Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Link angeklickt DHL

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 12.03.2015, 10:14   #1
Dummy0815
 
Link angeklickt DHL - Standard

Link angeklickt DHL



Nu isses passiert.
Obwohl ich immer super-vorsichtig bin, bin ich auf eine wirklich Echt-aussehende Mail reingefallen, es ging angeblich um eine Sendungsverfolgung der DHL.
Ich habe auf Sendungsverfolgung (die NUmmer) geklickt und es öffnete sich eine zip-Datei.
Ich weiß, spätestens hier hätte ich hellhörig werden müssen, aber da hat wohl mein Hirn ausgesetzt. Jedenfalls hab ich die ZIP geöffnet und bekam dann eine Fehlermeldung.
Im Download Ordner steht warehaouse club.de
Ich habe in meinen Programmen geschaut, ob heute etwas installiert wurde, aber da ist nix.
Was sollte ich jetzt tun?

Alt 12.03.2015, 10:27   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Link angeklickt DHL - Standard

Link angeklickt DHL



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 12.03.2015, 11:10   #3
Dummy0815
 
Link angeklickt DHL - Standard

Link angeklickt DHL



Hi Schrauber,

ich probiers einfach mal mit der Dropbox
https://www.dropbox.com/s/7ne0rna1wya9icc/Addition.txt?dl=0
https://www.dropbox.com/s/lcvjmn1l6x7gmd3/FRST.txt?dl=0

Ich danke Dir schonmal ganz herzlich!
__________________

Geändert von Dummy0815 (12.03.2015 um 11:15 Uhr) Grund: Dummy Fehler behoben

Alt 12.03.2015, 20:03   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Link angeklickt DHL - Standard

Link angeklickt DHL



Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 13.03.2015, 06:48   #5
Dummy0815
 
Link angeklickt DHL - Standard

Link angeklickt DHL



Ups, sorry! Dummy halt ;-)
FRST:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by Silke (administrator) on SILKE-PC on 12-03-2015 12:06:33
Running from C:\Users\Silke\Downloads
Loaded Profiles: Silke (Available profiles: Silke)
Platform: Microsoft Windows 7 Starter  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Windows\System32\AsusService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
() C:\ExpressGateUtil\VAWinService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(Vodafone) C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(ASUSTek Computer Inc.) C:\Program Files\Asus\Eee Docking\Eee Docking.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ASUS) C:\Program Files\Common Files\InstantOn\InsOnWMI.exe
(Dropbox, Inc.) C:\Users\Silke\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [548744 2010-04-13] (ELAN Microelectronic Corp.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Eee Docking] => C:\Program Files\ASUS\Eee Docking\Eee Docking.exe [414384 2011-01-06] (ASUSTek Computer Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9722472 2010-08-24] (Realtek Semiconductor)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKU\S-1-5-21-711005638-1065484914-1841626983-1000\...\Run: [{9EC4D426-33D4-B4B9-1219-CE084CB5B707}] => C:\Users\Silke\AppData\Local\{9EC4D426-33D4-B4B9-1219-CE084CB5B707}.exe [120832 2015-03-12] ()
HKU\S-1-5-21-711005638-1065484914-1841626983-1000\...\MountPoints2: F - F:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-711005638-1065484914-1841626983-1000\...\MountPoints2: G - G:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-711005638-1065484914-1841626983-1000\...\MountPoints2: {64f8905f-31ad-11e4-baff-5404a624b742} - G:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-711005638-1065484914-1841626983-1000\...\MountPoints2: {64f890f8-31ad-11e4-baff-5404a624b742} - G:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-711005638-1065484914-1841626983-1000\...\MountPoints2: {7f51336d-a6ef-11e4-8e2b-5404a624b742} - G:\EMP_UDSe.exe /autorun
HKU\S-1-5-21-711005638-1065484914-1841626983-1000\...\MountPoints2: {f9302f93-31ba-11e4-bddf-5404a624b742} - F:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-711005638-1065484914-1841626983-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\Bubbles.scr [878592 2010-11-20] (Microsoft Corporation)
Startup: C:\Users\Silke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Silke\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Silke\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Silke\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Silke\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Silke\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-711005638-1065484914-1841626983-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKU\S-1-5-21-711005638-1065484914-1841626983-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
HKU\S-1-5-21-711005638-1065484914-1841626983-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP07&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP07&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-711005638-1065484914-1841626983-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP07&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-711005638-1065484914-1841626983-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP07&src=IE-SearchBox
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.0.1
Tcpip\..\Interfaces\{56F23909-E102-4A9C-82C0-0E6999205EDB}: [NameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Silke\AppData\Roaming\Mozilla\Firefox\Profiles\5d6xqnyp.default
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Silke\AppData\Roaming\Mozilla\Firefox\Profiles\5d6xqnyp.default\searchplugins\ebay-kleinanzeigen.xml [2015-03-02]
FF SearchPlugin: C:\Users\Silke\AppData\Roaming\Mozilla\Firefox\Profiles\5d6xqnyp.default\searchplugins\google-images.xml [2014-12-14]
FF SearchPlugin: C:\Users\Silke\AppData\Roaming\Mozilla\Firefox\Profiles\5d6xqnyp.default\searchplugins\google-maps.xml [2014-12-14]
FF Extension: Avira Browser Safety - C:\Users\Silke\AppData\Roaming\Mozilla\Firefox\Profiles\5d6xqnyp.default\Extensions\abs@avira.com [2015-03-10]
FF Extension: dp Launcher Plugin - C:\Users\Silke\AppData\Roaming\Mozilla\Firefox\Profiles\5d6xqnyp.default\Extensions\dplauncher@digitalpublishing.de [2014-03-05]
FF Extension: Cliqz Beta - C:\Users\Silke\AppData\Roaming\Mozilla\Firefox\Profiles\5d6xqnyp.default\Extensions\cliqz@cliqz.com.xpi [2014-12-15]
FF Extension: Adblock Plus - C:\Users\Silke\AppData\Roaming\Mozilla\Firefox\Profiles\5d6xqnyp.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-01-05]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-11-07]
FF HKU\S-1-5-21-711005638-1065484914-1841626983-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKU\S-1-5-21-711005638-1065484914-1841626983-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Silke\AppData\Roaming\Mozilla\Firefox\Profiles\5d6xqnyp.default\extensions\cliqz@cliqz.com

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AsusService; C:\windows\system32\AsusService.exe [224680 2011-03-04] ()
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [694784 2009-09-20] (Hewlett-Packard Co.) [File not signed]
S2 Net Driver HPZ12; C:\windows\system32\HPZinw12.dll [44544 2008-12-03] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\windows\system32\HPZipm12.dll [53760 2008-12-03] (Hewlett-Packard) [File not signed]
R2 VideAceWindowsService; C:\ExpressGateUtil\VAWinService.exe [91464 2011-01-12] ()
R2 VMCService; C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [14336 2008-07-04] (Vodafone) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\windows\System32\drivers\AsIO.sys [11456 2010-06-28] ()
R1 AsUpIO; C:\windows\System32\drivers\AsUpIO.sys [11832 2010-08-03] ()
S2 atksgt; C:\windows\System32\DRIVERS\atksgt.sys [271360 2014-03-05] () [File not signed]
R1 dtsoftbus01; C:\windows\System32\DRIVERS\dtsoftbus01.sys [239168 2011-12-29] (DT Soft Ltd)
R3 ETD; C:\windows\System32\DRIVERS\ETD.sys [109960 2010-04-13] (ELAN Microelectronic Corp.)
R3 kbfiltr; C:\windows\System32\DRIVERS\kbfiltr.sys [13880 2009-07-20] ( )
R2 lirsgt; C:\windows\System32\DRIVERS\lirsgt.sys [18048 2012-11-15] () [File not signed]
R0 PxHelp20; C:\windows\System32\Drivers\PxHelp20.sys [20640 2005-12-05] (Sonic Solutions) [File not signed]
S3 wsvd; C:\windows\System32\DRIVERS\wsvd.sys [81704 2009-07-22] (CyberLink)
S3 btwampfl; system32\drivers\btwampfl.sys [X]
S3 btwaudio; system32\drivers\btwaudio.sys [X]
S3 btwavdt; \SystemRoot\system32\drivers\btwavdt.sys [X]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [X]
S3 btwrchid; \SystemRoot\system32\drivers\btwrchid.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-12 11:49 - 2015-03-12 11:51 - 00026838 _____ () C:\Users\Silke\Downloads\Addition.txt
2015-03-12 11:47 - 2015-03-12 12:06 - 00012589 _____ () C:\Users\Silke\Downloads\FRST.txt
2015-03-12 11:47 - 2015-03-12 12:06 - 00000000 ____D () C:\FRST
2015-03-12 11:46 - 2015-03-12 11:46 - 01135104 _____ (Farbar) C:\Users\Silke\Downloads\FRST.exe
2015-03-12 10:50 - 2015-03-12 10:50 - 00120832 _____ () C:\Users\Silke\AppData\Local\{9EC4D426-33D4-B4B9-1219-CE084CB5B707}.exe
2015-03-10 10:02 - 2015-03-10 10:02 - 00020927 _____ () C:\Users\Silke\AppData\Local\recently-used.xbel
2015-03-06 13:23 - 2015-03-06 13:24 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-03-04 18:25 - 2015-03-04 18:25 - 00027255 _____ () C:\Users\Silke\Desktop\1. Anschreiben_Imke Lemgo.odt
2015-02-25 13:36 - 2015-02-25 15:20 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2015-02-16 13:58 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-02-16 13:58 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-02-16 13:58 - 2015-01-12 03:21 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-02-16 13:58 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-02-16 13:58 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-02-16 13:58 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-02-16 13:58 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-02-16 13:58 - 2015-01-12 02:55 - 00620032 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-02-16 13:58 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-02-16 13:58 - 2015-01-12 02:55 - 00102912 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-02-16 13:58 - 2015-01-12 02:48 - 00667648 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-02-16 13:58 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-02-16 13:58 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-02-16 13:58 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-02-16 13:58 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-02-16 13:58 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-02-16 13:58 - 2015-01-12 02:23 - 00684544 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-02-16 13:58 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-02-16 13:58 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-02-16 13:58 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-02-16 13:57 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-02-16 13:57 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-02-16 13:57 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-02-16 13:57 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-02-16 13:57 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-02-16 13:57 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-02-16 13:57 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-02-16 13:57 - 2015-01-12 02:29 - 04300800 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-02-16 13:57 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-02-16 13:57 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-02-16 13:57 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-02-16 13:57 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-02-16 13:57 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-02-16 13:57 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-02-16 13:57 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-02-16 13:57 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-02-16 13:57 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-02-16 13:56 - 2015-02-04 03:54 - 00482304 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-02-16 13:56 - 2015-02-04 03:53 - 00767488 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-02-16 13:56 - 2015-02-04 03:53 - 00621056 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-02-16 13:56 - 2015-02-04 03:53 - 00325632 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-02-16 13:56 - 2015-02-04 03:53 - 00202752 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-02-16 13:56 - 2015-02-04 03:53 - 00159744 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2015-02-16 13:56 - 2015-02-04 03:49 - 00886784 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-02-16 13:56 - 2015-01-28 00:36 - 01167520 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
2015-02-16 13:56 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\windows\system32\ntkrnlpa.exe
2015-02-16 13:56 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-02-16 13:56 - 2014-12-19 03:43 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
2015-02-16 13:55 - 2015-01-15 08:46 - 00136640 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-02-16 13:55 - 2015-01-15 08:46 - 00067520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-02-16 13:55 - 2015-01-15 08:43 - 00100352 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-02-16 13:55 - 2015-01-15 08:43 - 00015872 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-02-16 13:55 - 2015-01-15 08:42 - 01061376 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-02-16 13:55 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-02-16 13:55 - 2015-01-15 08:42 - 00022528 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-02-16 13:55 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-02-16 13:55 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-02-16 13:55 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-02-16 13:55 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-02-16 13:55 - 2015-01-15 05:21 - 00369968 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-02-16 13:55 - 2015-01-09 02:45 - 02380288 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-02-16 13:55 - 2014-12-19 02:34 - 00116224 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2015-02-16 13:55 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2015-02-16 13:55 - 2014-12-11 18:47 - 00074240 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2015-02-16 13:55 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\windows\system32\scesrv.dll
2015-02-16 13:55 - 2014-12-06 04:50 - 00242688 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll
2015-02-16 13:55 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2015-02-16 13:48 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-12 11:52 - 2012-11-16 22:25 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-03-12 11:50 - 2009-07-14 05:34 - 00016160 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-12 11:50 - 2009-07-14 05:34 - 00016160 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-12 11:37 - 2012-01-14 23:47 - 00001098 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-12 08:55 - 2011-12-29 13:22 - 01282458 _____ () C:\windows\WindowsUpdate.log
2015-03-12 07:12 - 2014-02-27 13:23 - 00000000 ___RD () C:\Users\Silke\Dropbox
2015-03-12 07:12 - 2014-02-27 13:19 - 00000000 ____D () C:\Users\Silke\AppData\Roaming\Dropbox
2015-03-12 07:11 - 2014-04-16 13:18 - 00041341 _____ () C:\windows\setupact.log
2015-03-12 07:11 - 2012-01-14 23:47 - 00001094 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-12 07:11 - 2009-07-14 05:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-03-11 17:47 - 2011-12-29 12:34 - 00000000 ____D () C:\Users\Silke\AppData\Roaming\SoftGrid Client
2015-03-11 08:00 - 2014-02-27 13:23 - 00001017 _____ () C:\Users\Silke\Desktop\Dropbox.lnk
2015-03-11 08:00 - 2014-02-27 13:21 - 00000000 ____D () C:\Users\Silke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-03-10 10:28 - 2012-08-24 12:44 - 00000000 ____D () C:\Users\Silke\.gimp-2.8
2015-03-06 16:09 - 2012-07-13 21:10 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-03-02 12:55 - 2014-04-20 12:06 - 00000000 ____D () C:\Users\Silke\Documents\Eigene Scans
2015-03-02 09:46 - 2014-02-23 17:37 - 00000000 ____D () C:\Users\Silke\Desktop\funktioform
2015-03-02 08:42 - 2012-05-03 19:35 - 00000000 ____D () C:\Users\Silke\AppData\Local\FreePDF_XP
2015-03-02 07:25 - 2009-07-14 05:53 - 00032640 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2015-02-18 11:05 - 2011-12-28 22:29 - 00068416 _____ () C:\Users\Silke\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-16 14:27 - 2009-07-14 05:33 - 00293128 _____ () C:\windows\system32\FNTCACHE.DAT
2015-02-16 14:25 - 2014-12-12 16:14 - 00000000 ____D () C:\windows\system32\appraiser
2015-02-16 14:25 - 2014-05-10 18:19 - 00000000 ___SD () C:\windows\system32\CompatTel
2015-02-16 14:25 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\system32\de-DE
2015-02-16 14:20 - 2013-11-27 11:40 - 00000000 ____D () C:\windows\system32\MRT
2015-02-11 09:52 - 2014-06-30 10:49 - 00000000 ____D () C:\Users\Silke\Documents\GEZ

==================== Files in the root of some directories =======

2015-03-10 10:02 - 2015-03-10 10:02 - 0020927 _____ () C:\Users\Silke\AppData\Local\recently-used.xbel
2015-03-12 10:50 - 2015-03-12 10:50 - 0120832 _____ () C:\Users\Silke\AppData\Local\{9EC4D426-33D4-B4B9-1219-CE084CB5B707}.exe
2015-01-01 17:31 - 2015-01-01 17:31 - 0000000 _____ () C:\Users\Silke\AppData\Local\{AA9550E2-183F-4588-9F1A-229E6DD9636E}
2008-05-23 16:48 - 2008-05-23 16:48 - 0020270 _____ () C:\ProgramData\DeviceInstaller.xml
2008-06-23 12:02 - 2008-06-23 12:02 - 0097410 ____R () C:\ProgramData\DeviceManager.xml.rc4
2011-04-21 01:56 - 2010-03-02 23:59 - 0131984 _____ () C:\ProgramData\FullRemove.exe
2013-11-07 13:55 - 2013-11-07 14:48 - 0001637 _____ () C:\ProgramData\hpzinstall.log

Some content of TEMP:
====================
C:\Users\Silke\AppData\Local\Temp\avgnt.exe
C:\Users\Silke\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpejxrx4.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-05 14:40

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Addition:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by Silke at 2015-03-12 11:49:57
Running from C:\Users\Silke\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 6.1.1 - Hewlett-Packard) Hidden
Acrobat.com (HKLM\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe Digital Editions 2.0 (HKLM\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 MUI (HKLM\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
AIO_CDA_ProductContext (Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_CDA_Software (Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_Scan (Version: 130.0.365.000 - Hewlett-Packard) Hidden
AsusScreensaver (HKLM\...\{99E77016-BCF2-48C8-9119-43ECF5815F65}) (Version: 1.05 - AsusTek Computer Inc.)
ASUSUpdate for Eee PC (HKLM\...\{587178E7-B1DF-494E-9838-FA4DD36E873C}) (Version: 1.06.02 - ASUSTeK Computer Inc.)
AsusVibe2.0 (HKLM\...\Asus Vibe2.0) (Version: 2.0.9.157 - ASUSTEK)
Atheros Client Installation Program (HKLM\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.0 - Atheros)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)
Broadcom Wireless Network Adapter (HKLM\...\{4FCBCF89-1823-4D97-A6F2-0E8DD66E273A}) (Version: 1.00.0000 - AzureWave)
BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
C3100 (Version: 130.0.365.000 - Hewlett-Packard) Hidden
c3100_Help (Version: 82.0.256.000 - Hewlett-Packard) Hidden
CapsHook (HKLM\...\{4B5092B6-F231-4D18-83BC-2618B729CA45}) (Version: 1.0.0.7 - AsusTek Computer)
Cliqz (HKLM\...\{5A0C0737-6AFE-4DC6-A8B4-6DFE509ACD75}_is1) (Version: 0.5.31 - Cliqz.com)
Combined Community Codec Pack 2006-12-15 (HKLM\...\Combined Community Codec Pack_is1) (Version: 2006-12-15 02:32 - CCCP Project)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Copy (Version: 130.0.428.000 - Hewlett-Packard) Hidden
CyberLink PowerRecover (HKLM\...\InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.6.1622 - CyberLink Corp.)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.45.1.0236 - DT Soft Ltd)
Destinations (Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 130.0.465.000 - Hewlett-Packard) Hidden
DocProc (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Dropbox (HKU\S-1-5-21-711005638-1065484914-1841626983-1000\...\Dropbox) (Version: 3.2.9 - Dropbox, Inc.)
E-Cam (HKLM\...\{185AFA7A-F63E-450B-94AA-011CAC18090E}) (Version: 2.0.3.0 - AzureWave)
Eee Docking 3.8.3 (HKLM\...\Eee Docking_is1) (Version: 3.8.3 - ASUSTek Computer Inc.)
ElsterFormular (HKLM\...\ElsterFormular) (Version: 15.1.13904 - Landesfinanzdirektion Thüringen)
ETDWare PS/2-x86 7.0.5.11_WHQL (HKLM\...\Elantech) (Version: 7.0.5.11 - ELAN Microelectronics Corp.)
ExpressGateCloud (HKLM\...\InstallShield_{36B0DC39-3282-40EB-8587-B875CE46C3A7}) (Version: 2.7.29.198 - VideACE Co.)
ExpressGateCloud (Version: 2.7.29.198 - VideACE Co.) Hidden
Fax (Version: 130.0.418.000 - Hewlett-Packard) Hidden
FontResizer (HKLM\...\InstallShield_{17780F99-A9DF-450B-81B3-6781B20A17A8}) (Version: 1.01.0011 - ASUSTek)
FontResizer (Version: 1.01.0011 - ASUSTek) Hidden
FreePDF (Remove only) (HKLM\...\FreePDF_XP) (Version:  - )
Game Park Console (HKLM\...\{D44AA979-47C2-4BC0-A860-09A54224EA44}_is1) (Version: 6.2.0.3 - Oberon Media, Inc.)
GIMP 2.8.0 (HKLM\...\GIMP-2_is1) (Version: 2.8.0 - The GIMP Team)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.05) (Version: 9.05 - Artifex Software Inc.)
Hotkey Service (HKLM\...\{71C0E38E-09F2-4386-9977-404D4F6640CD}) (Version: 1.38 - AsusTek Computer Inc.)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart All-In-One Driver Software 13.0 Rel. A (HKLM\...\{17016DA1-F040-4032-BD36-34DD317BC9D5}) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
HPPhotoGadget (Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 130.0.371.000 - Hewlett-Packard) Hidden
Inkscape 0.48.4 (HKLM\...\Inkscape) (Version: 0.48.4 - )
InstantOn (HKLM\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 2.0.0 - ASUS)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.14.10.2364 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.4.1002 - Intel Corporation)
LiveUpdate (HKLM\...\{38E5A3B1-ADF1-47E0-8024-76310A30EB36}) (Version: 1.28 - AsusTek Computer Inc.)
LocaleMe (HKLM\...\{F58C1D44-4AC9-48E8-9049-7A6CDFCB415C}) (Version: 1.3 - ASUS)
MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 36.0.1 (x86 de) (HKLM\...\Mozilla Firefox 36.0.1 (x86 de)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 31.5.0 (x86 de) (HKLM\...\Mozilla Thunderbird 31.5.0 (x86 de)) (Version: 31.5.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network (Version: 130.0.572.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
OpenOffice 4.1.1 (HKLM\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Ralink RT2860 Wireless LAN Card (HKLM\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 1.5.1.0 - Ralink)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6186 - Realtek Semiconductor Corp.)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version:  - )
Scan (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Schatzjäger 3 (HKLM\...\{CDABABCC-3341-444A-A0A9-9F0F9890C75F}) (Version: 1.00.0000 - )
Scribus 1.4.4 (HKLM\...\Scribus 1.4.4) (Version: 1.4.4 - The Scribus Team)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
SmartWebPrinting (Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (Version: 130.0.469.000 - Hewlett-Packard) Hidden
Super Hybrid Engine (HKLM\...\{88F08F98-12BC-4613-81A2-8F9B88CFC73E}) (Version: 2.17 - AsusTek Computer)
syncables desktop SE (HKLM\...\{341697D8-9923-445E-B42A-529E5A99CB7A}) (Version: 5.5.746.11492 - syncables)
Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (Version: 130.0.422.000 - Hewlett-Packard) Hidden
UnloadSupport (Version: 11.0.0 - Hewlett-Packard) Hidden
Vodafone Mobile Connect Lite (HKLM\...\{C656142F-EFE1-44CD-BFAD-6CBC6DCB9860}) (Version: 9.3.3.10523 - Vodafone)
WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
Winamp (remove only) (HKLM\...\Winamp) (Version:  - )
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 4.01 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-711005638-1065484914-1841626983-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Silke\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-711005638-1065484914-1841626983-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Silke\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-711005638-1065484914-1841626983-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Silke\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-711005638-1065484914-1841626983-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Silke\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-711005638-1065484914-1841626983-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Silke\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-711005638-1065484914-1841626983-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Silke\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-711005638-1065484914-1841626983-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Silke\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-711005638-1065484914-1841626983-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Silke\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-711005638-1065484914-1841626983-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Silke\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-711005638-1065484914-1841626983-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Silke\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

==================== Restore Points  =========================

07-01-2015 15:45:47 Geplanter Prüfpunkt
26-01-2015 11:53:01 OpenOffice 4.1.1 wird installiert
05-02-2015 14:49:56 Geplanter Prüfpunkt
16-02-2015 13:58:43 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {184B32BB-40CE-4B94-9C84-2E5D985B88CC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {22F6B475-83E0-4981-A51D-8EE6CB5A4688} - System32\Tasks\InsOnWMI => C:\Program Files\Common Files\InstantOn\InsOnWMI.exe [2011-04-12] (ASUS)
Task: {C364E387-8601-4548-86D3-3020D9BD082C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {D524AE32-3134-4F85-AFAF-69D9023AD0C0} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {FD54D352-398A-45F3-8557-EA148325A61D} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2012-05-03 18:39 - 2010-06-17 20:56 - 00116224 _____ () C:\windows\System32\redmonnt.dll
2011-04-21 02:19 - 2011-03-04 00:33 - 00224680 _____ () C:\windows\system32\AsusService.exe
2011-01-12 16:22 - 2011-01-12 16:22 - 00091464 _____ () C:\ExpressGateUtil\VAWinService.exe
2010-12-24 18:51 - 2010-12-24 18:51 - 00157000 _____ () C:\ExpressGateUtil\libexpat.dll
2011-01-03 17:08 - 2011-01-03 17:08 - 00061768 _____ () C:\ExpressGateUtil\netProfileDatabase.DLL
2011-12-29 00:37 - 2011-05-28 22:04 - 00140288 _____ () C:\Program Files\WinRAR\rarext.dll
2015-03-04 23:08 - 2015-03-04 23:08 - 00750080 _____ () C:\Users\Silke\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-12 07:11 - 2015-03-12 07:11 - 00043008 _____ () c:\users\silke\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpejxrx4.dll
2015-03-04 23:08 - 2015-03-04 23:08 - 00047616 _____ () C:\Users\Silke\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 23:08 - 2015-03-04 23:08 - 00865280 _____ () C:\Users\Silke\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 23:07 - 2015-03-04 23:07 - 00200704 _____ () C:\Users\Silke\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-02-25 13:36 - 2015-02-25 13:37 - 03348080 _____ () C:\Program Files\Mozilla Thunderbird\mozjs.dll
2015-02-25 13:36 - 2015-02-25 13:37 - 00158832 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAP32V60.dll
2015-02-25 13:36 - 2015-02-25 13:37 - 00023152 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAPPR32V60.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Silke\Desktop\MEIM-studio-braun-1497.jpg:com.dropbox.attributes

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-711005638-1065484914-1841626983-1000\Control Panel\Desktop\\Wallpaper -> %windir%\web\wallpaper\windows\img0.jpg
DNS Servers: 192.168.0.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AsusVibeLauncher.lnk => C:\windows\pss\AsusVibeLauncher.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Silke^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\Silke\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: ASUSPRP => C:\Program Files\ASUS\APRP\APRP.EXE
MSCONFIG\startupreg: avgnt => "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
MSCONFIG\startupreg: Avira Systray => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
MSCONFIG\startupreg: CapsHook => AsusSender.exe C:\Program Files\ASUS\CapsHook\CapsHook.exe
MSCONFIG\startupreg: FreePDF Assistant => "C:\Program Files\FreePDF_XP\fpassist.exe"
MSCONFIG\startupreg: HotkeyMon => AsusSender.exe C:\Program Files\ASUS\HotkeyService\HotKeyMon.exe
MSCONFIG\startupreg: HotKeysCmds => C:\windows\system32\hkcmd.exe
MSCONFIG\startupreg: HotkeyService => AsusSender.exe C:\Program Files\ASUS\HotkeyService\HotkeyService.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: hpqSRMon => C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
MSCONFIG\startupreg: IgfxTray => C:\windows\system32\igfxtray.exe
MSCONFIG\startupreg: LiveUpdate => AsusSender.exe C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe auto
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: MobileConnect => %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
MSCONFIG\startupreg: Persistence => C:\windows\system32\igfxpers.exe
MSCONFIG\startupreg: SuperHybridEngine => AsusSender.exe C:\Program Files\ASUS\SHE\SuperHybridEngine.exe
MSCONFIG\startupreg: VAWinAgent => C:\ExpressGateUtil\VAWinAgent.exe
MSCONFIG\startupreg: WinampAgent => C:\Program Files\Winamp\winampa.exe

==================== Accounts: =============================

Administrator (S-1-5-21-711005638-1065484914-1841626983-500 - Administrator - Disabled)
Gast (S-1-5-21-711005638-1065484914-1841626983-501 - Limited - Disabled)
Silke (S-1-5-21-711005638-1065484914-1841626983-1000 - Administrator - Enabled) => C:\Users\Silke

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/12/2015 07:11:28 AM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue

Error: (03/11/2015 05:28:04 PM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue

Error: (03/11/2015 02:35:01 PM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue

Error: (03/11/2015 01:34:59 PM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue

Error: (03/11/2015 08:52:37 AM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue

Error: (03/11/2015 08:46:08 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm firefox.exe, Version 36.0.1.5542 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1588

Startzeit: 01d05bc39949dd07

Endzeit: 4976

Anwendungspfad: C:\Program Files\Mozilla Firefox\firefox.exe

Berichts-ID: 9324dcce-c7c2-11e4-afba-5404a624b742

Error: (03/11/2015 07:07:58 AM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue

Error: (03/10/2015 03:16:04 PM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue

Error: (03/10/2015 07:38:40 AM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue

Error: (03/09/2015 07:23:06 PM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue


System errors:
=============
Error: (03/12/2015 08:42:23 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (03/12/2015 07:11:23 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275

Error: (03/12/2015 07:11:23 AM) (Source: Application Popup) (EventID: 875) (User: )
Description: Treiber atksgt.sys konnte nicht geladen werden.

Error: (03/11/2015 05:27:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275

Error: (03/11/2015 05:27:59 PM) (Source: Application Popup) (EventID: 875) (User: )
Description: Treiber atksgt.sys konnte nicht geladen werden.

Error: (03/11/2015 02:34:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275

Error: (03/11/2015 02:34:57 PM) (Source: Application Popup) (EventID: 875) (User: )
Description: Treiber atksgt.sys konnte nicht geladen werden.

Error: (03/11/2015 01:34:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275

Error: (03/11/2015 01:34:56 PM) (Source: Application Popup) (EventID: 875) (User: )
Description: Treiber atksgt.sys konnte nicht geladen werden.

Error: (03/11/2015 08:52:33 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275


Microsoft Office Sessions:
=========================
Error: (03/12/2015 07:11:28 AM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue

Error: (03/11/2015 05:28:04 PM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue

Error: (03/11/2015 02:35:01 PM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue

Error: (03/11/2015 01:34:59 PM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue

Error: (03/11/2015 08:52:37 AM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue

Error: (03/11/2015 08:46:08 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe36.0.1.5542158801d05bc39949dd074976C:\Program Files\Mozilla Firefox\firefox.exe9324dcce-c7c2-11e4-afba-5404a624b742

Error: (03/11/2015 07:07:58 AM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue

Error: (03/10/2015 03:16:04 PM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue

Error: (03/10/2015 07:38:40 AM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue

Error: (03/09/2015 07:23:06 PM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue


==================== Memory info =========================== 

Processor: Intel(R) Atom(TM) CPU N570 @ 1.66GHz
Percentage of memory in use: 96%
Total physical RAM: 1014.12 MB
Available physical RAM: 32.69 MB
Total Pagefile: 2038.12 MB
Available Pagefile: 635.73 MB
Total Virtual: 2047.88 MB
Available Virtual: 1901.55 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:100 GB) (Free:54.28 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:117.87 GB) (Free:117.77 GB) NTFS
Drive f: () (Removable) (Total:7.46 GB) (Free:2.54 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 4661E4DB)
Partition 1: (Active) - (Size=100 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=15 GB) - (Type=1B)
Partition 3: (Not Active) - (Size=117.9 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=16 MB) - (Type=EF)

========================================================
Disk: 1 (Size: 7.5 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================
         


Alt 13.03.2015, 12:10   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Link angeklickt DHL - Standard

Link angeklickt DHL



hi,

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
--> Link angeklickt DHL

Alt 13.03.2015, 16:05   #7
Dummy0815
 
Link angeklickt DHL - Standard

Link angeklickt DHL



So, erledigt.
DAs war das erste Mal, beim zweiten Mal wurde nix gefunden.

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2015.03.13.05
  rootkit: v2015.02.25.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.17633
Silke :: SILKE-PC [administrator]

13.03.2015 13:47:17
mbar-log-2015-03-13 (13-47-17).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 320951
Time elapsed: 44 minute(s), 5 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKU\S-1-5-21-711005638-1065484914-1841626983-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|{9EC4D426-33D4-B4B9-1219-CE084CB5B707} (Trojan.MSIL.ED) -> Data: "C:\Users\Silke\AppData\Local\{9EC4D426-33D4-B4B9-1219-CE084CB5B707}.exe" -> Delete on reboot. [8089b98c0a8051e5d1c8cb53867c16ea]

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Silke\AppData\Local\{9EC4D426-33D4-B4B9-1219-CE084CB5B707}.exe (Trojan.MSIL.ED) -> Delete on reboot. [8089b98c0a8051e5d1c8cb53867c16ea]

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         

Alt 14.03.2015, 08:36   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Link angeklickt DHL - Standard

Link angeklickt DHL



und TDSSKiller?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 14.03.2015, 10:32   #9
Dummy0815
 
Link angeklickt DHL - Standard

Link angeklickt DHL



Ups, ich bin in der Zeile verrutscht und habs nicht gesehen.
Hier ist der Report (bzw. es waren 2)
Code:
ATTFilter
11:16:08.0543 0x056c  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
11:16:16.0905 0x056c  ============================================================
11:16:16.0905 0x056c  Current date / time: 2015/03/14 11:16:16.0905
11:16:16.0905 0x056c  SystemInfo:
11:16:16.0905 0x056c  
11:16:16.0905 0x056c  OS Version: 6.1.7601 ServicePack: 1.0
11:16:16.0905 0x056c  Product type: Workstation
11:16:16.0905 0x056c  ComputerName: SILKE-PC
11:16:16.0905 0x056c  UserName: Silke
11:16:16.0905 0x056c  Windows directory: C:\windows
11:16:16.0905 0x056c  System windows directory: C:\windows
11:16:16.0905 0x056c  Processor architecture: Intel x86
11:16:16.0905 0x056c  Number of processors: 4
11:16:16.0905 0x056c  Page size: 0x1000
11:16:16.0905 0x056c  Boot type: Normal boot
11:16:16.0905 0x056c  ============================================================
11:16:29.0338 0x056c  KLMD registered as C:\windows\system32\drivers\92356072.sys
11:16:30.0477 0x056c  System UUID: {CF62732E-B097-DF73-192C-4480D8820AA2}
11:16:34.0205 0x056c  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 ( 232.89 Gb ), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
11:16:34.0408 0x056c  Drive \Device\Harddisk1\DR1 - Size: 0x1DE100000 ( 7.47 Gb ), SectorSize: 0x200, Cylinders: 0x3CF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
11:16:34.0408 0x056c  ============================================================
11:16:34.0408 0x056c  \Device\Harddisk0\DR0:
11:16:34.0486 0x056c  MBR partitions:
11:16:34.0486 0x056c  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xC800000
11:16:34.0486 0x056c  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xE600800, BlocksNum 0xEBBC800
11:16:34.0486 0x056c  \Device\Harddisk1\DR1:
11:16:34.0486 0x056c  MBR partitions:
11:16:34.0486 0x056c  \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0xEEE800
11:16:34.0486 0x056c  ============================================================
11:16:34.0892 0x056c  C: <-> \Device\Harddisk0\DR0\Partition1
11:16:35.0890 0x056c  D: <-> \Device\Harddisk0\DR0\Partition2
11:16:36.0405 0x056c  ============================================================
11:16:36.0405 0x056c  Initialize success
11:16:36.0405 0x056c  ============================================================
11:16:46.0326 0x15fc  ============================================================
11:16:46.0342 0x15fc  Scan started
11:16:46.0342 0x15fc  Mode: Manual; 
11:16:46.0342 0x15fc  ============================================================
11:16:46.0342 0x15fc  KSN ping started
11:17:41.0363 0x15fc  KSN ping finished: false
11:17:47.0463 0x15fc  ================ Scan system memory ========================
11:17:47.0525 0x15fc  System memory - ok
11:17:47.0541 0x15fc  ================ Scan services =============================
11:17:50.0021 0x15fc  [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci        C:\windows\system32\drivers\1394ohci.sys
11:17:50.0271 0x15fc  1394ohci - ok
11:17:52.0455 0x15fc  [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI            C:\windows\system32\drivers\ACPI.sys
11:17:52.0517 0x15fc  ACPI - ok
11:17:52.0611 0x15fc  [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi         C:\windows\system32\drivers\acpipmi.sys
11:17:52.0642 0x15fc  AcpiPmi - ok
11:17:52.0892 0x15fc  [ 080255CDCB878813B481B8C348D47D8E, 75808821FBC732D0504795B8F85852E4C01D3B412989A1E597E1295CFF7B7A45 ] AdobeFlashPlayerUpdateSvc C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
11:17:53.0032 0x15fc  AdobeFlashPlayerUpdateSvc - ok
11:17:53.0141 0x15fc  [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx         C:\windows\system32\drivers\adp94xx.sys
11:17:53.0204 0x15fc  adp94xx - ok
11:17:53.0329 0x15fc  [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci         C:\windows\system32\drivers\adpahci.sys
11:17:53.0360 0x15fc  adpahci - ok
11:17:53.0485 0x15fc  [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320         C:\windows\system32\drivers\adpu320.sys
11:17:53.0516 0x15fc  adpu320 - ok
11:17:53.0594 0x15fc  [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc     C:\windows\System32\aelupsvc.dll
11:17:53.0719 0x15fc  AeLookupSvc - ok
11:17:53.0890 0x15fc  [ D0B388DA1D111A34366E04EB4A5DD156, 60D226F027F4025CC032CAFF73A80FAFB5FA75445654FDCF80CA8C0419C6E938 ] AFD             C:\windows\system32\drivers\afd.sys
11:17:53.0953 0x15fc  AFD - ok
11:17:53.0999 0x15fc  [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440          C:\windows\system32\drivers\agp440.sys
11:17:54.0015 0x15fc  agp440 - ok
11:17:54.0140 0x15fc  [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx         C:\windows\system32\drivers\djsvs.sys
11:17:54.0140 0x15fc  aic78xx - ok
11:17:54.0249 0x15fc  [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG             C:\windows\System32\alg.exe
11:17:54.0249 0x15fc  ALG - ok
11:17:54.0358 0x15fc  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide          C:\windows\system32\drivers\aliide.sys
11:17:54.0374 0x15fc  aliide - ok
11:17:54.0421 0x15fc  [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp          C:\windows\system32\drivers\amdagp.sys
11:17:54.0436 0x15fc  amdagp - ok
11:17:54.0483 0x15fc  [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide          C:\windows\system32\drivers\amdide.sys
11:17:54.0499 0x15fc  amdide - ok
11:17:54.0577 0x15fc  [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8           C:\windows\system32\drivers\amdk8.sys
11:17:54.0608 0x15fc  AmdK8 - ok
11:17:54.0639 0x15fc  [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM          C:\windows\system32\drivers\amdppm.sys
11:17:54.0670 0x15fc  AmdPPM - ok
11:17:54.0811 0x15fc  [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata         C:\windows\system32\drivers\amdsata.sys
11:17:54.0842 0x15fc  amdsata - ok
11:17:54.0951 0x15fc  [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs          C:\windows\system32\drivers\amdsbs.sys
11:17:54.0967 0x15fc  amdsbs - ok
11:17:55.0013 0x15fc  [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata         C:\windows\system32\drivers\amdxata.sys
11:17:55.0029 0x15fc  amdxata - ok
11:17:55.0107 0x15fc  [ E499E422412EF37576092A52648DB2B4, 95E9C11258CAF37060242BA4E1170CEDECF3376CF0A9A1E61D46706D7C7F36F8 ] AppID           C:\windows\system32\drivers\appid.sys
11:17:55.0138 0x15fc  AppID - ok
11:17:55.0263 0x15fc  [ 89B6FA43B68A373B304DFB8F6776B255, 36ABD9AB89CBC7991DE9B04051B26014982953697862BC46EF8AE4ACC2404128 ] AppIDSvc        C:\windows\System32\appidsvc.dll
11:17:55.0357 0x15fc  AppIDSvc - ok
11:17:55.0466 0x15fc  [ EACFDF31921F51C097629F1F3C9129B4, 24138755D823E69760579ECBD672421192457CDC9941B2BC499C2D34D83E86C3 ] Appinfo         C:\windows\System32\appinfo.dll
11:17:55.0466 0x15fc  Appinfo - ok
11:17:55.0575 0x15fc  [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc             C:\windows\system32\drivers\arc.sys
11:17:55.0591 0x15fc  arc - ok
11:17:55.0622 0x15fc  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas          C:\windows\system32\drivers\arcsas.sys
11:17:55.0653 0x15fc  arcsas - ok
11:17:55.0747 0x15fc  [ 956C7177DBDA0F02436868AD644CCF31, BC18586452ED4C23772BF4BE7FE6EAB184BE142922F88229E20EA53FC185461D ] AsIO            C:\windows\system32\drivers\AsIO.sys
11:17:55.0747 0x15fc  AsIO - ok
11:17:56.0605 0x15fc  [ 9D768C43FEF254DD50B1DBF8AD5C4C0B, A50854EA5C08605133B8BB4DFDC6090357C5665314AA72E0BFA1E07D4E451F09 ] aspnet_state    C:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
11:17:56.0979 0x15fc  aspnet_state - ok
11:17:57.0088 0x15fc  [ A9A565C669786C402752F609AFDD0DD5, 7D64828DE5503AF4B4A80F4C08BB2659B277CD664AB33724FB9387948BE8765A ] AsUpIO          C:\windows\system32\drivers\AsUpIO.sys
11:17:57.0104 0x15fc  AsUpIO - ok
11:17:57.0197 0x15fc  [ BDF2196D34BB224E5B11C2B0FC3A55CB, B2F7F611BC7AE7DB0D9FD3C9C0F9907B6FB1CEBBCE143C4C3996AF3895854BF7 ] AsusService     C:\windows\system32\AsusService.exe
11:17:57.0213 0x15fc  AsusService - ok
11:17:57.0291 0x15fc  [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
11:17:57.0322 0x15fc  AsyncMac - ok
11:17:57.0416 0x15fc  [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi           C:\windows\system32\drivers\atapi.sys
11:17:57.0463 0x15fc  atapi - ok
11:17:57.0931 0x15fc  [ 31CB2740BFDBAC1E48E2B7EAD38F0D27, D409B06CA4B130BC34C5F8E99A7225E3C1A2A06960897DD1F9DD1A219C11636C ] athr            C:\windows\system32\DRIVERS\athr.sys
11:17:58.0118 0x15fc  athr - ok
11:17:58.0211 0x15fc  [ 6E996CF8459A2594E0E9609D0E34D41F, 9B5512A0C9AEFF90BF7837FCFE79C6D25ECE2660BD24828D8C876C73CECDD7B7 ] atksgt          C:\windows\system32\DRIVERS\atksgt.sys
11:17:58.0243 0x15fc  atksgt - ok
11:17:58.0321 0x15fc  [ F4157B3CECF19B1C266C83AFF051C97A, 26728B59B6003EB36BC322D189254574E94790CE23637228A669FAD6ED76ECE3 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
11:17:58.0399 0x15fc  AudioEndpointBuilder - ok
11:17:58.0430 0x15fc  [ F4157B3CECF19B1C266C83AFF051C97A, 26728B59B6003EB36BC322D189254574E94790CE23637228A669FAD6ED76ECE3 ] Audiosrv        C:\windows\System32\Audiosrv.dll
11:17:58.0461 0x15fc  Audiosrv - ok
11:17:58.0523 0x15fc  [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV        C:\windows\System32\AxInstSV.dll
11:17:58.0539 0x15fc  AxInstSV - ok
11:17:58.0617 0x15fc  [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv         C:\windows\system32\drivers\bxvbdx.sys
11:17:58.0633 0x15fc  b06bdrv - ok
11:17:58.0726 0x15fc  [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x        C:\windows\system32\DRIVERS\b57nd60x.sys
11:17:58.0742 0x15fc  b57nd60x - ok
11:17:59.0085 0x15fc  [ 2BE0F23D494C301641C42EAD2FDCD4F2, A55CF4721B7C99919BDB05E2C50396EEF1D8CD233DF870C61EC53845D8CDC8BF ] BCM43XX         C:\windows\system32\DRIVERS\bcmwl6.sys
11:17:59.0335 0x15fc  BCM43XX - ok
11:17:59.0381 0x15fc  [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC          C:\windows\System32\bdesvc.dll
11:17:59.0397 0x15fc  BDESVC - ok
11:17:59.0475 0x15fc  [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep            C:\windows\system32\drivers\Beep.sys
11:17:59.0475 0x15fc  Beep - ok
11:17:59.0584 0x15fc  [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE             C:\windows\System32\bfe.dll
11:17:59.0631 0x15fc  BFE - ok
11:17:59.0818 0x15fc  [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS            C:\windows\System32\qmgr.dll
11:18:00.0255 0x15fc  BITS - ok
11:18:00.0286 0x15fc  [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive        C:\windows\system32\DRIVERS\blbdrive.sys
11:18:00.0302 0x15fc  blbdrive - ok
11:18:00.0333 0x15fc  [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser          C:\windows\system32\DRIVERS\bowser.sys
11:18:00.0349 0x15fc  bowser - ok
11:18:00.0395 0x15fc  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\windows\system32\drivers\BrFiltLo.sys
11:18:00.0411 0x15fc  BrFiltLo - ok
11:18:00.0442 0x15fc  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\windows\system32\drivers\BrFiltUp.sys
11:18:00.0458 0x15fc  BrFiltUp - ok
11:18:00.0520 0x15fc  [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser         C:\windows\System32\browser.dll
11:18:00.0536 0x15fc  Browser - ok
11:18:00.0614 0x15fc  [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid         C:\windows\System32\Drivers\Brserid.sys
11:18:00.0629 0x15fc  Brserid - ok
11:18:00.0707 0x15fc  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys
11:18:00.0739 0x15fc  BrSerWdm - ok
11:18:00.0770 0x15fc  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys
11:18:00.0785 0x15fc  BrUsbMdm - ok
11:18:00.0817 0x15fc  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\windows\System32\Drivers\BrUsbSer.sys
11:18:00.0832 0x15fc  BrUsbSer - ok
11:18:00.0988 0x15fc  [ 2865A5C8E98C70C605F417908CEBB3A4, B1C5AC228BD7072AF8668C009C6CDC13EE9FCB9481F57524300F37C40BF1E935 ] BthEnum         C:\windows\system32\drivers\BthEnum.sys
11:18:01.0035 0x15fc  BthEnum - ok
11:18:01.0097 0x15fc  [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM        C:\windows\system32\drivers\bthmodem.sys
11:18:01.0129 0x15fc  BTHMODEM - ok
11:18:01.0207 0x15fc  [ AD1872E5829E8A2C3B5B4B641C3EAB0E, 8C2DBCAC08DDB41E2B44E257C55FA2D0272959B308EFF9EAF5FF9AE1E4A0AA39 ] BthPan          C:\windows\system32\DRIVERS\bthpan.sys
11:18:01.0207 0x15fc  BthPan - ok
11:18:01.0331 0x15fc  [ 1153DE2E4F5941E10C399CB5592F78A1, 2B88AF246D62F72FA9F5B921B0375AE59A0F263672472D5EC9FDB5CA5EF51C31 ] BTHPORT         C:\windows\System32\Drivers\BTHport.sys
11:18:01.0409 0x15fc  BTHPORT - ok
11:18:01.0519 0x15fc  [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv         C:\windows\system32\bthserv.dll
11:18:01.0534 0x15fc  bthserv - ok
11:18:01.0581 0x15fc  [ C81E9413A25A439F436B1D4B6A0CF9E9, A4C290163207AED22C70C7F90B28F6FC24892889643D60D915059405AC5A4A72 ] BTHUSB          C:\windows\System32\Drivers\BTHUSB.sys
11:18:01.0597 0x15fc  BTHUSB - ok
11:18:01.0628 0x15fc  btwampfl - ok
11:18:01.0675 0x15fc  btwaudio - ok
11:18:01.0706 0x15fc  btwavdt - ok
11:18:01.0706 0x15fc  btwl2cap - ok
11:18:01.0721 0x15fc  btwrchid - ok
11:18:01.0768 0x15fc  [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
11:18:01.0784 0x15fc  cdfs - ok
11:18:01.0877 0x15fc  [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom           C:\windows\system32\DRIVERS\cdrom.sys
11:18:01.0909 0x15fc  cdrom - ok
11:18:02.0065 0x15fc  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc     C:\windows\System32\certprop.dll
11:18:02.0080 0x15fc  CertPropSvc - ok
11:18:02.0158 0x15fc  [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass        C:\windows\system32\drivers\circlass.sys
11:18:02.0205 0x15fc  circlass - ok
11:18:02.0267 0x15fc  [ 635181E0E9BBF16871BF5380D71DB02D, 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A ] CLFS            C:\windows\system32\CLFS.sys
11:18:02.0299 0x15fc  CLFS - ok
11:18:02.0486 0x15fc  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:18:02.0611 0x15fc  clr_optimization_v2.0.50727_32 - ok
11:18:02.0704 0x15fc  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:18:03.0079 0x15fc  clr_optimization_v4.0.30319_32 - ok
11:18:03.0125 0x15fc  [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt          C:\windows\system32\DRIVERS\CmBatt.sys
11:18:03.0141 0x15fc  CmBatt - ok
11:18:03.0172 0x15fc  [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide          C:\windows\system32\drivers\cmdide.sys
11:18:03.0188 0x15fc  cmdide - ok
11:18:03.0375 0x15fc  [ F516F1167EFBBC5ABC90687C94497869, AD650D56241533439419EA00236ABE14AB6E50B768620211D1A44047A9FA14EC ] CNG             C:\windows\system32\Drivers\cng.sys
11:18:03.0437 0x15fc  CNG - ok
11:18:03.0515 0x15fc  [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt        C:\windows\system32\drivers\compbatt.sys
11:18:03.0547 0x15fc  Compbatt - ok
11:18:03.0656 0x15fc  [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus    C:\windows\system32\DRIVERS\CompositeBus.sys
11:18:03.0671 0x15fc  CompositeBus - ok
11:18:03.0749 0x15fc  COMSysApp - ok
11:18:03.0812 0x15fc  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk         C:\windows\system32\drivers\crcdisk.sys
11:18:03.0827 0x15fc  crcdisk - ok
11:18:03.0968 0x15fc  [ 623E143F2DF17C0106A9988F5D7DC878, 9DA30262FF22FA9F1DB247CB3B4A2892D79730EF0ECC9589D399D24B4F58E565 ] CryptSvc        C:\windows\system32\cryptsvc.dll
11:18:03.0983 0x15fc  CryptSvc - ok
11:18:04.0483 0x15fc  [ FD557A50A65E44041CD2FCEF4BEB04DB, 746D5958F7198895D35A23566D3736D993D57726BF59D91421D8091C48926A26 ] cvhsvc          C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
11:18:04.0529 0x15fc  cvhsvc - ok
11:18:04.0654 0x15fc  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch      C:\windows\system32\rpcss.dll
11:18:04.0841 0x15fc  DcomLaunch - ok
11:18:04.0919 0x15fc  [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc       C:\windows\System32\defragsvc.dll
11:18:04.0951 0x15fc  defragsvc - ok
11:18:05.0013 0x15fc  [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC            C:\windows\system32\Drivers\dfsc.sys
11:18:05.0029 0x15fc  DfsC - ok
11:18:05.0200 0x15fc  [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp            C:\windows\system32\dhcpcore.dll
11:18:05.0231 0x15fc  Dhcp - ok
11:18:05.0325 0x15fc  [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache        C:\windows\system32\drivers\discache.sys
11:18:05.0356 0x15fc  discache - ok
11:18:05.0465 0x15fc  [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk            C:\windows\system32\drivers\disk.sys
11:18:05.0481 0x15fc  Disk - ok
11:18:05.0590 0x15fc  [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache        C:\windows\System32\dnsrslvr.dll
11:18:05.0606 0x15fc  Dnscache - ok
11:18:05.0715 0x15fc  [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc         C:\windows\System32\dot3svc.dll
11:18:05.0731 0x15fc  dot3svc - ok
11:18:05.0902 0x15fc  [ B5E479EB83707DD698F66953E922042C, 82891A4699F180A20EB25A0EC49A7E008B007A374BAA3279483AC1C95D125FE8 ] Dot4            C:\windows\system32\DRIVERS\Dot4.sys
11:18:05.0933 0x15fc  Dot4 - ok
11:18:06.0105 0x15fc  [ CAEFD09B6A6249C53A67D55A9A9FCABF, A76C951EA8A830E5BA22D8D393A946BBAEEDB76478539F647E58199B383F786B ] Dot4Print       C:\windows\system32\DRIVERS\Dot4Prt.sys
11:18:06.0136 0x15fc  Dot4Print - ok
11:18:06.0183 0x15fc  [ CF491FF38D62143203C065260567E2F7, 4315FD8FC88CF627EBE469A2DF0F280B17C95D3004FC7A93D6F8E47F0D91A037 ] dot4usb         C:\windows\system32\DRIVERS\dot4usb.sys
11:18:06.0199 0x15fc  dot4usb - ok
11:18:06.0495 0x15fc  [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS             C:\windows\system32\dps.dll
11:18:06.0511 0x15fc  DPS - ok
11:18:06.0620 0x15fc  [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud         C:\windows\system32\drivers\drmkaud.sys
11:18:06.0635 0x15fc  drmkaud - ok
11:18:06.0823 0x15fc  [ FB38473835476A6FB272215A1D972AF9, F1F0E5B5C1461FCC967273FF236B88377C232D80F9C135868042311E971318C1 ] dtsoftbus01     C:\windows\system32\DRIVERS\dtsoftbus01.sys
11:18:06.0838 0x15fc  dtsoftbus01 - ok
11:18:06.0947 0x15fc  [ 3583A5A8CC2E682BFFBD4630D0FEC08B, FD0F184B358FCECAA763444B414074BEF4E871EB7527D88385519FC158435C72 ] DXGKrnl         C:\windows\System32\drivers\dxgkrnl.sys
11:18:06.0994 0x15fc  DXGKrnl - ok
11:18:07.0103 0x15fc  [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost         C:\windows\System32\eapsvc.dll
11:18:07.0119 0x15fc  EapHost - ok
11:18:07.0681 0x15fc  [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv           C:\windows\system32\drivers\evbdx.sys
11:18:07.0946 0x15fc  ebdrv - ok
11:18:08.0024 0x15fc  [ BF08DE8E4FA1F143D41B3241F7FCE5F6, 4140BE0ECE0D4B8FDD413DBA120F5D7EF6F94628224320EDA2A85E50BEFDA638 ] EFS             C:\windows\System32\lsass.exe
11:18:08.0024 0x15fc  EFS - ok
11:18:08.0227 0x15fc  [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor         C:\windows\system32\drivers\elxstor.sys
11:18:08.0273 0x15fc  elxstor - ok
11:18:08.0289 0x15fc  [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev          C:\windows\system32\drivers\errdev.sys
11:18:08.0289 0x15fc  ErrDev - ok
11:18:08.0351 0x15fc  [ 7C87DF14552A5E0270DBD906BAFF85FB, C347234DD892E1A769DDB427BEE1A8C47A770BEF70BF7703F20C66F64627890B ] ETD             C:\windows\system32\DRIVERS\ETD.sys
11:18:08.0367 0x15fc  ETD - ok
11:18:08.0461 0x15fc  [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem     C:\windows\system32\es.dll
11:18:08.0476 0x15fc  EventSystem - ok
11:18:08.0523 0x15fc  [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat           C:\windows\system32\drivers\exfat.sys
11:18:08.0539 0x15fc  exfat - ok
11:18:08.0570 0x15fc  [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat         C:\windows\system32\drivers\fastfat.sys
11:18:08.0585 0x15fc  fastfat - ok
11:18:08.0679 0x15fc  [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax             C:\windows\system32\fxssvc.exe
11:18:08.0710 0x15fc  Fax - ok
11:18:08.0757 0x15fc  [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc             C:\windows\system32\drivers\fdc.sys
11:18:08.0757 0x15fc  fdc - ok
11:18:08.0819 0x15fc  [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost         C:\windows\system32\fdPHost.dll
11:18:08.0835 0x15fc  fdPHost - ok
11:18:08.0851 0x15fc  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub        C:\windows\system32\fdrespub.dll
11:18:08.0866 0x15fc  FDResPub - ok
11:18:08.0897 0x15fc  [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
11:18:08.0913 0x15fc  FileInfo - ok
11:18:08.0929 0x15fc  [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace       C:\windows\system32\drivers\filetrace.sys
11:18:08.0944 0x15fc  Filetrace - ok
11:18:08.0991 0x15fc  [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk        C:\windows\system32\drivers\flpydisk.sys
11:18:09.0007 0x15fc  flpydisk - ok
11:18:09.0053 0x15fc  [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
11:18:09.0069 0x15fc  FltMgr - ok
11:18:09.0194 0x15fc  [ E12C4928B32ACE04610259647F072635, B71B9C2DF45F33C4DAC88435129B08B0BCDBBE82E8C3AD0A95F00137CC8B619F ] FontCache       C:\windows\system32\FntCache.dll
11:18:09.0272 0x15fc  FontCache - ok
11:18:09.0381 0x15fc  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
11:18:09.0553 0x15fc  FontCache3.0.0.0 - ok
11:18:09.0677 0x15fc  [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends       C:\windows\system32\drivers\FsDepends.sys
11:18:09.0709 0x15fc  FsDepends - ok
11:18:09.0755 0x15fc  [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
11:18:09.0787 0x15fc  Fs_Rec - ok
11:18:09.0880 0x15fc  [ E306A24D9694C724FA2491278BF50FDB, 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091 ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
11:18:09.0911 0x15fc  fvevol - ok
11:18:09.0958 0x15fc  [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx        C:\windows\system32\drivers\gagp30kx.sys
11:18:09.0989 0x15fc  gagp30kx - ok
11:18:10.0114 0x15fc  [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc           C:\windows\System32\gpsvc.dll
11:18:10.0161 0x15fc  gpsvc - ok
11:18:10.0379 0x15fc  [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
11:18:10.0473 0x15fc  gupdate - ok
11:18:10.0504 0x15fc  [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
11:18:10.0504 0x15fc  gupdatem - ok
11:18:10.0582 0x15fc  [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir        C:\windows\system32\drivers\hcw85cir.sys
11:18:10.0598 0x15fc  hcw85cir - ok
11:18:10.0738 0x15fc  [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
11:18:10.0785 0x15fc  HdAudAddService - ok
11:18:10.0863 0x15fc  [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus        C:\windows\system32\DRIVERS\HDAudBus.sys
11:18:10.0879 0x15fc  HDAudBus - ok
11:18:10.0925 0x15fc  [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt         C:\windows\system32\drivers\HidBatt.sys
11:18:10.0941 0x15fc  HidBatt - ok
11:18:10.0988 0x15fc  [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth          C:\windows\system32\drivers\hidbth.sys
11:18:11.0003 0x15fc  HidBth - ok
11:18:11.0066 0x15fc  [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr           C:\windows\system32\drivers\hidir.sys
11:18:11.0081 0x15fc  HidIr - ok
11:18:11.0159 0x15fc  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv         C:\windows\system32\hidserv.dll
11:18:11.0175 0x15fc  hidserv - ok
11:18:11.0253 0x15fc  [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb          C:\windows\system32\DRIVERS\hidusb.sys
11:18:11.0284 0x15fc  HidUsb - ok
11:18:11.0347 0x15fc  [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc          C:\windows\system32\kmsvc.dll
11:18:11.0378 0x15fc  hkmsvc - ok
11:18:11.0471 0x15fc  [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\windows\system32\ListSvc.dll
11:18:11.0487 0x15fc  HomeGroupListener - ok
11:18:11.0565 0x15fc  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\windows\system32\provsvc.dll
11:18:11.0596 0x15fc  HomeGroupProvider - ok
11:18:11.0799 0x15fc  [ 1DAE5C46D42B02A6D5862E1482EFB390, 90B14E0A8376AE51872D89C141E88AE144B742805F94B4F7948E295322C78B9D ] hpqcxs08        C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
11:18:11.0908 0x15fc  hpqcxs08 - ok
11:18:11.0986 0x15fc  [ 99E8EEF42FE2F4AF29B08C3355DD7685, D57BC2148653DA5596FB49F1086D165B11C9F6C644608202C08305D3C8499CFE ] hpqddsvc        C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
11:18:12.0002 0x15fc  hpqddsvc - ok
11:18:12.0095 0x15fc  [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys
11:18:12.0111 0x15fc  HpSAMD - ok
11:18:12.0298 0x15fc  [ 79737E0F7D25DE8405CB34D4C9882253, 798E44BAE6CD4ECBC801ACE4089E18388ABD18744B901F53452D8103081DE967 ] HPSLPSVC        C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
11:18:12.0454 0x15fc  HPSLPSVC - ok
11:18:12.0704 0x15fc  [ 871917B07A141BFF43D76D8844D48106, 30C702008D0EE57D63F74864967DD19A55A268E77E42B5B3CC73037AD51D2987 ] HTTP            C:\windows\system32\drivers\HTTP.sys
11:18:12.0751 0x15fc  HTTP - ok
11:18:12.0860 0x15fc  [ 19E6885A061011D8DABE8F64498423FA, 62B5680D7E7F26BEE7DDDA8F51434CC3219C840779E37072BA37E55B2EE82E3B ] hwdatacard      C:\windows\system32\DRIVERS\ewusbmdm.sys
11:18:12.0875 0x15fc  hwdatacard - ok
11:18:12.0953 0x15fc  [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
11:18:12.0969 0x15fc  hwpolicy - ok
11:18:13.0078 0x15fc  [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt        C:\windows\system32\DRIVERS\i8042prt.sys
11:18:13.0094 0x15fc  i8042prt - ok
11:18:13.0234 0x15fc  [ D80AA0907748D7CC8EFAB3773F32629B, BEE52B4E6099B5B8CA5D6D4DE4A90B124AC7E3EE4A69565BFDD227AF261B6242 ] iaStor          C:\windows\system32\drivers\iaStor.sys
11:18:13.0265 0x15fc  iaStor - ok
11:18:13.0406 0x15fc  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E, 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0 ] iaStorV         C:\windows\system32\drivers\iaStorV.sys
11:18:13.0468 0x15fc  iaStorV - ok
11:18:13.0718 0x15fc  [ 3E9213A2A050BF429E91898C90F8B4E3, D80ABE5691087661B19F01927B631CB8C5291120B814B6F863F046E0D643E9E4 ] idsvc           C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:18:13.0811 0x15fc  idsvc - ok
11:18:13.0905 0x15fc  IEEtwCollectorService - ok
11:18:14.0857 0x15fc  [ 6A2A8E70C4FF9CD870869B025C6478E3, 5A80DA0E38206532EB0F83F7F1927E7EB475AA8F80BAA14B9124EF8DFDECDFDB ] igfx            C:\windows\system32\DRIVERS\igdkmd32.sys
11:18:15.0262 0x15fc  igfx - ok
11:18:15.0387 0x15fc  [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp           C:\windows\system32\drivers\iirsp.sys
11:18:15.0403 0x15fc  iirsp - ok
11:18:15.0574 0x15fc  [ B9C54120F46392100478F58F374E5709, A28EE8B0988F580D5984E815FC78DF41B169260814234AA0E453375542D0957B ] IKEEXT          C:\windows\System32\ikeext.dll
11:18:15.0621 0x15fc  IKEEXT - ok
11:18:16.0432 0x15fc  [ E8B6F7896DB2EE6A7AF7A177A9BBC526, 70997D9237BA62010B20BEF6A81DFC0926E2E449EC8254290CEFFE7401B6EFC9 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHDA.sys
11:18:16.0760 0x15fc  IntcAzAudAddService - ok
11:18:17.0009 0x15fc  [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide        C:\windows\system32\drivers\intelide.sys
11:18:17.0025 0x15fc  intelide - ok
11:18:17.0119 0x15fc  [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm        C:\windows\system32\DRIVERS\intelppm.sys
11:18:17.0119 0x15fc  intelppm - ok
11:18:17.0181 0x15fc  [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum       C:\windows\system32\ipbusenum.dll
11:18:17.0197 0x15fc  IPBusEnum - ok
11:18:17.0446 0x15fc  [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
11:18:17.0477 0x15fc  IpFilterDriver - ok
11:18:17.0587 0x15fc  [ 58F67245D041FBE7AF88F4EAF79DF0FA, 67468D6A46FF4D87AD321BFEA42F2FC843D09AA292A119C76D4D795D06028F96 ] iphlpsvc        C:\windows\System32\iphlpsvc.dll
11:18:17.0680 0x15fc  iphlpsvc - ok
11:18:17.0727 0x15fc  [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV         C:\windows\system32\drivers\IPMIDrv.sys
11:18:17.0727 0x15fc  IPMIDRV - ok
11:18:17.0758 0x15fc  [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT           C:\windows\system32\drivers\ipnat.sys
11:18:17.0774 0x15fc  IPNAT - ok
11:18:17.0821 0x15fc  [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM          C:\windows\system32\drivers\irenum.sys
11:18:17.0836 0x15fc  IRENUM - ok
11:18:17.0977 0x15fc  [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp          C:\windows\system32\drivers\isapnp.sys
11:18:18.0086 0x15fc  isapnp - ok
11:18:18.0148 0x15fc  [ EB34CE31FABD4DC4343FD2AD16D2CAF9, D21C91227A15DA89ECF522345D0AB80B3B7FC24A230596DABDB8BD3B7554CE8C ] iScsiPrt        C:\windows\system32\drivers\msiscsi.sys
11:18:18.0179 0x15fc  iScsiPrt - ok
11:18:18.0257 0x15fc  [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass        C:\windows\system32\DRIVERS\kbdclass.sys
11:18:18.0257 0x15fc  kbdclass - ok
11:18:18.0304 0x15fc  [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid          C:\windows\system32\DRIVERS\kbdhid.sys
11:18:18.0320 0x15fc  kbdhid - ok
11:18:18.0382 0x15fc  [ 3EB803312987FF44265C87CB960DF6AB, D6F44702F92089A0C847044A3933F7311D6A72C4647C3FECB35CDBF96A913A40 ] kbfiltr         C:\windows\system32\DRIVERS\kbfiltr.sys
11:18:18.0382 0x15fc  kbfiltr - ok
11:18:18.0413 0x15fc  [ BF08DE8E4FA1F143D41B3241F7FCE5F6, 4140BE0ECE0D4B8FDD413DBA120F5D7EF6F94628224320EDA2A85E50BEFDA638 ] KeyIso          C:\windows\system32\lsass.exe
11:18:18.0429 0x15fc  KeyIso - ok
11:18:18.0460 0x15fc  [ EF88BAC2B489D9C46F4E41ACF0219CD0, BF0FAF51BB6D0E588E53E483EF48D8D96B33544113892CC723CDEFAE7E5FB97A ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
11:18:18.0476 0x15fc  KSecDD - ok
11:18:18.0523 0x15fc  [ 49D70660EE8266988C1F99A0297A1430, D17B7A3118DB42358DEA80D8A21C5F1B0CC33BF74F6570676D4708B36BB91FD4 ] KSecPkg         C:\windows\system32\Drivers\ksecpkg.sys
11:18:18.0538 0x15fc  KSecPkg - ok
11:18:18.0601 0x15fc  [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm           C:\windows\system32\msdtckrm.dll
11:18:18.0632 0x15fc  KtmRm - ok
11:18:18.0710 0x15fc  [ C8FA09049E640B0A27E4B4446D958FE5, 9B0149A15DAEBF9173666EB42B2BBE2B9E99AED3FC3C43D7111A9178DBE3ED0D ] L1C             C:\windows\system32\DRIVERS\L1C62x86.sys
11:18:18.0725 0x15fc  L1C - ok
11:18:18.0803 0x15fc  [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer    C:\windows\system32\srvsvc.dll
11:18:18.0897 0x15fc  LanmanServer - ok
11:18:18.0975 0x15fc  [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
11:18:19.0084 0x15fc  LanmanWorkstation - ok
11:18:19.0193 0x15fc  [ 975B6CF65F44E95883F3855BAE8CECAF, 5878F5B2258A17DD3AFBE18CAFAFCE0310CDB61C36891B9299D738FDEEF44A91 ] lirsgt          C:\windows\system32\DRIVERS\lirsgt.sys
11:18:19.0209 0x15fc  lirsgt - ok
11:18:19.0287 0x15fc  [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
11:18:19.0303 0x15fc  lltdio - ok
11:18:19.0365 0x15fc  [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc         C:\windows\System32\lltdsvc.dll
11:18:19.0381 0x15fc  lltdsvc - ok
11:18:19.0412 0x15fc  [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts         C:\windows\System32\lmhsvc.dll
11:18:19.0427 0x15fc  lmhosts - ok
11:18:19.0537 0x15fc  [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC          C:\windows\system32\drivers\lsi_fc.sys
11:18:19.0568 0x15fc  LSI_FC - ok
11:18:19.0599 0x15fc  [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS         C:\windows\system32\drivers\lsi_sas.sys
11:18:19.0615 0x15fc  LSI_SAS - ok
11:18:19.0677 0x15fc  [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2        C:\windows\system32\drivers\lsi_sas2.sys
11:18:19.0693 0x15fc  LSI_SAS2 - ok
11:18:19.0724 0x15fc  [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI        C:\windows\system32\drivers\lsi_scsi.sys
11:18:19.0739 0x15fc  LSI_SCSI - ok
11:18:19.0786 0x15fc  [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv           C:\windows\system32\drivers\luafv.sys
11:18:19.0802 0x15fc  luafv - ok
11:18:19.0864 0x15fc  [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas         C:\windows\system32\drivers\megasas.sys
11:18:19.0895 0x15fc  megasas - ok
11:18:19.0958 0x15fc  [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR          C:\windows\system32\drivers\MegaSR.sys
11:18:19.0973 0x15fc  MegaSR - ok
11:18:20.0020 0x15fc  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS           C:\windows\system32\mmcss.dll
11:18:20.0036 0x15fc  MMCSS - ok
11:18:20.0067 0x15fc  [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem           C:\windows\system32\drivers\modem.sys
11:18:20.0067 0x15fc  Modem - ok
11:18:20.0129 0x15fc  [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor         C:\windows\system32\DRIVERS\monitor.sys
11:18:20.0129 0x15fc  monitor - ok
11:18:20.0161 0x15fc  [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass        C:\windows\system32\DRIVERS\mouclass.sys
11:18:20.0176 0x15fc  mouclass - ok
11:18:20.0207 0x15fc  [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid          C:\windows\system32\DRIVERS\mouhid.sys
11:18:20.0207 0x15fc  mouhid - ok
11:18:20.0254 0x15fc  [ FC8771F45ECCCFD89684E38842539B9B, 806DDF2B4830CA866582FE74A521BB7DF26CA0E19013DAF584D3677FB48CC77A ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
11:18:20.0254 0x15fc  mountmgr - ok
11:18:20.0285 0x15fc  Scan was interrupted by user!
11:18:20.0285 0x15fc  Waiting for KSN requests completion. In queue: 150
11:18:21.0299 0x15fc  Waiting for KSN requests completion. In queue: 150
11:18:22.0313 0x15fc  Waiting for KSN requests completion. In queue: 150
11:18:23.0327 0x15fc  Waiting for KSN requests completion. In queue: 122
11:18:24.0341 0x15fc  Waiting for KSN requests completion. In queue: 122
11:18:25.0355 0x15fc  Waiting for KSN requests completion. In queue: 122
11:18:26.0369 0x15fc  Waiting for KSN requests completion. In queue: 122
11:18:27.0383 0x15fc  Waiting for KSN requests completion. In queue: 67
11:18:28.0397 0x15fc  Waiting for KSN requests completion. In queue: 67
11:18:29.0411 0x15fc  Waiting for KSN requests completion. In queue: 67
11:18:30.0425 0x15fc  Waiting for KSN requests completion. In queue: 67
11:18:31.0439 0x15fc  Waiting for KSN requests completion. In queue: 39
11:18:32.0453 0x15fc  Waiting for KSN requests completion. In queue: 27
11:18:33.0467 0x15fc  Waiting for KSN requests completion. In queue: 27
11:18:34.0481 0x15fc  Waiting for KSN requests completion. In queue: 27
11:18:35.0495 0x15fc  Waiting for KSN requests completion. In queue: 27
11:18:36.0509 0x15fc  Waiting for KSN requests completion. In queue: 27
11:18:37.0523 0x15fc  Waiting for KSN requests completion. In queue: 27
11:18:38.0537 0x15fc  Waiting for KSN requests completion. In queue: 27
11:18:39.0551 0x15fc  Waiting for KSN requests completion. In queue: 27
11:18:40.0565 0x15fc  Waiting for KSN requests completion. In queue: 27
11:18:44.0153 0x15fc  Win FW state via NFP2: enabled
11:19:04.0324 0x15fc  ============================================================
11:19:04.0324 0x15fc  Scan finished
11:19:04.0324 0x15fc  ============================================================
11:19:04.0355 0x15ec  Detected object count: 0
11:19:04.0355 0x15ec  Actual detected object count: 0
11:19:25.0322 0x05b4  Deinitialize success
         

Alt 14.03.2015, 10:33   #10
Dummy0815
 
Link angeklickt DHL - Standard

Link angeklickt DHL



der Zweite:

Code:
ATTFilter
Code:
ATTFilter
11:19:34.0902 0x1750  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
11:19:39.0988 0x1750  ============================================================
11:19:39.0988 0x1750  Current date / time: 2015/03/14 11:19:39.0988
11:19:39.0988 0x1750  SystemInfo:
11:19:39.0988 0x1750  
11:19:39.0988 0x1750  OS Version: 6.1.7601 ServicePack: 1.0
11:19:39.0988 0x1750  Product type: Workstation
11:19:39.0988 0x1750  ComputerName: SILKE-PC
11:19:39.0988 0x1750  UserName: Silke
11:19:39.0988 0x1750  Windows directory: C:\windows
11:19:39.0988 0x1750  System windows directory: C:\windows
11:19:39.0988 0x1750  Processor architecture: Intel x86
11:19:39.0988 0x1750  Number of processors: 4
11:19:39.0988 0x1750  Page size: 0x1000
11:19:39.0988 0x1750  Boot type: Normal boot
11:19:39.0988 0x1750  ============================================================
11:19:40.0315 0x1750  KLMD registered as C:\windows\system32\drivers\54981850.sys
11:19:40.0861 0x1750  System UUID: {CF62732E-B097-DF73-192C-4480D8820AA2}
11:19:42.0250 0x1750  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 ( 232.89 Gb ), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
11:19:42.0281 0x1750  Drive \Device\Harddisk1\DR1 - Size: 0x1DE100000 ( 7.47 Gb ), SectorSize: 0x200, Cylinders: 0x3CF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
11:19:42.0281 0x1750  ============================================================
11:19:42.0281 0x1750  \Device\Harddisk0\DR0:
11:19:42.0281 0x1750  MBR partitions:
11:19:42.0281 0x1750  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xC800000
11:19:42.0281 0x1750  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xE600800, BlocksNum 0xEBBC800
11:19:42.0281 0x1750  \Device\Harddisk1\DR1:
11:19:42.0281 0x1750  MBR partitions:
11:19:42.0281 0x1750  \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0xEEE800
11:19:42.0281 0x1750  ============================================================
11:19:42.0312 0x1750  C: <-> \Device\Harddisk0\DR0\Partition1
11:19:42.0343 0x1750  D: <-> \Device\Harddisk0\DR0\Partition2
11:19:42.0343 0x1750  ============================================================
11:19:42.0343 0x1750  Initialize success
11:19:42.0343 0x1750  ============================================================
11:20:26.0538 0x14d0  ============================================================
11:20:26.0538 0x14d0  Scan started
11:20:26.0538 0x14d0  Mode: Manual; SigCheck; TDLFS; 
11:20:26.0538 0x14d0  ============================================================
11:20:26.0538 0x14d0  KSN ping started
11:20:47.0754 0x14d0  KSN ping finished: true
11:20:48.0503 0x14d0  ================ Scan system memory ========================
11:20:48.0503 0x14d0  System memory - ok
11:20:48.0503 0x14d0  ================ Scan services =============================
11:20:49.0096 0x14d0  [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci        C:\windows\system32\drivers\1394ohci.sys
11:20:49.0470 0x14d0  1394ohci - ok
11:20:49.0532 0x14d0  [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI            C:\windows\system32\drivers\ACPI.sys
11:20:49.0595 0x14d0  ACPI - ok
11:20:49.0657 0x14d0  [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi         C:\windows\system32\drivers\acpipmi.sys
11:20:49.0782 0x14d0  AcpiPmi - ok
11:20:49.0860 0x14d0  [ 080255CDCB878813B481B8C348D47D8E, 75808821FBC732D0504795B8F85852E4C01D3B412989A1E597E1295CFF7B7A45 ] AdobeFlashPlayerUpdateSvc C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
11:20:49.0922 0x14d0  AdobeFlashPlayerUpdateSvc - ok
11:20:50.0000 0x14d0  [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx         C:\windows\system32\drivers\adp94xx.sys
11:20:50.0063 0x14d0  adp94xx - ok
11:20:50.0125 0x14d0  [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci         C:\windows\system32\drivers\adpahci.sys
11:20:50.0188 0x14d0  adpahci - ok
11:20:50.0250 0x14d0  [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320         C:\windows\system32\drivers\adpu320.sys
11:20:50.0281 0x14d0  adpu320 - ok
11:20:50.0359 0x14d0  [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc     C:\windows\System32\aelupsvc.dll
11:20:50.0562 0x14d0  AeLookupSvc - ok
11:20:50.0624 0x14d0  [ D0B388DA1D111A34366E04EB4A5DD156, 60D226F027F4025CC032CAFF73A80FAFB5FA75445654FDCF80CA8C0419C6E938 ] AFD             C:\windows\system32\drivers\afd.sys
11:20:50.0765 0x14d0  AFD - ok
11:20:50.0812 0x14d0  [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440          C:\windows\system32\drivers\agp440.sys
11:20:50.0827 0x14d0  agp440 - ok
11:20:50.0905 0x14d0  [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx         C:\windows\system32\drivers\djsvs.sys
11:20:50.0936 0x14d0  aic78xx - ok
11:20:50.0968 0x14d0  [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG             C:\windows\System32\alg.exe
11:20:51.0046 0x14d0  ALG - ok
11:20:51.0092 0x14d0  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide          C:\windows\system32\drivers\aliide.sys
11:20:51.0124 0x14d0  aliide - ok
11:20:51.0170 0x14d0  [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp          C:\windows\system32\drivers\amdagp.sys
11:20:51.0202 0x14d0  amdagp - ok
11:20:51.0217 0x14d0  [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide          C:\windows\system32\drivers\amdide.sys
11:20:51.0248 0x14d0  amdide - ok
11:20:51.0280 0x14d0  [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8           C:\windows\system32\drivers\amdk8.sys
11:20:51.0342 0x14d0  AmdK8 - ok
11:20:51.0373 0x14d0  [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM          C:\windows\system32\drivers\amdppm.sys
11:20:51.0436 0x14d0  AmdPPM - ok
11:20:51.0482 0x14d0  [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata         C:\windows\system32\drivers\amdsata.sys
11:20:51.0529 0x14d0  amdsata - ok
11:20:51.0592 0x14d0  [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs          C:\windows\system32\drivers\amdsbs.sys
11:20:51.0638 0x14d0  amdsbs - ok
11:20:51.0654 0x14d0  [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata         C:\windows\system32\drivers\amdxata.sys
11:20:51.0685 0x14d0  amdxata - ok
11:20:51.0716 0x14d0  [ E499E422412EF37576092A52648DB2B4, 95E9C11258CAF37060242BA4E1170CEDECF3376CF0A9A1E61D46706D7C7F36F8 ] AppID           C:\windows\system32\drivers\appid.sys
11:20:51.0826 0x14d0  AppID - ok
11:20:51.0857 0x14d0  [ 89B6FA43B68A373B304DFB8F6776B255, 36ABD9AB89CBC7991DE9B04051B26014982953697862BC46EF8AE4ACC2404128 ] AppIDSvc        C:\windows\System32\appidsvc.dll
11:20:51.0904 0x14d0  AppIDSvc - ok
11:20:51.0966 0x14d0  [ EACFDF31921F51C097629F1F3C9129B4, 24138755D823E69760579ECBD672421192457CDC9941B2BC499C2D34D83E86C3 ] Appinfo         C:\windows\System32\appinfo.dll
11:20:52.0075 0x14d0  Appinfo - ok
11:20:52.0106 0x14d0  [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc             C:\windows\system32\drivers\arc.sys
11:20:52.0153 0x14d0  arc - ok
11:20:52.0184 0x14d0  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas          C:\windows\system32\drivers\arcsas.sys
11:20:52.0231 0x14d0  arcsas - ok
11:20:52.0262 0x14d0  [ 956C7177DBDA0F02436868AD644CCF31, BC18586452ED4C23772BF4BE7FE6EAB184BE142922F88229E20EA53FC185461D ] AsIO            C:\windows\system32\drivers\AsIO.sys
11:20:52.0340 0x14d0  AsIO - ok
11:20:52.0481 0x14d0  [ 9D768C43FEF254DD50B1DBF8AD5C4C0B, A50854EA5C08605133B8BB4DFDC6090357C5665314AA72E0BFA1E07D4E451F09 ] aspnet_state    C:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
11:20:52.0528 0x14d0  aspnet_state - ok
11:20:52.0574 0x14d0  [ A9A565C669786C402752F609AFDD0DD5, 7D64828DE5503AF4B4A80F4C08BB2659B277CD664AB33724FB9387948BE8765A ] AsUpIO          C:\windows\system32\drivers\AsUpIO.sys
11:20:52.0590 0x14d0  AsUpIO - ok
11:20:52.0637 0x14d0  [ BDF2196D34BB224E5B11C2B0FC3A55CB, B2F7F611BC7AE7DB0D9FD3C9C0F9907B6FB1CEBBCE143C4C3996AF3895854BF7 ] AsusService     C:\windows\system32\AsusService.exe
11:20:52.0699 0x14d0  AsusService - ok
11:20:52.0730 0x14d0  [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
11:20:52.0886 0x14d0  AsyncMac - ok
11:20:52.0933 0x14d0  [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi           C:\windows\system32\drivers\atapi.sys
11:20:52.0964 0x14d0  atapi - ok
11:20:53.0198 0x14d0  [ 31CB2740BFDBAC1E48E2B7EAD38F0D27, D409B06CA4B130BC34C5F8E99A7225E3C1A2A06960897DD1F9DD1A219C11636C ] athr            C:\windows\system32\DRIVERS\athr.sys
11:20:53.0495 0x14d0  athr - ok
11:20:53.0604 0x14d0  [ 6E996CF8459A2594E0E9609D0E34D41F, 9B5512A0C9AEFF90BF7837FCFE79C6D25ECE2660BD24828D8C876C73CECDD7B7 ] atksgt          C:\windows\system32\DRIVERS\atksgt.sys
11:20:53.0698 0x14d0  atksgt - detected UnsignedFile.Multi.Generic ( 1 )
11:21:04.0009 0x14d0  atksgt ( UnsignedFile.Multi.Generic ) - warning
11:21:04.0009 0x14d0  Force sending object to P2P due to detect: atksgt
11:21:23.0868 0x14d0  Object send P2P result: true
11:21:24.0008 0x14d0  [ F4157B3CECF19B1C266C83AFF051C97A, 26728B59B6003EB36BC322D189254574E94790CE23637228A669FAD6ED76ECE3 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
11:21:24.0180 0x14d0  AudioEndpointBuilder - ok
11:21:24.0242 0x14d0  [ F4157B3CECF19B1C266C83AFF051C97A, 26728B59B6003EB36BC322D189254574E94790CE23637228A669FAD6ED76ECE3 ] Audiosrv        C:\windows\System32\Audiosrv.dll
11:21:24.0352 0x14d0  Audiosrv - ok
11:21:24.0461 0x14d0  [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV        C:\windows\System32\AxInstSV.dll
11:21:24.0648 0x14d0  AxInstSV - ok
11:21:24.0726 0x14d0  [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv         C:\windows\system32\drivers\bxvbdx.sys
11:21:24.0835 0x14d0  b06bdrv - ok
11:21:24.0898 0x14d0  [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x        C:\windows\system32\DRIVERS\b57nd60x.sys
11:21:24.0991 0x14d0  b57nd60x - ok
11:21:25.0428 0x14d0  [ 2BE0F23D494C301641C42EAD2FDCD4F2, A55CF4721B7C99919BDB05E2C50396EEF1D8CD233DF870C61EC53845D8CDC8BF ] BCM43XX         C:\windows\system32\DRIVERS\bcmwl6.sys
11:21:25.0740 0x14d0  BCM43XX - ok
11:21:25.0818 0x14d0  [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC          C:\windows\System32\bdesvc.dll
11:21:25.0943 0x14d0  BDESVC - ok
11:21:26.0005 0x14d0  [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep            C:\windows\system32\drivers\Beep.sys
11:21:26.0130 0x14d0  Beep - ok
11:21:26.0208 0x14d0  [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE             C:\windows\System32\bfe.dll
11:21:26.0364 0x14d0  BFE - ok
11:21:26.0458 0x14d0  [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS            C:\windows\System32\qmgr.dll
11:21:26.0598 0x14d0  BITS - ok
11:21:26.0629 0x14d0  [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive        C:\windows\system32\DRIVERS\blbdrive.sys
11:21:26.0692 0x14d0  blbdrive - ok
11:21:26.0723 0x14d0  [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser          C:\windows\system32\DRIVERS\bowser.sys
11:21:26.0801 0x14d0  bowser - ok
11:21:26.0863 0x14d0  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\windows\system32\drivers\BrFiltLo.sys
11:21:26.0926 0x14d0  BrFiltLo - ok
11:21:26.0941 0x14d0  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\windows\system32\drivers\BrFiltUp.sys
11:21:27.0019 0x14d0  BrFiltUp - ok
11:21:27.0066 0x14d0  [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser         C:\windows\System32\browser.dll
11:21:27.0160 0x14d0  Browser - ok
11:21:27.0238 0x14d0  [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid         C:\windows\System32\Drivers\Brserid.sys
11:21:27.0347 0x14d0  Brserid - ok
11:21:27.0378 0x14d0  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys
11:21:27.0440 0x14d0  BrSerWdm - ok
11:21:27.0456 0x14d0  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys
11:21:27.0550 0x14d0  BrUsbMdm - ok
11:21:27.0581 0x14d0  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\windows\System32\Drivers\BrUsbSer.sys
11:21:27.0612 0x14d0  BrUsbSer - ok
11:21:27.0674 0x14d0  [ 2865A5C8E98C70C605F417908CEBB3A4, B1C5AC228BD7072AF8668C009C6CDC13EE9FCB9481F57524300F37C40BF1E935 ] BthEnum         C:\windows\system32\drivers\BthEnum.sys
11:21:27.0768 0x14d0  BthEnum - ok
11:21:27.0799 0x14d0  [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM        C:\windows\system32\drivers\bthmodem.sys
11:21:27.0862 0x14d0  BTHMODEM - ok
11:21:27.0893 0x14d0  [ AD1872E5829E8A2C3B5B4B641C3EAB0E, 8C2DBCAC08DDB41E2B44E257C55FA2D0272959B308EFF9EAF5FF9AE1E4A0AA39 ] BthPan          C:\windows\system32\DRIVERS\bthpan.sys
11:21:27.0971 0x14d0  BthPan - ok
11:21:28.0049 0x14d0  [ 1153DE2E4F5941E10C399CB5592F78A1, 2B88AF246D62F72FA9F5B921B0375AE59A0F263672472D5EC9FDB5CA5EF51C31 ] BTHPORT         C:\windows\System32\Drivers\BTHport.sys
11:21:28.0127 0x14d0  BTHPORT - ok
11:21:28.0174 0x14d0  [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv         C:\windows\system32\bthserv.dll
11:21:28.0267 0x14d0  bthserv - ok
11:21:28.0298 0x14d0  [ C81E9413A25A439F436B1D4B6A0CF9E9, A4C290163207AED22C70C7F90B28F6FC24892889643D60D915059405AC5A4A72 ] BTHUSB          C:\windows\System32\Drivers\BTHUSB.sys
11:21:28.0376 0x14d0  BTHUSB - ok
11:21:28.0392 0x14d0  btwampfl - ok
11:21:28.0408 0x14d0  btwaudio - ok
11:21:28.0439 0x14d0  btwavdt - ok
11:21:28.0454 0x14d0  btwl2cap - ok
11:21:28.0486 0x14d0  btwrchid - ok
11:21:28.0532 0x14d0  [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
11:21:28.0657 0x14d0  cdfs - ok
11:21:28.0704 0x14d0  [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom           C:\windows\system32\DRIVERS\cdrom.sys
11:21:28.0798 0x14d0  cdrom - ok
11:21:28.0860 0x14d0  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc     C:\windows\System32\certprop.dll
11:21:28.0954 0x14d0  CertPropSvc - ok
11:21:28.0985 0x14d0  [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass        C:\windows\system32\drivers\circlass.sys
11:21:29.0047 0x14d0  circlass - ok
11:21:29.0110 0x14d0  [ 635181E0E9BBF16871BF5380D71DB02D, 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A ] CLFS            C:\windows\system32\CLFS.sys
11:21:29.0172 0x14d0  CLFS - ok
11:21:29.0250 0x14d0  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:21:29.0281 0x14d0  clr_optimization_v2.0.50727_32 - ok
11:21:29.0344 0x14d0  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:21:29.0391 0x14d0  clr_optimization_v4.0.30319_32 - ok
11:21:29.0437 0x14d0  [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt          C:\windows\system32\DRIVERS\CmBatt.sys
11:21:29.0500 0x14d0  CmBatt - ok
11:21:29.0562 0x14d0  [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide          C:\windows\system32\drivers\cmdide.sys
11:21:29.0625 0x14d0  cmdide - ok
11:21:29.0703 0x14d0  [ F516F1167EFBBC5ABC90687C94497869, AD650D56241533439419EA00236ABE14AB6E50B768620211D1A44047A9FA14EC ] CNG             C:\windows\system32\Drivers\cng.sys
11:21:29.0827 0x14d0  CNG - ok
11:21:29.0874 0x14d0  [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt        C:\windows\system32\drivers\compbatt.sys
11:21:29.0921 0x14d0  Compbatt - ok
11:21:29.0968 0x14d0  [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus    C:\windows\system32\DRIVERS\CompositeBus.sys
11:21:30.0046 0x14d0  CompositeBus - ok
11:21:30.0077 0x14d0  COMSysApp - ok
11:21:30.0124 0x14d0  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk         C:\windows\system32\drivers\crcdisk.sys
11:21:30.0171 0x14d0  crcdisk - ok
11:21:30.0264 0x14d0  [ 623E143F2DF17C0106A9988F5D7DC878, 9DA30262FF22FA9F1DB247CB3B4A2892D79730EF0ECC9589D399D24B4F58E565 ] CryptSvc        C:\windows\system32\cryptsvc.dll
11:21:30.0373 0x14d0  CryptSvc - ok
11:21:30.0639 0x14d0  [ FD557A50A65E44041CD2FCEF4BEB04DB, 746D5958F7198895D35A23566D3736D993D57726BF59D91421D8091C48926A26 ] cvhsvc          C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
11:21:30.0779 0x14d0  cvhsvc - ok
11:21:30.0857 0x14d0  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch      C:\windows\system32\rpcss.dll
11:21:31.0013 0x14d0  DcomLaunch - ok
11:21:31.0075 0x14d0  [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc       C:\windows\System32\defragsvc.dll
11:21:31.0231 0x14d0  defragsvc - ok
11:21:31.0278 0x14d0  [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC            C:\windows\system32\Drivers\dfsc.sys
11:21:31.0387 0x14d0  DfsC - ok
11:21:31.0465 0x14d0  [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp            C:\windows\system32\dhcpcore.dll
11:21:31.0575 0x14d0  Dhcp - ok
11:21:31.0606 0x14d0  [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache        C:\windows\system32\drivers\discache.sys
11:21:31.0715 0x14d0  discache - ok
11:21:31.0762 0x14d0  [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk            C:\windows\system32\drivers\disk.sys
11:21:31.0809 0x14d0  Disk - ok
11:21:31.0855 0x14d0  [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache        C:\windows\System32\dnsrslvr.dll
11:21:31.0949 0x14d0  Dnscache - ok
11:21:32.0027 0x14d0  [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc         C:\windows\System32\dot3svc.dll
11:21:32.0167 0x14d0  dot3svc - ok
11:21:32.0230 0x14d0  [ B5E479EB83707DD698F66953E922042C, 82891A4699F180A20EB25A0EC49A7E008B007A374BAA3279483AC1C95D125FE8 ] Dot4            C:\windows\system32\DRIVERS\Dot4.sys
11:21:32.0308 0x14d0  Dot4 - ok
11:21:32.0355 0x14d0  [ CAEFD09B6A6249C53A67D55A9A9FCABF, A76C951EA8A830E5BA22D8D393A946BBAEEDB76478539F647E58199B383F786B ] Dot4Print       C:\windows\system32\DRIVERS\Dot4Prt.sys
11:21:32.0401 0x14d0  Dot4Print - ok
11:21:32.0433 0x14d0  [ CF491FF38D62143203C065260567E2F7, 4315FD8FC88CF627EBE469A2DF0F280B17C95D3004FC7A93D6F8E47F0D91A037 ] dot4usb         C:\windows\system32\DRIVERS\dot4usb.sys
11:21:32.0495 0x14d0  dot4usb - ok
11:21:32.0542 0x14d0  [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS             C:\windows\system32\dps.dll
11:21:32.0682 0x14d0  DPS - ok
11:21:32.0713 0x14d0  [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud         C:\windows\system32\drivers\drmkaud.sys
11:21:32.0823 0x14d0  drmkaud - ok
11:21:32.0869 0x14d0  [ FB38473835476A6FB272215A1D972AF9, F1F0E5B5C1461FCC967273FF236B88377C232D80F9C135868042311E971318C1 ] dtsoftbus01     C:\windows\system32\DRIVERS\dtsoftbus01.sys
11:21:32.0932 0x14d0  dtsoftbus01 - ok
11:21:33.0025 0x14d0  [ 3583A5A8CC2E682BFFBD4630D0FEC08B, FD0F184B358FCECAA763444B414074BEF4E871EB7527D88385519FC158435C72 ] DXGKrnl         C:\windows\System32\drivers\dxgkrnl.sys
11:21:33.0150 0x14d0  DXGKrnl - ok
11:21:33.0244 0x14d0  [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost         C:\windows\System32\eapsvc.dll
11:21:33.0353 0x14d0  EapHost - ok
11:21:33.0790 0x14d0  [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv           C:\windows\system32\drivers\evbdx.sys
11:21:34.0149 0x14d0  ebdrv - ok
11:21:34.0211 0x14d0  [ BF08DE8E4FA1F143D41B3241F7FCE5F6, 4140BE0ECE0D4B8FDD413DBA120F5D7EF6F94628224320EDA2A85E50BEFDA638 ] EFS             C:\windows\System32\lsass.exe
11:21:34.0320 0x14d0  EFS - ok
11:21:34.0398 0x14d0  [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor         C:\windows\system32\drivers\elxstor.sys
11:21:34.0476 0x14d0  elxstor - ok
11:21:34.0507 0x14d0  [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev          C:\windows\system32\drivers\errdev.sys
11:21:34.0554 0x14d0  ErrDev - ok
11:21:34.0601 0x14d0  [ 7C87DF14552A5E0270DBD906BAFF85FB, C347234DD892E1A769DDB427BEE1A8C47A770BEF70BF7703F20C66F64627890B ] ETD             C:\windows\system32\DRIVERS\ETD.sys
11:21:34.0648 0x14d0  ETD - ok
11:21:34.0710 0x14d0  [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem     C:\windows\system32\es.dll
11:21:34.0835 0x14d0  EventSystem - ok
11:21:34.0897 0x14d0  [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat           C:\windows\system32\drivers\exfat.sys
11:21:35.0038 0x14d0  exfat - ok
11:21:35.0069 0x14d0  [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat         C:\windows\system32\drivers\fastfat.sys
11:21:35.0178 0x14d0  fastfat - ok
11:21:35.0272 0x14d0  [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax             C:\windows\system32\fxssvc.exe
11:21:35.0365 0x14d0  Fax - ok
11:21:35.0412 0x14d0  [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc             C:\windows\system32\drivers\fdc.sys
11:21:35.0459 0x14d0  fdc - ok
11:21:35.0521 0x14d0  [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost         C:\windows\system32\fdPHost.dll
11:21:35.0599 0x14d0  fdPHost - ok
11:21:35.0631 0x14d0  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub        C:\windows\system32\fdrespub.dll
11:21:35.0709 0x14d0  FDResPub - ok
11:21:35.0740 0x14d0  [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
11:21:35.0771 0x14d0  FileInfo - ok
11:21:35.0802 0x14d0  [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace       C:\windows\system32\drivers\filetrace.sys
11:21:35.0896 0x14d0  Filetrace - ok
11:21:35.0927 0x14d0  [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk        C:\windows\system32\drivers\flpydisk.sys
11:21:35.0989 0x14d0  flpydisk - ok
11:21:36.0052 0x14d0  [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
11:21:36.0083 0x14d0  FltMgr - ok
11:21:36.0208 0x14d0  [ E12C4928B32ACE04610259647F072635, B71B9C2DF45F33C4DAC88435129B08B0BCDBBE82E8C3AD0A95F00137CC8B619F ] FontCache       C:\windows\system32\FntCache.dll
11:21:36.0395 0x14d0  FontCache - ok
11:21:36.0473 0x14d0  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
11:21:36.0520 0x14d0  FontCache3.0.0.0 - ok
11:21:36.0551 0x14d0  [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends       C:\windows\system32\drivers\FsDepends.sys
11:21:36.0598 0x14d0  FsDepends - ok
11:21:36.0629 0x14d0  [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
11:21:36.0660 0x14d0  Fs_Rec - ok
11:21:36.0723 0x14d0  [ E306A24D9694C724FA2491278BF50FDB, 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091 ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
11:21:36.0769 0x14d0  fvevol - ok
11:21:36.0816 0x14d0  [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx        C:\windows\system32\drivers\gagp30kx.sys
11:21:36.0847 0x14d0  gagp30kx - ok
11:21:36.0941 0x14d0  [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc           C:\windows\System32\gpsvc.dll
11:21:37.0050 0x14d0  gpsvc - ok
11:21:37.0128 0x14d0  [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
11:21:37.0159 0x14d0  gupdate - ok
11:21:37.0175 0x14d0  [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
11:21:37.0206 0x14d0  gupdatem - ok
11:21:37.0269 0x14d0  [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir        C:\windows\system32\drivers\hcw85cir.sys
11:21:37.0331 0x14d0  hcw85cir - ok
11:21:37.0393 0x14d0  [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
11:21:37.0471 0x14d0  HdAudAddService - ok
11:21:37.0518 0x14d0  [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus        C:\windows\system32\DRIVERS\HDAudBus.sys
11:21:37.0581 0x14d0  HDAudBus - ok
11:21:37.0612 0x14d0  [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt         C:\windows\system32\drivers\HidBatt.sys
11:21:37.0659 0x14d0  HidBatt - ok
11:21:37.0721 0x14d0  [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth          C:\windows\system32\drivers\hidbth.sys
11:21:37.0768 0x14d0  HidBth - ok
11:21:37.0815 0x14d0  [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr           C:\windows\system32\drivers\hidir.sys
11:21:37.0861 0x14d0  HidIr - ok
11:21:37.0893 0x14d0  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv         C:\windows\system32\hidserv.dll
11:21:37.0986 0x14d0  hidserv - ok
11:21:38.0017 0x14d0  [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb          C:\windows\system32\DRIVERS\hidusb.sys
11:21:38.0111 0x14d0  HidUsb - ok
11:21:38.0173 0x14d0  [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc          C:\windows\system32\kmsvc.dll
11:21:38.0251 0x14d0  hkmsvc - ok
11:21:38.0283 0x14d0  [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\windows\system32\ListSvc.dll
11:21:38.0376 0x14d0  HomeGroupListener - ok
11:21:38.0439 0x14d0  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\windows\system32\provsvc.dll
11:21:38.0501 0x14d0  HomeGroupProvider - ok
11:21:38.0626 0x14d0  [ 1DAE5C46D42B02A6D5862E1482EFB390, 90B14E0A8376AE51872D89C141E88AE144B742805F94B4F7948E295322C78B9D ] hpqcxs08        C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
11:21:38.0688 0x14d0  hpqcxs08 - detected UnsignedFile.Multi.Generic ( 1 )
11:21:38.0688 0x14d0  hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
11:21:38.0735 0x14d0  [ 99E8EEF42FE2F4AF29B08C3355DD7685, D57BC2148653DA5596FB49F1086D165B11C9F6C644608202C08305D3C8499CFE ] hpqddsvc        C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
11:21:38.0751 0x14d0  hpqddsvc - detected UnsignedFile.Multi.Generic ( 1 )
11:21:38.0751 0x14d0  hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
11:21:38.0797 0x14d0  [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys
11:21:38.0844 0x14d0  HpSAMD - ok
11:21:38.0922 0x14d0  [ 79737E0F7D25DE8405CB34D4C9882253, 798E44BAE6CD4ECBC801ACE4089E18388ABD18744B901F53452D8103081DE967 ] HPSLPSVC        C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
11:21:38.0985 0x14d0  HPSLPSVC - detected UnsignedFile.Multi.Generic ( 1 )
11:21:38.0985 0x14d0  HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
11:21:38.0985 0x14d0  Force sending object to P2P due to detect: HPSLPSVC
11:21:39.0000 0x14d0  Object send P2P result: false
11:21:39.0078 0x14d0  [ 871917B07A141BFF43D76D8844D48106, 30C702008D0EE57D63F74864967DD19A55A268E77E42B5B3CC73037AD51D2987 ] HTTP            C:\windows\system32\drivers\HTTP.sys
11:21:39.0187 0x14d0  HTTP - ok
11:21:39.0250 0x14d0  [ 19E6885A061011D8DABE8F64498423FA, 62B5680D7E7F26BEE7DDDA8F51434CC3219C840779E37072BA37E55B2EE82E3B ] hwdatacard      C:\windows\system32\DRIVERS\ewusbmdm.sys
11:21:39.0328 0x14d0  hwdatacard - ok
11:21:39.0375 0x14d0  [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
11:21:39.0406 0x14d0  hwpolicy - ok
11:21:39.0437 0x14d0  [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt        C:\windows\system32\DRIVERS\i8042prt.sys
11:21:39.0499 0x14d0  i8042prt - ok
11:21:39.0577 0x14d0  [ D80AA0907748D7CC8EFAB3773F32629B, BEE52B4E6099B5B8CA5D6D4DE4A90B124AC7E3EE4A69565BFDD227AF261B6242 ] iaStor          C:\windows\system32\drivers\iaStor.sys
11:21:39.0624 0x14d0  iaStor - ok
11:21:39.0687 0x14d0  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E, 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0 ] iaStorV         C:\windows\system32\drivers\iaStorV.sys
11:21:39.0733 0x14d0  iaStorV - ok
11:21:39.0827 0x14d0  [ 3E9213A2A050BF429E91898C90F8B4E3, D80ABE5691087661B19F01927B631CB8C5291120B814B6F863F046E0D643E9E4 ] idsvc           C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:21:39.0936 0x14d0  idsvc - ok
11:21:39.0967 0x14d0  IEEtwCollectorService - ok
11:21:40.0373 0x14d0  [ 6A2A8E70C4FF9CD870869B025C6478E3, 5A80DA0E38206532EB0F83F7F1927E7EB475AA8F80BAA14B9124EF8DFDECDFDB ] igfx            C:\windows\system32\DRIVERS\igdkmd32.sys
11:21:40.0857 0x14d0  igfx - ok
11:21:40.0935 0x14d0  [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp           C:\windows\system32\drivers\iirsp.sys
11:21:40.0966 0x14d0  iirsp - ok
11:21:41.0044 0x14d0  [ B9C54120F46392100478F58F374E5709, A28EE8B0988F580D5984E815FC78DF41B169260814234AA0E453375542D0957B ] IKEEXT          C:\windows\System32\ikeext.dll
11:21:41.0169 0x14d0  IKEEXT - ok
11:21:41.0418 0x14d0  [ E8B6F7896DB2EE6A7AF7A177A9BBC526, 70997D9237BA62010B20BEF6A81DFC0926E2E449EC8254290CEFFE7401B6EFC9 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHDA.sys
11:21:41.0730 0x14d0  IntcAzAudAddService - ok
11:21:41.0777 0x14d0  [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide        C:\windows\system32\drivers\intelide.sys
11:21:41.0808 0x14d0  intelide - ok
11:21:41.0855 0x14d0  [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm        C:\windows\system32\DRIVERS\intelppm.sys
11:21:41.0886 0x14d0  intelppm - ok
11:21:41.0933 0x14d0  [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum       C:\windows\system32\ipbusenum.dll
11:21:42.0027 0x14d0  IPBusEnum - ok
11:21:42.0073 0x14d0  [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
11:21:42.0167 0x14d0  IpFilterDriver - ok
11:21:42.0245 0x14d0  [ 58F67245D041FBE7AF88F4EAF79DF0FA, 67468D6A46FF4D87AD321BFEA42F2FC843D09AA292A119C76D4D795D06028F96 ] iphlpsvc        C:\windows\System32\iphlpsvc.dll
11:21:42.0339 0x14d0  iphlpsvc - ok
11:21:42.0370 0x14d0  [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV         C:\windows\system32\drivers\IPMIDrv.sys
11:21:42.0417 0x14d0  IPMIDRV - ok
11:21:42.0448 0x14d0  [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT           C:\windows\system32\drivers\ipnat.sys
11:21:42.0573 0x14d0  IPNAT - ok
11:21:42.0619 0x14d0  [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM          C:\windows\system32\drivers\irenum.sys
11:21:42.0682 0x14d0  IRENUM - ok
11:21:42.0729 0x14d0  [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp          C:\windows\system32\drivers\isapnp.sys
11:21:42.0760 0x14d0  isapnp - ok
11:21:42.0791 0x14d0  [ EB34CE31FABD4DC4343FD2AD16D2CAF9, D21C91227A15DA89ECF522345D0AB80B3B7FC24A230596DABDB8BD3B7554CE8C ] iScsiPrt        C:\windows\system32\drivers\msiscsi.sys
11:21:42.0838 0x14d0  iScsiPrt - ok
11:21:42.0869 0x14d0  [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass        C:\windows\system32\DRIVERS\kbdclass.sys
11:21:42.0900 0x14d0  kbdclass - ok
11:21:42.0947 0x14d0  [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid          C:\windows\system32\DRIVERS\kbdhid.sys
11:21:42.0994 0x14d0  kbdhid - ok
11:21:43.0025 0x14d0  [ 3EB803312987FF44265C87CB960DF6AB, D6F44702F92089A0C847044A3933F7311D6A72C4647C3FECB35CDBF96A913A40 ] kbfiltr         C:\windows\system32\DRIVERS\kbfiltr.sys
11:21:43.0056 0x14d0  kbfiltr - ok
11:21:43.0072 0x14d0  [ BF08DE8E4FA1F143D41B3241F7FCE5F6, 4140BE0ECE0D4B8FDD413DBA120F5D7EF6F94628224320EDA2A85E50BEFDA638 ] KeyIso          C:\windows\system32\lsass.exe
11:21:43.0119 0x14d0  KeyIso - ok
11:21:43.0134 0x14d0  [ EF88BAC2B489D9C46F4E41ACF0219CD0, BF0FAF51BB6D0E588E53E483EF48D8D96B33544113892CC723CDEFAE7E5FB97A ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
11:21:43.0165 0x14d0  KSecDD - ok
11:21:43.0212 0x14d0  [ 49D70660EE8266988C1F99A0297A1430, D17B7A3118DB42358DEA80D8A21C5F1B0CC33BF74F6570676D4708B36BB91FD4 ] KSecPkg         C:\windows\system32\Drivers\ksecpkg.sys
11:21:43.0243 0x14d0  KSecPkg - ok
11:21:43.0306 0x14d0  [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm           C:\windows\system32\msdtckrm.dll
11:21:43.0431 0x14d0  KtmRm - ok
11:21:43.0477 0x14d0  [ C8FA09049E640B0A27E4B4446D958FE5, 9B0149A15DAEBF9173666EB42B2BBE2B9E99AED3FC3C43D7111A9178DBE3ED0D ] L1C             C:\windows\system32\DRIVERS\L1C62x86.sys
11:21:43.0509 0x14d0  L1C - ok
11:21:43.0540 0x14d0  [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer    C:\windows\system32\srvsvc.dll
11:21:43.0649 0x14d0  LanmanServer - ok
11:21:43.0696 0x14d0  [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
11:21:43.0789 0x14d0  LanmanWorkstation - ok
11:21:43.0852 0x14d0  [ 975B6CF65F44E95883F3855BAE8CECAF, 5878F5B2258A17DD3AFBE18CAFAFCE0310CDB61C36891B9299D738FDEEF44A91 ] lirsgt          C:\windows\system32\DRIVERS\lirsgt.sys
11:21:43.0883 0x14d0  lirsgt - detected UnsignedFile.Multi.Generic ( 1 )
11:21:43.0883 0x14d0  lirsgt ( UnsignedFile.Multi.Generic ) - warning
11:21:43.0914 0x14d0  [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
11:21:44.0008 0x14d0  lltdio - ok
11:21:44.0055 0x14d0  [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc         C:\windows\System32\lltdsvc.dll
11:21:44.0164 0x14d0  lltdsvc - ok
11:21:44.0195 0x14d0  [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts         C:\windows\System32\lmhsvc.dll
11:21:44.0289 0x14d0  lmhosts - ok
11:21:44.0351 0x14d0  [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC          C:\windows\system32\drivers\lsi_fc.sys
11:21:44.0382 0x14d0  LSI_FC - ok
11:21:44.0398 0x14d0  [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS         C:\windows\system32\drivers\lsi_sas.sys
11:21:44.0429 0x14d0  LSI_SAS - ok
11:21:44.0460 0x14d0  [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2        C:\windows\system32\drivers\lsi_sas2.sys
11:21:44.0491 0x14d0  LSI_SAS2 - ok
11:21:44.0507 0x14d0  [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI        C:\windows\system32\drivers\lsi_scsi.sys
11:21:44.0538 0x14d0  LSI_SCSI - ok
11:21:44.0585 0x14d0  [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv           C:\windows\system32\drivers\luafv.sys
11:21:44.0663 0x14d0  luafv - ok
11:21:44.0710 0x14d0  [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas         C:\windows\system32\drivers\megasas.sys
11:21:44.0741 0x14d0  megasas - ok
11:21:44.0803 0x14d0  [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR          C:\windows\system32\drivers\MegaSR.sys
11:21:44.0850 0x14d0  MegaSR - ok
11:21:44.0881 0x14d0  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS           C:\windows\system32\mmcss.dll
11:21:44.0975 0x14d0  MMCSS - ok
11:21:45.0006 0x14d0  [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem           C:\windows\system32\drivers\modem.sys
11:21:45.0100 0x14d0  Modem - ok
11:21:45.0193 0x14d0  [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor         C:\windows\system32\DRIVERS\monitor.sys
11:21:45.0271 0x14d0  monitor - ok
11:21:45.0303 0x14d0  [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass        C:\windows\system32\DRIVERS\mouclass.sys
11:21:45.0334 0x14d0  mouclass - ok
11:21:45.0365 0x14d0  [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid          C:\windows\system32\DRIVERS\mouhid.sys
11:21:45.0412 0x14d0  mouhid - ok
11:21:45.0443 0x14d0  [ FC8771F45ECCCFD89684E38842539B9B, 806DDF2B4830CA866582FE74A521BB7DF26CA0E19013DAF584D3677FB48CC77A ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
11:21:45.0490 0x14d0  mountmgr - ok
11:21:45.0583 0x14d0  [ 81E8AF6407EC3F41908FE37F054353EA, 756C7656ED68AEAE4225E952ED1CED0717264D3378DB8DF0B2D70B6EBC67C62F ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
11:21:45.0630 0x14d0  MozillaMaintenance - ok
11:21:45.0661 0x14d0  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio            C:\windows\system32\drivers\mpio.sys
11:21:45.0708 0x14d0  mpio - ok
11:21:45.0739 0x14d0  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
11:21:45.0833 0x14d0  mpsdrv - ok
11:21:45.0911 0x14d0  [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc          C:\windows\system32\mpssvc.dll
11:21:46.0036 0x14d0  MpsSvc - ok
11:21:46.0083 0x14d0  [ 03F899F521D2AAED1C55008F734DF252, 4E56A51476A13F5630719018037B1F63DF9ACEA1CFE782AF04E669BD696954C5 ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
11:21:46.0161 0x14d0  MRxDAV - ok
11:21:46.0223 0x14d0  [ 5D16C921E3671636C0EBA3BBAAC5FD25, 5BC107B95CAFC88F51FBB9F657B99944B20627A2B618F263093D7045E4FFD65C ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
11:21:46.0317 0x14d0  mrxsmb - ok
11:21:46.0363 0x14d0  [ 6D17A4791ACA19328C685D256349FEFC, 012AA3D84EEAAF53780D06D2D11B9727DFC3441F3FAD75BC9E751FB814403668 ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
11:21:46.0441 0x14d0  mrxsmb10 - ok
11:21:46.0473 0x14d0  [ B81F204D146000BE76651A50670A5E9E, 78193D0F967BE9829E53F9B500342934B4B1E1F4CEFC444382959E2061BC3B17 ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
11:21:46.0519 0x14d0  mrxsmb20 - ok
11:21:46.0566 0x14d0  [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci          C:\windows\system32\drivers\msahci.sys
11:21:46.0597 0x14d0  msahci - ok
11:21:46.0644 0x14d0  [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm           C:\windows\system32\drivers\msdsm.sys
11:21:46.0691 0x14d0  msdsm - ok
11:21:46.0738 0x14d0  [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC           C:\windows\System32\msdtc.exe
11:21:46.0785 0x14d0  MSDTC - ok
11:21:46.0816 0x14d0  [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs            C:\windows\system32\drivers\Msfs.sys
11:21:46.0925 0x14d0  Msfs - ok
11:21:46.0956 0x14d0  [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf       C:\windows\System32\drivers\mshidkmdf.sys
11:21:47.0034 0x14d0  mshidkmdf - ok
11:21:47.0050 0x14d0  [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv        C:\windows\system32\drivers\msisadrv.sys
11:21:47.0081 0x14d0  msisadrv - ok
11:21:47.0128 0x14d0  [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI         C:\windows\system32\iscsiexe.dll
11:21:47.0221 0x14d0  MSiSCSI - ok
11:21:47.0237 0x14d0  msiserver - ok
11:21:47.0268 0x14d0  [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys
11:21:47.0362 0x14d0  MSKSSRV - ok
11:21:47.0377 0x14d0  [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
11:21:47.0455 0x14d0  MSPCLOCK - ok
11:21:47.0471 0x14d0  [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM           C:\windows\system32\drivers\MSPQM.sys
11:21:47.0533 0x14d0  MSPQM - ok
11:21:47.0565 0x14d0  [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC           C:\windows\system32\drivers\MsRPC.sys
11:21:47.0611 0x14d0  MsRPC - ok
11:21:47.0643 0x14d0  [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios        C:\windows\system32\DRIVERS\mssmbios.sys
11:21:47.0674 0x14d0  mssmbios - ok
11:21:47.0705 0x14d0  [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE           C:\windows\system32\drivers\MSTEE.sys
11:21:47.0767 0x14d0  MSTEE - ok
11:21:47.0783 0x14d0  [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig        C:\windows\system32\drivers\MTConfig.sys
11:21:47.0845 0x14d0  MTConfig - ok
11:21:47.0877 0x14d0  [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup             C:\windows\system32\Drivers\mup.sys
11:21:47.0908 0x14d0  Mup - ok
11:21:47.0955 0x14d0  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent        C:\windows\system32\qagentRT.dll
11:21:48.0048 0x14d0  napagent - ok
11:21:48.0111 0x14d0  [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP     C:\windows\system32\DRIVERS\nwifi.sys
11:21:48.0173 0x14d0  NativeWifiP - ok
11:21:48.0267 0x14d0  [ 8C9C922D71F1CD4DEF73F186416B7896, 15FF43CD90C7913F83B35F2E7986561584588E8A45196EBD965C3A355836A9C7 ] NDIS            C:\windows\system32\drivers\ndis.sys
11:21:48.0329 0x14d0  NDIS - ok
11:21:48.0376 0x14d0  [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap         C:\windows\system32\DRIVERS\ndiscap.sys
11:21:48.0454 0x14d0  NdisCap - ok
11:21:48.0469 0x14d0  [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
11:21:48.0547 0x14d0  NdisTapi - ok
11:21:48.0579 0x14d0  [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys
11:21:48.0672 0x14d0  Ndisuio - ok
11:21:48.0719 0x14d0  [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys
11:21:48.0813 0x14d0  NdisWan - ok
11:21:48.0844 0x14d0  [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy         C:\windows\system32\drivers\NDProxy.sys
11:21:48.0922 0x14d0  NDProxy - ok
11:21:48.0969 0x14d0  [ 510C138564486FF926A3F773205C63D1, 50FBB8555C284ED22F71D99750899321B63E3B4C255174FE9B4F31084F9A34B1 ] Net Driver HPZ12 C:\windows\system32\HPZinw12.dll
11:21:48.0984 0x14d0  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
11:21:49.0000 0x14d0  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
11:21:49.0047 0x14d0  [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys
11:21:49.0156 0x14d0  NetBIOS - ok
11:21:49.0203 0x14d0  [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT           C:\windows\system32\DRIVERS\netbt.sys
11:21:49.0296 0x14d0  NetBT - ok
11:21:49.0327 0x14d0  [ BF08DE8E4FA1F143D41B3241F7FCE5F6, 4140BE0ECE0D4B8FDD413DBA120F5D7EF6F94628224320EDA2A85E50BEFDA638 ] Netlogon        C:\windows\system32\lsass.exe
11:21:49.0359 0x14d0  Netlogon - ok
11:21:49.0405 0x14d0  [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman          C:\windows\System32\netman.dll
11:21:49.0530 0x14d0  Netman - ok
11:21:49.0593 0x14d0  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:21:49.0733 0x14d0  NetMsmqActivator - ok
11:21:49.0795 0x14d0  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:21:49.0842 0x14d0  NetPipeActivator - ok
11:21:49.0905 0x14d0  [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm        C:\windows\System32\netprofm.dll
11:21:50.0014 0x14d0  netprofm - ok
11:21:50.0092 0x14d0  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:21:50.0139 0x14d0  NetTcpActivator - ok
11:21:50.0154 0x14d0  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:21:50.0201 0x14d0  NetTcpPortSharing - ok
11:21:50.0248 0x14d0  [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960         C:\windows\system32\drivers\nfrd960.sys
11:21:50.0279 0x14d0  nfrd960 - ok
11:21:50.0326 0x14d0  [ F115C5CD29E512F18BD7138A094B77E5, 90C2CE8B256EE9AABF674ADDE7F85E91DAF48EA368452D03C187A4AE027D4E39 ] NlaSvc          C:\windows\System32\nlasvc.dll
11:21:50.0419 0x14d0  NlaSvc - ok
11:21:50.0451 0x14d0  [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs            C:\windows\system32\drivers\Npfs.sys
11:21:50.0575 0x14d0  Npfs - ok
11:21:50.0607 0x14d0  [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi             C:\windows\system32\nsisvc.dll
11:21:50.0685 0x14d0  nsi - ok
11:21:50.0716 0x14d0  [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
11:21:50.0809 0x14d0  nsiproxy - ok
11:21:50.0934 0x14d0  [ C8DFF8D07755A66C7A4A738930F0FEAC, A2CC58312CE57988ABD976155BE91F558DCEC4C23481C6FBE64B361D511A36EA ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
11:21:51.0043 0x14d0  Ntfs - ok
11:21:51.0075 0x14d0  [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null            C:\windows\system32\drivers\Null.sys
11:21:51.0153 0x14d0  Null - ok
11:21:51.0184 0x14d0  [ B3E25EE28883877076E0E1FF877D02E0, 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C ] nvraid          C:\windows\system32\drivers\nvraid.sys
11:21:51.0246 0x14d0  nvraid - ok
11:21:51.0277 0x14d0  [ 4380E59A170D88C4F1022EFF6719A8A4, 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2 ] nvstor          C:\windows\system32\drivers\nvstor.sys
11:21:51.0340 0x14d0  nvstor - ok
11:21:51.0371 0x14d0  [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp          C:\windows\system32\drivers\nv_agp.sys
11:21:51.0402 0x14d0  nv_agp - ok
11:21:51.0418 0x14d0  [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394        C:\windows\system32\drivers\ohci1394.sys
11:21:51.0465 0x14d0  ohci1394 - ok
11:21:51.0527 0x14d0  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:21:51.0589 0x14d0  ose - ok
11:21:51.0948 0x14d0  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7, F342100E2E9001F11FDF93F856B50FA43F9B85D2C6B5706EC0433E77206498DA ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
11:21:52.0463 0x14d0  osppsvc - ok
11:21:52.0572 0x14d0  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
11:21:52.0666 0x14d0  p2pimsvc - ok
11:21:52.0713 0x14d0  [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc          C:\windows\system32\p2psvc.dll
11:21:52.0791 0x14d0  p2psvc - ok
11:21:52.0853 0x14d0  [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport         C:\windows\system32\drivers\parport.sys
11:21:52.0884 0x14d0  Parport - ok
11:21:52.0915 0x14d0  [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr         C:\windows\system32\drivers\partmgr.sys
11:21:52.0947 0x14d0  partmgr - ok
11:21:52.0993 0x14d0  [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm          C:\windows\system32\drivers\parvdm.sys
11:21:53.0025 0x14d0  Parvdm - ok
11:21:53.0071 0x14d0  [ 3A55D53687F16D9EF5BF307BBFEFCD9C, F1BB1B43442B151686500768C43A4D20CAA47427E78386953A42DDB42D9DDF0C ] PcaSvc          C:\windows\System32\pcasvc.dll
11:21:53.0134 0x14d0  PcaSvc - ok
11:21:53.0165 0x14d0  [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci             C:\windows\system32\drivers\pci.sys
11:21:53.0227 0x14d0  pci - ok
11:21:53.0259 0x14d0  [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide          C:\windows\system32\drivers\pciide.sys
11:21:53.0305 0x14d0  pciide - ok
11:21:53.0352 0x14d0  [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia          C:\windows\system32\drivers\pcmcia.sys
11:21:53.0399 0x14d0  pcmcia - ok
11:21:53.0430 0x14d0  [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw             C:\windows\system32\drivers\pcw.sys
11:21:53.0461 0x14d0  pcw - ok
11:21:53.0524 0x14d0  [ 344D1FA0438A967F1A2BAA42C86D6E19, E9CB31CBD9075B84BA771CF82A4C3AB5BF57ADEA3E76ABE8FE36FEACFD681D89 ] PEAUTH          C:\windows\system32\drivers\peauth.sys
11:21:53.0602 0x14d0  PEAUTH - ok
11:21:53.0789 0x14d0  [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla             C:\windows\system32\pla.dll
11:21:53.0976 0x14d0  pla - ok
11:21:54.0054 0x14d0  [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay        C:\windows\system32\umpnpmgr.dll
11:21:54.0148 0x14d0  PlugPlay - ok
11:21:54.0210 0x14d0  [ 37E5E8FFBAD35605DAEEC3224EA0E465, E3A9BE275D3C8A3E143DF3A795964E9860A1F6C18BE36F8FE552E954435AC927 ] Pml Driver HPZ12 C:\windows\system32\HPZipm12.dll
11:21:54.0226 0x14d0  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
11:21:54.0226 0x14d0  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
11:21:54.0226 0x14d0  Force sending object to P2P due to detect: Pml Driver HPZ12
11:21:54.0226 0x14d0  Object send P2P result: false
11:21:54.0257 0x14d0  [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg     C:\windows\system32\pnrpauto.dll
11:21:54.0288 0x14d0  PNRPAutoReg - ok
11:21:54.0351 0x14d0  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc         C:\windows\system32\pnrpsvc.dll
11:21:54.0413 0x14d0  PNRPsvc - ok
11:21:54.0475 0x14d0  [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent     C:\windows\System32\ipsecsvc.dll
11:21:54.0569 0x14d0  PolicyAgent - ok
11:21:54.0616 0x14d0  [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power           C:\windows\system32\umpo.dll
11:21:54.0725 0x14d0  Power - ok
11:21:54.0756 0x14d0  [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
11:21:54.0865 0x14d0  PptpMiniport - ok
11:21:54.0897 0x14d0  [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor       C:\windows\system32\drivers\processr.sys
11:21:54.0975 0x14d0  Processor - ok
11:21:55.0037 0x14d0  [ FD9692A3D31E021207D3C2A9DDDC2BE3, 5295EFAD9BD4B59996935A41825392C12A4C968D161BEEA37797F90AF8E54229 ] ProfSvc         C:\windows\system32\profsvc.dll
11:21:55.0115 0x14d0  ProfSvc - ok
11:21:55.0131 0x14d0  [ BF08DE8E4FA1F143D41B3241F7FCE5F6, 4140BE0ECE0D4B8FDD413DBA120F5D7EF6F94628224320EDA2A85E50BEFDA638 ] ProtectedStorage C:\windows\system32\lsass.exe
11:21:55.0193 0x14d0  ProtectedStorage - ok
11:21:55.0240 0x14d0  [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched          C:\windows\system32\DRIVERS\pacer.sys
11:21:55.0302 0x14d0  Psched - ok
11:21:55.0349 0x14d0  [ 183EF96BCC2EC3D5294CB2C2C0ECBCD1, 3AC8A3AD4DD23B57B1CF12CD692003B4C8F76358F26246C565DDADDD88B1D39A ] PxHelp20        C:\windows\system32\Drivers\PxHelp20.sys
11:21:55.0380 0x14d0  PxHelp20 - detected UnsignedFile.Multi.Generic ( 1 )
11:21:55.0380 0x14d0  PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
11:21:55.0521 0x14d0  [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300          C:\windows\system32\drivers\ql2300.sys
11:21:55.0645 0x14d0  ql2300 - ok
11:21:55.0677 0x14d0  [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx          C:\windows\system32\drivers\ql40xx.sys
11:21:55.0723 0x14d0  ql40xx - ok
11:21:55.0770 0x14d0  [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE           C:\windows\system32\qwave.dll
11:21:55.0848 0x14d0  QWAVE - ok
11:21:55.0879 0x14d0  [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
11:21:55.0942 0x14d0  QWAVEdrv - ok
11:21:55.0989 0x14d0  [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
11:21:56.0067 0x14d0  RasAcd - ok
11:21:56.0098 0x14d0  [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn     C:\windows\system32\DRIVERS\AgileVpn.sys
11:21:56.0207 0x14d0  RasAgileVpn - ok
11:21:56.0254 0x14d0  [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto         C:\windows\System32\rasauto.dll
11:21:56.0332 0x14d0  RasAuto - ok
11:21:56.0363 0x14d0  [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp         C:\windows\system32\DRIVERS\rasl2tp.sys
11:21:56.0441 0x14d0  Rasl2tp - ok
11:21:56.0488 0x14d0  [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan          C:\windows\System32\rasmans.dll
11:21:56.0597 0x14d0  RasMan - ok
11:21:56.0628 0x14d0  [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
11:21:56.0706 0x14d0  RasPppoe - ok
11:21:56.0753 0x14d0  [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp         C:\windows\system32\DRIVERS\rassstp.sys
11:21:56.0847 0x14d0  RasSstp - ok
11:21:56.0893 0x14d0  [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss           C:\windows\system32\DRIVERS\rdbss.sys
11:21:56.0971 0x14d0  rdbss - ok
11:21:57.0003 0x14d0  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus          C:\windows\system32\drivers\rdpbus.sys
11:21:57.0049 0x14d0  rdpbus - ok
11:21:57.0081 0x14d0  [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys
11:21:57.0174 0x14d0  RDPCDD - ok
11:21:57.0205 0x14d0  [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD        C:\windows\system32\drivers\rdpencdd.sys
11:21:57.0299 0x14d0  RDPENCDD - ok
11:21:57.0330 0x14d0  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP        C:\windows\system32\drivers\rdprefmp.sys
11:21:57.0424 0x14d0  RDPREFMP - ok
11:21:57.0502 0x14d0  [ 65375DF758CA1872AB7EBBBA457FD5E6, 8AC7681F51277E799C22FF95FA0B833E9E260D37C0416319FF05B66FB3948005 ] RdpVideoMiniport C:\windows\system32\drivers\rdpvideominiport.sys
11:21:57.0673 0x14d0  RdpVideoMiniport - ok
11:21:57.0720 0x14d0  [ CD9214A6AE17D188D17C3CF8CB9CC693, 2E16FF1F7446F0600D6519010FD05A30B94D97167C16B3E7FC396A97D8139D60 ] RDPWD           C:\windows\system32\drivers\RDPWD.sys
11:21:57.0829 0x14d0  RDPWD - ok
11:21:57.0861 0x14d0  [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
11:21:57.0907 0x14d0  rdyboost - ok
11:21:57.0939 0x14d0  [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess    C:\windows\System32\mprdim.dll
11:21:58.0017 0x14d0  RemoteAccess - ok
11:21:58.0063 0x14d0  [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry  C:\windows\system32\regsvc.dll
11:21:58.0157 0x14d0  RemoteRegistry - ok
11:21:58.0204 0x14d0  [ CB928D9E6DAF51879DD6BA8D02F01321, DFD263B67DDF98AE09AF6D6986CBC7BE3206BCE8403AAC51BCF9459E78233D12 ] RFCOMM          C:\windows\system32\DRIVERS\rfcomm.sys
11:21:58.0251 0x14d0  RFCOMM - ok
11:21:58.0282 0x14d0  [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
11:21:58.0375 0x14d0  RpcEptMapper - ok
11:21:58.0422 0x14d0  [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator      C:\windows\system32\locator.exe
11:21:58.0453 0x14d0  RpcLocator - ok
11:21:58.0516 0x14d0  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs           C:\windows\system32\rpcss.dll
11:21:58.0609 0x14d0  RpcSs - ok
11:21:58.0641 0x14d0  [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
11:21:58.0750 0x14d0  rspndr - ok
11:21:58.0781 0x14d0  [ BF08DE8E4FA1F143D41B3241F7FCE5F6, 4140BE0ECE0D4B8FDD413DBA120F5D7EF6F94628224320EDA2A85E50BEFDA638 ] SamSs           C:\windows\system32\lsass.exe
11:21:58.0812 0x14d0  SamSs - ok
11:21:58.0859 0x14d0  [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port        C:\windows\system32\drivers\sbp2port.sys
11:21:58.0906 0x14d0  sbp2port - ok
11:21:58.0937 0x14d0  [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr        C:\windows\System32\SCardSvr.dll
11:21:59.0046 0x14d0  SCardSvr - ok
11:21:59.0062 0x14d0  [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
11:21:59.0155 0x14d0  scfilter - ok
11:21:59.0249 0x14d0  [ A04BB13F8A72F8B6E8B4071723E4E336, E63287FF71C39CBF64C3347C455324C8437F9CF398153E269543588B65389502 ] Schedule        C:\windows\system32\schedsvc.dll
11:21:59.0374 0x14d0  Schedule - ok
11:21:59.0405 0x14d0  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc     C:\windows\System32\certprop.dll
11:21:59.0483 0x14d0  SCPolicySvc - ok
11:21:59.0514 0x14d0  [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC          C:\windows\System32\SDRSVC.dll
11:21:59.0623 0x14d0  SDRSVC - ok
11:21:59.0655 0x14d0  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\windows\system32\drivers\secdrv.sys
11:21:59.0733 0x14d0  secdrv - ok
11:21:59.0764 0x14d0  [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon        C:\windows\system32\seclogon.dll
11:21:59.0842 0x14d0  seclogon - ok
11:21:59.0873 0x14d0  [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS            C:\windows\System32\sens.dll
11:21:59.0951 0x14d0  SENS - ok
11:21:59.0998 0x14d0  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum         C:\windows\system32\drivers\serenum.sys
11:22:00.0045 0x14d0  Serenum - ok
11:22:00.0076 0x14d0  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial          C:\windows\system32\drivers\serial.sys
11:22:00.0123 0x14d0  Serial - ok
11:22:00.0169 0x14d0  [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse        C:\windows\system32\drivers\sermouse.sys
11:22:00.0216 0x14d0  sermouse - ok
11:22:00.0294 0x14d0  [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv      C:\windows\system32\sessenv.dll
11:22:00.0372 0x14d0  SessionEnv - ok
11:22:00.0403 0x14d0  [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk         C:\windows\system32\drivers\sffdisk.sys
11:22:00.0450 0x14d0  sffdisk - ok
11:22:00.0481 0x14d0  [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc        C:\windows\system32\drivers\sffp_mmc.sys
11:22:00.0544 0x14d0  sffp_mmc - ok
11:22:00.0575 0x14d0  [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd         C:\windows\system32\drivers\sffp_sd.sys
11:22:00.0622 0x14d0  sffp_sd - ok
11:22:00.0653 0x14d0  [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy         C:\windows\system32\drivers\sfloppy.sys
11:22:00.0700 0x14d0  sfloppy - ok
11:22:00.0793 0x14d0  [ EC5C79BD81F0C55DF53F4818D4F1C2C8, B9650F484CF918781CA3B02278F19E73FA3B619133F75C0C42FEB788A183E0CB ] Sftfs           C:\windows\system32\DRIVERS\Sftfslh.sys
11:22:00.0856 0x14d0  Sftfs - ok
11:22:00.0949 0x14d0  [ 1AEBDC693C74EA55FE05D51FA6573EBC, 92E3A6C8D3B5193BD2831DD47C4C58419F72ABC2C21C71A9A690CCFC2D05CBB0 ] sftlist         C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
11:22:01.0012 0x14d0  sftlist - ok
11:22:01.0043 0x14d0  [ A224670FB892A205E4D99E06C0B85C7C, 3E2E401FF5E0E9EE4C2BE9F5C3144086F5AB015789C36D7263BBAB59FEEB74C7 ] Sftplay         C:\windows\system32\DRIVERS\Sftplaylh.sys
11:22:01.0090 0x14d0  Sftplay - ok
11:22:01.0105 0x14d0  [ 9D354D425FB55CDF0EDC7F67FBC5B04E, C3B68F8B5F34B73EF6588DCBB67BE7CB3E59918E7A58D90A83E3D8EBB6ECA291 ] Sftredir        C:\windows\system32\DRIVERS\Sftredirlh.sys
11:22:01.0137 0x14d0  Sftredir - ok
11:22:01.0168 0x14d0  [ F369D6B89AA610174A4E90C8513B7C7A, 2AEFA10F57C0ED0466611957DED5425363608E88414DD7DCF74E182117B12F5A ] Sftvol          C:\windows\system32\DRIVERS\Sftvollh.sys
11:22:01.0215 0x14d0  Sftvol - ok
11:22:01.0246 0x14d0  [ 19D34534176E62F35DDB7DC7B7FF2A87, DBBB9155B62482E4782E5302193586514880734BD3617FDCB51798EB404758D6 ] sftvsa          C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
11:22:01.0308 0x14d0  sftvsa - ok
11:22:01.0355 0x14d0  [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess    C:\windows\System32\ipnathlp.dll
11:22:01.0449 0x14d0  SharedAccess - ok
11:22:01.0511 0x14d0  [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\windows\System32\shsvcs.dll
11:22:01.0605 0x14d0  ShellHWDetection - ok
11:22:01.0651 0x14d0  [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp          C:\windows\system32\drivers\sisagp.sys
11:22:01.0683 0x14d0  sisagp - ok
11:22:01.0729 0x14d0  [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2        C:\windows\system32\drivers\SiSRaid2.sys
11:22:01.0761 0x14d0  SiSRaid2 - ok
11:22:01.0776 0x14d0  [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4        C:\windows\system32\drivers\sisraid4.sys
11:22:01.0807 0x14d0  SiSRaid4 - ok
11:22:01.0839 0x14d0  [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb             C:\windows\system32\DRIVERS\smb.sys
11:22:01.0932 0x14d0  Smb - ok
11:22:02.0010 0x14d0  [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP        C:\windows\System32\snmptrap.exe
11:22:02.0041 0x14d0  SNMPTRAP - ok
11:22:02.0073 0x14d0  [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr           C:\windows\system32\drivers\spldr.sys
11:22:02.0104 0x14d0  spldr - ok
11:22:02.0151 0x14d0  [ 9AEA093B8F9C37CF45538382CABA2475, CC63239C412067AA72318ADB8BB80BCDF2CA60DA05D814D32753C92508BC16A8 ] Spooler         C:\windows\System32\spoolsv.exe
11:22:02.0260 0x14d0  Spooler - ok
11:22:02.0494 0x14d0  [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc          C:\windows\system32\sppsvc.exe
11:22:02.0868 0x14d0  sppsvc - ok
11:22:02.0931 0x14d0  [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify     C:\windows\system32\sppuinotify.dll
11:22:03.0009 0x14d0  sppuinotify - ok
11:22:03.0071 0x14d0  [ E4C2764065D66EA1D2D3EBC28FE99C46, 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5 ] srv             C:\windows\system32\DRIVERS\srv.sys
11:22:03.0149 0x14d0  srv - ok
11:22:03.0211 0x14d0  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB, 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0 ] srv2            C:\windows\system32\DRIVERS\srv2.sys
11:22:03.0274 0x14d0  srv2 - ok
11:22:03.0305 0x14d0  [ BE6BD660CAA6F291AE06A718A4FA8ABC, CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59 ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
11:22:03.0383 0x14d0  srvnet - ok
11:22:03.0430 0x14d0  [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV         C:\windows\System32\ssdpsrv.dll
11:22:03.0539 0x14d0  SSDPSRV - ok
11:22:03.0570 0x14d0  [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc         C:\windows\system32\sstpsvc.dll
11:22:03.0664 0x14d0  SstpSvc - ok
11:22:03.0695 0x14d0  [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor        C:\windows\system32\drivers\stexstor.sys
11:22:03.0726 0x14d0  stexstor - ok
11:22:03.0789 0x14d0  [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc          C:\windows\System32\wiaservc.dll
11:22:03.0882 0x14d0  StiSvc - ok
11:22:03.0898 0x14d0  [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum          C:\windows\system32\DRIVERS\swenum.sys
11:22:03.0945 0x14d0  swenum - ok
11:22:04.0007 0x14d0  [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv           C:\windows\System32\swprv.dll
11:22:04.0132 0x14d0  swprv - ok
11:22:04.0241 0x14d0  [ 36650D618CA34C9D357DFD3D89B2C56F, 7C3774E53DCF32CB3A4B3504E32D2A651E18467FA0A6AC4C7993C696741B704B ] SysMain         C:\windows\system32\sysmain.dll
11:22:04.0397 0x14d0  SysMain - ok
11:22:04.0444 0x14d0  [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\windows\System32\TabSvc.dll
11:22:04.0522 0x14d0  TabletInputService - ok
11:22:04.0569 0x14d0  [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv         C:\windows\System32\tapisrv.dll
11:22:04.0662 0x14d0  TapiSrv - ok
11:22:04.0709 0x14d0  [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS             C:\windows\System32\tbssvc.dll
11:22:04.0803 0x14d0  TBS - ok
11:22:04.0943 0x14d0  [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] Tcpip           C:\windows\system32\drivers\tcpip.sys
11:22:05.0068 0x14d0  Tcpip - ok
11:22:05.0177 0x14d0  [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
11:22:05.0302 0x14d0  TCPIP6 - ok
11:22:05.0349 0x14d0  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B, 2C7204DCD2BCBC6A250FF0F6477616F327AF41FDB7CABE69E5C357361009FB4E ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
11:22:05.0395 0x14d0  tcpipreg - ok
11:22:05.0442 0x14d0  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE          C:\windows\system32\drivers\tdpipe.sys
11:22:05.0489 0x14d0  TDPIPE - ok
11:22:05.0520 0x14d0  [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP           C:\windows\system32\drivers\tdtcp.sys
11:22:05.0551 0x14d0  TDTCP - ok
11:22:05.0583 0x14d0  [ 7FE680A3DFA421C4A8E4879AE4C5AAB0, A4C64E155AB2843823CD3586756BA7681CFDEA50812095468221503BBAD30DCD ] tdx             C:\windows\system32\DRIVERS\tdx.sys
11:22:05.0645 0x14d0  tdx - ok
11:22:05.0676 0x14d0  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD          C:\windows\system32\DRIVERS\termdd.sys
11:22:05.0707 0x14d0  TermDD - ok
11:22:05.0785 0x14d0  [ FCFD4F50419B4BC72E80066DA10D2E54, 7C2314A57A404525F0444986332DBAE0964A3359374671598387051D7AAE72AE ] TermService     C:\windows\System32\termsrv.dll
11:22:05.0879 0x14d0  TermService - ok
11:22:05.0910 0x14d0  [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes          C:\windows\system32\themeservice.dll
11:22:05.0973 0x14d0  Themes - ok
11:22:06.0004 0x14d0  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER     C:\windows\system32\mmcss.dll
11:22:06.0082 0x14d0  THREADORDER - ok
11:22:06.0129 0x14d0  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks          C:\windows\System32\trkwks.dll
11:22:06.0222 0x14d0  TrkWks - ok
11:22:06.0269 0x14d0  [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
11:22:06.0347 0x14d0  TrustedInstaller - ok
11:22:06.0394 0x14d0  [ 6C5139E4283249518F7743D7043775B3, 58684E8C90EBAC65459A97C905CDCFE3A915CFF7E8E96071DE1AC3489F85E67F ] tssecsrv        C:\windows\system32\DRIVERS\tssecsrv.sys
11:22:06.0425 0x14d0  tssecsrv - ok
11:22:06.0472 0x14d0  [ C6A5FBD4977305E1FA23E02C042DB463, A6EB5E4B8051A258D40A385609E930318EAA3494C8466F48542B806FE6A7C47A ] TsUsbFlt        C:\windows\system32\drivers\tsusbflt.sys
11:22:06.0519 0x14d0  TsUsbFlt - ok
11:22:06.0565 0x14d0  [ 01246F0BAAD7B68EC0F472AA41E33282, 51F975AF029AD015576FFFA3E88F5DBB8B40C7CD30ECDEDE8AFABCB08C954199 ] TsUsbGD         C:\windows\system32\drivers\TsUsbGD.sys
11:22:06.0628 0x14d0  TsUsbGD - ok
11:22:06.0659 0x14d0  [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
11:22:06.0768 0x14d0  tunnel - ok
11:22:06.0799 0x14d0  [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35          C:\windows\system32\drivers\uagp35.sys
11:22:06.0831 0x14d0  uagp35 - ok
11:22:06.0877 0x14d0  [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs            C:\windows\system32\DRIVERS\udfs.sys
11:22:06.0971 0x14d0  udfs - ok
11:22:07.0018 0x14d0  [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect       C:\windows\system32\UI0Detect.exe
11:22:07.0080 0x14d0  UI0Detect - ok
11:22:07.0111 0x14d0  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx        C:\windows\system32\drivers\uliagpkx.sys
11:22:07.0158 0x14d0  uliagpkx - ok
11:22:07.0205 0x14d0  [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus           C:\windows\system32\DRIVERS\umbus.sys
11:22:07.0252 0x14d0  umbus - ok
11:22:07.0283 0x14d0  [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass          C:\windows\system32\drivers\umpass.sys
11:22:07.0314 0x14d0  UmPass - ok
11:22:07.0361 0x14d0  [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost        C:\windows\System32\upnphost.dll
11:22:07.0455 0x14d0  upnphost - ok
11:22:07.0501 0x14d0  [ 0803FBA9FE829D61AE26EC0BCC910C46, 30D00E2C7DFC630C99C1599587D4F9C272BC30D444E07C961AA05BF84587806B ] usbccgp         C:\windows\system32\DRIVERS\usbccgp.sys
11:22:07.0595 0x14d0  usbccgp - ok
11:22:07.0657 0x14d0  [ 2352AB5F9F8F097BF9D41D5A4718A041, 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C ] usbcir          C:\windows\system32\drivers\usbcir.sys
11:22:07.0704 0x14d0  usbcir - ok
11:22:07.0751 0x14d0  [ D40855F89B69305140BBD7E9A3BA2DA6, 745DC6D770666F6B19C2B6AA89C21D1A314732E291453BFA2367F9AF86F97C3C ] usbehci         C:\windows\system32\drivers\usbehci.sys
11:22:07.0782 0x14d0  usbehci - ok
11:22:07.0813 0x14d0  [ EDF2DF71C4F1E13A6AC75F5224DE655A, 1764D155C6B99201774B57195349304259232A12868ECFC2069CA49443EBDC2C ] usbhub          C:\windows\system32\DRIVERS\usbhub.sys
11:22:07.0891 0x14d0  usbhub - ok
11:22:07.0923 0x14d0  [ 9828C8D14CC2676421778F0DE638CF97, 479A28211FFB85190A01FAB0283B927588805D2C0CDB03F85F8F814B88E4F453 ] usbohci         C:\windows\system32\drivers\usbohci.sys
11:22:07.0985 0x14d0  usbohci - ok
11:22:08.0016 0x14d0  [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint        C:\windows\system32\DRIVERS\usbprint.sys
11:22:08.0079 0x14d0  usbprint - ok
11:22:08.0125 0x14d0  [ FC6B21DB4B5B398AB93DBE59CBF11036, A94094C208F376405C07822A6143001EF1B12AE93205CD8002E87F6EB45F6374 ] usbscan         C:\windows\system32\DRIVERS\usbscan.sys
11:22:08.0188 0x14d0  usbscan - ok
11:22:08.0219 0x14d0  [ F991AB9CC6B908DB552166768176896A, AD8E7A16B23B244B7F834622D4E38B5844193C6E31EF96F61E0E2EA16C945026 ] USBSTOR         C:\windows\system32\DRIVERS\USBSTOR.SYS
11:22:08.0313 0x14d0  USBSTOR - ok
11:22:08.0344 0x14d0  [ 800AABFD625EEFF899F7E5496BDE37AB, 3EB7ED07760CB348FCA9A06C2B838EF79B51A83C5F70A9C9EAAEAE54480067E2 ] usbuhci         C:\windows\system32\drivers\usbuhci.sys
11:22:08.0375 0x14d0  usbuhci - ok
11:22:08.0422 0x14d0  [ DE014425522610BEDCA3821BB8C0F1D5, D6FEA0DF07F89834AEEE8C02CC7FD41068D758B6CCECE2EEE5CF4B9DB646FA1E ] usbvideo        C:\windows\system32\Drivers\usbvideo.sys
11:22:08.0484 0x14d0  usbvideo - ok
11:22:08.0531 0x14d0  [ AF77716205C97E902E6C5B78DECE2CCA, ED99EABED1C7F323EE2A76413E2B260F8EE1D76FDF1E60EE35136D060E756735 ] usb_rndisx      C:\windows\system32\DRIVERS\usb8023x.sys
11:22:08.0593 0x14d0  usb_rndisx - ok
11:22:08.0687 0x14d0  [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms           C:\windows\System32\uxsms.dll
11:22:08.0796 0x14d0  UxSms - ok
11:22:08.0812 0x14d0  [ BF08DE8E4FA1F143D41B3241F7FCE5F6, 4140BE0ECE0D4B8FDD413DBA120F5D7EF6F94628224320EDA2A85E50BEFDA638 ] VaultSvc        C:\windows\system32\lsass.exe
11:22:08.0859 0x14d0  VaultSvc - ok
11:22:08.0905 0x14d0  [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot        C:\windows\system32\drivers\vdrvroot.sys
11:22:08.0937 0x14d0  vdrvroot - ok
11:22:08.0983 0x14d0  [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds             C:\windows\System32\vds.exe
11:22:09.0124 0x14d0  vds - ok
11:22:09.0171 0x14d0  [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga             C:\windows\system32\DRIVERS\vgapnp.sys
11:22:09.0233 0x14d0  vga - ok
11:22:09.0249 0x14d0  [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave         C:\windows\System32\drivers\vga.sys
11:22:09.0342 0x14d0  VgaSave - ok
11:22:09.0373 0x14d0  [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp           C:\windows\system32\drivers\vhdmp.sys
11:22:09.0420 0x14d0  vhdmp - ok
11:22:09.0467 0x14d0  [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp          C:\windows\system32\drivers\viaagp.sys
11:22:09.0498 0x14d0  viaagp - ok
11:22:09.0529 0x14d0  [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7           C:\windows\system32\drivers\viac7.sys
11:22:09.0592 0x14d0  ViaC7 - ok
11:22:09.0623 0x14d0  [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide          C:\windows\system32\drivers\viaide.sys
11:22:09.0654 0x14d0  viaide - ok
11:22:09.0701 0x14d0  [ C37CE43FB54066FFB540729C6E6E194E, EF96BFF5696C1BE3078B748CD08352773430C7042BE89E439EE67046E46D293B ] VideAceWindowsService C:\ExpressGateUtil\VAWinService.exe
11:22:09.0717 0x14d0  VideAceWindowsService - ok
11:22:09.0795 0x14d0  [ 6E021D6DA429AD7288FE8322E2BBA96B, 76168FAADE2803D2215ED5959C5C8FC1885222BAEBDF2950C6CC51798136EE51 ] VMCService      C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
11:22:09.0810 0x14d0  VMCService - detected UnsignedFile.Multi.Generic ( 1 )
11:22:09.0810 0x14d0  VMCService ( UnsignedFile.Multi.Generic ) - warning
11:22:09.0857 0x14d0  [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr          C:\windows\system32\drivers\volmgr.sys
11:22:09.0904 0x14d0  volmgr - ok
11:22:09.0935 0x14d0  [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx         C:\windows\system32\drivers\volmgrx.sys
11:22:09.0982 0x14d0  volmgrx - ok
11:22:10.0029 0x14d0  [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap         C:\windows\system32\drivers\volsnap.sys
11:22:10.0091 0x14d0  volsnap - ok
11:22:10.0138 0x14d0  [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid         C:\windows\system32\drivers\vsmraid.sys
11:22:10.0169 0x14d0  vsmraid - ok
11:22:10.0278 0x14d0  [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS             C:\windows\system32\vssvc.exe
11:22:10.0450 0x14d0  VSS - ok
11:22:10.0481 0x14d0  [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus        C:\windows\system32\DRIVERS\vwifibus.sys
11:22:10.0528 0x14d0  vwifibus - ok
11:22:10.0575 0x14d0  [ 7090D3436EEB4E7DA3373090A23448F7, 3A130B28F2BFA7DCEC8596C4CE4E187B019F5ECF1AAC8DD1BBDE9CBD2428FEC2 ] vwififlt        C:\windows\system32\DRIVERS\vwififlt.sys
11:22:10.0653 0x14d0  vwififlt - ok
11:22:10.0684 0x14d0  [ A3F04CBEA6C2A10E6CB01F8B47611882, 32AFE18B07FECA30BC95831A5DC94C784E543784DF16165334A777DC84E91EF3 ] vwifimp         C:\windows\system32\DRIVERS\vwifimp.sys
11:22:10.0731 0x14d0  vwifimp - ok
11:22:10.0777 0x14d0  [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time         C:\windows\system32\w32time.dll
11:22:10.0902 0x14d0  W32Time - ok
11:22:10.0933 0x14d0  [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen        C:\windows\system32\drivers\wacompen.sys
11:22:10.0980 0x14d0  WacomPen - ok
11:22:11.0027 0x14d0  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP          C:\windows\system32\DRIVERS\wanarp.sys
11:22:11.0121 0x14d0  WANARP - ok
11:22:11.0121 0x14d0  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys
11:22:11.0199 0x14d0  Wanarpv6 - ok
11:22:11.0308 0x14d0  [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine        C:\windows\system32\wbengine.exe
11:22:11.0495 0x14d0  wbengine - ok
11:22:11.0542 0x14d0  [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
11:22:11.0604 0x14d0  WbioSrvc - ok
11:22:11.0651 0x14d0  [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc         C:\windows\System32\wcncsvc.dll
11:22:11.0729 0x14d0  wcncsvc - ok
11:22:11.0760 0x14d0  [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
11:22:11.0838 0x14d0  WcsPlugInService - ok
11:22:11.0869 0x14d0  [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd              C:\windows\system32\drivers\wd.sys
11:22:11.0901 0x14d0  Wd - ok
11:22:11.0979 0x14d0  [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
11:22:12.0041 0x14d0  Wdf01000 - ok
11:22:12.0072 0x14d0  [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiServiceHost  C:\windows\system32\wdi.dll
11:22:12.0150 0x14d0  WdiServiceHost - ok
11:22:12.0166 0x14d0  [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiSystemHost   C:\windows\system32\wdi.dll
11:22:12.0213 0x14d0  WdiSystemHost - ok
11:22:12.0275 0x14d0  [ 75E8EBD7040CE238684333F97014762A, 2CA0B267FBAEB303D1F8B639D733DC0DE17BA1276CC9096035B4F2BBBED3EF7F ] WebClient       C:\windows\System32\webclnt.dll
11:22:12.0353 0x14d0  WebClient - ok
11:22:12.0384 0x14d0  [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc          C:\windows\system32\wecsvc.dll
11:22:12.0478 0x14d0  Wecsvc - ok
11:22:12.0509 0x14d0  [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport   C:\windows\System32\wercplsupport.dll
11:22:12.0603 0x14d0  wercplsupport - ok
11:22:12.0649 0x14d0  [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc          C:\windows\System32\WerSvc.dll
11:22:12.0743 0x14d0  WerSvc - ok
11:22:12.0774 0x14d0  [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf          C:\windows\system32\DRIVERS\wfplwf.sys
11:22:12.0852 0x14d0  WfpLwf - ok
11:22:12.0883 0x14d0  [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount        C:\windows\system32\drivers\wimmount.sys
11:22:12.0915 0x14d0  WIMMount - ok
11:22:13.0024 0x14d0  [ 082CF481F659FAE0DE51AD060881EB47, BB67D2AF0BB9192D4CCF66C23D80CE5A1B38715556D94E2561DBF8F805FA30A5 ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
11:22:13.0102 0x14d0  WinDefend - ok
11:22:13.0149 0x14d0  WinHttpAutoProxySvc - ok
11:22:13.0227 0x14d0  [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt         C:\windows\system32\wbem\WMIsvc.dll
11:22:13.0305 0x14d0  Winmgmt - ok
11:22:13.0414 0x14d0  [ 1DE9BD23AFA36150586C732D876D9B74, 32CF2C8EC18CFDA677AB72A182EB4B839DCC72BFCD6CA309BE2F434991CAE973 ] WinRM           C:\windows\system32\WsmSvc.dll
11:22:13.0601 0x14d0  WinRM - ok
11:22:13.0679 0x14d0  [ A67E5F9A400F3BD1BE3D80613B45F708, E170A8BD31A779403DC9C43ED6483DA8E186512D3EE700B87F6BA292E284E367 ] WinUsb          C:\windows\system32\DRIVERS\WinUsb.sys
11:22:13.0741 0x14d0  WinUsb - ok
11:22:13.0835 0x14d0  [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc         C:\windows\System32\wlansvc.dll
11:22:13.0944 0x14d0  Wlansvc - ok
11:22:13.0975 0x14d0  [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi         C:\windows\system32\DRIVERS\wmiacpi.sys
11:22:14.0007 0x14d0  WmiAcpi - ok
11:22:14.0053 0x14d0  [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
11:22:14.0100 0x14d0  wmiApSrv - ok
11:22:14.0241 0x14d0  [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
11:22:14.0381 0x14d0  WMPNetworkSvc - ok
11:22:14.0428 0x14d0  [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc          C:\windows\System32\wpcsvc.dll
11:22:14.0521 0x14d0  WPCSvc - ok
11:22:14.0553 0x14d0  [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
11:22:14.0615 0x14d0  WPDBusEnum - ok
11:22:14.0662 0x14d0  [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl         C:\windows\system32\drivers\ws2ifsl.sys
11:22:14.0724 0x14d0  ws2ifsl - ok
11:22:14.0771 0x14d0  [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc          C:\windows\System32\wscsvc.dll
11:22:14.0833 0x14d0  wscsvc - ok
11:22:14.0849 0x14d0  WSearch - ok
11:22:14.0911 0x14d0  [ BAEDC491374DEFD5E76336901D6D397D, E9DBE0E1361F0FD6CEF5B46DE2464B9604FE19CF59B7524D6EA8A063F718AB69 ] wsvd            C:\windows\system32\DRIVERS\wsvd.sys
11:22:14.0943 0x14d0  wsvd - ok
11:22:15.0114 0x14d0  [ D9B0134913E5EF007AF82A418C503322, 7418DD28C8E968674382F8352AAFFC4DE77887E2B71B8844D615F19432B4C55A ] wuauserv        C:\windows\system32\wuaueng.dll
11:22:15.0301 0x14d0  wuauserv - ok
11:22:15.0364 0x14d0  [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
11:22:15.0442 0x14d0  WudfPf - ok
11:22:15.0489 0x14d0  [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd          C:\windows\system32\DRIVERS\WUDFRd.sys
11:22:15.0520 0x14d0  WUDFRd - ok
11:22:15.0567 0x14d0  [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc         C:\windows\System32\WUDFSvc.dll
11:22:15.0613 0x14d0  wudfsvc - ok
11:22:15.0645 0x14d0  [ 7CC38741B8F68F1E0D5D79DA6123666A, F90D2DA1C9AFB506C381CD386E1430931B5F81813FEDFD720F87FBC54E7A00DA ] WwanSvc         C:\windows\System32\wwansvc.dll
11:22:15.0754 0x14d0  WwanSvc - ok
11:22:15.0816 0x14d0  ================ Scan global ===============================
11:22:15.0847 0x14d0  [ DAB748AE0439955ED2FA22357533DDDB, 73EDD402C7479DDCE1998D0C7E99E1EC2974F64EFC33A851439CC85D09EDCDF9 ] C:\windows\system32\basesrv.dll
11:22:15.0894 0x14d0  [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\windows\system32\winsrv.dll
11:22:15.0925 0x14d0  [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\windows\system32\winsrv.dll
11:22:15.0988 0x14d0  [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\windows\system32\sxssrv.dll
11:22:16.0035 0x14d0  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6, D7BC4ED605B32274B45328FD9914FB0E7B90D869A38F0E6F94FB1BF4E9E2B407 ] C:\windows\system32\services.exe
11:22:16.0050 0x14d0  [ Global ] - ok
11:22:16.0050 0x14d0  ================ Scan MBR ==================================
11:22:16.0066 0x14d0  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
11:22:16.0768 0x14d0  \Device\Harddisk0\DR0 - ok
11:22:16.0783 0x14d0  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
11:22:16.0971 0x14d0  \Device\Harddisk1\DR1 - ok
11:22:16.0971 0x14d0  ================ Scan VBR ==================================
11:22:16.0971 0x14d0  [ 3D7F05086F8630D2DF1C09B83CB6CFF8 ] \Device\Harddisk0\DR0\Partition1
11:22:16.0971 0x14d0  \Device\Harddisk0\DR0\Partition1 - ok
11:22:17.0017 0x14d0  [ C951332CF5555FFF9459687F2948D80F ] \Device\Harddisk0\DR0\Partition2
11:22:17.0017 0x14d0  \Device\Harddisk0\DR0\Partition2 - ok
11:22:17.0017 0x14d0  [ 6D63CB392D81F3BA64ED4AEFCFF990E8 ] \Device\Harddisk1\DR1\Partition1
11:22:17.0033 0x14d0  \Device\Harddisk1\DR1\Partition1 - ok
11:22:17.0033 0x14d0  ================ Scan generic autorun ======================
11:22:17.0111 0x14d0  [ 42033C6F5C45515BF517DE19BC7E0E7B, 43BD1FC87FCB84DB4B67F5DA49F42F926A5F0E866AB76F4A10A373657E235D13 ] C:\Program Files\Elantech\ETDCtrl.exe
11:22:17.0173 0x14d0  ETDWare - ok
11:22:17.0220 0x14d0  [ F4F7C86191A981C804326E2EF6F3604F, 1ECE05E643AFFB27A148A8B86615F6C167875EF29D6FF7E2FD15B8DCBE6B8A16 ] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
11:22:17.0251 0x14d0  Adobe Reader Speed Launcher - ok
11:22:17.0314 0x14d0  [ FA4B3C3A301F29DBD6A3F11E0FA28B3C, 9777E78C2ADE3B7342582F75BB590957BD620D070AE6DC6F1BC09C1106C9F8F3 ] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe
11:22:17.0376 0x14d0  Eee Docking - detected UnsignedFile.Multi.Generic ( 1 )
11:22:17.0376 0x14d0  Eee Docking ( UnsignedFile.Multi.Generic ) - warning
11:22:18.0109 0x14d0  [ 43502CC12E4518074500E996EC2AC93A, 0D97FDF44EC356F4D31698EC734386E9BBB595783E5B99368691FB89463E0F03 ] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
11:22:19.0108 0x14d0  RtHDVCpl - ok
11:22:19.0685 0x14d0  [ 48BE298F7FD1BEF4D8FBACB04D8D95C4, D375B3F6E850E4B0EC81BAA0E554C356BE2248AA77C6C56F5267CA05460FE4EB ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
11:22:20.0028 0x14d0  Adobe ARM - ok
11:22:20.0605 0x14d0  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
11:22:21.0198 0x14d0  Sidebar - ok
11:22:21.0245 0x14d0  [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
11:22:21.0292 0x14d0  mctadmin - ok
11:22:21.0401 0x14d0  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
11:22:21.0557 0x14d0  Sidebar - ok
11:22:21.0604 0x14d0  [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
11:22:21.0666 0x14d0  mctadmin - ok
11:22:21.0838 0x14d0  Win FW state via NFP2: enabled
11:22:21.0838 0x14d0  ============================================================
11:22:21.0838 0x14d0  Scan finished
11:22:21.0838 0x14d0  ============================================================
11:22:21.0869 0x14d8  Detected object count: 10
11:22:21.0869 0x14d8  Actual detected object count: 10
11:23:44.0003 0x14d8  atksgt ( UnsignedFile.Multi.Generic ) - skipped by user
11:23:44.0003 0x14d8  atksgt ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:23:44.0019 0x14d8  hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
11:23:44.0019 0x14d8  hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:23:44.0019 0x14d8  hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
11:23:44.0019 0x14d8  hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:23:44.0019 0x14d8  HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
11:23:44.0019 0x14d8  HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:23:44.0034 0x14d8  lirsgt ( UnsignedFile.Multi.Generic ) - skipped by user
11:23:44.0034 0x14d8  lirsgt ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:23:44.0034 0x14d8  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
11:23:44.0034 0x14d8  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:23:44.0034 0x14d8  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
11:23:44.0034 0x14d8  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:23:44.0050 0x14d8  PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
11:23:44.0050 0x14d8  PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:23:44.0050 0x14d8  VMCService ( UnsignedFile.Multi.Generic ) - skipped by user
11:23:44.0050 0x14d8  VMCService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:23:44.0050 0x14d8  Eee Docking ( UnsignedFile.Multi.Generic ) - skipped by user
11:23:44.0050 0x14d8  Eee Docking ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 14.03.2015, 16:12   #11
schrauber
/// the machine
/// TB-Ausbilder
 

Link angeklickt DHL - Standard

Link angeklickt DHL



hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 15.03.2015, 10:17   #12
Dummy0815
 
Link angeklickt DHL - Standard

Link angeklickt DHL



So, hier ist die Log Datei.
Leider mußte ich zwischend urch ein paar Mal an der Maus ruckeln, um den Standby Modus zu verhindern und einmal war ich zu spät. Combofix scheint aber einfach weitergemacht zu haben.
Code:
ATTFilter
ComboFix 15-03-14.03 - Silke 15.03.2015  10:48:57.1.4 - x86
Microsoft Windows 7 Starter   6.1.7601.1.1252.49.1031.18.1014.397 [GMT 1:00]
ausgeführt von:: c:\users\Silke\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\Thumbs.db
c:\windows\tmp
c:\windows\tmp\dd_vcredistMSI24A1.txt
c:\windows\tmp\dd_vcredistUI24A1.txt
c:\windows\tmp\qtsingleapp-koboex-f4a6-1-lockfile
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-02-15 bis 2015-03-15  ))))))))))))))))))))))))))))))
.
.
2015-03-15 10:06 . 2015-03-15 10:06	--------	d-----w-	c:\users\Silke\AppData\Local\temp
2015-03-15 10:06 . 2015-03-15 10:06	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-03-13 12:46 . 2015-03-14 08:15	--------	d-----w-	c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-03-13 12:46 . 2015-03-13 13:51	119512	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-03-13 12:42 . 2015-03-13 13:50	92888	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2015-03-13 10:54 . 2015-01-29 09:49	9041640	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{CBE92D2F-831A-4158-A198-57DD3B71532A}\mpengine.dll
2015-03-12 10:47 . 2015-03-12 11:08	--------	d-----w-	C:\FRST
2015-02-25 12:36 . 2015-02-25 14:20	--------	d-----w-	c:\program files\Mozilla Thunderbird
2015-02-16 12:56 . 2015-01-14 05:44	3972544	----a-w-	c:\windows\system32\ntkrnlpa.exe
2015-02-16 12:56 . 2015-01-14 05:44	3917760	----a-w-	c:\windows\system32\ntoskrnl.exe
2015-02-16 12:56 . 2014-12-19 02:43	164864	----a-w-	c:\windows\system32\profsvc.dll
2015-02-16 12:56 . 2015-02-04 02:54	482304	----a-w-	c:\windows\system32\generaltel.dll
2015-02-16 12:56 . 2015-02-04 02:53	767488	----a-w-	c:\windows\system32\appraiser.dll
2015-02-16 12:56 . 2015-02-04 02:49	886784	----a-w-	c:\windows\system32\aeinv.dll
2015-02-16 12:56 . 2015-02-04 02:53	621056	----a-w-	c:\windows\system32\invagent.dll
2015-02-16 12:56 . 2015-02-04 02:53	325632	----a-w-	c:\windows\system32\devinv.dll
2015-02-16 12:56 . 2015-01-27 23:36	1167520	----a-w-	c:\windows\system32\aitstatic.exe
2015-02-16 12:56 . 2015-02-04 02:53	202752	----a-w-	c:\windows\system32\aepdu.dll
2015-02-16 12:56 . 2015-02-04 02:53	159744	----a-w-	c:\windows\system32\aepic.dll
2015-02-16 12:48 . 2015-01-13 02:49	1230336	----a-w-	c:\windows\system32\WindowsCodecs.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-24 03:23 . 2012-01-09 18:29	246920	------w-	c:\windows\system32\MpSigStub.exe
2015-02-05 11:53 . 2012-11-16 21:25	701616	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2015-02-05 11:53 . 2011-12-28 23:09	71344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	152544	----a-w-	c:\users\Silke\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	152544	----a-w-	c:\users\Silke\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	152544	----a-w-	c:\users\Silke\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	152544	----a-w-	c:\users\Silke\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2010-04-13 548744]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056]
"Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2011-01-06 414384]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-08-24 9722472]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
c:\users\Silke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Silke\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2015-3-4 42560368]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AsusVibeLauncher.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
backup=c:\windows\pss\AsusVibeLauncher.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Silke^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\Silke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUSPRP]
2011-04-21 01:37	2018032	----a-w-	c:\program files\Asus\APRP\aprp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CapsHook]
2011-03-11 01:06	34728	----a-w-	c:\windows\System32\AsusSender.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreePDF Assistant]
2011-02-23 20:19	371200	----a-w-	c:\program files\FreePDF_XP\fpassist.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotkeyMon]
2011-03-11 01:06	34728	----a-w-	c:\windows\System32\AsusSender.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2011-04-19 22:39	174360	----a-w-	c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotkeyService]
2011-03-11 01:06	34728	----a-w-	c:\windows\System32\AsusSender.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 15:24	54840	----a-w-	c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-07-22 17:33	150528	----a-w-	c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2011-04-19 22:39	142104	----a-w-	c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LiveUpdate]
2011-03-11 01:06	34728	----a-w-	c:\windows\System32\AsusSender.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Download Assistant]
2010-11-03 20:50	1246544	----a-w-	c:\windows\System32\LogiLDA.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileConnect]
2008-07-04 10:52	2072576	----a-w-	c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2011-04-19 22:39	150808	----a-w-	c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuperHybridEngine]
2011-03-11 01:06	34728	----a-w-	c:\windows\System32\AsusSender.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAWinAgent]
2011-03-23 19:33	45448	----a-w-	c:\expressgateutil\VAWinAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2006-01-31 02:05	35328	----a-w-	c:\program files\Winamp\winampa.exe
.
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-01-12 102912]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-22 81704]
S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2010-08-03 11832]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-12-28 239168]
S2 AsusService;Asus Launcher Service;c:\windows\system32\AsusService.exe [2011-03-03 224680]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2013-04-22 822504]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2013-06-26 523944]
S2 VideAceWindowsService;VideAceWindowsService;c:\expressgateutil\VAWinService.exe [2011-01-12 91464]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2008-07-04 14336]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-04-13 109960]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2010-09-27 68208]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2013-06-26 583848]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2013-06-26 197800]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2013-06-26 24232]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2013-06-26 20136]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2013-06-26 207528]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
HPService	REG_MULTI_SZ   	HPSLPSVC
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2015-03-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-16 11:53]
.
2015-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-14 19:59]
.
2015-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-14 19:59]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:Tabs
TCP: DhcpNameServer = 192.168.2.1 192.168.0.1
TCP: Interfaces\{56F23909-E102-4A9C-82C0-0E6999205EDB}: NameServer = 192.168.0.1
TCP: Interfaces\{56F23909-E102-4A9C-82C0-0E6999205EDB}\4736F547563747: NameServer = 192.168.0.1
TCP: Interfaces\{56F23909-E102-4A9C-82C0-0E6999205EDB}\64259445A51224F6870264F6E60275C414E40273339303: NameServer = 192.168.0.1
TCP: Interfaces\{56F23909-E102-4A9C-82C0-0E6999205EDB}\C696E6B6379737: NameServer = 192.168.0.1
FF - ProfilePath - c:\users\Silke\AppData\Roaming\Mozilla\Firefox\Profiles\5d6xqnyp.default\
FF - ExtSQL: !HIDDEN! 2013-11-07 14:11; smartwebprinting@hp.com; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
MSConfigStartUp-Akamai NetSession Interface - c:\users\Silke\AppData\Local\Akamai\netsession_win.exe
MSConfigStartUp-avgnt - c:\program files\Avira\AntiVir Desktop\avgnt.exe
MSConfigStartUp-Avira Systray - c:\program files\Avira\My Avira\Avira.OE.Systray.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-03-15  11:11:47
ComboFix-quarantined-files.txt  2015-03-15 10:11
.
Vor Suchlauf: 10 Verzeichnis(se), 63.013.007.360 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 66.166.710.272 Bytes frei
.
- - End Of File - - 58CE9C97856C66306D1FD9C61B491350
A36C5E4F47E84449FF07ED3517B43A31
         

Alt 15.03.2015, 13:04   #13
schrauber
/// the machine
/// TB-Ausbilder
 

Link angeklickt DHL - Standard

Link angeklickt DHL



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 15.03.2015, 16:48   #14
Dummy0815
 
Link angeklickt DHL - Standard

Link angeklickt DHL



Malwarebytes:
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 15.03.2015
Suchlauf-Zeit: 14:38:24
Logdatei: Malwarebytes.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.03.15.02
Rootkit Datenbank: v2015.02.25.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x86
Dateisystem: NTFS
Benutzer: Silke

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 331080
Verstrichene Zeit: 32 Min, 50 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 0
(Keine schädliche Elemente erkannt)

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
         
ADW Cleaner

Code:
ATTFilter
# AdwCleaner v4.112 - Bericht erstellt 15/03/2015 um 16:54:50
# Aktualisiert 09/03/2015 von Xplode
# Datenbank : 2015-03-05.1 [Server]
# Betriebssystem : Windows 7 Starter Service Pack 1 (x86)
# Benutzername : Silke - SILKE-PC
# Gestarted von : C:\Users\Silke\Downloads\AdwCleaner_4.112.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\Silke\AppData\LocalLow\HPAppData

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gelöscht : HKCU\Software\OCS

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17631


-\\ Mozilla Firefox v36.0.1 (x86 de)


*************************

AdwCleaner[R0].txt - [977 Bytes] - [15/03/2015 16:49:25]
AdwCleaner[S0].txt - [900 Bytes] - [15/03/2015 16:54:50]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [958  Bytes] ##########
         
Der Rest folgt...

JRT

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.3 (03.01.2015:1)
OS: Windows 7 Starter x86
Ran by Silke on 15.03.2015 at 17:10:12,53
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{0078E734-442D-4A3A-A9F4-65A3843EC5DA}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{01835D26-7606-4954-BB1C-CA8686718495}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{01AEA503-7941-4EBE-8423-9D23D8ED2F98}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{0412C3C8-B38E-44C9-BFBF-1CEEF70E947A}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{0749E588-03A4-4A1D-BA44-F2B47AA9B469}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{0BC19FFA-8109-4383-8A6B-5A8BFE497D8A}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{0E68FFA7-FCEF-40DC-BE24-C93524CCE78E}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{10048F56-E5B4-43CD-9CE1-2D9E4B82AC73}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{11F3640F-4D9F-456F-9857-B74674A77DEB}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{13E98E70-C9AA-44B5-ACDE-738C25FCC54A}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{169DD5D2-C616-47D8-9FEF-2075F8400133}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{19DD18F1-AA5A-4D23-B6D4-1DC0F992C649}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{1A3C136A-86F6-4DDA-8857-F4C4DCFD1687}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{1A8F72C8-A8F8-4628-A406-56C0A15F5299}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{1DC4966B-6CBB-4AB4-9407-150F42416172}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{1EB41B3A-3B84-4572-B08A-512FDC692164}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{1F1FDEAA-4064-422C-9715-C2DB29EAD1FB}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{233D1CB3-8A3F-4D6F-B311-21DAED2E42E0}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{25B19BD9-A34B-4349-8714-220B259ACE16}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{28AC9345-4BDC-4D51-A21C-1556DCE6D9EB}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{2A469C4C-C4F9-4E64-AD7F-AB4660EF7A67}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{2B30048B-F0BD-4BAD-BE51-47F68784A102}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{2B3D4D07-EA52-494A-9B3C-8F9B6471A948}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{2E4488AB-0B6D-43C4-8682-70995560B919}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{2F51FFAC-9D64-42A3-AE7B-1F08EE037189}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{2F7AB838-6621-4192-B675-CD3CBC52B632}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{2FC1A939-2CC1-4C56-9455-1775830D59F2}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{308C9B2A-93BD-4000-B962-6EA31BEAA5E7}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{31C1B00F-056D-4526-96DB-6132857C32C3}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{33AE3FBF-2D61-42ED-B9E6-F3B223BD8697}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{37C0FDF3-8D7F-46DF-9B88-E01996E34F1B}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{37E87E66-9245-435F-A20C-054A4D2D5955}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{38CEC18D-9A6A-4C44-85B9-BB29CD768EB1}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{3A6044FF-5FB9-4AA0-A2C2-11D059C77278}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{3D48473D-5ECA-485D-AB21-90B66CCF13A8}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{3DD4DBF8-2E32-4804-B44A-D00C533FB567}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{41B85A54-2959-4B3D-B056-B731F900DE05}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{41C96ECC-F946-489A-8772-DCBAC6350176}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{41FEE41A-606A-439C-B703-192C702B093A}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{458D9122-A9C8-4AEB-AD8C-BAA8963D4FE2}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{4739DB9B-8E28-4627-BBBF-8F8D99F11CC6}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{4835CEB2-A0D9-45FD-A201-733EF381A801}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{4A1EB02A-FC17-47E9-9153-1E1AA83C618F}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{4E83F603-7A0E-44D3-9BB4-25DFB39CBAA6}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{4FDD4D87-C3D2-4321-A4BA-63681F95DF94}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{50062FB8-56A9-449C-AEB2-FF113F10BCDE}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{52DF440D-F634-44AB-A7C4-F35E9DE5BFCD}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{58798CAF-796A-455D-9DC2-E3A2C2C6C75E}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{58ECB80E-CBC0-41BA-B00A-3E2A9F685082}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{5EEE7B1D-2EAC-4E1F-8A6D-B1E749591394}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{68CDB232-9BBF-40D0-90E9-F945C5D6386B}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{6B268D91-B9E2-45C5-8344-B75BC5DABEAD}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{6D4BC26B-C5F8-4783-B844-E6A93C5BAD5B}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{6F3A6F15-AC6A-4C02-93E4-64B72C0D5FA9}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{70141164-50C8-4B9A-8D77-0FAB353DED5E}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{721312CC-39D4-4AE6-B29D-8248C22FFC48}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{7393995F-DDF1-4BA5-B66D-BDF5EAD42E17}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{73E79483-5F6C-42B5-8D87-918C93580450}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{7684D79A-3983-4B89-BADB-47FCF0F06D8F}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{7958CD9D-B6C3-49B8-9836-896E2631FB74}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{7CE313A3-1CED-425E-8B2C-56B7D0A612BB}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{7F6D525C-A455-4883-9236-1584A0771C5F}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{80EBD5F1-4751-40DF-806D-2496FB3CED44}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{825A677D-F6FD-4A1E-A91B-10A7EFD891CC}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{827509B0-BEF2-4154-BC68-3C3E953A62A4}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{82BF858C-B90E-4F62-8EC3-5C6170887518}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{82CD3639-CD3C-4D3C-802B-65DDC371DBCD}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{8C2890A1-D0EE-4B87-B3FA-2C654B2C5AE9}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{8D348279-6DC2-4C89-94FE-FA0053A62289}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{8EE588ED-19FF-48E7-99C6-5F2CEC5FFD51}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{9102D0C7-2B97-43EB-AF32-E080DBDC2043}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{91B60C1D-95F9-40A7-AD45-D1CF67A4920D}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{92160048-0E0C-4C5C-8C67-D7399FD80856}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{9236FD73-DD1E-43E9-9724-B7354E878976}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{9353E028-5AC7-4D1F-A37F-87A0C1CE3B70}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{944A32EC-343A-4008-B2C4-9B706BE733CE}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{96B9BB11-45B5-4302-BD1A-3BF35C624AAF}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{98E0D7B8-DB57-446F-B928-3C0A7231E8BF}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{99B27B4C-359F-4B36-879B-8FA6533BA5B5}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{9A3049F4-7AB3-453B-9654-82D06839164C}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{9B9AF380-161B-46C7-A6A5-B71714984FE4}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{9D06BA1B-C495-49C5-9BDB-B76C29499CC1}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{9E801C53-B083-4A1C-82C5-FB0F68D20C5C}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{9FBA46AB-A789-4F58-81B5-2B2BA826E021}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{9FCCFAD8-0E39-484D-B04B-AF01557047C6}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{A039D934-5579-4071-894D-7BE4D1D20917}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{A30646C7-BBD4-4839-B1E9-4C49AEB5ADB7}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{A3ECF7CB-3E72-47BA-B1EA-81BD19FAA28D}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{A630C9C8-0192-4D4E-880E-EE6212F2BD93}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{A670EED0-4383-41B7-A690-4CA14DF90EA4}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{A8225CD8-5933-43CC-BBFD-BD541AF355D9}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{A823D11B-E260-408E-A377-72321EE1C60E}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{A93CEE91-6AF2-4DDA-AC90-1B44F28A9AFE}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{A95D0AE2-4287-4E95-92B7-97871E37E66D}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{AA0B22C5-6A2E-4FCF-9D12-F617580954F1}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{AAFEEE30-C691-47C7-B1CC-B86C65F36442}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{AD66EDC4-98DB-4E57-BF6E-645F38C11B0E}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{AE56A768-6BDC-4E13-B401-505B76FAD345}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{B22D8D70-C6D8-4101-B10D-82D1A8305055}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{B3B4DB90-C620-46EB-80C3-C301A3362C75}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{B3C8AE0D-41A5-41ED-917F-48B3130066F1}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{B4DF91F1-3864-455D-A5AF-06E5309D44E6}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{B67051B9-D662-4516-92DA-ABA4997336B0}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{B6E786F3-D1F0-4BA3-B2E5-9DEF9F4E8F64}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{B6F1CDDA-9CC7-40A7-AD53-24149F66C1E0}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{B8886254-E9EB-40E3-894B-4A6AAD6AF941}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{B8CD90B0-991A-4DD9-A94D-ABE33D97D49D}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{C05407D2-CF42-40F9-8AD4-A1E5207FAC2B}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{C1B7BFF8-383F-44F9-A96E-319EC7B4FF98}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{C2825D41-A682-472F-9689-62AC4DB63015}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{C3A67392-C739-42DE-842D-9E34992637DD}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{C4B2CC14-4130-48DB-888D-13F3C980D20A}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{C5479942-517E-4340-A56C-79B79A773849}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{C78D4600-87F0-4983-B33F-C90BAAD4420A}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{C7FFAE77-15CA-48B3-A197-DD183AD45ED4}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{C8E86FDB-D93B-4490-B230-70593261BBE9}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{CB1DF105-5713-4A26-9F6A-79B0CF042075}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{CB7405A0-9288-42E7-9DFD-7E82F2200C4B}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{CBCBE6C7-9FC1-4F79-8F3C-3CBBC13CA8D2}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{CDBB919A-E7AB-460E-9DEA-3D77E7C39224}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{CFB7A873-3905-420D-97A4-337E84D79CA9}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{D1139B06-F9A6-4C7E-A369-CDFDDAAB9250}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{D2D36F0F-1C25-4E84-8EAB-E489549B8422}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{D62B2125-59E0-459E-930A-27C5AE3D82E4}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{D7501424-4851-4B26-9DD1-E641024DD9A0}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{D82F78EF-3D58-457B-A7C9-159D450F2F19}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{D8DC1674-EDAC-4A34-86D2-AF3B06063134}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{DD760C80-C229-44DD-9ACC-F2235B9F1986}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{E1245507-7B90-4490-98B5-5AAD47822E1A}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{E267CC64-FA91-4A15-975C-30C35F414EF6}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{E3BF5BE6-86EF-421C-90A0-4A1242E9E649}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{E53A86E7-DD96-4882-8EAA-7EECC522E658}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{E5B51CF6-A9F9-41B5-9D2F-3421CD8EAA75}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{EC646216-23B6-4827-A665-9007DA0E95C9}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{ECB3E10B-DD8D-4A88-836A-7FBA06E17837}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{ECF69DEF-9E65-4BD5-B9A3-75ED572DAAAB}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{EE80E122-E29F-4151-8586-5193AEC8F789}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{F02F25E5-8959-44CD-A2A7-86E4F409CA83}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{F1C2D8E5-4DF1-41F7-9C7E-C33A53152509}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{F2FBB1BF-F3BB-4138-AE19-D4AA9FD142CA}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{F387D503-055F-4776-A0F9-46617156D977}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{F44EEEDE-E0CE-46E1-AB06-30627626C07B}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{F82E9029-BC51-4A1E-92CE-B143D023658A}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{F8D85B57-9BCA-40C0-856B-4CAF94539B6A}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{F8FD0F65-FDC9-4D67-9A26-7A19E2D8CAA9}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{F9ADC79C-A5C6-409F-A3D2-4366A56D6AA8}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{FA2512A0-FC04-4A8A-A8C4-27070052D698}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{FC2AB940-08BB-4365-8766-A3BCD4396935}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{FC3A8EEF-4A47-429F-BE30-31E2FDF9597C}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{FE454E3E-8CC2-4817-B472-BEECAE4E1A79}
Successfully deleted: [Empty Folder] C:\Users\Silke\appdata\local\{FFB4F420-C219-4A54-B0B0-952BE3C8800C}



~~~ FireFox

Emptied folder: C:\Users\Silke\AppData\Roaming\mozilla\firefox\profiles\5d6xqnyp.default\minidumps [121 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15.03.2015 at 17:39:33,65
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
FRST


FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by Silke (administrator) on SILKE-PC on 15-03-2015 17:42:33
Running from C:\Users\Silke\Downloads
Loaded Profiles: Silke (Available profiles: Silke)
Platform: Microsoft Windows 7 Starter  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Windows\System32\AsusService.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
() C:\ExpressGateUtil\VAWinService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
(ASUS) C:\Program Files\Common Files\InstantOn\InsOnWMI.exe
(Vodafone) C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Dropbox, Inc.) C:\Users\Silke\AppData\Roaming\Dropbox\bin\Dropbox.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(ASUSTek Computer Inc.) C:\Program Files\Asus\Eee Docking\Eee Docking.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [548744 2010-04-13] (ELAN Microelectronic Corp.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Eee Docking] => C:\Program Files\ASUS\Eee Docking\Eee Docking.exe [414384 2011-01-06] (ASUSTek Computer Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9722472 2010-08-24] (Realtek Semiconductor)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKU\S-1-5-21-711005638-1065484914-1841626983-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\Bubbles.scr [878592 2010-11-20] (Microsoft Corporation)
Startup: C:\Users\Silke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Silke\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Silke\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Silke\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Silke\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Silke\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-711005638-1065484914-1841626983-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-711005638-1065484914-1841626983-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-711005638-1065484914-1841626983-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKU\S-1-5-21-711005638-1065484914-1841626983-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.0.1
Tcpip\..\Interfaces\{56F23909-E102-4A9C-82C0-0E6999205EDB}: [NameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Silke\AppData\Roaming\Mozilla\Firefox\Profiles\5d6xqnyp.default
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Silke\AppData\Roaming\Mozilla\Firefox\Profiles\5d6xqnyp.default\searchplugins\ebay-kleinanzeigen.xml [2015-03-02]
FF SearchPlugin: C:\Users\Silke\AppData\Roaming\Mozilla\Firefox\Profiles\5d6xqnyp.default\searchplugins\google-images.xml [2014-12-14]
FF SearchPlugin: C:\Users\Silke\AppData\Roaming\Mozilla\Firefox\Profiles\5d6xqnyp.default\searchplugins\google-maps.xml [2014-12-14]
FF Extension: Avira Browser Safety - C:\Users\Silke\AppData\Roaming\Mozilla\Firefox\Profiles\5d6xqnyp.default\Extensions\abs@avira.com [2015-03-10]
FF Extension: dp Launcher Plugin - C:\Users\Silke\AppData\Roaming\Mozilla\Firefox\Profiles\5d6xqnyp.default\Extensions\dplauncher@digitalpublishing.de [2014-03-05]
FF Extension: Cliqz Beta - C:\Users\Silke\AppData\Roaming\Mozilla\Firefox\Profiles\5d6xqnyp.default\Extensions\cliqz@cliqz.com.xpi [2014-12-15]
FF Extension: Adblock Plus - C:\Users\Silke\AppData\Roaming\Mozilla\Firefox\Profiles\5d6xqnyp.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-01-05]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-11-07]
FF HKU\S-1-5-21-711005638-1065484914-1841626983-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKU\S-1-5-21-711005638-1065484914-1841626983-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Silke\AppData\Roaming\Mozilla\Firefox\Profiles\5d6xqnyp.default\extensions\cliqz@cliqz.com

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AsusService; C:\windows\system32\AsusService.exe [224680 2011-03-04] ()
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [694784 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S2 Net Driver HPZ12; C:\windows\system32\HPZinw12.dll [44544 2008-12-03] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\windows\system32\HPZipm12.dll [53760 2008-12-03] (Hewlett-Packard) [File not signed]
R2 VideAceWindowsService; C:\ExpressGateUtil\VAWinService.exe [91464 2011-01-12] ()
R2 VMCService; C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [14336 2008-07-04] (Vodafone) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\windows\System32\drivers\AsIO.sys [11456 2010-06-28] ()
R1 AsUpIO; C:\windows\System32\drivers\AsUpIO.sys [11832 2010-08-03] ()
S2 atksgt; C:\windows\System32\DRIVERS\atksgt.sys [271360 2014-03-05] () [File not signed]
R1 dtsoftbus01; C:\windows\System32\DRIVERS\dtsoftbus01.sys [239168 2011-12-29] (DT Soft Ltd)
R3 ETD; C:\windows\System32\DRIVERS\ETD.sys [109960 2010-04-13] (ELAN Microelectronic Corp.)
R3 kbfiltr; C:\windows\System32\DRIVERS\kbfiltr.sys [13880 2009-07-20] ( )
R2 lirsgt; C:\windows\System32\DRIVERS\lirsgt.sys [18048 2012-11-15] () [File not signed]
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-03-15] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R0 PxHelp20; C:\windows\System32\Drivers\PxHelp20.sys [20640 2005-12-05] (Sonic Solutions) [File not signed]
S3 wsvd; C:\windows\System32\DRIVERS\wsvd.sys [81704 2009-07-22] (CyberLink)
U5 AppMgmt; C:\windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 btwampfl; system32\drivers\btwampfl.sys [X]
S3 btwaudio; system32\drivers\btwaudio.sys [X]
S3 btwavdt; \SystemRoot\system32\drivers\btwavdt.sys [X]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [X]
S3 btwrchid; \SystemRoot\system32\drivers\btwrchid.sys [X]
S3 catchme; \??\C:\Users\Silke\AppData\Local\Temp\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-15 17:39 - 2015-03-15 17:39 - 00016761 _____ () C:\Users\Silke\Desktop\JRT.txt
2015-03-15 17:05 - 2015-03-15 17:05 - 01388333 _____ (Thisisu) C:\Users\Silke\Downloads\JRT.exe
2015-03-15 16:49 - 2015-03-15 16:54 - 00000000 ____D () C:\AdwCleaner
2015-03-15 16:48 - 2015-03-15 16:48 - 02171392 _____ () C:\Users\Silke\Downloads\AdwCleaner_4.112.exe
2015-03-15 15:15 - 2015-03-15 15:15 - 00001209 _____ () C:\Users\Silke\Desktop\Malwarebytes.txt
2015-03-15 14:36 - 2015-03-15 14:36 - 00001060 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-03-15 14:36 - 2015-03-15 14:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-03-15 14:36 - 2015-03-15 14:36 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2015-03-15 14:36 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-03-15 14:36 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-03-15 14:31 - 2015-03-15 14:32 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Silke\Downloads\mbam-setup-2.0.4.1028.exe
2015-03-15 11:11 - 2015-03-15 11:11 - 00013938 _____ () C:\ComboFix.txt
2015-03-15 10:44 - 2015-03-15 11:11 - 00000000 ____D () C:\Qoobox
2015-03-15 10:44 - 2011-06-26 07:45 - 00256000 _____ () C:\windows\PEV.exe
2015-03-15 10:44 - 2010-11-07 18:20 - 00208896 _____ () C:\windows\MBR.exe
2015-03-15 10:44 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2015-03-15 10:44 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2015-03-15 10:44 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2015-03-15 10:44 - 2000-08-31 01:00 - 00098816 _____ () C:\windows\sed.exe
2015-03-15 10:44 - 2000-08-31 01:00 - 00080412 _____ () C:\windows\grep.exe
2015-03-15 10:44 - 2000-08-31 01:00 - 00068096 _____ () C:\windows\zip.exe
2015-03-15 10:43 - 2015-03-15 11:09 - 00000000 ____D () C:\windows\erdnt
2015-03-15 10:37 - 2015-03-15 10:37 - 05615380 ____R (Swearware) C:\Users\Silke\Desktop\ComboFix.exe
2015-03-15 10:36 - 2015-03-15 10:37 - 05615380 _____ (Swearware) C:\Users\Silke\Downloads\ComboFix.exe
2015-03-14 11:15 - 2015-03-14 11:12 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Silke\Desktop\tdsskiller.exe
2015-03-14 11:12 - 2015-03-14 11:12 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Silke\Downloads\tdsskiller(1).exe
2015-03-14 11:11 - 2015-03-14 11:12 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Silke\Downloads\tdsskiller.exe
2015-03-13 13:46 - 2015-03-15 16:57 - 00114904 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-13 13:46 - 2015-03-14 09:15 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-03-13 13:42 - 2015-03-13 16:57 - 00000000 ____D () C:\Users\Silke\Desktop\mbar
2015-03-13 13:42 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-03-13 13:40 - 2015-03-13 13:41 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Silke\Desktop\mbar-1.09.1.1004.exe
2015-03-13 12:39 - 2015-03-13 12:39 - 00034119 _____ () C:\Users\Silke\Desktop\2015_02_25_Erfolgsgeschichten funktioform.odt
2015-03-13 10:54 - 2015-03-13 10:54 - 00021551 _____ () C:\Users\Silke\AppData\Local\recently-used.xbel
2015-03-12 11:49 - 2015-03-12 11:51 - 00026838 _____ () C:\Users\Silke\Downloads\Addition.txt
2015-03-12 11:47 - 2015-03-15 17:43 - 00012698 _____ () C:\Users\Silke\Downloads\FRST.txt
2015-03-12 11:47 - 2015-03-15 17:42 - 00000000 ____D () C:\FRST
2015-03-12 11:46 - 2015-03-12 11:46 - 01135104 _____ (Farbar) C:\Users\Silke\Downloads\FRST.exe
2015-03-06 13:23 - 2015-03-06 13:24 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-02-25 13:36 - 2015-02-25 15:20 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2015-02-16 13:58 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-02-16 13:58 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-02-16 13:58 - 2015-01-12 03:21 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-02-16 13:58 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-02-16 13:58 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-02-16 13:58 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-02-16 13:58 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-02-16 13:58 - 2015-01-12 02:55 - 00620032 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-02-16 13:58 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-02-16 13:58 - 2015-01-12 02:55 - 00102912 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-02-16 13:58 - 2015-01-12 02:48 - 00667648 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-02-16 13:58 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-02-16 13:58 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-02-16 13:58 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-02-16 13:58 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-02-16 13:58 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-02-16 13:58 - 2015-01-12 02:23 - 00684544 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-02-16 13:58 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-02-16 13:58 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-02-16 13:58 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-02-16 13:57 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-02-16 13:57 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-02-16 13:57 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-02-16 13:57 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-02-16 13:57 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-02-16 13:57 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-02-16 13:57 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-02-16 13:57 - 2015-01-12 02:29 - 04300800 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-02-16 13:57 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-02-16 13:57 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-02-16 13:57 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-02-16 13:57 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-02-16 13:57 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-02-16 13:57 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-02-16 13:57 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-02-16 13:57 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-02-16 13:57 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-02-16 13:56 - 2015-02-04 03:54 - 00482304 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-02-16 13:56 - 2015-02-04 03:53 - 00767488 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-02-16 13:56 - 2015-02-04 03:53 - 00621056 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-02-16 13:56 - 2015-02-04 03:53 - 00325632 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-02-16 13:56 - 2015-02-04 03:53 - 00202752 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-02-16 13:56 - 2015-02-04 03:53 - 00159744 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2015-02-16 13:56 - 2015-02-04 03:49 - 00886784 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-02-16 13:56 - 2015-01-28 00:36 - 01167520 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
2015-02-16 13:56 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\windows\system32\ntkrnlpa.exe
2015-02-16 13:56 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-02-16 13:56 - 2014-12-19 03:43 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
2015-02-16 13:55 - 2015-01-15 08:46 - 00136640 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-02-16 13:55 - 2015-01-15 08:46 - 00067520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-02-16 13:55 - 2015-01-15 08:43 - 00100352 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-02-16 13:55 - 2015-01-15 08:43 - 00015872 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-02-16 13:55 - 2015-01-15 08:42 - 01061376 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-02-16 13:55 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-02-16 13:55 - 2015-01-15 08:42 - 00022528 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-02-16 13:55 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-02-16 13:55 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-02-16 13:55 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-02-16 13:55 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-02-16 13:55 - 2015-01-15 05:21 - 00369968 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-02-16 13:55 - 2015-01-09 02:45 - 02380288 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-02-16 13:55 - 2014-12-19 02:34 - 00116224 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2015-02-16 13:55 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2015-02-16 13:55 - 2014-12-11 18:47 - 00074240 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2015-02-16 13:55 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\windows\system32\scesrv.dll
2015-02-16 13:55 - 2014-12-06 04:50 - 00242688 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll
2015-02-16 13:55 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2015-02-16 13:48 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-15 17:39 - 2011-12-29 13:22 - 01419676 _____ () C:\windows\WindowsUpdate.log
2015-03-15 17:38 - 2012-01-14 23:47 - 00001098 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-15 17:07 - 2009-07-14 05:34 - 00016160 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-15 17:07 - 2009-07-14 05:34 - 00016160 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-15 16:58 - 2014-02-27 13:23 - 00000000 ___RD () C:\Users\Silke\Dropbox
2015-03-15 16:58 - 2014-02-27 13:19 - 00000000 ____D () C:\Users\Silke\AppData\Roaming\Dropbox
2015-03-15 16:57 - 2012-01-14 23:47 - 00001094 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-15 16:56 - 2014-04-16 13:18 - 00041901 _____ () C:\windows\setupact.log
2015-03-15 16:56 - 2011-04-21 01:32 - 00612166 _____ () C:\windows\PFRO.log
2015-03-15 16:56 - 2009-07-14 05:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-03-15 16:52 - 2012-11-16 22:25 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-03-15 11:11 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2015-03-15 11:06 - 2009-07-14 03:04 - 00000215 _____ () C:\windows\system.ini
2015-03-13 14:41 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\Microsoft.NET
2015-03-13 13:47 - 2014-12-28 15:41 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-13 10:55 - 2012-08-24 12:44 - 00000000 ____D () C:\Users\Silke\.gimp-2.8
2015-03-13 07:49 - 2011-12-29 12:34 - 00000000 ____D () C:\Users\Silke\AppData\Roaming\SoftGrid Client
2015-03-11 08:00 - 2014-02-27 13:23 - 00001017 _____ () C:\Users\Silke\Desktop\Dropbox.lnk
2015-03-11 08:00 - 2014-02-27 13:21 - 00000000 ____D () C:\Users\Silke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-03-06 16:09 - 2012-07-13 21:10 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-03-02 12:55 - 2014-04-20 12:06 - 00000000 ____D () C:\Users\Silke\Documents\Eigene Scans
2015-03-02 09:46 - 2014-02-23 17:37 - 00000000 ____D () C:\Users\Silke\Desktop\funktioform
2015-03-02 08:42 - 2012-05-03 19:35 - 00000000 ____D () C:\Users\Silke\AppData\Local\FreePDF_XP
2015-03-02 07:25 - 2009-07-14 05:53 - 00032640 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2015-02-24 04:23 - 2012-01-09 19:29 - 00246920 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2015-02-18 11:05 - 2011-12-28 22:29 - 00068416 _____ () C:\Users\Silke\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-16 14:27 - 2009-07-14 05:33 - 00293128 _____ () C:\windows\system32\FNTCACHE.DAT
2015-02-16 14:25 - 2014-12-12 16:14 - 00000000 ____D () C:\windows\system32\appraiser
2015-02-16 14:25 - 2014-05-10 18:19 - 00000000 ___SD () C:\windows\system32\CompatTel
2015-02-16 14:25 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\system32\de-DE
2015-02-16 14:20 - 2013-11-27 11:40 - 00000000 ____D () C:\windows\system32\MRT

==================== Files in the root of some directories =======

2015-03-13 10:54 - 2015-03-13 10:54 - 0021551 _____ () C:\Users\Silke\AppData\Local\recently-used.xbel
2015-01-01 17:31 - 2015-01-01 17:31 - 0000000 _____ () C:\Users\Silke\AppData\Local\{AA9550E2-183F-4588-9F1A-229E6DD9636E}
2008-05-23 16:48 - 2008-05-23 16:48 - 0020270 _____ () C:\ProgramData\DeviceInstaller.xml
2008-06-23 12:02 - 2008-06-23 12:02 - 0097410 ____R () C:\ProgramData\DeviceManager.xml.rc4
2011-04-21 01:56 - 2010-03-02 23:59 - 0131984 _____ () C:\ProgramData\FullRemove.exe
2013-11-07 13:55 - 2013-11-07 14:48 - 0001637 _____ () C:\ProgramData\hpzinstall.log

Some content of TEMP:
====================
C:\Users\Silke\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmph82qf0.dll
C:\Users\Silke\AppData\Local\temp\Quarantine.exe
C:\Users\Silke\AppData\Local\temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-05 14:40

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

Addition
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by Silke at 2015-03-15 17:44:43
Running from C:\Users\Silke\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 6.1.1 - Hewlett-Packard) Hidden
Acrobat.com (HKLM\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe Digital Editions 2.0 (HKLM\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 MUI (HKLM\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
AIO_CDA_ProductContext (Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_CDA_Software (Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_Scan (Version: 130.0.365.000 - Hewlett-Packard) Hidden
AsusScreensaver (HKLM\...\{99E77016-BCF2-48C8-9119-43ECF5815F65}) (Version: 1.05 - AsusTek Computer Inc.)
ASUSUpdate for Eee PC (HKLM\...\{587178E7-B1DF-494E-9838-FA4DD36E873C}) (Version: 1.06.02 - ASUSTeK Computer Inc.)
AsusVibe2.0 (HKLM\...\Asus Vibe2.0) (Version: 2.0.9.157 - ASUSTEK)
Atheros Client Installation Program (HKLM\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.0 - Atheros)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)
Broadcom Wireless Network Adapter (HKLM\...\{4FCBCF89-1823-4D97-A6F2-0E8DD66E273A}) (Version: 1.00.0000 - AzureWave)
BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
C3100 (Version: 130.0.365.000 - Hewlett-Packard) Hidden
c3100_Help (Version: 82.0.256.000 - Hewlett-Packard) Hidden
CapsHook (HKLM\...\{4B5092B6-F231-4D18-83BC-2618B729CA45}) (Version: 1.0.0.7 - AsusTek Computer)
Cliqz (HKLM\...\{5A0C0737-6AFE-4DC6-A8B4-6DFE509ACD75}_is1) (Version: 0.5.31 - Cliqz.com)
Combined Community Codec Pack 2006-12-15 (HKLM\...\Combined Community Codec Pack_is1) (Version: 2006-12-15 02:32 - CCCP Project)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Copy (Version: 130.0.428.000 - Hewlett-Packard) Hidden
CyberLink PowerRecover (HKLM\...\InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.6.1622 - CyberLink Corp.)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.45.1.0236 - DT Soft Ltd)
Destinations (Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 130.0.465.000 - Hewlett-Packard) Hidden
DocProc (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Dropbox (HKU\S-1-5-21-711005638-1065484914-1841626983-1000\...\Dropbox) (Version: 3.2.9 - Dropbox, Inc.)
E-Cam (HKLM\...\{185AFA7A-F63E-450B-94AA-011CAC18090E}) (Version: 2.0.3.0 - AzureWave)
Eee Docking 3.8.3 (HKLM\...\Eee Docking_is1) (Version: 3.8.3 - ASUSTek Computer Inc.)
ElsterFormular (HKLM\...\ElsterFormular) (Version: 15.1.13904 - Landesfinanzdirektion Thüringen)
ETDWare PS/2-x86 7.0.5.11_WHQL (HKLM\...\Elantech) (Version: 7.0.5.11 - ELAN Microelectronics Corp.)
ExpressGateCloud (HKLM\...\InstallShield_{36B0DC39-3282-40EB-8587-B875CE46C3A7}) (Version: 2.7.29.198 - VideACE Co.)
ExpressGateCloud (Version: 2.7.29.198 - VideACE Co.) Hidden
Fax (Version: 130.0.418.000 - Hewlett-Packard) Hidden
FontResizer (HKLM\...\InstallShield_{17780F99-A9DF-450B-81B3-6781B20A17A8}) (Version: 1.01.0011 - ASUSTek)
FontResizer (Version: 1.01.0011 - ASUSTek) Hidden
FreePDF (Remove only) (HKLM\...\FreePDF_XP) (Version:  - )
Game Park Console (HKLM\...\{D44AA979-47C2-4BC0-A860-09A54224EA44}_is1) (Version: 6.2.0.3 - Oberon Media, Inc.)
GIMP 2.8.0 (HKLM\...\GIMP-2_is1) (Version: 2.8.0 - The GIMP Team)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.05) (Version: 9.05 - Artifex Software Inc.)
Hotkey Service (HKLM\...\{71C0E38E-09F2-4386-9977-404D4F6640CD}) (Version: 1.38 - AsusTek Computer Inc.)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart All-In-One Driver Software 13.0 Rel. A (HKLM\...\{17016DA1-F040-4032-BD36-34DD317BC9D5}) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
HPPhotoGadget (Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 130.0.371.000 - Hewlett-Packard) Hidden
Inkscape 0.48.4 (HKLM\...\Inkscape) (Version: 0.48.4 - )
InstantOn (HKLM\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 2.0.0 - ASUS)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.14.10.2364 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.4.1002 - Intel Corporation)
LiveUpdate (HKLM\...\{38E5A3B1-ADF1-47E0-8024-76310A30EB36}) (Version: 1.28 - AsusTek Computer Inc.)
LocaleMe (HKLM\...\{F58C1D44-4AC9-48E8-9049-7A6CDFCB415C}) (Version: 1.3 - ASUS)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 36.0.1 (x86 de) (HKLM\...\Mozilla Firefox 36.0.1 (x86 de)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 31.5.0 (x86 de) (HKLM\...\Mozilla Thunderbird 31.5.0 (x86 de)) (Version: 31.5.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network (Version: 130.0.572.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
OpenOffice 4.1.1 (HKLM\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Ralink RT2860 Wireless LAN Card (HKLM\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 1.5.1.0 - Ralink)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6186 - Realtek Semiconductor Corp.)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version:  - )
Scan (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Schatzjäger 3 (HKLM\...\{CDABABCC-3341-444A-A0A9-9F0F9890C75F}) (Version: 1.00.0000 - )
Scribus 1.4.4 (HKLM\...\Scribus 1.4.4) (Version: 1.4.4 - The Scribus Team)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
SmartWebPrinting (Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (Version: 130.0.469.000 - Hewlett-Packard) Hidden
Super Hybrid Engine (HKLM\...\{88F08F98-12BC-4613-81A2-8F9B88CFC73E}) (Version: 2.17 - AsusTek Computer)
syncables desktop SE (HKLM\...\{341697D8-9923-445E-B42A-529E5A99CB7A}) (Version: 5.5.746.11492 - syncables)
Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (Version: 130.0.422.000 - Hewlett-Packard) Hidden
UnloadSupport (Version: 11.0.0 - Hewlett-Packard) Hidden
Vodafone Mobile Connect Lite (HKLM\...\{C656142F-EFE1-44CD-BFAD-6CBC6DCB9860}) (Version: 9.3.3.10523 - Vodafone)
WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
Winamp (remove only) (HKLM\...\Winamp) (Version:  - )
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 4.01 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-711005638-1065484914-1841626983-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Silke\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-711005638-1065484914-1841626983-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Silke\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-711005638-1065484914-1841626983-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Silke\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-711005638-1065484914-1841626983-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Silke\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-711005638-1065484914-1841626983-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Silke\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-711005638-1065484914-1841626983-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Silke\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-711005638-1065484914-1841626983-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Silke\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-711005638-1065484914-1841626983-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Silke\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-711005638-1065484914-1841626983-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Silke\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-711005638-1065484914-1841626983-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Silke\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

==================== Restore Points  =========================

26-01-2015 11:53:01 OpenOffice 4.1.1 wird installiert
05-02-2015 14:49:56 Geplanter Prüfpunkt
16-02-2015 13:58:43 Windows Update
13-03-2015 11:52:40 Windows Update
13-03-2015 14:35:34 Malwarebytes Anti-Rootkit Restore Point
15-03-2015 10:44:42 ComboFix created restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2015-03-15 11:06 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {184B32BB-40CE-4B94-9C84-2E5D985B88CC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {22F6B475-83E0-4981-A51D-8EE6CB5A4688} - System32\Tasks\InsOnWMI => C:\Program Files\Common Files\InstantOn\InsOnWMI.exe [2011-04-12] (ASUS)
Task: {C364E387-8601-4548-86D3-3020D9BD082C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {D524AE32-3134-4F85-AFAF-69D9023AD0C0} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {FD54D352-398A-45F3-8557-EA148325A61D} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2012-05-03 18:39 - 2010-06-17 20:56 - 00116224 _____ () C:\windows\System32\redmonnt.dll
2011-04-21 02:19 - 2011-03-04 00:33 - 00224680 _____ () C:\windows\system32\AsusService.exe
2011-01-12 16:22 - 2011-01-12 16:22 - 00091464 _____ () C:\ExpressGateUtil\VAWinService.exe
2010-12-24 18:51 - 2010-12-24 18:51 - 00157000 _____ () C:\ExpressGateUtil\libexpat.dll
2011-01-03 17:08 - 2011-01-03 17:08 - 00061768 _____ () C:\ExpressGateUtil\netProfileDatabase.DLL
2015-03-04 23:08 - 2015-03-04 23:08 - 00750080 _____ () C:\Users\Silke\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-15 16:58 - 2015-03-15 16:58 - 00043008 _____ () c:\users\silke\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmph82qf0.dll
2015-03-04 23:08 - 2015-03-04 23:08 - 00047616 _____ () C:\Users\Silke\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 23:08 - 2015-03-04 23:08 - 00865280 _____ () C:\Users\Silke\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 23:07 - 2015-03-04 23:07 - 00200704 _____ () C:\Users\Silke\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-02-05 12:53 - 2015-02-05 12:53 - 16852144 _____ () C:\windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Silke\Desktop\MEIM-studio-braun-1497.jpg:com.dropbox.attributes

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-711005638-1065484914-1841626983-1000\Control Panel\Desktop\\Wallpaper -> %windir%\web\wallpaper\windows\img0.jpg
DNS Servers: 192.168.0.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AsusVibeLauncher.lnk => C:\windows\pss\AsusVibeLauncher.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Silke^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: ASUSPRP => C:\Program Files\ASUS\APRP\APRP.EXE
MSCONFIG\startupreg: CapsHook => AsusSender.exe C:\Program Files\ASUS\CapsHook\CapsHook.exe
MSCONFIG\startupreg: FreePDF Assistant => "C:\Program Files\FreePDF_XP\fpassist.exe"
MSCONFIG\startupreg: HotkeyMon => AsusSender.exe C:\Program Files\ASUS\HotkeyService\HotKeyMon.exe
MSCONFIG\startupreg: HotKeysCmds => C:\windows\system32\hkcmd.exe
MSCONFIG\startupreg: HotkeyService => AsusSender.exe C:\Program Files\ASUS\HotkeyService\HotkeyService.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: hpqSRMon => C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
MSCONFIG\startupreg: IgfxTray => C:\windows\system32\igfxtray.exe
MSCONFIG\startupreg: LiveUpdate => AsusSender.exe C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe auto
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: MobileConnect => %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
MSCONFIG\startupreg: Persistence => C:\windows\system32\igfxpers.exe
MSCONFIG\startupreg: SuperHybridEngine => AsusSender.exe C:\Program Files\ASUS\SHE\SuperHybridEngine.exe
MSCONFIG\startupreg: VAWinAgent => C:\ExpressGateUtil\VAWinAgent.exe
MSCONFIG\startupreg: WinampAgent => C:\Program Files\Winamp\winampa.exe

==================== Accounts: =============================

Administrator (S-1-5-21-711005638-1065484914-1841626983-500 - Administrator - Disabled)
Gast (S-1-5-21-711005638-1065484914-1841626983-501 - Limited - Disabled)
Silke (S-1-5-21-711005638-1065484914-1841626983-1000 - Administrator - Enabled) => C:\Users\Silke

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Processor: Intel(R) Atom(TM) CPU N570 @ 1.66GHz
Percentage of memory in use: 90%
Total physical RAM: 1014.12 MB
Available physical RAM: 91.87 MB
Total Pagefile: 2134.12 MB
Available Pagefile: 744.99 MB
Total Virtual: 2047.88 MB
Available Virtual: 1924.86 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:100 GB) (Free:61.23 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:117.87 GB) (Free:117.77 GB) NTFS
Drive f: () (Removable) (Total:7.46 GB) (Free:2.54 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 4661E4DB)
Partition 1: (Active) - (Size=100 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=15 GB) - (Type=1B)
Partition 3: (Not Active) - (Size=117.9 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=16 MB) - (Type=EF)

========================================================
Disk: 1 (Size: 7.5 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================
         

Alt 16.03.2015, 07:35   #15
schrauber
/// the machine
/// TB-Ausbilder
 

Link angeklickt DHL - Standard

Link angeklickt DHL




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Link angeklickt DHL
angeblich, angeklickt, download, geklickt, heute, installier, installiert, link, link angeklickt, mail, nummer, ordner, programme, programmen, sendungsverfolgung, wirklich



Ähnliche Themen: Link angeklickt DHL


  1. Phishing SMS iPhone Link angeklickt
    Alles rund um Mac OSX & Linux - 04.11.2015 (1)
  2. DHL Mail Link angeklickt
    Log-Analyse und Auswertung - 27.05.2015 (18)
  3. DHL E-mail geöffnet und link angeklickt
    Log-Analyse und Auswertung - 08.05.2015 (14)
  4. Phishing Mail DHL Link angeklickt
    Log-Analyse und Auswertung - 26.03.2015 (13)
  5. Mail DHL Link angeklickt
    Log-Analyse und Auswertung - 26.03.2015 (9)
  6. dhl link angeklickt angebliche bestellung
    Plagegeister aller Art und deren Bekämpfung - 17.03.2015 (13)
  7. Link angeklickt/ Sea Hacker plop up
    Plagegeister aller Art und deren Bekämpfung - 08.12.2014 (16)
  8. Link in verdächtiger Email angeklickt
    Plagegeister aller Art und deren Bekämpfung - 14.11.2014 (13)
  9. Steam Pishing-Link angeklickt
    Alles rund um Windows - 07.08.2014 (6)
  10. Link in E-mail angeklickt
    Log-Analyse und Auswertung - 15.04.2014 (8)
  11. Link in Pishing Mail angeklickt
    Plagegeister aller Art und deren Bekämpfung - 16.03.2014 (7)
  12. PayPal Phishingmail Link angeklickt
    Plagegeister aller Art und deren Bekämpfung - 06.03.2014 (13)
  13. Spam Mail Link angeklickt
    Log-Analyse und Auswertung - 05.03.2014 (10)
  14. Phishing Mail von WoW Link angeklickt!
    Plagegeister aller Art und deren Bekämpfung - 07.07.2013 (4)
  15. Schädlichen Link angeklickt.
    Log-Analyse und Auswertung - 26.04.2013 (25)
  16. Link in GMX-Mail angeklickt - Folgen???
    Plagegeister aller Art und deren Bekämpfung - 08.03.2013 (15)
  17. MSN-Link angeklickt und Applikation installiert!
    Plagegeister aller Art und deren Bekämpfung - 07.12.2006 (6)

Zum Thema Link angeklickt DHL - Nu isses passiert. Obwohl ich immer super-vorsichtig bin, bin ich auf eine wirklich Echt-aussehende Mail reingefallen, es ging angeblich um eine Sendungsverfolgung der DHL. Ich habe auf Sendungsverfolgung (die NUmmer) - Link angeklickt DHL...
Archiv
Du betrachtest: Link angeklickt DHL auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.