Win7 Laptop stürzt häufig bei Downloads ab

kokolorix · 06.04.2015, 09:26

Hallo Community,

mein Name ist Tobias, 30 Jahre alt und komme aus dem schönen Sauerland.
Ich hoffe, dass ihr mir bei meinem Problem helfen könnt.

Und zwar habe ich das Gefühl, dass mein PC sich immer dann aufhängt, wenn ich einen größeren Download ausführe, egal, ob es sich dabei um eine Aktualisierung von zB Adobe Programmen (beispielsweise Photoshop) handelt, iTunes Udates für das iPhone oder einfach nur Dateien, die ich über Firefox herunterlade. Aber auch ohne diese Downloads ist er hin und wieder einfach weg... :-/

Das System bleibt nach einer gewissen Zeit, es lässt sich nicht gleichmäßig reproduzieren, einfach stehen und ein Hardreset ist die Folge. Danach funktioniert alles einwandfrei.

Die Daten des Laptops sind:
intel Core i5 CPU M450 2.40 GHz
RAM 4,00 GB (3,74 GB verwendbar)
64-Bit Betriebssystem
Win7 Home-Premium SP1

Ich würde mich freuen, wenn ihr mir Tipps geben könntet um dieses Problem zu beseitigen, denn so ist der PC für mich kaum noch nutzbar, da ich Angst habe, Daten während der Nutzung zu verlieren.

Wenn ihr noch weitere Daten benötigt, sagt bitte Bescheid.

Vielen Dank!
Tobi

schrauber · 06.04.2015, 09:49

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

kokolorix · 06.04.2015, 10:18

Hallo,

ich habe alles so ausgeführt wie beschrieben, hier die Listen:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Caro & Tobi (administrator) on HOME-LAPTOP on 06-04-2015 11:14:01
Running from C:\Users\Caro und Tobi\Downloads
Loaded Profiles: Caro & Tobi (Available profiles: Caro & Tobi & tempaccount)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ElevationManager\AdobeUpdateService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8100\Bin\HPNetworkCommunicatorCom.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\EnergyCut\utilty.exe
() C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2352072 2014-05-30] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2015-02-03] (Adobe Systems Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-08-08] (AVAST Software)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2015-02-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\EnergyCut\utilty.exe [1581056 2007-04-27] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [EnergyCut] => C:\Program Files (x86)\Lenovo\EnergyCut\EnergyCut.exe [1167360 2007-03-09] (Lenovo (Beijing) Limited)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4370976 2014-12-12] (Fitbit, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2047627659-2815173095-2199539525-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2047627659-2815173095-2199539525-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-2047627659-2815173095-2199539525-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-2047627659-2815173095-2199539525-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2014-10-20] (Apple Inc.)
HKU\S-1-5-21-2047627659-2815173095-2199539525-1000\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4370976 2014-12-12] (Fitbit, Inc.)
HKU\S-1-5-21-2047627659-2815173095-2199539525-1000\...\MountPoints2: {adfc6791-e499-11e3-9aa1-806e6f6e6963} - D:\shelexec.exe .\starter.html
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [166568 2014-06-13] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [146480 2014-06-13] (NVIDIA Corporation)
Startup: C:\Users\Caro und Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Caro und Tobi\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
Startup: C:\Users\Caro und Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet Pro 8100 (Netzwerk).lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet Pro 8100 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet Pro 8100\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Caro und Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe ()
Startup: C:\Users\Caro und Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Caro und Tobi\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
Startup: C:\Users\Caro und Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet Pro 8100 (Netzwerk).lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet Pro 8100 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet Pro 8100\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Caro und Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe ()
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Caro & Tobi\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Caro & Tobi\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Caro & Tobi\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Caro & Tobi\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\SkyDriveShell.dll No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Caro & Tobi\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\SkyDriveShell.dll No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Caro & Tobi\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\SkyDriveShell.dll No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2047627659-2815173095-2199539525-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-05-26] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-02-10] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-05-26] (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-02-10] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Caro und Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\oyh459m0.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-03-01] ()
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-02-15] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-03-01] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-05-26] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-06-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-06-13] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-01] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-02-15] (Adobe Systems)
FF Extension: 20-20 3D Viewer - WEB - C:\Users\Caro und Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\oyh459m0.default\Extensions\2020Player_WEB@2020Technologies.com [2014-12-07]
FF Extension: iCloud Bookmarks - C:\Users\Caro und Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\oyh459m0.default\Extensions\firefoxdav@icloud.com [2014-11-21]
FF Extension: Garmin Communicator - C:\Users\Caro und Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\oyh459m0.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2015-03-22]
FF Extension: Exif Viewer - C:\Users\Caro und Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\oyh459m0.default\Extensions\exif_viewer@mozilla.doslash.org.xpi [2014-07-17]
FF Extension: Ghostery - C:\Users\Caro und Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\oyh459m0.default\Extensions\firefox@ghostery.com.xpi [2014-05-28]
FF Extension: MEGA - C:\Users\Caro und Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\oyh459m0.default\Extensions\firefox@mega.co.nz.xpi [2014-09-16]
FF Extension: Lightbeam - C:\Users\Caro und Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\oyh459m0.default\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2014-09-17]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-05-26]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ElevationManager\AdobeUpdateService.exe [710320 2015-02-15] (Adobe Systems Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-26] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2714800 2015-02-10] (Microsoft Corporation)
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5738528 2014-12-12] (Fitbit, Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1631008 2014-05-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21055432 2014-05-30] (NVIDIA Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-26] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-26] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-26] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-26] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-26] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-26] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-26] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-26] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-05-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-06 11:14 - 2015-04-06 11:14 - 00018032 _____ () C:\Users\Caro und Tobi\Downloads\FRST.txt
2015-04-06 11:13 - 2015-04-06 11:14 - 00000000 ____D () C:\FRST
2015-04-06 10:56 - 2015-04-06 10:56 - 02095616 _____ (Farbar) C:\Users\Caro und Tobi\Downloads\FRST64.exe
2015-04-06 09:26 - 2015-04-06 09:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-04-05 10:11 - 2015-04-05 10:11 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-05 10:11 - 2015-04-05 10:11 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-03 16:06 - 2015-04-03 16:06 - 00001215 _____ () C:\Users\Public\Desktop\ALDI NORD Bestellsoftware.lnk
2015-04-03 16:04 - 2015-04-03 16:05 - 00000000 ____D () C:\Program Files (x86)\ALDI NORD Bestellsoftware
2015-04-03 13:53 - 2015-04-03 13:53 - 00000000 ___RD () C:\Users\Caro und Tobi\Creative Cloud Files
2015-04-03 13:52 - 2015-04-03 13:52 - 00001237 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2015-04-03 13:52 - 2015-04-03 13:52 - 00001225 _____ () C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2015-03-30 07:53 - 2015-03-30 08:03 - 01054912 _____ (Adobe) C:\Users\Caro und Tobi\Downloads\install_flashplayer17x32au_mssa_aaa_aih.exe
2015-03-25 21:08 - 2015-04-03 16:06 - 00000000 ____D () C:\ProgramData\ALDI NORD Bestellsoftware
2015-03-25 21:01 - 2015-03-25 21:04 - 262661712 _____ () C:\Users\Caro und Tobi\Downloads\ALDI_NORD_Bestellsoftware_Setup.exe
2015-03-25 19:38 - 2015-03-25 20:27 - 00000000 ____D () C:\Users\Caro und Tobi\AppData\Local\fotokasten comfort
2015-03-25 19:36 - 2015-03-25 19:36 - 00001069 _____ () C:\Users\Public\Desktop\fotokasten comfort.lnk
2015-03-25 19:36 - 2015-03-25 19:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\fotokasten comfort
2015-03-25 19:35 - 2015-03-25 19:41 - 00000000 ____D () C:\Program Files (x86)\fotokasten comfort
2015-03-25 19:35 - 2015-03-25 19:35 - 00000000 ____D () C:\ProgramData\fotokasten comfort
2015-03-25 19:22 - 2015-03-25 19:31 - 180442440 _____ ( ) C:\Users\Caro und Tobi\Downloads\fotokasten_comfort_[2116]_5-3-13.exe
2015-03-25 08:33 - 2015-03-25 09:13 - 1465714349 _____ () C:\Users\Caro und Tobi\Downloads\Install_Freizeitkarte_DEU_de.zip
2015-03-24 19:24 - 2015-03-11 06:06 - 00943616 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-03-24 19:24 - 2015-03-11 06:06 - 00760832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-03-24 19:24 - 2015-03-11 06:06 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-03-24 19:24 - 2015-03-11 06:06 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-03-24 19:24 - 2015-03-11 06:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-03-24 19:24 - 2015-03-11 06:05 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-03-24 19:24 - 2015-03-11 06:05 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-03-24 19:24 - 2015-03-11 06:02 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-03-24 09:42 - 2015-03-24 10:14 - 1197697936 _____ () C:\Users\Caro und Tobi\Downloads\Deutschland_15_1.zip
2015-03-24 09:20 - 2015-03-24 09:20 - 00000000 ____D () C:\Users\Caro und Tobi\Documents\Mein Garmin
2015-03-24 09:19 - 2015-03-24 09:19 - 00000342 _____ () C:\Users\Caro und Tobi\Downloads\geocaching.loc
2015-03-24 08:51 - 2015-03-24 21:28 - 00000000 ____D () C:\Users\Caro und Tobi\Documents\Deutschlandkarte GPS
2015-03-22 12:57 - 2015-03-25 19:36 - 00000000 ____D () C:\Users\Caro und Tobi\AppData\Local\Garmin
2015-03-22 12:57 - 2015-03-24 09:20 - 00000000 ____D () C:\ProgramData\Garmin
2015-03-22 12:57 - 2015-03-22 12:57 - 00000000 ____D () C:\Users\Caro und Tobi\AppData\Local\GARMIN_Corp
2015-03-22 12:56 - 2015-03-22 12:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2015-03-22 12:56 - 2015-03-22 12:56 - 00000000 ____D () C:\Program Files (x86)\Garmin
2015-03-22 12:54 - 2015-03-22 07:42 - 305364992 _____ () C:\Users\Caro und Tobi\Documents\gmapsupp.img
2015-03-22 12:53 - 2015-03-22 12:54 - 55083472 _____ () C:\Users\Caro und Tobi\Downloads\BaseCamp_446.exe
2015-03-22 12:43 - 2015-03-24 09:20 - 00000000 ____D () C:\Users\Caro und Tobi\AppData\Roaming\Garmin
2015-03-22 12:06 - 2015-04-06 11:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-22 11:56 - 2015-03-22 12:22 - 00000000 ____D () C:\ProgramData\FitbitConnect
2015-03-22 11:56 - 2015-03-22 11:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fitbit Connect
2015-03-22 11:56 - 2015-03-22 11:56 - 00000000 ____D () C:\ProgramData\boost_interprocess
2015-03-22 11:56 - 2015-03-22 11:56 - 00000000 ____D () C:\Program Files (x86)\Fitbit Connect
2015-03-21 18:31 - 2015-03-21 18:31 - 00000000 ____D () C:\Users\Caro und Tobi\restore
2015-03-21 18:29 - 2015-03-25 19:16 - 00000000 ____D () C:\ProgramData\tmp
2015-03-21 18:29 - 2015-03-24 19:35 - 00000000 ____D () C:\ProgramData\hps
2015-03-21 18:29 - 2015-03-21 18:29 - 00001031 _____ () C:\Users\Public\Desktop\Mein CEWE FOTOBUCH.lnk
2015-03-21 18:29 - 2015-03-21 18:29 - 00001011 _____ () C:\Users\Public\Desktop\CEWE FOTOSCHAU.lnk
2015-03-21 18:29 - 2015-03-21 18:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mein CEWE FOTOBUCH
2015-03-21 18:23 - 2015-03-21 18:23 - 00000000 ____D () C:\Program Files\CEWE
2015-03-11 18:29 - 2015-02-20 06:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-11 18:29 - 2015-02-20 06:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-11 18:29 - 2015-02-20 06:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-11 18:29 - 2015-02-20 06:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-11 18:29 - 2015-02-20 06:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-11 18:29 - 2015-02-20 06:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-11 18:29 - 2015-02-20 06:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-11 18:29 - 2015-02-20 06:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-11 18:29 - 2015-02-20 05:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-11 18:29 - 2015-02-20 05:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-11 18:28 - 2015-02-03 05:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-11 18:28 - 2015-02-03 05:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-11 18:28 - 2015-02-03 05:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-11 18:28 - 2015-02-03 05:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-11 18:28 - 2015-02-03 05:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-11 18:28 - 2015-02-03 05:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-11 18:28 - 2015-02-03 05:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-11 18:28 - 2015-02-03 05:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-11 18:28 - 2015-02-03 05:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-11 18:28 - 2015-02-03 05:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-11 18:28 - 2015-02-03 05:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-11 18:28 - 2015-02-03 05:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-11 18:28 - 2015-02-03 05:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-11 18:28 - 2015-02-03 05:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-11 18:28 - 2015-02-03 05:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-11 18:28 - 2015-02-03 05:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-11 18:28 - 2015-02-03 05:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-11 18:28 - 2015-02-03 05:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-11 18:28 - 2015-02-03 05:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-11 18:28 - 2015-02-03 05:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-11 18:28 - 2015-02-03 05:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-11 18:28 - 2015-02-03 05:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-11 18:28 - 2015-02-03 05:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-11 18:28 - 2015-02-03 05:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-11 18:28 - 2015-02-03 05:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-11 18:28 - 2015-02-03 05:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-11 18:28 - 2015-02-03 05:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-11 18:28 - 2015-02-03 05:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-11 18:28 - 2015-02-03 05:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-11 18:28 - 2015-02-03 05:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-11 18:28 - 2015-02-03 05:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-11 18:28 - 2015-02-03 05:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-11 18:28 - 2015-02-03 05:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-11 18:28 - 2015-02-03 05:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-11 18:28 - 2015-02-03 05:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-11 18:28 - 2015-02-03 05:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-11 18:28 - 2015-02-03 05:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-11 18:28 - 2015-02-03 05:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-11 18:28 - 2015-02-03 05:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-11 18:28 - 2015-02-03 05:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-11 18:28 - 2015-02-03 05:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-11 18:28 - 2015-02-03 05:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-11 18:28 - 2015-02-03 05:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-11 18:28 - 2015-02-03 05:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-11 18:28 - 2015-02-03 05:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-11 18:28 - 2015-02-03 05:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-11 18:28 - 2015-02-03 05:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-11 18:28 - 2015-02-03 05:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-11 18:28 - 2015-02-03 05:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-11 18:28 - 2015-02-03 05:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-11 18:28 - 2015-02-03 05:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-11 18:28 - 2015-02-03 05:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-11 18:28 - 2015-02-03 05:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-11 18:28 - 2015-02-03 05:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-11 18:28 - 2015-02-03 05:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-11 18:28 - 2015-02-03 05:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-11 18:28 - 2015-02-03 05:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-11 18:28 - 2015-02-03 05:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-11 18:28 - 2015-02-03 05:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-11 18:28 - 2015-02-03 05:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-11 18:28 - 2015-02-03 05:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-11 18:28 - 2015-02-03 05:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-11 18:28 - 2015-02-03 05:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-11 18:28 - 2015-02-03 05:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-11 18:28 - 2015-02-03 05:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-11 18:28 - 2015-02-03 05:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-11 18:28 - 2015-02-03 05:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-11 18:28 - 2015-02-03 05:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-11 18:28 - 2015-02-03 05:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-11 18:28 - 2015-02-03 05:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-11 18:28 - 2015-02-03 05:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-11 18:28 - 2015-02-03 05:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-11 18:28 - 2015-02-03 05:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-11 18:28 - 2015-02-03 05:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-11 18:28 - 2015-02-03 05:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-11 18:28 - 2015-02-03 05:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-11 18:28 - 2015-02-03 05:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-11 18:28 - 2015-02-03 05:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-11 18:28 - 2015-02-03 05:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-11 18:28 - 2015-02-03 05:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-11 18:28 - 2015-02-03 05:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-11 18:28 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-11 18:28 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-11 18:28 - 2015-02-03 05:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-11 18:28 - 2015-02-03 05:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-11 18:28 - 2015-02-03 05:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-11 18:28 - 2015-02-03 05:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-11 18:28 - 2015-02-03 05:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-11 18:28 - 2015-02-03 04:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-11 18:28 - 2014-11-01 00:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-11 18:28 - 2014-06-28 02:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-03-11 18:28 - 2014-06-28 02:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-03-11 18:27 - 2015-02-03 05:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-11 18:27 - 2015-02-03 05:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-11 18:26 - 2015-03-06 07:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-11 18:26 - 2015-03-06 07:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-11 18:26 - 2015-03-06 07:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-11 18:26 - 2015-03-06 07:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-11 18:26 - 2015-03-06 07:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 18:26 - 2015-03-06 07:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-11 18:26 - 2015-03-06 07:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-11 18:26 - 2015-03-06 07:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-11 18:26 - 2015-03-06 07:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-11 18:26 - 2015-03-06 07:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-11 18:26 - 2015-03-06 07:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-11 18:26 - 2015-03-06 07:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-11 18:26 - 2015-03-06 07:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-11 18:26 - 2015-03-06 07:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-11 18:26 - 2015-03-06 07:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-11 18:26 - 2015-03-06 07:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-11 18:26 - 2015-03-06 07:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-11 18:26 - 2015-03-06 07:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-11 18:26 - 2015-03-06 07:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-11 18:26 - 2015-03-06 07:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-11 18:26 - 2015-03-06 07:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-11 18:26 - 2015-03-06 07:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-11 18:26 - 2015-03-06 07:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-11 18:26 - 2015-03-06 07:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-11 18:26 - 2015-03-06 07:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-11 18:26 - 2015-03-06 07:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-11 18:26 - 2015-03-06 07:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-11 18:26 - 2015-03-06 07:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-11 18:26 - 2015-03-06 07:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-11 18:26 - 2015-03-06 07:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-11 18:26 - 2015-03-06 07:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-11 18:26 - 2015-02-13 07:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-11 18:26 - 2015-02-13 07:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 18:26 - 2015-01-31 01:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-11 18:25 - 2015-02-26 05:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 18:25 - 2015-02-24 05:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-11 18:25 - 2015-02-24 04:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-11 18:25 - 2015-02-21 03:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 18:25 - 2015-02-21 02:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-11 18:25 - 2015-02-21 02:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-11 18:25 - 2015-02-21 02:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-11 18:25 - 2015-02-21 02:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-11 18:25 - 2015-02-21 01:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 18:25 - 2015-02-21 01:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-11 18:25 - 2015-02-20 05:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-11 18:25 - 2015-02-20 05:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-11 18:25 - 2015-02-20 04:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-11 18:25 - 2015-02-20 04:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 18:25 - 2015-02-20 04:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-11 18:25 - 2015-02-20 04:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 18:25 - 2015-02-20 04:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-11 18:25 - 2015-02-20 04:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-11 18:25 - 2015-02-20 04:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-11 18:25 - 2015-02-20 04:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-11 18:25 - 2015-02-20 04:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-11 18:25 - 2015-02-20 04:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-11 18:25 - 2015-02-20 04:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-11 18:25 - 2015-02-20 04:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 18:25 - 2015-02-20 04:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-11 18:25 - 2015-02-20 04:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-11 18:25 - 2015-02-20 04:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-11 18:25 - 2015-02-20 04:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-11 18:25 - 2015-02-20 04:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-11 18:25 - 2015-02-20 04:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-11 18:25 - 2015-02-20 04:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-11 18:25 - 2015-02-20 04:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-11 18:25 - 2015-02-20 04:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-11 18:25 - 2015-02-20 04:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 18:25 - 2015-02-20 04:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-11 18:25 - 2015-02-20 04:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-11 18:25 - 2015-02-20 04:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-11 18:25 - 2015-02-20 03:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-11 18:25 - 2015-02-20 03:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-11 18:25 - 2015-02-20 03:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-11 18:25 - 2015-02-20 03:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 18:25 - 2015-02-20 03:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-11 18:25 - 2015-02-20 03:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-11 18:25 - 2015-02-20 03:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 18:25 - 2015-02-20 03:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 18:25 - 2015-02-20 03:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-11 18:25 - 2015-02-20 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-11 18:25 - 2015-02-20 03:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-11 18:25 - 2015-02-20 03:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 18:25 - 2015-02-20 03:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-11 18:25 - 2015-02-20 03:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-11 18:25 - 2015-02-20 03:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-11 18:25 - 2015-02-20 03:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 18:25 - 2015-02-20 03:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-11 18:25 - 2015-02-20 03:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-11 18:25 - 2015-02-20 02:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-11 18:25 - 2015-02-20 02:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-11 18:25 - 2015-02-04 05:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 18:25 - 2015-02-04 04:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-11 18:25 - 2015-02-03 05:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 18:25 - 2015-02-03 05:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-11 18:25 - 2015-01-17 04:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 18:25 - 2015-01-17 04:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-06 11:06 - 2009-07-14 06:45 - 00023168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-06 11:06 - 2009-07-14 06:45 - 00023168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-06 11:05 - 2014-05-31 19:33 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-06 10:55 - 2014-05-26 07:53 - 01730037 _____ () C:\Windows\WindowsUpdate.log
2015-04-06 10:08 - 2014-06-17 18:59 - 00000000 ____D () C:\Users\Caro und Tobi\AppData\Local\Adobe
2015-04-06 10:07 - 2009-07-14 06:51 - 00074101 _____ () C:\Windows\setupact.log
2015-04-06 10:06 - 2014-10-25 18:55 - 00000000 ___RD () C:\Users\Caro und Tobi\iCloudDrive
2015-04-06 10:06 - 2014-05-31 19:33 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-06 10:05 - 2014-05-26 18:56 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-06 10:05 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-06 10:04 - 2014-06-01 13:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-06 08:55 - 2014-05-31 16:34 - 00000000 ____D () C:\Users\Caro und Tobi\Documents\Mein Steuer-Sparbuch Heute
2015-04-06 08:55 - 2014-05-26 08:38 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-04-05 10:07 - 2009-07-14 19:58 - 00698926 _____ () C:\Windows\system32\perfh007.dat
2015-04-05 10:07 - 2009-07-14 19:58 - 00149034 _____ () C:\Windows\system32\perfc007.dat
2015-04-05 10:07 - 2009-07-14 07:13 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-03 13:53 - 2014-05-26 07:57 - 00000000 ____D () C:\Users\Caro und Tobi
2015-04-03 13:52 - 2014-05-31 19:31 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-03 13:49 - 2014-05-26 20:56 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-03-29 13:17 - 2014-06-06 08:14 - 00000000 ____D () C:\Users\Caro und Tobi\Desktop\Zwischenspeicher Fotos
2015-03-25 17:49 - 2014-12-12 08:39 - 00000000 ____D () C:\Windows\system32\appraiser
2015-03-25 17:49 - 2014-05-26 18:23 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-03-24 10:48 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-03-22 14:20 - 2014-05-26 08:57 - 00085884 _____ () C:\Windows\PFRO.log
2015-03-22 12:56 - 2014-06-08 10:10 - 00000000 ____D () C:\Program Files\DIFX
2015-03-22 11:45 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-03-21 17:56 - 2014-05-26 18:44 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-03-21 17:37 - 2009-07-14 06:45 - 04882736 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-21 17:35 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-21 17:35 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-11 19:07 - 2014-05-26 09:38 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-11 19:04 - 2014-05-26 09:37 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2014-07-26 16:11 - 2014-08-06 08:35 - 0000655 _____ () C:\Users\Caro und Tobi\AppData\Roaming\.ptbt0
2014-07-22 08:50 - 2015-01-27 09:49 - 0001456 _____ () C:\Users\Caro und Tobi\AppData\Local\Adobe Für Web speichern 13.0 Prefs
2014-05-26 19:07 - 2014-05-26 19:07 - 0000057 _____ () C:\ProgramData\Ament.ini

Some content of TEMP:
====================
C:\Users\Caro und Tobi\AppData\Local\Temp\AAMHelper.exe
C:\Users\Caro und Tobi\AppData\Local\Temp\AdobeApplicationManager.exe
C:\Users\Caro und Tobi\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpqurybq.dll
C:\Users\Caro und Tobi\AppData\Local\Temp\nv3DVStreaming.dll
C:\Users\Caro und Tobi\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Caro und Tobi\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Caro und Tobi\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\Caro und Tobi\AppData\Local\Temp\nvStInst.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-24 10:35

==================== End Of Log ============================

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Caro & Tobi at 2015-04-06 11:14:56
Running from C:\Users\Caro und Tobi\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Bridge CC (64 Bit) (HKLM-x32\...\{359F8007-6486-429C-A8C5-D67F6897C88C}) (Version: 6.0 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.9.1.474 - Adobe Systems Incorporated)
Adobe Digital Editions 3.0 (HKLM-x32\...\Adobe Digital Editions 3.0) (Version: 3.0.1 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.2.2 - Adobe Systems Incorporated)
Adobe Photoshop CS5.1 (HKLM-x32\...\{9158FF30-78D7-40EF-B83E-451AC5334640}) (Version: 12.1 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.7 64-bit (HKLM\...\{1B77B02E-17E4-4B6D-B8A1-74B29AF3D8DD}) (Version: 5.7.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
ALDI NORD Bestellsoftware (HKLM-x32\...\ALDI NORD Bestellsoftware) (Version: 4.14.5. - ORWO_Net)
ALNO AG  Küchenplaner (HKLM-x32\...\{A89131FD-3D18-4DA8-84C8-622423011B51}_is1) (Version: 14a - ALNO AG)
Apple Application Support (32-Bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2018 - Avast Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Wireless Driver (HKLM-x32\...\{8991E763-21F5-4DEA-A938-5D9D77DCB488}) (Version: 1.0.0.0 - )
Dropbox (HKU\S-1-5-21-2047627659-2815173095-2199539525-1000\...\Dropbox) (Version: 2.10.52 - Dropbox, Inc.)
EnergyCut (HKLM-x32\...\{6E127727-CE4B-40E4-9A7D-9D65CDE0A15C}) (Version: 1.00 - Lenovo)
Fitbit Connect (HKLM-x32\...\{08002BE6-6476-4012-8D4B-CF0AE7C71F29}) (Version: 2.0.0.6518 - Fitbit Inc.)
fotokasten comfort 5.3 (HKLM-x32\...\fotokasten comfort_is1) (Version:  - )
Freizeitkarte_DEU (Ausgabe 15.03) (HKLM-x32\...\Freizeitkarte_DEU) (Version:  - )
Garmin BaseCamp (HKLM-x32\...\{31A67F6C-D79D-47B9-9F0B-13C0FCF3C3A8}) (Version: 4.4.6 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
HP Officejet Pro 8100 - Grundlegende Software für das Gerät (HKLM\...\{4D139017-971D-45CF-B94E-26C4DC93A814}) (Version: 28.0.1321.0 - Hewlett-Packard Co.)
Hugin 2013.0.0 (HKLM-x32\...\Hugin) (Version: 2013.0.0 hg_0d404a7088e6 - The Hugin Development Team)
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
Image Trends' Fisheye-Hemi Plug-In 1.2.5 (HKLM-x32\...\{D2F46689-78FD-449E-810D-8C38600F711B}) (Version: 1.2.5 - Image Trends, Inc. )
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2104 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Lightroom Plug-in Merge to 32-bit HDR 1.1.3 (HKLM\...\HDRsoftMerge32x64_is1) (Version: 1.1.3 - HDRsoft Ltd)
Mein CEWE FOTOBUCH (HKLM-x32\...\Mein CEWE FOTOBUCH) (Version: 5.1.7 - CEWE Stiftung u Co. KGaA)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Image Composite Editor (HKLM\...\{B821CDAA-34DE-46FD-87C9-E6EE7158DB5D}) (Version: 1.4.4 - Microsoft Corporation)
Microsoft Office Home and Student 2013 - de-de (HKLM\...\HomeStudentRetail - de-de) (Version: 15.0.4701.1002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2047627659-2815173095-2199539525-1000\...\OneDriveSetup.exe) (Version: 17.0.4023.1211 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 36.0.4 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0.4 (x86 de)) (Version: 36.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0 - Mozilla)
Mozilla Thunderbird 31.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.6.0 (x86 de)) (Version: 31.6.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-2047627659-2815173095-2199539525-1000\...\MyFreeCodec) (Version:  - )
Nik Collection (HKLM-x32\...\Nik Collection) (Version: 1.2.8 - Google)
NVIDIA 3D Vision Treiber 340.43 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.43 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 340.43 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.43 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
OLYMPUS Digital Camera Updater (HKLM-x32\...\{2A9E8F56-C31B-4DBB-BFE2-0F4EC8192355}) (Version: 1.0.3 - OLYMPUS IMAGING CORP.)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PTGui Trial 9.2.0 (HKLM-x32\...\PTGui) (Version:  - New House Internet Services B.V.)
PTLens (HKLM\...\{6C905887-F94F-4BC9-8C2C-238882878843}) (Version: 3.0.626 - ePaperPress)
SES Driver (HKLM\...\{D8CC254C-C671-4664-9A38-FA368D1E2C97}) (Version: 1.0.0 - Western Digital)
SHIELD Streaming (Version: 2.1.214 - NVIDIA Corporation) Hidden
SNS-HDR Home v1.4.22 (HKLM\...\SNS-HDR Home_is1) (Version:  - Sebastian Nibisz)
Sweet Home 3D version 4.5 (HKLM\...\Sweet Home 3D_is1) (Version:  - eTeks)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM  (01/19/2011 1.0.0009.0) (HKLM\...\4CA7CFBB29889F25ACB3DF6E3A42BAE29EB43B20) (Version: 01/19/2011 1.0.0009.0 - Western Digital Technologies)
Windows-Treiberpaket - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0) (HKLM\...\2C1C2F29FADF39F533CEEE67B90F07A5306A4BDB) (Version: 09/09/2009 1.0.0.0 - OLYMPUS IMAGING CORP.)
WinRAR 5.11 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
WISO Steuer-Sparbuch 2014 (HKU\S-1-5-21-2047627659-2815173095-2199539525-1000\...\{854347F2-AD4A-4117-8D29-43DB03C238B1}) (Version: 21.00.8480 - Buhl Data Service GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2047627659-2815173095-2199539525-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Caro und Tobi\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
CustomCLSID: HKU\S-1-5-21-2047627659-2815173095-2199539525-1000_Classes\CLSID\{1AC77AE9-9EC6-405A-9F9B-C06AB3C10B71}\InprocServer32 -> C:\Program Files\Microsoft Research\Image Composite Editor\ShellExtension.dll No File
CustomCLSID: HKU\S-1-5-21-2047627659-2815173095-2199539525-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Caro & Tobi\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll No Fi (the data entry has 2 more characters).
CustomCLSID: HKU\S-1-5-21-2047627659-2815173095-2199539525-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Caro & Tobi\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll No Fi (the data entry has 2 more characters).
CustomCLSID: HKU\S-1-5-21-2047627659-2815173095-2199539525-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Caro & Tobi\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll No Fi (the data entry has 2 more characters).
CustomCLSID: HKU\S-1-5-21-2047627659-2815173095-2199539525-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Caro & Tobi\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll No Fi (the data entry has 2 more characters).
CustomCLSID: HKU\S-1-5-21-2047627659-2815173095-2199539525-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Caro & Tobi\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\FileSyncApi64.dll No File
CustomCLSID: HKU\S-1-5-21-2047627659-2815173095-2199539525-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Caro und Tobi\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2047627659-2815173095-2199539525-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Caro und Tobi\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2047627659-2815173095-2199539525-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Caro und Tobi\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2047627659-2815173095-2199539525-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Caro und Tobi\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2047627659-2815173095-2199539525-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Caro und Tobi\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2047627659-2815173095-2199539525-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Caro und Tobi\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2047627659-2815173095-2199539525-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Caro und Tobi\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2047627659-2815173095-2199539525-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Caro und Tobi\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

24-03-2015 19:21:10 Windows Update
25-03-2015 09:19:27 Windows Update
29-03-2015 13:24:58 Windows Update
03-04-2015 13:48:52 Windows Update
03-04-2015 13:50:32 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
03-04-2015 13:50:50 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
03-04-2015 13:51:14 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
03-04-2015 13:51:58 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005
05-04-2015 10:11:25 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {18B1923C-8E54-41E6-9505-DC6687D7DD09} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {289F0B89-5977-492B-A487-F5F36A791347} - System32\Tasks\{69F1BC25-1ECC-47E9-A866-2EAFD414CA8C} => C:\Program Files (x86)\ALNO\KPL\KPL.exe [2013-12-13] (ALNO AG)
Task: {2FD72BEF-90E8-4B89-8D90-DB6C0BB6078A} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {468C704D-60F6-44B9-8B0E-9FB9B88FCDE8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-31] (Google Inc.)
Task: {4A1DAB7B-E902-4C93-8E32-19358B2439B1} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {556FE0A7-CA38-4C8A-810A-97D44A6D4041} - System32\Tasks\{6D6407F1-DF32-4D6F-9FF1-F372D3D32B4B} => C:\Program Files (x86)\ALNO\KPL\KPL.exe [2013-12-13] (ALNO AG)
Task: {56024726-CEC9-416D-9F6A-8B44CCF95A48} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-31] (Google Inc.)
Task: {5EA771C7-C113-4364-8366-2A8C8101959F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
Task: {615EBB60-75E9-473C-B3F0-E33B7FB1B65E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {630DB1E3-BEA4-4DCB-AD51-64D382C3E5D6} - System32\Tasks\{B1ADF0B5-B0E1-4361-8806-D10B9C5B85C4} => C:\Program Files (x86)\ALNO\KPL\KPL.exe [2013-12-13] (ALNO AG)
Task: {70220A71-1320-45FD-9210-C08513D804E3} - System32\Tasks\{DE6C9799-5729-4EAD-BB03-4DA0843AC137} => C:\Program Files (x86)\ALNO\KPL\KPL.exe [2013-12-13] (ALNO AG)
Task: {830B1B72-F897-4C72-B5EE-4A4203805A22} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {8C1B968B-E0DF-4AEA-B24F-F56F87A72868} - System32\Tasks\{0E09F5DF-9EAB-480B-9525-E8C0E4B0E4DF} => C:\Program Files (x86)\ALNO\KPL\KPL.exe [2013-12-13] (ALNO AG)
Task: {933E9DC6-BAA1-42D2-A2D3-CA376132B681} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2014-12-01] (Apple Inc.)
Task: {9ABC04CD-457D-4233-B6FB-CCF6A85CCED7} - System32\Tasks\{FD4979B6-825E-47D2-B543-300B59E71294} => C:\Program Files (x86)\ALNO\KPL\KPL.exe [2013-12-13] (ALNO AG)
Task: {ADD28D2A-D858-4C1A-A57C-BBB455CEE368} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-05-26] (AVAST Software)
Task: {B648CC36-49F2-462B-B047-34D790426B7B} - System32\Tasks\AdobeAAMUpdater-1.0-Home-Laptop-Caro & Tobi => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-02-03] (Adobe Systems Incorporated)
Task: {C50F0C21-66AA-44F5-94CF-F3019CB79C19} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {C6AD5E8E-A486-44C7-B9EE-DA3AA9A4F844} - System32\Tasks\{51AF25F8-4651-47BB-8E36-1B3039425D91} => C:\Program Files (x86)\ALNO\KPL\KPL.exe [2013-12-13] (ALNO AG)
Task: {D3C26390-FD5B-4D37-B30B-AA898CABB567} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {DDBDEA1E-276B-4457-AD30-ECF30E506969} - System32\Tasks\{F0B96043-4D20-4C30-AD3F-A54112D1808A} => pcalua.exe -a "C:\Users\Caro &amp; Tobi\Desktop\Adobe\Photoshop Lightroom 5.5\Install Lightroom 5.exe" -d "C:\Users\Caro &amp; Tobi\Desktop\Adobe\Photoshop Lightroom 5.5"
Task: {E9CB183B-3699-4080-92C8-3E00E189D87C} - System32\Tasks\{F722ED29-8AC8-4BE4-A278-1175643D74CE} => C:\Program Files\KPL\KPL.exe
Task: {EE62DD6A-229C-4C54-A753-ED63F66928FD} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2013-09-05 02:36 - 2014-06-13 04:47 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2014-05-26 18:55 - 2014-06-13 04:11 - 00118728 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-02-11 15:13 - 2015-02-11 15:13 - 00997536 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2015-02-13 05:20 - 2015-02-13 05:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 05:20 - 2015-02-13 05:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-05-26 18:44 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-05-28 08:26 - 2014-07-02 10:13 - 01427736 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe
2015-02-11 15:12 - 2015-02-11 15:12 - 05739680 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2015-04-05 19:48 - 2015-04-05 19:48 - 02923520 _____ () C:\Program Files\AVAST Software\Avast\defs\15040501\algo.dll
2014-05-28 07:49 - 2014-06-13 04:47 - 00014280 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2015-02-13 05:20 - 2015-02-13 05:20 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-11-19 23:02 - 2014-11-19 23:02 - 40622592 ____R () C:\Program Files (x86)\Fitbit Connect\libcef.dll
2014-05-26 08:37 - 2014-05-26 08:37 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-02-15 14:58 - 2015-02-15 14:58 - 36730032 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libcef.dll
2014-09-16 18:48 - 2007-04-13 20:18 - 00057344 _____ () C:\Program Files (x86)\Lenovo\EnergyCut\kbdhook.dll
2014-05-28 08:24 - 2014-07-02 10:13 - 09789208 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wgui14.dll
2014-05-28 08:24 - 2014-07-02 10:13 - 00035608 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rsdcom48.dll
2014-05-28 08:24 - 2014-07-02 10:13 - 00309016 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rscorewinapi48.dll
2014-05-28 08:24 - 2014-07-02 10:13 - 00322840 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rsguiwinapi48.dll
2014-05-28 08:24 - 2014-07-02 10:14 - 03880216 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wcore14.dll
2014-05-28 08:24 - 2014-07-02 10:13 - 00136472 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rsodbc48.dll
2014-05-28 08:24 - 2014-07-02 10:13 - 02738456 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wfvie14.dll
2014-05-28 08:24 - 2014-07-02 10:13 - 02116376 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wsteu14.dll
2014-05-28 08:24 - 2014-07-02 10:13 - 01932568 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wreli14.dll
2014-05-28 08:24 - 2014-07-02 10:13 - 04326168 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wauff14.dll
2014-05-28 08:24 - 2014-02-11 11:53 - 01043456 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\clucene-core.dll
2014-05-28 08:24 - 2014-02-11 11:53 - 00094720 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\clucene-shared.dll
2014-05-28 08:24 - 2014-02-11 11:53 - 00250368 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\clucene-contribs-lib.dll
2014-05-28 08:24 - 2014-07-02 10:13 - 01564952 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wmain14.dll
2014-05-28 08:24 - 2014-07-02 10:13 - 05291288 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae114.dll
2014-05-28 08:24 - 2014-07-02 10:13 - 01698584 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae214.dll
2014-05-28 08:24 - 2014-07-02 10:13 - 01809688 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae314.dll
2014-05-28 08:24 - 2014-07-02 10:13 - 01627928 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae414.dll
2014-05-28 08:24 - 2014-07-02 10:13 - 01117976 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\whau114.dll
2014-05-28 08:24 - 2014-07-02 10:13 - 01341208 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\whau214.dll
2014-05-28 08:24 - 2014-07-02 10:13 - 01309464 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wwerb14.dll
2014-05-28 08:24 - 2014-07-02 10:13 - 07340824 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wkont14.dll
2014-05-28 08:24 - 2014-07-02 10:13 - 01286936 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wimp14.dll
2014-05-28 08:24 - 2014-07-02 10:13 - 01331480 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wfabu14.dll
2015-02-15 14:58 - 2015-02-15 14:58 - 00746160 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libglesv2.dll
2015-02-15 14:58 - 2015-02-15 14:58 - 00136368 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libegl.dll
2015-03-01 15:42 - 2015-03-01 15:42 - 16852144 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2047627659-2815173095-2199539525-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Caro und Tobi\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS5.5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

==================== Accounts: =============================

Administrator (S-1-5-21-2047627659-2815173095-2199539525-500 - Administrator - Disabled)
Caro & Tobi (S-1-5-21-2047627659-2815173095-2199539525-1000 - Administrator - Enabled) => C:\Users\Caro und Tobi
Gast (S-1-5-21-2047627659-2815173095-2199539525-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2047627659-2815173095-2199539525-1002 - Limited - Enabled)
tempaccount (S-1-5-21-2047627659-2815173095-2199539525-1004 - Administrator - Enabled) => C:\Users\tempaccount

==================== Faulty Device Manager Devices =============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: FingerPrinter Reader
Description: FingerPrinter Reader
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/06/2015 10:07:07 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]

Error: (04/06/2015 10:07:07 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]

Error: (04/06/2015 10:07:07 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD endpoint registration failed [0]

Error: (04/05/2015 07:48:55 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]

Error: (04/05/2015 07:48:55 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]

Error: (04/05/2015 07:48:55 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD endpoint registration failed [0]

Error: (03/25/2015 08:28:26 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 33086174

Error: (03/25/2015 08:28:26 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 33086174

Error: (03/25/2015 08:28:26 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/25/2015 08:28:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 33085098


System errors:
=============
Error: (04/06/2015 10:08:11 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (04/06/2015 10:08:11 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht.

Error: (04/06/2015 10:08:11 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (04/06/2015 10:05:40 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎06.‎04.‎2015 um 10:01:00 unerwartet heruntergefahren.

Error: (03/25/2015 08:54:20 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎25.‎03.‎2015 um 19:52:16 unerwartet heruntergefahren.

Error: (03/25/2015 07:55:09 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows-Fehlerberichterstattungsdienst erreicht.

Error: (03/25/2015 07:53:43 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows-Fehlerberichterstattungsdienst erreicht.

Error: (03/25/2015 07:51:52 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows-Fehlerberichterstattungsdienst erreicht.

Error: (03/25/2015 07:48:55 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows-Fehlerberichterstattungsdienst erreicht.

Error: (03/25/2015 07:18:40 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.


Microsoft Office Sessions:
=========================
Error: (04/06/2015 10:07:07 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]

Error: (04/06/2015 10:07:07 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]

Error: (04/06/2015 10:07:07 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD endpoint registration failed [0]

Error: (04/05/2015 07:48:55 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]

Error: (04/05/2015 07:48:55 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]

Error: (04/05/2015 07:48:55 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD endpoint registration failed [0]

Error: (03/25/2015 08:28:26 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 33086174

Error: (03/25/2015 08:28:26 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 33086174

Error: (03/25/2015 08:28:26 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/25/2015 08:28:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 33085098


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5 CPU M 450 @ 2.40GHz
Percentage of memory in use: 46%
Total physical RAM: 3828.43 MB
Available physical RAM: 2056.11 MB
Total Pagefile: 7655.05 MB
Available Pagefile: 5271.6 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:297.99 GB) (Free:185.69 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Disc) (CDROM) (Total:6.76 GB) (Free:0 GB) UDF
Drive e: (Volume) (Fixed) (Total:465.73 GB) (Free:27.72 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 000EE20F)
Partition 1: (Active) - (Size=298 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 465.7 GB) (Disk ID: 003CED1D)
Partition 1: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Viele Grüße,
Tobi

schrauber · 06.04.2015, 14:45

hi,

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

kokolorix · 06.04.2015, 15:42

hi,

hier die Einträge:

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2015.04.06.05
  rootkit: v2015.03.31.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17691
Caro & Tobi :: HOME-LAPTOP [administrator]

06.04.2015 15:59:02
mbar-log-2015-04-06 (15-59-02).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 574323
Time elapsed: 37 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

2.

Code:

ATTFilter

16:38:25.0324 0x0b84  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
16:38:31.0378 0x0b84  ============================================================
16:38:31.0378 0x0b84  Current date / time: 2015/04/06 16:38:31.0378
16:38:31.0378 0x0b84  SystemInfo:
16:38:31.0378 0x0b84  
16:38:31.0378 0x0b84  OS Version: 6.1.7601 ServicePack: 1.0
16:38:31.0378 0x0b84  Product type: Workstation
16:38:31.0379 0x0b84  ComputerName: HOME-LAPTOP
16:38:31.0379 0x0b84  UserName: Caro & Tobi
16:38:31.0379 0x0b84  Windows directory: C:\Windows
16:38:31.0379 0x0b84  System windows directory: C:\Windows
16:38:31.0379 0x0b84  Running under WOW64
16:38:31.0379 0x0b84  Processor architecture: Intel x64
16:38:31.0379 0x0b84  Number of processors: 4
16:38:31.0379 0x0b84  Page size: 0x1000
16:38:31.0379 0x0b84  Boot type: Normal boot
16:38:31.0379 0x0b84  ============================================================
16:38:32.0993 0x0b84  KLMD registered as C:\Windows\system32\drivers\07417448.sys
16:38:33.0288 0x0b84  System UUID: {3000ADD7-EB1B-A94E-87BB-23992D9BF542}
16:38:33.0851 0x0b84  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:38:33.0855 0x0b84  Drive \Device\Harddisk1\DR1 - Size: 0x746EC00000 ( 465.73 Gb ), SectorSize: 0x200, Cylinders: 0xED7D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:38:37.0507 0x0b84  ============================================================
16:38:37.0507 0x0b84  \Device\Harddisk0\DR0:
16:38:37.0507 0x0b84  MBR partitions:
16:38:37.0507 0x0b84  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x253FB800
16:38:37.0507 0x0b84  \Device\Harddisk1\DR1:
16:38:37.0508 0x0b84  MBR partitions:
16:38:37.0508 0x0b84  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A374800
16:38:37.0508 0x0b84  ============================================================
16:38:37.0573 0x0b84  C: <-> \Device\Harddisk0\DR0\Partition1
16:38:37.0607 0x0b84  E: <-> \Device\Harddisk1\DR1\Partition1
16:38:37.0619 0x0b84  ============================================================
16:38:37.0619 0x0b84  Initialize success
16:38:37.0619 0x0b84  ============================================================
16:39:29.0357 0x1888  ============================================================
16:39:29.0357 0x1888  Scan started
16:39:29.0357 0x1888  Mode: Manual; SigCheck; TDLFS; 
16:39:29.0357 0x1888  ============================================================
16:39:29.0357 0x1888  KSN ping started
16:39:32.0282 0x1888  KSN ping finished: true
16:39:33.0343 0x1888  ================ Scan system memory ========================
16:39:33.0343 0x1888  System memory - ok
16:39:33.0344 0x1888  ================ Scan services =============================
16:39:33.0485 0x1888  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
16:39:33.0636 0x1888  1394ohci - ok
16:39:33.0673 0x1888  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
16:39:33.0716 0x1888  ACPI - ok
16:39:33.0732 0x1888  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
16:39:33.0808 0x1888  AcpiPmi - ok
16:39:33.0964 0x1888  [ FC5B75CA6A1DA31EDD4F8D53F5540B98, CDC445F2790ADFC4C5568C40D4DA8BB95CD71991665B38AEC3D84571C99C3520 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:39:33.0989 0x1888  AdobeARMservice - ok
16:39:34.0127 0x1888  [ E280D3CE9196ED599ED3D6ACA651053B, 9D552A3C67D64A49BDD93BDF534949E9844F839B2F74A15F09A1586B7694C06C ] AdobeUpdateService C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ElevationManager\AdobeUpdateService.exe
16:39:34.0169 0x1888  AdobeUpdateService - ok
16:39:34.0231 0x1888  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
16:39:34.0277 0x1888  adp94xx - ok
16:39:34.0313 0x1888  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
16:39:34.0337 0x1888  adpahci - ok
16:39:34.0352 0x1888  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
16:39:34.0371 0x1888  adpu320 - ok
16:39:34.0402 0x1888  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
16:39:34.0528 0x1888  AeLookupSvc - ok
16:39:34.0591 0x1888  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
16:39:34.0664 0x1888  AFD - ok
16:39:34.0686 0x1888  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
16:39:34.0704 0x1888  agp440 - ok
16:39:34.0751 0x1888  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
16:39:34.0813 0x1888  ALG - ok
16:39:34.0841 0x1888  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
16:39:34.0857 0x1888  aliide - ok
16:39:34.0873 0x1888  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
16:39:34.0889 0x1888  amdide - ok
16:39:34.0911 0x1888  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
16:39:34.0960 0x1888  AmdK8 - ok
16:39:34.0966 0x1888  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
16:39:34.0994 0x1888  AmdPPM - ok
16:39:35.0022 0x1888  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
16:39:35.0043 0x1888  amdsata - ok
16:39:35.0064 0x1888  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
16:39:35.0083 0x1888  amdsbs - ok
16:39:35.0094 0x1888  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
16:39:35.0107 0x1888  amdxata - ok
16:39:35.0149 0x1888  [ 90C53BD47979FB8814F465A08B885102, 5EDFC1909FC1FF9133A534DFCC5408CF3A777AC41FB21FAD375436E3D86C02EC ] AppID           C:\Windows\system32\drivers\appid.sys
16:39:35.0182 0x1888  AppID - ok
16:39:35.0194 0x1888  [ 72D4757510FDA69D729169C00AFC211E, FB9686D0D94EE7C19A3994C29E8331A6EC3020B2980B2CC75F72F3AB25512C15 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
16:39:35.0228 0x1888  AppIDSvc - ok
16:39:35.0256 0x1888  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
16:39:35.0331 0x1888  Appinfo - ok
16:39:35.0446 0x1888  [ 612CB66D93ED0F2F21BB109840C7D813, 75484123DA27B8942B13148FCF061C75A08A50386A095143736B593E9C772173 ] Apple Mobile Device Service C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:39:35.0470 0x1888  Apple Mobile Device Service - ok
16:39:35.0496 0x1888  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\DRIVERS\arc.sys
16:39:35.0511 0x1888  arc - ok
16:39:35.0538 0x1888  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
16:39:35.0554 0x1888  arcsas - ok
16:39:35.0661 0x1888  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
16:39:35.0692 0x1888  aspnet_state - ok
16:39:35.0719 0x1888  [ 340B0467E98A8C92697D73034DB4BCB7, 342572B566747A05DA5391CFC027A6703AECCE29C3D288428884D8641A35D0F5 ] aswHwid         C:\Windows\system32\drivers\aswHwid.sys
16:39:35.0751 0x1888  aswHwid - ok
16:39:35.0765 0x1888  [ ED5B09937D559FFA53FC988D20031E98, EC9E50C9BC2184AE93944EA3115A25BADF5FFB91D11776498EBC9A0D60029A84 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
16:39:35.0782 0x1888  aswMonFlt - ok
16:39:35.0806 0x1888  [ 33C77DCB0AEC76E26BD6352A1A5281BB, CEA7BB3407C1F900DE5CB09F42AF7734811F86B7DE0085FADC7AAE8178D59665 ] aswRdr          C:\Windows\system32\drivers\aswRdr2.sys
16:39:35.0824 0x1888  aswRdr - ok
16:39:35.0839 0x1888  [ BF5B9E9E97CED45208E498D9FA73688F, BCB2CC516EAD040573D80599C2306ECB26FCCB16A97B940327CD3A3CE9077877 ] aswRvrt         C:\Windows\system32\drivers\aswRvrt.sys
16:39:35.0855 0x1888  aswRvrt - ok
16:39:35.0913 0x1888  [ F88CE00A7736C349ED1414D7ECDC9BED, 8C0783CE32968874065C2F46088B34F9C872F26C98AB8E8BA895D84CCB25E534 ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
16:39:35.0977 0x1888  aswSnx - ok
16:39:36.0014 0x1888  [ 3AE912B08E2A1ABB2B63F3C56BED95C2, BE99BA3A74427444FEE5D47D70BDBA631DBBF50D80B0483C0675F87119926765 ] aswSP           C:\Windows\system32\drivers\aswSP.sys
16:39:36.0048 0x1888  aswSP - ok
16:39:36.0055 0x1888  [ A7115ED31675BB823CFA9FE571C25676, DEEBB3920934DCDDD488DCFCB1E6F4C7EFDD3C79F31E41D59E292C3CF9400E95 ] aswStm          C:\Windows\system32\drivers\aswStm.sys
16:39:36.0069 0x1888  aswStm - ok
16:39:36.0101 0x1888  [ 47CBD3F64E412FFAFD93404580A3C7B9, F9B02E232416BAFC21BCBCDC0A3D9E5E855BFAF11F29ED2C4C469692E6688278 ] aswVmm          C:\Windows\system32\drivers\aswVmm.sys
16:39:36.0120 0x1888  aswVmm - ok
16:39:36.0132 0x1888  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
16:39:36.0179 0x1888  AsyncMac - ok
16:39:36.0200 0x1888  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
16:39:36.0211 0x1888  atapi - ok
16:39:36.0270 0x1888  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:39:36.0320 0x1888  AudioEndpointBuilder - ok
16:39:36.0352 0x1888  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv        C:\Windows\System32\Audiosrv.dll
16:39:36.0385 0x1888  AudioSrv - ok
16:39:36.0429 0x1888  [ 37D17AE2936867F88EB3C4CBCBC6B8A1, E1F4D288CE1E5482A5594C8F9EEDE1E8134466F5E0C7DA32D88985497CD8588B ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
16:39:36.0441 0x1888  avast! Antivirus - ok
16:39:36.0487 0x1888  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
16:39:36.0621 0x1888  AxInstSV - ok
16:39:36.0676 0x1888  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
16:39:36.0748 0x1888  b06bdrv - ok
16:39:36.0779 0x1888  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
16:39:36.0825 0x1888  b57nd60a - ok
16:39:36.0964 0x1888  [ 5B5C36B2EC500462A715DB6BCBAF5DA7, E90EB94C89CDA0D7D6569316BFB4015CC42961076BF837ED0C931E7CBAA2BFE5 ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl664.sys
16:39:37.0090 0x1888  BCM43XX - ok
16:39:37.0121 0x1888  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
16:39:37.0160 0x1888  BDESVC - ok
16:39:37.0175 0x1888  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
16:39:37.0238 0x1888  Beep - ok
16:39:37.0294 0x1888  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
16:39:37.0376 0x1888  BFE - ok
16:39:37.0427 0x1888  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
16:39:37.0651 0x1888  BITS - ok
16:39:37.0674 0x1888  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
16:39:37.0702 0x1888  blbdrive - ok
16:39:37.0789 0x1888  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:39:37.0823 0x1888  Bonjour Service - ok
16:39:37.0844 0x1888  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
16:39:37.0889 0x1888  bowser - ok
16:39:37.0915 0x1888  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:39:38.0003 0x1888  BrFiltLo - ok
16:39:38.0008 0x1888  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:39:38.0064 0x1888  BrFiltUp - ok
16:39:38.0095 0x1888  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
16:39:38.0139 0x1888  Browser - ok
16:39:38.0159 0x1888  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
16:39:38.0207 0x1888  Brserid - ok
16:39:38.0213 0x1888  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
16:39:38.0247 0x1888  BrSerWdm - ok
16:39:38.0252 0x1888  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
16:39:38.0282 0x1888  BrUsbMdm - ok
16:39:38.0286 0x1888  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
16:39:38.0303 0x1888  BrUsbSer - ok
16:39:38.0309 0x1888  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
16:39:38.0329 0x1888  BTHMODEM - ok
16:39:38.0373 0x1888  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
16:39:38.0430 0x1888  bthserv - ok
16:39:38.0436 0x1888  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
16:39:38.0487 0x1888  cdfs - ok
16:39:38.0521 0x1888  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\drivers\cdrom.sys
16:39:38.0542 0x1888  cdrom - ok
16:39:38.0611 0x1888  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
16:39:38.0669 0x1888  CertPropSvc - ok
16:39:38.0702 0x1888  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
16:39:38.0721 0x1888  circlass - ok
16:39:38.0742 0x1888  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
16:39:38.0774 0x1888  CLFS - ok
16:39:38.0914 0x1888  [ 880A6DAC6E03871B37A782155D189A53, 93659BB67236F5EBC317FD73879EB79EFB195728A2C0BC997881D3622C6CF981 ] ClickToRunSvc   C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
16:39:38.0998 0x1888  ClickToRunSvc - ok
16:39:39.0058 0x1888  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:39:39.0076 0x1888  clr_optimization_v2.0.50727_32 - ok
16:39:39.0120 0x1888  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:39:39.0146 0x1888  clr_optimization_v2.0.50727_64 - ok
16:39:39.0206 0x1888  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:39:39.0225 0x1888  clr_optimization_v4.0.30319_32 - ok
16:39:39.0241 0x1888  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:39:39.0261 0x1888  clr_optimization_v4.0.30319_64 - ok
16:39:39.0284 0x1888  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
16:39:39.0313 0x1888  CmBatt - ok
16:39:39.0323 0x1888  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
16:39:39.0335 0x1888  cmdide - ok
16:39:39.0383 0x1888  [ 27667A788130A7F7A5858DE27572E6D7, 5501D80BCCB7A811ECCED3828DFD0A5D948BBED8504E9BCC4A3BFB840DD41CBC ] CNG             C:\Windows\system32\Drivers\cng.sys
16:39:39.0434 0x1888  CNG - ok
16:39:39.0445 0x1888  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
16:39:39.0458 0x1888  Compbatt - ok
16:39:39.0485 0x1888  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
16:39:39.0519 0x1888  CompositeBus - ok
16:39:39.0533 0x1888  COMSysApp - ok
16:39:39.0551 0x1888  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
16:39:39.0565 0x1888  crcdisk - ok
16:39:39.0604 0x1888  [ 1CD76A83B9E8E9A5A3519B39E28354D9, F9931743B99820FFBFB13136DFFD92F86802D543F9D8478648CDC554FB38899D ] CryptSvc        C:\Windows\system32\cryptsvc.dll
16:39:39.0656 0x1888  CryptSvc - ok
16:39:39.0695 0x1888  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
16:39:39.0767 0x1888  DcomLaunch - ok
16:39:39.0796 0x1888  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
16:39:39.0856 0x1888  defragsvc - ok
16:39:39.0882 0x1888  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
16:39:39.0935 0x1888  DfsC - ok
16:39:39.0961 0x1888  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
16:39:40.0016 0x1888  Dhcp - ok
16:39:40.0043 0x1888  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
16:39:40.0093 0x1888  discache - ok
16:39:40.0115 0x1888  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
16:39:40.0129 0x1888  Disk - ok
16:39:40.0160 0x1888  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
16:39:40.0208 0x1888  Dnscache - ok
16:39:40.0236 0x1888  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
16:39:40.0287 0x1888  dot3svc - ok
16:39:40.0310 0x1888  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
16:39:40.0354 0x1888  DPS - ok
16:39:40.0390 0x1888  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
16:39:40.0430 0x1888  drmkaud - ok
16:39:40.0483 0x1888  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
16:39:40.0551 0x1888  DXGKrnl - ok
16:39:40.0574 0x1888  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
16:39:40.0617 0x1888  EapHost - ok
16:39:40.0748 0x1888  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
16:39:40.0969 0x1888  ebdrv - ok
16:39:41.0009 0x1888  [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] EFS             C:\Windows\System32\lsass.exe
16:39:41.0051 0x1888  EFS - ok
16:39:41.0129 0x1888  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
16:39:41.0198 0x1888  ehRecvr - ok
16:39:41.0233 0x1888  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
16:39:41.0274 0x1888  ehSched - ok
16:39:41.0320 0x1888  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
16:39:41.0361 0x1888  elxstor - ok
16:39:41.0385 0x1888  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
16:39:41.0401 0x1888  ErrDev - ok
16:39:41.0439 0x1888  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
16:39:41.0513 0x1888  EventSystem - ok
16:39:41.0528 0x1888  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
16:39:41.0590 0x1888  exfat - ok
16:39:41.0612 0x1888  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
16:39:41.0671 0x1888  fastfat - ok
16:39:41.0730 0x1888  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
16:39:41.0805 0x1888  Fax - ok
16:39:41.0819 0x1888  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
16:39:41.0837 0x1888  fdc - ok
16:39:41.0860 0x1888  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
16:39:41.0912 0x1888  fdPHost - ok
16:39:41.0923 0x1888  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
16:39:41.0966 0x1888  FDResPub - ok
16:39:41.0980 0x1888  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
16:39:41.0995 0x1888  FileInfo - ok
16:39:42.0007 0x1888  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
16:39:42.0065 0x1888  Filetrace - ok
16:39:42.0296 0x1888  [ 65A89589DD9FE02F6F71F8F3CCA51E7A, 65D2FE2553BA7B8B249AA9F389EE4ACBB547C2586C7DA99AEE140A2AA6021820 ] Fitbit Connect  C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
16:39:42.0457 0x1888  Fitbit Connect - ok
16:39:42.0481 0x1888  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
16:39:42.0505 0x1888  flpydisk - ok
16:39:42.0535 0x1888  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
16:39:42.0558 0x1888  FltMgr - ok
16:39:42.0622 0x1888  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
16:39:42.0711 0x1888  FontCache - ok
16:39:42.0754 0x1888  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:39:42.0769 0x1888  FontCache3.0.0.0 - ok
16:39:42.0787 0x1888  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
16:39:42.0804 0x1888  FsDepends - ok
16:39:42.0825 0x1888  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
16:39:42.0840 0x1888  Fs_Rec - ok
16:39:42.0862 0x1888  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
16:39:42.0884 0x1888  fvevol - ok
16:39:42.0904 0x1888  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
16:39:42.0919 0x1888  gagp30kx - ok
16:39:42.0966 0x1888  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:39:42.0979 0x1888  GEARAspiWDM - ok
16:39:43.0026 0x1888  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
16:39:43.0115 0x1888  gpsvc - ok
16:39:43.0165 0x1888  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:39:43.0181 0x1888  gupdate - ok
16:39:43.0192 0x1888  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:39:43.0203 0x1888  gupdatem - ok
16:39:43.0214 0x1888  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
16:39:43.0265 0x1888  hcw85cir - ok
16:39:43.0310 0x1888  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:39:43.0357 0x1888  HdAudAddService - ok
16:39:43.0382 0x1888  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
16:39:43.0415 0x1888  HDAudBus - ok
16:39:43.0438 0x1888  [ B6AC71AAA2B10848F57FC49D55A651AF, 4FAD833654E86F9FAF972AC8AF87FD4A9A765B26B96F096BBD63506B5D521A91 ] HECIx64         C:\Windows\system32\DRIVERS\HECIx64.sys
16:39:43.0452 0x1888  HECIx64 - ok
16:39:43.0465 0x1888  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
16:39:43.0480 0x1888  HidBatt - ok
16:39:43.0494 0x1888  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
16:39:43.0522 0x1888  HidBth - ok
16:39:43.0527 0x1888  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
16:39:43.0551 0x1888  HidIr - ok
16:39:43.0578 0x1888  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
16:39:43.0635 0x1888  hidserv - ok
16:39:43.0662 0x1888  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
16:39:43.0682 0x1888  HidUsb - ok
16:39:43.0707 0x1888  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
16:39:43.0766 0x1888  hkmsvc - ok
16:39:43.0797 0x1888  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:39:43.0851 0x1888  HomeGroupListener - ok
16:39:43.0881 0x1888  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:39:43.0908 0x1888  HomeGroupProvider - ok
16:39:43.0936 0x1888  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
16:39:43.0955 0x1888  HpSAMD - ok
16:39:43.0994 0x1888  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
16:39:44.0106 0x1888  HTTP - ok
16:39:44.0148 0x1888  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
16:39:44.0179 0x1888  hwpolicy - ok
16:39:44.0204 0x1888  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
16:39:44.0227 0x1888  i8042prt - ok
16:39:44.0282 0x1888  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
16:39:44.0318 0x1888  iaStorV - ok
16:39:44.0383 0x1888  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:39:44.0434 0x1888  idsvc - ok
16:39:44.0458 0x1888  IEEtwCollectorService - ok
16:39:44.0792 0x1888  [ 09CE164AFA8483E41808784D7FCA154E, 43557E44C8339469BD34B54D2080AF041356F0201A7ECA3A6EEEA9C9C7D78F87 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
16:39:45.0225 0x1888  igfx - ok
16:39:45.0266 0x1888  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
16:39:45.0283 0x1888  iirsp - ok
16:39:45.0328 0x1888  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
16:39:45.0393 0x1888  IKEEXT - ok
16:39:45.0424 0x1888  [ DD587A55390ED2295BCE6D36AD567DA9, AEB7DCB8EF89BEE8D9649A05FC482B1E4E3F44243D57A2577C862EB69166C48E ] Impcd           C:\Windows\system32\DRIVERS\Impcd.sys
16:39:45.0458 0x1888  Impcd - ok
16:39:45.0514 0x1888  [ 58CF58DEE26C909BD6F977B61D246295, 0CE27B81C091961A22B75478449D654F9C1A68E43DF80C699DB8DD3D1B288461 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
16:39:45.0569 0x1888  IntcDAud - ok
16:39:45.0594 0x1888  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
16:39:45.0607 0x1888  intelide - ok
16:39:45.0632 0x1888  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
16:39:45.0661 0x1888  intelppm - ok
16:39:45.0695 0x1888  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
16:39:45.0748 0x1888  IPBusEnum - ok
16:39:45.0772 0x1888  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:39:45.0818 0x1888  IpFilterDriver - ok
16:39:45.0856 0x1888  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
16:39:45.0908 0x1888  iphlpsvc - ok
16:39:45.0936 0x1888  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
16:39:45.0972 0x1888  IPMIDRV - ok
16:39:45.0985 0x1888  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
16:39:46.0040 0x1888  IPNAT - ok
16:39:46.0127 0x1888  [ A4857E8B1DEB9740FB5ADEDF05ED69E0, 24FC7A188D32B08CE4F10EEEF17F37C45DB5433158A7A97A07D43F6BEE58DFFC ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
16:39:46.0156 0x1888  iPod Service - ok
16:39:46.0180 0x1888  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
16:39:46.0275 0x1888  IRENUM - ok
16:39:46.0291 0x1888  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
16:39:46.0305 0x1888  isapnp - ok
16:39:46.0337 0x1888  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
16:39:46.0361 0x1888  iScsiPrt - ok
16:39:46.0386 0x1888  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
16:39:46.0401 0x1888  kbdclass - ok
16:39:46.0438 0x1888  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
16:39:46.0465 0x1888  kbdhid - ok
16:39:46.0480 0x1888  [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] KeyIso          C:\Windows\system32\lsass.exe
16:39:46.0501 0x1888  KeyIso - ok
16:39:46.0542 0x1888  [ 56ED3EE5FED6BF2FC1305CF872042868, 44F77AE3CD83284800FF106156ABCB63047327855E2535EE278289AF6F05579C ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
16:39:46.0563 0x1888  KSecDD - ok
16:39:46.0597 0x1888  [ 8BA90F480705D7153AD0060CCA62222A, B3E610DFAB382368114D026947084A72AFC4F5BF9C28317F411D4ED91E0B3192 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
16:39:46.0617 0x1888  KSecPkg - ok
16:39:46.0671 0x1888  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
16:39:46.0729 0x1888  ksthunk - ok
16:39:46.0851 0x1888  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
16:39:46.0935 0x1888  KtmRm - ok
16:39:46.0990 0x1888  [ 033B4AED2C5519072C0D81E00804D003, 6C450A604C382416C482FED43098B4E95BD61B480B0CEFD728A269446AF18708 ] L1C             C:\Windows\system32\DRIVERS\L1C62x64.sys
16:39:47.0012 0x1888  L1C - ok
16:39:47.0086 0x1888  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
16:39:47.0159 0x1888  LanmanServer - ok
16:39:47.0193 0x1888  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:39:47.0245 0x1888  LanmanWorkstation - ok
16:39:47.0300 0x1888  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
16:39:47.0355 0x1888  lltdio - ok
16:39:47.0393 0x1888  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
16:39:47.0453 0x1888  lltdsvc - ok
16:39:47.0466 0x1888  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
16:39:47.0511 0x1888  lmhosts - ok
16:39:47.0545 0x1888  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
16:39:47.0565 0x1888  LSI_FC - ok
16:39:47.0578 0x1888  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
16:39:47.0593 0x1888  LSI_SAS - ok
16:39:47.0604 0x1888  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:39:47.0619 0x1888  LSI_SAS2 - ok
16:39:47.0640 0x1888  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:39:47.0658 0x1888  LSI_SCSI - ok
16:39:47.0685 0x1888  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
16:39:47.0742 0x1888  luafv - ok
16:39:47.0780 0x1888  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
16:39:47.0803 0x1888  Mcx2Svc - ok
16:39:47.0828 0x1888  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
16:39:47.0842 0x1888  megasas - ok
16:39:47.0882 0x1888  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
16:39:47.0905 0x1888  MegaSR - ok
16:39:47.0927 0x1888  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
16:39:47.0987 0x1888  MMCSS - ok
16:39:47.0998 0x1888  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
16:39:48.0046 0x1888  Modem - ok
16:39:48.0065 0x1888  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
16:39:48.0094 0x1888  monitor - ok
16:39:48.0120 0x1888  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
16:39:48.0135 0x1888  mouclass - ok
16:39:48.0153 0x1888  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
16:39:48.0179 0x1888  mouhid - ok
16:39:48.0216 0x1888  [ 87BCD1034CBF33537D4D4C251D39BA26, CB9DD235B62B79383F99873D75E26EEA5EE7914CA89E4B75992207F83420437F ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
16:39:48.0233 0x1888  mountmgr - ok
16:39:48.0294 0x1888  [ 269BDB3CB77EB77BABE2862BEAB1F208, EC693365C73D59244CB77E181042128A9901BA5C1109CD4F1B9A2008DF1F9582 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:39:48.0316 0x1888  MozillaMaintenance - ok
16:39:48.0336 0x1888  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
16:39:48.0353 0x1888  mpio - ok
16:39:48.0385 0x1888  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
16:39:48.0438 0x1888  mpsdrv - ok
16:39:48.0503 0x1888  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
16:39:48.0606 0x1888  MpsSvc - ok
16:39:48.0638 0x1888  [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
16:39:48.0683 0x1888  MRxDAV - ok
16:39:48.0707 0x1888  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
16:39:48.0755 0x1888  mrxsmb - ok
16:39:48.0780 0x1888  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:39:48.0806 0x1888  mrxsmb10 - ok
16:39:48.0832 0x1888  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:39:48.0855 0x1888  mrxsmb20 - ok
16:39:48.0873 0x1888  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
16:39:48.0886 0x1888  msahci - ok
16:39:48.0904 0x1888  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
16:39:48.0923 0x1888  msdsm - ok
16:39:48.0945 0x1888  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
16:39:48.0980 0x1888  MSDTC - ok
16:39:49.0000 0x1888  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
16:39:49.0054 0x1888  Msfs - ok
16:39:49.0082 0x1888  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
16:39:49.0138 0x1888  mshidkmdf - ok
16:39:49.0169 0x1888  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
16:39:49.0184 0x1888  msisadrv - ok
16:39:49.0212 0x1888  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
16:39:49.0263 0x1888  MSiSCSI - ok
16:39:49.0274 0x1888  msiserver - ok
16:39:49.0294 0x1888  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
16:39:49.0339 0x1888  MSKSSRV - ok
16:39:49.0353 0x1888  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
16:39:49.0406 0x1888  MSPCLOCK - ok
16:39:49.0416 0x1888  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
16:39:49.0477 0x1888  MSPQM - ok
16:39:49.0545 0x1888  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
16:39:49.0585 0x1888  MsRPC - ok
16:39:49.0598 0x1888  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
16:39:49.0611 0x1888  mssmbios - ok
16:39:49.0622 0x1888  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
16:39:49.0668 0x1888  MSTEE - ok
16:39:49.0676 0x1888  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
16:39:49.0692 0x1888  MTConfig - ok
16:39:49.0702 0x1888  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
16:39:49.0719 0x1888  Mup - ok
16:39:49.0749 0x1888  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
16:39:49.0840 0x1888  napagent - ok
16:39:49.0885 0x1888  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
16:39:49.0932 0x1888  NativeWifiP - ok
16:39:49.0993 0x1888  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
16:39:50.0044 0x1888  NDIS - ok
16:39:50.0062 0x1888  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
16:39:50.0118 0x1888  NdisCap - ok
16:39:50.0144 0x1888  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
16:39:50.0197 0x1888  NdisTapi - ok
16:39:50.0218 0x1888  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
16:39:50.0273 0x1888  Ndisuio - ok
16:39:50.0311 0x1888  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
16:39:50.0371 0x1888  NdisWan - ok
16:39:50.0392 0x1888  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
16:39:50.0443 0x1888  NDProxy - ok
16:39:50.0462 0x1888  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
16:39:50.0521 0x1888  NetBIOS - ok
16:39:50.0544 0x1888  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
16:39:50.0599 0x1888  NetBT - ok
16:39:50.0630 0x1888  [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] Netlogon        C:\Windows\system32\lsass.exe
16:39:50.0666 0x1888  Netlogon - ok
16:39:50.0712 0x1888  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
16:39:50.0793 0x1888  Netman - ok
16:39:50.0835 0x1888  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:39:50.0873 0x1888  NetMsmqActivator - ok
16:39:50.0893 0x1888  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:39:50.0914 0x1888  NetPipeActivator - ok
16:39:50.0957 0x1888  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
16:39:51.0028 0x1888  netprofm - ok
16:39:51.0035 0x1888  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:39:51.0051 0x1888  NetTcpActivator - ok
16:39:51.0058 0x1888  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:39:51.0078 0x1888  NetTcpPortSharing - ok
16:39:51.0103 0x1888  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
16:39:51.0120 0x1888  nfrd960 - ok
16:39:51.0162 0x1888  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
16:39:51.0208 0x1888  NlaSvc - ok
16:39:51.0218 0x1888  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
16:39:51.0260 0x1888  Npfs - ok
16:39:51.0277 0x1888  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
16:39:51.0333 0x1888  nsi - ok
16:39:51.0352 0x1888  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
16:39:51.0404 0x1888  nsiproxy - ok
16:39:51.0586 0x1888  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
16:39:51.0688 0x1888  Ntfs - ok
16:39:51.0703 0x1888  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
16:39:51.0745 0x1888  Null - ok
16:39:52.0842 0x1888  [ E6FCC772353DB9D18DEA0171A667626B, D2351F115F259456871E47C15D13BD8E5ED2FA7FA5E6CA7BA0CD4768D9339082 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:39:53.0365 0x1888  nvlddmkm - ok
16:39:53.0523 0x1888  [ 048C6FACA905A7DF0A86D3CC31D7E6AE, 7222B301DBBDFF15B038E13FEA076759D8AC392F5145ECD60A640BDA6CFABE8C ] NvNetworkService C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
16:39:53.0582 0x1888  NvNetworkService - ok
16:39:53.0610 0x1888  [ CA09A21E2F0776C48C21BB045DAAEA94, AACC61048A2210ECABF4665B2B21C8232E26EC898EE65C49DA0481B0B266D740 ] nvpciflt        C:\Windows\system32\DRIVERS\nvpciflt.sys
16:39:53.0626 0x1888  nvpciflt - ok
16:39:53.0646 0x1888  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
16:39:53.0666 0x1888  nvraid - ok
16:39:53.0691 0x1888  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
16:39:53.0710 0x1888  nvstor - ok
16:39:53.0763 0x1888  [ 3ABCD8F8853FEB12B961E9A48FC12133, 58255D53E810EE0D89FA2F1DC9D6208BF44F3C0FDE74A9264FB740024F1EDD44 ] NvStreamKms     C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
16:39:53.0780 0x1888  NvStreamKms - ok
16:39:53.0788 0x1888  NvStreamSvc - ok
16:39:53.0839 0x1888  [ 5C929C787A45E00BE7F4A99221D66787, 24BFBB0E1E39C6816C66AEFF3509062A829AAE105B4C493C9F78F664FA6FD402 ] nvsvc           C:\Windows\system32\nvvsvc.exe
16:39:53.0888 0x1888  nvsvc - ok
16:39:53.0918 0x1888  [ 75034A4D7C02327D150B617571D4196A, 8E7DAFEC4307E883D52BD0B5F0732E26E019C953770B52ACBBAD3074A66393CB ] nvvad_WaveExtensible C:\Windows\system32\drivers\nvvad64v.sys
16:39:53.0936 0x1888  nvvad_WaveExtensible - ok
16:39:53.0960 0x1888  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
16:39:53.0976 0x1888  nv_agp - ok
16:39:53.0990 0x1888  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
16:39:54.0013 0x1888  ohci1394 - ok
16:39:54.0056 0x1888  [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B, 0340E77E8EC2ADC21B8DDD9C9CC95B3F4BCAFD54618A333C72D7D9587D593B83 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:39:54.0078 0x1888  ose - ok
16:39:54.0276 0x1888  [ FE9C0029E1AF26350D9985D00520E5C8, 967079CCF7B2CBD4B48C9F076675C26AF93A1CEC26C96811F279414E34004EE6 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:39:54.0509 0x1888  osppsvc - ok
16:39:54.0571 0x1888  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
16:39:54.0618 0x1888  p2pimsvc - ok
16:39:54.0642 0x1888  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
16:39:54.0700 0x1888  p2psvc - ok
16:39:54.0727 0x1888  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
16:39:54.0745 0x1888  Parport - ok
16:39:54.0765 0x1888  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
16:39:54.0782 0x1888  partmgr - ok
16:39:54.0829 0x1888  [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc          C:\Windows\System32\pcasvc.dll
16:39:54.0873 0x1888  PcaSvc - ok
16:39:54.0889 0x1888  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
16:39:54.0911 0x1888  pci - ok
16:39:54.0936 0x1888  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
16:39:54.0951 0x1888  pciide - ok
16:39:54.0988 0x1888  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
16:39:55.0020 0x1888  pcmcia - ok
16:39:55.0035 0x1888  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
16:39:55.0050 0x1888  pcw - ok
16:39:55.0079 0x1888  [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
16:39:55.0134 0x1888  PEAUTH - ok
16:39:55.0201 0x1888  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
16:39:55.0232 0x1888  PerfHost - ok
16:39:55.0309 0x1888  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
16:39:55.0416 0x1888  pla - ok
16:39:55.0472 0x1888  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
16:39:55.0541 0x1888  PlugPlay - ok
16:39:55.0563 0x1888  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
16:39:55.0599 0x1888  PNRPAutoReg - ok
16:39:55.0625 0x1888  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
16:39:55.0648 0x1888  PNRPsvc - ok
16:39:55.0689 0x1888  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
16:39:55.0769 0x1888  PolicyAgent - ok
16:39:55.0801 0x1888  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
16:39:55.0853 0x1888  Power - ok
16:39:55.0870 0x1888  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
16:39:55.0930 0x1888  PptpMiniport - ok
16:39:55.0952 0x1888  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
16:39:55.0974 0x1888  Processor - ok
16:39:56.0006 0x1888  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\Windows\system32\profsvc.dll
16:39:56.0054 0x1888  ProfSvc - ok
16:39:56.0067 0x1888  [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:39:56.0084 0x1888  ProtectedStorage - ok
16:39:56.0107 0x1888  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
16:39:56.0153 0x1888  Psched - ok
16:39:56.0219 0x1888  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
16:39:56.0300 0x1888  ql2300 - ok
16:39:56.0322 0x1888  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
16:39:56.0337 0x1888  ql40xx - ok
16:39:56.0367 0x1888  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
16:39:56.0399 0x1888  QWAVE - ok
16:39:56.0413 0x1888  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
16:39:56.0437 0x1888  QWAVEdrv - ok
16:39:56.0447 0x1888  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
16:39:56.0497 0x1888  RasAcd - ok
16:39:56.0533 0x1888  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
16:39:56.0591 0x1888  RasAgileVpn - ok
16:39:56.0611 0x1888  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
16:39:56.0663 0x1888  RasAuto - ok
16:39:56.0689 0x1888  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
16:39:56.0742 0x1888  Rasl2tp - ok
16:39:56.0767 0x1888  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
16:39:56.0828 0x1888  RasMan - ok
16:39:56.0845 0x1888  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
16:39:56.0893 0x1888  RasPppoe - ok
16:39:56.0900 0x1888  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
16:39:56.0957 0x1888  RasSstp - ok
16:39:56.0983 0x1888  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
16:39:57.0035 0x1888  rdbss - ok
16:39:57.0049 0x1888  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
16:39:57.0077 0x1888  rdpbus - ok
16:39:57.0088 0x1888  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
16:39:57.0137 0x1888  RDPCDD - ok
16:39:57.0167 0x1888  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
16:39:57.0207 0x1888  RDPENCDD - ok
16:39:57.0220 0x1888  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
16:39:57.0270 0x1888  RDPREFMP - ok
16:39:57.0306 0x1888  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
16:39:57.0352 0x1888  RDPWD - ok
16:39:57.0384 0x1888  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
16:39:57.0408 0x1888  rdyboost - ok
16:39:57.0451 0x1888  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
16:39:57.0514 0x1888  RemoteAccess - ok
16:39:57.0546 0x1888  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
16:39:57.0605 0x1888  RemoteRegistry - ok
16:39:57.0624 0x1888  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
16:39:57.0675 0x1888  RpcEptMapper - ok
16:39:57.0694 0x1888  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
16:39:57.0717 0x1888  RpcLocator - ok
16:39:57.0748 0x1888  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
16:39:57.0799 0x1888  RpcSs - ok
16:39:57.0833 0x1888  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
16:39:57.0880 0x1888  rspndr - ok
16:39:57.0891 0x1888  [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] SamSs           C:\Windows\system32\lsass.exe
16:39:57.0916 0x1888  SamSs - ok
16:39:57.0938 0x1888  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
16:39:57.0956 0x1888  sbp2port - ok
16:39:57.0984 0x1888  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
16:39:58.0054 0x1888  SCardSvr - ok
16:39:58.0079 0x1888  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
16:39:58.0139 0x1888  scfilter - ok
16:39:58.0194 0x1888  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
16:39:58.0301 0x1888  Schedule - ok
16:39:58.0331 0x1888  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
16:39:58.0375 0x1888  SCPolicySvc - ok
16:39:58.0417 0x1888  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
16:39:58.0457 0x1888  SDRSVC - ok
16:39:58.0491 0x1888  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
16:39:58.0552 0x1888  secdrv - ok
16:39:58.0569 0x1888  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
16:39:58.0617 0x1888  seclogon - ok
16:39:58.0687 0x1888  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
16:39:58.0735 0x1888  SENS - ok
16:39:58.0740 0x1888  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
16:39:58.0793 0x1888  SensrSvc - ok
16:39:58.0807 0x1888  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
16:39:58.0826 0x1888  Serenum - ok
16:39:58.0844 0x1888  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
16:39:58.0868 0x1888  Serial - ok
16:39:58.0894 0x1888  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
16:39:58.0916 0x1888  sermouse - ok
16:39:58.0969 0x1888  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
16:39:59.0021 0x1888  SessionEnv - ok
16:39:59.0088 0x1888  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
16:39:59.0126 0x1888  sffdisk - ok
16:39:59.0142 0x1888  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
16:39:59.0177 0x1888  sffp_mmc - ok
16:39:59.0189 0x1888  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
16:39:59.0231 0x1888  sffp_sd - ok
16:39:59.0239 0x1888  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
16:39:59.0269 0x1888  sfloppy - ok
16:39:59.0303 0x1888  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
16:39:59.0367 0x1888  SharedAccess - ok
16:39:59.0470 0x1888  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:39:59.0536 0x1888  ShellHWDetection - ok
16:39:59.0560 0x1888  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:39:59.0575 0x1888  SiSRaid2 - ok
16:39:59.0588 0x1888  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
16:39:59.0608 0x1888  SiSRaid4 - ok
16:39:59.0634 0x1888  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
16:39:59.0697 0x1888  Smb - ok
16:39:59.0745 0x1888  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
16:39:59.0777 0x1888  SNMPTRAP - ok
16:39:59.0789 0x1888  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
16:39:59.0803 0x1888  spldr - ok
16:39:59.0841 0x1888  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
16:39:59.0910 0x1888  Spooler - ok
16:40:00.0228 0x1888  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
16:40:00.0397 0x1888  sppsvc - ok
16:40:00.0438 0x1888  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
16:40:00.0486 0x1888  sppuinotify - ok
16:40:00.0521 0x1888  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
16:40:00.0623 0x1888  srv - ok
16:40:00.0648 0x1888  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
16:40:00.0687 0x1888  srv2 - ok
16:40:00.0721 0x1888  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
16:40:00.0740 0x1888  srvnet - ok
16:40:00.0768 0x1888  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
16:40:00.0834 0x1888  SSDPSRV - ok
16:40:00.0870 0x1888  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
16:40:00.0921 0x1888  SstpSvc - ok
16:40:01.0017 0x1888  [ 66FC38D44260D8156AFD050C3B089F63, B4FD510D984A911183033E4EA8D0BC227967B2DAF46F30CC9812466D419735A3 ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
16:40:01.0046 0x1888  Stereo Service - ok
16:40:01.0066 0x1888  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
16:40:01.0084 0x1888  stexstor - ok
16:40:01.0128 0x1888  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
16:40:01.0197 0x1888  stisvc - ok
16:40:01.0216 0x1888  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
16:40:01.0231 0x1888  swenum - ok
16:40:01.0324 0x1888  [ F577910A133A592234EBAAD3F3AFA258, 36F514740EE2D2B2F7ABFFFA13D575233EC4CE774EB58BF889C09930FEF1F443 ] SwitchBoard     C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
16:40:01.0382 0x1888  SwitchBoard - detected UnsignedFile.Multi.Generic ( 1 )
16:40:03.0805 0x1888  Detect skipped due to KSN trusted
16:40:03.0806 0x1888  SwitchBoard - ok
16:40:03.0850 0x1888  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
16:40:03.0927 0x1888  swprv - ok
16:40:04.0017 0x1888  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
16:40:04.0132 0x1888  SysMain - ok
16:40:04.0155 0x1888  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:40:04.0185 0x1888  TabletInputService - ok
16:40:04.0218 0x1888  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
16:40:04.0286 0x1888  TapiSrv - ok
16:40:04.0303 0x1888  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
16:40:04.0368 0x1888  TBS - ok
16:40:04.0458 0x1888  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
16:40:04.0551 0x1888  Tcpip - ok
16:40:04.0629 0x1888  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
16:40:04.0721 0x1888  TCPIP6 - ok
16:40:04.0750 0x1888  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
16:40:04.0773 0x1888  tcpipreg - ok
16:40:04.0790 0x1888  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
16:40:04.0813 0x1888  TDPIPE - ok
16:40:04.0840 0x1888  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
16:40:04.0872 0x1888  TDTCP - ok
16:40:04.0908 0x1888  [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
16:40:04.0952 0x1888  tdx - ok
16:40:04.0974 0x1888  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
16:40:04.0989 0x1888  TermDD - ok
16:40:05.0046 0x1888  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
16:40:05.0113 0x1888  TermService - ok
16:40:05.0133 0x1888  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
16:40:05.0161 0x1888  Themes - ok
16:40:05.0180 0x1888  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
16:40:05.0223 0x1888  THREADORDER - ok
16:40:05.0240 0x1888  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
16:40:05.0287 0x1888  TrkWks - ok
16:40:05.0358 0x1888  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:40:05.0416 0x1888  TrustedInstaller - ok
16:40:05.0461 0x1888  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
16:40:05.0483 0x1888  tssecsrv - ok
16:40:05.0522 0x1888  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
16:40:05.0561 0x1888  TsUsbFlt - ok
16:40:05.0595 0x1888  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
16:40:05.0649 0x1888  tunnel - ok
16:40:05.0673 0x1888  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
16:40:05.0689 0x1888  uagp35 - ok
16:40:05.0715 0x1888  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
16:40:05.0768 0x1888  udfs - ok
16:40:05.0793 0x1888  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
16:40:05.0812 0x1888  UI0Detect - ok
16:40:05.0843 0x1888  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
16:40:05.0859 0x1888  uliagpkx - ok
16:40:05.0882 0x1888  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
16:40:05.0906 0x1888  umbus - ok
16:40:05.0929 0x1888  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
16:40:05.0959 0x1888  UmPass - ok
16:40:05.0984 0x1888  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
16:40:06.0056 0x1888  upnphost - ok
16:40:06.0103 0x1888  [ 5C3BE22E485B9BF11FCEFDC676C728D0, F55061066ECF6920D56518A677BB538C18B7F1BB150ED6DB3591408F44E8D53A ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
16:40:06.0128 0x1888  USBAAPL64 - ok
16:40:06.0148 0x1888  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
16:40:06.0193 0x1888  usbccgp - ok
16:40:06.0271 0x1888  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
16:40:06.0312 0x1888  usbcir - ok
16:40:06.0335 0x1888  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
16:40:06.0353 0x1888  usbehci - ok
16:40:06.0383 0x1888  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
16:40:06.0418 0x1888  usbhub - ok
16:40:06.0439 0x1888  [ 58E546BBAF87664FC57E0F6081E4F609, 1DD99D57369A0069654432AB5325AFD8F7D422D531E053EA05FF664BA6BDAEF9 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
16:40:06.0462 0x1888  usbohci - ok
16:40:06.0480 0x1888  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
16:40:06.0508 0x1888  usbprint - ok
16:40:06.0536 0x1888  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:40:06.0569 0x1888  USBSTOR - ok
16:40:06.0582 0x1888  [ 81FB2216D3A60D1284455D511797DB3D, 121E52B18A1832E775EA0AE2E053BAA53E5A70E9754724B1449AE5992D63B13E ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
16:40:06.0602 0x1888  usbuhci - ok
16:40:06.0632 0x1888  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
16:40:06.0672 0x1888  usbvideo - ok
16:40:06.0695 0x1888  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
16:40:06.0744 0x1888  UxSms - ok
16:40:06.0753 0x1888  [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] VaultSvc        C:\Windows\system32\lsass.exe
16:40:06.0772 0x1888  VaultSvc - ok
16:40:06.0786 0x1888  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
16:40:06.0802 0x1888  vdrvroot - ok
16:40:06.0842 0x1888  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
16:40:06.0941 0x1888  vds - ok
16:40:06.0956 0x1888  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
16:40:06.0975 0x1888  vga - ok
16:40:06.0989 0x1888  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
16:40:07.0040 0x1888  VgaSave - ok
16:40:07.0069 0x1888  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
16:40:07.0092 0x1888  vhdmp - ok
16:40:07.0116 0x1888  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
16:40:07.0130 0x1888  viaide - ok
16:40:07.0157 0x1888  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
16:40:07.0172 0x1888  volmgr - ok
16:40:07.0230 0x1888  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
16:40:07.0262 0x1888  volmgrx - ok
16:40:07.0286 0x1888  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
16:40:07.0313 0x1888  volsnap - ok
16:40:07.0344 0x1888  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
16:40:07.0366 0x1888  vsmraid - ok
16:40:07.0444 0x1888  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
16:40:07.0557 0x1888  VSS - ok
16:40:07.0577 0x1888  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
16:40:07.0600 0x1888  vwifibus - ok
16:40:07.0620 0x1888  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
16:40:07.0644 0x1888  vwififlt - ok
16:40:07.0701 0x1888  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
16:40:07.0794 0x1888  W32Time - ok
16:40:07.0808 0x1888  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
16:40:07.0835 0x1888  WacomPen - ok
16:40:07.0874 0x1888  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
16:40:07.0926 0x1888  WANARP - ok
16:40:07.0930 0x1888  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
16:40:07.0974 0x1888  Wanarpv6 - ok
16:40:08.0079 0x1888  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
16:40:08.0167 0x1888  wbengine - ok
16:40:08.0198 0x1888  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
16:40:08.0239 0x1888  WbioSrvc - ok
16:40:08.0287 0x1888  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
16:40:08.0330 0x1888  wcncsvc - ok
16:40:08.0346 0x1888  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:40:08.0384 0x1888  WcsPlugInService - ok
16:40:08.0406 0x1888  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
16:40:08.0426 0x1888  Wd - ok
16:40:08.0472 0x1888  [ A3D04EBF5227886029B4532F20D026F7, D90F7B9C176008675DA0B5FD7E4973CBC2A04172CEDF8FB7D3B3B4F27B5440D7 ] WDC_SAM         C:\Windows\system32\DRIVERS\wdcsam64.sys
16:40:08.0508 0x1888  WDC_SAM - ok
16:40:08.0558 0x1888  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
16:40:08.0598 0x1888  Wdf01000 - ok
16:40:08.0647 0x1888  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost  C:\Windows\system32\wdi.dll
16:40:08.0676 0x1888  WdiServiceHost - ok
16:40:08.0685 0x1888  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost   C:\Windows\system32\wdi.dll
16:40:08.0703 0x1888  WdiSystemHost - ok
16:40:08.0750 0x1888  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
16:40:08.0805 0x1888  WebClient - ok
16:40:08.0828 0x1888  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
16:40:08.0890 0x1888  Wecsvc - ok
16:40:08.0906 0x1888  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
16:40:08.0964 0x1888  wercplsupport - ok
16:40:08.0983 0x1888  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
16:40:09.0042 0x1888  WerSvc - ok
16:40:09.0071 0x1888  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
16:40:09.0124 0x1888  WfpLwf - ok
16:40:09.0138 0x1888  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
16:40:09.0153 0x1888  WIMMount - ok
16:40:09.0178 0x1888  WinDefend - ok
16:40:09.0193 0x1888  WinHttpAutoProxySvc - ok
16:40:09.0247 0x1888  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
16:40:09.0298 0x1888  Winmgmt - ok
16:40:09.0702 0x1888  [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM           C:\Windows\system32\WsmSvc.dll
16:40:09.0830 0x1888  WinRM - ok
16:40:09.0891 0x1888  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
16:40:09.0926 0x1888  WinUsb - ok
16:40:09.0970 0x1888  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
16:40:10.0030 0x1888  Wlansvc - ok
16:40:10.0047 0x1888  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
16:40:10.0072 0x1888  WmiAcpi - ok
16:40:10.0106 0x1888  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
16:40:10.0132 0x1888  wmiApSrv - ok
16:40:10.0162 0x1888  WMPNetworkSvc - ok
16:40:10.0172 0x1888  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
16:40:10.0210 0x1888  WPCSvc - ok
16:40:10.0239 0x1888  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
16:40:10.0289 0x1888  WPDBusEnum - ok
16:40:10.0309 0x1888  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
16:40:10.0350 0x1888  ws2ifsl - ok
16:40:10.0373 0x1888  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
16:40:10.0409 0x1888  wscsvc - ok
16:40:10.0414 0x1888  WSearch - ok
16:40:10.0698 0x1888  [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv        C:\Windows\system32\wuaueng.dll
16:40:10.0826 0x1888  wuauserv - ok
16:40:10.0883 0x1888  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
16:40:10.0961 0x1888  WudfPf - ok
16:40:10.0985 0x1888  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
16:40:11.0025 0x1888  WUDFRd - ok
16:40:11.0050 0x1888  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
16:40:11.0077 0x1888  wudfsvc - ok
16:40:11.0102 0x1888  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
16:40:11.0154 0x1888  WwanSvc - ok
16:40:11.0165 0x1888  ================ Scan global ===============================
16:40:11.0201 0x1888  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
16:40:11.0238 0x1888  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
16:40:11.0274 0x1888  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
16:40:11.0297 0x1888  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
16:40:11.0330 0x1888  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
16:40:11.0351 0x1888  [ Global ] - ok
16:40:11.0354 0x1888  ================ Scan MBR ==================================
16:40:11.0361 0x1888  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:40:11.0775 0x1888  \Device\Harddisk0\DR0 - ok
16:40:11.0783 0x1888  [ 180DBDE3AF7EA48B3DB3AC27B1DDF401 ] \Device\Harddisk1\DR1
16:40:12.0208 0x1888  \Device\Harddisk1\DR1 - ok
16:40:12.0210 0x1888  ================ Scan VBR ==================================
16:40:12.0213 0x1888  [ FB940839CE65D1974FCCBBE696E8C62D ] \Device\Harddisk0\DR0\Partition1
16:40:12.0214 0x1888  \Device\Harddisk0\DR0\Partition1 - ok
16:40:12.0225 0x1888  [ 9392212A322CA05CF75948EC872C5403 ] \Device\Harddisk1\DR1\Partition1
16:40:12.0228 0x1888  \Device\Harddisk1\DR1\Partition1 - ok
16:40:12.0228 0x1888  ================ Scan generic autorun ======================
16:40:12.0290 0x1888  [ 0E717C8116F2BECAED84BB328B725603, F4F81439A7B7C46564CA14EA5DF62D1F71F5401D385F415BA919F5F2EDB71337 ] C:\Windows\system32\igfxtray.exe
16:40:12.0306 0x1888  IgfxTray - ok
16:40:12.0331 0x1888  [ 4121B5B47A805A07F9A6955C0BE454D9, 112F460796813793B52F90939F4D79F623F008A1C5AF36972B260E8A29FAAE73 ] C:\Windows\system32\hkcmd.exe
16:40:12.0349 0x1888  HotKeysCmds - ok
16:40:12.0371 0x1888  [ CA90D9B50D0D754293C76E5F1288DE40, 1AED0E873A2A8485F6E16A8D6415B69CE7CB3916A43E92B3900F65644242ABEB ] C:\Windows\system32\igfxpers.exe
16:40:12.0394 0x1888  Persistence - ok
16:40:12.0493 0x1888  [ 436A83E5555A8449B9BFBE1AAB314654, DE956310B2EF80B43399E63E309E659018879942EBBA5063B9A366C2314E8158 ] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
16:40:12.0568 0x1888  NvBackend - ok
16:40:12.0600 0x1888  [ DD81D91FF3B0763C392422865C9AC12E, F5691B8F200E3196E6808E932630E862F8F26F31CD949981373F23C9D87DB8B9 ] C:\Windows\system32\rundll32.exe
16:40:12.0632 0x1888  ShadowPlay - ok
16:40:12.0787 0x1888  [ 647A1E2E56F99405D12867F6F8924B3D, 88EAF333EDC47D4A3F02D63688BDDB13F3A5ACD850719A2E8E16C3BAAD6B6191 ] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
16:40:12.0851 0x1888  AdobeAAMUpdater-1.0 - ok
16:40:12.0864 0x1888  [ DD81D91FF3B0763C392422865C9AC12E, F5691B8F200E3196E6808E932630E862F8F26F31CD949981373F23C9D87DB8B9 ] C:\Windows\system32\rundll32.exe
16:40:12.0880 0x1888  Logitech Download Assistant - ok
16:40:12.0980 0x1888  [ D0B542256A968DFCB8896C140FCE6047, 3F92A9871B521BCCCDFE6D9BFF88930B26C5DB86F6F6578554A3F2ECC5C5EBA0 ] C:\Program Files\iTunes\iTunesHelper.exe
16:40:12.0993 0x1888  iTunesHelper - ok
16:40:13.0393 0x1888  [ 21B8FAAFA5CCD89663AAD5833ABF4B35, DE46AD49AE1ED34697EE387BB77E73BCD7DA60E6063E02660021A9C2EA3C0801 ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
16:40:13.0499 0x1888  AvastUI.exe - ok
16:40:13.0814 0x1888  [ E96C2C53E1C1C1688D8841EE94320B8C, 8C18E2B4F71FFA5DE9BC5017E4991B57B23AE36F0C45B6847C0C26331B21A0AE ] C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
16:40:13.0898 0x1888  Adobe Creative Cloud - ok
16:40:13.0996 0x1888  [ A071CF6027E14E6C49A8CA8ED5F012CD, 88823680670150F013A2282C4984D1B556F71845657EE3126A84780B362D7BE7 ] C:\Program Files (x86)\Lenovo\EnergyCut\utilty.exe
16:40:14.0074 0x1888  EnergyUtility - detected UnsignedFile.Multi.Generic ( 1 )
16:40:16.0813 0x1888  Detect skipped due to KSN trusted
16:40:16.0813 0x1888  EnergyUtility - ok
16:40:16.0951 0x1888  [ 46FC9D60D1356CCE1C57F7F235CE9D05, 555D3943795BC778283772F17DEEE709AE8046518BD8437D7BCC2511CCEC5263 ] C:\Program Files (x86)\Lenovo\EnergyCut\EnergyCut.exe
16:40:17.0011 0x1888  EnergyCut - detected UnsignedFile.Multi.Generic ( 1 )
16:40:19.0433 0x1888  Detect skipped due to KSN trusted
16:40:19.0433 0x1888  EnergyCut - ok
16:40:20.0050 0x1888  [ 3B95D79E0342130CCC2704E0DC4CF306, A7D5D9485931FA2F1F9554E11453DF8EDEC54D445644C2184C1F34B5AE9CA01D ] C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
16:40:20.0170 0x1888  Fitbit Connect - ok
16:40:20.0250 0x1888  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
16:40:20.0334 0x1888  Sidebar - ok
16:40:20.0360 0x1888  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
16:40:20.0385 0x1888  mctadmin - ok
16:40:20.0432 0x1888  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
16:40:20.0477 0x1888  Sidebar - ok
16:40:20.0484 0x1888  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
16:40:20.0510 0x1888  mctadmin - ok
16:40:20.0617 0x1888  [ EC58C1A9A3281CE0C8FCC05BDBFECB37, 3738BBC112346B32F686F1CB4B4AAD89B06AA1F8FB2D333BC2D2F554212A0A59 ] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
16:40:20.0632 0x1888  iCloudServices - ok
16:40:20.0664 0x1888  [ 105C276BB7B43501225C419B062096D0, F5D35230FC5E116FB04147F216313D2E2542D96E975B19F5FD9F7641CF11271F ] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
16:40:20.0677 0x1888  ApplePhotoStreams - ok
16:40:20.0687 0x1888  [ 334725C0DB429BF71F43CCEFEA1376A4, D7838C556DECC87EE5E125D643FD9ADCCE91C2DDEEBFA064312C5C821BE80CF0 ] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
16:40:20.0697 0x1888  iCloudDrive - ok
16:40:20.0904 0x1888  [ 3B95D79E0342130CCC2704E0DC4CF306, A7D5D9485931FA2F1F9554E11453DF8EDEC54D445644C2184C1F34B5AE9CA01D ] C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
16:40:21.0023 0x1888  Fitbit Connect - ok
16:40:21.0032 0x1888  Waiting for KSN requests completion. In queue: 103
16:40:22.0032 0x1888  Waiting for KSN requests completion. In queue: 103
16:40:23.0032 0x1888  Waiting for KSN requests completion. In queue: 103
16:40:24.0032 0x1888  Waiting for KSN requests completion. In queue: 103
16:40:25.0118 0x1888  AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 9.0.2018.391 ), 0x42000 ( disabled : updated )
16:40:25.0146 0x1888  Win FW state via NFP2: enabled
16:40:27.0626 0x1888  ============================================================
16:40:27.0626 0x1888  Scan finished
16:40:27.0626 0x1888  ============================================================
16:40:27.0641 0x18a0  Detected object count: 0
16:40:27.0641 0x18a0  Actual detected object count: 0

Viele Grüße,
Tobi

schrauber · 07.04.2015, 11:08

hi,

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

kokolorix · 07.04.2015, 18:46

Hallo, hier der Logfile.

Code:

ATTFilter

ComboFix 15-04-01.01 - Caro & Tobi 07.04.2015  19:23:05.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3828.1907 [GMT 2:00]
ausgeführt von:: c:\users\Caro und Tobi\Downloads\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Caro und Tobi\AppData\Local\Adobe\gccheck.exe
c:\users\Caro und Tobi\AppData\Local\Adobe\gtbcheck.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_AdobeUpdateService
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-03-07 bis 2015-04-07  ))))))))))))))))))))))))))))))
.
.
2015-04-06 13:58 . 2015-04-06 14:36	--------	d-----w-	c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-04-06 13:58 . 2015-04-06 13:58	136408	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-04-06 13:56 . 2015-04-06 13:56	107736	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2015-04-06 13:09 . 2015-04-06 13:59	--------	d-----w-	c:\programdata\Malwarebytes
2015-04-06 13:09 . 2015-04-06 13:55	--------	d-----w-	c:\program files (x86)\ Malwarebytes Anti-Malware 
2015-04-06 09:13 . 2015-04-06 09:16	--------	d-----w-	C:\FRST
2015-04-06 07:26 . 2015-04-06 07:28	--------	d-----w-	c:\program files (x86)\Mozilla Thunderbird
2015-04-05 08:11 . 2015-04-05 08:11	--------	d-s---w-	c:\windows\system32\GWX
2015-04-05 08:11 . 2015-04-05 08:11	--------	d-s---w-	c:\windows\SysWow64\GWX
2015-04-03 14:04 . 2015-04-03 14:05	--------	d-----w-	c:\program files (x86)\ALDI NORD Bestellsoftware
2015-04-03 11:53 . 2015-04-03 11:53	--------	d-----r-	c:\users\Caro und Tobi\Creative Cloud Files
2015-04-03 11:50 . 2015-03-14 10:02	12002392	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{55CEA424-1C59-4729-8623-7B33508D2187}\mpengine.dll
2015-03-25 19:08 . 2015-04-03 14:06	--------	d-----w-	c:\programdata\ALDI NORD Bestellsoftware
2015-03-25 17:38 . 2015-03-25 18:27	--------	d-----w-	c:\users\Caro und Tobi\AppData\Local\fotokasten comfort
2015-03-25 17:35 . 2015-03-25 17:35	--------	d-----w-	c:\programdata\fotokasten comfort
2015-03-25 17:35 . 2015-03-25 17:41	--------	d-----w-	c:\program files (x86)\fotokasten comfort
2015-03-24 17:24 . 2015-03-11 04:05	30720	----a-w-	c:\windows\system32\acmigration.dll
2015-03-24 17:24 . 2015-03-11 04:06	943616	----a-w-	c:\windows\system32\appraiser.dll
2015-03-24 17:24 . 2015-03-11 04:06	677888	----a-w-	c:\windows\system32\generaltel.dll
2015-03-24 17:24 . 2015-03-11 04:06	760832	----a-w-	c:\windows\system32\invagent.dll
2015-03-24 17:24 . 2015-03-11 04:06	414720	----a-w-	c:\windows\system32\devinv.dll
2015-03-24 17:24 . 2015-03-11 04:02	1107456	----a-w-	c:\windows\system32\aeinv.dll
2015-03-24 17:24 . 2015-03-11 04:05	227328	----a-w-	c:\windows\system32\aepdu.dll
2015-03-24 17:24 . 2015-03-11 04:05	192000	----a-w-	c:\windows\system32\aepic.dll
2015-03-22 10:57 . 2015-03-25 17:36	--------	d-----w-	c:\users\Caro und Tobi\AppData\Local\Garmin
2015-03-22 10:57 . 2015-03-24 07:20	--------	d-----w-	c:\programdata\Garmin
2015-03-22 10:57 . 2015-03-22 10:57	--------	d-----w-	c:\users\Caro und Tobi\AppData\Local\GARMIN_Corp
2015-03-22 10:56 . 2015-03-22 10:56	--------	d-----w-	c:\program files (x86)\Garmin
2015-03-22 10:43 . 2015-03-24 07:20	--------	d-----w-	c:\users\Caro und Tobi\AppData\Roaming\Garmin
2015-03-22 09:56 . 2015-03-22 09:56	--------	d-----w-	c:\programdata\boost_interprocess
2015-03-22 09:56 . 2015-03-22 10:22	--------	d-----w-	c:\programdata\FitbitConnect
2015-03-22 09:56 . 2015-03-22 09:56	--------	d-----w-	c:\program files (x86)\Fitbit Connect
2015-03-21 16:31 . 2015-03-21 16:31	--------	d-----w-	c:\users\Caro und Tobi\restore
2015-03-21 16:29 . 2015-03-25 17:16	--------	d-----w-	c:\programdata\tmp
2015-03-21 16:29 . 2015-03-24 17:35	--------	d-----w-	c:\programdata\hps
2015-03-21 16:23 . 2015-03-21 16:23	--------	d-----w-	c:\program files\CEWE
2015-03-11 16:29 . 2015-02-20 04:41	41984	----a-w-	c:\windows\system32\lpk.dll
2015-03-11 16:29 . 2015-02-20 04:40	100864	----a-w-	c:\windows\system32\fontsub.dll
2015-03-11 16:29 . 2015-02-20 04:40	14336	----a-w-	c:\windows\system32\dciman32.dll
2015-03-11 16:29 . 2015-02-20 04:40	46080	----a-w-	c:\windows\system32\atmlib.dll
2015-03-11 16:29 . 2015-02-20 04:13	70656	----a-w-	c:\windows\SysWow64\fontsub.dll
2015-03-11 16:29 . 2015-02-20 04:13	10240	----a-w-	c:\windows\SysWow64\dciman32.dll
2015-03-11 16:29 . 2015-02-20 04:13	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2015-03-11 16:29 . 2015-02-20 04:12	25600	----a-w-	c:\windows\SysWow64\lpk.dll
2015-03-11 16:29 . 2015-02-20 03:29	372224	----a-w-	c:\windows\system32\atmfd.dll
2015-03-11 16:29 . 2015-02-20 03:09	299008	----a-w-	c:\windows\SysWow64\atmfd.dll
2015-03-11 16:27 . 2015-02-03 03:31	215552	----a-w-	c:\windows\system32\ubpm.dll
2015-03-11 16:27 . 2015-02-03 03:12	171520	----a-w-	c:\windows\SysWow64\ubpm.dll
2015-03-11 16:25 . 2015-01-17 02:48	1067520	----a-w-	c:\windows\system32\msctf.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-11 17:04 . 2014-05-26 07:37	122905848	----a-w-	c:\windows\system32\MRT.exe
2015-03-01 13:42 . 2014-05-28 05:41	701616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2015-03-01 13:42 . 2014-05-28 05:41	71344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-24 03:17 . 2014-05-26 07:24	295552	------w-	c:\windows\system32\MpSigStub.exe
2015-02-10 10:36 . 2014-05-26 16:50	627912	----a-w-	c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2015-01-27 23:36 . 2015-03-01 13:20	1239720	----a-w-	c:\windows\system32\aitstatic.exe
2015-01-09 03:14 . 2015-03-01 13:21	91136	----a-w-	c:\windows\system32\wdi.dll
2015-01-09 03:14 . 2015-03-01 13:21	950272	----a-w-	c:\windows\system32\perftrack.dll
2015-01-09 03:14 . 2015-03-01 13:21	29696	----a-w-	c:\windows\system32\powertracker.dll
2015-01-09 02:48 . 2015-03-01 13:21	76800	----a-w-	c:\windows\SysWow64\wdi.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2014-10-17 43816]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2014-11-21 43816]
"iCloudDrive"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe" [2014-10-20 43816]
"Fitbit Connect"="c:\program files (x86)\Fitbit Connect\Fitbit Connect.exe" [2014-12-12 4370976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-08-08 3890208]
"Adobe Creative Cloud"="c:\program files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" [2015-02-15 2694320]
"EnergyUtility"="c:\program files (x86)\Lenovo\EnergyCut\utilty.exe" [2007-04-27 1581056]
"EnergyCut"="c:\program files (x86)\Lenovo\EnergyCut\EnergyCut.exe" [2007-03-09 1167360]
"Fitbit Connect"="c:\program files (x86)\Fitbit Connect\Fitbit Connect.exe" [2014-12-12 4370976]
.
c:\users\Caro und Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Tintenwarnungen überwachen - HP Officejet Pro 8100 (Netzwerk).lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Officejet Pro 8100\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN2AEBVHG905MX;CONNECTION=NW;MONITOR=1; [2009-7-14 45568]
WISO Mein Steuer-Sparbuch heute.lnk - c:\program files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe [2014-5-28 1427736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 ClickToRunSvc;Microsoft Office-Klick-und-Los-Dienst;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
S2 Fitbit Connect;Fitbit Connect Service;c:\program files (x86)\Fitbit Connect\FitbitConnectService.exe;c:\program files (x86)\Fitbit Connect\FitbitConnectService.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2015-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-05-31 17:33]
.
2015-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-05-31 17:33]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco1]
@="{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}"
[HKEY_CLASSES_ROOT\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}]
2015-02-11 13:13	997536	----a-w-	c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco2]
@="{853B7E05-C47D-4985-909A-D0DC5C6D7303}"
[HKEY_CLASSES_ROOT\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303}]
2015-02-11 13:13	997536	----a-w-	c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco3]
@="{42D38F2E-98E9-4382-B546-E24E4D6D04BB}"
[HKEY_CLASSES_ROOT\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB}]
2015-02-11 13:13	997536	----a-w-	c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-02-10 11:52	2334928	----a-w-	c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-02-10 11:52	2334928	----a-w-	c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-02-10 11:52	2334928	----a-w-	c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08	164760	----a-w-	c:\users\Caro und Tobi\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08	164760	----a-w-	c:\users\Caro und Tobi\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08	164760	----a-w-	c:\users\Caro und Tobi\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08	164760	----a-w-	c:\users\Caro und Tobi\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08	164760	----a-w-	c:\users\Caro und Tobi\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08	164760	----a-w-	c:\users\Caro und Tobi\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08	164760	----a-w-	c:\users\Caro und Tobi\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08	164760	----a-w-	c:\users\Caro und Tobi\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-05-26 06:37	290888	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-05 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-05 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-05 413720]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-05-29 2352072]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-05-29 1279480]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2015-02-03 557768]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-02-13 169768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Caro und Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\oyh459m0.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - c:\users\Caro & Tobi\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\SkyDriveShell.dll
ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - c:\users\Caro & Tobi\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\SkyDriveShell.dll
ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - c:\users\Caro & Tobi\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\SkyDriveShell.dll
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
c:\users\Caro und Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - c:\users\Caro und Tobi\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup
ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - c:\users\Caro & Tobi\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll
ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - c:\users\Caro & Tobi\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll
ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - c:\users\Caro & Tobi\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll
AddRemove-Freizeitkarte_DEU - c:\freizeitkarte\Freizeitkarte_DEU\Uninstall.exe
AddRemove-OneDriveSetup.exe - c:\users\Caro & Tobi\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\OneDriveSetup.exe
AddRemove-{854347F2-AD4A-4117-8D29-43DB03C238B1} - c:\users\Caro & Tobi\AppData\Roaming\InstallShield Installation Information\{854347F2-AD4A-4117-8D29-43DB03C238B1}\Setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-04-07  19:45:41 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2015-04-07 17:45
.
Vor Suchlauf: 11 Verzeichnis(se), 210.204.917.760 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 220.758.114.304 Bytes frei
.
- - End Of File - - 02368FBCFEB3ADC89C90DCA37374A385
A36C5E4F47E84449FF07ED3517B43A31

Viele Grüße,
Tobi

schrauber · 08.04.2015, 10:58

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

kokolorix · 08.04.2015, 11:20

Hallo und nochmals vielen Dank für die Unterstützung!!! Echt klasse!!!
Die Programme werde ich heute Abend ausführen nach Feierabend.
Aber mal eine Frage, weil es mich einfach interessiert: kann man aus den bisherigen Logs etwas erkennen? Ist mein PC infiziert, oder ist momentan noch Suche angesagt? Ich kann ja leider daraus nichts erkennen.
Viele Grüße,
Tobi

schrauber · 08.04.2015, 17:58

Wir sind schon beim Entfernen

kokolorix · 08.04.2015, 19:45

Solede,...

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 08.04.2015
Suchlauf-Zeit: 19:35:04
Logdatei: mbam.txt
Administrator: Ja

Version: 2.01.4.1018
Malware Datenbank: v2015.03.09.05
Rootkit Datenbank: v2015.03.31.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Caro & Tobi

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 441528
Verstrichene Zeit: 13 Min, 6 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 0
(Keine schädliche Elemente gefunden)

Registrierungswerte: 0
(Keine schädliche Elemente gefunden)

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 0
(Keine schädliche Elemente gefunden)

Dateien: 0
(Keine schädliche Elemente gefunden)

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)

Code:

ATTFilter

# AdwCleaner v4.201 - Bericht erstellt 08/04/2015 um 20:29:34
# Aktualisiert 08/04/2015 von Xplode
# Datenbank : 2015-04-08.1 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : Caro & Tobi - HOME-LAPTOP
# Gestarted von : C:\Users\Caro und Tobi\Downloads\AdwCleaner_4.201.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\Myfree Codec
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Myfree Codec
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17689


-\\ Mozilla Firefox v37.0.1 (x86 de)


*************************

AdwCleaner[R0].txt - [1161 Bytes] - [08/04/2015 20:28:12]
AdwCleaner[S0].txt - [980 Bytes] - [08/04/2015 20:29:34]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1038  Bytes] ##########

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.5.3 (04.07.2015:1)
OS: Windows 7 Home Premium x64
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\myfree codec"



~~~ FireFox

Emptied folder: C:\Users\Caro und Tobi\AppData\Roaming\mozilla\firefox\profiles\oyh459m0.default\minidumps [52 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08.04.2015 at 20:40:30,41
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Caro & Tobi (administrator) on HOME-LAPTOP on 08-04-2015 20:41:58
Running from C:\Users\Caro und Tobi\Downloads
Loaded Profiles: Caro & Tobi (Available profiles: Caro & Tobi & tempaccount)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8100\Bin\HPNetworkCommunicatorCom.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2352072 2014-05-30] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2015-02-03] (Adobe Systems Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-08-08] (AVAST Software)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2015-02-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\EnergyCut\utilty.exe [1581056 2007-04-27] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [EnergyCut] => C:\Program Files (x86)\Lenovo\EnergyCut\EnergyCut.exe [1167360 2007-03-09] (Lenovo (Beijing) Limited)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4370976 2014-12-12] (Fitbit, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2047627659-2815173095-2199539525-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-2047627659-2815173095-2199539525-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-2047627659-2815173095-2199539525-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2014-10-20] (Apple Inc.)
HKU\S-1-5-21-2047627659-2815173095-2199539525-1000\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4370976 2014-12-12] (Fitbit, Inc.)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [166568 2014-06-13] (NVIDIA Corporation)
AppInit_DLLs: ,C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [166568 2014-06-13] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [146480 2014-06-13] (NVIDIA Corporation)
Startup: C:\Users\Caro und Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - .lnk
ShortcutTarget: Tintenwarnungen überwachen - .lnk -> C:\Program Files\HP\HP Officejet Pro 8100\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Caro und Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe ()
Startup: C:\Users\Caro und Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - .lnk
ShortcutTarget: Tintenwarnungen überwachen - .lnk -> C:\Program Files\HP\HP Officejet Pro 8100\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Caro und Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe ()
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2047627659-2815173095-2199539525-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2047627659-2815173095-2199539525-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-05-26] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-02-10] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-05-26] (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-02-10] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Caro und Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\oyh459m0.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-03-01] ()
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-02-15] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-03-01] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-05-26] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-06-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-06-13] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-01] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-02-15] (Adobe Systems)
FF Extension: 20-20 3D Viewer - WEB - C:\Users\Caro und Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\oyh459m0.default\Extensions\2020Player_WEB@2020Technologies.com [2014-12-07]
FF Extension: iCloud Bookmarks - C:\Users\Caro und Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\oyh459m0.default\Extensions\firefoxdav@icloud.com [2014-11-21]
FF Extension: Garmin Communicator - C:\Users\Caro und Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\oyh459m0.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2015-03-22]
FF Extension: Exif Viewer - C:\Users\Caro und Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\oyh459m0.default\Extensions\exif_viewer@mozilla.doslash.org.xpi [2014-07-17]
FF Extension: Ghostery - C:\Users\Caro und Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\oyh459m0.default\Extensions\firefox@ghostery.com.xpi [2014-05-28]
FF Extension: MEGA - C:\Users\Caro und Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\oyh459m0.default\Extensions\firefox@mega.co.nz.xpi [2014-09-16]
FF Extension: Lightbeam - C:\Users\Caro und Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\oyh459m0.default\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2014-09-17]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-05-26]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-26] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2714800 2015-02-10] (Microsoft Corporation)
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5738528 2014-12-12] (Fitbit, Inc.)
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1631008 2014-05-30] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21055432 2014-05-30] (NVIDIA Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-26] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-26] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-26] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-26] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-26] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-26] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-26] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-26] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-04-08] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-05-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-08 20:40 - 2015-04-08 20:40 - 00000794 _____ () C:\Users\Caro und Tobi\Desktop\JRT.txt
2015-04-08 20:35 - 2015-04-08 20:35 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-HOME-LAPTOP-Windows-7-Home-Premium-(64-bit).dat
2015-04-08 20:35 - 2015-04-08 20:35 - 00000000 ____D () C:\RegBackup
2015-04-08 20:34 - 2015-04-08 20:34 - 02686959 _____ (Thisisu) C:\Users\Caro und Tobi\Downloads\JRT.exe
2015-04-08 20:32 - 2015-04-08 20:32 - 00001118 _____ () C:\Users\Caro und Tobi\Desktop\AdwCleaner[S0].txt
2015-04-08 20:27 - 2015-04-08 20:29 - 00000000 ____D () C:\AdwCleaner
2015-04-08 20:27 - 2015-04-08 20:27 - 02217984 _____ () C:\Users\Caro und Tobi\Downloads\AdwCleaner_4.201.exe
2015-04-08 20:26 - 2015-04-08 20:26 - 00001214 _____ () C:\Users\Caro und Tobi\Desktop\mbam.txt
2015-04-08 19:34 - 2015-04-08 19:34 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-04-08 19:34 - 2015-04-08 19:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-04-08 19:34 - 2015-03-17 06:15 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-08 19:34 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-08 19:30 - 2015-04-08 19:32 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Caro und Tobi\Downloads\mbam-setup-2.1.4.1018.exe
2015-04-07 19:45 - 2015-04-07 19:45 - 00021807 _____ () C:\ComboFix.txt
2015-04-07 19:20 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-04-07 19:20 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-04-07 19:20 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-04-07 19:20 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-04-07 19:20 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-04-07 19:20 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-04-07 19:20 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-04-07 19:20 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-04-07 19:19 - 2015-04-07 19:45 - 00000000 ____D () C:\Qoobox
2015-04-07 19:18 - 2015-04-07 19:44 - 00000000 ____D () C:\Windows\erdnt
2015-04-07 19:18 - 2015-04-07 19:18 - 05617096 ____R (Swearware) C:\Users\Caro und Tobi\Downloads\ComboFix.exe
2015-04-06 16:13 - 2015-04-06 16:13 - 00002099 _____ () C:\Users\Public\Desktop\WISO Steuer-Sparbuch 2015.lnk
2015-04-06 16:12 - 2015-04-06 16:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Steuer-Sparbuch 2015
2015-04-06 16:02 - 2015-04-06 16:02 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Caro und Tobi\Downloads\tdsskiller.exe
2015-04-06 15:58 - 2015-04-08 20:32 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-06 15:58 - 2015-04-06 16:36 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-04-06 15:56 - 2015-04-06 16:36 - 00000000 ____D () C:\Users\Caro und Tobi\Desktop\mbar
2015-04-06 15:56 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-06 15:55 - 2015-04-06 15:56 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Caro und Tobi\Downloads\mbar-1.09.1.1004.exe
2015-04-06 15:09 - 2015-04-08 19:34 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-04-06 15:09 - 2015-04-06 15:59 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-06 11:14 - 2015-04-08 20:41 - 00015429 _____ () C:\Users\Caro und Tobi\Downloads\FRST.txt
2015-04-06 11:14 - 2015-04-06 11:16 - 00033644 _____ () C:\Users\Caro und Tobi\Downloads\Addition.txt
2015-04-06 11:13 - 2015-04-08 20:42 - 00000000 ____D () C:\FRST
2015-04-06 11:09 - 2015-04-06 11:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-06 10:56 - 2015-04-06 10:56 - 02095616 _____ (Farbar) C:\Users\Caro und Tobi\Downloads\FRST64.exe
2015-04-06 09:26 - 2015-04-06 09:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-04-05 10:11 - 2015-04-05 10:11 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-05 10:11 - 2015-04-05 10:11 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-03 16:06 - 2015-04-03 16:06 - 00001215 _____ () C:\Users\Public\Desktop\ALDI NORD Bestellsoftware.lnk
2015-04-03 16:04 - 2015-04-03 16:05 - 00000000 ____D () C:\Program Files (x86)\ALDI NORD Bestellsoftware
2015-04-03 13:53 - 2015-04-03 13:53 - 00000000 ___RD () C:\Users\Caro und Tobi\Creative Cloud Files
2015-04-03 13:52 - 2015-04-03 13:52 - 00001237 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2015-04-03 13:52 - 2015-04-03 13:52 - 00001225 _____ () C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2015-03-30 07:53 - 2015-03-30 08:03 - 01054912 _____ (Adobe) C:\Users\Caro und Tobi\Downloads\install_flashplayer17x32au_mssa_aaa_aih.exe
2015-03-25 21:08 - 2015-04-03 16:06 - 00000000 ____D () C:\ProgramData\ALDI NORD Bestellsoftware
2015-03-25 21:01 - 2015-03-25 21:04 - 262661712 _____ () C:\Users\Caro und Tobi\Downloads\ALDI_NORD_Bestellsoftware_Setup.exe
2015-03-25 19:38 - 2015-03-25 20:27 - 00000000 ____D () C:\Users\Caro und Tobi\AppData\Local\fotokasten comfort
2015-03-25 19:36 - 2015-03-25 19:36 - 00001069 _____ () C:\Users\Public\Desktop\fotokasten comfort.lnk
2015-03-25 19:36 - 2015-03-25 19:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\fotokasten comfort
2015-03-25 19:35 - 2015-03-25 19:41 - 00000000 ____D () C:\Program Files (x86)\fotokasten comfort
2015-03-25 19:35 - 2015-03-25 19:35 - 00000000 ____D () C:\ProgramData\fotokasten comfort
2015-03-25 19:22 - 2015-03-25 19:31 - 180442440 _____ ( ) C:\Users\Caro und Tobi\Downloads\fotokasten_comfort_[2116]_5-3-13.exe
2015-03-25 08:33 - 2015-03-25 09:13 - 1465714349 _____ () C:\Users\Caro und Tobi\Downloads\Install_Freizeitkarte_DEU_de.zip
2015-03-24 19:24 - 2015-03-11 06:06 - 00943616 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-03-24 19:24 - 2015-03-11 06:06 - 00760832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-03-24 19:24 - 2015-03-11 06:06 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-03-24 19:24 - 2015-03-11 06:06 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-03-24 19:24 - 2015-03-11 06:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-03-24 19:24 - 2015-03-11 06:05 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-03-24 19:24 - 2015-03-11 06:05 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-03-24 19:24 - 2015-03-11 06:02 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-03-24 09:42 - 2015-03-24 10:14 - 1197697936 _____ () C:\Users\Caro und Tobi\Downloads\Deutschland_15_1.zip
2015-03-24 09:20 - 2015-03-24 09:20 - 00000000 ____D () C:\Users\Caro und Tobi\Documents\Mein Garmin
2015-03-24 09:19 - 2015-03-24 09:19 - 00000342 _____ () C:\Users\Caro und Tobi\Downloads\geocaching.loc
2015-03-24 08:51 - 2015-03-24 21:28 - 00000000 ____D () C:\Users\Caro und Tobi\Documents\Deutschlandkarte GPS
2015-03-22 12:57 - 2015-03-25 19:36 - 00000000 ____D () C:\Users\Caro und Tobi\AppData\Local\Garmin
2015-03-22 12:57 - 2015-03-24 09:20 - 00000000 ____D () C:\ProgramData\Garmin
2015-03-22 12:57 - 2015-03-22 12:57 - 00000000 ____D () C:\Users\Caro und Tobi\AppData\Local\GARMIN_Corp
2015-03-22 12:56 - 2015-03-22 12:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2015-03-22 12:56 - 2015-03-22 12:56 - 00000000 ____D () C:\Program Files (x86)\Garmin
2015-03-22 12:54 - 2015-03-22 07:42 - 305364992 _____ () C:\Users\Caro und Tobi\Documents\gmapsupp.img
2015-03-22 12:53 - 2015-03-22 12:54 - 55083472 _____ () C:\Users\Caro und Tobi\Downloads\BaseCamp_446.exe
2015-03-22 12:43 - 2015-03-24 09:20 - 00000000 ____D () C:\Users\Caro und Tobi\AppData\Roaming\Garmin
2015-03-22 11:56 - 2015-03-22 12:22 - 00000000 ____D () C:\ProgramData\FitbitConnect
2015-03-22 11:56 - 2015-03-22 11:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fitbit Connect
2015-03-22 11:56 - 2015-03-22 11:56 - 00000000 ____D () C:\ProgramData\boost_interprocess
2015-03-22 11:56 - 2015-03-22 11:56 - 00000000 ____D () C:\Program Files (x86)\Fitbit Connect
2015-03-21 18:31 - 2015-03-21 18:31 - 00000000 ____D () C:\Users\Caro und Tobi\restore
2015-03-21 18:29 - 2015-03-25 19:16 - 00000000 ____D () C:\ProgramData\tmp
2015-03-21 18:29 - 2015-03-24 19:35 - 00000000 ____D () C:\ProgramData\hps
2015-03-21 18:29 - 2015-03-21 18:29 - 00001031 _____ () C:\Users\Public\Desktop\Mein CEWE FOTOBUCH.lnk
2015-03-21 18:29 - 2015-03-21 18:29 - 00001011 _____ () C:\Users\Public\Desktop\CEWE FOTOSCHAU.lnk
2015-03-21 18:29 - 2015-03-21 18:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mein CEWE FOTOBUCH
2015-03-21 18:23 - 2015-03-21 18:23 - 00000000 ____D () C:\Program Files\CEWE
2015-03-11 18:29 - 2015-02-20 06:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-11 18:29 - 2015-02-20 06:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-11 18:29 - 2015-02-20 06:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-11 18:29 - 2015-02-20 06:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-11 18:29 - 2015-02-20 06:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-11 18:29 - 2015-02-20 06:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-11 18:29 - 2015-02-20 06:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-11 18:29 - 2015-02-20 06:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-11 18:29 - 2015-02-20 05:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-11 18:29 - 2015-02-20 05:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-11 18:28 - 2015-02-03 05:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-11 18:28 - 2015-02-03 05:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-11 18:28 - 2015-02-03 05:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-11 18:28 - 2015-02-03 05:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-11 18:28 - 2015-02-03 05:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-11 18:28 - 2015-02-03 05:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-11 18:28 - 2015-02-03 05:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-11 18:28 - 2015-02-03 05:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-11 18:28 - 2015-02-03 05:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-11 18:28 - 2015-02-03 05:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-11 18:28 - 2015-02-03 05:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-11 18:28 - 2015-02-03 05:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-11 18:28 - 2015-02-03 05:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-11 18:28 - 2015-02-03 05:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-11 18:28 - 2015-02-03 05:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-11 18:28 - 2015-02-03 05:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-11 18:28 - 2015-02-03 05:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-11 18:28 - 2015-02-03 05:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-11 18:28 - 2015-02-03 05:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-11 18:28 - 2015-02-03 05:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-11 18:28 - 2015-02-03 05:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-11 18:28 - 2015-02-03 05:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-11 18:28 - 2015-02-03 05:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-11 18:28 - 2015-02-03 05:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-11 18:28 - 2015-02-03 05:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-11 18:28 - 2015-02-03 05:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-11 18:28 - 2015-02-03 05:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-11 18:28 - 2015-02-03 05:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-11 18:28 - 2015-02-03 05:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-11 18:28 - 2015-02-03 05:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-11 18:28 - 2015-02-03 05:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-11 18:28 - 2015-02-03 05:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-11 18:28 - 2015-02-03 05:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-11 18:28 - 2015-02-03 05:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-11 18:28 - 2015-02-03 05:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-11 18:28 - 2015-02-03 05:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-11 18:28 - 2015-02-03 05:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-11 18:28 - 2015-02-03 05:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-11 18:28 - 2015-02-03 05:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-11 18:28 - 2015-02-03 05:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-11 18:28 - 2015-02-03 05:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-11 18:28 - 2015-02-03 05:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-11 18:28 - 2015-02-03 05:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-11 18:28 - 2015-02-03 05:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-11 18:28 - 2015-02-03 05:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-11 18:28 - 2015-02-03 05:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-11 18:28 - 2015-02-03 05:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-11 18:28 - 2015-02-03 05:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-11 18:28 - 2015-02-03 05:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-11 18:28 - 2015-02-03 05:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-11 18:28 - 2015-02-03 05:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-11 18:28 - 2015-02-03 05:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-11 18:28 - 2015-02-03 05:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-11 18:28 - 2015-02-03 05:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-11 18:28 - 2015-02-03 05:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-11 18:28 - 2015-02-03 05:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-11 18:28 - 2015-02-03 05:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-11 18:28 - 2015-02-03 05:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-11 18:28 - 2015-02-03 05:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-11 18:28 - 2015-02-03 05:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-11 18:28 - 2015-02-03 05:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-11 18:28 - 2015-02-03 05:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-11 18:28 - 2015-02-03 05:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-11 18:28 - 2015-02-03 05:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-11 18:28 - 2015-02-03 05:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-11 18:28 - 2015-02-03 05:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-11 18:28 - 2015-02-03 05:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-11 18:28 - 2015-02-03 05:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-11 18:28 - 2015-02-03 05:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-11 18:28 - 2015-02-03 05:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-11 18:28 - 2015-02-03 05:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-11 18:28 - 2015-02-03 05:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-11 18:28 - 2015-02-03 05:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-11 18:28 - 2015-02-03 05:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-11 18:28 - 2015-02-03 05:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-11 18:28 - 2015-02-03 05:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-11 18:28 - 2015-02-03 05:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-11 18:28 - 2015-02-03 05:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-11 18:28 - 2015-02-03 05:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-11 18:28 - 2015-02-03 05:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-11 18:28 - 2015-02-03 05:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-11 18:28 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-11 18:28 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-11 18:28 - 2015-02-03 05:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-11 18:28 - 2015-02-03 05:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-11 18:28 - 2015-02-03 05:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-11 18:28 - 2015-02-03 05:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-11 18:28 - 2015-02-03 05:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-11 18:28 - 2015-02-03 04:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-11 18:28 - 2014-11-01 00:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-11 18:28 - 2014-06-28 02:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-03-11 18:28 - 2014-06-28 02:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-03-11 18:27 - 2015-02-03 05:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-11 18:27 - 2015-02-03 05:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-11 18:26 - 2015-03-06 07:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-11 18:26 - 2015-03-06 07:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-11 18:26 - 2015-03-06 07:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-11 18:26 - 2015-03-06 07:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-11 18:26 - 2015-03-06 07:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 18:26 - 2015-03-06 07:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-11 18:26 - 2015-03-06 07:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-11 18:26 - 2015-03-06 07:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-11 18:26 - 2015-03-06 07:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-11 18:26 - 2015-03-06 07:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-11 18:26 - 2015-03-06 07:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-11 18:26 - 2015-03-06 07:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-11 18:26 - 2015-03-06 07:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-11 18:26 - 2015-03-06 07:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-11 18:26 - 2015-03-06 07:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-11 18:26 - 2015-03-06 07:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-11 18:26 - 2015-03-06 07:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-11 18:26 - 2015-03-06 07:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-11 18:26 - 2015-03-06 07:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-11 18:26 - 2015-03-06 07:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-11 18:26 - 2015-03-06 07:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-11 18:26 - 2015-03-06 07:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-11 18:26 - 2015-03-06 07:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-11 18:26 - 2015-03-06 07:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-11 18:26 - 2015-03-06 07:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-11 18:26 - 2015-03-06 07:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-11 18:26 - 2015-03-06 07:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-11 18:26 - 2015-03-06 07:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-11 18:26 - 2015-03-06 07:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-11 18:26 - 2015-03-06 07:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-11 18:26 - 2015-03-06 07:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-11 18:26 - 2015-02-13 07:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-11 18:26 - 2015-02-13 07:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 18:26 - 2015-01-31 01:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-11 18:25 - 2015-02-26 05:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 18:25 - 2015-02-24 05:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-11 18:25 - 2015-02-24 04:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-11 18:25 - 2015-02-21 03:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 18:25 - 2015-02-21 02:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-11 18:25 - 2015-02-21 02:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-11 18:25 - 2015-02-21 02:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-11 18:25 - 2015-02-21 02:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-11 18:25 - 2015-02-21 01:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 18:25 - 2015-02-21 01:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-11 18:25 - 2015-02-20 05:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-11 18:25 - 2015-02-20 05:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-11 18:25 - 2015-02-20 04:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-11 18:25 - 2015-02-20 04:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 18:25 - 2015-02-20 04:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-11 18:25 - 2015-02-20 04:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 18:25 - 2015-02-20 04:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-11 18:25 - 2015-02-20 04:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-11 18:25 - 2015-02-20 04:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-11 18:25 - 2015-02-20 04:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-11 18:25 - 2015-02-20 04:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-11 18:25 - 2015-02-20 04:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-11 18:25 - 2015-02-20 04:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-11 18:25 - 2015-02-20 04:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 18:25 - 2015-02-20 04:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-11 18:25 - 2015-02-20 04:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-11 18:25 - 2015-02-20 04:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-11 18:25 - 2015-02-20 04:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-11 18:25 - 2015-02-20 04:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-11 18:25 - 2015-02-20 04:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-11 18:25 - 2015-02-20 04:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-11 18:25 - 2015-02-20 04:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-11 18:25 - 2015-02-20 04:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-11 18:25 - 2015-02-20 04:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 18:25 - 2015-02-20 04:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-11 18:25 - 2015-02-20 04:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-11 18:25 - 2015-02-20 04:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-11 18:25 - 2015-02-20 03:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-11 18:25 - 2015-02-20 03:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-11 18:25 - 2015-02-20 03:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-11 18:25 - 2015-02-20 03:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 18:25 - 2015-02-20 03:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-11 18:25 - 2015-02-20 03:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-11 18:25 - 2015-02-20 03:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 18:25 - 2015-02-20 03:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 18:25 - 2015-02-20 03:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-11 18:25 - 2015-02-20 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-11 18:25 - 2015-02-20 03:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-11 18:25 - 2015-02-20 03:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 18:25 - 2015-02-20 03:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-11 18:25 - 2015-02-20 03:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-11 18:25 - 2015-02-20 03:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-11 18:25 - 2015-02-20 03:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 18:25 - 2015-02-20 03:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-11 18:25 - 2015-02-20 03:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-11 18:25 - 2015-02-20 02:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-11 18:25 - 2015-02-20 02:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-11 18:25 - 2015-02-04 05:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 18:25 - 2015-02-04 04:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-11 18:25 - 2015-02-03 05:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 18:25 - 2015-02-03 05:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-11 18:25 - 2015-01-17 04:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 18:25 - 2015-01-17 04:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-08 20:36 - 2009-07-14 06:45 - 00023168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-08 20:36 - 2009-07-14 06:45 - 00023168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-08 20:33 - 2014-06-17 18:59 - 00000000 ____D () C:\Users\Caro und Tobi\AppData\Local\Adobe
2015-04-08 20:32 - 2014-10-25 18:55 - 00000000 ___RD () C:\Users\Caro und Tobi\iCloudDrive
2015-04-08 20:32 - 2014-05-26 08:38 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-04-08 20:31 - 2014-05-31 19:33 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-08 20:31 - 2009-07-14 06:51 - 00074941 _____ () C:\Windows\setupact.log
2015-04-08 20:30 - 2014-05-26 18:56 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-08 20:30 - 2014-05-26 08:57 - 00087168 _____ () C:\Windows\PFRO.log
2015-04-08 20:30 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-08 20:29 - 2014-05-26 07:53 - 01825181 _____ () C:\Windows\WindowsUpdate.log
2015-04-08 20:05 - 2014-05-31 19:33 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-07 19:41 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2015-04-07 19:37 - 2009-07-14 04:34 - 75497472 _____ () C:\Windows\system32\config\SOFTWARE.bak
2015-04-07 19:37 - 2009-07-14 04:34 - 16252928 _____ () C:\Windows\system32\config\SYSTEM.bak
2015-04-07 19:37 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2015-04-07 19:37 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2015-04-07 19:37 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\DEFAULT.bak
2015-04-07 19:14 - 2014-06-01 13:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-06 16:54 - 2014-05-28 08:42 - 00000751 _____ () C:\Windows\wiso.ini
2015-04-06 16:53 - 2014-06-06 08:14 - 00000000 ____D () C:\Users\Caro und Tobi\Desktop\Zwischenspeicher Fotos
2015-04-06 16:13 - 2014-05-28 08:42 - 00000000 ____D () C:\Users\Caro und Tobi\AppData\Local\Buhl
2015-04-06 16:06 - 2014-05-28 08:24 - 00000000 ____D () C:\Program Files (x86)\WISO
2015-04-06 16:06 - 2014-05-26 08:38 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-04-06 08:55 - 2014-05-31 16:34 - 00000000 ____D () C:\Users\Caro und Tobi\Documents\Mein Steuer-Sparbuch Heute
2015-04-05 10:07 - 2009-07-14 19:58 - 00698926 _____ () C:\Windows\system32\perfh007.dat
2015-04-05 10:07 - 2009-07-14 19:58 - 00149034 _____ () C:\Windows\system32\perfc007.dat
2015-04-05 10:07 - 2009-07-14 07:13 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-03 13:53 - 2014-05-26 07:57 - 00000000 ____D () C:\Users\Caro und Tobi
2015-04-03 13:52 - 2014-05-31 19:31 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-03 13:49 - 2014-05-26 20:56 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-03-25 17:49 - 2014-12-12 08:39 - 00000000 ____D () C:\Windows\system32\appraiser
2015-03-25 17:49 - 2014-05-26 18:23 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-03-24 10:48 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-03-22 12:56 - 2014-06-08 10:10 - 00000000 ____D () C:\Program Files\DIFX
2015-03-22 11:45 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-03-21 17:56 - 2014-05-26 18:44 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-03-21 17:37 - 2009-07-14 06:45 - 04882736 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-21 17:35 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-21 17:35 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-11 19:07 - 2014-05-26 09:38 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-11 19:04 - 2014-05-26 09:37 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2014-07-26 16:11 - 2014-08-06 08:35 - 0000655 _____ () C:\Users\Caro und Tobi\AppData\Roaming\.ptbt0
2014-07-22 08:50 - 2015-01-27 09:49 - 0001456 _____ () C:\Users\Caro und Tobi\AppData\Local\Adobe Für Web speichern 13.0 Prefs
2014-05-26 19:07 - 2014-05-26 19:07 - 0000057 _____ () C:\ProgramData\Ament.ini

Some content of TEMP:
====================
C:\Users\Caro und Tobi\AppData\Local\Temp\Quarantine.exe
C:\Users\Caro und Tobi\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-08 20:12

==================== End Of Log ============================

--- --- ---

schrauber · 09.04.2015, 09:40

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

08.04.2015, 17:58	#10
schrauber /// the machine /// TB-Ausbilder	Win7 Laptop stürzt häufig bei Downloads ab Wir sind schon beim Entfernen __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Win7 Laptop stürzt häufig bei Downloads ab

Plagegeister aller Art und deren Bekämpfung: Win7 Laptop stürzt häufig bei Downloads ab