35FF6FD717 ] amdxata         C:\WINDOWS\system32\drivers\amdxata.sys
11:53:14.0708 0x1a60  amdxata - ok
11:53:14.0739 0x1a60  [ FB88245C1815EB1588DBC364A8D24522, 8DF136DE523EB39199FC993C48D850AD5B57FD9808B778FEF77FDC737F1A0026 ] AMPPAL          C:\WINDOWS\System32\drivers\AMPPAL.sys
11:53:14.0739 0x1a60  AMPPAL - ok
11:53:14.0864 0x1a60  [ A73CEA1B1B0A4F6D10BFD3B9AD9DC5F9, A2A4C8FA566BE06A64A34DEBF2647AA40B31BEBA677D548CAE3100EF20632EB7 ] AMPPALR3        C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
11:53:14.0880 0x1a60  AMPPALR3 - ok
11:53:14.0911 0x1a60  [ 04951A9A937CBE28A2D3FEEA360B6D1F, D8AAF000BE4FE4B203DC2EB2A64F780A542E5238CE3F9952FD03277379B11529 ] AppID           C:\WINDOWS\system32\drivers\appid.sys
11:53:14.0958 0x1a60  AppID - ok
11:53:14.0974 0x1a60  [ C0DC3F58214A227980AEB091CFD2F973, 0C3E8453C9F65ADA3E74C38C0E3AC3E0CBFD807B827097046265B38839E151E3 ] AppIDSvc        C:\WINDOWS\System32\appidsvc.dll
11:53:14.0989 0x1a60  AppIDSvc - ok
11:53:15.0021 0x1a60  [ 034ED41F13D9C1845C1E081F05B640DB, E4E17BA0B22C464DE60A6BF68D4D035D1B838DE4F0361029DED1AE00503E135C ] Appinfo         C:\WINDOWS\System32\appinfo.dll
11:53:15.0052 0x1a60  Appinfo - ok
11:53:15.0083 0x1a60  [ CB12C47647D8BDAFAA94C0856B14128B, 5590C98095357C92563EF94800107D3611AA6ECA1A70BE463C03B279E618A6C4 ] AppReadiness    C:\WINDOWS\system32\AppReadiness.dll
11:53:15.0146 0x1a60  AppReadiness - ok
11:53:15.0208 0x1a60  [ F7529BD3FFAC9C33D15F6DE3B7353B03, 8EF0A84C9687A246B60939A326E498121039E9CC617A7ABBA933EDD327F3467E ] AppXSvc         C:\WINDOWS\system32\appxdeploymentserver.dll
11:53:15.0302 0x1a60  AppXSvc - ok
11:53:15.0317 0x1a60  [ 65045784366F7EC5FB4E71BCF923187B, 53C215C64FF12E44B097F7CB88E8482438CE0ACBD3C68D8FD38BA0D0D8747FAA ] arcsas          C:\WINDOWS\system32\drivers\arcsas.sys
11:53:15.0333 0x1a60  arcsas - ok
11:53:15.0349 0x1a60  [ 74B14192CF79A72F7536B27CB8814FBD, 0CF6BBB63FFE0C12777664D80B2797923844C8392D0FD81D7962EE5EE2C3C3D9 ] atapi           C:\WINDOWS\system32\drivers\atapi.sys
11:53:15.0364 0x1a60  atapi - ok
11:53:15.0411 0x1a60  [ 8779FDAE68BC948B0FE152E758CC8DA7, 13070C2073F8E7546B48AE9CF54067B9BB75DFCD98F2987B90FFAD20D40D54CF ] AudioEndpointBuilder C:\WINDOWS\System32\AudioEndpointBuilder.dll
11:53:15.0505 0x1a60  AudioEndpointBuilder - ok
11:53:15.0567 0x1a60  [ 61EA45A645854FE81D8A924E2D93DFFE, 34F79532297F609CA93C380B68BB8B7B0F027F9C8F4FB8E02A9A43EA3D155F1B ] Audiosrv        C:\WINDOWS\System32\Audiosrv.dll
11:53:15.0583 0x1a60  Audiosrv - ok
11:53:15.0614 0x1a60  [ 96E8CAF20FC4B6C31CAD7816A801EB78, E4870DB8FFBDCFEE98449338D0BDBF2DD0B5FEC75514E41C11A882BE6EB16833 ] AxInstSV        C:\WINDOWS\System32\AxInstSV.dll
11:53:15.0661 0x1a60  AxInstSV - ok
11:53:15.0724 0x1a60  [ A4A73F631FE2AA2826FBE4A399B04DEF, 973AACE8DC8DA669D0DF20F17EFDEEABB90AA046AC980948D16A62D39A606A79 ] b06bdrv         C:\WINDOWS\system32\drivers\bxvbda.sys
11:53:15.0739 0x1a60  b06bdrv - ok
11:53:15.0771 0x1a60  [ 8CC7F7E4AFCBA605921B137ED7992C68, 71406E6D6E9964740A6D90B05329D5492BB90AF40E0630CF2FBF4BA4BA14F2DD ] BasicDisplay    C:\WINDOWS\System32\drivers\BasicDisplay.sys
11:53:15.0802 0x1a60  BasicDisplay - ok
11:53:15.0817 0x1a60  [ 38A82F4EE8C416A6744B6D30381ED768, 9EAAE5F43BA09359130AC04B1DCA0F5D4DF32ED89C02DC5CEB640918948847F7 ] BasicRender     C:\WINDOWS\System32\drivers\BasicRender.sys
11:53:15.0880 0x1a60  BasicRender - ok
11:53:15.0896 0x1a60  [ C1ABB0F7E3BEA48A0417BDF6FF14AB21, 1CAC63A1A0FB9855A27EE977794576A860F6650C9EF7667FFB27F2A2FF721857 ] bcmfn2          C:\WINDOWS\System32\drivers\bcmfn2.sys
11:53:15.0911 0x1a60  bcmfn2 - ok
11:53:15.0958 0x1a60  [ E07C80468D0C599BFF01D9D4EC7AEDC3, F675F455924DEC3FF69AD816DFEB6E74C804AEC3D3BFF7515953DB9D79C9B2D0 ] BDESVC          C:\WINDOWS\System32\bdesvc.dll
11:53:16.0021 0x1a60  BDESVC - ok
11:53:16.0052 0x1a60  [ EC19013E4CF87609534165DF897274D6, 8ED45537CF2D58D759A587CCBFDADD5580C7447B0C3B172CF19ECC7585E073FC ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
11:53:16.0099 0x1a60  Beep - ok
11:53:16.0146 0x1a60  [ 20FB137ADDE1255F15F265A7BD9579BE, 87B4D5C91EFEAD987AAC3491A4360F82824C46AFF958B6F4CAED7C12224EF159 ] BFE             C:\WINDOWS\System32\bfe.dll
11:53:16.0224 0x1a60  BFE - ok
11:53:16.0271 0x1a60  [ 15225081966C785A9192782401643FD4, E2BA0C8D044556FDD9DD7A25F7F71553DE7A2924E78F9284413C2AC46F0BF4EB ] BITS            C:\WINDOWS\System32\qmgr.dll
11:53:16.0333 0x1a60  BITS - ok
11:53:16.0489 0x1a60  [ 4AF14827F1584D084BC136A51FAA8397, B6202545E2459D648BF668F7025A139F64DB6F28F88773FD997DFF10003D9B7C ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
11:53:16.0521 0x1a60  Bluetooth Device Monitor - ok
11:53:16.0583 0x1a60  [ BC89A4C6A2A9C65E8E88AD0B3BF180FD, 06ECD1BF3F3526A77E389413D060BAB6BD50E5DC4C926C8EFCE2B04D56EE16E4 ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
11:53:16.0614 0x1a60  Bluetooth OBEX Service - ok
11:53:16.0646 0x1a60  [ 6B4FFFDDC618FCF64473CAA86E305697, 29EA66071D5822920F5C50533673ADAB5204F8B25C11027AD27450D881F1142D ] bowser          C:\WINDOWS\system32\DRIVERS\bowser.sys
11:53:16.0677 0x1a60  bowser - ok
11:53:16.0739 0x1a60  [ E325BCD68EC0CF2E2EDD0AB7CC17C698, 4DEDEF91F6BD1CC8DBE118AC28CA6BD874449A053B9CDE9FFEB1C7B98501D938 ] BrokerInfrastructure C:\WINDOWS\System32\bisrv.dll
11:53:16.0802 0x1a60  BrokerInfrastructure - ok
11:53:16.0833 0x1a60  [ 041A999E4FF9A7CDBE67357751881FB8, 356C52637EA715D6FA2B65BD311C9BF1635A582023434902EC2DE4A2448961F8 ] Browser         C:\WINDOWS\System32\browser.dll
11:53:16.0896 0x1a60  Browser - ok
11:53:16.0927 0x1a60  [ A8F23D453A424FF4DE04989C4727ECC7, AE4A9081395C7379F1C947EF8243F7609F90C843E086B8E77E1A2C06E36D4381 ] BthAvrcpTg      C:\WINDOWS\System32\drivers\BthAvrcpTg.sys
11:53:16.0943 0x1a60  BthAvrcpTg - ok
11:53:16.0974 0x1a60  [ 131F1C8573E7BFB41C54FBF5309CCD94, DAFE51E3BADBD82A33B580F212B2D6520A120877C23F6D675521FEA2F4BA5A1F ] BthEnum         C:\WINDOWS\System32\drivers\BthEnum.sys
11:53:17.0068 0x1a60  BthEnum - ok
11:53:17.0083 0x1a60  [ 746B9F94214915AECDE4B7FEA5FF9664, EA2877D49DB4B7B9CE61653D63E8776DFF1CBCCAB12C14DB1D20DA44B8F06357 ] BthHFEnum       C:\WINDOWS\System32\drivers\bthhfenum.sys
11:53:17.0099 0x1a60  BthHFEnum - ok
11:53:17.0114 0x1a60  [ 71FE2A48E4C93DDB9798C024880B6C07, 8E93DE29C61A5FA64216231228CB3C4A1A693FE87CAA2C070BCAD7BE2D8ED000 ] bthhfhid        C:\WINDOWS\System32\drivers\BthHFHid.sys
11:53:17.0130 0x1a60  bthhfhid - ok
11:53:17.0146 0x1a60  [ D30C67473A2E229662D21F27EAA9AAA5, D009C4836B0DFE963D8E3DEEDE611068838F2BBCAB146E6D70692FAB838E11F1 ] BthLEEnum       C:\WINDOWS\system32\DRIVERS\BthLEEnum.sys
11:53:17.0177 0x1a60  BthLEEnum - ok
11:53:17.0193 0x1a60  [ 66B791F6B11DC4303DD18A224A501542, 502AE4D6FFC6B0FCED081B0E0F61F699F96F20DFEE737B53828F5DEE3BD0FCB1 ] BTHMODEM        C:\WINDOWS\System32\drivers\bthmodem.sys
11:53:17.0239 0x1a60  BTHMODEM - ok
11:53:17.0271 0x1a60  [ 25BB93167DEF270188072603F92A1EF5, CE4637CE4B63420E218F53CAF89A8C85D036B879B80456FEF3C7C395590E26BB ] BthPan          C:\WINDOWS\System32\drivers\bthpan.sys
11:53:17.0333 0x1a60  BthPan - ok
11:53:17.0411 0x1a60  [ 97B9076611291AE4C4C107BC915BD026, 0A77873AAF1ADB76CAB98A84D2242781E34E2699632E45EB92ED7DB20B2BE0C1 ] BTHPORT         C:\WINDOWS\System32\Drivers\BTHport.sys
11:53:17.0458 0x1a60  BTHPORT - ok
11:53:17.0489 0x1a60  [ E5E48FEED73D463175EAB1542495191C, 0A8182F5BA7B694AB1DD3680F1194E4A568FE40DBA4BFDFF2EA09BAD045FFB29 ] bthserv         C:\WINDOWS\system32\bthserv.dll
11:53:17.0505 0x1a60  bthserv - ok
11:53:17.0536 0x1a60  [ 9310C81BE4D5EA33798A99355BB53E94, 127D1CC281996FD7B4359858A7B3EDB6FF4987EF463406259DA04D6F65DA1478 ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
11:53:17.0536 0x1a60  BTHSSecurityMgr - ok
11:53:17.0568 0x1a60  [ 23E75BED9076F856B36F5F934BBD5795, CCEB72B788522B7D52A6C07646005EBC68F9599D3714ECACF3A194CA47A1BE85 ] BTHUSB          C:\WINDOWS\System32\Drivers\BTHUSB.sys
11:53:17.0599 0x1a60  BTHUSB - ok
11:53:17.0646 0x1a60  [ 1134650C2F97611ACCDB02BC904AD35D, 59590C7C7D79105C4ED3F610861D58F55C3D7DDA6A13BBC9145AE23A3723B482 ] btmhsf          C:\WINDOWS\system32\DRIVERS\btmhsf.sys
11:53:17.0708 0x1a60  btmhsf - ok
11:53:17.0724 0x1a60  [ 2FA6510E33F7DEFEC03658B74101A9B9, 61C8C8E3F09B427711464C974EE22E1E01C48E10DB54A4EC9901F482FC36C978 ] cdfs            C:\WINDOWS\system32\DRIVERS\cdfs.sys
11:53:17.0833 0x1a60  cdfs - ok
11:53:17.0911 0x1a60  [ C6796EA22B513E3457514D92DCDB1A3D, 2B893F3950C6B913B934C2089B69F3B0B77F229AE1820907E598455CBB78139C ] cdrom           C:\WINDOWS\System32\drivers\cdrom.sys
11:53:17.0927 0x1a60  cdrom - ok
11:53:17.0958 0x1a60  [ AB285CE3431FF3D2ACE669245874C1C7, 6AF4C3E86EFA51F7FB6F8492CB2CCB807C7775EAE0508B87F07134FDAC679BD7 ] CertPropSvc     C:\WINDOWS\System32\certprop.dll
11:53:18.0021 0x1a60  CertPropSvc - ok
11:53:18.0036 0x1a60  [ BE9936EDD3267FAAFF94A7835867F00B, 3CEEF2377D45ED38C7CD3CE4C746EC5EA7277EFEC728A5438F0EF5F62FC7C859 ] circlass        C:\WINDOWS\System32\drivers\circlass.sys
11:53:18.0083 0x1a60  circlass - ok
11:53:18.0114 0x1a60  [ 179A41249055D5F039F1B6703F3B6D2B, 886CF715D9E85DB5C9B991EBCB9B12E27AA0EEE52528E222C80CA5B5B0A7AF52 ] CLFS            C:\WINDOWS\system32\drivers\CLFS.sys
11:53:18.0130 0x1a60  CLFS - ok
11:53:18.0505 0x1a60  [ 399F2E92269D4559F1A813624DD78496, 731606646390D2B279B2A51C8AE0E38E5CDE271CDA7D00061186EBBC3E37A72E ] ClickToRunSvc   C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
11:53:18.0583 0x1a60  ClickToRunSvc - ok
11:53:18.0646 0x1a60  [ 075CCE75090786F124573A788C8656E6, AA188CFF2F8EE2D9F50701AB2315D24E15D7715FD84F5054D3FC175D4BD35734 ] CLVirtualDrive  C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys
11:53:18.0661 0x1a60  CLVirtualDrive - ok
11:53:18.0693 0x1a60  [ EF6EF85DADC3184A10D8F2F7159973CB, 42FCB286CED95A5DEBC5C0C894FCBC4818A2C818BB71087142FB51A08A0BE96B ] CmBatt          C:\WINDOWS\System32\drivers\CmBatt.sys
11:53:18.0755 0x1a60  CmBatt - ok
11:53:18.0802 0x1a60  [ 3930E508DDA46C1FF68FD963F350AA0A, BF63F9C7AB30E2A8199D65EDD6DCBB797C93A4A0B972373643FBE1C38BCFA697 ] CNG             C:\WINDOWS\system32\Drivers\cng.sys
11:53:18.0818 0x1a60  CNG - ok
11:53:18.0865 0x1a60  [ 03AAED827C36F35D70900558B8274905, 8E44A23C6013FFAE7769F99CAA3B1D6288DE00A38937F9056903AC265B503AFA ] CompositeBus    C:\WINDOWS\System32\drivers\CompositeBus.sys
11:53:18.0880 0x1a60  CompositeBus - ok
11:53:18.0880 0x1a60  COMSysApp - ok
11:53:18.0896 0x1a60  [ A1FF7DFBFBE164CF92603C651D304DD2, 470ACE5A75E64FC62C950037201199857E974803625DC73BEDBCF6FA4DDD496C ] condrv          C:\WINDOWS\system32\drivers\condrv.sys
11:53:18.0927 0x1a60  condrv - ok
11:53:19.0005 0x1a60  [ 15FBADDC84ED202E59A4F1B201CC692C, A50092155B18DAD51049A72503002F08C1BB2DFDA239C4D3555360C163F2F782 ] cphs            C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
11:53:19.0021 0x1a60  cphs - ok
11:53:19.0052 0x1a60  [ 0EFE4B5884A8032617826A4D76F80969, 083D296CC623C83D36A97AEE343ADF819B17E490F931DBE4D161BD1E8C289E02 ] CryptSvc        C:\WINDOWS\system32\cryptsvc.dll
11:53:19.0083 0x1a60  CryptSvc - ok
11:53:19.0240 0x1a60  [ 7F5CD87CA5BDB4D83F992D8C77201483, 01818EF455833CA3396C8EA4696B8DC28E3A6A3618C081D046C8F207FACAB788 ] CyberLink PowerDVD 10 MS Monitor Service C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
11:53:19.0240 0x1a60  CyberLink PowerDVD 10 MS Monitor Service - ok
11:53:19.0271 0x1a60  [ 9FAF58E876A3B1DB3030A0A5805F2D86, 682939B774DF6A28268897A7E113F6D2DF9AD73DBF1994F937FB48818478B7FE ] CyberLink PowerDVD 10 MS Service C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
11:53:19.0286 0x1a60  CyberLink PowerDVD 10 MS Service - ok
11:53:19.0302 0x1a60  [ 315BA4BC19316D72B2E037534E048B93, 69613635DB23E6A935673B1025C2010ED3E195473D25368CF74234C4C36910BE ] dam             C:\WINDOWS\system32\drivers\dam.sys
11:53:19.0302 0x1a60  dam - ok
11:53:19.0365 0x1a60  [ 81979817943D830BF24571B7C1B28A1A, 9584D8F1FB3E6CF17BD465670B208C723A8E8B06775A3DA44F75D7710404EEA6 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
11:53:19.0505 0x1a60  DcomLaunch - ok
11:53:19.0552 0x1a60  [ D249C3A58A4FCF755EF4C94F7047E015, 68C044CE2DB93FB502F85F6E081EA164F6E6DCBA6B3EE2A5CBDA122065E522F8 ] defragsvc       C:\WINDOWS\System32\defragsvc.dll
11:53:19.0599 0x1a60  defragsvc - ok
11:53:19.0646 0x1a60  [ 8F387C2C99EE09C6E2AC316205F86A17, EC9E8AE72A21992AA118964E17090BA4503EB051273AD18185C95172F57328CE ] DeviceAssociationService C:\WINDOWS\system32\das.dll
11:53:19.0677 0x1a60  DeviceAssociationService - ok
11:53:19.0708 0x1a60  [ BC6849C62DB407573C6AD8CB1A4D2628, 5BDE0D60F85E4C27CEAD1B301155B54D841FB773BD5BB8AC5DDAEE31F8E94627 ] DeviceInstall   C:\WINDOWS\system32\umpnpmgr.dll
11:53:19.0802 0x1a60  DeviceInstall - ok
11:53:19.0849 0x1a60  [ A03F362C5557E238CBFA914689C77248, BAD0A1124E6A384C15028FBE121ADF650F7716442555AD3737B9EA1F58A69246 ] Dfsc            C:\WINDOWS\system32\Drivers\dfsc.sys
11:53:19.0911 0x1a60  Dfsc - ok
11:53:19.0943 0x1a60  [ 05DE04005CE0D84D0E6AD21CAEB369C6, E6704A2A685BCFD560796D7C328F8E53DF0793DBDA590598A492D9070D109298 ] Dhcp            C:\WINDOWS\system32\dhcpcore.dll
11:53:20.0005 0x1a60  Dhcp - ok
11:53:20.0036 0x1a60  [ 4D40C9B33F738797CF50E77CB7C53E85, 7BA341342A47DEB15B51971C97A5237ACD8BDAD9033F63DF0000892BE43F8E13 ] disk            C:\WINDOWS\system32\drivers\disk.sys
11:53:20.0052 0x1a60  disk - ok
11:53:20.0068 0x1a60  [ EB70A894708D1BC176AFD690FF06085F, 0DD2A97F5E1B38D1F7C0D44E50F09EA222B18B3B074CC9C8CD25A7526CB1A112 ] dmvsc           C:\WINDOWS\System32\drivers\dmvsc.sys
11:53:20.0146 0x1a60  dmvsc - ok
11:53:20.0177 0x1a60  [ FE7656474448BE6A6C68E5C9BEB7CA94, 8B9F04CAA29A6EEFCA3D1E7BAFE340D5CCA8AF665474E69B1DF7E2A518B83A89 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
11:53:20.0224 0x1a60  Dnscache - ok
11:53:20.0255 0x1a60  [ 50288EA079BB520C2B8C8A154202D518, 8916A9180CA009D124FFDFB4CCF5FDFEF7FA2FD37CBCD49FAD4C68E051B4734D ] dot3svc         C:\WINDOWS\System32\dot3svc.dll
11:53:20.0286 0x1a60  dot3svc - ok
11:53:20.0302 0x1a60  [ 281BEE07BA97E3E98D12A822D923D0D8, 6EB482B2D4D6048D145C3738B2B6FA27A90B5EA53E9167447820F9981B004E63 ] DPS             C:\WINDOWS\system32\dps.dll
11:53:20.0380 0x1a60  DPS - ok
11:53:20.0396 0x1a60  [ DDC11A202207C0400CBE07315B8FDE5E, 3ED0CA3A714582D92001BA3BFF78BE082F4DC8021298D5A2632F3B2B0A1C09DC ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
11:53:20.0396 0x1a60  drmkaud - ok
11:53:20.0443 0x1a60  [ 5B074F14F5DD6418F46EE4CA2DEB7EA8, B8223D73C3DE123759101F7D5D45C60BD12B221F09D349575A1044CE3F43CBC5 ] DsmSvc          C:\WINDOWS\System32\DeviceSetupManager.dll
11:53:20.0474 0x1a60  DsmSvc - ok
11:53:20.0552 0x1a60  [ 313DCE665B57000B18CB26C6B6A10DFE, 6C332D4AD13A316C192321AB7E7597E66AF8E1688101FFD851E06C52128DBA52 ] DXGKrnl         C:\WINDOWS\System32\drivers\dxgkrnl.sys
11:53:20.0599 0x1a60  DXGKrnl - ok
11:53:20.0630 0x1a60  [ 6073537F250B45E1CB2A02E97F0FE1B2, 653F3F2F2019168EDF225944A88AFDBF8393B62AA076BD19980691778F3DB67D ] Eaphost         C:\WINDOWS\System32\eapsvc.dll
11:53:20.0661 0x1a60  Eaphost - ok
11:53:20.0818 0x1a60  [ 114BCFDF367FF37C3F1B0A96AF542E4D, D385BC1D91BC1406091C8C3691C07A90BD60EDE05B1384E5AA3506FCB909C857 ] ebdrv           C:\WINDOWS\system32\drivers\evbda.sys
11:53:20.0943 0x1a60  ebdrv - ok
11:53:20.0974 0x1a60  [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] EFS             C:\WINDOWS\System32\lsass.exe
11:53:20.0990 0x1a60  EFS - ok
11:53:21.0021 0x1a60  [ 43531A5993380CC5113242C29D265FD9, EE0076D96F7F3CF29884AC7A67C08A429115A7201354A1FB5DE45FD63ABB4960 ] EhStorClass     C:\WINDOWS\system32\drivers\EhStorClass.sys
11:53:21.0021 0x1a60  EhStorClass - ok
11:53:21.0036 0x1a60  [ 6F8E738A9505A388B1157FDDE7B3101B, 3696CA634102B41EEA11EB9DCA0B24439D8636AED4A7190C138C5E64A2EFB514 ] EhStorTcgDrv    C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys
11:53:21.0052 0x1a60  EhStorTcgDrv - ok
11:53:21.0083 0x1a60  [ DFFFAE1442BA4076E18EED5E406FA0D3, 329FC6FB8D14BEACDBE2A5D4C496EDEA485E838B1DF27566E278F8F8E0D8E82E ] ErrDev          C:\WINDOWS\System32\drivers\errdev.sys
11:53:21.0099 0x1a60  ErrDev - ok
11:53:21.0130 0x1a60  esgiguard - ok
11:53:21.0193 0x1a60  [ 030CE75B7D8F75FAA7BA1EC6FD0EB5A3, 5264734F0572FAEDCCB008221C9982CCB7922C4FFC358605424EA413CDCDAE99 ] EventSystem     C:\WINDOWS\system32\es.dll
11:53:21.0240 0x1a60  EventSystem - ok
11:53:21.0380 0x1a60  [ E67E289FA8AA393223AD7F9AFB738FD6, DBAB42EE5C140024CB4FF669664885B5CB404054A430331B5ABF273598A881C0 ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
11:53:21.0396 0x1a60  EvtEng - ok
11:53:21.0412 0x1a60  [ 7729D294A555C7AEB281ED8E4D0E01E4, 7269E79D72CCE477AC108294D0DDFB59CF533B03C587599C5AB0507C43A0B6D4 ] exfat           C:\WINDOWS\system32\drivers\exfat.sys
11:53:21.0443 0x1a60  exfat - ok
11:53:21.0474 0x1a60  [ 7C4E0D5900B2A1D11EDD626D6DDB937B, 732F310F8F6016C56F432A81636B13CE0124A802FE8DD91287B618EED22C9A1D ] fastfat         C:\WINDOWS\system32\drivers\fastfat.sys
11:53:21.0490 0x1a60  fastfat - ok
11:53:21.0552 0x1a60  [ 2BC8532ABF2B3756B78FA1DA54147DDE, DF65EE2AB0255A2CF3221085A6BE7C37E3DB6BFEED3BCADCDD69BB1049F6DCB1 ] Fax             C:\WINDOWS\system32\fxssvc.exe
11:53:21.0615 0x1a60  Fax - ok
11:53:21.0646 0x1a60  [ 5D8402613E778B3BD45E687A8372710B, EE9EA10805168D309A609B9019AEC5961EE46D18207B5E0EA2DE4064A5770AF8 ] fdc             C:\WINDOWS\System32\drivers\fdc.sys
11:53:21.0662 0x1a60  fdc - ok
11:53:21.0677 0x1a60  [ DC1A78BCCCB7EE53D6FD3BD615A8E222, EE16B6853185AAE779D7135035983938009901658F76A8856AAC12EBA15BB34E ] fdPHost         C:\WINDOWS\system32\fdPHost.dll
11:53:21.0708 0x1a60  fdPHost - ok
11:53:21.0724 0x1a60  [ E5AD448F2DC84B1CF387FA7F2A3D1936, BBB29C79A085C503F5EFFB5144596D5DEC48A4EB34A049A4E7B38B27F6D92E0A ] FDResPub        C:\WINDOWS\system32\fdrespub.dll
11:53:21.0771 0x1a60  FDResPub - ok
11:53:21.0802 0x1a60  [ 0046E0BD031213D37123876B0D0FA61C, A4FE17D56F0BAFB70D0D421ED9D1B6E50AF8ADAA4B59328A41AEC5B4C068A3CB ] fhsvc           C:\WINDOWS\system32\fhsvc.dll
11:53:21.0833 0x1a60  fhsvc - ok
11:53:21.0880 0x1a60  [ BCFD8B149B3ADF92D0DB1E909CAF0265, 002B085C131473642450176B4B8359F3E5B04350AFB659B9C0F9EB587D1181E7 ] FileInfo        C:\WINDOWS\system32\drivers\fileinfo.sys
11:53:21.0880 0x1a60  FileInfo - ok
11:53:21.0912 0x1a60  [ A1A66C4FDAFD6B0289523232AFB7D8AF, 0F5832F626BB62190D5F3A088CE6E048D8A400CCF9EA527F06973CAD96D3A81C ] Filetrace       C:\WINDOWS\system32\drivers\filetrace.sys
11:53:21.0943 0x1a60  Filetrace - ok
11:53:21.0958 0x1a60  [ BE743083CF7063C486A4398E3AEFE59A, 85796D89943DD6FE3932C1ED6CF01470C1B4DFD243C390B07055FFDA3C231551 ] flpydisk        C:\WINDOWS\System32\drivers\flpydisk.sys
11:53:21.0974 0x1a60  flpydisk - ok
11:53:22.0005 0x1a60  [ 6592D192E2823C043EDBC010E7774053, C025A0EC5517DC3BD5D6656DC0F0F19021FB3D2EE90EC6194E1BD74E638EBBDC ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
11:53:22.0037 0x1a60  FltMgr - ok
11:53:22.0099 0x1a60  [ 3FA6DC6B29717E32E211C1FD821F2C75, E467F3775427C93CC2B87327B0A45669631A5FC460C558F6796BA26002A8BBFC ] FontCache       C:\WINDOWS\system32\FntCache.dll
11:53:22.0177 0x1a60  FontCache - ok
11:53:22.0271 0x1a60  [ 1C52387BF5A127F5F3BFB31288F30D93, 90D13F60170CD74304F3036A90D596AA3E1E134455A780310BDF67AC7815F2E7 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:53:22.0287 0x1a60  FontCache3.0.0.0 - ok
11:53:22.0302 0x1a60  [ 35005534E600E993A90B036E4E599F2B, DA56FA3776FBD3D50276CB7410E0CB6F137DD8FCA84C0F3FEF8B1FEA5F6CA592 ] FsDepends       C:\WINDOWS\system32\drivers\FsDepends.sys
11:53:22.0318 0x1a60  FsDepends - ok
11:53:22.0333 0x1a60  [ 09F460AFEDCA03F3BF6E07D1CCC9AC42, B832091BC9B2C2FE38A4BCA132ABB58251E851F21EC6F39636E73777AB9A5791 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:53:22.0349 0x1a60  Fs_Rec - ok
11:53:22.0396 0x1a60  [ F152D55E497E12256290C43B31C7D0CE, FFC54B14CCFBC1548948C07FB3866E40A11D0C05AC352BD000E71CEF053F6A6E ] fvevol          C:\WINDOWS\system32\DRIVERS\fvevol.sys
11:53:22.0427 0x1a60  fvevol - ok
11:53:22.0443 0x1a60  [ 9591D0B9351ED489EAFD9D1CE52A8015, AC64C236C3AE545FCE8ED44A4A87FB86265A453BA60026EC9A4DE2B631E99996 ] FxPPM           C:\WINDOWS\System32\drivers\fxppm.sys
11:53:22.0458 0x1a60  FxPPM - ok
11:53:22.0474 0x1a60  [ FC3EF65EE20D39F8749C2218DBA681CA, 12980F1DE99B25E6920A33556F3ABDA5EC9BFE4757BE602130B5E939D8D25CE3 ] gagp30kx        C:\WINDOWS\system32\drivers\gagp30kx.sys
11:53:22.0474 0x1a60  gagp30kx - ok
11:53:22.0505 0x1a60  [ 0BF5CAD281E25F1418E5B8875DC5ADD1, 0929AD8437DD78234553D8B2CDF0D6838FD54ACDE1918AFEBE48684EB32A07A3 ] gencounter      C:\WINDOWS\System32\drivers\vmgencounter.sys
11:53:22.0521 0x1a60  gencounter - ok
11:53:22.0552 0x1a60  [ 8DF1254093B5C354CE725EB6B9B0DE19, DE6C5661CC076DA44B8A5D044FDB7280EDCF38D322A98C14FDC82E25586B3014 ] GPIOClx0101     C:\WINDOWS\system32\Drivers\msgpioclx.sys
11:53:22.0568 0x1a60  GPIOClx0101 - ok
11:53:22.0630 0x1a60  [ 69DB09F0263C637DA8568D404842466A, D042194266978AAD31E04DAF7018CD50754077212DC74A4D8AFF6BFEE80CDD20 ] gpsvc           C:\WINDOWS\System32\gpsvc.dll
11:53:22.0708 0x1a60  gpsvc - ok
11:53:22.0771 0x1a60  [ D4B7ED39C7900384D9E5C1283F1E7926, F93F98858067B40F1C071EAD0F8E85442A78B95342BC692AF4D726540634923F ] HDAudBus        C:\WINDOWS\System32\drivers\HDAudBus.sys
11:53:22.0802 0x1a60  HDAudBus - ok
11:53:22.0833 0x1a60  [ 10A70BC1871CD955D85CD88372724906, 2480A74854D0A89FF028EE9BA41224D4B2F9B0863066BFC43097920794FEE08D ] HidBatt         C:\WINDOWS\System32\drivers\HidBatt.sys
11:53:22.0849 0x1a60  HidBatt - ok
11:53:22.0880 0x1a60  [ 1EA1B4FABB8CC348E73CA90DBA22E104, 5C18C6BD499272F216DD4626B5E8D38181AEAC9AD917FBEB614A75B70467B258 ] HidBth          C:\WINDOWS\System32\drivers\hidbth.sys
11:53:22.0896 0x1a60  HidBth - ok
11:53:22.0927 0x1a60  [ C241A8BAFBBFC90176EA0F5240EACC17, 571E20B87818618BE9179986177D55739A240F04D1F740B3C1B7809B9427B767 ] hidi2c          C:\WINDOWS\System32\drivers\hidi2c.sys
11:53:22.0927 0x1a60  hidi2c - ok
11:53:22.0958 0x1a60  [ 9BDDEE26255421017E161CCB9D5EDA95, B766FD5E31708F29384F69418FC33C4BCC6E3064AA553D5B1D30EE0B8B1BFB40 ] HidIr           C:\WINDOWS\System32\drivers\hidir.sys
11:53:22.0974 0x1a60  HidIr - ok
11:53:22.0990 0x1a60  [ 449A20A674AA3FAA7F0DD4E33EE2DC20, 28B9BDA306456E8640C355718DE3477537B0FAF8C37F633C709129AAB64D9873 ] hidserv         C:\WINDOWS\system32\hidserv.dll
11:53:23.0021 0x1a60  hidserv - ok
11:53:23.0037 0x1a60  [ 8DB8EAB9D0C6A5DF0BDCADEA239220B4, EDA23E6909EB83E5E148816DFB16CC29EA01BD6BD2F73AA46B3D820B85FB9C83 ] HidUsb          C:\WINDOWS\System32\drivers\hidusb.sys
11:53:23.0099 0x1a60  HidUsb - ok
11:53:23.0130 0x1a60  [ 7BF3ADCBD021D4F4A84CF40EB49C71B5, 5758A51FD2EBE67E6DBE3A298D714D351910F9E01C428D0C1359457C9242B298 ] hkmsvc          C:\WINDOWS\system32\kmsvc.dll
11:53:23.0146 0x1a60  hkmsvc - ok
11:53:23.0177 0x1a60  [ 6CD9C3819BE8C0A3DACC82AE5D3C4F18, 46BF4A968E506DE17CA401401D716B444CDC10A5C60EB081890DD4B886AEDF5F ] HomeGroupListener C:\WINDOWS\system32\ListSvc.dll
11:53:23.0255 0x1a60  HomeGroupListener - ok
11:53:23.0287 0x1a60  [ 1A4DA1D6287B99033D144B436C23B656, D4D1EEB372E61512EA36A33F095E68C225B8E6C72CC57ED8BD00533F88012F40 ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll
11:53:23.0333 0x1a60  HomeGroupProvider - ok
11:53:23.0365 0x1a60  [ A6AACEA4C785789BDA5912AD1FEDA80D, D197012A5DA6AB3F76FF298336DF0CF027C07ECC71267BAEF5912DE12893E096 ] HpSAMD          C:\WINDOWS\system32\drivers\HpSAMD.sys
11:53:23.0380 0x1a60  HpSAMD - ok
11:53:23.0396 0x1a60  [ B8B1B284362E1D8135112573395D5DA5, 97BC6A7B2DCD7CC854B912A85BB2FCF199592E8E16A7C405EAF89B02D5DE4AEE ] htcnprot        C:\WINDOWS\system32\DRIVERS\htcnprot.sys
11:53:23.0396 0x1a60  htcnprot - ok
11:53:23.0427 0x1a60  [ 7C7C986776D00E575BFBDE5DCBDC615D, 4CF12851A5A45917C3A9139B19D79434F2038611B617F83A714506CC7A1A6C61 ] HtcVCom32       C:\WINDOWS\system32\DRIVERS\HtcVComV64.sys
11:53:23.0474 0x1a60  HtcVCom32 - ok
11:53:23.0521 0x1a60  [ 9DDCA7F18983C5410DEFF79F819DF93C, CE97B4440377BFC5CA81BB600C3BD1DD9FB3951CA1EB70735F5E2050EBB74223 ] HTTP            C:\WINDOWS\system32\drivers\HTTP.sys
11:53:23.0552 0x1a60  HTTP - ok
11:53:23.0599 0x1a60  [ 90656C0B3864804B090434EFC582404F, BDB60050B729AACB9E009AC7129BEBD6298BBD8A9DB14B817D02E8E13669BD6E ] hwpolicy        C:\WINDOWS\system32\drivers\hwpolicy.sys
11:53:23.0599 0x1a60  hwpolicy - ok
11:53:23.0615 0x1a60  [ 6D6F9E3BF0484967E52F7E846BFF1CA1, C982966BDE6A3E6773D9441ADA7A3B08D13511DFC68D04DF303248B942423F38 ] hyperkbd        C:\WINDOWS\System32\drivers\hyperkbd.sys
11:53:23.0646 0x1a60  hyperkbd - ok
11:53:23.0677 0x1a60  [ 907C870F8C31F8DDD6F090857B46AB25, 308664A31717383D06185875E76C6612407A9F04E7DB28404F574A5706C6715D ] HyperVideo      C:\WINDOWS\system32\DRIVERS\HyperVideo.sys
11:53:23.0677 0x1a60  HyperVideo - ok
11:53:23.0708 0x1a60  [ 84CFC5EFA97D0C965EDE1D56F116A541, 0155EA62BF07D99D98D1C9B6559C8E3301B016A20D03DF1EF64B2FAB8C37403B ] i8042prt        C:\WINDOWS\System32\drivers\i8042prt.sys
11:53:23.0724 0x1a60  i8042prt - ok
11:53:23.0740 0x1a60  [ 5D90E32E36CE5D4C535D17CE08AEAF05, 976A463343E8C8308AFBE9E64DF56C430D2241DE002430D00318AB065EB72E4A ] iaLPSSi_GPIO    C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys
11:53:23.0740 0x1a60  iaLPSSi_GPIO - ok
11:53:23.0755 0x1a60  [ DD05E7E80F52ADE9AEB292819920F32C, E71AB6A50B0F90C8F94569CE89F66F915A0A4A00D4AC091B2E5E750D88CFC334 ] iaLPSSi_I2C     C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys
11:53:23.0771 0x1a60  iaLPSSi_I2C - ok
11:53:23.0802 0x1a60  [ 0FE66A51D81A25AACEAAE4C26308121D, C5553F7ABA74A8EB71A4ED0E8F2A6AA2892F871D164F2D4FADB035BE7D1A8C44 ] iaStorA         C:\WINDOWS\system32\drivers\iaStorA.sys
11:53:23.0818 0x1a60  iaStorA - ok
11:53:23.0865 0x1a60  [ 08BFE413B0B4AA8DFA4B5684CE06D3DC, 95DEEBB203E12EE6E191F5247A74C04AEC0E16DE981FADDC4D6C42EE41D8D079 ] iaStorAV        C:\WINDOWS\system32\drivers\iaStorAV.sys
11:53:23.0880 0x1a60  iaStorAV - ok
11:53:23.0974 0x1a60  [ 584068E03829BC5C63F54B05E6244E97, C075E8A4853C0DE09A9BF846338F9C8997FE7ACD604B4EC02AA89F0DAA1D985B ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
11:53:23.0990 0x1a60  IAStorDataMgrSvc - detected UnsignedFile.Multi.Generic ( 1 )
11:53:26.0380 0x1a60  Detect skipped due to KSN trusted
11:53:26.0380 0x1a60  IAStorDataMgrSvc - ok
11:53:26.0396 0x1a60  [ A2200C3033FA4EF249FC096A7A7D02A2, 5819F5C2020DE2EEE339B0C08CD4B1E3490EAFBBEA1277CE649DB5A5150986B0 ] iaStorV         C:\WINDOWS\system32\drivers\iaStorV.sys
11:53:26.0427 0x1a60  iaStorV - ok
11:53:26.0459 0x1a60  [ 43E864824FCEBEE7119E1572B2703EB9, 8D90899F2279947AFD887567C7F60DC3264D56231F5403A64D722B3E25103202 ] iBtFltCoex      C:\WINDOWS\system32\DRIVERS\iBtFltCoex.sys
11:53:26.0459 0x1a60  iBtFltCoex - ok
11:53:26.0474 0x1a60  IEEtwCollectorService - ok
11:53:26.0599 0x1a60  [ C38AFE18A40ADF005647090DD3AC24F3, 302810C31B005DD4C9143233AB5B4F332C62AD866A7C7AB0E8F8F81AE1766B11 ] igfx            C:\WINDOWS\system32\DRIVERS\igdkmd64.sys
11:53:26.0787 0x1a60  igfx - ok
11:53:26.0849 0x1a60  [ 7A510A9AFC7955DEE63F8DC243E31292, 13906F6212F4C116BE224F2A8AFFF089ACFED8F543E26FC6208FF38463366173 ] igfxCUIService1.0.0.0 C:\WINDOWS\system32\igfxCUIService.exe
11:53:26.0865 0x1a60  igfxCUIService1.0.0.0 - ok
11:53:26.0927 0x1a60  [ DEA76F90F9777E3427D70E380222B23B, B917BA423896A12E45623E3D494CA03317A6FC612CA433C62C897524DC3E756B ] IKEEXT          C:\WINDOWS\System32\ikeext.dll
11:53:26.0990 0x1a60  IKEEXT - ok
11:53:27.0021 0x1a60  [ FC7C456AF9B9811499EDBD10616832EE, CA2D8B0E672D3AE449C2FF0B9E142D74E8C72FD877D11162A9F7CC51AF58220F ] intaud_WaveExtensible C:\WINDOWS\system32\drivers\intelaud.sys
11:53:27.0037 0x1a60  intaud_WaveExtensible - ok
11:53:27.0177 0x1a60  [ F1A3ECE3809AF333810ED0A872200226, BF1CC3EE64A9BDE41A5139A56016DE79DB87212D130B6024A03206CFCF65AC72 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHD64.sys
11:53:27.0334 0x1a60  IntcAzAudAddService - ok
11:53:27.0396 0x1a60  [ F5495B38BFB9149925F54F65AB40EFBF, 7CBB72C41E2343DACBFB967A39CA04788561EDECB289C41BC2D6A06B80882AC4 ] IntcDAud        C:\WINDOWS\system32\DRIVERS\IntcDAud.sys
11:53:27.0427 0x1a60  IntcDAud - ok
11:53:27.0521 0x1a60  [ C99F8E90DE4B8F0C7FE15BB1CBCD29DC, F791EE101EEF8B9F48102B6C63A89B78F7C0041C750C4F4C0D16D54B583B7B5C ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
11:53:27.0537 0x1a60  Intel(R) Capability Licensing Service Interface - ok
11:53:27.0599 0x1a60  [ 30E9FAC23E2537D82F2836CB81AEE186, 03E5072D43ECED70EF004D2E6E654B4CCCE059825CC3C641C0534E4C0BC0C7E8 ] Intel(R) ME Service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
11:53:27.0615 0x1a60  Intel(R) ME Service - ok
11:53:27.0646 0x1a60  [ 4E448FCFFD00E8D657CD9E48D3E47157, 4A958CF0BF8DAEAE5E008500BA67CE89B21388592811274331EE39CAC1043A00 ] intelide        C:\WINDOWS\system32\drivers\intelide.sys
11:53:27.0646 0x1a60  intelide - ok
11:53:27.0677 0x1a60  [ A770340FC02B999EF0DE6C2A6BC8437C, 214567BE706B21BEA7EC13AF6B10FBFF658000511DBBA79BAA28D1D4EFD029A7 ] intelpep        C:\WINDOWS\system32\drivers\intelpep.sys
11:53:27.0677 0x1a60  intelpep - ok
11:53:27.0693 0x1a60  [ 47E74A8E53C7C24DCE38311E1451C1D9, 79B06E37A552C8A847404D4C572CDB8CF525354D8AE3BEBC06892B7C3B330761 ] intelppm        C:\WINDOWS\System32\drivers\intelppm.sys
11:53:27.0724 0x1a60  intelppm - ok
11:53:27.0756 0x1a60  [ 9DB76D7F9E4E53EFE5DD8C53DE837514, 07BA4EDA9BE9139A689A2C3EFC1D1A4F3D1216625ED145F313398292A2CD5703 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:53:27.0787 0x1a60  IpFilterDriver - ok
11:53:27.0834 0x1a60  [ ACFEE9487693C2BD573DFCA71D98E17C, A347FD476147CD3568EEE6993B46AFC05A66A4269094CA51572D0FD013FCB535 ] iphlpsvc        C:\WINDOWS\System32\iphlpsvc.dll
11:53:27.0881 0x1a60  iphlpsvc - ok
11:53:27.0912 0x1a60  [ 9C096BF5E10CA8BFA56F32522A89FAF1, 6C1151160799338DA351C7237AB049926C6C15F24F5E154BBF5929B4A96C0B8D ] IPMIDRV         C:\WINDOWS\System32\drivers\IPMIDrv.sys
11:53:27.0990 0x1a60  IPMIDRV - ok
11:53:28.0006 0x1a60  [ B7342B3C58E91107F6E946A93D9D4EFD, D5DA3C02C5C5A343785745EF6983CC9B5FBD3FB8D49FE9B450523E50212D1A32 ] IPNAT           C:\WINDOWS\system32\drivers\ipnat.sys
11:53:28.0052 0x1a60  IPNAT - ok
11:53:28.0084 0x1a60  [ AE44C526AB5F8A487D941CEB57B10C97, A783A2EAF7A6FF450FB3F189A5930036FA60D125C42171AC44B6FE2E3DBD6F7A ] IRENUM          C:\WINDOWS\system32\drivers\irenum.sys
11:53:28.0099 0x1a60  IRENUM - ok
11:53:28.0131 0x1a60  [ 8AFEEA3955AA43616A60F133B1D25F21, E99359A4F1D653790133F145CF7C9F97399FD75C5E135AA7E5F989BB660789AF ] isapnp          C:\WINDOWS\system32\drivers\isapnp.sys
11:53:28.0146 0x1a60  isapnp - ok
11:53:28.0177 0x1a60  [ D90AB68D0FAC9F357F663670FDBB511E, A82AAA5DF1B38EFBDCF834535A0C520D1BB2D7A4A906C18CFDD22BCF16BDB97D ] iScsiPrt        C:\WINDOWS\System32\drivers\msiscsi.sys
11:53:28.0193 0x1a60  iScsiPrt - ok
11:53:28.0224 0x1a60  [ A90C843F4FDD7A07129BA73C6BE13976, A76DEA9F09E3B2F18D3B646A0DD39E2773EC62E2F3C55421BA61C12190D78C1C ] iwdbus          C:\WINDOWS\System32\drivers\iwdbus.sys
11:53:28.0224 0x1a60  iwdbus - ok
11:53:28.0271 0x1a60  [ 3C4002D339491AF73D663FFC7F6E5ECB, 0B53047989BDB781572253BC3AA757912FE54366870C1955E687972CE210C285 ] jhi_service     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
11:53:28.0271 0x1a60  jhi_service - ok
11:53:28.0302 0x1a60  [ 8BE92376799B6B44D543E8D07CDCF885, 425B8BB1BAF62F735B3CB5A002E6055879F02E7207E55942BFD37F1784F5F368 ] kbdclass        C:\WINDOWS\System32\drivers\kbdclass.sys
11:53:28.0302 0x1a60  kbdclass - ok
11:53:28.0318 0x1a60  [ FB6E47E569D4872ABEB506BE03A45FBA, 5C4056CADA8F67587A119D9AE2A0EFAB30387CF6298F4019FF68AC92E2F6F54B ] kbdhid          C:\WINDOWS\System32\drivers\kbdhid.sys
11:53:28.0334 0x1a60  kbdhid - ok
11:53:28.0349 0x1a60  [ 813871C7D402A05F2E3A7075F9584A05, FF0C2F87EB083F8CE74C679D80C845CDFBFBBC70BE818F899F3336BBB54A3FFB ] kdnic           C:\WINDOWS\system32\DRIVERS\kdnic.sys
11:53:28.0427 0x1a60  kdnic - ok
11:53:28.0443 0x1a60  [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] KeyIso          C:\WINDOWS\system32\lsass.exe
11:53:28.0459 0x1a60  KeyIso - ok
11:53:28.0490 0x1a60  [ ADDECBCC777665BD113BED437E602AB0, B6283475A1219CE44E9F683DD3BEB8C42DA0943297E5C4699B22176AD8A6A7ED ] KSecDD          C:\WINDOWS\system32\Drivers\ksecdd.sys
11:53:28.0490 0x1a60  KSecDD - ok
11:53:28.0537 0x1a60  [ 15C8C65CEA018C02EA0F648448C491C5, DF909704D22D891BE439B2E3D8386EA659444F91DC92AABFF9766446AEE5EBC0 ] KSecPkg         C:\WINDOWS\system32\Drivers\ksecpkg.sys
11:53:28.0568 0x1a60  KSecPkg - ok
11:53:28.0584 0x1a60  [ 11AFB527AA370B1DAFD5C36F35F6D45F, 757AD234284467ADB826F7CA0251F58D48866B91995BC867DEA4BAF676947163 ] ksthunk         C:\WINDOWS\system32\drivers\ksthunk.sys
11:53:28.0584 0x1a60  ksthunk - ok
11:53:28.0631 0x1a60  [ 32B1A8351160F307A8C66BCB0F94A9C2, 52F1DEC2BBD4D5DDBB85ED20B99D96BBA7EB83304D76F183A11FDAFDA364E873 ] KtmRm           C:\WINDOWS\system32\msdtckrm.dll
11:53:28.0662 0x1a60  KtmRm - ok
11:53:28.0693 0x1a60  [ 793EACA6BAE9F481C2059BCB3743EB4A, 2624905C6B6A1227BD1CAC7D4FE55A5F6543E1278DAB31EC553748472D180D1D ] LanmanServer    C:\WINDOWS\system32\srvsvc.dll
11:53:28.0771 0x1a60  LanmanServer - ok
11:53:28.0802 0x1a60  [ D0D9C2ECA4D03A8F06DCD91236B90C98, E2D1144DC8040EA5FEB0602A20BA4CB920B4BC86AD5AD05FC0DF7D74DC95DC66 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
11:53:28.0818 0x1a60  LanmanWorkstation - ok
11:53:28.0865 0x1a60  [ 626D19F1771E1AE72208AE9A8F3082F7, 78FDB64545ED2EAE9F51C08120E21D2C3285208F6846BD8BBA08CAA839E7A0C4 ] lfsvc           C:\WINDOWS\System32\GeofenceMonitorService.dll
11:53:28.0927 0x1a60  lfsvc - ok
11:53:28.0943 0x1a60  [ C09010B3680860131631F53E8FE7BAD8, 35F2A06D5F29478D22ABDCC20DA893EF9D96504C65594A0CEA674D1C21B04FF8 ] lltdio          C:\WINDOWS\system32\DRIVERS\lltdio.sys
11:53:28.0974 0x1a60  lltdio - ok
11:53:29.0006 0x1a60  [ 00E070FC0C673311AFD4B068D1242780, 50B0E0E625361145332C849709498FF444E46578DCAD2536E6D0289E0125580F ] lltdsvc         C:\WINDOWS\System32\lltdsvc.dll
11:53:29.0037 0x1a60  lltdsvc - ok
11:53:29.0052 0x1a60  [ D113FAD71A5E67AA94B32A0F8828D265, 08DDB4BBDB570C59926DBF5E27FCF46DCDF8B8212BB9251E97837E0504516FB3 ] lmhosts         C:\WINDOWS\System32\lmhsvc.dll
11:53:29.0099 0x1a60  lmhosts - ok
11:53:29.0146 0x1a60  [ 4269D44BB47A6DA5D80B11F4C8536458, 7A8FFC8F851DD9E5C43986BE0888831CB71D188138DF3CF7F787DADDA70915B0 ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
11:53:29.0162 0x1a60  LMS - ok
11:53:29.0193 0x1a60  [ C755AE4635457AA2A11F79C0DF857ABC, E03D1ACAC155287291FE1BD0B653953ADC94279A74D0152088D698FAA796460F ] LSI_SAS         C:\WINDOWS\system32\drivers\lsi_sas.sys
11:53:29.0193 0x1a60  LSI_SAS - ok
11:53:29.0240 0x1a60  [ ADAC09CBE7A2040B7F68B5E5C9A75141, 7865DA7E91404F3642BC444B97F6B7AA42B9523D5EDD7F6365DA236B8EC3410F ] LSI_SAS2        C:\WINDOWS\system32\drivers\lsi_sas2.sys
11:53:29.0256 0x1a60  LSI_SAS2 - ok
11:53:29.0271 0x1a60  [ 04D1274BB9BBCCF12BD12374002AA191, 4B9618F8D25F2278DE1610A70ACAADB074D171D162C3AF27D464F5DC800A8E60 ] LSI_SAS3        C:\WINDOWS\system32\drivers\lsi_sas3.sys
11:53:29.0287 0x1a60  LSI_SAS3 - ok
11:53:29.0287 0x1a60  [ 327469EEF3833D0C584B7E88A76AEC0C, 3D88B5A2D68F93F01B39C6E3D8D5C7A2A20686EFC756086E66AFFF1BC3019B85 ] LSI_SSS         C:\WINDOWS\system32\drivers\lsi_sss.sys
11:53:29.0302 0x1a60  LSI_SSS - ok
11:53:29.0349 0x1a60  [ 8EBB271E4588D835784A3FF7E80076A8, A508BE95F6F5063A76F4C8726D9425BB1F00DE803EFE73A0BE145DD9AB82FF0A ] LSM             C:\WINDOWS\System32\lsm.dll
11:53:29.0396 0x1a60  LSM - ok
11:53:29.0427 0x1a60  [ DDEE191AB32DFC22C6465002ECDF5EE4, 190C3930A8449118F9FEDF43C482837EF1C255E6D67F9651156E66A1E2BC6553 ] luafv           C:\WINDOWS\system32\drivers\luafv.sys
11:53:29.0443 0x1a60  luafv - ok
11:53:29.0443 0x1a60  [ EB5C03A070F30D64A6DF80E53B22F53F, 12051B6AEBDEE1E28F24364F25A52BA3A6E282ECF86D6290E34BD38E6D4E066D ] megasas         C:\WINDOWS\system32\drivers\megasas.sys
11:53:29.0459 0x1a60  megasas - ok
11:53:29.0490 0x1a60  [ F6F13533196DE7A582D422B0241E4363, B3CD9B08937AFFF12141B38634AF3A56F5AC5FF3EF03941802B9841DEC559469 ] megasr          C:\WINDOWS\system32\drivers\megasr.sys
11:53:29.0506 0x1a60  megasr - ok
11:53:29.0537 0x1a60  [ 772A1DEEDFDBC244183B5C805D1B7D85, 7D821B8DF1F174E5414FFDEAB5207DB687740E9842F7203600AEBA086945AFC9 ] MEIx64          C:\WINDOWS\System32\drivers\HECIx64.sys
11:53:29.0553 0x1a60  MEIx64 - ok
11:53:29.0568 0x1a60  [ FD788C2D96EA91469A3C1D13E80D7473, 7B14D4BFDE18CECC19FBFFAA5AFF5FD78BFB7FCDA6613990740A8A7DD9873D26 ] MMCSS           C:\WINDOWS\system32\mmcss.dll
11:53:29.0631 0x1a60  MMCSS - ok
11:53:29.0662 0x1a60  [ 8B38C44F69259987C95135C9627E2378, E698B82D4EFFF56D66C7FC9866369BA5736FDBDBE2028CC421C51E70DEA74727 ] Modem           C:\WINDOWS\system32\drivers\modem.sys
11:53:29.0678 0x1a60  Modem - ok
11:53:29.0693 0x1a60  [ 601589000CC90F0DF8DA2CC254A3CCC9, D1238A386C41B6C368D9A44B7C112C943995B5403E2A5B4B7346B266DDB0C5A0 ] monitor         C:\WINDOWS\System32\drivers\monitor.sys
11:53:29.0740 0x1a60  monitor - ok
11:53:29.0771 0x1a60  [ CEAC6D40FE887CE8406C2393CF97DE06, 34E76908B802764FF0D7AB3AF89BE77BD35B44787983343FAD89891891C0A045 ] mouclass        C:\WINDOWS\System32\drivers\mouclass.sys
11:53:29.0771 0x1a60  mouclass - ok
11:53:29.0803 0x1a60  [ 02D98BF804084E9A0D69D1C69B02CCA9, EC5BC5D87043DFFD035FD4DD27B3D94E03119063519E4151BCC3522B613E2D7F ] mouhid          C:\WINDOWS\System32\drivers\mouhid.sys
11:53:29.0818 0x1a60  mouhid - ok
11:53:29.0849 0x1a60  [ 515549560D481138E6E21AF7C6998E56, C7E4B38D8CCAF15B9BDA63C8C8209F6193AD220DA02E1264F1B687AACD8F409F ] mountmgr        C:\WINDOWS\system32\drivers\mountmgr.sys
11:53:29.0865 0x1a60  mountmgr - ok
11:53:29.0896 0x1a60  [ 345477F02C308B7480702767218C86A2, 98AFB5CF35BD82BA44B8F52CBC5FA3760506ADD7892C2AA1A77E8DF71FC8523F ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
11:53:29.0912 0x1a60  MozillaMaintenance - ok
11:53:29.0943 0x1a60  [ F170510BE94CF45E3C6274578F6204B2, 344C3DDE1D622607CA2ABECB2C47CB0166D2D258BD94A7960C45A5ADBB640566 ] mpsdrv          C:\WINDOWS\system32\drivers\mpsdrv.sys
11:53:29.0959 0x1a60  mpsdrv - ok
11:53:30.0021 0x1a60  [ D186C5844393252147BE934F3871DB7A, 30160F8268B9F46E82C5CB536867E0CF280DC98074A481595072E3320200E343 ] MpsSvc          C:\WINDOWS\system32\mpssvc.dll
11:53:30.0068 0x1a60  MpsSvc - ok
11:53:30.0115 0x1a60  [ DB32958F0E704EFBF7F15161A569E39F, 8A26448B954F8A16EE9BA72EF47F6C549A75B30BD13FEB5A29EB099A74D8F678 ] MRxDAV          C:\WINDOWS\system32\drivers\mrxdav.sys
11:53:30.0146 0x1a60  MRxDAV - ok
11:53:30.0178 0x1a60  [ 7A1A3F213CDB3363D179D5014272025D, 6756F5B7D9FBF6839DB1FF4E94EA45B5499D7DF925E75581C96FBBA4BE131542 ] mrxsmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:53:30.0224 0x1a60  mrxsmb - ok
11:53:30.0256 0x1a60  [ 3E28B99198B514DFEB152EACF913025E, 6C1D8353DCD5F811F39C0C3CB5DF3D2457F0D17EE80FB06196AA169E3D19E9B2 ] mrxsmb10        C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys
11:53:30.0303 0x1a60  mrxsmb10 - ok
11:53:30.0334 0x1a60  [ C910E5D18958914A66F0E45689D0B40A, AD7C91DD8A60A511E580DD56BACC97F85075A539E7C5D95040A8F870A621DAF4 ] mrxsmb20        C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys
11:53:30.0396 0x1a60  mrxsmb20 - ok
11:53:30.0428 0x1a60  [ E0927EFA25D473367C3341B9F5969779, B77A162BD3334557623674373D8EC2BE7CC0B359DF06304E467ABFFEE0530271 ] MsBridge        C:\WINDOWS\system32\DRIVERS\bridge.sys
11:53:30.0474 0x1a60  MsBridge - ok
11:53:30.0490 0x1a60  [ A082C17D14D0790E27D064EA4B138AE1, 9A565ED885782D9D5135C8399C11C356DBF9EBF3B8EB4B4504BD2604AD0B45E6 ] MSDTC           C:\WINDOWS\System32\msdtc.exe
11:53:30.0521 0x1a60  MSDTC - ok
11:53:30.0568 0x1a60  [ D13329FBF8345B28AB30F44CC247DC08, 9C7EC2D4D65E6510EB5B9E61BB0D14F725D7E8FE98D65161C3971E43EF1AB6EB ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
11:53:30.0584 0x1a60  Msfs - ok
11:53:30.0615 0x1a60  [ C6B474E46F9E543B875981ED3FFE6ADD, E16687E52FB649C23D92159A1F036CB662202C1E58D961EECDAA528AA4FA669A ] msgpiowin32     C:\WINDOWS\System32\drivers\msgpiowin32.sys
11:53:30.0631 0x1a60  msgpiowin32 - ok
11:53:30.0646 0x1a60  [ 65C92EB9D08DB5C69F28C7FFD4E84E31, D709BA4723225321F665B1157A33A4AE230420752308EF535DA9A41CAC164628 ] mshidkmdf       C:\WINDOWS\System32\drivers\mshidkmdf.sys
11:53:30.0662 0x1a60  mshidkmdf - ok
11:53:30.0678 0x1a60  [ 52299F086AC2DAFD100DD5DC4A8614BA, B36BE0FC96798E5EB8C193C318970E3906961E3ABC3BFAAD73138C76D9A95B0B ] mshidumdf       C:\WINDOWS\System32\drivers\mshidumdf.sys
11:53:30.0693 0x1a60  mshidumdf - ok
11:53:30.0724 0x1a60  [ 36D92AF3343C3A3E57FEF11C449AEA4C, ECC85AA1E530DF55B4A4545798219F87F0FCA66DDD2E37BCEF0850D3C9129DD2 ] msisadrv        C:\WINDOWS\system32\drivers\msisadrv.sys
11:53:30.0724 0x1a60  msisadrv - ok
11:53:30.0756 0x1a60  [ 810F8A0A0680662BB0CE44D0E2CEF90C, 5631B07911B7EF378CB1583A480A3C5715E59A5488B33A528F4D7A2F849B9113 ] MSiSCSI         C:\WINDOWS\system32\iscsiexe.dll
11:53:30.0771 0x1a60  MSiSCSI - ok
11:53:30.0771 0x1a60  msiserver - ok
11:53:30.0787 0x1a60  [ A9BBBD2BAE6142253B9195E949AC2E8D, 599D2952D4E0B0B3E02D91E38A30F4900B1ADA330716B887B156A1CB9A3E6EE9 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:53:30.0803 0x1a60  MSKSSRV - ok
11:53:30.0818 0x1a60  [ 375E44168F2DFB91A68B8A3F619C5A7C, AC243E02E9A39D0B4DE9571F196941700EE6EB5E94F5B0BA8994FB551E73A7A8 ] MsLldp          C:\WINDOWS\system32\DRIVERS\mslldp.sys
11:53:30.0849 0x1a60  MsLldp - ok
11:53:30.0896 0x1a60  [ 7B2128EB875DCBC006E6A913211006D6, 97BBD7FF770741FBFC0F181A609AD0954EA926DA203B742E8F08C89AD8FE476E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:53:30.0912 0x1a60  MSPCLOCK - ok
11:53:30.0928 0x1a60  [ 1E88171579B218115C7A772F8DE04BD8, B9EAA835D0BF8F9C4DF8403D95EF1400E8AE38F28F9DBA87657DE2129FEF02D2 ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
11:53:30.0959 0x1a60  MSPQM - ok
11:53:30.0990 0x1a60  [ BBE2A455053E63BECBF42C2F9B21FAE0, 7C5DF563499DF59DF9895A1581E47ADF5FD54C94ECEF6C886CDB60E5E95A6DAE ] MsRPC           C:\WINDOWS\system32\drivers\MsRPC.sys
11:53:31.0006 0x1a60  MsRPC - ok
11:53:31.0021 0x1a60  [ 8D6B7D515C5CBCDB75B928A0B73C3C5E, 1EB4DC3DD21D2627C78EC3F9931D9E5D033169087E43B5D7C17BF1FF2A0028CD ] mssmbios        C:\WINDOWS\System32\drivers\mssmbios.sys
11:53:31.0037 0x1a60  mssmbios - ok
11:53:31.0053 0x1a60  [ 115019AE01E0EB9C048530D2928AB4A2, 6E2275E85EACF2D0FC784792E0D72A165589D33CBAB3BCFA8E271CA09566C925 ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
11:53:31.0068 0x1a60  MSTEE - ok
11:53:31.0084 0x1a60  [ 96D604A35070360F0DD4A7A8AF410B5E, F94DD1A3566C7C8D0A76D6E1E2530552A9B7F99C5DA0DE11829325EAB9F8B7ED ] MTConfig        C:\WINDOWS\System32\drivers\MTConfig.sys
11:53:31.0099 0x1a60  MTConfig - ok
11:53:31.0115 0x1a60  [ 619CA29326B82372621DB2C0964D8365, 4091F08E266DB45A6E33A4A8B1CE9FA78BB294B3111526AA9E3868620F30AFDF ] Mup             C:\WINDOWS\system32\Drivers\mup.sys
11:53:31.0131 0x1a60  Mup - ok
11:53:31.0146 0x1a60  [ B8C35C94DCB2DFEAF03BB42131F2F77F, F0FCF367CA8F722D6ABCF7F363CD406D890D71452E91C3FC6677B47AD74D6324 ] mvumis          C:\WINDOWS\system32\drivers\mvumis.sys
11:53:31.0162 0x1a60  mvumis - ok
11:53:31.0193 0x1a60  [ 431F065E2A99FC3C670BD20694117C8B, ADE1D6B5EC0C0F078DB5F24FE4E830AC08FA1EDA1C895E7F4873874BCC1F2154 ] MyWiFiDHCPDNS   C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
11:53:31.0209 0x1a60  MyWiFiDHCPDNS - ok
11:53:31.0240 0x1a60  [ 41A45D2A75494EABF2806EA051E00376, EB2497561C8E33A4297C044604C717FF854C7F046882A9E4A400AE7679BF5467 ] napagent        C:\WINDOWS\system32\qagentRT.dll
11:53:31.0271 0x1a60  napagent - ok
11:53:31.0318 0x1a60  [ 26ACA481FAFEC59FE311D719E3027BBA, 16A24CCA95A38BDFE970580159F6ACAA13FF1B74CF2290B1B020D909F90D3347 ] NativeWifiP     C:\WINDOWS\system32\DRIVERS\nwifi.sys
11:53:31.0365 0x1a60  NativeWifiP - ok
11:53:31.0396 0x1a60  [ 71E3C0100AA19D11373CCEB2F51A6008, 58FBF35F5FE19BEABE483C11E9996BE93D76721C8C34465350FA98B465CA3672 ] NcaSvc          C:\WINDOWS\System32\ncasvc.dll
11:53:31.0428 0x1a60  NcaSvc - ok
11:53:31.0443 0x1a60  [ 51DF09CAB2CAC64FEE3E371D9028ED01, 9B81604D0D0359AF8F54FED6DA7116FFD2F40407895028EAD99FF1D7CFDC2D14 ] NcbService      C:\WINDOWS\System32\ncbservice.dll
11:53:31.0490 0x1a60  NcbService - ok
11:53:31.0506 0x1a60  [ 2586C4C167499210DCBF3ECFD8CCE210, D8129FEDE9918BF4FB0057CC58700D4E08457060E810B9CC25CA0F598506ADB8 ] NcdAutoSetup    C:\WINDOWS\System32\NcdAutoSetup.dll
11:53:31.0537 0x1a60  NcdAutoSetup - ok
11:53:31.0599 0x1a60  [ E4B4BE2D7750849C07589DA0B0AABA01, BB5AA727BA018A94B5DE2C4E0B594DD2E7A2B3457885446EE568F3A1E18AB3B0 ] NDIS            C:\WINDOWS\system32\drivers\ndis.sys
11:53:31.0646 0x1a60  NDIS - ok
11:53:31.0693 0x1a60  [ C6BB12BC35D1637CA17AE16D3A4725EB, 01C1D9FA738886A195166F88207EEB6715A1DE0608978ED6C5DC738AF5C02513 ] NdisCap         C:\WINDOWS\system32\DRIVERS\ndiscap.sys
11:53:31.0709 0x1a60  NdisCap - ok
11:53:31.0724 0x1a60  [ B1AA3B19A2E596A59224F893E01A5A75, E08696CA5E087E51AC3E64D4FB8490EEADD612DDF30C9A94DD1BD1BA124B71B7 ] NdisImPlatform  C:\WINDOWS\system32\DRIVERS\NdisImPlatform.sys
11:53:31.0771 0x1a60  NdisImPlatform - ok
11:53:31.0787 0x1a60  [ 9423421E735BD5394351E0C47C76BB92, 763E5D06F896C0EF8AD52515464F28BA85DB7A1560E451857AC9AA68FAFCBC66 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:53:31.0803 0x1a60  NdisTapi - ok
11:53:31.0834 0x1a60  [ B832B35055BA2B7B4181861FF94D8E59, 2E60E5D503E88D27E35ECFEE265D51328E93A9C7B9B931F86D9CBC947636BB00 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:53:31.0849 0x1a60  Ndisuio - ok
11:53:31.0865 0x1a60  [ 1F58E48EF75F34C35D8E93A0DC535CFE, D65619A6C4B1747F8B05DA08A44EF0E46B5CC384880E04E4755A2BA6CDB3C4EA ] NdisVirtualBus  C:\WINDOWS\System32\drivers\NdisVirtualBus.sys
11:53:31.0896 0x1a60  NdisVirtualBus - ok
11:53:31.0912 0x1a60  [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:53:31.0943 0x1a60  NdisWan - ok
11:53:31.0959 0x1a60  [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWanLegacy   C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:53:31.0974 0x1a60  NdisWanLegacy - ok
11:53:31.0990 0x1a60  [ A5BD69A8812FA79D1A487691DD3FB244, 67B5EDE101943E0E8B8041DB2353D20C8B9F2D253E77964761CFE8F136C0BBC7 ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
11:53:32.0021 0x1a60  NDProxy - ok
11:53:32.0037 0x1a60  [ 5A072F0B90C29C5233D78BE33EF5ED78, B32ED76A674B1FC743361FB7BBD4C915A78B14132AB056AADD445D5995AD4F32 ] Ndu             C:\WINDOWS\system32\drivers\Ndu.sys
11:53:32.0068 0x1a60  Ndu - ok
11:53:32.0084 0x1a60  [ A83D67D347A684F10B7D3019C8A6380C, 2B86832967981C8C786BF24C1CF8E13E01745ACE3333CF5C821DD93D623B96E4 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
11:53:32.0115 0x1a60  NetBIOS - ok
11:53:32.0131 0x1a60  [ 0217532E19A748F0E5D569307363D5FD, C40C2E7AFA276057E7327A7BB173122689D6CEC9AE443C3850C3F94AF03DFBF5 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
11:53:32.0209 0x1a60  NetBT - ok
11:53:32.0225 0x1a60  [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] Netlogon        C:\WINDOWS\system32\lsass.exe
11:53:32.0225 0x1a60  Netlogon - ok
11:53:32.0271 0x1a60  [ B7AD851A21FEBA3BA214972627614207, 29605320CCC3DAAD062CAECF0009DACBC2F6D28ED4E8AF7CE76132129F5572A0 ] Netman          C:\WINDOWS\System32\netman.dll
11:53:32.0287 0x1a60  Netman - ok
11:53:32.0334 0x1a60  [ F0F0A372C2EF6358399C4936F91B6131, CE596C71EB4D1A5E104D3148F2D0D8789882C59FD198DCF33CCAC7A08B50E4EE ] netprofm        C:\WINDOWS\System32\netprofmsvc.dll
11:53:32.0365 0x1a60  netprofm - ok
11:53:32.0443 0x1a60  [ 1092B3190E69E0C5ECBCE90F171DE047, C16106EEFC324EE80E5F659CB71A5DD69FA800D36D829F5B0E6AD3393BD1BAF7 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:53:32.0475 0x1a60  NetTcpPortSharing - ok
11:53:32.0537 0x1a60  [ 70414DB660BFBB7BD58FCE8EA4364E1B, 6DFB3897CD55E22BA1EDF0AE672F4D7A6A1F512F8A0A26AF106765E6B1CF65AC ] netvsc          C:\WINDOWS\system32\DRIVERS\netvsc63.sys
11:53:32.0553 0x1a60  netvsc - ok
11:53:32.0740 0x1a60  [ 75B9B86878CC159FBC40C4F9202ADBE3, 80D9176112BAFB42E6568E723781E5C03BD5472AB382496C1BD784DB9B2FB6E6 ] NETwNe64        C:\WINDOWS\system32\DRIVERS\NETwew00.sys
11:53:32.0865 0x1a60  NETwNe64 - ok
11:53:32.0912 0x1a60  [ E94EB2A95D7D016E119C4D6868788831, 3E4A925D23262FBA0A6432DD635FBE94B0CEF76BD9BB323254B66977497FEE2A ] NlaSvc          C:\WINDOWS\System32\nlasvc.dll
11:53:32.0975 0x1a60  NlaSvc - ok
11:53:33.0006 0x1a60  [ 8F44A2F57C9F1A19AC9C6288C10FB351, 310274DDBAC0FE4BE54ECD3B90C97D82A0F9F5CFCA7A35711A36164DE4B94074 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
11:53:33.0021 0x1a60  Npfs - ok
11:53:33.0037 0x1a60  [ CBDB4F0871C88DF930FC0E8588CA67FC, 7E4AA3EA81A9D532F236FD7896744F07ED07CA9B37A9F18A9778BCCCC67490F2 ] npsvctrig       C:\WINDOWS\System32\drivers\npsvctrig.sys
11:53:33.0100 0x1a60  npsvctrig - ok
11:53:33.0146 0x1a60  [ 6E2271ED0C3E95B8E29F3752B91B9E84, 44026AD9757EA82967D7F7578455802FAD7FE0057EAC088E0AE207C15F594B86 ] nsi             C:\WINDOWS\system32\nsisvc.dll
11:53:33.0162 0x1a60  nsi - ok
11:53:33.0209 0x1a60  [ E490B459978CB87779E84C761D22B827, 1E5CA38626E41618E4CA16DD0C70EB2FA86E986F0CF21A749BDE2A17015DEEC6 ] nsiproxy        C:\WINDOWS\system32\drivers\nsiproxy.sys
11:53:33.0225 0x1a60  nsiproxy - ok
11:53:33.0318 0x1a60  [ 038C77D577900EE39410662478BB0D50, A33AAFD5750245C17A47EC71F3C6EAD2E0925CAD34C65AB3E6CEE44756C668E6 ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
11:53:33.0396 0x1a60  Ntfs - ok
11:53:33.0428 0x1a60  [ EF1B290FC9F0E47CC0B537292BEE5904, DBC07BBC54EBC2D2E576B23A4CE116B3DA988577AD0D96CB7289A6748A60F9EA ] Null            C:\WINDOWS\system32\drivers\Null.sys
11:53:33.0443 0x1a60  Null - ok
11:53:33.0459 0x1a60  [ BC6B5942AFF25EBAF62DE43C3807EDF8, CB0FA194084B8C309039D571B5760FDA800E9531B8660C499B4F9977BA5C36D5 ] nvraid          C:\WINDOWS\system32\drivers\nvraid.sys
11:53:33.0475 0x1a60  nvraid - ok
11:53:33.0490 0x1a60  [ 1F43ABFFAC3D6CA356851D517392966E, 6FD7621F67BA94B0E1D8F43BEC2951DBCDEEA1E848BB265AC169E27C01DA68F2 ] nvstor          C:\WINDOWS\system32\drivers\nvstor.sys
11:53:33.0506 0x1a60  nvstor - ok
11:53:33.0521 0x1a60  [ 6934A936A7369DFE37B7DBA93F5E5E49, 0900FEEB0CE8D09F0FC60630B5B986034A8BCD3882ED66E47170810C32492892 ] nv_agp          C:\WINDOWS\system32\drivers\nv_agp.sys
11:53:33.0537 0x1a60  nv_agp - ok
11:53:33.0568 0x1a60  [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B, 0340E77E8EC2ADC21B8DDD9C9CC95B3F4BCAFD54618A333C72D7D9587D593B83 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:53:33.0584 0x1a60  ose - ok
11:53:33.0615 0x1a60  [ E287F157F7A0011D93179C64EF8ADCF2, C16FB92C7B18D634BB1344238D35B3111494C243FBD5853F05376F5051480D83 ] p2pimsvc        C:\WINDOWS\system32\pnrpsvc.dll
11:53:33.0678 0x1a60  p2pimsvc - ok
11:53:33.0709 0x1a60  [ 2A57A937BC5B1B2D6AFE6A8C5925F50B, 00D84EFED5A7129AAD86945940030474795905C32D65CBD5B1A3EBADCED8F873 ] p2psvc          C:\WINDOWS\system32\p2psvc.dll
11:53:33.0771 0x1a60  p2psvc - ok
11:53:33.0787 0x1a60  [ 764B1121867B2D9B31C491668AC72B2B, 32C04B6FCE1DDD09697B81473A23BDCED8BEEFBCD0D2D58DDC9A11A33C756967 ] Parport         C:\WINDOWS\System32\drivers\parport.sys
11:53:33.0803 0x1a60  Parport - ok
11:53:33.0818 0x1a60  [ EF0C1749C9A8CEE9A457473D433CC00F, A5FDAB5AD47471640D697C6CFBA6C67730878ABBA47D394EAA47C9733EDCE1F3 ] partmgr         C:\WINDOWS\system32\drivers\partmgr.sys
11:53:33.0834 0x1a60  partmgr - ok
11:53:33.0865 0x1a60  [ 446462BBA744DA60379574926FD51EAB, 4A79E8EF28670333F4733FA0016508DC88E9BDC566B455DA5EDEDC514612180A ] PassThru Service C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
11:53:33.0881 0x1a60  PassThru Service - detected UnsignedFile.Multi.Generic ( 1 )
11:53:36.0240 0x1a60  Detect skipped due to KSN trusted
11:53:36.0240 0x1a60  PassThru Service - ok
11:53:36.0287 0x1a60  [ 9A5309EF92F39346CFD5A4C2C3D1BFAD, 5908E0C9562F9CB24784491BD9AE7983A33A6BDF81AFA0A08045518A0C9BB2B1 ] PcaSvc          C:\WINDOWS\System32\pcasvc.dll
11:53:36.0318 0x1a60  PcaSvc - ok
11:53:36.0365 0x1a60  [ 91ED124E261EA8FAA1C0FFDF2A71B0C4, 20E41A38067395D03184938983A9BE459717A1941352972DBC28D83D542319EC ] pci             C:\WINDOWS\system32\drivers\pci.sys
11:53:36.0381 0x1a60  pci - ok
11:53:36.0412 0x1a60  [ 346E38FCC6859A727DD28AFAD1F0AFF4, FF3DA26F79B3BC3A5B8A8AA0B9139B9EF70297F4EA1203B1E68FB5A212C3AA58 ] pciide          C:\WINDOWS\system32\drivers\pciide.sys
11:53:36.0412 0x1a60  pciide - ok
11:53:36.0443 0x1a60  [ 4D3BDCC1C7B40C9D7B6AD990E6DEC397, 27A7AF2127B699F4579CB77936F38DC102211E26E5E2947DB808756FE06FC98E ] pcmcia          C:\WINDOWS\system32\drivers\pcmcia.sys
11:53:36.0459 0x1a60  pcmcia - ok
11:53:36.0475 0x1a60  [ BF28771D1436C88BE1D297D3098B0F7D, 5F7630916A76A8CF31289E9C577F522B999C74C39E541CD40E62BD53004BEF74 ] pcw             C:\WINDOWS\system32\drivers\pcw.sys
11:53:36.0490 0x1a60  pcw - ok
11:53:36.0522 0x1a60  [ 24A8DFC07E4BAF29AEA26E383D4CC886, 1B903FE52CD816662D37A8113930B4B7019B6996D49F1982D8F42933A3525A67 ] pdc             C:\WINDOWS\system32\drivers\pdc.sys
11:53:36.0537 0x1a60  pdc - ok
11:53:36.0584 0x1a60  [ 0ECEE590F2E2EF969FB74A6FC583A1E6, 1C611D9225C863CF32125F684B324C58BDE1942F4F283F5674133200AC505D44 ] PEAUTH          C:\WINDOWS\system32\drivers\peauth.sys
11:53:36.0631 0x1a60  PEAUTH - ok
11:53:36.0709 0x1a60  [ 8E3C640FFF5A963F570233AE99C0FFF3, 3DE978B005BF2E88BA858CE37D9E27BD3584642B8412E22C300A1E739743838A ] PerfHost        C:\WINDOWS\SysWow64\perfhost.exe
11:53:36.0772 0x1a60  PerfHost - ok
11:53:36.0850 0x1a60  [ 928061178CD9856CA6B67FFFCE6BA766, 71DE3C7CA7F83EAAA550CD8A68FB67DE042B0AE51BFACB1ECB8852D502E11F50 ] pla             C:\WINDOWS\system32\pla.dll
11:53:36.0928 0x1a60  pla - ok
11:53:36.0975 0x1a60  [ BC6849C62DB407573C6AD8CB1A4D2628, 5BDE0D60F85E4C27CEAD1B301155B54D841FB773BD5BB8AC5DDAEE31F8E94627 ] PlugPlay        C:\WINDOWS\system32\umpnpmgr.dll
11:53:36.0990 0x1a60  PlugPlay - ok
11:53:37.0006 0x1a60  [ 045EB4F260606A03BE340D09DEAF3BA4, 6F34B8D414F7F69F4388F2F8A86E0F3AD179E423126990AF3E1EC4DCCB8E7693 ] PNRPAutoReg     C:\WINDOWS\system32\pnrpauto.dll
11:53:37.0022 0x1a60  PNRPAutoReg - ok
11:53:37.0053 0x1a60  [ E287F157F7A0011D93179C64EF8ADCF2, C16FB92C7B18D634BB1344238D35B3111494C243FBD5853F05376F5051480D83 ] PNRPsvc         C:\WINDOWS\system32\pnrpsvc.dll
11:53:37.0068 0x1a60  PNRPsvc - ok
11:53:37.0100 0x1a60  [ C16097D77A232A288D65F299E2E01105, 5CE4B44B06FD26569C0F92FF1D3991D0128D8444AE7BC9EBEF5A33811D721BE8 ] PolicyAgent     C:\WINDOWS\System32\ipsecsvc.dll
11:53:37.0131 0x1a60  PolicyAgent - ok
11:53:37.0162 0x1a60  [ 00E08B30E7F7C13ECE2CDF4F46A77311, 1807C0A64C1794E572C86730816C01DCF4D8F773ADE9CAEA3AC0658F7BD71A4E ] Power           C:\WINDOWS\system32\umpo.dll
11:53:37.0193 0x1a60  Power - ok
11:53:37.0334 0x1a60  [ 3C96A45CA3403A276B0F045C448EC27B, C0011DB8C5A85817CAF815CC0095EE2C1CDD5964DCD8EAF4C35A2495D6A873CC ] PrintNotify     C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
11:53:37.0475 0x1a60  PrintNotify - ok
11:53:37.0506 0x1a60  [ ECD373F9571C745894367CC2635EA44F, E08B2A1017DAE1BF10B986DAFAD14BDE20D79703E0EF3A8C700A3753908C1392 ] Processor       C:\WINDOWS\System32\drivers\processr.sys
11:53:37.0537 0x1a60  Processor - ok
11:53:37.0584 0x1a60  [ 19424364D8C03B990C4281BE53963FD0, 958FC8436E6B754858E20BC48B0D4B269991E8CA94C15C2761BF04ED52591907 ] ProfSvc         C:\WINDOWS\system32\profsvc.dll
11:53:37.0647 0x1a60  ProfSvc - ok
11:53:37.0678 0x1a60  [ 8528BB05E4D4E25945F78B00B2555FB7, FF8E0D4580F93CD348080967F52FE6C2C68B56DAEACAE2EAEF04E19412A953AE ] Psched          C:\WINDOWS\system32\DRIVERS\pacer.sys
11:53:37.0709 0x1a60  Psched - ok
11:53:37.0740 0x1a60  [ AF90BB44C99D6820BE52C9BBAA523283, 9772D9CC1666959EC8EE4ED740A5179473CE4F38762109F1123DD68010D20EA1 ] QWAVE           C:\WINDOWS\system32\qwave.dll
11:53:37.0772 0x1a60  QWAVE - ok
11:53:37.0787 0x1a60  [ 3FB466684609A4329858CF2EBD62E0FD, CFC8FBAB1436948F9D34CE6A2D6DE2F86F3E93E50B86851CED979C8CCE609798 ] QWAVEdrv        C:\WINDOWS\system32\drivers\qwavedrv.sys
11:53:37.0819 0x1a60  QWAVEdrv - ok
11:53:37.0850 0x1a60  [ 2C56F0EE27E4EF70CA4B4983D3638905, AFFDD686886CE982424B644D9168D61C6F86A5244FF97BC644DF75B321E415E5 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:53:37.0850 0x1a60  RasAcd - ok
11:53:37.0881 0x1a60  [ 5F061AC45266841A2860C1858ED863B8, 9E0D52BAC8A50225C32D0397C35350601B996443E2481C808CC59D3B0763FEF0 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
11:53:37.0912 0x1a60  RasAuto - ok
11:53:37.0944 0x1a60  [ 5C7B86EE33505E36026AFAAB62DA6364, 903BB1A355AC746BF09C2A7C87B068168648DB79DEF39AB1DC710B6A7A5F6556 ] RasMan          C:\WINDOWS\System32\rasmans.dll
11:53:37.0990 0x1a60  RasMan - ok
11:53:38.0006 0x1a60  [ 5247F308C4103CDC4FE12AE1D235800A, E567CD33CA1897D53795E071B7AFBAF98B2C8F725F8BED0BA90F5EF611520E48 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:53:38.0037 0x1a60  RasPppoe - ok
11:53:38.0053 0x1a60  [ A1A5E79C0D1352AFDC08328A623DA051, 01546DDE6F1FF159A7EB7F2BF104910445D3D863F1F37DEA695579BA60D84280 ] rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:53:38.0100 0x1a60  rdbss - ok
11:53:38.0115 0x1a60  [ 6B21EBF892CD8CACB71669B35AB5DE32, 0AD8E14FEF16FB2559F5FC8AFBC9D49E4E24F43CF65F480DBF9FAB593269B419 ] rdpbus          C:\WINDOWS\System32\drivers\rdpbus.sys
11:53:38.0178 0x1a60  rdpbus - ok
11:53:38.0209 0x1a60  [ 680C1DAE268B6FB67FA21B389A8B79EF, 856911F77BDD8830C3D683EBE8AF399FB3A54C7D8D0B34EA37D903377F0A39BD ] RDPDR           C:\WINDOWS\system32\drivers\rdpdr.sys
11:53:38.0240 0x1a60  RDPDR - ok
11:53:38.0272 0x1a60  [ 9F08A6608F98B5407E7DDBCF306573EF, 92812F97CFDB2EC128BC48143DE215B7D012B15D3FB4D2199222AD8C31DA5016 ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys
11:53:38.0287 0x1a60  RdpVideoMiniport - ok
11:53:38.0303 0x1a60  [ A26AEC49F318FEE141DDDB2C5F99B3E6, 246AD79FF27E79DEDCB0AAA7C22A8EA6349DEDAC863413A1E378E68FD94C9C4F ] rdyboost        C:\WINDOWS\system32\drivers\rdyboost.sys
11:53:38.0319 0x1a60  rdyboost - ok
11:53:38.0365 0x1a60  [ E515A287C8FAE901EB8FB42F168E14F2, 9AE8D608587713FD18BB728BADD402C86FFF06A67359B22ED9431705522BC310 ] ReFS            C:\WINDOWS\system32\drivers\ReFS.sys
11:53:38.0412 0x1a60  ReFS - ok
11:53:38.0490 0x1a60  [ D4F8266D63800FF9ACFAC838005A974C, 4FF1053A6B5365867F58AE521FDD32565C144686CB399C2B606005A507EC206E ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
11:53:38.0490 0x1a60  RegSrvc - ok
11:53:38.0522 0x1a60  [ BFFB40FBE6D2C3469F8D06EE5E4934AB, 5B6763F973A740DCD53CEA75156926457BED8B075965033C484877DDA8B97F39 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
11:53:38.0537 0x1a60  RemoteAccess - ok
11:53:38.0584 0x1a60  [ 4DCCABE03D06955ED61BABBD8EF9F30F, 531CD60315AAF283B73E0F6CF77D4DE093B809E73C44D2AC43B7247500B3485E ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
11:53:38.0615 0x1a60  RemoteRegistry - ok
11:53:38.0647 0x1a60  [ 0527EF6E23B9FAB37DDCBC479C6CFA28, C004CE600074AC434F8B24A3383F8C0ACFA5476D9E3B1493B40911C78B028D64 ] RFCOMM          C:\WINDOWS\System32\drivers\rfcomm.sys
11:53:38.0694 0x1a60  RFCOMM - ok
11:53:38.0787 0x1a60  [ 0B169FE016039571ECC6DB70073F8979, B80663433919C3DE83A02E376E5B3020856C6E9E98B5773D316FD9C1C02C1417 ] RichVideo64     C:\Program Files\CyberLink\Shared files\RichVideo64.exe
11:53:38.0803 0x1a60  RichVideo64 - ok
11:53:38.0834 0x1a60  [ D894CBD7DA753C881EE8D5E33B583225, DA4472A85F10A3DF8CE969F731E67FE7C75EE6095908AB8AC2C44851DC5A3F8B ] RpcEptMapper    C:\WINDOWS\System32\RpcEpMap.dll
11:53:38.0850 0x1a60  RpcEptMapper - ok
11:53:38.0881 0x1a60  [ 5CAE8F47B31D5CFC322B5B898C19E0FE, FDB5F0B6EA36403E031D9147AB0519011FAAD3AC8190DE5B1F17FB5472D79D47 ] RpcLocator      C:\WINDOWS\system32\locator.exe
11:53:38.0881 0x1a60  RpcLocator - ok
11:53:38.0912 0x1a60  [ 81979817943D830BF24571B7C1B28A1A, 9584D8F1FB3E6CF17BD465670B208C723A8E8B06775A3DA44F75D7710404EEA6 ] RpcSs           C:\WINDOWS\system32\rpcss.dll
11:53:38.0944 0x1a60  RpcSs - ok
11:53:38.0975 0x1a60  [ 2D05A5508F4685412F2B89E8C2189ABC, 82F12B4E0E73411A121EFD35FBD3B44CBBC0AE96ACFBB45D8C3C3777E2EA320D ] rspndr          C:\WINDOWS\system32\DRIVERS\rspndr.sys
11:53:39.0006 0x1a60  rspndr - ok
11:53:39.0037 0x1a60  [ 0E32A8922DCFD28EA00AAEC07CB3F331, 27F329C6A66DB01C291E1EDCEB7781A05658520B12FF8ECD1FBD3B86EF78DF30 ] RSUSBSTOR       C:\WINDOWS\System32\Drivers\RtsUStor.sys
11:53:39.0037 0x1a60  RSUSBSTOR - ok
11:53:39.0084 0x1a60  [ 19764658C1468C2C0CEF133D28414A6B, 87AD4056F6C67052433A366B200B75613148B69B9B9D502AD926A7F7F037B8DE ] RTL8168         C:\WINDOWS\system32\DRIVERS\Rt630x64.sys
11:53:39.0131 0x1a60  RTL8168 - ok
11:53:39.0162 0x1a60  [ 1A063730F221B2746FF00457AE17E4F0, 39A3C258CBFE3BC566C63528C9020A3BC9409736AE5289C08A7BA471D8409263 ] s3cap           C:\WINDOWS\System32\drivers\vms3cap.sys
11:53:39.0162 0x1a60  s3cap - ok
11:53:39.0194 0x1a60  [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] SamSs           C:\WINDOWS\system32\lsass.exe
11:53:39.0194 0x1a60  SamSs - ok
11:53:39.0225 0x1a60  [ C624A1B32211C3166EDB3F4AB02A30B7, 6B2A4607DB52D74242787ED9DF9067058983D310431D8612D2B0236E6201E681 ] sbp2port        C:\WINDOWS\system32\drivers\sbp2port.sys
11:53:39.0240 0x1a60  sbp2port - ok
11:53:39.0272 0x1a60  [ 47C497FA4DDEA908633CAA60CEBE6805, 4DF5742D4C99D3F7B6A5671AEDB1E5E47D3399D36B28BA19C105FA604D8D5A1C ] SCardSvr        C:\WINDOWS\System32\SCardSvr.dll
11:53:39.0287 0x1a60  SCardSvr - ok
11:53:39.0319 0x1a60  [ E76C4E98302AE39CC6FA5D20FC8B5438, B6B6B59CF427515087689285797F4A5763103440EBE5D87A61FA74F80F895BD0 ] ScDeviceEnum    C:\WINDOWS\System32\ScDeviceEnum.dll
11:53:39.0334 0x1a60  ScDeviceEnum - ok
11:53:39.0365 0x1a60  [ ABD0237B15DBD2B4695F4B7D734A58F7, D6831921F0CD3E03CBF1CA3ED5824EE0C75127842D12D4E897E74EC72B0792EB ] scfilter        C:\WINDOWS\system32\DRIVERS\scfilter.sys
11:53:39.0381 0x1a60  scfilter - ok
11:53:39.0444 0x1a60  [ D3AE5DB16EAF913860EC28654CE00E6B, AD76B6044F7247C6E86F6DCB7CFD6B25BCA2B9F09A97A419F043A999E66726A2 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
11:53:39.0537 0x1a60  Schedule - ok
11:53:39.0569 0x1a60  [ AB285CE3431FF3D2ACE669245874C1C7, 6AF4C3E86EFA51F7FB6F8492CB2CCB807C7775EAE0508B87F07134FDAC679BD7 ] SCPolicySvc     C:\WINDOWS\System32\certprop.dll
11:53:39.0584 0x1a60  SCPolicySvc - ok
11:53:39.0615 0x1a60  [ 7B7C482CF48E6EE33664340D1A78E6FE, CE5077C4B0372F4F9F02B0B37AE58C0DAEFCA9D242065731A23F072506430575 ] sdbus           C:\WINDOWS\System32\drivers\sdbus.sys
11:53:39.0631 0x1a60  sdbus - ok
11:53:39.0678 0x1a60  [ 0B1E929D11A8E358106955603FAC65E8, A5EC91BFC0873EC6AB1D0DB4E91654BD35339BD680E7E82DA2DC64996B4AE515 ] sdstor          C:\WINDOWS\System32\drivers\sdstor.sys
11:53:39.0678 0x1a60  sdstor - ok
11:53:39.0709 0x1a60  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\WINDOWS\system32\drivers\secdrv.sys
11:53:39.0725 0x1a60  secdrv - ok
11:53:39.0756 0x1a60  [ C49009F897BA4F2F4F31043663AA1485, 48C8BE1E3A4F150662AD012AF4E0357ABA792AD1147AB90EFF6CB2630E2501B6 ] seclogon        C:\WINDOWS\system32\seclogon.dll
11:53:39.0787 0x1a60  seclogon - ok
11:53:39.0803 0x1a60  [ A88882E64BDC1D8E8D6E727B71CCCC53, 12D2235F54D0CEEED8AA268C17CDE44020269F4FEFC70CE957DBBF99AF7F553D ] SENS            C:\WINDOWS\System32\sens.dll
11:53:39.0834 0x1a60  SENS - ok
11:53:39.0850 0x1a60  [ E66A7C8CE7ED22DED6DF1CA479FB4790, ADEB076F131E7A8C3AD96022B09BB33EB9AB26C9C831503B8C6960AA763B8975 ] SensrSvc        C:\WINDOWS\system32\sensrsvc.dll
11:53:39.0928 0x1a60  SensrSvc - ok
11:53:39.0944 0x1a60  [ DB2FF24CE0BDD15FE75870AFE312BA89, 7DB0D978C92CD0A0A81F7AB46FE323B4929CEA01585B0F330921E6DFA7DE1B85 ] SerCx           C:\WINDOWS\system32\drivers\SerCx.sys
11:53:39.0959 0x1a60  SerCx - ok
11:53:39.0975 0x1a60  [ 0044B31F93946D5D41982314381FE431, 95B8A94BA9EF770F29ACD5B23D447EC2B6CF1CB3D0030343BA1550AC31F6E2A5 ] SerCx2          C:\WINDOWS\system32\drivers\SerCx2.sys
11:53:39.0990 0x1a60  SerCx2 - ok
11:53:40.0006 0x1a60  [ 3CD600C089C1251BEEB4CD4CD5164F9E, D9F81951B4454B24E821E33ACA53A851A61F3135E8EC6FBE6761A1A3E1CDCBE2 ] Serenum         C:\WINDOWS\System32\drivers\serenum.sys
11:53:40.0006 0x1a60  Serenum - ok
11:53:40.0037 0x1a60  [ D864381BC9C725FAB01D94C060660166, 132FED95222BBE3B0B25B3F1F0EFC5903D04564BD047BA4D2042AD51E3FDA724 ] Serial          C:\WINDOWS\System32\drivers\serial.sys
11:53:40.0037 0x1a60  Serial - ok
11:53:40.0069 0x1a60  [ 0BD2B65DCE756FDE95A2E5CCCBF7705D, F13FAFEC8FCF3E796196562717C433CE359A74A3E5876AB070647C717AF74028 ] sermouse        C:\WINDOWS\System32\drivers\sermouse.sys
11:53:40.0069 0x1a60  sermouse - ok
11:53:40.0115 0x1a60  [ D5C3776CBD8BC307DCCA3FD4CE667A37, 98E4253B770C25914C91A6148E2EA15ED0EF37ADCB042A47252DBA135972BF74 ] SessionEnv      C:\WINDOWS\system32\sessenv.dll
11:53:40.0178 0x1a60  SessionEnv - ok
11:53:40.0194 0x1a60  [ 472B7A5AC181C050888DB454663DD764, C950A8615D57BFD455E18880398350642B2E1D6B951EC9754FD8D429F3418835 ] sfloppy         C:\WINDOWS\System32\drivers\sfloppy.sys
11:53:40.0209 0x1a60  sfloppy - ok
11:53:40.0256 0x1a60  [ F4414F57DF2CECB8FC969AA43A6B0D50, AD09A6E1294721507DD6BE82B91F2EEB0FF0151B9BC14A75840CD657DBFDECEC ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
11:53:40.0319 0x1a60  SharedAccess - ok
11:53:40.0350 0x1a60  [ 0D190D8B4B20446BE6299AC734DFADF1, 6551095971F99820BBFC5FED8FAB9591A3F8ABFA0F027887F3B71B79325FF6D9 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
11:53:40.0397 0x1a60  ShellHWDetection - ok
11:53:40.0412 0x1a60  [ 2F518D13DD6F3053837FE606F1A2EA1F, 64109296CE95BD233525688A350D575CF97B9464659AA07CF78B307B6ADBC835 ] SiSRaid2        C:\WINDOWS\system32\drivers\SiSRaid2.sys
11:53:40.0428 0x1a60  SiSRaid2 - ok
11:53:40.0428 0x1a60  [ 1AC9A200A9C49C4508F04AAFFCA34A3F, 972BCB2A39169155F74111FAC74ACCD8F50E34EADCF087833B0980827627BBF4 ] SiSRaid4        C:\WINDOWS\system32\drivers\sisraid4.sys
11:53:40.0444 0x1a60  SiSRaid4 - ok
11:53:40.0475 0x1a60  [ 60224D0D18F8DD1BC5B91F03BACED168, 733D2ED2AA8AA30338FF5FE04CA9008DA00E1800CFC7E10FB064CB4E807FACFC ] SmbDrv          C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys
11:53:40.0491 0x1a60  SmbDrv - ok
11:53:40.0522 0x1a60  [ 4A2972573225A2DE4DEC0AD68529DF0F, CA0F7AF29019B18C37AE2C31361C765AB4156F9E7C3E65237C7D68345D22C634 ] SmbDrvI         C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys
11:53:40.0522 0x1a60  SmbDrvI - ok
11:53:40.0553 0x1a60  [ 587ACA15210D1B01FBF272E07A08F91A, 1F3C13C218C5EA329C6E33E4AE7CFE88DAD59DA40F59FDE09D733AFD2E489000 ] smphost         C:\WINDOWS\System32\smphost.dll
11:53:40.0600 0x1a60  smphost - ok
11:53:40.0631 0x1a60  [ 49EEB92DE930B8566EF615D600781DB4, 0B7C929D24FAFC34F95BB4AA77DCBA29DDD8F1977EB42713B64228677D1FBFD3 ] SNMPTRAP        C:\WINDOWS\System32\snmptrap.exe
11:53:40.0662 0x1a60  SNMPTRAP - ok
11:53:40.0787 0x1a60  [ 240C5C3793206725AA05665851E8C214, 96ADFB85EB1623EB00C251C1C6A1F441A1795F0EBFD10B17DD1CA58E3AE8A90D ] spaceport       C:\WINDOWS\system32\drivers\spaceport.sys
11:53:40.0819 0x1a60  spaceport - ok
11:53:40.0850 0x1a60  [ F337BE11071818FC3F5DC2940B6BDE34, D5CFF00E5DF37045F71AEE101AC9B270EBB29F372F404757B58600E9966C7E4D ] SpbCx           C:\WINDOWS\system32\drivers\SpbCx.sys
11:53:40.0866 0x1a60  SpbCx - ok
11:53:40.0975 0x1a60  [ 42FEA9E0BA9761D9E65A4F167D91515B, 9A34CE83F3ACD50608671BDABE5E475F8E0C8335D3B8B7B3D7E84B2A319FA29F ] Spooler         C:\WINDOWS\System32\spoolsv.exe
11:53:41.0084 0x1a60  Spooler - ok
11:53:41.0491 0x1a60  [ C993A0B97BECD3AAF5158E3869878465, 8B86F37DEFCBE55DE507D830EC4980EBB39B3CCA30C2B3E76B588AAB282A50FC ] sppsvc          C:\WINDOWS\system32\sppsvc.exe
11:53:41.0772 0x1a60  sppsvc - ok
11:53:41.0834 0x1a60  [ 6416E79A58A8FCC33A447A4DDDD3BF04, 839E3107ACCD520C309BD6C8324DF7A8EB724EAD442AB1F1CACB0D83F84BE488 ] srv             C:\WINDOWS\system32\DRIVERS\srv.sys
11:53:41.0928 0x1a60  srv - ok
11:53:41.0991 0x1a60  [ 5BED3AB69797C8786EF70AEA8C33748B, 0474EE6C43D437CBA9848BCF25D1341B122D7E9F371A0FF3C62C83D14B2CB095 ] srv2            C:\WINDOWS\system32\DRIVERS\srv2.sys
11:53:42.0022 0x1a60  srv2 - ok
11:53:42.0084 0x1a60  [ D047CD668E6277FD80F0C613946F034C, BD0209E7FD89F9295D4DE48C9652DF2A2990277C16AFA473B96704B1CBD2F338 ] srvnet          C:\WINDOWS\system32\DRIVERS\srvnet.sys
11:53:42.0100 0x1a60  srvnet - ok
11:53:42.0131 0x1a60  [ BB9ED3EDD8E85008215A7250D325A72E, D3404E31B7706B25CDEA7CB4260C343B5F090E8CCB9A5FA203B0F94A9112F1B3 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
11:53:42.0162 0x1a60  SSDPSRV - ok
11:53:42.0178 0x1a60  [ 3911418AFDE10EA6823B7799E4815524, A73517C4C1271E666B2B3A747756070098E923742B41572AA16573170440AA07 ] SstpSvc         C:\WINDOWS\system32\sstpsvc.dll
11:53:42.0209 0x1a60  SstpSvc - ok
11:53:42.0241 0x1a60  [ 366DEA74BBA65B362BCCFC6FC2ADFD8B, 4D28122AB9D8DAB724021E6513B4474BD34FCEDF47769B1D27AC7551FCA002F8 ] stexstor        C:\WINDOWS\system32\drivers\stexstor.sys
11:53:42.0256 0x1a60  stexstor - ok
11:53:42.0303 0x1a60  [ D638904FE86A5FE542A1BA13A9D68E5C, 89A956F932316BC50DD99B54BAF4E2809DCAA084DBB04CB84D11E5470BEAF251 ] stisvc          C:\WINDOWS\System32\wiaservc.dll
11:53:42.0366 0x1a60  stisvc - ok
11:53:42.0397 0x1a60  [ 0ED2E318ABB68C1A35A8B8038BDB4C90, 5C3ABC245F4BCFE64E646D9C0E2F5E211244956C84D03084C71FF6A7E0CDED30 ] storahci        C:\WINDOWS\system32\drivers\storahci.sys
11:53:42.0412 0x1a60  storahci - ok
11:53:42.0428 0x1a60  [ 7A08CEE1535F5A448215634C5EA74E50, 41529CDC08A3956F8FE9D5759B147E2E56E3305149EA415EB200249F7CD32094 ] storflt         C:\WINDOWS\system32\DRIVERS\vmstorfl.sys
11:53:42.0444 0x1a60  storflt - ok
11:53:42.0475 0x1a60  [ 6B06E2D11E604BE2B1A406C4CB3B90DE, 2DDEA1568A85AD64FCE5D10D348304FCD9BE6E96C2313353EF70A2933306D188 ] stornvme        C:\WINDOWS\system32\drivers\stornvme.sys
11:53:42.0491 0x1a60  stornvme - ok
11:53:42.0506 0x1a60  [ 3118058E3D07021A55324A943C6D722B, 0B255DF1977DADD2B9766EEEA814B464F0ABFA34D6439F3C453083850C121F16 ] StorSvc         C:\WINDOWS\system32\storsvc.dll
11:53:42.0553 0x1a60  StorSvc - ok
11:53:42.0569 0x1a60  [ 548759755BC73DAD663250239D7E0B9F, D31A05A8CE800B539420B6E545F1F4BF6E4B02EAF8366DE89CAF13A83C6CA48D ] storvsc         C:\WINDOWS\system32\drivers\storvsc.sys
11:53:42.0584 0x1a60  storvsc - ok
11:53:42.0616 0x1a60  [ D8E1AE075AB3E8AD56F69C44AA978596, CAFF5116DE7F0EEFFEBE38724BCEE7D11B44153AD35EE43E314C56D5E210758A ] svsvc           C:\WINDOWS\system32\svsvc.dll
11:53:42.0647 0x1a60  svsvc - ok
11:53:42.0662 0x1a60  [ 84E0F5D41C138C5CC975137A2A98F6D3, 1E36CED05E4F4365C2AB020CAF920E3959995D7F89F3FABD7B2FB05985F85F38 ] swenum          C:\WINDOWS\System32\drivers\swenum.sys
11:53:42.0741 0x1a60  swenum - ok
11:53:42.0803 0x1a60  [ 850EBB87584484DC16F917E7B6F4A304, C253D1DFFCDFB018432063602FB01DBCBDDD6E03458E5C366AABD4670F114B0C ] swprv           C:\WINDOWS\System32\swprv.dll
11:53:42.0866 0x1a60  swprv - ok
11:53:42.0913 0x1a60  [ 157DFCD1E83E964A5074742AE2DFA0C1, D6F4567F42402938F54A1E482BAE3B02E1BD5AF3788835A63829A3652E5DDA67 ] SynTP           C:\WINDOWS\system32\DRIVERS\SynTP.sys
11:53:42.0928 0x1a60  SynTP - ok
11:53:42.0991 0x1a60  [ 3DA26652B12E9AB43FD04976AC6DFD33, DEFE220D86197949E97342FE3487CD6A07DD2FFAF6D17A7C65419C2C1B9D1AB5 ] SysMain         C:\WINDOWS\system32\sysmain.dll
11:53:43.0069 0x1a60  SysMain - ok
11:53:43.0116 0x1a60  [ FD4EA8E9232ADD51DC31C295DDEF2768, 3EA40D7376AB5AA5DA2BCF4745C79F7BF819363466967ECC3CD15ADECBFD7244 ] SystemEventsBroker C:\WINDOWS\System32\SystemEventsBrokerServer.dll
11:53:43.0163 0x1a60  SystemEventsBroker - ok
11:53:43.0194 0x1a60  [ BA6DD39266A5E15515C8C14DA2DA3E5C, 5BC917BA4E7281A67CC6CEF2F4D1972DF04DECBEFB6DED0B08FFBD06E15D4B4F ] TabletInputService C:\WINDOWS\System32\TabSvc.dll
11:53:43.0209 0x1a60  TabletInputService - ok
11:53:43.0241 0x1a60  [ B517410F157693043DACA21B19B258A6, 2224EECEB575CEA811036C43BB5B0A408DE5F59BC97235AB948968E4C3E438F2 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
11:53:43.0288 0x1a60  TapiSrv - ok
11:53:43.0413 0x1a60  [ CCB3A2BB60FE5073F2DEA63FE83CF8FE, 02982136236DD595D8974E6645A008D663B4DD3BC3824721E4DE4377B97887C7 ] Tcpip           C:\WINDOWS\system32\drivers\tcpip.sys
11:53:43.0522 0x1a60  Tcpip - ok
11:53:43.0631 0x1a60  [ CCB3A2BB60FE5073F2DEA63FE83CF8FE, 02982136236DD595D8974E6645A008D663B4DD3BC3824721E4DE4377B97887C7 ] TCPIP6          C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:53:43.0725 0x1a60  TCPIP6 - ok
11:53:43.0772 0x1a60  [ 41CF802064F72E55F50CA0A221FD36D4, 70ABCDF9E96611E8C83042C581575E26649FE479475E8E118CD3FF6CB1C84C3F ] tcpipreg        C:\WINDOWS\system32\drivers\tcpipreg.sys
11:53:43.0819 0x1a60  tcpipreg - ok
11:53:43.0850 0x1a60  [ FFF28F9F6823EB1756C60F1649560BBF, 208DFF8BF0329D0D4761C7E31527AEED7FF5F3C36C5005953D01477F35408D5C ] tdx             C:\WINDOWS\system32\DRIVERS\tdx.sys
11:53:43.0881 0x1a60  tdx - ok
11:53:43.0913 0x1a60  [ 232D185D2337F141311D0CF1983E1431, 02EB56D3F26174AF1741C1A444CE30DE84D5BAF583C1A52C7A953BCC52445547 ] terminpt        C:\WINDOWS\System32\drivers\terminpt.sys
11:53:43.0913 0x1a60  terminpt - ok
11:53:43.0975 0x1a60  [ 3D748E5558FD9A9F03182CB2330698DC, 70B2069AB7912EB49AB3ABD18D4B42CB94AC99CA6DE3F63F4888B8EAAC78AAA2 ] TermService     C:\WINDOWS\System32\termsrv.dll
11:53:44.0038 0x1a60  TermService - ok
11:53:44.0069 0x1a60  [ 05FBE1F7C13E87AF7A414CDF288B1F62, 24079E1A6B2E33A1A8E76A77F73473B93DD6B379E44C982CE50D6CEED9747838 ] Themes          C:\WINDOWS\system32\themeservice.dll
11:53:44.0116 0x1a60  Themes - ok
11:53:44.0147 0x1a60  [ FD788C2D96EA91469A3C1D13E80D7473, 7B14D4BFDE18CECC19FBFFAA5AFF5FD78BFB7FCDA6613990740A8A7DD9873D26 ] THREADORDER     C:\WINDOWS\system32\mmcss.dll
11:53:44.0147 0x1a60  THREADORDER - ok
11:53:44.0163 0x1a60  [ 347A3E49CE18402305B8119A6EC7CFEB, 6768B20EE577880B0353FE84B980D4A18D323929A63FAE41F7A55123BBFC8DBA ] TimeBroker      C:\WINDOWS\System32\TimeBrokerServer.dll
11:53:44.0194 0x1a60  TimeBroker - ok
11:53:44.0256 0x1a60  [ 82F909359600D3603FE852DB7F135626, 2EB2BB9D81AC9A2E432B2628E296B7B21F1C82EAE8009300EEF1B8596A9F418D ] TPM             C:\WINDOWS\system32\drivers\tpm.sys
11:53:44.0272 0x1a60  TPM - ok
11:53:44.0288 0x1a60  [ C97E14BB6A196B0554D6EB67D8818175, C00588C94988F10507F84584DFA4C0A43B8648AD1AD35E9BAE14CDD21FCF7B90 ] TrkWks          C:\WINDOWS\System32\trkwks.dll
11:53:44.0303 0x1a60  TrkWks - ok
11:53:44.0366 0x1a60  [ 887CC44830D3F367CAD17A0CA7CCA5C8, D4022A76433A11FD66D0F41A1EB4D6893BC5B22317E7E9E021739109EB493B44 ] TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe
11:53:44.0397 0x1a60  TrustedInstaller - ok
11:53:44.0413 0x1a60  [ BF8F54CA37E9C9D6582C31C5761F8C93, 337C566792F6FB9B7FD5D1D4384B767CFE4CF5DBB2E4688CCC36CBB018A0DD0F ] TsUsbFlt        C:\WINDOWS\system32\drivers\tsusbflt.sys
11:53:44.0444 0x1a60  TsUsbFlt - ok
11:53:44.0475 0x1a60  [ E0088068DCE2EE82897027DDB8E05254, FA9C201D3C885DAD2ABE6A23343EDCC83CFB342EFF9E3005FA50B1D88B21D203 ] TsUsbGD         C:\WINDOWS\System32\drivers\TsUsbGD.sys
11:53:44.0491 0x1a60  TsUsbGD - ok
11:53:44.0506 0x1a60  [ C8E0E78B5D284C2FF59BDFFDAF997242, BA1576C491A1246EF9866762426D110F4570F9DB42A68C174943C7D5020FE3E2 ] tunnel          C:\WINDOWS\system32\DRIVERS\tunnel.sys
11:53:44.0522 0x1a60  tunnel - ok
11:53:44.0553 0x1a60  [ F6EEAD052943B5A3104C1405BB856C54, FE422813E6C1012E9F392EFF2AE4C6D3A4DBD9CB2BD5E6A5CAB57D4E89A29468 ] uagp35          C:\WINDOWS\system32\drivers\uagp35.sys
11:53:44.0553 0x1a60  uagp35 - ok
11:53:44.0584 0x1a60  [ FE6067B1FD4E63650C667B33D080565B, 2C330ED00E49BA55E25564230E0DFB8A35F2B5320EB18D4AF7CAACFA9A449044 ] UASPStor        C:\WINDOWS\System32\drivers\uaspstor.sys
11:53:44.0584 0x1a60  UASPStor - ok
11:53:44.0631 0x1a60  [ B034A41891A36457B994307DFA772293, CA5E6500764A9777AE0E15B2AFB6F05982C90F01374E3F6DDC6DF3852282C66B ] UCX01000        C:\WINDOWS\System32\drivers\ucx01000.sys
11:53:44.0647 0x1a60  UCX01000 - ok
11:53:44.0663 0x1a60  [ 1EC649F112896FAE33250F0B97AC5D0B, 0C0A1C2C7615DEB298AD3073340FD1BF91FEBE611F133E3B48D994A6EAA8369F ] udfs            C:\WINDOWS\system32\DRIVERS\udfs.sys
11:53:44.0678 0x1a60  udfs - ok
11:53:44.0694 0x1a60  [ 9578691F297E1B1F519970FE6D47CB21, 080C352AAF22A16A4F3C4AB4DCEA5BFA656457C73F735CEBA30516FDACCF6301 ] UEFI            C:\WINDOWS\System32\drivers\UEFI.sys
11:53:44.0709 0x1a60  UEFI - ok
11:53:44.0741 0x1a60  [ 320878AFECDBBD61BBE98624A6CAAC08, 15C090EA32A24D976B5FCB1373B1281DCC2295C075299C814345D694AEB47CB9 ] UI0Detect       C:\WINDOWS\system32\UI0Detect.exe
11:53:44.0756 0x1a60  UI0Detect - ok
11:53:44.0772 0x1a60  [ 5EAB5117DDB24FC4D39E6FFFCF1837B9, 2BC709240867F161E94BE6625A04F478EAAA3EEE7BC7C37ED0DFA9EEA5928E98 ] uliagpkx        C:\WINDOWS\system32\drivers\uliagpkx.sys
11:53:44.0788 0x1a60  uliagpkx - ok
11:53:44.0803 0x1a60  [ DA34C39A18E60E7C3FA0630566408034, 2F162504214053894C72760D9933D01DBF3578609FE5E2376C3272818599FE32 ] umbus           C:\WINDOWS\System32\drivers\umbus.sys
11:53:44.0819 0x1a60  umbus - ok
11:53:44.0834 0x1a60  [ AE8294875E5446E359B1E8035D40C05E, AE0357BAB47C07C3576BC76951CD258C009BC5A1B93259D2122A841BD9CDA8FA ] UmPass          C:\WINDOWS\System32\drivers\umpass.sys
11:53:44.0850 0x1a60  UmPass - ok
11:53:44.0881 0x1a60  [ E3DDF7D43E05784FAA5E042605EEE528, 8E20E880FAB09AF4FF5C438BF9EAE9970D46C05167870110869B744E498FD761 ] UmRdpService    C:\WINDOWS\System32\umrdp.dll
11:53:44.0913 0x1a60  UmRdpService - ok
11:53:45.0069 0x1a60  [ DBE2E6388379D5CC78099650541E9566, 1914BC929F109A49FB18ED31F239A9813A010B0A3914BC8CD0D6A94A67A072D7 ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
11:53:45.0084 0x1a60  UNS - ok
11:53:45.0116 0x1a60  [ 4A2FFDAC45F317E17DF642C7160EB633, F1AB762912FAA5F469F322407DA37C91556086C42D1643AD27516C12A84F74D0 ] upnphost        C:\WINDOWS\System32\upnphost.dll
11:53:45.0147 0x1a60  upnphost - ok
11:53:45.0163 0x1a60  [ 30F02F642C2D141CAABD412B48A29D76, E94610E0CB46A9DD811AC03B028310D91E13B63A57A39749EEAC70FB5E729EE3 ] usb3Hub         C:\WINDOWS\System32\drivers\usb3Hub.sys
11:53:45.0178 0x1a60  usb3Hub - ok
11:53:45.0209 0x1a60  [ FF78D053A05E5A394F4E3C1816CC65A8, 5DAE02414271231F5FDBB751AFEB99874779B467947020815D4AE54432D4269D ] usbccgp         C:\WINDOWS\System32\drivers\usbccgp.sys
11:53:45.0225 0x1a60  usbccgp - ok
11:53:45.0256 0x1a60  [ B3D6457D841A0CAEF4C52D88621715F2, CBDD76A8A28379B107B1FB530757B477B8AB74CD01F9F3CEDC7B1BA0C6E5A990 ] usbcir          C:\WINDOWS\System32\drivers\usbcir.sys
11:53:45.0256 0x1a60  usbcir - ok
11:53:45.0303 0x1a60  [ 48BA326A3DBA5B5BEB5F2777F4618696, B9EC8155F11A3A7644BD9DC8910681B46AE44AE3BF53F052DF50E9C5555E3229 ] usbehci         C:\WINDOWS\System32\drivers\usbehci.sys
11:53:45.0303 0x1a60  usbehci - ok
11:53:45.0334 0x1a60  [ FEF0BC107812B36849741C3211BA6B60, B3EF738BE1E6B6027F29C9713CD3F367EA067D2BE46580AFBC0FB58046EF6BBD ] usbhub          C:\WINDOWS\System32\drivers\usbhub.sys
11:53:45.0366 0x1a60  usbhub - ok
11:53:45.0381 0x1a60  [ 65392F3F3F65E4C6CC82A0F4F8A0B051, C11B662A28D95820717DFFC6B76DBB755E4876009A2342E5E3992DE32D6BFF61 ] USBHUB3         C:\WINDOWS\System32\drivers\UsbHub3.sys
11:53:45.0413 0x1a60  USBHUB3 - ok
11:53:45.0475 0x1a60  [ 3019097FB6C985EF24C058090FF3BDBD, 24AC518D34E338D94BF3D5B3F72E53F8A1369BAA7F32FEA3EDBCF928C4FF1D17 ] usbohci         C:\WINDOWS\System32\drivers\usbohci.sys
11:53:45.0585 0x1a60  usbohci - ok
11:53:45.0616 0x1a60  [ 4D655E3B684BE9B0F7FFD8A2935C348C, 3A7FC1748C5AEA8CFE0E7C22ADC77E3DCA475455FC16D9C6A5C16EB5E949A516 ] usbprint        C:\WINDOWS\System32\drivers\usbprint.sys
11:53:45.0647 0x1a60  usbprint - ok
11:53:45.0678 0x1a60  [ F04D164C4168701A4E7835607722E5F1, 6F743CF2CF73945B4A4B1C4402744BC2FE1624F1346C194493AD2F7110F9EB35 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:53:45.0710 0x1a60  usbscan - ok
11:53:45.0741 0x1a60  [ 66732C13628BDB1AB0D6FD46027327C2, B582C0F348D8F79419CA5A58F10CA151E06D7CA3BE162344CADA46D9D7FED97C ] USBSTOR         C:\WINDOWS\System32\drivers\USBSTOR.SYS
11:53:45.0756 0x1a60  USBSTOR - ok
11:53:45.0788 0x1a60  [ 064260B3A5868AC894A4943543BC7AB7, D3534E98B34C4AC9A430D7E0AB301A0E5E1511E3117C2FEA392636B0DE2C38E2 ] usbuhci         C:\WINDOWS\System32\drivers\usbuhci.sys
11:53:45.0788 0x1a60  usbuhci - ok
11:53:45.0819 0x1a60  [ 18F744E8CCEB2670040EBAF7AD77B8C6, C5E2DF4EA0D946B4DA67DE29FA9D0F079DED35EC59B98E532C4C2D5F8E86DA0A ] usbvideo        C:\WINDOWS\System32\Drivers\usbvideo.sys
11:53:45.0850 0x1a60  usbvideo - ok
11:53:45.0881 0x1a60  [ 48430B0313FC1CFE3D2400553F1A93CD, 92994DE6B131E904AFF2C9C4FBB4E6B0D58525A1539763327373DA18C9F08193 ] USBXHCI         C:\WINDOWS\System32\drivers\USBXHCI.SYS
11:53:45.0913 0x1a60  USBXHCI - ok
11:53:45.0928 0x1a60  [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] VaultSvc        C:\WINDOWS\system32\lsass.exe
11:53:45.0928 0x1a60  VaultSvc - ok
11:53:45.0944 0x1a60  [ FEB26E3B8345A7E8D62F945C4AE86562, 3AAFE87C402FC8E92542DFE60EC9540559863065F88D429A16D7B1BF829223FF ] vdrvroot        C:\WINDOWS\system32\drivers\vdrvroot.sys
11:53:45.0944 0x1a60  vdrvroot - ok
11:53:46.0022 0x1a60  [ E3EF58D4123B5AA29C8E19825AF84A5E, FB1046722BC643E955DBC3B1459DBF2A6D575EBA2BCF7B20A0FA51E3993835E2 ] vds             C:\WINDOWS\System32\vds.exe
11:53:46.0085 0x1a60  vds - ok
11:53:46.0100 0x1a60  [ A026EDEAA5EECAE0B08E2748B616D4BD, 2525A54DC7F49DDFBB999C22BF3FAB6D9E9F70C0806E58D81E90AC59F9F46089 ] VerifierExt     C:\WINDOWS\system32\drivers\VerifierExt.sys
11:53:46.0116 0x1a60  VerifierExt - ok
11:53:46.0163 0x1a60  [ 52E483A3701A5A61A75A06993720347D, 689E812755E485DF6960D1E049740FBAFB812467D23B673DCAA40C03FEBB544F ] vhdmp           C:\WINDOWS\System32\drivers\vhdmp.sys
11:53:46.0178 0x1a60  vhdmp - ok
11:53:46.0210 0x1a60  [ 06D38968028E9AB19DE9B618C7B6D199, 62022297A47F440D1C82CA0B0E57C0C8E9D5033D83DD3B40492B218DF65EBF68 ] viaide          C:\WINDOWS\system32\drivers\viaide.sys
11:53:46.0225 0x1a60  viaide - ok
11:53:46.0225 0x1a60  [ C6305BDFC4F7CE51F72BB072C03D4ACE, 73E62869CA3104F48CC3B0C45E69CE9BF4F8D7D06E29C2F049B9347ABB50554D ] vmbus           C:\WINDOWS\system32\drivers\vmbus.sys
11:53:46.0241 0x1a60  vmbus - ok
11:53:46.0256 0x1a60  [ DA40BEA0A863CE768C940CA9723BF81F, 567C0C3F422325635808B0CF76E05D3B6187F96845C33F85F92F98C9FE53A5B8 ] VMBusHID        C:\WINDOWS\System32\drivers\VMBusHID.sys
11:53:46.0256 0x1a60  VMBusHID - ok
11:53:46.0288 0x1a60  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicguestinterface C:\WINDOWS\System32\ICSvc.dll
11:53:46.0303 0x1a60  vmicguestinterface - ok
11:53:46.0335 0x1a60  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicheartbeat   C:\WINDOWS\System32\ICSvc.dll
11:53:46.0350 0x1a60  vmicheartbeat - ok
11:53:46.0366 0x1a60  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmickvpexchange C:\WINDOWS\System32\ICSvc.dll
11:53:46.0397 0x1a60  vmickvpexchange - ok
11:53:46.0413 0x1a60  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicrdv         C:\WINDOWS\System32\ICSvc.dll
11:53:46.0428 0x1a60  vmicrdv - ok
11:53:46.0444 0x1a60  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicshutdown    C:\WINDOWS\System32\ICSvc.dll
11:53:46.0460 0x1a60  vmicshutdown - ok
11:53:46.0475 0x1a60  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmictimesync    C:\WINDOWS\System32\ICSvc.dll
11:53:46.0491 0x1a60  vmictimesync - ok
11:53:46.0506 0x1a60  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicvss         C:\WINDOWS\System32\ICSvc.dll
11:53:46.0538 0x1a60  vmicvss - ok
11:53:46.0585 0x1a60  [ 55D7D963DE85162F1C49721E502F9744, 5AD34D6DB707EF3E5242BD8CA67B21D6258EE7E7FC477D5227BD15500AE7F45F ] volmgr          C:\WINDOWS\system32\drivers\volmgr.sys
11:53:46.0600 0x1a60  volmgr - ok
11:53:46.0616 0x1a60  [ CCB9E901F7254BF96D28EB1B0E5329B7, F0E3CA4EFA544CDAEF4092284CF3EC7DF07F806A770285E281816457AD8813F5 ] volmgrx         C:\WINDOWS\system32\drivers\volmgrx.sys
11:53:46.0631 0x1a60  volmgrx - ok
11:53:46.0678 0x1a60  [ 64CA2B4A49A8EAF495E435623ECCE7DB, 81151F295A54DE2B8B88C7F48C86BF58CDFF96F98493509C06D6F41484594386 ] volsnap         C:\WINDOWS\system32\drivers\volsnap.sys
11:53:46.0694 0x1a60  volsnap - ok
11:53:46.0725 0x1a60  [ 01355C98B5C3ED1EC446743CDA848FCE, B9FCF558C20E05DD0F53FFB70BBEF873EA57801E13A16701E636128D625C4B67 ] vpci            C:\WINDOWS\System32\drivers\vpci.sys
11:53:46.0741 0x1a60  vpci - ok
11:53:46.0756 0x1a60  [ 4539F45F9F4C9757A86A56C949421E07, DEC362314B2C66414F39354AFE79C02B18BF4EEF90787FB58307F6EB62237E2C ] vsmraid         C:\WINDOWS\system32\drivers\vsmraid.sys
11:53:46.0772 0x1a60  vsmraid - ok
11:53:46.0850 0x1a60  [ E369C59F2C0852DDD090C07E0DDE0051, 4FAC94458EAAEED4F84A86FBAB8FBB332D0AF85BD528E63C0C058A2DA8E3011D ] VSS             C:\WINDOWS\system32\vssvc.exe
11:53:46.0913 0x1a60  VSS - ok
11:53:46.0944 0x1a60  [ 0849B7260F26FE05EA56DED0672E2F4B, 7EAC0E7988F45CB4133A15932955B7B03CE715C967A3BAC9999D81543EBCAEC5 ] VSTXRAID        C:\WINDOWS\system32\drivers\vstxraid.sys
11:53:46.0975 0x1a60  VSTXRAID - ok
11:53:47.0038 0x1a60  [ BE970C369E43B509C1EDA2B8FA7CECB0, 18951F2AA842A0795AA79A4E164EE925A35E6270EBE4C4CDB19D0A891830E383 ] vwifibus        C:\WINDOWS\System32\drivers\vwifibus.sys
11:53:47.0147 0x1a60  vwifibus - ok
11:53:47.0178 0x1a60  [ 35BF5C5F5E3C9902C98978C7640574DA, C61E50B04000DCEC72365723F0C0725C2E005529DAF2777A59E624C14DA29E55 ] vwififlt        C:\WINDOWS\system32\DRIVERS\vwififlt.sys
11:53:47.0225 0x1a60  vwififlt - ok
11:53:47.0241 0x1a60  [ 65ED7B9CFEA893DF7748D5FF692690DE, 73AB9D8BB928B3247BDFC7BB47AD7FCA763B375DC250C251DB4E0573531040E8 ] vwifimp         C:\WINDOWS\system32\DRIVERS\vwifimp.sys
11:53:47.0241 0x1a60  vwifimp - ok
11:53:47.0288 0x1a60  [ 7599E582CA3A6AAA95A18FFE1172D339, A0410778FBBC4302EA91CF24B944427410B4706535F1192504D4F34C3ED4503E ] W32Time         C:\WINDOWS\system32\w32time.dll
11:53:47.0303 0x1a60  W32Time - ok
11:53:47.0319 0x1a60  [ 0910AB9ED404C1434E2D0376C2AD5D8B, 62585CA5F1375BDA440D28D5DF1ADDC9DE3DDFA196D49BBFF3456A5A09EE1C6B ] WacomPen        C:\WINDOWS\System32\drivers\wacompen.sys
11:53:47.0319 0x1a60  WacomPen - ok
11:53:47.0397 0x1a60  [ 61692DB39AD3DF2F29392D68EAA7BB93, 854D4B9C7DD1676968598ED973500650ECEC02C420E44C0B3957C24F073AA5FB ] wbengine        C:\WINDOWS\system32\wbengine.exe
11:53:47.0475 0x1a60  wbengine - ok
11:53:47.0522 0x1a60  [ 3BC1D1D56637A32CD91C8AE08E2484AA, 9EE1BD3FB0D289E25F3DDD0D8F67DC1C701A6B1D5418FADF348D0E642B1DEBEB ] WbioSrvc        C:\WINDOWS\System32\wbiosrvc.dll
11:53:47.0585 0x1a60  WbioSrvc - ok
11:53:47.0600 0x1a60  [ A07CFC4B593D15B6BF06813C3B5B33BF, B57BD918E2AFF9943B51A24B95E0C4D3482B4DF73C0E2421E8CC67C2BC7A4C70 ] Wcmsvc          C:\WINDOWS\System32\wcmsvc.dll
11:53:47.0647 0x1a60  Wcmsvc - ok
11:53:47.0678 0x1a60  [ D2726823DF7E19F213F4805A9D6D145F, A7F582C99918D204264D3B374F70D75984BDA5805203041E3DECB8153D16E102 ] wcncsvc         C:\WINDOWS\System32\wcncsvc.dll
11:53:47.0725 0x1a60  wcncsvc - ok
11:53:47.0741 0x1a60  [ 846C02A8B48CBD921A3D6AB521AA0DC4, B07573A774A6C65D24E5718DC25DF378270EB5B40221CA5A53B21D47838381D3 ] WcsPlugInService C:\WINDOWS\System32\WcsPlugInService.dll
11:53:47.0803 0x1a60  WcsPlugInService - ok
11:53:47.0819 0x1a60  [ 0359607177E5E9F6041136CC0A5CB0B6, 16687BE2639648CF46E8768BA1798030472C525612C629BF134D053240E2195B ] WdBoot          C:\WINDOWS\system32\drivers\WdBoot.sys
11:53:47.0835 0x1a60  WdBoot - ok
11:53:47.0881 0x1a60  [ CB6C63FF8342B467E2EF76E98D5B934D, BE017CE91E3BAB293DE6ECF143797CCE3F33CC63024437472B4E38C6961AD884 ] Wdf01000        C:\WINDOWS\system32\drivers\Wdf01000.sys
11:53:47.0913 0x1a60  Wdf01000 - ok
11:53:47.0944 0x1a60  [ DE8D12B4C3F55FA2C5E9774314F6C58A, C3E835DC066A94E1431BCDC90D7EA27AAC6F82826F4A5527B37D865241D7A366 ] WdFilter        C:\WINDOWS\system32\drivers\WdFilter.sys
11:53:47.0960 0x1a60  WdFilter - ok
11:53:47.0991 0x1a60  [ 40C67D1A4891120874767F6E6604D6C5, 4D9DD658566DE711ADF4D6C33FCB31DA351EE050E3ED188664D04526CCAAEEF5 ] WdiServiceHost  C:\WINDOWS\system32\wdi.dll
11:53:48.0022 0x1a60  WdiServiceHost - ok
11:53:48.0038 0x1a60  [ 40C67D1A4891120874767F6E6604D6C5, 4D9DD658566DE711ADF4D6C33FCB31DA351EE050E3ED188664D04526CCAAEEF5 ] WdiSystemHost   C:\WINDOWS\system32\wdi.dll
11:53:48.0053 0x1a60  WdiSystemHost - ok
11:53:48.0085 0x1a60  [ 4AD874CDC812EC156265E451B6B09DAB, 6E3E05B8301841425E9BB0D54B35EF386B78EEB307B5A6153FD1F366D30F23FA ] WdNisDrv        C:\WINDOWS\system32\Drivers\WdNisDrv.sys
11:53:48.0085 0x1a60  WdNisDrv - ok
11:53:48.0116 0x1a60  WdNisSvc - ok
11:53:48.0147 0x1a60  [ 91B18D7A1702ED589E67C6C81052B955, 5D1DA8B86106A28E50BBCCB36527CC130D41201F5BE1D3DC5F1D6F7ECCF807BA ] WebClient       C:\WINDOWS\System32\webclnt.dll
11:53:48.0194 0x1a60  WebClient - ok
11:53:48.0225 0x1a60  [ 3274312F263882B51B964329FAF49734, 99A020377ACF0762BE5ECD2D68EB5E1497B9D59963247E725F7F96FB5DF41FAD ] Wecsvc          C:\WINDOWS\system32\wecsvc.dll
11:53:48.0257 0x1a60  Wecsvc - ok
11:53:48.0272 0x1a60  [ 7CDD84E0023A0C5C230B06A7965EC65E, 6EC7DC18C76D66CF9A893C3DD20F9BE3ADD76546F9A9BA42CE4F24854709F9D9 ] WEPHOSTSVC      C:\WINDOWS\system32\wephostsvc.dll
11:53:48.0288 0x1a60  WEPHOSTSVC - ok
11:53:48.0303 0x1a60  [ 959534ACF085C137D2D094384EF89C45, D029F440789FE170A1C46217C6DE6D78DC0188A5CF33FCCC17FA65D3BC80C2B7 ] wercplsupport   C:\WINDOWS\System32\wercplsupport.dll
11:53:48.0350 0x1a60  wercplsupport - ok
11:53:48.0382 0x1a60  [ 82BCCF5FBE47AC9E8CBA2020994DFB3F, EA96C6BD98A701B465D0780EC10BDA92E45FE636D60C1385813AA3B456D8B931 ] WerSvc          C:\WINDOWS\System32\WerSvc.dll
11:53:48.0397 0x1a60  WerSvc - ok
11:53:48.0444 0x1a60  [ BFBE1C5F57FE7A885673A1962D5532B7, F0BD05B257108699FE6AB32EF11F927C31932F27062A705B3FEFA4F5B4C0D8C3 ] WFPLWFS         C:\WINDOWS\system32\DRIVERS\wfplwfs.sys
11:53:48.0460 0x1a60  WFPLWFS - ok
11:53:48.0491 0x1a60  [ E06AFE2F94BA7CFA2FE4FD2A449E60E2, 99A81E16366E9E77905D873B0246E4C11B383FE1E99E0E1D9A07FAD4E52EA9E4 ] WiaRpc          C:\WINDOWS\System32\wiarpc.dll
11:53:48.0491 0x1a60  WiaRpc - ok
11:53:48.0522 0x1a60  [ 867BCC69ED9C31C501465EB0E8BA9DFA, 678B7FF4D4E8624514301956CDA7FB451159BBFC83FF2E4E5E7DADAE3C7AB2EC ] WIMMount        C:\WINDOWS\system32\drivers\wimmount.sys
11:53:48.0522 0x1a60  WIMMount - ok
11:53:48.0538 0x1a60  WinDefend - ok
11:53:48.0569 0x1a60  [ DD079EC8F44DCA3A176B345C6ADEFB66, 6CD9371B83EA23D2181891FAE1DB285BC111A78C35F374E57666ED09860C91A9 ] WinHttpAutoProxySvc C:\WINDOWS\system32\winhttp.dll
11:53:48.0616 0x1a60  WinHttpAutoProxySvc - ok
11:53:48.0663 0x1a60  [ 9DB490F3E823C5C3C070644B96CB9D59, 81937D0B331E43C7C61514E60B3AD51370C5201F7B4D12F8534840D91EDC32DD ] Winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
11:53:48.0678 0x1a60  Winmgmt - ok
11:53:48.0788 0x1a60  [ 9CE162EB9057CF079736F4DD00FC0D6C, 412C34557866D2A3B3CDAFA5A03B87C01AACF75E349802E511098B20137028D9 ] WinRM           C:\WINDOWS\system32\WsmSvc.dll
11:53:48.0882 0x1a60  WinRM - ok
11:53:48.0913 0x1a60  [ AC263C2F66405589528995AA41040599, 81B46E551D6130A2C3D113EC3B563CEDB5A06BB340986C0E03136CE5BE729481 ] WinUsb          C:\WINDOWS\system32\DRIVERS\WinUsb.sys
11:53:48.0944 0x1a60  WinUsb - ok
11:53:49.0022 0x1a60  [ 4C69A8E2E159C1C59BC4B688E9DD7F8C, 235C7A41425846EFE4966490EB7F72AA768B3FE1665843BF58520DDBD6822A74 ] WisLMSvc        C:\Program Files (x86)\Launch Manager\WisLMSvc.exe
11:53:49.0022 0x1a60  WisLMSvc - ok
11:53:49.0100 0x1a60  [ 3F5EF31C6AA204B099EE76497DF80A26, CBE648A4E7E1D98A3D8C72582C1CB3C2FD2329EAA24EE4DCAD271AAA6F4D82CE ] WlanSvc         C:\WINDOWS\System32\wlansvc.dll
11:53:49.0147 0x1a60  WlanSvc - ok
11:53:49.0210 0x1a60  [ 5F56C0DE776C7AE43AF749845BFAA1EF, 837993C5853B7E682C7FB8401B7F5D951FFD15E5659EBB1B01DC3F5719ACEE19 ] wlidsvc         C:\WINDOWS\system32\wlidsvc.dll
11:53:49.0288 0x1a60  wlidsvc - ok
11:53:49.0303 0x1a60  [ 2834D9D3B4F554A39C72F00EA3F0E128, D10124343C67FE9A0B711AD569BB8080495FCEA0ECEF9AC3F3FBD6865F436A44 ] WmiAcpi         C:\WINDOWS\System32\drivers\wmiacpi.sys
11:53:49.0319 0x1a60  WmiAcpi - ok
11:53:49.0335 0x1a60  [ 7AFAC828F52D62F304A911EC32F42EEE, 4EDCF4149069413A166169F2E23F7505F47B39B7EC319E1EF6D2C46CD140AA24 ] wmiApSrv        C:\WINDOWS\system32\wbem\WmiApSrv.exe
11:53:49.0382 0x1a60  wmiApSrv - ok
11:53:49.0428 0x1a60  WMPNetworkSvc - ok
11:53:49.0460 0x1a60  [ 7FC5667DF73D4B04AA457CC3A4180E09, CB7B014945DCA16B6D120DBE0E5876C4C867A4ACD3C3536AEADC14B908613D4E ] Wof             C:\WINDOWS\system32\drivers\Wof.sys
11:53:49.0475 0x1a60  Wof - ok
11:53:49.0553 0x1a60  [ 61BF52E9FFAB27A0B6D621BE26088373, 81291D52C381360E69D51E7DEB05CFAC651A7E9EF781CA23062C0583D0C94708 ] workfolderssvc  C:\WINDOWS\system32\workfolderssvc.dll
11:53:49.0647 0x1a60  workfolderssvc - ok
11:53:49.0694 0x1a60  [ 182561A14F2E93E81E66FE3700D17A5A, FB9A06058A8BCCEDCDC5BF8899D9B2FBA5752C262C5FC6D2B8338884F3303D12 ] wpcfltr         C:\WINDOWS\system32\DRIVERS\wpcfltr.sys
11:53:49.0694 0x1a60  wpcfltr - ok
11:53:49.0725 0x1a60  [ 4E6A0F60DA7EF050D3D26417CD4D24E9, E6B3BFB007B641D41F8532ED086F92CB3D86E210023DBFAA9AD8152A9FD33CCA ] WPCSvc          C:\WINDOWS\System32\wpcsvc.dll
11:53:49.0757 0x1a60  WPCSvc - ok
11:53:49.0803 0x1a60  [ 618A19EB31ECA7B7F2AA0207BAF598A5, CB18CF9B781EAB3D775F8201F294A7135E058D6C963D2CC759DCA14D95EED538 ] WPDBusEnum      C:\WINDOWS\system32\wpdbusenum.dll
11:53:49.0850 0x1a60  WPDBusEnum - ok
11:53:49.0882 0x1a60  [ 9F2904B55F6CECCD1A8D986B5CE2609A, E19ED4DD3CEF3A22C058FC324824604FB3FC98A029C94E6C2A3389F938D680B6 ] WpdUpFltr       C:\WINDOWS\system32\drivers\WpdUpFltr.sys
11:53:49.0897 0x1a60  WpdUpFltr - ok
11:53:49.0913 0x1a60  [ AE072B0339D0A18E455DC21666CAD572, AB1DAEA25E2C7AD610818D4B4783F6D4190D85EBB3963BBAD410E8CEA7899EDB ] ws2ifsl         C:\WINDOWS\system32\drivers\ws2ifsl.sys
11:53:49.0928 0x1a60  ws2ifsl - ok
11:53:49.0960 0x1a60  [ 9654DE19551093CD73874281E1573C94, 5E3513EC0CB180D90904BE8970AB64A4434279E8C467AE2CF693254E47B1D11E ] wscsvc          C:\WINDOWS\System32\wscsvc.dll
11:53:50.0007 0x1a60  wscsvc - ok
11:53:50.0007 0x1a60  WSearch - ok
11:53:50.0132 0x1a60  [ 95B6670E6933E1DEE19686C55BE709A0, 4B9EB8F1712B7959A71F6DA445D29BD09B25EEFC6B30D736EFE30163D79B233E ] WSService       C:\WINDOWS\System32\WSService.dll
11:53:50.0241 0x1a60  WSService - ok
11:53:50.0366 0x1a60  [ DCD090318EC800CF6275C6835900B0C6, 9E72762EEE46CC0606B909850E6D22E9C8E5C88E82F7C974B2B7C1E5160BEBA7 ] wuauserv        C:\WINDOWS\system32\wuaueng.dll
11:53:50.0507 0x1a60  wuauserv - ok
11:53:50.0553 0x1a60  [ D537815E450A149752C15868392AD1F3, 8788CE493349299DB36E409C8CC3C6EA08301FA492C95D9D556E00BC13A05F13 ] WudfPf          C:\WINDOWS\system32\drivers\WudfPf.sys
11:53:50.0585 0x1a60  WudfPf - ok
11:53:50.0616 0x1a60  [ 7CCBBCEE408A5DBE3FE47297DB5A6CFC, FB44B65B37B1C1A12C618E16BEF195EF861A87179B9216E43024C671C3AE052C ] WUDFRd          C:\WINDOWS\System32\drivers\WUDFRd.sys
11:53:50.0632 0x1a60  WUDFRd - ok
11:53:50.0647 0x1a60  [ 7CCBBCEE408A5DBE3FE47297DB5A6CFC, FB44B65B37B1C1A12C618E16BEF195EF861A87179B9216E43024C671C3AE052C ] WUDFSensorLP    C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
11:53:50.0663 0x1a60  WUDFSensorLP - ok
11:53:50.0678 0x1a60  [ 9CDC2059A23E3C9B57696178508777E7, B680A2E2EDA5C8C6A547E7D9B2F2F8E6407C3EA0A01B82A4B88D48A27913A597 ] wudfsvc         C:\WINDOWS\System32\WUDFSvc.dll
11:53:50.0710 0x1a60  wudfsvc - ok
11:53:50.0710 0x1a60  [ 7CCBBCEE408A5DBE3FE47297DB5A6CFC, FB44B65B37B1C1A12C618E16BEF195EF861A87179B9216E43024C671C3AE052C ] WUDFWpdFs       C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
11:53:50.0741 0x1a60  WUDFWpdFs - ok
11:53:50.0741 0x1a60  [ 7CCBBCEE408A5DBE3FE47297DB5A6CFC, FB44B65B37B1C1A12C618E16BEF195EF861A87179B9216E43024C671C3AE052C ] WUDFWpdMtp      C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
11:53:50.0772 0x1a60  WUDFWpdMtp - ok
11:53:50.0819 0x1a60  [ 2FA9794CA36147756F3FDFD6CA29B46F, 4B86DC38C2411C281686E9A4E64DA6FB2992E39391371F78E012D6D8BB85123F ] WwanSvc         C:\WINDOWS\System32\wwansvc.dll
11:53:50.0850 0x1a60  WwanSvc - ok
11:53:50.0913 0x1a60  [ 6FDEE5E0741A3FFA5E5772C6C94E3F64, 859EBC7F8FF3CE9F3301B5BF93CF0C84C2A4271F205B67D9B8DC463DC67DE661 ] XHCIPort        C:\WINDOWS\System32\drivers\XHCIPort.sys
11:53:50.0929 0x1a60  XHCIPort - ok
11:53:51.0100 0x1a60  [ 97D3DCBBF3915782644DB56F5C191B9F, 3207D951F8042ADA9256283E9D64C3427D145DB98172A87733F868215FF62EF4 ] ZeroConfigService C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
11:53:51.0179 0x1a60  ZeroConfigService - ok
11:53:51.0194 0x1a60  ================ Scan global ===============================
11:53:51.0225 0x1a60  [ C89780A6F58D113C28A96D85D1261DC5, 185114F33A60916C7904E4A0F278CA43258454343E614F01F0DAFA98BAC981B1 ] C:\WINDOWS\system32\basesrv.dll
11:53:51.0257 0x1a60  [ 00DD4D2ACC2E72155A8AAA82018BEC0D, 9D7CA68B4A81240477FCC85A3CC11EF986093F9D6228A6C5AC608EDAD664068C ] C:\WINDOWS\system32\winsrv.dll
11:53:51.0288 0x1a60  [ 9C1833ABD62876856836C5AE55C7CE86, 0A21E2C8B2FF3B0438C86DA7151A548F9C6F5C62CD402CBBEDB435994C8508F1 ] C:\WINDOWS\system32\sxssrv.dll
11:53:51.0319 0x1a60  [ 067CB90C277DB4A737D5DEABA3055972, C681BF013170F2D92A3FC4D783FC3F200CDC0C8173373B7ECC27FCF32A03CCBD ] C:\WINDOWS\system32\services.exe
11:53:51.0335 0x1a60  [ Global ] - ok
11:53:51.0335 0x1a60  ================ Scan MBR ==================================
11:53:51.0350 0x1a60  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
11:53:51.0413 0x1a60  \Device\Harddisk0\DR0 - ok
11:53:51.0429 0x1a60  ================ Scan VBR ==================================
11:53:51.0460 0x1a60  [ C74BE926EB32ED91B5E6A71AA1BBACBB ] \Device\Harddisk0\DR0\Partition1
11:53:51.0522 0x1a60  \Device\Harddisk0\DR0\Partition1 - ok
11:53:51.0538 0x1a60  [ 15BE2680D0449588A0654D6AB014D7BB ] \Device\Harddisk0\DR0\Partition2
11:53:51.0585 0x1a60  \Device\Harddisk0\DR0\Partition2 - ok
11:53:51.0585 0x1a60  [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition3
11:53:51.0585 0x1a60  \Device\Harddisk0\DR0\Partition3 - ok
11:53:51.0600 0x1a60  [ 7479D475ADB7DD99B5B3CDED9B321727 ] \Device\Harddisk0\DR0\Partition4
11:53:51.0663 0x1a60  \Device\Harddisk0\DR0\Partition4 - ok
11:53:51.0694 0x1a60  [ 7F2A422B6FD91735475515A92F632870 ] \Device\Harddisk0\DR0\Partition5
11:53:51.0694 0x1a60  \Device\Harddisk0\DR0\Partition5 - ok
11:53:51.0710 0x1a60  [ 2DBFC0E28DA2F7C037C3F9B5217F1C8F ] \Device\Harddisk0\DR0\Partition6
11:53:51.0710 0x1a60  \Device\Harddisk0\DR0\Partition6 - ok
11:53:51.0741 0x1a60  [ D96D541EEF8C9C720BE440122696BE19 ] \Device\Harddisk0\DR0\Partition7
11:53:51.0741 0x1a60  \Device\Harddisk0\DR0\Partition7 - ok
11:53:51.0772 0x1a60  [ 281B66D4F9E877419E793494066C35BA ] \Device\Harddisk0\DR0\Partition8
11:53:51.0772 0x1a60  \Device\Harddisk0\DR0\Partition8 - ok
11:53:51.0772 0x1a60  ================ Scan generic autorun ======================
11:53:52.0194 0x1a60  [ 9CE8442B63A1E45E317E1B55A00FF441, 580517A62B41FB69F52A725895E25538A0FCA527D9ABC376EF56AEAE5BCC2DB9 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
11:53:52.0460 0x1a60  RtHDVCpl - ok
11:53:52.0522 0x1a60  [ 5E53A66C680A06E26B1234CB0C3CD99B, D782E724FF487459704BFA2BC5BA5E6E7E85BC9D71ECF68BE78F9C74449EB207 ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
11:53:52.0554 0x1a60  RtHDVBg_Dolby - ok
11:53:52.0569 0x1a60  [ E85BD90950497619C39D1F5068228CF4, BA5CD7035EC1ACDB214EB8D534B00EA409739DD2DDD01D92D98A1B3925FB428E ] C:\Windows\system32\igfxtray.exe
11:53:52.0600 0x1a60  IgfxTray - ok
11:53:52.0600 0x1a60  BTMTrayAgent - ok
11:53:52.0600 0x1a60  SynTPEnh - ok
11:53:52.0710 0x1a60  [ 724CB7A116F7E1A67009D751BCF86586, F0C4BE7451C5573AD584F5EF125C0702841E30D928909B5B3EA702831EF2FD9B ] C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
11:53:52.0725 0x1a60  CLMLServer_For_P2G8 - ok
11:53:52.0757 0x1a60  [ BE14AD6D80F9A3B33262C62479199E61, DA661F2821235018BE22CB1B459DDC99BE6D969C754096A83B2B85C1E2E46651 ] C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe
11:53:52.0772 0x1a60  CLVirtualDrive - ok
11:53:52.0835 0x1a60  [ A2221900B57AEC20577996744FA4A56A, AFEF9176DBA86CDB16A7E84AD0DF6433D4F5865948774FB6B619CBEBEC004592 ] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
11:53:52.0835 0x1a60  RemoteControl10 - ok
11:53:52.0913 0x1a60  [ D59062FC3E0C232615AC2C6ADB46A770, BDE93E89C41F3F9F504B9F5D0A6014A370F622F03C002D352A16C6F3EA5C7A94 ] C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
11:53:52.0913 0x1a60  YouCam Service - ok
11:53:52.0960 0x1a60  [ E573EEB707C7178199EB920A7EFB5145, FD58DE4E4BDE2FD92AE9262DF5366BE143474EE93067C8016DC4E535B2DCC638 ] C:\Program Files (x86)\Launch Manager\HotkeyApp.exe
11:53:52.0960 0x1a60  HotkeyApp - ok
11:53:52.0975 0x1a60  [ DFA1067EA4157BCCCFD48F052066A076, 5E5B60C20CFF1F3F9D45588B0E0AEB59C3F4C11089CCB52AA92890773BAA081F ] C:\Program Files (x86)\Launch Manager\OSD.exe
11:53:52.0991 0x1a60  LMgrVolOSD - ok
11:53:53.0022 0x1a60  [ 78BE5D4BEA26F872E5EC082CD9653CF1, 9E2C2F1FF12B3CA1443B423F1807919B2CAB1594554936E33C20D462456B25D3 ] C:\Program Files (x86)\Launch Manager\Wbutton.exe
11:53:53.0038 0x1a60  Wbutton - ok
11:53:53.0132 0x1a60  [ 887CAA31048EB8ED09A0CBD0E6F46F09, BBCED0BD4EB00C3FECFC9448223D4C441A868787877291F5489B07B43FAB65A4 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
11:53:53.0147 0x1a60  SunJavaUpdateSched - ok
11:53:53.0772 0x1a60  [ 845799C9874B68BEAE3B64059653C7E3, 2E0B9DD46569A6449989E2D7C60B88B46352A178019B4BD840C166674E798CFD ] C:\Program Files\CCleaner\CCleaner64.exe
11:53:53.0944 0x1a60  CCleaner Monitoring - ok
11:53:54.0007 0x1a60  [ 2A65AE735E0C439762072787AD61FA07, 19E4A96924BBD51F45DD5D34D18B16D614779F508B3DF5895DF2218043BEF0E0 ] C:\Program Files (x86)\Windows Mail\wab.exe
11:53:54.0069 0x1a60  WAB Migrate - ok
11:53:54.0069 0x1a60  Waiting for KSN requests completion. In queue: 112
11:53:55.0085 0x1a60  Waiting for KSN requests completion. In queue: 112
11:53:56.0101 0x1a60  Waiting for KSN requests completion. In queue: 112
11:53:57.0116 0x1a60  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.6.305.0 ), 0x61100 ( enabled : updated )
11:53:57.0116 0x1a60  Win FW state via NFP2: enabled
11:53:59.0476 0x1a60  ============================================================
11:53:59.0476 0x1a60  Scan finished
11:53:59.0476 0x1a60  ============================================================
11:53:59.0476 0x0174  Detected object count: 0
11:53:59.0476 0x0174  Actual detected object count: 0

schrauber · 06.03.2015, 16:27

Sieht eigentlich gut aus.

Lade Dir bitte von hier

Emsisoft Emergency Kit herunter.

Bitte installiere das Programm in den vorgegebenen Pfad.
Starte das Programm durch Doppelklick der Desktopverknüpfung.
Das EEK ist nach dem Laden der Malwaresignaturen für den Scan bereit.
Folge nun bitte der bebilderten Bildanleitung zu Emergency Kit, entferne alle Funde und poste am Ende des Scans bzw. der Bereinigung das Log.

infra · 06.03.2015, 23:15

emisoft log

Code:

ATTFilter

Emsisoft Emergency Kit - Version 9.0
Letztes Update: 06.03.2015 16:49:56
Benutzerkonto: MEDIONAKOYA\Ingrid

Scan-Einstellungen:

Scan Methode: Detail-Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\

PUPs-Erkennung: An
Archiv-Scan: An
ADS Scan: An
Dateitypen-Filter: Aus
Erweitertes Caching: An
Direkter Festplattenzugriff: Aus

Scan-Beginn:	06.03.2015 16:51:28
Key: HKEY_USERS\.DEFAULT\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F} 	gefunden: Application.Win32.InstallAd (A)
Key: HKEY_USERS\S-1-5-18\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F} 	gefunden: Application.Win32.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-4156227800-406557986-4036214441-1001\SOFTWARE\SMARTBAR 	gefunden: Application.InstallAd (A)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\linmsl.exe.vir 	gefunden: Adware.Linkury.N (B)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\LPTInstaller.msi.vir -> (Embedded CAB) -> CRDLI.DLL 	gefunden: Adware.Linkury.N (B)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\LPTInstaller.msi.vir -> (Embedded CAB) -> CRDLI64.DLL 	gefunden: Adware.Linkury.N (B)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\LPTInstaller.msi.vir -> (Embedded CAB) -> CRDLIL.DLL 	gefunden: Adware.Linkury.N (B)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\LPTInstaller.msi.vir -> (Embedded CAB) -> CRDLIL64.DLL 	gefunden: Adware.Linkury.N (B)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\LPTInstaller.msi.vir -> (Embedded CAB) -> LINMSL.EXE 	gefunden: Adware.Linkury.N (B)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\LPTInstaller.msi.vir -> (Embedded CAB) -> NEWTONSOFT.JSON.DLL 	gefunden: Adware.Linkury.N (B)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\LPTInstaller.msi.vir -> (Embedded CAB) -> ntdis_32.dll 	gefunden: Adware.Linkury.N (B)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\LPTInstaller.msi.vir -> (Embedded CAB) -> ntdis_64.dll 	gefunden: Adware.Linkury.N (B)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\LPTInstaller.msi.vir -> (Embedded CAB) -> Proxy.Lib.dll 	gefunden: Adware.Linkury.N (B)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\LPTInstaller.msi.vir -> (Embedded CAB) -> ProxySettings.dll 	gefunden: Adware.Linkury.N (B)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\LPTInstaller.msi.vir -> (Embedded CAB) -> SMARTBAR.COMMON.DLL 	gefunden: Adware.Linkury.N (B)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\LPTInstaller.msi.vir -> (Embedded CAB) -> SMARTBAR.COMMUNICATION.DLL 	gefunden: Adware.Linkury.N (B)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\LPTInstaller.msi.vir -> (Embedded CAB) -> SMARTBAR.COMMUNICATION.NAMEDPIPE.DLL 	gefunden: Adware.Linkury.N (B)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\LPTInstaller.msi.vir -> (Embedded CAB) -> SMARTBAR.INFRASTRUCTURE.UTILITIES.DLL 	gefunden: Adware.Linkury.N (B)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\LPTInstaller.msi.vir -> (Embedded CAB) -> Smartbar.Monetization.InjectApp.EXE 	gefunden: Adware.Linkury.N (B)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\LPTInstaller.msi.vir -> (Embedded CAB) -> Smartbar.Monetization.Proxy.ProxyService.dll 	gefunden: Adware.Linkury.N (B)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\LPTInstaller.msi.vir -> (Embedded CAB) -> SMARTBAR.PERSONALIZATION.COMMON.DLL 	gefunden: Adware.Linkury.N (B)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\LPTInstaller.msi.vir -> (Embedded CAB) -> SMARTBAR.RESOURCES.HISTORYANDSTATSWRAPPER.DLL 	gefunden: Adware.Linkury.N (B)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\LPTInstaller.msi.vir -> (Embedded CAB) -> Smartbar.Resources.ROT.DLL 	gefunden: Adware.Linkury.N (B)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\LPTInstaller.msi.vir -> (Embedded CAB) -> SPPSM.DLL 	gefunden: Adware.Linkury.N (B)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\LPTInstaller.msi.vir -> (Embedded CAB) -> SPUSM.DLL 	gefunden: Adware.Linkury.N (B)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\LPTInstaller.msi.vir -> (Embedded CAB) -> SRBS.DLL 	gefunden: Adware.Linkury.N (B)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\LPTInstaller.msi.vir -> (Embedded CAB) -> SRBU.DLL 	gefunden: Adware.Linkury.N (B)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\LPTInstaller.msi.vir -> (Embedded CAB) -> SREU.DLL 	gefunden: Adware.Linkury.N (B)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\LPTInstaller.msi.vir -> (Embedded CAB) -> SRPDM.DLL 	gefunden: Adware.Linkury.N (B)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\LPTInstaller.msi.vir -> (Embedded CAB) -> SRPRL.DLL 	gefunden: Adware.Linkury.N (B)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\LPTInstaller.msi.vir -> (Embedded CAB) -> SRPT.DLL 	gefunden: Adware.Linkury.N (B)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\LPTInstaller.msi.vir -> (Embedded CAB) -> SRPTC.DLL 	gefunden: Adware.Linkury.N (B)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\LPTInstaller.msi.vir -> (Embedded CAB) -> SRPTM.EXE 	gefunden: Adware.Linkury.N (B)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\LPTInstaller.msi.vir -> (Embedded CAB) -> srpts.exe 	gefunden: Adware.Linkury.N (B)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\LPTInstaller.msi.vir -> (Embedded CAB) -> srptsl.exe 	gefunden: Adware.Linkury.N (B)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\LPTInstaller.msi.vir -> (Embedded CAB) -> SRUT.DLL 	gefunden: Adware.Linkury.N (B)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\LPTInstaller.msi.vir -> (Embedded EXE) -> (CAB Sfx o) -> srpt.CustomActions.dll 	gefunden: Adware.Linkury.N (B)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\LPTInstaller.msi.vir -> (Embedded EXE) -> (CAB Sfx o) -> sppsm.dll 	gefunden: Adware.Linkury.N (B)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\LPTInstaller.msi.vir -> (Embedded EXE) -> (CAB Sfx o) -> spusm.dll 	gefunden: Adware.Linkury.N (B)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\LPTInstaller.msi.vir -> (Embedded EXE) -> (CAB Sfx o) -> Smartbar.Resources.HistoryAndStatsWrapper.dll 	gefunden: Adware.Linkury.N (B)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\LPTInstaller.msi.vir -> (Embedded EXE) -> (CAB Sfx o) -> Smartbar.Personalization.Common.dll 	gefunden: Adware.Linkury.N (B)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\LPTInstaller.msi.vir -> (Embedded EXE) -> (CAB Sfx o) -> srut.dll 	gefunden: Adware.Linkury.N (B)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\LPTInstaller.msi.vir -> (Embedded EXE) -> (CAB Sfx o) -> Smartbar.Infrastructure.Utilities.dll 	gefunden: Adware.Linkury.N (B)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\LPTInstaller.msi.vir -> (Embedded EXE) -> (CAB Sfx o) -> srptc.dll 	gefunden: Adware.Linkury.N (B)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\lrrot.dll.vir 	gefunden: Adware.Linkury.N (B)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\Newtonsoft.Json.dll.vir 	gefunden: Adware.Linkury.N (B)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\Proxy.Lib.dll.vir 	gefunden: Adware.Linkury.N (B)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\ProxySettings.dll.vir 	gefunden: Adware.Linkury.N (B)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\Resources\crdli.dll.vir 	gefunden: Adware.Linkury.N (B)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\Resources\crdli64.dll.vir 	gefunden: Adware.Linkury.N (B)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\Resources\crdliL.dll.vir 	gefunden: Adware.Linkury.N (B)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\Resources\crdliL64.dll.vir 	gefunden: Adware.Linkury.N (B)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\Resources\ntdis_32.dll.vir 	gefunden: Adware.Linkury.N (B)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\Resources\ntdis_64.dll.vir 	gefunden: Adware.Linkury.N (B)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\sppsm.dll.vir 	gefunden: Adware.Linkury.N (B)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\spusm.dll.vir 	gefunden: Adware.Linkury.N (B)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\srbs.dll.vir 	gefunden: Adware.Linkury.N (B)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\srbu.dll.vir 	gefunden: Adware.Linkury.N (B)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\sreu.dll.vir 	gefunden: Adware.Linkury.N (B)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\srpdm.dll.vir 	gefunden: Adware.Linkury.N (B)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\srprl.dll.vir 	gefunden: Adware.Linkury.N (B)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\srpt.dll.vir 	gefunden: Adware.Linkury.N (B)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\srptc.dll.vir 	gefunden: Adware.Linkury.N (B)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\srpts.exe.vir 	gefunden: Adware.Linkury.N (B)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\srptsl.exe.vir 	gefunden: Adware.Linkury.N (B)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\srut.dll.vir 	gefunden: Adware.Linkury.N (B)
C:\Users\Ingrid\AppData\Local\Temp\decleaner\decleaner\setup\INFECTED\0c2d2e5c.qua -> (Quarantine-8) 	gefunden: Adware.Linkury.N (B)
C:\Users\Ingrid\AppData\Local\Temp\decleaner\decleaner\setup\INFECTED\1c05528b.qua -> (Quarantine-8) 	gefunden: Adware.Linkury.N (B)
C:\Users\Ingrid\AppData\Local\Temp\decleaner\decleaner\setup\INFECTED\285b5614.qua -> (Quarantine-8) 	gefunden: Adware.Linkury.N (B)
C:\Users\Ingrid\AppData\Local\Temp\decleaner\decleaner\setup\INFECTED\3f8e3077.qua -> (Quarantine-8) 	gefunden: Adware.Linkury.N (B)
C:\Users\Ingrid\AppData\Local\Temp\decleaner\decleaner\setup\INFECTED\40950216.qua -> (Quarantine-8) 	gefunden: Adware.Linkury.N (B)
C:\Users\Ingrid\AppData\Local\Temp\decleaner\decleaner\setup\INFECTED\44077a24.qua -> (Quarantine-8) 	gefunden: Adware.Linkury.N (B)
C:\Users\Ingrid\AppData\Local\Temp\decleaner\decleaner\setup\INFECTED\59e26f81.qua -> (Quarantine-8) 	gefunden: Adware.Linkury.N (B)
C:\Users\Ingrid\AppData\Local\Temp\decleaner\decleaner\setup\INFECTED\5d6f41be.qua -> (Quarantine-8) 	gefunden: Adware.Linkury.N (B)
C:\Users\Ingrid\AppData\Local\Temp\decleaner\decleaner\setup\INFECTED\70356ef3.qua -> (Quarantine-8) 	gefunden: Adware.Linkury.N (B)
C:\Users\Ingrid\AppData\Local\Temp\decleaner\decleaner\setup\INFECTED\7a321d49.qua -> (Quarantine-8) 	gefunden: Adware.Linkury.N (B)
C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll 	gefunden: Adware.Linkury.N (B)
C:\Windows\Installer\6721210.msi -> (Embedded CAB) -> CRDLI.DLL 	gefunden: Adware.Linkury.N (B)
C:\Windows\Installer\6721210.msi -> (Embedded CAB) -> CRDLI64.DLL 	gefunden: Adware.Linkury.N (B)
C:\Windows\Installer\6721210.msi -> (Embedded CAB) -> CRDLIL.DLL 	gefunden: Adware.Linkury.N (B)
C:\Windows\Installer\6721210.msi -> (Embedded CAB) -> CRDLIL64.DLL 	gefunden: Adware.Linkury.N (B)
C:\Windows\Installer\6721210.msi -> (Embedded CAB) -> LINMSL.EXE 	gefunden: Adware.Linkury.N (B)
C:\Windows\Installer\6721210.msi -> (Embedded CAB) -> NEWTONSOFT.JSON.DLL 	gefunden: Adware.Linkury.N (B)
C:\Windows\Installer\6721210.msi -> (Embedded CAB) -> ntdis_32.dll 	gefunden: Adware.Linkury.N (B)
C:\Windows\Installer\6721210.msi -> (Embedded CAB) -> ntdis_64.dll 	gefunden: Adware.Linkury.N (B)
C:\Windows\Installer\6721210.msi -> (Embedded CAB) -> Proxy.Lib.dll 	gefunden: Adware.Linkury.N (B)
C:\Windows\Installer\6721210.msi -> (Embedded CAB) -> ProxySettings.dll 	gefunden: Adware.Linkury.N (B)
C:\Windows\Installer\6721210.msi -> (Embedded CAB) -> SMARTBAR.COMMON.DLL 	gefunden: Adware.Linkury.N (B)
C:\Windows\Installer\6721210.msi -> (Embedded CAB) -> SMARTBAR.COMMUNICATION.DLL 	gefunden: Adware.Linkury.N (B)
C:\Windows\Installer\6721210.msi -> (Embedded CAB) -> SMARTBAR.COMMUNICATION.NAMEDPIPE.DLL 	gefunden: Adware.Linkury.N (B)
C:\Windows\Installer\6721210.msi -> (Embedded CAB) -> SMARTBAR.INFRASTRUCTURE.UTILITIES.DLL 	gefunden: Adware.Linkury.N (B)
C:\Windows\Installer\6721210.msi -> (Embedded CAB) -> Smartbar.Monetization.InjectApp.EXE 	gefunden: Adware.Linkury.N (B)
C:\Windows\Installer\6721210.msi -> (Embedded CAB) -> Smartbar.Monetization.Proxy.ProxyService.dll 	gefunden: Adware.Linkury.N (B)
C:\Windows\Installer\6721210.msi -> (Embedded CAB) -> SMARTBAR.PERSONALIZATION.COMMON.DLL 	gefunden: Adware.Linkury.N (B)
C:\Windows\Installer\6721210.msi -> (Embedded CAB) -> SMARTBAR.RESOURCES.HISTORYANDSTATSWRAPPER.DLL 	gefunden: Adware.Linkury.N (B)
C:\Windows\Installer\6721210.msi -> (Embedded CAB) -> Smartbar.Resources.ROT.DLL 	gefunden: Adware.Linkury.N (B)
C:\Windows\Installer\6721210.msi -> (Embedded CAB) -> SPPSM.DLL 	gefunden: Adware.Linkury.N (B)
C:\Windows\Installer\6721210.msi -> (Embedded CAB) -> SPUSM.DLL 	gefunden: Adware.Linkury.N (B)
C:\Windows\Installer\6721210.msi -> (Embedded CAB) -> SRBS.DLL 	gefunden: Adware.Linkury.N (B)
C:\Windows\Installer\6721210.msi -> (Embedded CAB) -> SRBU.DLL 	gefunden: Adware.Linkury.N (B)
C:\Windows\Installer\6721210.msi -> (Embedded CAB) -> SREU.DLL 	gefunden: Adware.Linkury.N (B)
C:\Windows\Installer\6721210.msi -> (Embedded CAB) -> SRPDM.DLL 	gefunden: Adware.Linkury.N (B)
C:\Windows\Installer\6721210.msi -> (Embedded CAB) -> SRPRL.DLL 	gefunden: Adware.Linkury.N (B)
C:\Windows\Installer\6721210.msi -> (Embedded CAB) -> SRPT.DLL 	gefunden: Adware.Linkury.N (B)
C:\Windows\Installer\6721210.msi -> (Embedded CAB) -> SRPTC.DLL 	gefunden: Adware.Linkury.N (B)
C:\Windows\Installer\6721210.msi -> (Embedded CAB) -> SRPTM.EXE 	gefunden: Adware.Linkury.N (B)
C:\Windows\Installer\6721210.msi -> (Embedded CAB) -> srpts.exe 	gefunden: Adware.Linkury.N (B)
C:\Windows\Installer\6721210.msi -> (Embedded CAB) -> srptsl.exe 	gefunden: Adware.Linkury.N (B)
C:\Windows\Installer\6721210.msi -> (Embedded CAB) -> SRUT.DLL 	gefunden: Adware.Linkury.N (B)
C:\Windows\Installer\6721210.msi -> (Embedded EXE) -> (CAB Sfx o) -> srpt.CustomActions.dll 	gefunden: Adware.Linkury.N (B)
C:\Windows\Installer\6721210.msi -> (Embedded EXE) -> (CAB Sfx o) -> sppsm.dll 	gefunden: Adware.Linkury.N (B)
C:\Windows\Installer\6721210.msi -> (Embedded EXE) -> (CAB Sfx o) -> spusm.dll 	gefunden: Adware.Linkury.N (B)
C:\Windows\Installer\6721210.msi -> (Embedded EXE) -> (CAB Sfx o) -> Smartbar.Resources.HistoryAndStatsWrapper.dll 	gefunden: Adware.Linkury.N (B)
C:\Windows\Installer\6721210.msi -> (Embedded EXE) -> (CAB Sfx o) -> Smartbar.Personalization.Common.dll 	gefunden: Adware.Linkury.N (B)
C:\Windows\Installer\6721210.msi -> (Embedded EXE) -> (CAB Sfx o) -> srut.dll 	gefunden: Adware.Linkury.N (B)
C:\Windows\Installer\6721210.msi -> (Embedded EXE) -> (CAB Sfx o) -> Smartbar.Infrastructure.Utilities.dll 	gefunden: Adware.Linkury.N (B)
C:\Windows\Installer\6721210.msi -> (Embedded EXE) -> (CAB Sfx o) -> srptc.dll 	gefunden: Adware.Linkury.N (B)

Gescannt	389943
Gefunden	117

Scan-Ende:	06.03.2015 19:37:14
Scan-Zeit:	2:45:46

C:\Windows\Installer\6721210.msi	Quarantäne Adware.Linkury.N (B)
C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll	Quarantäne Adware.Linkury.N (B)
C:\Users\Ingrid\AppData\Local\Temp\decleaner\decleaner\setup\INFECTED\7a321d49.qua	Quarantäne Adware.Linkury.N (B)
C:\Users\Ingrid\AppData\Local\Temp\decleaner\decleaner\setup\INFECTED\70356ef3.qua	Quarantäne Adware.Linkury.N (B)
C:\Users\Ingrid\AppData\Local\Temp\decleaner\decleaner\setup\INFECTED\5d6f41be.qua	Quarantäne Adware.Linkury.N (B)
C:\Users\Ingrid\AppData\Local\Temp\decleaner\decleaner\setup\INFECTED\59e26f81.qua	Quarantäne Adware.Linkury.N (B)
C:\Users\Ingrid\AppData\Local\Temp\decleaner\decleaner\setup\INFECTED\44077a24.qua	Quarantäne Adware.Linkury.N (B)
C:\Users\Ingrid\AppData\Local\Temp\decleaner\decleaner\setup\INFECTED\40950216.qua	Quarantäne Adware.Linkury.N (B)
C:\Users\Ingrid\AppData\Local\Temp\decleaner\decleaner\setup\INFECTED\3f8e3077.qua	Quarantäne Adware.Linkury.N (B)
C:\Users\Ingrid\AppData\Local\Temp\decleaner\decleaner\setup\INFECTED\285b5614.qua	Quarantäne Adware.Linkury.N (B)
C:\Users\Ingrid\AppData\Local\Temp\decleaner\decleaner\setup\INFECTED\1c05528b.qua	Quarantäne Adware.Linkury.N (B)
C:\Users\Ingrid\AppData\Local\Temp\decleaner\decleaner\setup\INFECTED\0c2d2e5c.qua	Quarantäne Adware.Linkury.N (B)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\srut.dll.vir	Quarantäne Adware.Linkury.N (B)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\srptsl.exe.vir	Quarantäne Adware.Linkury.N (B)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\srpts.exe.vir	Quarantäne Adware.Linkury.N (B)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\srptc.dll.vir	Quarantäne Adware.Linkury.N (B)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\srpt.dll.vir	Quarantäne Adware.Linkury.N (B)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\srprl.dll.vir	Quarantäne Adware.Linkury.N (B)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\srpdm.dll.vir	Quarantäne Adware.Linkury.N (B)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\sreu.dll.vir	Quarantäne Adware.Linkury.N (B)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\srbu.dll.vir	Quarantäne Adware.Linkury.N (B)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\srbs.dll.vir	Quarantäne Adware.Linkury.N (B)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\spusm.dll.vir	Quarantäne Adware.Linkury.N (B)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\sppsm.dll.vir	Quarantäne Adware.Linkury.N (B)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\Resources\ntdis_64.dll.vir	Quarantäne Adware.Linkury.N (B)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\Resources\ntdis_32.dll.vir	Quarantäne Adware.Linkury.N (B)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\Resources\crdliL64.dll.vir	Quarantäne Adware.Linkury.N (B)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\Resources\crdliL.dll.vir	Quarantäne Adware.Linkury.N (B)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\Resources\crdli64.dll.vir	Quarantäne Adware.Linkury.N (B)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\Resources\crdli.dll.vir	Quarantäne Adware.Linkury.N (B)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\ProxySettings.dll.vir	Quarantäne Adware.Linkury.N (B)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\Proxy.Lib.dll.vir	Quarantäne Adware.Linkury.N (B)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\Newtonsoft.Json.dll.vir	Quarantäne Adware.Linkury.N (B)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\lrrot.dll.vir	Quarantäne Adware.Linkury.N (B)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\LPTInstaller.msi.vir	Quarantäne Adware.Linkury.N (B)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\linmsl.exe.vir	Quarantäne Adware.Linkury.N (B)
Key: HKEY_USERS\S-1-5-21-4156227800-406557986-4036214441-1001\SOFTWARE\SMARTBAR	Quarantäne Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-18\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}	Quarantäne Application.Win32.InstallAd (A)

Quarantäne	38

schrauber · 07.03.2015, 13:17

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

C:\Windows\Installer\6721210.msi
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Frisches FRST log bitte.

infra · 07.03.2015, 15:40

Fixlog

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-03-2015 01
Ran by Ingrid at 2015-03-07 15:29:59 Run:1
Running from C:\Users\Ingrid\Desktop
Loaded Profiles: Ingrid & Engelbert (Available profiles: Ingrid & Engelbert)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Windows\Installer\6721210.msi
Emptytemp:
         
*****************

"C:\Windows\Installer\6721210.msi" => File/Directory not found.
EmptyTemp: => Removed 546.4 MB temporary data.


The system needed a reboot. 

==== End of Fixlog 15:31:36 ====

Frisches FRST

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-03-2015 01
Ran by Ingrid (administrator) on MEDIONAKOYA on 07-03-2015 15:38:42
Running from C:\Users\Ingrid\Desktop
Loaded Profiles: Ingrid (Available profiles: Ingrid & Engelbert)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Dropbox, Inc.) C:\Users\Ingrid\AppData\Roaming\Dropbox\bin\Dropbox.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Wistron) C:\Program Files (x86)\Launch Manager\HotkeyApp.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\OSD.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\WButton.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\WisLMSvc.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12921488 2012-07-02] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-07-10] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-16] (Synaptics Incorporated)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-20] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [258576 2012-07-30] (CyberLink Corp.)
HKLM-x32\...\Run: [HotkeyApp] => C:\Program Files (x86)\Launch Manager\HotkeyApp.exe [320824 2012-08-16] (Wistron)
HKLM-x32\...\Run: [LMgrVolOSD] => C:\Program Files (x86)\Launch Manager\OSD.exe [348960 2012-08-13] (Wistron Corp.)
HKLM-x32\...\Run: [Wbutton] => C:\Program Files (x86)\Launch Manager\Wbutton.exe [388408 2012-08-13] (Wistron Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1
HKU\S-1-5-21-4156227800-406557986-4036214441-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7416088 2015-02-19] (Piriform Ltd)
HKU\S-1-5-21-4156227800-406557986-4036214441-1001\...\MountPoints2: {3821c64a-aa1d-11e4-bec5-685d43eda18d} - "F:\HTC_Sync_Manager_PC.exe" 
HKU\S-1-5-21-4156227800-406557986-4036214441-1001\...\MountPoints2: {cbc7deca-71b2-11e4-bebb-685d43eda18d} - "G:\HTC_Sync_Manager_PC.exe" 
HKU\S-1-5-21-4156227800-406557986-4036214441-1001\...\MountPoints2: {d8aabef1-250d-11e2-be87-685d43eda18d} - "F:\LaunchU3.exe" -a
HKU\S-1-5-21-4156227800-406557986-4036214441-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Ribbons.scr [130048 2013-08-22] (Microsoft Corporation)
Startup: C:\Users\Ingrid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Ingrid\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ingrid\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ingrid\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ingrid\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ingrid\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ingrid\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ingrid\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ingrid\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-4156227800-406557986-4036214441-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4156227800-406557986-4036214441-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2014-12-02] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-14] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2014-10-14] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2015-01-08] (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-01-14] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2015-01-08] (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2014-09-03] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138 10.0.0.138

FireFox:
========
FF ProfilePath: C:\Users\Ingrid\AppData\Roaming\Mozilla\Firefox\Profiles\jqz4t3rt.default
FF Homepage: hxxp://www.google.at/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-04] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-04] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2015-01-08] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2015-01-08] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-09-03] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-09-03] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Ingrid\AppData\Roaming\Mozilla\Firefox\Profiles\jqz4t3rt.default\searchplugins\21839f0c-9d92-4158-870a-dcc44f2f1a49.xml [2014-09-14]
FF SearchPlugin: C:\Users\Ingrid\AppData\Roaming\Mozilla\Firefox\Profiles\jqz4t3rt.default\searchplugins\6947181e-4383-4852-ba93-2417fd59f471.xml [2014-12-05]
FF SearchPlugin: C:\Users\Ingrid\AppData\Roaming\Mozilla\Firefox\Profiles\jqz4t3rt.default\searchplugins\google-images.xml [2014-10-27]
FF SearchPlugin: C:\Users\Ingrid\AppData\Roaming\Mozilla\Firefox\Profiles\jqz4t3rt.default\searchplugins\google-maps.xml [2014-10-27]
FF Extension: Download videos and MP3s from YouTube - C:\Users\Ingrid\AppData\Roaming\Mozilla\Firefox\Profiles\jqz4t3rt.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900} [2015-01-02]
FF Extension: YouTube Video and Audio Downloader - C:\Users\Ingrid\AppData\Roaming\Mozilla\Firefox\Profiles\jqz4t3rt.default\Extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi [2014-12-05]
FF Extension: Download YouTube Videos as MP4 - C:\Users\Ingrid\AppData\Roaming\Mozilla\Firefox\Profiles\jqz4t3rt.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2015-01-02]
FF Extension: Adblock Plus - C:\Users\Ingrid\AppData\Roaming\Mozilla\Firefox\Profiles\jqz4t3rt.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-09-03]
FF HKU\S-1-5-21-4156227800-406557986-4036214441-1001\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Ingrid\AppData\Roaming\Mozilla\Firefox\Profiles\jqz4t3rt.default\extensions\cliqz@cliqz.com
FF HKU\S-1-5-21-4156227800-406557986-4036214441-1001\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2015-01-02]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2711736 2015-01-13] (Microsoft Corporation)
R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [70952 2011-04-13] (CyberLink)
R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [312616 2011-04-13] (CyberLink)
R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-07-09] (Intel Corporation) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-20] (Intel Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-07-18] ()
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [386344 2010-08-19] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R3 WisLMSvc; C:\Program Files (x86)\Launch Manager\WisLMSvc.exe [118560 2012-08-13] (Wistron Corp.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2699568 2012-07-18] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2015-03-06] (Emsisoft GmbH)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 HtcVCom32; C:\Windows\system32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (QUALCOMM Incorporated)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-09-04] (Intel Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-16] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-16] (Synaptics Incorporated)
S3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [48096 2012-08-09] (Windows (R) Win 7 DDK provider)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188384 2012-08-09] (Windows (R) Win 7 DDK provider)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-07 15:33 - 2015-03-07 15:33 - 00000666 _____ () C:\WINDOWS\PFRO.log
2015-03-07 15:29 - 2015-03-07 15:29 - 00000000 ____D () C:\Users\Ingrid\Desktop\FRST-OlderVersion
2015-03-07 11:53 - 2015-03-07 11:53 - 03843072 _____ () C:\Users\Ingrid\Publikation1.pub
2015-03-06 16:46 - 2015-03-06 16:46 - 00000759 _____ () C:\Users\Ingrid\Desktop\Start Emsisoft Emergency Kit.lnk
2015-03-06 16:45 - 2015-03-06 16:46 - 00000000 ____D () C:\EEK
2015-03-06 16:36 - 2015-03-06 16:44 - 166117288 _____ () C:\Users\Ingrid\Desktop\EmsisoftEmergencyKit.exe
2015-03-06 11:28 - 2015-03-06 11:28 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Ingrid\Desktop\tdsskiller.exe
2015-03-06 11:27 - 2015-03-06 11:51 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-03-06 11:26 - 2015-03-06 11:51 - 00000000 ____D () C:\Users\Ingrid\Desktop\mbar
2015-03-06 11:25 - 2015-03-06 11:26 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Ingrid\Desktop\mbar-1.09.1.1004.exe
2015-03-06 11:23 - 2015-03-06 11:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-05 20:07 - 2015-03-05 20:07 - 00033818 _____ () C:\Users\Ingrid\Desktop\Addition.txt
2015-03-05 20:05 - 2015-03-07 15:38 - 00018376 _____ () C:\Users\Ingrid\Desktop\FRST.txt
2015-03-05 20:05 - 2015-03-07 15:38 - 00000000 ____D () C:\FRST
2015-03-05 20:05 - 2015-03-07 15:29 - 02094592 _____ (Farbar) C:\Users\Ingrid\Desktop\FRST64.exe
2015-03-04 18:17 - 2015-03-04 18:17 - 00003076 _____ () C:\WINDOWS\System32\Tasks\{8B33741E-6FB7-4F51-AB19-230B701DE64C}
2015-03-03 23:13 - 2015-03-03 23:13 - 00030881 _____ () C:\Users\Ingrid\AppData\Local\recently-used.xbel
2015-03-02 09:07 - 2015-03-07 15:33 - 00002616 _____ () C:\WINDOWS\setupact.log
2015-03-02 09:07 - 2015-03-02 09:07 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-02-26 19:17 - 2015-02-26 19:17 - 00000838 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-02-25 18:52 - 2014-12-13 22:28 - 00513488 _____ () C:\WINDOWS\SysWOW64\locale.nls
2015-02-25 18:52 - 2014-12-13 22:28 - 00513488 _____ () C:\WINDOWS\system32\locale.nls
2015-02-25 18:52 - 2014-10-29 02:27 - 01200128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2015-02-25 18:52 - 2014-10-29 02:27 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2015-02-25 18:52 - 2014-10-29 02:04 - 00868352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2015-02-25 18:52 - 2014-10-29 02:04 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2015-02-24 16:21 - 2015-02-24 17:02 - 00000000 ____D () C:\Users\Ingrid\Desktop\KOPIE Schule
2015-02-21 10:44 - 2014-04-16 00:35 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2015-02-21 10:44 - 2014-04-16 00:34 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2015-02-21 10:14 - 2015-03-06 11:27 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-02-21 10:14 - 2015-03-06 11:26 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-02-21 10:14 - 2015-02-21 10:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-02-21 10:14 - 2015-02-21 10:14 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-21 10:14 - 2015-02-21 10:14 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-02-21 10:14 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-02-21 10:14 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-02-21 10:06 - 2015-02-21 10:09 - 00000000 ____D () C:\AdwCleaner
2015-02-19 23:07 - 2015-02-19 23:07 - 00055594 _____ () C:\Users\Ingrid\Downloads\Anhänge_2015219.zip
2015-02-17 11:53 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-02-17 11:53 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-02-14 14:07 - 2015-02-04 00:38 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-02-14 14:07 - 2015-02-04 00:08 - 00761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-02-14 14:07 - 2015-02-04 00:08 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-02-14 14:07 - 2015-02-03 00:11 - 01098752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-02-14 14:07 - 2015-02-03 00:11 - 00894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-02-14 14:07 - 2015-02-03 00:11 - 00609280 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-02-14 14:07 - 2015-01-19 19:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-02-14 14:07 - 2014-12-19 09:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-02-14 14:07 - 2014-12-19 09:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-02-14 14:07 - 2014-12-09 00:12 - 00391526 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-02-14 13:16 - 2015-01-15 23:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-02-14 13:16 - 2015-01-15 23:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-02-14 13:16 - 2015-01-14 05:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-02-14 13:16 - 2015-01-14 04:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-02-14 13:16 - 2014-10-29 03:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2015-02-14 13:16 - 2014-10-29 03:50 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2015-02-14 13:16 - 2014-10-29 03:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2015-02-14 13:16 - 2014-10-29 03:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2015-02-14 13:16 - 2014-10-29 02:31 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-02-14 13:15 - 2015-01-13 23:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-02-14 13:15 - 2015-01-13 23:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-02-14 13:15 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-02-14 13:15 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-02-14 13:15 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-02-14 13:15 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-02-14 13:15 - 2015-01-12 03:34 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-02-14 13:15 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-02-14 13:15 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-02-14 13:15 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-02-14 13:15 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-02-14 13:15 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-02-14 13:15 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-02-14 13:15 - 2015-01-12 02:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-02-14 13:15 - 2015-01-12 02:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-02-14 13:15 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-02-14 13:15 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-02-14 13:15 - 2015-01-12 02:48 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-02-14 13:15 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-02-14 13:15 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-02-14 13:15 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-02-14 13:15 - 2015-01-12 02:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-02-14 13:15 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-02-14 13:15 - 2015-01-12 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-02-14 13:15 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-02-14 13:15 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-02-14 13:15 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-02-14 13:15 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-02-14 13:15 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-02-14 13:15 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-02-14 13:15 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-02-14 13:15 - 2015-01-10 10:10 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-02-14 13:15 - 2015-01-10 10:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-02-14 13:15 - 2015-01-10 09:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-02-14 13:15 - 2015-01-10 08:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-02-14 13:15 - 2015-01-10 07:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-02-14 13:15 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-02-14 13:15 - 2014-12-09 02:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-02-14 13:15 - 2014-10-29 03:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-02-14 13:15 - 2014-10-29 03:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-02-14 13:15 - 2014-10-29 02:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-02-14 13:15 - 2014-10-29 02:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-02-14 13:15 - 2014-10-29 02:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2015-02-14 13:15 - 2014-10-29 02:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2015-02-14 13:15 - 2014-10-29 02:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2015-02-14 13:15 - 2014-10-29 02:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2015-02-14 13:14 - 2015-01-12 02:58 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-02-14 13:14 - 2015-01-12 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-02-14 13:14 - 2015-01-12 02:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-02-14 13:14 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-02-14 13:14 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-02-14 13:14 - 2015-01-10 09:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-02-10 09:15 - 2015-02-10 09:20 - 00000000 ____D () C:\Users\Ingrid\Desktop\JMLA 2015
2015-02-07 15:37 - 2015-02-07 15:37 - 00000000 ____D () C:\Users\Ingrid\AppData\Roaming\inkscape
2015-02-07 15:33 - 2015-02-07 15:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inkscape 0.91
2015-02-07 15:33 - 2015-02-07 15:34 - 00000000 ____D () C:\Program Files\Inkscape
2015-02-05 08:50 - 2015-02-05 08:50 - 00534401 _____ () C:\Users\Ingrid\Desktop\LK-D_ngerrechner_20150202_CC.xlsx

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-07 15:37 - 2014-08-28 19:33 - 00000000 __RDO () C:\Users\Ingrid\OneDrive
2015-03-07 15:37 - 2013-08-20 10:27 - 00000000 ___RD () C:\Users\Ingrid\Dropbox
2015-03-07 15:36 - 2014-09-02 10:13 - 00000000 ____D () C:\Users\Ingrid\AppData\Roaming\Dropbox
2015-03-07 15:35 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-03-07 15:33 - 2014-08-28 14:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-07 15:33 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-07 15:33 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-03-07 15:32 - 2015-01-23 20:08 - 01779289 _____ () C:\WINDOWS\WindowsUpdate.log
2015-03-07 11:53 - 2014-08-28 18:56 - 00000000 ____D () C:\Users\Ingrid
2015-03-07 11:05 - 2014-08-28 14:53 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-03-07 10:05 - 2014-03-18 11:03 - 01780340 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-03-07 10:05 - 2014-03-18 10:25 - 00766620 _____ () C:\WINDOWS\system32\perfh007.dat
2015-03-07 10:05 - 2014-03-18 10:25 - 00159902 _____ () C:\WINDOWS\system32\perfc007.dat
2015-03-07 10:00 - 2014-09-10 10:21 - 00003946 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{09D0AB75-F41B-4916-8A4E-6B470C25F5F9}
2015-03-06 16:57 - 2014-11-16 16:29 - 00000000 ____D () C:\Users\Ingrid\Documents\Outlook-Dateien
2015-03-05 19:12 - 2014-12-05 18:11 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4156227800-406557986-4036214441-1001
2015-03-05 19:07 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-03-05 18:58 - 2012-10-31 15:58 - 00000000 ____D () C:\Users\Ingrid\Documents\Youcam
2015-03-05 10:36 - 2014-01-01 17:05 - 00000000 ____D () C:\Users\Ingrid\Desktop\Druck
2015-03-04 18:30 - 2015-01-26 10:15 - 00005150 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for MEDIONAKOYA-Ingrid MedionAkoya
2015-03-03 23:13 - 2014-12-05 20:25 - 00000000 ____D () C:\Users\Ingrid\.gimp-2.8
2015-03-03 19:52 - 2014-08-26 20:19 - 00000000 ____D () C:\Users\Ingrid\AppData\Local\Packages
2015-03-03 19:00 - 2015-01-24 14:35 - 00000000 ____D () C:\Users\Ingrid\AppData\Local\gtk-2.0
2015-03-03 14:17 - 2014-09-02 20:30 - 00295552 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-02-28 15:40 - 2012-11-03 14:16 - 00000000 ____D () C:\Users\Ingrid\Desktop\Musikkapelle
2015-02-27 16:14 - 2014-08-28 20:35 - 00000072 _____ () C:\Users\Public\LMDebug.log
2015-02-27 15:56 - 2013-11-06 14:04 - 00000000 ____D () C:\Users\Ingrid\Desktop\Betrieb
2015-02-26 20:50 - 2014-10-24 16:55 - 00000000 ____D () C:\Users\Ingrid\Desktop\Ideensammlung
2015-02-26 19:17 - 2014-12-05 17:53 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-26 08:47 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-25 15:43 - 2013-07-10 09:01 - 00000000 ____D () C:\Users\Ingrid\Desktop\Fotos ordnen
2015-02-24 13:14 - 2014-08-28 19:34 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-02-21 21:55 - 2014-12-01 14:02 - 00000000 ____D () C:\Temp
2015-02-21 11:50 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-02-17 11:41 - 2013-08-22 15:44 - 00518504 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-16 20:37 - 2013-08-04 10:16 - 00000000 ____D () C:\Users\Ingrid\Desktop\LAMBACH
2015-02-16 20:36 - 2015-02-01 17:13 - 00000000 ____D () C:\Users\Ingrid\AppData\Local\Windows Live
2015-02-15 11:01 - 2014-08-27 21:56 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-15 10:56 - 2014-08-27 21:56 - 116773704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-02-15 10:55 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-02-15 10:53 - 2014-12-17 10:57 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-02-15 10:53 - 2014-08-28 11:04 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-02-14 13:08 - 2014-09-02 10:17 - 00001036 _____ () C:\Users\Ingrid\Desktop\Dropbox.lnk
2015-02-14 13:08 - 2014-09-02 10:15 - 00000000 ____D () C:\Users\Ingrid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-05 09:03 - 2014-09-03 11:00 - 00000000 ____D () C:\Users\Ingrid\AppData\Local\Microsoft Help

==================== Files in the root of some directories =======

2015-03-03 23:13 - 2015-03-03 23:13 - 0030881 _____ () C:\Users\Ingrid\AppData\Local\recently-used.xbel
2012-08-14 08:16 - 2012-08-14 08:16 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\Ingrid\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpounrwf.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-03 19:45

==================== End Of Log ============================

--- --- ---

--- --- ---

schrauber · 08.03.2015, 08:28

Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

Falls Combofix verwendet wurde:
Combofix deinstallieren

Wichtig: Bitte Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.
Drücke bitte die + R Taste und schreibe Combofix /Uninstall in das Ausführen-Fenster.
Klicke auf OK.
Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert.
Nun die eben deaktivierten Programme wieder aktivieren.

Alle Logs gepostet? Dann lade Dir bitte

DelFix herunter.

Schließe alle offenen Programme.
Starte die delfix.exe mit einem Doppelklick.
Setze vor jede Funktion ein Häkchen.
Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...

und/oder das Forum mit einer kleinen Spende unterstützen.

Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:

Browser
Java
Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank.
Meine Empfehlung:

Emsisoft

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:

NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.

Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.

Lade Software von einem sauberen Portal wie

.
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner .

Abschließend noch ein paar grundsätzliche Bemerkungen:
Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.

infra · 08.03.2015, 08:45

Danke danke dankeeeee

schrauber · 08.03.2015, 15:53

Gern Geschehen

infra · 20.03.2015, 08:38

Hatte ich denn was drauf von dem DHL Trojaner??
lg

schrauber · 21.03.2015, 09:48

nein

08.03.2015, 15:53	#12
schrauber /// the machine /// TB-Ausbilder	DHL Mail geöffnet Gern Geschehen __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

21.03.2015, 09:48	#14
schrauber /// the machine /// TB-Ausbilder	DHL Mail geöffnet nein __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

DHL Mail geöffnet

Plagegeister aller Art und deren Bekämpfung: DHL Mail geöffnet