Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Unerwünschte automatische Aktivität durch Aufruf einer Webseite

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 05.05.2015, 14:25   #1
ThomasLanger
 
Unerwünschte automatische Aktivität durch Aufruf einer Webseite - Standard

Unerwünschte automatische Aktivität durch Aufruf einer Webseite



Guten Tag,

ich bin vorhin durch einen Link auf die Seite hxxp://www.meetandfuckgames.com/index.html gekommen. Diese öffnete sich in einem neuen Tab, den ich sofort schloß (noch bevor die Seite geladen hatte). Unmittelbar daraufhin erschien oben links im Bildschirm ein paarmal ganz kurz ein kleines Fenter, das mir bekannterweise kommt, wenn man Dateien kopiert oder verschiebt. (allerdings war das Design des Fensters nicht im Win7-Stil, sondern im älteren (gelbe Ordner)).

Was ist da vorhin passiert?!
Was sollte ich nun unternehmen?


Einen Komplett-Scan habe ich mit Antivir laufen lassen, allerdings wurde rein gar nichts gefunden. Darüber hinaus habe ich im Ordner AppData\Temp alle Dateien mit heutigem Änderungsdatum gelöscht (keine Ahnung ob das helfen könnte).

Der PC scheint seitdem momentan teilweise ein klein wenig hinterherzuhinken, so als ob er etwas überlastet sei - Dazu muss gesagt werden: ich habe viele Prozesse offen und den Rechner nach dem Anti-Viren-Scan noch nicht runtergefahren (RAM-Auslastung derzeit bei knapp 4GB von 8GB verfügbar, CPU-Auslastung unter 10%)

Eine kleine Anmerkung noch: Leider besitze ich in dem Bereich kein Fachwissen, daher würde ich mich über möglichst einfache Erklärungen freuen.

Grüße!

Alt 05.05.2015, 14:58   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Unerwünschte automatische Aktivität durch Aufruf einer Webseite - Standard

Unerwünschte automatische Aktivität durch Aufruf einer Webseite



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 05.05.2015, 22:21   #3
ThomasLanger
 
Unerwünschte automatische Aktivität durch Aufruf einer Webseite - Standard

FRST.txt und Addition.txt



FRST

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-05-2015
Ran by Fabian (administrator) on BEST-PC on 05-05-2015 23:10:41
Running from C:\Users\Fabian\Downloads
Loaded Profiles: Fabian (Available profiles: Fabian)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
() C:\Program Files (x86)\Anker Precision Laser Gaming Mouse\AnkerMonEx.exe
() C:\Program Files (x86)\Gaming Mouse\DareUMonitor.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\mspaint.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5263504 2012-08-09] (VIA)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-20] (Intel Corporation)
HKLM-x32\...\Run: [EsternTimesMouseExRun] => C:\Program Files (x86)\Anker Precision Laser Gaming Mouse\AnkerMonEx.exe [3351040 2013-04-23] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [728312 2015-05-05] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Dare-U mouse] => C:\Program Files (x86)\Gaming Mouse\DareUMonitor.exe [786432 2012-08-21] ()
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\RunOnce: [EasyTuneVI] => C:\Program Files (x86)\GIGABYTE\ET6\ETCall.exe [40960 2012-07-09] ()
HKU\S-1-5-21-3330181468-2195716113-3604754730-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_17_0_0_134_Plugin.exe [962224 2015-03-18] (Adobe Systems Incorporated)
HKU\S-1-5-21-3330181468-2195716113-3604754730-1000\...\MountPoints2: {1619161d-7106-11e3-a6ae-94de8027cf5c} - E:\AOESETUP.EXE /autorun

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3330181468-2195716113-3604754730-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKU\S-1-5-21-3330181468-2195716113-3604754730-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_ir_15_07&cd=2XzuyEtN2Y1L1QzuzyyE0D0EzztDtByB0C0FyD0C0CtCtA0DtN0D0Tzu0StCtCtAyCtN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAyBzzyBzzyE0D0DtGtC0AtAtDtG0CtCtAtCtGyEyEtCyBtGyCzzzy0B0E0EyE0BzzzzzyyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0DyD0EtC0AtBtCtGyBtC0FtAtGyE0DtAyCtGzzyDtDyDtGzytCtCtAtD0D0B0FyCtByCtA2Q&cr=750978400&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_ir_15_07&cd=2XzuyEtN2Y1L1QzuzyyE0D0EzztDtByB0C0FyD0C0CtCtA0DtN0D0Tzu0StCtCtAyCtN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAyBzzyBzzyE0D0DtGtC0AtAtDtG0CtCtAtCtGyEyEtCyBtGyCzzzy0B0E0EyE0BzzzzzyyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0DyD0EtC0AtBtCtGyBtC0FtAtGyE0DtAyCtGzzyDtDyDtGzytCtCtAtD0D0B0FyCtByCtA2Q&cr=750978400&ir=
SearchScopes: HKU\S-1-5-21-3330181468-2195716113-3604754730-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_ir_15_07&cd=2XzuyEtN2Y1L1QzuzyyE0D0EzztDtByB0C0FyD0C0CtCtA0DtN0D0Tzu0StCtCtAyCtN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAyBzzyBzzyE0D0DtGtC0AtAtDtG0CtCtAtCtGyEyEtCyBtGyCzzzy0B0E0EyE0BzzzzzyyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0DyD0EtC0AtBtCtGyBtC0FtAtGyE0DtAyCtGzzyDtDyDtGzytCtCtAtD0D0B0FyCtByCtA2Q&cr=750978400&ir=
SearchScopes: HKU\S-1-5-21-3330181468-2195716113-3604754730-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_ir_15_07&cd=2XzuyEtN2Y1L1QzuzyyE0D0EzztDtByB0C0FyD0C0CtCtA0DtN0D0Tzu0StCtCtAyCtN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAyBzzyBzzyE0D0DtGtC0AtAtDtG0CtCtAtCtGyEyEtCyBtGyCzzzy0B0E0EyE0BzzzzzyyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0DyD0EtC0AtBtCtGyBtC0FtAtGyE0DtAyCtGzzyDtDyDtGzytCtCtAtD0D0B0FyCtByCtA2Q&cr=750978400&ir=
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-12-10] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-10] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-3330181468-2195716113-3604754730-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 80.69.103.78 80.69.102.158
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\pvfukepq.default-1423612076849
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-18] ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-23] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-18] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-12-10] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-10] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-09-26] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3330181468-2195716113-3604754730-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Fabian\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-02-20] (Unity Technologies ApS)
FF Extension: YouTube Unblocker - C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\pvfukepq.default-1423612076849\Extensions\youtubeunblocker@unblocker.yt [2015-02-11]
FF Extension: Undo Closed Tabs Button - C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\pvfukepq.default-1423612076849\Extensions\undoclosedtabsbutton@supernova00.biz.xpi [2015-02-11]
FF Extension: {cfd61a71-5d8b-423c-99d3-cb9c245739be} - C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\pvfukepq.default-1423612076849\Extensions\{cfd61a71-5d8b-423c-99d3-cb9c245739be}.xpi [2015-03-18]
FF Extension: Adblock Plus - C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\pvfukepq.default-1423612076849\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-11]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827640 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-05-05] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1185584 2015-05-05] (Avira Operations GmbH & Co. KG)
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
S3 ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S4 mi-raysat_3dsmax2013_64; C:\Program Files\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64server.exe [86016 2011-09-15] () [File not signed]
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910640 2015-03-20] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-07-16] ()
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-08-03] (VIA Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22680 2012-10-25] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [152744 2015-05-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-05-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-05] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-12-30] (Disc Soft Ltd)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2015-04-09] ()
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [110744 2012-07-19] (Qualcomm Atheros Co., Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-05 23:10 - 2015-05-05 23:11 - 00015718 _____ () C:\Users\Fabian\Downloads\FRST.txt
2015-05-05 23:10 - 2015-05-05 23:10 - 00000000 ____D () C:\FRST
2015-05-05 23:09 - 2015-05-05 23:09 - 02101248 _____ (Farbar) C:\Users\Fabian\Downloads\FRST64.exe
2015-04-26 16:48 - 2015-04-26 16:48 - 00022538 ____H () C:\Users\Fabian\Desktop\~WRL3186.tmp
2015-04-25 22:44 - 2015-04-25 22:44 - 00027676 _____ () C:\Users\Fabian\AppData\Local\recently-used.xbel
2015-04-21 16:22 - 2015-05-04 12:39 - 00001522 _____ () C:\Users\Fabian\Desktop\Weiterkommen (Mitte April 2015).txt
2015-04-21 13:08 - 2015-05-03 15:50 - 00000000 ____D () C:\Users\Fabian\Desktop\soziale Modelle und sonstiges
2015-04-20 23:39 - 2015-05-02 21:36 - 00000313 _____ () C:\Users\Fabian\Desktop\Fahrt nach Köln.txt
2015-04-19 13:38 - 2015-04-19 13:40 - 00000249 _____ () C:\Users\Fabian\Desktop\Bewerbungsgestaltung und -inhaltsideen - Soziale Arbeit (Hochschule).txt
2015-04-19 13:27 - 2015-04-19 13:27 - 00001425 _____ () C:\Users\Fabian\Desktop\Bewerbung - 3. Seite Motivationsschreiben.lnk
2015-04-19 13:15 - 2015-04-21 16:22 - 00000325 _____ () C:\Users\Fabian\Desktop\Köln - wer hat wann Zeit.txt
2015-04-19 12:15 - 2015-04-19 12:24 - 00000188 _____ () C:\Users\Fabian\Desktop\Hochschul- Besichtigungen.txt
2015-04-19 12:15 - 2015-04-19 12:15 - 00000061 _____ () C:\Users\Fabian\Desktop\Hochschul- Bewerbungsfristen.txt
2015-04-19 00:10 - 2015-04-27 13:05 - 00000000 ____D () C:\Users\Fabian\Desktop\meine Ernährung
2015-04-17 14:56 - 2015-04-17 14:57 - 00000000 ____D () C:\Users\Fabian\Downloads\KnAuszüge
2015-04-17 00:05 - 2015-05-04 00:53 - 00000000 ____D () C:\Users\Fabian\Desktop\Bewerbungskram
2015-04-14 12:51 - 2015-04-28 22:44 - 00000158 _____ () C:\Users\Fabian\Desktop\Girokonto-Banken (empfohlene).txt
2015-04-13 16:40 - 2015-04-14 23:00 - 00001269 _____ () C:\Users\Fabian\Desktop\Finanzieller Bedarf (mein).txt
2015-04-12 01:05 - 2015-05-05 22:43 - 00001008 _____ () C:\Windows\setupact.log
2015-04-12 01:05 - 2015-04-12 01:05 - 00000000 _____ () C:\Windows\setuperr.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-05 23:06 - 2013-06-23 16:22 - 00000000 ____D () C:\Users\Fabian\Documents\Outlook-Dateien
2015-05-05 22:43 - 2013-06-17 01:14 - 01129128 _____ () C:\Windows\WindowsUpdate.log
2015-05-05 12:10 - 2015-03-05 22:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-05-05 12:08 - 2013-09-15 11:46 - 00152744 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-05-05 12:08 - 2013-09-15 11:46 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-05-05 10:18 - 2014-08-19 15:36 - 00000000 ____D () C:\Users\Fabian\AppData\Local\Adobe
2015-04-27 10:52 - 2013-06-20 21:56 - 00000266 _____ () C:\Windows\Tasks\AutoKMS.job
2015-04-25 22:56 - 2014-03-26 23:51 - 00000000 ____D () C:\Users\Fabian\.gimp-2.8
2015-04-25 22:14 - 2014-03-26 23:56 - 00000000 ____D () C:\Users\Fabian\AppData\Local\gtk-2.0
2015-04-24 11:15 - 2015-04-04 22:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-20 12:21 - 2012-01-02 00:12 - 00000000 ____D () C:\Users\Fabian\Documents\Archiv
2015-04-15 21:24 - 2011-04-12 09:43 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2015-04-15 21:24 - 2011-04-12 09:43 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2015-04-15 21:24 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-10 13:35 - 2014-03-22 02:43 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-10 13:35 - 2013-09-15 11:46 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-04-09 13:55 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-04-09 13:42 - 2009-07-14 06:45 - 00031856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-09 13:42 - 2009-07-14 06:45 - 00031856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-09 13:35 - 2013-06-16 20:04 - 00030528 _____ () C:\Windows\GVTDrv64.sys
2015-04-09 13:35 - 2013-06-16 20:03 - 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
2015-04-09 13:34 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-06 23:03 - 2013-06-16 20:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-05 17:01 - 2015-03-17 18:57 - 00000265 _____ () C:\Users\Fabian\Desktop\Ordnungssystem - einzelne Themen.txt

==================== Files in the root of some directories =======

2015-04-25 22:44 - 2015-04-25 22:44 - 0027676 _____ () C:\Users\Fabian\AppData\Local\recently-used.xbel
2014-11-10 13:20 - 2015-03-06 00:53 - 0007597 _____ () C:\Users\Fabian\AppData\Local\Resmon.ResmonCfg

Some content of TEMP:
====================
C:\Users\Fabian\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-24 10:14

==================== End Of Log ============================
         
--- --- ---


Addition
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-05-2015
Ran by Fabian at 2015-05-05 23:11:14
Running from C:\Users\Fabian\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3330181468-2195716113-3604754730-500 - Administrator - Disabled)
Fabian (S-1-5-21-3330181468-2195716113-3604754730-1000 - Administrator - Enabled) => C:\Users\Fabian
Gast (S-1-5-21-3330181468-2195716113-3604754730-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3330181468-2195716113-3604754730-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.28 - GIGABYTE)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Flash Professional CC (HKLM-x32\...\{B56B95BF-7161-4166-8288-DB1BA9F6C9B8}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe InDesign CC (HKLM-x32\...\{BC448016-6F11-1014-B0EA-97CEE6E26CB6}) (Version: 9.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.05) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.05 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-3330181468-2195716113-3604754730-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
Alice: Madness Returns (HKLM-x32\...\Steam App 19680) (Version:  - Spicy Horse Games)
AMD Catalyst Install Manager (HKLM\...\{C8807716-1F6F-5C43-3C32-7295A45CF060}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
Anker Precision Laser Gaming Mouse version 1.2 (HKLM-x32\...\{F9A7ED2C-34E1-4A96-9A25-B022C23C3361}_is1) (Version: 1.2 - ANKER Technology)
Apple Application Support (32-Bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Autodesk 3ds Max Design 2013 64-bit (HKLM\...\Autodesk 3ds Max Design 2013 64-bit) (Version: 15.0.0.347 - Autodesk)
Autodesk 3ds Max Design 2013 64-bit (Version: 15.0.0.347 - Autodesk) Hidden
Autodesk Backburner 2013.0.0 (HKLM-x32\...\{3D347E6D-5A03-4342-B5BA-6A771885F379}) (Version: 2013.0.0 - Autodesk, Inc.)
Autodesk Civil View for 3ds Max Design 2013 (HKLM-x32\...\{FE6DCC8D-427F-405C-A779-C93B6D9F77A5}) (Version: 1.0.0.2 - Autodesk)
Autodesk DirectConnect 2013 64-bit (HKLM\...\Autodesk DirectConnect 2013 64-bit) (Version: 7.0.28.0 - Autodesk)
Autodesk DirectConnect 2013 64-bit (Version: 7.0.28.0 - Autodesk) Hidden
Autodesk Download Manager (HKLM-x32\...\{2F48C80C-3A76-495A-A4B5-C0CC946FEEBD}) (Version: 2.0.6.0 - Autodesk, Inc.)
Autodesk Essential Skills Movies for 3ds Max Design 2013 64-bit (HKLM\...\{62CBE596-1BB8-4D7B-A056-103287BAD1C4}) (Version: 1.0.0.1 - Autodesk)
Autodesk FBX Plug-in 2013.1 - 3ds Max Design 2013 64-bit (HKLM\...\Autodesk FBX Plug-in 2013.1 - 3ds Max Design 2013 64-bit) (Version:  - Autodesk)
Autodesk Inventor Server Engine for 3ds Max Design 2013 64-bit (HKLM\...\{BC66B242-DF13-1664-851B-00123612ED98}) (Version: 15.0 - Autodesk)
Autodesk Material Library 2013 (HKLM-x32\...\{117EBEEB-5DB0-43C8-9FD6-DD583DB152DD}) (Version: 3.0.13 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2013 (HKLM-x32\...\{606E12B9-641F-4644-A22A-FF38AE980AFD}) (Version: 3.0.13 - Autodesk)
Autodesk Material Library Medium Resolution Image Library 2013 (HKLM-x32\...\{58760EEC-8B6A-43F4-81AA-696E381DFADD}) (Version: 3.0.13 - Autodesk)
Autodesk Revit Interoperability for 3ds Max and 3ds Max Design 2013 64-bit (HKLM\...\{06E18300-BB64-1664-8E6A-2593FC67BB74}) (Version: 1.0.0.1 - Autodesk)
AutoGreen B12.0206.1 (HKLM-x32\...\InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}) (Version: 1.00.0000 - GIGABYTE)
AutoGreen B12.0206.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Avira (HKLM-x32\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.10.434 - Avira Operations GmbH & Co. KG)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB)
Call of Duty(R) 4 - Modern Warfare(TM) (HKLM-x32\...\InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}) (Version: 1.7 - Activision)
Call of Duty(R) 4 - Modern Warfare(TM) (x32 Version: 1.00.0000 - Activision) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch (x32 Version:  - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch (x32 Version: 1.6 - Activision) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (x32 Version:  - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (x32 Version: 1.7 - Activision) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.03 - Piriform)
Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version:  - Torn Banner Studios)
Company of Heroes (New Steam Version) (HKLM-x32\...\Steam App 228200) (Version:  - )
Composite 2013 64-bit (HKLM\...\{2F808931-D235-4FC7-90CD-F8A890C97B2F}) (Version: 8.0.0 - Autodesk)
Condemned - Criminal Origins (HKLM-x32\...\{BB47D7EA-7EF1-475C-9C14-AF5B8FCA45E2}) (Version: 1.00.0000 - Monolith Productions)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
Dead Island (HKLM-x32\...\Steam App 91310) (Version:  - Techland)
Dead Space (HKLM-x32\...\Steam App 17470) (Version:  - EA Redwood Shores)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Die Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)
Die Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.5.1 - Electronic Arts)
Die Sims™ 3 Luxus-Accessoires (HKLM-x32\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.0.38 - Electronic Arts)
Dropbox (HKU\S-1-5-21-3330181468-2195716113-3604754730-1000\...\Dropbox) (Version: 2.10.41 - Dropbox, Inc.)
Easy Tune 6 B12.1121.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
Easy Tune 6 B12.1121.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Etron USB3.0 Host Controller (x32 Version: 0.115 - Etron Technology) Hidden
F.E.A.R. (HKLM-x32\...\Steam App 21090) (Version:  - Monolith )
Full Combat Rebalance v1.6a (HKLM-x32\...\Full Combat Rebalance_is1) (Version: 1.6a - Andrzej Kwiatkowski)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Grand Theft Auto IV (HKLM-x32\...\Steam App 12210) (Version:  - Rockstar North)
HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version:  - EFD Software)
Heroes of Might & Magic V: Hammers of Fate (HKLM-x32\...\{66FF4C48-0083-4E60-8556-B883AB200091}) (Version:  - )
Heroes of Might and Magic V - Tribes of the East (HKLM-x32\...\{66FF4C48-0083-4E60-8556-B883AB200092}) (Version:  - )
Heroes of Might and Magic V (HKLM-x32\...\{20071984-5EB1-4881-8EDB-082532ACEC6D}) (Version:  - )
Heroes of Might and Magic® III Complete (HKLM-x32\...\Heroes of Might and Magic® III) (Version:  - )
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.5.235 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
L.A. Noire (HKLM-x32\...\{915726DF-7891-444A-AA03-0DF1D64F561A}) (Version: 1.00.0000 - Rockstar Games)
LBOTS Top mouse Driver (HKLM-x32\...\{F1A273BD-6A9E-41D8-A111-5E56ACD286F8}) (Version: 1.0 - Togran)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Medal of Honor(TM) Single Player (HKLM-x32\...\Steam App 47790) (Version:  - Electronic Arts)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Age of Empires Gold (HKLM-x32\...\Age of Empires Gold 1.0) (Version:  - )
Microsoft Games for Windows - LIVE (HKLM-x32\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}) (Version: 3.1.99.0 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{14297226-E0A0-3781-8911-E9D529552663}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}) (Version: 1.20.146.0 - Microsoft)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Mozilla Firefox 37.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 de)) (Version: 37.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.3.3 - Notepad++ Team)
NVIDIA PhysX (HKLM-x32\...\{54194F60-988C-4D03-B922-C2B00EFDA39A}) (Version: 9.10.0222 - NVIDIA Corporation)
Oblivion (HKLM-x32\...\{C66BF9FD-D367-4E13-8EB8-385FFEA20DB3}) (Version: 1.2.0416 - Bethesda Softworks)
ON_OFF Charge B12.1025.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
Origin (HKLM-x32\...\Origin) (Version: 9.3.1.4482 - Electronic Arts, Inc.)
PDF24 Creator 6.3.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Phase Shift (HKLM-x32\...\Phase Shift) (Version: 1.27 - DWSK)
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Resident Evil Revelations (HKLM-x32\...\Resident Evil Revelations_is1) (Version:  - Capcom)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.0.5.0 - Rockstar Games)
Skype™ 7.2 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
The Lord of the Rings: War in the North (HKLM-x32\...\Steam App 32800) (Version:  - Snowblind Studios)
The Witcher: Enhanced Edition (HKLM-x32\...\Steam App 20900) (Version:  - CD Projekt RED)
UltraStar Deluxe (HKLM-x32\...\UltraStar Deluxe) (Version: 1.1 - USDX Team)
Unity Web Player (HKU\S-1-5-21-3330181468-2195716113-3604754730-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Unofficial Oblivion Patch v3.2.0 (HKLM-x32\...\Unofficial Oblivion Patch_is1) (Version: 3.2.0 - Quarn and Kivan)
VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3330181468-2195716113-3604754730-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Fabian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3330181468-2195716113-3604754730-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Fabian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3330181468-2195716113-3604754730-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Fabian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3330181468-2195716113-3604754730-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Fabian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3330181468-2195716113-3604754730-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Fabian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3330181468-2195716113-3604754730-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Fabian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3330181468-2195716113-3604754730-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Fabian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3330181468-2195716113-3604754730-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Fabian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3330181468-2195716113-3604754730-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Fabian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

02-04-2015 01:57:16 Geplanter Prüfpunkt
10-04-2015 14:24:33 Geplanter Prüfpunkt
17-04-2015 21:39:06 Geplanter Prüfpunkt
25-04-2015 15:10:40 Geplanter Prüfpunkt
04-05-2015 16:02:44 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {5A4382D6-2F18-4954-8EAF-5417E1157BB1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-06-19] (Piriform Ltd)
Task: {64E67571-02AC-4353-B15C-2815515D4C5A} - System32\Tasks\AdobeAAMUpdater-1.0-Best-PC-Fabian => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-06-03] (Adobe Systems Incorporated)
Task: {8058DCE5-39BA-4986-8094-D38F8BD34E7E} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {91E29AE2-4868-41A1-92EC-142BAAD9952D} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {922B9A0F-6DDD-4A61-96BB-C069DB0315BB} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {9C140F20-0B57-45D2-A552-92EBC6AA63CA} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {A64BF5A6-45A6-444E-BB90-3B9E07AB0B7C} - System32\Tasks\{049BFE38-615A-4D88-8CFA-C7B272CAB85F} => pcalua.exe -a C:\Users\Fabian\Downloads\heroes_might_magic_5_3.01_eu.exe -d C:\Users\Fabian\Downloads
Task: {B2837671-E773-4E7E-B90A-F94475446176} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: {B4549D20-0A2C-476B-8048-6BE56EE61B0E} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe

==================== Loaded Modules (whitelisted) ==============

2013-08-17 00:56 - 2014-07-16 14:26 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2011-03-17 00:07 - 2011-03-17 00:07 - 04297568 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2012-06-18 17:24 - 2012-06-18 17:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
2013-06-16 19:53 - 2012-08-09 12:55 - 00078480 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2013-06-16 19:53 - 2012-08-09 12:55 - 00386192 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2013-06-23 17:40 - 2013-04-23 18:17 - 03351040 _____ () C:\Program Files (x86)\Anker Precision Laser Gaming Mouse\AnkerMonEx.exe
2013-06-16 19:26 - 2012-08-21 07:16 - 00786432 _____ () C:\Program Files (x86)\Gaming Mouse\DareUMonitor.exe
2013-06-23 17:40 - 2011-01-27 00:53 - 00028160 _____ () C:\Program Files (x86)\Anker Precision Laser Gaming Mouse\uiHook.dll
2013-06-16 19:26 - 2012-08-13 12:01 - 00057344 _____ () C:\Program Files (x86)\Gaming Mouse\lan.dll
2013-06-16 19:26 - 2012-04-19 17:15 - 00061440 _____ () C:\Program Files (x86)\Gaming Mouse\hiddriver.dll
2013-06-16 19:52 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2011-03-17 00:11 - 2011-03-17 00:11 - 04297568 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2011-03-17 00:11 - 2011-03-17 00:11 - 04297568 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2012-09-23 20:43 - 2012-09-23 20:43 - 00313992 _____ () C:\Program Files (x86)\Adobe\Reader 11.0\Reader\sqlite.dll
2013-05-11 12:37 - 2013-05-11 12:37 - 14588632 _____ () C:\Program Files (x86)\Adobe\Reader 11.0\Reader\NPSWF32.dll
2015-03-18 14:24 - 2015-03-18 14:24 - 16858288 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3330181468-2195716113-3604754730-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 80.69.103.78 - 80.69.102.158

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: mi-raysat_3dsmax2013_64 => 2
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: ADSK DLMSession => C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\Fabian\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: PDFPrint => C:\Program Files (x86)\PDF24\pdf24.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: XboxStat => "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun

==================== FirewallRules (whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{864ACA22-EE9C-49FE-BB26-D250F4796CDD}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{D3A9EE55-732E-4C2A-B9DB-502D69ED422C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{46545CC7-151B-4738-B3D2-13EE7F1AF838}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE
FirewallRules: [{1D91B37C-C1CB-4EC7-94A5-0C43B360791D}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE
FirewallRules: [{4161889A-4095-4E3A-B9AF-783AD147EB2A}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTE.EXE
FirewallRules: [{E6062835-D9BE-4A0A-95FE-474E29015531}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTE.EXE
FirewallRules: [{5861EB9E-D438-485F-8135-88C3459A3736}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office14\outlook.exe
FirewallRules: [{9D1108E7-8D92-49C5-B41D-7DD3D20C27DB}] => (Allow) C:\Program Files (x86)\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe
FirewallRules: [{7FE5A562-333A-4AEA-9B9D-3DFE4575CA9E}] => (Allow) C:\Program Files (x86)\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe
FirewallRules: [{0DF07BD5-3C02-4F87-B161-46AB93D0AEFE}] => (Allow) C:\Program Files\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64server.exe
FirewallRules: [{55E440C3-DE30-41BA-9792-96578487EDBE}] => (Allow) C:\Program Files\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64server.exe
FirewallRules: [{45810D03-24A9-4BA0-A506-CCFDC3CE94C1}] => (Allow) C:\Program Files\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64.exe
FirewallRules: [{C5D767EE-2481-4C7E-9726-57782A926AB3}] => (Allow) C:\Program Files\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64.exe
FirewallRules: [{81F5F312-510F-46CE-B8E1-1407F9288A46}] => (Allow) C:\Program Files\Autodesk\3ds Max Design 2013\3dsmax.exe
FirewallRules: [{F317A43B-4DEE-4C3C-96C1-6DC8E7F50FCA}] => (Allow) C:\Program Files\Autodesk\3ds Max Design 2013\3dsmax.exe
FirewallRules: [{C4834614-E9E6-42B4-B927-9632DA9606C3}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\monitor.exe
FirewallRules: [{D7C8B317-673C-4B45-8AF3-989B99B4182F}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\monitor.exe
FirewallRules: [{3DF861BD-DAFB-4F7B-9367-4BC74AD2F483}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\manager.exe
FirewallRules: [{9FEE4A67-17D8-45CA-A3F0-A7674B7FC5D7}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\manager.exe
FirewallRules: [{FF92C1DC-177F-4753-9953-28EDFD59407D}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\server.exe
FirewallRules: [{A15F6C70-0E68-49AE-BD8D-64E3CA178F5E}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\server.exe
FirewallRules: [TCP Query User{37B8CDDF-67CE-476A-9DDA-E53A2A150779}C:\users\fabian\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\fabian\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{D459B808-F8EB-4590-AE24-D7857E9FEAA0}C:\users\fabian\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\fabian\appdata\local\akamai\netsession_win.exe
FirewallRules: [{00102A56-EA56-43CE-8679-632EBBBAB5CC}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{CE9FD126-0840-4880-AD07-2F42ACFC1619}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Grand Theft Auto IV\GTAIV\LaunchGTAIV.exe
FirewallRules: [{A624DEEB-1A03-415F-85D9-F402426B47FD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Grand Theft Auto IV\GTAIV\LaunchGTAIV.exe
FirewallRules: [{42B66CE7-D8C4-43A5-8935-759FB556CC06}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{64250D66-A7B0-4C9B-9671-02E0AE3BC31B}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{3B035F44-859C-4039-9DB5-22980993543D}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{72EF14F4-192E-4B1E-AA03-A941305B1D53}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{1667AB4F-DDBF-473F-8B5F-EB7B62B247FB}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [{E1B4AFB0-5A6C-429F-B505-DB29C4389DD4}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [{94C852DE-3DDC-4E0C-80DE-26E81FA9A55E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\Binaries\Win32\UDK.exe
FirewallRules: [{6343F80E-3A1B-404B-873A-CACB13D91A73}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\Binaries\Win32\UDK.exe
FirewallRules: [{A6188730-8B63-41D8-A0F9-38B856026C01}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Witcher Enhanced Edition\System\witcher.exe
FirewallRules: [{1FC4ADFE-AABB-421F-9269-A2E10DA4D5B3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Witcher Enhanced Edition\System\witcher.exe
FirewallRules: [{4C5F0B1D-F62D-4657-B0AF-63EB1C5CD8B4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Witcher Enhanced Edition\System\djinni!.exe
FirewallRules: [{3FAD88A0-886F-45DB-99A4-D729FA8B9BD5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Witcher Enhanced Edition\System\djinni!.exe
FirewallRules: [{29214F6F-6590-49D2-863C-AE568592CB69}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Company of Heroes Relaunch\RelicCOH.exe
FirewallRules: [{3B3099CF-ACA7-4544-A5EB-98677F25754C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Company of Heroes Relaunch\RelicCOH.exe
FirewallRules: [TCP Query User{5FCE0096-0A24-407A-A3EA-67C645E99D82}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe] => (Block) C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe
FirewallRules: [UDP Query User{70E4227A-61DE-478C-9B49-A2B1C8202038}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe] => (Block) C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe
FirewallRules: [{5646F340-F944-411F-8144-43404CC0B293}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{E8668FCC-2CCB-4851-B5EF-6BB6FC379336}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{4D07257B-B562-48AF-971C-F0DCE5DDDCAE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\War in the North\witn.exe
FirewallRules: [{751A23F9-8490-486E-AAC1-0B17F1B5F9A9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\War in the North\witn.exe
FirewallRules: [{3B758A7C-3541-4E81-8460-759745F1E389}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dead Island\DeadIslandGame.exe
FirewallRules: [{2F09EFA2-4B8B-4312-860D-100B6ED8F695}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dead Island\DeadIslandGame.exe
FirewallRules: [{FB27FC8C-9FF2-4827-8270-0050D5D88D78}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dead Space\Dead Space.exe
FirewallRules: [{AA5C7A8E-5421-4CF2-94D6-99AD3F2AA298}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dead Space\Dead Space.exe
FirewallRules: [{E2C5609F-FDE0-424F-A26A-9CB5A9985D6C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dead Space\Support\EA Help\Electronic_Arts_Technical_Support.htm
FirewallRules: [{9D07D451-5E78-418A-8125-9F79543FD0A1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dead Space\Support\EA Help\Electronic_Arts_Technical_Support.htm
FirewallRules: [{93120DDC-B26F-490F-9D26-8502DC3110B0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Medal of Honor\Binaries\moh.exe
FirewallRules: [{BA948AA6-DE3D-441C-A348-F9B20CB996B3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Medal of Honor\Binaries\moh.exe
FirewallRules: [{5772FB33-8226-4B46-AD75-154E739BAA2E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Medal of Honor\Support\EA Help\Electronic_Arts_Technical_Support.htm
FirewallRules: [{2F265FC1-5CEC-44A4-9FEA-7A52EB7848AA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Medal of Honor\Support\EA Help\Electronic_Arts_Technical_Support.htm
FirewallRules: [{C1E5621C-DE4E-4983-9F91-5DEAB100433C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{95AE107D-77E8-4614-B8A3-12DE9A6DEC6B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{7C1184EB-D170-46AB-B2AA-E67BDE995733}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{536E6355-BC7B-447B-B69C-A4C99B429E7F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{9C7C51E1-1FC8-4AE9-AD22-24707702DADF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{3A0B8C94-450C-4A31-AD14-745236C89765}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{95C8AE8F-1BD7-498B-AF46-7277C9AC4FB2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{6AB58FE4-A523-44F8-A51F-16E9286A0540}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{A96EC40F-E65D-44EF-BB2F-9A86DB89931B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Company of Heroes Relaunch\RelicCOH.exe
FirewallRules: [{E5889A93-9CBD-4772-AE21-C6898F8CB908}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Company of Heroes Relaunch\RelicCOH.exe
FirewallRules: [{BD1AB9F5-3B8C-4A70-9C20-706AEFC97482}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{6459E587-4BE7-4135-99FF-399F65314580}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{460F9DC6-FD09-43CF-A59F-A29E5FF83569}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{E1A25053-920E-428E-8C85-BB7BAB7201F6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{17C502EF-9D71-4FB8-9D5B-595096A824C6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{883CF1BF-B927-4B39-92F5-EA04931F22E6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{162B8170-E3B3-4A26-A4D2-08DCF3A8A7E3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{1618D4C0-F51A-4C91-80BD-D21012E6E26B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{7793A43E-FA94-4ECA-8D24-DB98286F313D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{48621708-C3B0-4F4E-BA89-3A42AF762220}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{BE790AA6-AEF2-4173-A5C2-F6A1A9D4C531}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FEAR Ultimate Shooter Edition\FEAR.exe
FirewallRules: [{DBF1C6F1-91EA-4E7F-8A40-1FC4D5310256}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FEAR Ultimate Shooter Edition\FEAR.exe
FirewallRules: [TCP Query User{E3104A4B-30DC-49B7-A0CB-A42C0E935EF7}C:\users\fabian\documents\archiv\games\isos und so\age of empires\age of empires i\aoe\aoe\empiresx.exe] => (Block) C:\users\fabian\documents\archiv\games\isos und so\age of empires\age of empires i\aoe\aoe\empiresx.exe
FirewallRules: [UDP Query User{89384479-BA77-4B57-9686-7B017B60CBD2}C:\users\fabian\documents\archiv\games\isos und so\age of empires\age of empires i\aoe\aoe\empiresx.exe] => (Block) C:\users\fabian\documents\archiv\games\isos und so\age of empires\age of empires i\aoe\aoe\empiresx.exe
FirewallRules: [TCP Query User{210D40D7-CDFF-4B08-A363-4848952CAEFB}C:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\binaries\win64\cmw.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\binaries\win64\cmw.exe
FirewallRules: [UDP Query User{F1C04055-4649-4A3B-8D0D-5E72AA64C442}C:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\binaries\win64\cmw.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\binaries\win64\cmw.exe
FirewallRules: [TCP Query User{217BD9B8-86A8-4B9B-9442-CF44F5D12CE4}C:\program files (x86)\microsoft games\age of empires\empiresx.exe] => (Allow) C:\program files (x86)\microsoft games\age of empires\empiresx.exe
FirewallRules: [UDP Query User{0E30F193-1B64-40CE-ACC6-F55A1F2BF78C}C:\program files (x86)\microsoft games\age of empires\empiresx.exe] => (Allow) C:\program files (x86)\microsoft games\age of empires\empiresx.exe
FirewallRules: [TCP Query User{1D20EF5D-F50A-4450-B650-7FD70C500D6E}C:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\binaries\win64\udk.exe] => (Block) C:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\binaries\win64\udk.exe
FirewallRules: [UDP Query User{8438EC7D-5363-44CB-B8C7-73D2B02E72E2}C:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\binaries\win64\udk.exe] => (Block) C:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\binaries\win64\udk.exe
FirewallRules: [{7E790438-AE00-4C09-8DCC-155978FAD6E1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{D5A09752-3253-44C4-A097-73420FCD23D1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{0BEA47CE-7604-47B4-A459-98F770E2A348}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{53333A9D-35C2-424D-BEC7-E2E0F108E2C2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{CAF9F774-72EE-401F-9AFF-794427B6E502}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{3E715680-3B76-4374-B079-9F692B532B28}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{385CE9F2-A94F-45BA-BEDC-268A7B26FCEF}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{C82E18D0-AE59-4160-B49C-73CBB9A19938}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{CEC181C4-5035-42C8-8DED-033355D0F86B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe
FirewallRules: [{D9A1076D-1B71-4523-A3C2-FA13A2C16632}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe
FirewallRules: [{FA24521C-B48A-46EE-ACF0-1D1B9F54987F}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{37464ED6-781A-4CB1-BEA5-9AC19D322D5B}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{A697D406-3BF8-41FB-A183-91CFB2B60AA9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
FirewallRules: [{66E799FD-F6F0-4D54-9715-14D68140C581}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
FirewallRules: [{25369D60-E85C-46AF-8939-8CCD1E74BD7F}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{B6B94D69-5558-4C08-81CF-27B7EC1E145C}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [TCP Query User{46DFEB27-752C-4AB3-9D1A-FB9033F87A63}C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe] => (Block) C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [UDP Query User{3DCC8566-1197-4688-B7BE-12BF4FDAF1FF}C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe] => (Block) C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [{1CBB4D91-7415-4FF7-99E7-597567BB7314}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe
FirewallRules: [{E84690FC-5418-4032-9077-08D2EA9851D2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe
FirewallRules: [{733ED84A-C12A-49E0-949B-8FD35A1F4BA9}] => (Allow) C:\Users\Fabian\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{B12D8E7D-5E78-4929-8527-646159B6C9A1}] => (Allow) C:\Users\Fabian\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{1F1C49D2-D226-4D1D-BC52-6AFB4CAE47FE}C:\programdata\battle.net\agent\agent.3507\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.3507\agent.exe
FirewallRules: [UDP Query User{27565289-5A5E-404F-9F37-296BACD917E2}C:\programdata\battle.net\agent\agent.3507\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.3507\agent.exe
FirewallRules: [{3D2CA41E-C805-43FE-B674-288A773DDE15}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
FirewallRules: [{5A90F5D4-2878-4A74-88D3-D9BEAFC0D1BD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
FirewallRules: [TCP Query User{D4CD6783-DFC5-48F4-AAE6-A8FA7236FBC5}C:\program files (x86)\origin games\battlefield 3\bf3.exe] => (Allow) C:\program files (x86)\origin games\battlefield 3\bf3.exe
FirewallRules: [UDP Query User{37B15BA8-3E93-4F23-9CFB-238565500BD7}C:\program files (x86)\origin games\battlefield 3\bf3.exe] => (Allow) C:\program files (x86)\origin games\battlefield 3\bf3.exe
FirewallRules: [{B31E1E9B-5F08-4B72-B75C-4C5EB153528F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Alice Madness Returns\Binaries\Win32\AliceMadnessReturns.exe
FirewallRules: [{AC36CEF6-D073-4438-9CB8-B9A6090893C3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Alice Madness Returns\Binaries\Win32\AliceMadnessReturns.exe
FirewallRules: [{2D1B507A-21B5-4AB4-A46A-350A2FAE0C0B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{C2C80CD0-181A-48B8-B035-8DA9CC2F11AF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{E8AF6762-1A52-4D3C-94D9-070788C0A857}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{B2A13123-FE12-4E9B-BF8F-5D1B3A27A387}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [TCP Query User{93193D7A-399A-47F5-82EA-15CBEF96AE01}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{F95F9E13-9D57-44A7-9390-FBB5DEA41CEC}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [{486AFD25-1C43-45D5-8D3E-C94D5D7C1460}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{1354BDEC-605B-41E8-A20D-BCFC83D68BFF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{6B5EC50F-159F-4A59-BEEC-63DE3146147F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{A8CE64DA-EBE6-4347-B563-7BF9688BF85E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{A413A964-77F7-40EF-9DA5-D2ED02F50E9F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8C886878-D214-43E1-978D-D2792542D243}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1945A323-B66B-48FA-A963-CE02F14151B8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{BFC6B811-CB3C-4983-9DDA-06F3C6B4FBEC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{09225990-3598-4F1F-9868-E964A1A6306D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
FirewallRules: [{54705617-DC8E-49E3-BE8F-2CDA052C1D38}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
FirewallRules: [TCP Query User{2B256E2F-1D6B-476B-9627-DDA27EBE2A50}C:\programdata\battle.net\agent\agent.3689\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.3689\agent.exe
FirewallRules: [UDP Query User{25D831AC-7D4F-4003-A569-B75433825B7B}C:\programdata\battle.net\agent\agent.3689\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.3689\agent.exe
FirewallRules: [{607B7CF2-8981-4C8B-816C-92B3749CDD05}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [{539ACC55-40D5-476B-93F6-C0D16B7D7C6A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [TCP Query User{04BA04EA-92A7-47CB-AEE9-D9CB1CB8FFFD}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{1842E901-AC06-47D6-AB83-788245A9CE2C}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{205C3CF1-8963-49A4-A584-D89B092AC7F8}] => (Allow) C:\Program Files\iTunes\iTunes.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/27/2015 00:39:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.17631, Zeitstempel: 0x54b31a70
Name des fehlerhaften Moduls: atidxx32.dll, Version: 8.17.10.489, Zeitstempel: 0x5154f613
Ausnahmecode: 0xc0000005
Fehleroffset: 0x003cd5a8
ID des fehlerhaften Prozesses: 0xcc4
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3

Error: (04/25/2015 01:45:58 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/14/2015 00:52:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: GUI.exe, Version: 1.0.0.1, Zeitstempel: 0x4f0fc8d2
Name des fehlerhaften Moduls: HM.dll, Version: 1.0.0.1, Zeitstempel: 0x5058eb74
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000087a3
ID des fehlerhaften Prozesses: 0xc38
Startzeit der fehlerhaften Anwendung: 0xGUI.exe0
Pfad der fehlerhaften Anwendung: GUI.exe1
Pfad des fehlerhaften Moduls: GUI.exe2
Berichtskennung: GUI.exe3

Error: (04/10/2015 02:18:30 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/09/2015 01:36:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/09/2015 01:34:59 PM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Fehler beim Verarbeiten von Sitzungsänderung. System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
   bei Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
   bei System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId)

Error: (04/08/2015 04:39:25 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/07/2015 11:46:34 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/07/2015 11:44:58 AM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Fehler beim Verarbeiten von Sitzungsänderung. System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
   bei Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
   bei System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId)

Error: (04/06/2015 11:04:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (05/02/2015 11:34:21 AM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung empfangen: 20.

Error: (04/17/2015 03:12:10 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR4 gefunden.

Error: (04/17/2015 03:12:10 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR4 gefunden.

Error: (04/17/2015 03:12:09 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR4 gefunden.

Error: (04/17/2015 03:12:09 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR4 gefunden.

Error: (04/17/2015 03:12:08 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR4 gefunden.

Error: (04/16/2015 11:31:47 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR3 gefunden.

Error: (04/16/2015 11:31:47 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR3 gefunden.

Error: (04/16/2015 11:31:46 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR3 gefunden.

Error: (04/16/2015 11:31:46 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR3 gefunden.


Microsoft Office Sessions:
=========================
Error: (04/27/2015 00:39:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.1763154b31a70atidxx32.dll8.17.10.4895154f613c0000005003cd5a8cc401d080d447842045C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\system32\atidxx32.dllb392600e-ecc9-11e4-be30-94de8027cf5c

Error: (04/25/2015 01:45:58 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\Autodesk\Composite 2013\python\lib\distutils\command\wininst-8_d.exe

Error: (04/14/2015 00:52:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: GUI.exe1.0.0.14f0fc8d2HM.dll1.0.0.15058eb74c0000005000087a3c3801d072b94921421aC:\Program Files (x86)\GIGABYTE\ET6\GUI.exeC:\Program Files (x86)\GIGABYTE\ET6\HM.dll59d4bd3e-e294-11e4-be30-94de8027cf5c

Error: (04/10/2015 02:18:30 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\Autodesk\Composite 2013\python\lib\distutils\command\wininst-8_d.exe

Error: (04/09/2015 01:36:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/09/2015 01:34:59 PM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Fehler beim Verarbeiten von Sitzungsänderung. System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
   bei Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
   bei System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId)

Error: (04/08/2015 04:39:25 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\Autodesk\Composite 2013\python\lib\distutils\command\wininst-8_d.exe

Error: (04/07/2015 11:46:34 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/07/2015 11:44:58 AM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Fehler beim Verarbeiten von Sitzungsänderung. System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
   bei Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
   bei System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId)

Error: (04/06/2015 11:04:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2014-08-16 13:54:53.677
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\AUDIOKSE.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Xeon(R) CPU E3-1230 V2 @ 3.30GHz
Percentage of memory in use: 38%
Total physical RAM: 8150.19 MB
Available physical RAM: 4981.11 MB
Total Pagefile: 16298.57 MB
Available Pagefile: 8611.98 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:891.51 GB) (Free:495.65 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 6DBF8A36)
Partition 1: (Active) - (Size=39.9 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=891.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
__________________

Alt 06.05.2015, 09:02   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Unerwünschte automatische Aktivität durch Aufruf einer Webseite - Standard

Unerwünschte automatische Aktivität durch Aufruf einer Webseite



So sehe ich mal nix, graben wir mal tiefer:

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 06.05.2015, 12:33   #5
ThomasLanger
 
Unerwünschte automatische Aktivität durch Aufruf einer Webseite - Standard

kein Fund mit mbar.exe



Habe mbar drüberlaufen lassen, es wurde nichts gefunden und dementsprechend gab es keinen 'CleanUp'-Button, nur 'Prev' und 'Exit'.

Nun:
Den PC neustarten? TDSSKILLER starten?


Anmerkung:
Der PC wurde noch immer nicht heruntergefahren, befand sich stattdessen im StanBy-Modus (da ich nicht weiß ob er nach dem Herunterfahren mit möglichem Infekt vielleicht Probleme beim nächsten Start macht).
Der Rechner hinkt immer noch hinterher.


Danke schonmal für die bisherige Hilfe :-)

Falls das mbar-Log dennoch von Bedeutung ist:
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2015.05.06.02
  rootkit: v2015.04.21.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17633
Fabian :: BEST-PC [administrator]

06.05.2015 13:12:34
mbar-log-2015-05-06 (13-12-34).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 379625
Time elapsed: 8 minute(s), 12 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         


Geändert von ThomasLanger (06.05.2015 um 12:38 Uhr)

Alt 06.05.2015, 14:38   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Unerwünschte automatische Aktivität durch Aufruf einer Webseite - Standard

Unerwünschte automatische Aktivität durch Aufruf einer Webseite



Dann jetzt einfach TDSSKiller
__________________
--> Unerwünschte automatische Aktivität durch Aufruf einer Webseite

Alt 06.05.2015, 15:08   #7
ThomasLanger
 
Unerwünschte automatische Aktivität durch Aufruf einer Webseite - Standard

TDSSkiller-Scan



So, alles gemacht, wie vorgeschrieben.

TDSSKiller:
Code:
ATTFilter
15:57:31.0537 0x0558  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
15:57:55.0646 0x0558  ============================================================
15:57:55.0646 0x0558  Current date / time: 2015/05/06 15:57:55.0646
15:57:55.0646 0x0558  SystemInfo:
15:57:55.0646 0x0558  
15:57:55.0646 0x0558  OS Version: 6.1.7601 ServicePack: 1.0
15:57:55.0646 0x0558  Product type: Workstation
15:57:55.0646 0x0558  ComputerName: BEST-PC
15:57:55.0647 0x0558  UserName: Fabian
15:57:55.0647 0x0558  Windows directory: C:\Windows
15:57:55.0647 0x0558  System windows directory: C:\Windows
15:57:55.0647 0x0558  Running under WOW64
15:57:55.0647 0x0558  Processor architecture: Intel x64
15:57:55.0647 0x0558  Number of processors: 8
15:57:55.0647 0x0558  Page size: 0x1000
15:57:55.0647 0x0558  Boot type: Normal boot
15:57:55.0647 0x0558  ============================================================
15:57:57.0790 0x0558  KLMD registered as C:\Windows\system32\drivers\05207237.sys
15:57:57.0990 0x0558  System UUID: {B6927025-5AD8-B428-265D-28F961F40CB1}
15:57:58.0317 0x0558  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:57:58.0322 0x0558  ============================================================
15:57:58.0322 0x0558  \Device\Harddisk0\DR0:
15:57:58.0323 0x0558  MBR partitions:
15:57:58.0323 0x0558  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x4FCD800
15:57:58.0323 0x0558  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x5000000, BlocksNum 0x6F706000
15:57:58.0323 0x0558  ============================================================
15:57:58.0356 0x0558  C: <-> \Device\Harddisk0\DR0\Partition2
15:57:58.0357 0x0558  ============================================================
15:57:58.0357 0x0558  Initialize success
15:57:58.0357 0x0558  ============================================================
15:58:43.0006 0x17d4  ============================================================
15:58:43.0006 0x17d4  Scan started
15:58:43.0006 0x17d4  Mode: Manual; SigCheck; TDLFS; 
15:58:43.0006 0x17d4  ============================================================
15:58:43.0006 0x17d4  KSN ping started
15:58:45.0931 0x17d4  KSN ping finished: true
15:58:46.0878 0x17d4  ================ Scan system memory ========================
15:58:46.0878 0x17d4  System memory - ok
15:58:46.0879 0x17d4  ================ Scan services =============================
15:58:46.0980 0x17d4  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
15:58:47.0059 0x17d4  1394ohci - ok
15:58:47.0082 0x17d4  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
15:58:47.0094 0x17d4  ACPI - ok
15:58:47.0102 0x17d4  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
15:58:47.0165 0x17d4  AcpiPmi - ok
15:58:47.0248 0x17d4  [ ADDA5E1951B90D3D23C56D3CF0622ADC, E85E7BFD29F00ED34BF5BE8BD4DA93CBB14278E16809BB55406875F0DA88551E ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:58:47.0261 0x17d4  AdobeARMservice - ok
15:58:47.0278 0x17d4  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
15:58:47.0300 0x17d4  adp94xx - ok
15:58:47.0325 0x17d4  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
15:58:47.0336 0x17d4  adpahci - ok
15:58:47.0347 0x17d4  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
15:58:47.0356 0x17d4  adpu320 - ok
15:58:47.0381 0x17d4  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
15:58:47.0482 0x17d4  AeLookupSvc - ok
15:58:47.0577 0x17d4  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
15:58:47.0639 0x17d4  AFD - ok
15:58:47.0659 0x17d4  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
15:58:47.0673 0x17d4  agp440 - ok
15:58:47.0689 0x17d4  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
15:58:47.0736 0x17d4  ALG - ok
15:58:47.0772 0x17d4  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
15:58:47.0780 0x17d4  aliide - ok
15:58:47.0803 0x17d4  [ 310F86335B0505DDC6D2DD48E66EF06B, 936273CA046B3AE0944E6C1557CECB2A0C61D034977BBB9FACBE062617CF3A2C ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
15:58:47.0870 0x17d4  AMD External Events Utility - ok
15:58:47.0898 0x17d4  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
15:58:47.0904 0x17d4  amdide - ok
15:58:47.0916 0x17d4  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
15:58:47.0960 0x17d4  AmdK8 - ok
15:58:48.0209 0x17d4  [ 79CC9BE187E3144E1B58A54B842475E7, 89DD3177B5CE649AC0093603CE13FBFD93AC24F8E16C52672549110141106F4A ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
15:58:48.0517 0x17d4  amdkmdag - ok
15:58:48.0553 0x17d4  [ 07561D3B7FD99F6E186C49C2D0628E38, D2D72EB45EAD29A3099C040E99A4F1F4902D3BDC0466800C63ECD33343DC1224 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
15:58:48.0594 0x17d4  amdkmdap - ok
15:58:48.0616 0x17d4  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
15:58:48.0644 0x17d4  AmdPPM - ok
15:58:48.0673 0x17d4  [ 6EC6D772EAE38DC17C14AED9B178D24B, B4FB936B31B1265B8CC6B426C64965C34D0CCF1638E645ACD65E88F4AFFC57A6 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
15:58:48.0685 0x17d4  amdsata - ok
15:58:48.0712 0x17d4  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
15:58:48.0721 0x17d4  amdsbs - ok
15:58:48.0734 0x17d4  [ 1142A21DB581A84EA5597B03A26EBAA0, F94EB140D0CD068760D7EB081FF75154C75DAC75E5E24B6DE4E4F9CE65A70343 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
15:58:48.0740 0x17d4  amdxata - ok
15:58:48.0830 0x17d4  [ D908096B873B940BB438CE63BA35BD1E, F1C79C907E6CDBC2770C16AFFAE0D6F9B9B7DA21F5074D602AC5FE1597975748 ] AntiVirMailService C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
15:58:48.0872 0x17d4  AntiVirMailService - ok
15:58:48.0920 0x17d4  [ EC705D6ED3A7F3D9AE42F6239707D9FE, B50F6BB0FC308E7403B1807DF2AAF87BEDE0B044128C580970A26801CCABC43F ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
15:58:48.0930 0x17d4  AntiVirSchedulerService - ok
15:58:48.0978 0x17d4  [ EC705D6ED3A7F3D9AE42F6239707D9FE, B50F6BB0FC308E7403B1807DF2AAF87BEDE0B044128C580970A26801CCABC43F ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
15:58:48.0989 0x17d4  AntiVirService - ok
15:58:49.0043 0x17d4  [ 0F3D12E5FAE0082DB3F306095CA6B027, 726D054357031F45B43C87D798E84FA93439ECA6C691EB8C76FE524B50C25B32 ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
15:58:49.0064 0x17d4  AntiVirWebService - ok
15:58:49.0096 0x17d4  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
15:58:49.0192 0x17d4  AppID - ok
15:58:49.0209 0x17d4  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
15:58:49.0243 0x17d4  AppIDSvc - ok
15:58:49.0267 0x17d4  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
15:58:49.0311 0x17d4  Appinfo - ok
15:58:49.0391 0x17d4  [ 612CB66D93ED0F2F21BB109840C7D813, 75484123DA27B8942B13148FCF061C75A08A50386A095143736B593E9C772173 ] Apple Mobile Device Service C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:58:49.0402 0x17d4  Apple Mobile Device Service - ok
15:58:49.0437 0x17d4  [ CC19A6452BA688EA32D14D8DBEC190F4, 6D52B63926E1766DB8BD00CC5CC0AD9EA3B68FC1E6C66FAF4E899606437468A3 ] AppleCharger    C:\Windows\system32\DRIVERS\AppleCharger.sys
15:58:49.0476 0x17d4  AppleCharger - ok
15:58:49.0492 0x17d4  [ 95EF7247C50C7241FDAE39A9B3AFF4AE, 6E08FB095C04B2E217B139D6431336C0F24C128A2A83082A3085DC8C44AA247D ] AppleChargerSrv C:\Windows\system32\AppleChargerSrv.exe
15:58:49.0503 0x17d4  AppleChargerSrv - ok
15:58:49.0522 0x17d4  [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt         C:\Windows\System32\appmgmts.dll
15:58:49.0569 0x17d4  AppMgmt - ok
15:58:49.0585 0x17d4  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
15:58:49.0598 0x17d4  arc - ok
15:58:49.0607 0x17d4  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
15:58:49.0619 0x17d4  arcsas - ok
15:58:49.0708 0x17d4  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:58:49.0725 0x17d4  aspnet_state - ok
15:58:49.0738 0x17d4  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
15:58:49.0789 0x17d4  AsyncMac - ok
15:58:49.0815 0x17d4  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
15:58:49.0827 0x17d4  atapi - ok
15:58:49.0861 0x17d4  [ ED3A041014FBBFDC23D6C04F9C7A5D79, A039D8F4C0EA2101898A253E13DFED5FA8500C412ACC47835415E27C9BD068FF ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
15:58:49.0884 0x17d4  AtiHDAudioService - ok
15:58:49.0927 0x17d4  [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:58:49.0954 0x17d4  AudioEndpointBuilder - ok
15:58:49.0966 0x17d4  [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioSrv        C:\Windows\System32\Audiosrv.dll
15:58:49.0984 0x17d4  AudioSrv - ok
15:58:50.0053 0x17d4  [ 43B6D229C7DBA9F0FC0FC0C318DB5350, F5A525DBD71FC4A323E92839C6D27F323FB304B7E9FFA35E89E9B419570AA4C8 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
15:58:50.0068 0x17d4  avgntflt - ok
15:58:50.0099 0x17d4  [ 626D1BAD7A1975A8FEE8876A8AD0EEA7, 59772746A2DF3B7E8D021756B8A64569AC8468CA1C802EB594494224354F1E60 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
15:58:50.0113 0x17d4  avipbb - ok
15:58:50.0210 0x17d4  [ 0D32033DCB359FD98B4C3513EF849FE6, 5870D67526BC29D888DAF8DBAB04B1E97ED5C7C51484ED400A5E65D0EB61576A ] Avira.OE.ServiceHost C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
15:58:50.0225 0x17d4  Avira.OE.ServiceHost - ok
15:58:50.0243 0x17d4  [ 390184FAD8FCC1B6DA25AEBAE928C3B6, 537B0E0FAE080B55D70E990BBA0F7F22903CA340F6A42039BAD617A8ECF59119 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
15:58:50.0255 0x17d4  avkmgr - ok
15:58:50.0313 0x17d4  [ 13253E5E3B6BDF945B63B336A8C9489B, 671C716E43F89D4BDDAA2BE045CDEBBB569C85BC2BA334E1F550187B79A7740D ] avnetflt        C:\Windows\system32\DRIVERS\avnetflt.sys
15:58:50.0325 0x17d4  avnetflt - ok
15:58:50.0352 0x17d4  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
15:58:50.0420 0x17d4  AxInstSV - ok
15:58:50.0456 0x17d4  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
15:58:50.0513 0x17d4  b06bdrv - ok
15:58:50.0533 0x17d4  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
15:58:50.0572 0x17d4  b57nd60a - ok
15:58:50.0578 0x17d4  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
15:58:50.0610 0x17d4  BDESVC - ok
15:58:50.0645 0x17d4  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
15:58:50.0694 0x17d4  Beep - ok
15:58:50.0721 0x17d4  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
15:58:50.0781 0x17d4  BFE - ok
15:58:50.0835 0x17d4  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
15:58:50.0891 0x17d4  BITS - ok
15:58:50.0911 0x17d4  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
15:58:50.0920 0x17d4  blbdrive - ok
15:58:50.0946 0x17d4  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
15:58:50.0984 0x17d4  bowser - ok
15:58:50.0990 0x17d4  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
15:58:50.0999 0x17d4  BrFiltLo - ok
15:58:51.0003 0x17d4  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
15:58:51.0030 0x17d4  BrFiltUp - ok
15:58:51.0061 0x17d4  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
15:58:51.0076 0x17d4  Browser - ok
15:58:51.0096 0x17d4  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
15:58:51.0143 0x17d4  Brserid - ok
15:58:51.0155 0x17d4  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
15:58:51.0193 0x17d4  BrSerWdm - ok
15:58:51.0214 0x17d4  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
15:58:51.0240 0x17d4  BrUsbMdm - ok
15:58:51.0256 0x17d4  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
15:58:51.0263 0x17d4  BrUsbSer - ok
15:58:51.0281 0x17d4  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
15:58:51.0291 0x17d4  BTHMODEM - ok
15:58:51.0305 0x17d4  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
15:58:51.0326 0x17d4  bthserv - ok
15:58:51.0340 0x17d4  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
15:58:51.0376 0x17d4  cdfs - ok
15:58:51.0413 0x17d4  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
15:58:51.0433 0x17d4  cdrom - ok
15:58:51.0458 0x17d4  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
15:58:51.0479 0x17d4  CertPropSvc - ok
15:58:51.0487 0x17d4  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
15:58:51.0497 0x17d4  circlass - ok
15:58:51.0514 0x17d4  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
15:58:51.0545 0x17d4  CLFS - ok
15:58:51.0600 0x17d4  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:58:51.0615 0x17d4  clr_optimization_v2.0.50727_32 - ok
15:58:51.0643 0x17d4  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:58:51.0657 0x17d4  clr_optimization_v2.0.50727_64 - ok
15:58:51.0720 0x17d4  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:58:51.0747 0x17d4  clr_optimization_v4.0.30319_32 - ok
15:58:51.0763 0x17d4  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:58:51.0775 0x17d4  clr_optimization_v4.0.30319_64 - ok
15:58:51.0786 0x17d4  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
15:58:51.0814 0x17d4  CmBatt - ok
15:58:51.0834 0x17d4  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
15:58:51.0842 0x17d4  cmdide - ok
15:58:51.0891 0x17d4  [ E45CDE1C8340DFEDF1D6724263F39E5B, 8B8091D0A8FF08170F34DA01A4201DAE7C3D026226BC77B5C2EC67657C670168 ] CNG             C:\Windows\system32\Drivers\cng.sys
15:58:51.0927 0x17d4  CNG - ok
15:58:51.0937 0x17d4  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
15:58:51.0943 0x17d4  Compbatt - ok
15:58:51.0957 0x17d4  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
15:58:51.0989 0x17d4  CompositeBus - ok
15:58:51.0991 0x17d4  COMSysApp - ok
15:58:52.0013 0x17d4  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
15:58:52.0027 0x17d4  crcdisk - ok
15:58:52.0065 0x17d4  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\Windows\system32\cryptsvc.dll
15:58:52.0083 0x17d4  CryptSvc - ok
15:58:52.0103 0x17d4  [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC             C:\Windows\system32\drivers\csc.sys
15:58:52.0160 0x17d4  CSC - ok
15:58:52.0194 0x17d4  [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService      C:\Windows\System32\cscsvc.dll
15:58:52.0223 0x17d4  CscService - ok
15:58:52.0253 0x17d4  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
15:58:52.0294 0x17d4  DcomLaunch - ok
15:58:52.0325 0x17d4  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
15:58:52.0351 0x17d4  defragsvc - ok
15:58:52.0371 0x17d4  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
15:58:52.0406 0x17d4  DfsC - ok
15:58:52.0438 0x17d4  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
15:58:52.0547 0x17d4  Dhcp - ok
15:58:52.0554 0x17d4  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
15:58:52.0613 0x17d4  discache - ok
15:58:52.0631 0x17d4  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
15:58:52.0639 0x17d4  Disk - ok
15:58:52.0657 0x17d4  [ 5DB085A8A6600BE6401F2B24EECB5415, 5FC5C7C1B4DB7BF6EFD0992E91DB41FD047E90D1ABA0B8F868CB72557F88FB13 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
15:58:52.0675 0x17d4  dmvsc - ok
15:58:52.0719 0x17d4  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
15:58:52.0771 0x17d4  Dnscache - ok
15:58:52.0781 0x17d4  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
15:58:52.0820 0x17d4  dot3svc - ok
15:58:52.0864 0x17d4  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
15:58:52.0922 0x17d4  DPS - ok
15:58:52.0955 0x17d4  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
15:58:52.0999 0x17d4  drmkaud - ok
15:58:53.0028 0x17d4  [ 6A0E850DDCB136AA3D2FB7234382DF12, C01863E95F45E1B74AC65C9CD12C8DC769299218255B3C94E3EBF58C4D79FEF3 ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
15:58:53.0038 0x17d4  dtsoftbus01 - ok
15:58:53.0091 0x17d4  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
15:58:53.0113 0x17d4  DXGKrnl - ok
15:58:53.0129 0x17d4  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
15:58:53.0170 0x17d4  EapHost - ok
15:58:53.0243 0x17d4  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
15:58:53.0342 0x17d4  ebdrv - ok
15:58:53.0377 0x17d4  [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] EFS             C:\Windows\System32\lsass.exe
15:58:53.0400 0x17d4  EFS - ok
15:58:53.0463 0x17d4  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
15:58:53.0535 0x17d4  ehRecvr - ok
15:58:53.0547 0x17d4  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
15:58:53.0578 0x17d4  ehSched - ok
15:58:53.0628 0x17d4  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
15:58:53.0649 0x17d4  elxstor - ok
15:58:53.0659 0x17d4  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
15:58:53.0667 0x17d4  ErrDev - ok
15:58:53.0688 0x17d4  [ 84486624268E078255BC7AA47F0960BC, EC2540698B974572F0AC4A93D57C63295BAF66BF50F7416B9DFF5DE790EBDBE7 ] etdrv           C:\Windows\etdrv.sys
15:58:53.0693 0x17d4  etdrv - ok
15:58:53.0721 0x17d4  [ 3DBC10CBC436288801FAEE66DE91AE47, CE50732C43AEB8ACF977DF7CF609C88CB022E596EBE0C0AA9DDBC4D6BB25B804 ] EtronHub3       C:\Windows\system32\Drivers\EtronHub3.sys
15:58:53.0771 0x17d4  EtronHub3 - ok
15:58:53.0785 0x17d4  [ DE261095A2220D400D9603E1E42D4185, F5C4493EDCE92EC46BC7940764F719131FE27AE695201EDF143D678881CD239D ] EtronXHCI       C:\Windows\system32\Drivers\EtronXHCI.sys
15:58:53.0795 0x17d4  EtronXHCI - ok
15:58:53.0813 0x17d4  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
15:58:53.0855 0x17d4  EventSystem - ok
15:58:53.0874 0x17d4  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
15:58:53.0897 0x17d4  exfat - ok
15:58:53.0911 0x17d4  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
15:58:53.0954 0x17d4  fastfat - ok
15:58:54.0011 0x17d4  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
15:58:54.0072 0x17d4  Fax - ok
15:58:54.0081 0x17d4  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
15:58:54.0104 0x17d4  fdc - ok
15:58:54.0121 0x17d4  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
15:58:54.0143 0x17d4  fdPHost - ok
15:58:54.0153 0x17d4  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
15:58:54.0191 0x17d4  FDResPub - ok
15:58:54.0208 0x17d4  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
15:58:54.0215 0x17d4  FileInfo - ok
15:58:54.0226 0x17d4  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
15:58:54.0261 0x17d4  Filetrace - ok
15:58:54.0330 0x17d4  [ 64AB6F28047744B9B19C97459C2AB31B, B1F3FEE6DF1E72003DEAC8712C3E29D82DF67A095C4AC16A379BCD995C2F3833 ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
15:58:54.0358 0x17d4  FLEXnet Licensing Service 64 - ok
15:58:54.0362 0x17d4  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
15:58:54.0369 0x17d4  flpydisk - ok
15:58:54.0385 0x17d4  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
15:58:54.0395 0x17d4  FltMgr - ok
15:58:54.0442 0x17d4  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
15:58:54.0479 0x17d4  FontCache - ok
15:58:54.0510 0x17d4  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:58:54.0516 0x17d4  FontCache3.0.0.0 - ok
15:58:54.0526 0x17d4  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
15:58:54.0534 0x17d4  FsDepends - ok
15:58:54.0547 0x17d4  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
15:58:54.0554 0x17d4  Fs_Rec - ok
15:58:54.0604 0x17d4  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
15:58:54.0616 0x17d4  fvevol - ok
15:58:54.0637 0x17d4  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
15:58:54.0645 0x17d4  gagp30kx - ok
15:58:54.0705 0x17d4  [ 7907E14F9BCF3A4689C9A74A1A873CB6, 17927B93B2D6AB4271C158F039CAE2D60591D6A14458F5A5690AEC86F5D54229 ] gdrv            C:\Windows\gdrv.sys
15:58:54.0711 0x17d4  gdrv - ok
15:58:54.0755 0x17d4  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:58:54.0761 0x17d4  GEARAspiWDM - ok
15:58:54.0782 0x17d4  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
15:58:54.0830 0x17d4  gpsvc - ok
15:58:54.0852 0x17d4  [ 8126331FBD4ED29EB3B356F9C905064D, A58BCE904591DD762410E99960FD956FB579C2CE78FA7BF1406075D29537EF82 ] GVTDrv64        C:\Windows\GVTDrv64.sys
15:58:54.0858 0x17d4  GVTDrv64 - ok
15:58:54.0873 0x17d4  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
15:58:54.0917 0x17d4  hcw85cir - ok
15:58:54.0945 0x17d4  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:58:54.0978 0x17d4  HdAudAddService - ok
15:58:55.0016 0x17d4  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
15:58:55.0046 0x17d4  HDAudBus - ok
15:58:55.0066 0x17d4  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
15:58:55.0091 0x17d4  HidBatt - ok
15:58:55.0109 0x17d4  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
15:58:55.0138 0x17d4  HidBth - ok
15:58:55.0156 0x17d4  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
15:58:55.0165 0x17d4  HidIr - ok
15:58:55.0180 0x17d4  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
15:58:55.0201 0x17d4  hidserv - ok
15:58:55.0232 0x17d4  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
15:58:55.0251 0x17d4  HidUsb - ok
15:58:55.0274 0x17d4  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
15:58:55.0295 0x17d4  hkmsvc - ok
15:58:55.0304 0x17d4  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:58:55.0319 0x17d4  HomeGroupListener - ok
15:58:55.0330 0x17d4  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:58:55.0355 0x17d4  HomeGroupProvider - ok
15:58:55.0401 0x17d4  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
15:58:55.0416 0x17d4  HpSAMD - ok
15:58:55.0456 0x17d4  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
15:58:55.0508 0x17d4  HTTP - ok
15:58:55.0529 0x17d4  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
15:58:55.0536 0x17d4  hwpolicy - ok
15:58:55.0559 0x17d4  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
15:58:55.0568 0x17d4  i8042prt - ok
15:58:55.0583 0x17d4  [ 3DF4395A7CF8B7A72A5F4606366B8C2D, 483588B8FC6E05488ED631C4E1CFC398553FEBFA2CD2BB527B4DF12D19774F80 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
15:58:55.0595 0x17d4  iaStorV - ok
15:58:55.0648 0x17d4  [ 33D4D4A24791587E83F7EE05A446FB7E, 081E48AF76D7D3A71850A4C910EFBB0B280235E2A5303178B0338230F4BA2DE2 ] ICCS            C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
15:58:55.0667 0x17d4  ICCS - detected UnsignedFile.Multi.Generic ( 1 )
15:58:58.0083 0x17d4  Detect skipped due to KSN trusted
15:58:58.0083 0x17d4  ICCS - ok
15:58:58.0132 0x17d4  [ 1CF03C69B49ACB70C722DF92755C0C8C, C227850C133F29BB9DED91A26A22AE077FD69629CEF35B67D305F016C4BDAA81 ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
15:58:58.0155 0x17d4  IDriverT - detected UnsignedFile.Multi.Generic ( 1 )
15:59:00.0570 0x17d4  Detect skipped due to KSN trusted
15:59:00.0570 0x17d4  IDriverT - ok
15:59:00.0626 0x17d4  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:59:00.0655 0x17d4  idsvc - ok
15:59:00.0682 0x17d4  IEEtwCollectorService - ok
15:59:00.0690 0x17d4  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
15:59:00.0697 0x17d4  iirsp - ok
15:59:00.0730 0x17d4  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
15:59:00.0753 0x17d4  IKEEXT - ok
15:59:00.0803 0x17d4  [ C99F8E90DE4B8F0C7FE15BB1CBCD29DC, F791EE101EEF8B9F48102B6C63A89B78F7C0041C750C4F4C0D16D54B583B7B5C ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
15:59:00.0829 0x17d4  Intel(R) Capability Licensing Service Interface - ok
15:59:00.0856 0x17d4  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
15:59:00.0868 0x17d4  intelide - ok
15:59:00.0883 0x17d4  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
15:59:00.0909 0x17d4  intelppm - ok
15:59:00.0941 0x17d4  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
15:59:00.0979 0x17d4  IPBusEnum - ok
15:59:00.0994 0x17d4  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:59:01.0015 0x17d4  IpFilterDriver - ok
15:59:01.0055 0x17d4  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
15:59:01.0111 0x17d4  iphlpsvc - ok
15:59:01.0125 0x17d4  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
15:59:01.0154 0x17d4  IPMIDRV - ok
15:59:01.0160 0x17d4  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
15:59:01.0194 0x17d4  IPNAT - ok
15:59:01.0230 0x17d4  [ A4857E8B1DEB9740FB5ADEDF05ED69E0, 24FC7A188D32B08CE4F10EEEF17F37C45DB5433158A7A97A07D43F6BEE58DFFC ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
15:59:01.0244 0x17d4  iPod Service - ok
15:59:01.0260 0x17d4  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
15:59:01.0293 0x17d4  IRENUM - ok
15:59:01.0309 0x17d4  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
15:59:01.0322 0x17d4  isapnp - ok
15:59:01.0352 0x17d4  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
15:59:01.0367 0x17d4  iScsiPrt - ok
15:59:01.0379 0x17d4  [ D596D915CF091DA1F8CE4BD38BB5D509, 9B4D246B6886FFD9BE329F3543B819FC010661B0F70206F16ECBF25A7B12AA6F ] iusb3hcs        C:\Windows\system32\DRIVERS\iusb3hcs.sys
15:59:01.0384 0x17d4  iusb3hcs - ok
15:59:01.0401 0x17d4  [ 023896E23B61543A15A230EED996D911, 2F8D15B67AB2C1E87EA46F2CB9DBA564865D89DEA93A83B44A9B148883B96731 ] iusb3hub        C:\Windows\system32\DRIVERS\iusb3hub.sys
15:59:01.0412 0x17d4  iusb3hub - ok
15:59:01.0434 0x17d4  [ 7FAEC13F1ADD619F4B5B2D2CBF841E8E, E7ED64DD26FD4EA04C2C32C33BDA16FB985F3C6F1F8451480A0D24375B7F57AC ] iusb3xhc        C:\Windows\system32\DRIVERS\iusb3xhc.sys
15:59:01.0452 0x17d4  iusb3xhc - ok
15:59:01.0513 0x17d4  [ 78ABBE558F57144047F10A0F50FE4B2F, 6BE608F7697D83FD6C7E6EA422AC5637933BDC96B1044C12DE9A419CE7D6F6CE ] jhi_service     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
15:59:01.0521 0x17d4  jhi_service - ok
15:59:01.0530 0x17d4  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
15:59:01.0538 0x17d4  kbdclass - ok
15:59:01.0561 0x17d4  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
15:59:01.0592 0x17d4  kbdhid - ok
15:59:01.0612 0x17d4  [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] KeyIso          C:\Windows\system32\lsass.exe
15:59:01.0627 0x17d4  KeyIso - ok
15:59:01.0666 0x17d4  [ C60C6B9A2E50B0404F6789C62B428C03, 0DFFAACBA038FB3D994049E7BBC8E0C63CB8B4A68C4AB770AD995B66B017C25B ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
15:59:01.0682 0x17d4  KSecDD - ok
15:59:01.0696 0x17d4  [ 78D152A9FD5747FF6AA89C79F0346F62, 69138077E84E5324751E3C8B80D05BE58EDF03CEC84F69B734537F10F6998F3B ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
15:59:01.0706 0x17d4  KSecPkg - ok
15:59:01.0715 0x17d4  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
15:59:01.0755 0x17d4  ksthunk - ok
15:59:01.0796 0x17d4  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
15:59:01.0848 0x17d4  KtmRm - ok
15:59:01.0865 0x17d4  [ A43A9920D2409BB9DA747D2FD20A2E61, 6D48897F3B9F0D04FC0C09017A34F1614C708476829F275682963F162BCBE8A0 ] L1C             C:\Windows\system32\DRIVERS\L1C62x64.sys
15:59:01.0872 0x17d4  L1C - ok
15:59:01.0900 0x17d4  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
15:59:01.0942 0x17d4  LanmanServer - ok
15:59:01.0966 0x17d4  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:59:02.0008 0x17d4  LanmanWorkstation - ok
15:59:02.0039 0x17d4  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
15:59:02.0060 0x17d4  lltdio - ok
15:59:02.0092 0x17d4  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
15:59:02.0146 0x17d4  lltdsvc - ok
15:59:02.0163 0x17d4  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
15:59:02.0211 0x17d4  lmhosts - ok
15:59:02.0246 0x17d4  [ 2C24DC448DBE8DB9BE1441B824C57E79, DA2257EEC964A47D03C2BB13317FD788E51D4685E2395B303ED7B2575FEF3B19 ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
15:59:02.0255 0x17d4  LMS - ok
15:59:02.0284 0x17d4  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
15:59:02.0292 0x17d4  LSI_FC - ok
15:59:02.0299 0x17d4  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
15:59:02.0307 0x17d4  LSI_SAS - ok
15:59:02.0318 0x17d4  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
15:59:02.0325 0x17d4  LSI_SAS2 - ok
15:59:02.0329 0x17d4  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
15:59:02.0336 0x17d4  LSI_SCSI - ok
15:59:02.0354 0x17d4  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
15:59:02.0393 0x17d4  luafv - ok
15:59:02.0426 0x17d4  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
15:59:02.0436 0x17d4  Mcx2Svc - ok
15:59:02.0451 0x17d4  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
15:59:02.0457 0x17d4  megasas - ok
15:59:02.0473 0x17d4  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
15:59:02.0484 0x17d4  MegaSR - ok
15:59:02.0521 0x17d4  [ 772A1DEEDFDBC244183B5C805D1B7D85, 7D821B8DF1F174E5414FFDEAB5207DB687740E9842F7203600AEBA086945AFC9 ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
15:59:02.0528 0x17d4  MEIx64 - ok
15:59:02.0631 0x17d4  [ 0AF89452A8CE3928168F4E5B2208C68B, 571F1A9F1F0B31DB5FFAE7FB7F98C16958439D6666A9F2131B0F2E496BF3D2AC ] mi-raysat_3dsmax2013_64 C:\Program Files\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64server.exe
15:59:02.0639 0x17d4  mi-raysat_3dsmax2013_64 - detected UnsignedFile.Multi.Generic ( 1 )
15:59:05.0172 0x17d4  Detect skipped due to KSN trusted
15:59:05.0172 0x17d4  mi-raysat_3dsmax2013_64 - ok
15:59:05.0228 0x17d4  Microsoft SharePoint Workspace Audit Service - ok
15:59:05.0246 0x17d4  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
15:59:05.0280 0x17d4  MMCSS - ok
15:59:05.0295 0x17d4  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
15:59:05.0316 0x17d4  Modem - ok
15:59:05.0354 0x17d4  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
15:59:05.0387 0x17d4  monitor - ok
15:59:05.0405 0x17d4  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
15:59:05.0417 0x17d4  mouclass - ok
15:59:05.0424 0x17d4  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
15:59:05.0456 0x17d4  mouhid - ok
15:59:05.0477 0x17d4  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
15:59:05.0489 0x17d4  mountmgr - ok
15:59:05.0535 0x17d4  [ 269BDB3CB77EB77BABE2862BEAB1F208, EC693365C73D59244CB77E181042128A9901BA5C1109CD4F1B9A2008DF1F9582 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:59:05.0544 0x17d4  MozillaMaintenance - ok
15:59:05.0564 0x17d4  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
15:59:05.0572 0x17d4  mpio - ok
15:59:05.0584 0x17d4  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
15:59:05.0605 0x17d4  mpsdrv - ok
15:59:05.0634 0x17d4  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
15:59:05.0669 0x17d4  MpsSvc - ok
15:59:05.0697 0x17d4  [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
15:59:05.0737 0x17d4  MRxDAV - ok
15:59:05.0772 0x17d4  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
15:59:05.0826 0x17d4  mrxsmb - ok
15:59:05.0844 0x17d4  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:59:05.0867 0x17d4  mrxsmb10 - ok
15:59:05.0879 0x17d4  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:59:05.0907 0x17d4  mrxsmb20 - ok
15:59:05.0929 0x17d4  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
15:59:05.0942 0x17d4  msahci - ok
15:59:05.0959 0x17d4  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
15:59:05.0967 0x17d4  msdsm - ok
15:59:05.0981 0x17d4  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
15:59:06.0009 0x17d4  MSDTC - ok
15:59:06.0030 0x17d4  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
15:59:06.0081 0x17d4  Msfs - ok
15:59:06.0103 0x17d4  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
15:59:06.0139 0x17d4  mshidkmdf - ok
15:59:06.0143 0x17d4  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
15:59:06.0149 0x17d4  msisadrv - ok
15:59:06.0172 0x17d4  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
15:59:06.0209 0x17d4  MSiSCSI - ok
15:59:06.0211 0x17d4  msiserver - ok
15:59:06.0241 0x17d4  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
15:59:06.0289 0x17d4  MSKSSRV - ok
15:59:06.0307 0x17d4  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
15:59:06.0340 0x17d4  MSPCLOCK - ok
15:59:06.0360 0x17d4  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
15:59:06.0380 0x17d4  MSPQM - ok
15:59:06.0398 0x17d4  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
15:59:06.0410 0x17d4  MsRPC - ok
15:59:06.0416 0x17d4  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
15:59:06.0422 0x17d4  mssmbios - ok
15:59:06.0428 0x17d4  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
15:59:06.0448 0x17d4  MSTEE - ok
15:59:06.0457 0x17d4  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
15:59:06.0465 0x17d4  MTConfig - ok
15:59:06.0478 0x17d4  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
15:59:06.0484 0x17d4  Mup - ok
15:59:06.0509 0x17d4  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
15:59:06.0557 0x17d4  napagent - ok
15:59:06.0608 0x17d4  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
15:59:06.0625 0x17d4  NativeWifiP - ok
15:59:06.0665 0x17d4  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
15:59:06.0686 0x17d4  NDIS - ok
15:59:06.0700 0x17d4  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
15:59:06.0720 0x17d4  NdisCap - ok
15:59:06.0743 0x17d4  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
15:59:06.0764 0x17d4  NdisTapi - ok
15:59:06.0779 0x17d4  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
15:59:06.0800 0x17d4  Ndisuio - ok
15:59:06.0815 0x17d4  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
15:59:06.0853 0x17d4  NdisWan - ok
15:59:06.0875 0x17d4  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
15:59:06.0895 0x17d4  NDProxy - ok
15:59:06.0908 0x17d4  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
15:59:06.0947 0x17d4  NetBIOS - ok
15:59:06.0969 0x17d4  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
15:59:06.0993 0x17d4  NetBT - ok
15:59:07.0004 0x17d4  [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] Netlogon        C:\Windows\system32\lsass.exe
15:59:07.0011 0x17d4  Netlogon - ok
15:59:07.0031 0x17d4  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
15:59:07.0057 0x17d4  Netman - ok
15:59:07.0096 0x17d4  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:59:07.0114 0x17d4  NetMsmqActivator - ok
15:59:07.0121 0x17d4  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:59:07.0131 0x17d4  NetPipeActivator - ok
15:59:07.0146 0x17d4  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
15:59:07.0189 0x17d4  netprofm - ok
15:59:07.0193 0x17d4  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:59:07.0201 0x17d4  NetTcpActivator - ok
15:59:07.0204 0x17d4  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:59:07.0212 0x17d4  NetTcpPortSharing - ok
15:59:07.0240 0x17d4  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
15:59:07.0247 0x17d4  nfrd960 - ok
15:59:07.0288 0x17d4  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
15:59:07.0343 0x17d4  NlaSvc - ok
15:59:07.0361 0x17d4  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
15:59:07.0397 0x17d4  Npfs - ok
15:59:07.0414 0x17d4  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
15:59:07.0462 0x17d4  nsi - ok
15:59:07.0479 0x17d4  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
15:59:07.0516 0x17d4  nsiproxy - ok
15:59:07.0594 0x17d4  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
15:59:07.0630 0x17d4  Ntfs - ok
15:59:07.0637 0x17d4  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
15:59:07.0677 0x17d4  Null - ok
15:59:07.0704 0x17d4  [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48, 7738785DE8B50D69993F4408498B812D0283FEE5C04FF5B89C20F149B44E9737 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
15:59:07.0712 0x17d4  nvraid - ok
15:59:07.0744 0x17d4  [ F7CD50FE7139F07E77DA8AC8033D1832, DA96F4B15C8165E6AE1D00E03A062C66CA3A3089E4FF0E9E11CE00B154DD12EC ] nvstor          C:\Windows\system32\drivers\nvstor.sys
15:59:07.0753 0x17d4  nvstor - ok
15:59:07.0786 0x17d4  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
15:59:07.0794 0x17d4  nv_agp - ok
15:59:07.0801 0x17d4  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
15:59:07.0823 0x17d4  ohci1394 - ok
15:59:07.0946 0x17d4  [ 4E2D0656946F2A19FED1C60E0E4FC1AF, 5551D5BD89EB650C5485BBB58DAA5473044B7C967B72687A27430FA9A1E812FE ] Origin Client Service C:\Program Files (x86)\Origin\OriginClientService.exe
15:59:07.0982 0x17d4  Origin Client Service - ok
15:59:08.0040 0x17d4  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:59:08.0055 0x17d4  ose - ok
15:59:08.0192 0x17d4  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:59:08.0266 0x17d4  osppsvc - ok
15:59:08.0299 0x17d4  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
15:59:08.0348 0x17d4  p2pimsvc - ok
15:59:08.0378 0x17d4  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
15:59:08.0402 0x17d4  p2psvc - ok
15:59:08.0407 0x17d4  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
15:59:08.0418 0x17d4  Parport - ok
15:59:08.0441 0x17d4  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
15:59:08.0448 0x17d4  partmgr - ok
15:59:08.0455 0x17d4  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
15:59:08.0485 0x17d4  PcaSvc - ok
15:59:08.0503 0x17d4  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
15:59:08.0512 0x17d4  pci - ok
15:59:08.0542 0x17d4  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
15:59:08.0548 0x17d4  pciide - ok
15:59:08.0554 0x17d4  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
15:59:08.0563 0x17d4  pcmcia - ok
15:59:08.0572 0x17d4  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
15:59:08.0579 0x17d4  pcw - ok
15:59:08.0595 0x17d4  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
15:59:08.0642 0x17d4  PEAUTH - ok
15:59:08.0693 0x17d4  [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
15:59:08.0747 0x17d4  PeerDistSvc - ok
15:59:08.0806 0x17d4  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
15:59:08.0832 0x17d4  PerfHost - ok
15:59:08.0875 0x17d4  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
15:59:08.0937 0x17d4  pla - ok
15:59:09.0003 0x17d4  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
15:59:09.0062 0x17d4  PlugPlay - ok
15:59:09.0090 0x17d4  PnkBstrA - ok
15:59:09.0115 0x17d4  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
15:59:09.0142 0x17d4  PNRPAutoReg - ok
15:59:09.0169 0x17d4  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
15:59:09.0188 0x17d4  PNRPsvc - ok
15:59:09.0222 0x17d4  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
15:59:09.0266 0x17d4  PolicyAgent - ok
15:59:09.0308 0x17d4  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
15:59:09.0351 0x17d4  Power - ok
15:59:09.0382 0x17d4  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
15:59:09.0427 0x17d4  PptpMiniport - ok
15:59:09.0448 0x17d4  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
15:59:09.0468 0x17d4  Processor - ok
15:59:09.0509 0x17d4  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\Windows\system32\profsvc.dll
15:59:09.0542 0x17d4  ProfSvc - ok
15:59:09.0555 0x17d4  [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:59:09.0567 0x17d4  ProtectedStorage - ok
15:59:09.0587 0x17d4  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
15:59:09.0617 0x17d4  Psched - ok
15:59:09.0665 0x17d4  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
15:59:09.0696 0x17d4  ql2300 - ok
15:59:09.0709 0x17d4  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
15:59:09.0717 0x17d4  ql40xx - ok
15:59:09.0732 0x17d4  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
15:59:09.0747 0x17d4  QWAVE - ok
15:59:09.0759 0x17d4  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
15:59:09.0770 0x17d4  QWAVEdrv - ok
15:59:09.0776 0x17d4  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
15:59:09.0808 0x17d4  RasAcd - ok
15:59:09.0838 0x17d4  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
15:59:09.0879 0x17d4  RasAgileVpn - ok
15:59:09.0896 0x17d4  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
15:59:09.0920 0x17d4  RasAuto - ok
15:59:09.0929 0x17d4  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
15:59:09.0951 0x17d4  Rasl2tp - ok
15:59:09.0962 0x17d4  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
15:59:09.0988 0x17d4  RasMan - ok
15:59:09.0996 0x17d4  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
15:59:10.0031 0x17d4  RasPppoe - ok
15:59:10.0060 0x17d4  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
15:59:10.0112 0x17d4  RasSstp - ok
15:59:10.0136 0x17d4  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
15:59:10.0161 0x17d4  rdbss - ok
15:59:10.0166 0x17d4  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
15:59:10.0191 0x17d4  rdpbus - ok
15:59:10.0215 0x17d4  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
15:59:10.0235 0x17d4  RDPCDD - ok
15:59:10.0264 0x17d4  [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
15:59:10.0285 0x17d4  RDPDR - ok
15:59:10.0287 0x17d4  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
15:59:10.0328 0x17d4  RDPENCDD - ok
15:59:10.0366 0x17d4  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
15:59:10.0424 0x17d4  RDPREFMP - ok
15:59:10.0503 0x17d4  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
15:59:10.0548 0x17d4  RdpVideoMiniport - ok
15:59:10.0589 0x17d4  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
15:59:10.0645 0x17d4  RDPWD - ok
15:59:10.0666 0x17d4  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
15:59:10.0676 0x17d4  rdyboost - ok
15:59:10.0696 0x17d4  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
15:59:10.0735 0x17d4  RemoteAccess - ok
15:59:10.0776 0x17d4  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
15:59:10.0818 0x17d4  RemoteRegistry - ok
15:59:10.0837 0x17d4  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
15:59:10.0859 0x17d4  RpcEptMapper - ok
15:59:10.0876 0x17d4  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
15:59:10.0904 0x17d4  RpcLocator - ok
15:59:10.0938 0x17d4  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
15:59:10.0971 0x17d4  RpcSs - ok
15:59:10.0980 0x17d4  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
15:59:11.0014 0x17d4  rspndr - ok
15:59:11.0040 0x17d4  [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
15:59:11.0047 0x17d4  s3cap - ok
15:59:11.0064 0x17d4  [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] SamSs           C:\Windows\system32\lsass.exe
15:59:11.0071 0x17d4  SamSs - ok
15:59:11.0084 0x17d4  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
15:59:11.0093 0x17d4  sbp2port - ok
15:59:11.0109 0x17d4  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
15:59:11.0132 0x17d4  SCardSvr - ok
15:59:11.0137 0x17d4  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
15:59:11.0175 0x17d4  scfilter - ok
15:59:11.0211 0x17d4  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
15:59:11.0271 0x17d4  Schedule - ok
15:59:11.0296 0x17d4  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
15:59:11.0316 0x17d4  SCPolicySvc - ok
15:59:11.0329 0x17d4  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
15:59:11.0374 0x17d4  SDRSVC - ok
15:59:11.0384 0x17d4  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
15:59:11.0423 0x17d4  secdrv - ok
15:59:11.0448 0x17d4  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
15:59:11.0468 0x17d4  seclogon - ok
15:59:11.0479 0x17d4  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
15:59:11.0519 0x17d4  SENS - ok
15:59:11.0522 0x17d4  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
15:59:11.0551 0x17d4  SensrSvc - ok
15:59:11.0571 0x17d4  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
15:59:11.0586 0x17d4  Serenum - ok
15:59:11.0601 0x17d4  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
15:59:11.0633 0x17d4  Serial - ok
15:59:11.0653 0x17d4  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
15:59:11.0664 0x17d4  sermouse - ok
15:59:11.0678 0x17d4  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
15:59:11.0722 0x17d4  SessionEnv - ok
15:59:11.0738 0x17d4  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
15:59:11.0748 0x17d4  sffdisk - ok
15:59:11.0758 0x17d4  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
15:59:11.0768 0x17d4  sffp_mmc - ok
15:59:11.0779 0x17d4  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
15:59:11.0805 0x17d4  sffp_sd - ok
15:59:11.0819 0x17d4  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
15:59:11.0827 0x17d4  sfloppy - ok
15:59:11.0843 0x17d4  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
15:59:11.0870 0x17d4  SharedAccess - ok
15:59:11.0882 0x17d4  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:59:11.0909 0x17d4  ShellHWDetection - ok
15:59:11.0927 0x17d4  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
15:59:11.0933 0x17d4  SiSRaid2 - ok
15:59:11.0949 0x17d4  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
15:59:11.0956 0x17d4  SiSRaid4 - ok
15:59:12.0030 0x17d4  [ A9C057A9463C25490CF99EA8DF8A4B35, 8F4D1C40D0F17EDBF84ED455B8946F782C7552383F0A07E410A9B6CFF7F51D63 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
15:59:12.0050 0x17d4  SkypeUpdate - ok
15:59:12.0072 0x17d4  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
15:59:12.0105 0x17d4  Smb - ok
15:59:12.0132 0x17d4  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
15:59:12.0167 0x17d4  SNMPTRAP - ok
15:59:12.0184 0x17d4  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
15:59:12.0193 0x17d4  spldr - ok
15:59:12.0229 0x17d4  [ B96C17B5DC1424D56EEA3A99E97428CD, AF0A85066A7983878DC1C663811CE61C6CA1912DC956184F878B7B82DB93C651 ] Spooler         C:\Windows\System32\spoolsv.exe
15:59:12.0264 0x17d4  Spooler - ok
15:59:12.0325 0x17d4  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
15:59:12.0420 0x17d4  sppsvc - ok
15:59:12.0459 0x17d4  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
15:59:12.0481 0x17d4  sppuinotify - ok
15:59:12.0522 0x17d4  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
15:59:12.0546 0x17d4  srv - ok
15:59:12.0562 0x17d4  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
15:59:12.0592 0x17d4  srv2 - ok
15:59:12.0622 0x17d4  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
15:59:12.0632 0x17d4  srvnet - ok
15:59:12.0643 0x17d4  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
15:59:12.0682 0x17d4  SSDPSRV - ok
15:59:12.0707 0x17d4  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
15:59:12.0728 0x17d4  SstpSvc - ok
15:59:12.0778 0x17d4  [ CC7ED069C2FC82B5B1555C2044C765CC, CE43363544A3EE2C5133CD0D47BF34AFAFA4EAD6AC9EB9A772EE55E89D4D89D4 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
15:59:12.0795 0x17d4  Steam Client Service - ok
15:59:12.0811 0x17d4  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
15:59:12.0817 0x17d4  stexstor - ok
15:59:12.0845 0x17d4  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
15:59:12.0887 0x17d4  stisvc - ok
15:59:12.0916 0x17d4  [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
15:59:12.0923 0x17d4  storflt - ok
15:59:12.0944 0x17d4  [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc         C:\Windows\system32\storsvc.dll
15:59:12.0954 0x17d4  StorSvc - ok
15:59:12.0966 0x17d4  [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc         C:\Windows\system32\drivers\storvsc.sys
15:59:12.0972 0x17d4  storvsc - ok
15:59:12.0984 0x17d4  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
15:59:12.0990 0x17d4  swenum - ok
15:59:13.0003 0x17d4  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
15:59:13.0033 0x17d4  swprv - ok
15:59:13.0072 0x17d4  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
15:59:13.0130 0x17d4  SysMain - ok
15:59:13.0154 0x17d4  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:59:13.0166 0x17d4  TabletInputService - ok
15:59:13.0182 0x17d4  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
15:59:13.0228 0x17d4  TapiSrv - ok
15:59:13.0247 0x17d4  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
15:59:13.0268 0x17d4  TBS - ok
15:59:13.0346 0x17d4  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
15:59:13.0382 0x17d4  Tcpip - ok
15:59:13.0424 0x17d4  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
15:59:13.0455 0x17d4  TCPIP6 - ok
15:59:13.0492 0x17d4  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
15:59:13.0507 0x17d4  tcpipreg - ok
15:59:13.0518 0x17d4  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
15:59:13.0552 0x17d4  TDPIPE - ok
15:59:13.0579 0x17d4  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
15:59:13.0592 0x17d4  TDTCP - ok
15:59:13.0605 0x17d4  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
15:59:13.0640 0x17d4  tdx - ok
15:59:13.0649 0x17d4  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
15:59:13.0656 0x17d4  TermDD - ok
15:59:13.0690 0x17d4  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
15:59:13.0717 0x17d4  TermService - ok
15:59:13.0734 0x17d4  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
15:59:13.0745 0x17d4  Themes - ok
15:59:13.0764 0x17d4  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
15:59:13.0785 0x17d4  THREADORDER - ok
15:59:13.0799 0x17d4  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
15:59:13.0842 0x17d4  TrkWks - ok
15:59:13.0890 0x17d4  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:59:13.0913 0x17d4  TrustedInstaller - ok
15:59:13.0937 0x17d4  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
15:59:13.0965 0x17d4  tssecsrv - ok
15:59:13.0995 0x17d4  [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
15:59:14.0013 0x17d4  TsUsbFlt - ok
15:59:14.0042 0x17d4  [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
15:59:14.0083 0x17d4  TsUsbGD - ok
15:59:14.0100 0x17d4  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
15:59:14.0152 0x17d4  tunnel - ok
15:59:14.0166 0x17d4  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
15:59:14.0173 0x17d4  uagp35 - ok
15:59:14.0192 0x17d4  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
15:59:14.0229 0x17d4  udfs - ok
15:59:14.0254 0x17d4  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
15:59:14.0288 0x17d4  UI0Detect - ok
15:59:14.0311 0x17d4  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
15:59:14.0326 0x17d4  uliagpkx - ok
15:59:14.0343 0x17d4  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
15:59:14.0376 0x17d4  umbus - ok
15:59:14.0393 0x17d4  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
15:59:14.0403 0x17d4  UmPass - ok
15:59:14.0431 0x17d4  [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService    C:\Windows\System32\umrdp.dll
15:59:14.0465 0x17d4  UmRdpService - ok
15:59:14.0568 0x17d4  [ E1A119AD21F5AFE22EB516C549306D3D, 48769D5E7A78B7A2C00F1F6798AC133CF3E0B2C76F71D3719BD741DDD8F2D229 ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
15:59:14.0586 0x17d4  UNS - ok
15:59:14.0600 0x17d4  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
15:59:14.0645 0x17d4  upnphost - ok
15:59:14.0705 0x17d4  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
15:59:14.0757 0x17d4  usbaudio - ok
15:59:14.0774 0x17d4  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
15:59:14.0797 0x17d4  usbccgp - ok
15:59:14.0828 0x17d4  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
15:59:14.0873 0x17d4  usbcir - ok
15:59:14.0903 0x17d4  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
15:59:14.0910 0x17d4  usbehci - ok
15:59:14.0923 0x17d4  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
15:59:14.0955 0x17d4  usbhub - ok
15:59:14.0989 0x17d4  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\drivers\usbohci.sys
15:59:14.0997 0x17d4  usbohci - ok
15:59:15.0008 0x17d4  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\drivers\usbprint.sys
15:59:15.0037 0x17d4  usbprint - ok
15:59:15.0055 0x17d4  [ D76510CFA0FC09023077F22C2F979D86, 5662281C6D515423255D3C262EA368DBAFC250235E535FBFA3E59D3487695439 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:59:15.0065 0x17d4  USBSTOR - ok
15:59:15.0100 0x17d4  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
15:59:15.0120 0x17d4  usbuhci - ok
15:59:15.0137 0x17d4  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
15:59:15.0186 0x17d4  UxSms - ok
15:59:15.0206 0x17d4  [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] VaultSvc        C:\Windows\system32\lsass.exe
15:59:15.0213 0x17d4  VaultSvc - ok
15:59:15.0220 0x17d4  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
15:59:15.0227 0x17d4  vdrvroot - ok
15:59:15.0243 0x17d4  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
15:59:15.0273 0x17d4  vds - ok
15:59:15.0287 0x17d4  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
15:59:15.0299 0x17d4  vga - ok
15:59:15.0301 0x17d4  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
15:59:15.0336 0x17d4  VgaSave - ok
15:59:15.0353 0x17d4  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
15:59:15.0362 0x17d4  vhdmp - ok
15:59:15.0425 0x17d4  [ 3CCC0D9607419AC28B4216C18F6FA5E9, D51049B48EAC426C78C0651630BE6995E78E3E0E045AA4A8C7285A9941BF22A3 ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
15:59:15.0478 0x17d4  VIAHdAudAddService - ok
15:59:15.0507 0x17d4  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
15:59:15.0513 0x17d4  viaide - ok
15:59:15.0525 0x17d4  [ 888450E821E7A66CB8A4E5B7A01BA5C5, 9D78E82F533D045CB47E4BF452C1BF3F5451A71171D7D11E744CFA03C154D242 ] VIAKaraokeService C:\Windows\system32\viakaraokesrv.exe
15:59:15.0531 0x17d4  VIAKaraokeService - ok
15:59:15.0555 0x17d4  [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
15:59:15.0564 0x17d4  vmbus - ok
15:59:15.0575 0x17d4  [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
15:59:15.0583 0x17d4  VMBusHID - ok
15:59:15.0594 0x17d4  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
15:59:15.0601 0x17d4  volmgr - ok
15:59:15.0613 0x17d4  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
15:59:15.0624 0x17d4  volmgrx - ok
15:59:15.0633 0x17d4  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
15:59:15.0644 0x17d4  volsnap - ok
15:59:15.0669 0x17d4  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
15:59:15.0677 0x17d4  vsmraid - ok
15:59:15.0750 0x17d4  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
15:59:15.0818 0x17d4  VSS - ok
15:59:15.0841 0x17d4  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
15:59:15.0871 0x17d4  vwifibus - ok
15:59:15.0911 0x17d4  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
15:59:15.0938 0x17d4  W32Time - ok
15:59:15.0952 0x17d4  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
15:59:15.0961 0x17d4  WacomPen - ok
15:59:15.0970 0x17d4  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
15:59:16.0007 0x17d4  WANARP - ok
15:59:16.0011 0x17d4  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
15:59:16.0031 0x17d4  Wanarpv6 - ok
15:59:16.0077 0x17d4  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
15:59:16.0121 0x17d4  wbengine - ok
15:59:16.0130 0x17d4  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
15:59:16.0144 0x17d4  WbioSrvc - ok
15:59:16.0159 0x17d4  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
15:59:16.0192 0x17d4  wcncsvc - ok
15:59:16.0195 0x17d4  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:59:16.0222 0x17d4  WcsPlugInService - ok
15:59:16.0235 0x17d4  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
15:59:16.0242 0x17d4  Wd - ok
15:59:16.0293 0x17d4  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
15:59:16.0319 0x17d4  Wdf01000 - ok
15:59:16.0333 0x17d4  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
15:59:16.0410 0x17d4  WdiServiceHost - ok
15:59:16.0415 0x17d4  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
15:59:16.0432 0x17d4  WdiSystemHost - ok
15:59:16.0467 0x17d4  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
15:59:16.0495 0x17d4  WebClient - ok
15:59:16.0501 0x17d4  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
15:59:16.0532 0x17d4  Wecsvc - ok
15:59:16.0552 0x17d4  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
15:59:16.0574 0x17d4  wercplsupport - ok
15:59:16.0581 0x17d4  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
15:59:16.0602 0x17d4  WerSvc - ok
15:59:16.0614 0x17d4  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
15:59:16.0634 0x17d4  WfpLwf - ok
15:59:16.0647 0x17d4  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
15:59:16.0653 0x17d4  WIMMount - ok
15:59:16.0672 0x17d4  WinDefend - ok
15:59:16.0675 0x17d4  WinHttpAutoProxySvc - ok
15:59:16.0716 0x17d4  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
15:59:16.0773 0x17d4  Winmgmt - ok
15:59:16.0826 0x17d4  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
15:59:16.0896 0x17d4  WinRM - ok
15:59:16.0959 0x17d4  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
15:59:16.0969 0x17d4  WinUsb - ok
15:59:17.0000 0x17d4  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
15:59:17.0041 0x17d4  Wlansvc - ok
15:59:17.0059 0x17d4  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
15:59:17.0067 0x17d4  WmiAcpi - ok
15:59:17.0084 0x17d4  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
15:59:17.0108 0x17d4  wmiApSrv - ok
15:59:17.0129 0x17d4  WMPNetworkSvc - ok
15:59:17.0136 0x17d4  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
15:59:17.0151 0x17d4  WPCSvc - ok
15:59:17.0160 0x17d4  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
15:59:17.0181 0x17d4  WPDBusEnum - ok
15:59:17.0187 0x17d4  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
15:59:17.0226 0x17d4  ws2ifsl - ok
15:59:17.0230 0x17d4  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
15:59:17.0248 0x17d4  wscsvc - ok
15:59:17.0250 0x17d4  WSearch - ok
15:59:17.0319 0x17d4  [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv        C:\Windows\system32\wuaueng.dll
15:59:17.0382 0x17d4  wuauserv - ok
15:59:17.0411 0x17d4  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
15:59:17.0432 0x17d4  WudfPf - ok
15:59:17.0466 0x17d4  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
15:59:17.0496 0x17d4  WUDFRd - ok
15:59:17.0531 0x17d4  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
15:59:17.0562 0x17d4  wudfsvc - ok
15:59:17.0602 0x17d4  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
15:59:17.0654 0x17d4  WwanSvc - ok
15:59:17.0727 0x17d4  [ 4A5CE13408945E525503B5F73D29B9C5, D58BB31AF17752508EA67931BF170CE46877DC204FC5DA7EED5A078AEB0CA0FD ] xnacc           C:\Windows\system32\DRIVERS\xnacc.sys
15:59:17.0780 0x17d4  xnacc - ok
15:59:17.0832 0x17d4  [ 2C6BC21B2D5B58D8B1D638C1704CB494, 0AABCEB627E274E338DDD9BA664BAA128D7C00AF04C95C776C2AFFA6BB17F680 ] xusb21          C:\Windows\system32\DRIVERS\xusb21.sys
15:59:17.0843 0x17d4  xusb21 - ok
15:59:17.0846 0x17d4  ================ Scan global ===============================
15:59:17.0861 0x17d4  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
15:59:17.0903 0x17d4  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
15:59:17.0919 0x17d4  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
15:59:17.0942 0x17d4  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
15:59:17.0967 0x17d4  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
15:59:17.0978 0x17d4  [ Global ] - ok
15:59:17.0978 0x17d4  ================ Scan MBR ==================================
15:59:17.0992 0x17d4  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:59:18.0178 0x17d4  \Device\Harddisk0\DR0 - ok
15:59:18.0178 0x17d4  ================ Scan VBR ==================================
15:59:18.0205 0x17d4  [ 1DA35835AA6A65036E9D67D0BCA0C410 ] \Device\Harddisk0\DR0\Partition1
15:59:18.0250 0x17d4  \Device\Harddisk0\DR0\Partition1 - ok
15:59:18.0253 0x17d4  [ 7A44738D7B51F0D2876C7734B5C1C538 ] \Device\Harddisk0\DR0\Partition2
15:59:18.0287 0x17d4  \Device\Harddisk0\DR0\Partition2 - ok
15:59:18.0288 0x17d4  ================ Scan generic autorun ======================
15:59:18.0451 0x17d4  [ EB02DAC756DEF2FADB8B63933473006C, 2590C6E5AE69FA29A91347C2D41FD940B984A8A2B8AD4F1B90FF4F107E7DDA7C ] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
15:59:18.0527 0x17d4  HDAudDeck - ok
15:59:18.0581 0x17d4  [ A005676B30AEB3C7703C317D992B193A, 446155F3AB94BF33DB91E7C2C1EED57ED449D82710BFC96DFA07DBA1D346399E ] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
15:59:18.0595 0x17d4  USB3MON - ok
15:59:18.0683 0x17d4  [ 23DFBFC713C67C9A33D8171CF130C71F, F270A7E61D9C6F6663BE2B2C125812DB41533792DA60E30C764D6BCB665E4083 ] C:\Program Files (x86)\Anker Precision Laser Gaming Mouse\AnkerMonEx.exe
15:59:18.0778 0x17d4  EsternTimesMouseExRun - detected UnsignedFile.Multi.Generic ( 1 )
15:59:21.0365 0x17d4  EsternTimesMouseExRun ( UnsignedFile.Multi.Generic ) - warning
15:59:23.0791 0x17d4  [ 7C73B5C50CAEDB1771A049142026906B, A4992339D71A9297963C70616C4124BD701E46AEE439E09C392C2B2EBAE624E6 ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
15:59:23.0815 0x17d4  StartCCC - ok
15:59:23.0857 0x17d4  [ 66177D4C99FD8B578C7C56DE445E4D5D, 003D0254D7C693A72DE84CB76858F8D67D9FD62206F1B56DF7F5D0FA834C3BA7 ] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
15:59:23.0873 0x17d4  avgnt - ok
15:59:23.0898 0x17d4  [ 9FC37280F3693413D14CB7DEC890257B, BBFAE8669FEB63CDFD7AEBD180B74F84A2DD4D8685B9DFAE9EDE52FF1497113A ] C:\Program Files (x86)\Gaming Mouse\DareUMonitor.exe
15:59:23.0929 0x17d4  Dare-U mouse - detected UnsignedFile.Multi.Generic ( 1 )
15:59:26.0455 0x17d4  Dare-U mouse ( UnsignedFile.Multi.Generic ) - warning
15:59:28.0863 0x17d4  [ CB08561AB36857CCF74BF11475C9AEB2, 5F15F6868A719A0A84D3E0FE2BC4E76975C50FA99D642279DDA972269ADFDB8B ] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
15:59:28.0876 0x17d4  Avira Systray - ok
15:59:28.0899 0x17d4  [ 6A188ECFCA5A2A6F41CA145FC93F96A6, 48D70FAA4C4F6F1F6542E2C54085857CE6906A69C0412E8A08BF69010FDF07CF ] C:\Program Files (x86)\GIGABYTE\ET6\ETCall.exe
15:59:28.0920 0x17d4  EasyTuneVI - detected UnsignedFile.Multi.Generic ( 1 )
15:59:31.0340 0x17d4  Detect skipped due to KSN trusted
15:59:31.0340 0x17d4  EasyTuneVI - ok
15:59:31.0410 0x17d4  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
15:59:31.0473 0x17d4  Sidebar - ok
15:59:31.0491 0x17d4  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
15:59:31.0515 0x17d4  mctadmin - ok
15:59:31.0534 0x17d4  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
15:59:31.0560 0x17d4  Sidebar - ok
15:59:31.0564 0x17d4  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
15:59:31.0575 0x17d4  mctadmin - ok
15:59:31.0682 0x17d4  [ 77F425FD2051D4CE8F32B21A76190EDD, AA1778E87CBEA1B7900E3423DA7E778FDC9133896362646927B4A59086600DDD ] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_17_0_0_134_Plugin.exe
15:59:31.0708 0x17d4  FlashPlayerUpdate - ok
15:59:31.0709 0x17d4  Waiting for KSN requests completion. In queue: 6
15:59:32.0709 0x17d4  Waiting for KSN requests completion. In queue: 6
15:59:33.0709 0x17d4  Waiting for KSN requests completion. In queue: 5
15:59:34.0823 0x17d4  AV detected via SS2: Avira Antivirus, C:\Program Files (x86)\Avira\AntiVir Desktop\wsctool.exe ( 15.0.10.414 ), 0x41000 ( enabled : updated )
15:59:34.0851 0x17d4  Win FW state via NFP2: enabled
15:59:37.0201 0x17d4  ============================================================
15:59:37.0201 0x17d4  Scan finished
15:59:37.0201 0x17d4  ============================================================
15:59:37.0212 0x1cd0  Detected object count: 2
15:59:37.0212 0x1cd0  Actual detected object count: 2
16:03:21.0103 0x1cd0  EsternTimesMouseExRun ( UnsignedFile.Multi.Generic ) - skipped by user
16:03:21.0103 0x1cd0  EsternTimesMouseExRun ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:03:21.0104 0x1cd0  Dare-U mouse ( UnsignedFile.Multi.Generic ) - skipped by user
16:03:21.0104 0x1cd0  Dare-U mouse ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:04:17.0609 0x2504  Deinitialize success
         
Die beiden gefundenen "Bedrohungen" dürften Dateien meiner PC-Maus sein.

Alt 07.05.2015, 07:15   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Unerwünschte automatische Aktivität durch Aufruf einer Webseite - Standard

Unerwünschte automatische Aktivität durch Aufruf einer Webseite



Passt


Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 07.05.2015, 11:22   #9
ThomasLanger
 
Unerwünschte automatische Aktivität durch Aufruf einer Webseite - Standard

ComboFix



So sieht der ComboFix-Log aus:
Code:
ATTFilter
ComboFix 15-05-07.01 - Fabian 07.05.2015  11:54:00.1.8 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.8150.6585 [GMT 2:00]
ausgeführt von:: c:\users\Fabian\Desktop\ComboFix.exe
AV: Avira Antivirus *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Antivirus *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Fabian\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\users\Fabian\Favorites\bookmarks-2011-12-31.json
c:\users\Fabian\Favorites\bookmarks.html
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-04-07 bis 2015-05-07  ))))))))))))))))))))))))))))))
.
.
2015-05-06 11:12 . 2015-05-06 11:12	--------	d-----w-	c:\programdata\Malwarebytes
2015-05-06 11:12 . 2015-05-06 11:21	--------	d-----w-	c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-05-06 11:12 . 2015-05-06 11:12	136408	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-05-06 11:11 . 2015-05-06 11:11	107736	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2015-05-05 21:10 . 2015-05-05 21:13	--------	d-----w-	C:\FRST
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-05-07 09:59 . 2013-06-16 18:03	25640	----a-w-	c:\windows\gdrv.sys
2015-05-05 10:08 . 2013-09-15 09:46	152744	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2015-05-05 10:08 . 2013-09-15 09:46	132120	----a-w-	c:\windows\system32\drivers\avipbb.sys
2015-04-09 11:35 . 2013-06-16 18:04	30528	----a-w-	c:\windows\GVTDrv64.sys
2015-04-03 13:32 . 2013-06-20 15:47	25640	----a-w-	c:\windows\etdrv.sys
2015-03-20 21:19 . 2013-08-16 23:21	348672	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2015-03-20 21:19 . 2013-08-16 22:56	348672	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2015-03-20 21:15 . 2013-08-16 22:56	280904	----a-w-	c:\windows\SysWow64\PnkBstrB.ex0
2015-03-18 12:24 . 2013-06-16 20:29	778928	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2015-03-18 12:24 . 2013-06-16 20:29	142512	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-03-05 13:17 . 2013-09-15 09:46	44088	----a-w-	c:\windows\system32\drivers\avnetflt.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2012-08-09 5263504]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-05-20 291648]
"EsternTimesMouseExRun"="c:\program files (x86)\Anker Precision Laser Gaming Mouse\AnkerMonEx.exe" [2013-04-23 3351040]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-03-28 642656]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2015-05-05 728312]
"Dare-U mouse"="c:\program files (x86)\Gaming Mouse\DareUMonitor.exe" [2012-08-21 786432]
"Avira Systray"="c:\program files (x86)\Avira\My Avira\Avira.OE.Systray.exe" [2015-03-16 129272]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 AntiVirMailService;Avira Email-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe [x]
R2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 etdrv;etdrv;c:\windows\etdrv.sys;c:\windows\etdrv.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys;c:\windows\GVTDrv64.sys [x]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R4 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
R4 mi-raysat_3dsmax2013_64;mental ray 3.10 Satellite for Autodesk 3ds Max 2013 64-bit;c:\program files\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64server.exe;c:\program files\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64server.exe [x]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys;c:\windows\SYSNATIVE\Drivers\EtronHub3.sys [x]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys;c:\windows\SYSNATIVE\Drivers\EtronXHCI.sys [x]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10	164760	----a-w-	c:\users\Fabian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10	164760	----a-w-	c:\users\Fabian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10	164760	----a-w-	c:\users\Fabian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10	164760	----a-w-	c:\users\Fabian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10	164760	----a-w-	c:\users\Fabian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10	164760	----a-w-	c:\users\Fabian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10	164760	----a-w-	c:\users\Fabian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10	164760	----a-w-	c:\users\Fabian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:Tabs
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 80.69.103.78 80.69.102.158
FF - ProfilePath - c:\users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\pvfukepq.default-1423612076849\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3330181468-2195716113-3604754730-1000\Software\SecuROM\License information*]
"datasecu"=hex:fd,d1,12,1d,35,16,ec,34,bd,9b,29,33,56,db,45,ba,22,1f,a4,c0,64,
   17,cd,4f,9a,6e,b1,3f,79,a7,6e,bd,b3,f3,17,fa,b4,58,49,fd,cc,5e,53,0a,2a,55,\
"rkeysecu"=hex:6b,21,4a,e0,20,c7,4b,44,01,43,c0,6d,2d,03,ef,d9
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-05-07  12:04:09 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2015-05-07 10:04
.
Vor Suchlauf: 12 Verzeichnis(se), 530.608.525.312 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 530.244.562.944 Bytes frei
.
- - End Of File - - F654DE16D21930C6FAF4092DAC3B382F
A36C5E4F47E84449FF07ED3517B43A31
         
Übrigens, hier mal eine eMail, die ich gestern Abend bekommen habe (in Outlook):
(hatte sowas bisher noch nie)


Ob das Löschen der Dateien wohl die Probleme beseitigt haben kann?

Alt 08.05.2015, 08:51   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Unerwünschte automatische Aktivität durch Aufruf einer Webseite - Standard

Unerwünschte automatische Aktivität durch Aufruf einer Webseite



Logg dich bei Amazaon normal ein, wenn dort keine Meldung kommt dieser Art ist die Mail Fake und einfach zu löschen.


Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 08.05.2015, 10:59   #11
ThomasLanger
 
Unerwünschte automatische Aktivität durch Aufruf einer Webseite - Standard

mbam | AdwCleaner | JRT



mbam hat ein paar Sachen rausgeworfen, die anderen Programme haben nichts weiter gefunden.

mbam-Log:
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 08.05.2015
Suchlauf-Zeit: 11:12:32
Logdatei: mbamlog.txt
Administrator: Ja

Version: 2.01.6.1022
Malware Datenbank: v2015.05.08.02
Rootkit Datenbank: v2015.04.21.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Fabian

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 394893
Verstrichene Zeit: 8 Min, 31 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 1
PUP.Optional.Binkiland.A, HKU\S-1-5-21-3330181468-2195716113-3604754730-1000\SOFTWARE\Binkiland Browser, In Quarantäne, [c07288095f2b9c9a5fb6f96538cd14ec], 

Registrierungswerte: 9
PUP.Optional.Binkiland.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, hxxp://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_ir_15_07&cd=2XzuyEtN2Y1L1QzuzyyE0D0EzztDtByB0C0FyD0C0CtCtA0DtN0D0Tzu0StCtCtAyCtN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAyBzzyBzzyE0D0DtGtC0AtAtDtG0CtCtAtCtGyEyEtCyBtGyCzzzy0B0E0EyE0BzzzzzyyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0DyD0EtC0AtBtCtGyBtC0FtAtGyE0DtAyCtGzzyDtDyDtGzytCtCtAtD0D0B0FyCtByCtA2Q&cr=750978400&ir=, In Quarantäne, [f53d91009febdd59d12491409c67e51b]
PUP.Optional.Binkiland.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TopResultURLFallback, hxxp://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_ir_15_07&cd=2XzuyEtN2Y1L1QzuzyyE0D0EzztDtByB0C0FyD0C0CtCtA0DtN0D0Tzu0StCtCtAyCtN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAyBzzyBzzyE0D0DtGtC0AtAtDtG0CtCtAtCtGyEyEtCyBtGyCzzzy0B0E0EyE0BzzzzzyyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0DyD0EtC0AtBtCtGyBtC0FtAtGyE0DtAyCtGzzyDtDyDtGzytCtCtAtD0D0B0FyCtByCtA2Q&cr=750978400&ir=, In Quarantäne, [72c0eca5018943f3aa4b4d84847fdb25]
PUP.Optional.Binkiland.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, Binkiland, In Quarantäne, [ab87dcb52c5e54e2777e706117ec10f0]
PUP.Optional.Binkiland.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|DisplayName, Binkiland, In Quarantäne, [62d0e1b07d0dfc3afef79b3653b06a96]
PUP.Optional.Binkiland.C, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|AppPath, C:\Program Files (x86)\WSE_Binkiland\\, In Quarantäne, [f73b345df496e551838e537c38cb926e]
PUP.Optional.Binkiland.A, HKU\S-1-5-21-3330181468-2195716113-3604754730-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, hxxp://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_ir_15_07&cd=2XzuyEtN2Y1L1QzuzyyE0D0EzztDtByB0C0FyD0C0CtCtA0DtN0D0Tzu0StCtCtAyCtN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAyBzzyBzzyE0D0DtGtC0AtAtDtG0CtCtAtCtGyEyEtCyBtGyCzzzy0B0E0EyE0BzzzzzyyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0DyD0EtC0AtBtCtGyBtC0FtAtGyE0DtAyCtGzzyDtDyDtGzytCtCtAtD0D0B0FyCtByCtA2Q&cr=750978400&ir=, In Quarantäne, [c66c1f72aedc41f552a4d9f8e02311ef]
PUP.Optional.Binkiland.A, HKU\S-1-5-21-3330181468-2195716113-3604754730-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TopResultURLFallback, hxxp://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_ir_15_07&cd=2XzuyEtN2Y1L1QzuzyyE0D0EzztDtByB0C0FyD0C0CtCtA0DtN0D0Tzu0StCtCtAyCtN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAyBzzyBzzyE0D0DtGtC0AtAtDtG0CtCtAtCtGyEyEtCyBtGyCzzzy0B0E0EyE0BzzzzzyyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0DyD0EtC0AtBtCtGyBtC0FtAtGyE0DtAyCtGzzyDtDyDtGzytCtCtAtD0D0B0FyCtByCtA2Q&cr=750978400&ir=, In Quarantäne, [f141c1d07c0e79bd8f671cb5897a8779]
PUP.Optional.Binkiland.A, HKU\S-1-5-21-3330181468-2195716113-3604754730-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, Binkiland, In Quarantäne, [38fa8e03f39746f02fc74f8208fbe41c]
PUP.Optional.Binkiland.A, HKU\S-1-5-21-3330181468-2195716113-3604754730-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|DisplayName, Binkiland, In Quarantäne, [42f0eba6e5a5d6609165a62b61a2a15f]

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 0
(Keine schädliche Elemente gefunden)

Dateien: 0
(Keine schädliche Elemente gefunden)

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)
         
AdwCleaner:
Code:
ATTFilter
# AdwCleaner v4.203 - Bericht erstellt 08/05/2015 um 11:38:44
# Aktualisiert 30/04/2015 von Xplode
# Datenbank : 2015-05-08.1 [Server]
# Betriebssystem : Windows 7 Professional Service Pack 1 (x64)
# Benutzername : Fabian - BEST-PC
# Gestarted von : C:\Users\Fabian\Desktop\AdwCleaner_4.203.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\apn
Ordner Gelöscht : C:\Program Files (x86)\DriverToolkit
Ordner Gelöscht : C:\Users\Fabian\AppData\Local\DriverToolkit

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\DriverToolkit
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Steam App 228200
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17631


-\\ Mozilla Firefox v37.0.2 (x86 de)


-\\ Chromium v


*************************

AdwCleaner[R0].txt - [1471 Bytes] - [08/05/2015 11:37:28]
AdwCleaner[S0].txt - [1235 Bytes] - [08/05/2015 11:38:44]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1294  Bytes] ##########
         
JRT:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.6.8 (05.06.2015:1)
OS: Windows 7 Professional x64
Ran by Fabian on 08.05.2015 at 11:43:52,73
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08.05.2015 at 11:45:42,31
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

Eine Zwischenfrage für die Zukunft:
Ist es generell ungefährlich, mit den bisherigen Programmen bloß zu scannen, soweit ich weitere Maßnahmen nur auf Nachfrage hin ergreife? (allein um zu schauen ob sich etwas auf dem PC finden lässt)


Fast hätte ich das FRST-Log vergessen

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-05-2015 01
Ran by Fabian (administrator) on BEST-PC on 08-05-2015 12:00:19
Running from C:\Users\Fabian\Desktop
Loaded Profiles: Fabian (Available profiles: Fabian)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
() C:\Program Files (x86)\Anker Precision Laser Gaming Mouse\AnkerMonEx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files (x86)\Gaming Mouse\DareUMonitor.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5263504 2012-08-09] (VIA)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-20] (Intel Corporation)
HKLM-x32\...\Run: [EsternTimesMouseExRun] => C:\Program Files (x86)\Anker Precision Laser Gaming Mouse\AnkerMonEx.exe [3351040 2013-04-23] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [728312 2015-05-05] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Dare-U mouse] => C:\Program Files (x86)\Gaming Mouse\DareUMonitor.exe [786432 2012-08-21] ()
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3330181468-2195716113-3604754730-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3330181468-2195716113-3604754730-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3330181468-2195716113-3604754730-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-12-10] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-10] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-3330181468-2195716113-3604754730-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 80.69.103.78 80.69.102.158

FireFox:
========
FF ProfilePath: C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\pvfukepq.default-1423612076849
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-18] ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-23] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-18] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-12-10] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-10] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-09-26] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3330181468-2195716113-3604754730-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Fabian\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-02-20] (Unity Technologies ApS)
FF Extension: YouTube Unblocker - C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\pvfukepq.default-1423612076849\Extensions\youtubeunblocker@unblocker.yt [2015-02-11]
FF Extension: Undo Closed Tabs Button - C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\pvfukepq.default-1423612076849\Extensions\undoclosedtabsbutton@supernova00.biz.xpi [2015-02-11]
FF Extension: Tab Notifier Free - C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\pvfukepq.default-1423612076849\Extensions\{1a94bb10-95a5-43e3-a933-808cd0a6e5fc}.xpi [2015-05-07]
FF Extension: {cfd61a71-5d8b-423c-99d3-cb9c245739be} - C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\pvfukepq.default-1423612076849\Extensions\{cfd61a71-5d8b-423c-99d3-cb9c245739be}.xpi [2015-03-18]
FF Extension: Adblock Plus - C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\pvfukepq.default-1423612076849\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-11]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827640 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-05-05] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1185584 2015-05-05] (Avira Operations GmbH & Co. KG)
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
S3 ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S4 mi-raysat_3dsmax2013_64; C:\Program Files\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64server.exe [86016 2011-09-15] () [File not signed]
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910640 2015-03-20] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-07-16] ()
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-08-03] (VIA Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22680 2012-10-25] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [152744 2015-05-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-05-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-05] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-12-30] (Disc Soft Ltd)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2015-04-09] ()
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [110744 2012-07-19] (Qualcomm Atheros Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-08 12:00 - 2015-05-08 12:00 - 00000000 ____D () C:\Users\Fabian\Desktop\FRST-OlderVersion
2015-05-08 11:57 - 2015-05-08 11:38 - 00001374 _____ () C:\Users\Fabian\Desktop\AdwCleaner[S0].txt
2015-05-08 11:45 - 2015-05-08 11:45 - 00000601 _____ () C:\Users\Fabian\Desktop\JRT.txt
2015-05-08 11:44 - 2015-05-08 11:44 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-BEST-PC-Windows-7-Professional-(64-bit).dat
2015-05-08 11:43 - 2015-05-08 11:43 - 00000000 ____D () C:\RegBackup
2015-05-08 11:37 - 2015-05-08 11:38 - 00000000 ____D () C:\AdwCleaner
2015-05-08 11:09 - 2015-05-08 11:09 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-05-08 11:09 - 2015-05-08 11:09 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-05-08 11:09 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-08 11:09 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-08 11:06 - 2015-05-08 11:06 - 02716843 _____ (Thisisu) C:\Users\Fabian\Desktop\JRT.exe
2015-05-08 11:05 - 2015-05-08 11:05 - 02204160 _____ () C:\Users\Fabian\Desktop\AdwCleaner_4.203.exe
2015-05-08 11:04 - 2015-05-08 11:05 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Fabian\Desktop\mbam-setup-2.1.6.1022.exe
2015-05-07 12:04 - 2015-05-07 12:04 - 00014557 _____ () C:\Users\Fabian\Desktop\ComboFix.txt
2015-05-07 11:59 - 2015-05-08 11:35 - 00003056 _____ () C:\Windows\PFRO.log
2015-05-07 11:51 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-05-07 11:51 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-05-07 11:51 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-05-07 11:51 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-05-07 11:51 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-05-07 11:51 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-05-07 11:51 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-05-07 11:51 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-05-07 11:50 - 2015-05-07 12:04 - 00000000 ____D () C:\Qoobox
2015-05-07 11:50 - 2015-05-07 12:02 - 00000000 ____D () C:\Windows\erdnt
2015-05-07 11:45 - 2015-05-07 11:45 - 05621999 ____R (Swearware) C:\Users\Fabian\Desktop\ComboFix.exe
2015-05-06 13:12 - 2015-05-08 11:09 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-06 13:12 - 2015-05-08 11:09 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-06 13:12 - 2015-05-06 13:21 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-05-06 13:11 - 2015-05-06 13:21 - 00000000 ____D () C:\Users\Fabian\Desktop\mbar
2015-05-06 13:11 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-06 12:21 - 2015-05-06 12:21 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Fabian\Desktop\tdsskiller.exe
2015-05-06 01:18 - 2015-05-06 01:18 - 00026429 _____ () C:\Users\Fabian\AppData\Local\recently-used.xbel
2015-05-05 23:11 - 2015-05-05 23:13 - 00056342 _____ () C:\Users\Fabian\Desktop\Addition.txt
2015-05-05 23:10 - 2015-05-08 12:00 - 00013569 _____ () C:\Users\Fabian\Desktop\FRST.txt
2015-05-05 23:10 - 2015-05-08 12:00 - 00000000 ____D () C:\FRST
2015-05-05 23:09 - 2015-05-08 12:00 - 02102272 _____ (Farbar) C:\Users\Fabian\Desktop\FRST64.exe
2015-04-24 11:15 - 2015-04-24 11:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-21 16:22 - 2015-05-04 12:39 - 00001522 _____ () C:\Users\Fabian\Desktop\Weiterkommen (Mitte April 2015).txt
2015-04-21 13:08 - 2015-05-03 15:50 - 00000000 ____D () C:\Users\Fabian\Desktop\soziale Modelle und sonstiges
2015-04-20 23:39 - 2015-05-02 21:36 - 00000313 _____ () C:\Users\Fabian\Desktop\Fahrt nach Köln.txt
2015-04-19 13:38 - 2015-04-19 13:40 - 00000249 _____ () C:\Users\Fabian\Desktop\Bewerbungsgestaltung und -inhaltsideen - Soziale Arbeit (Hochschule).txt
2015-04-19 13:27 - 2015-04-19 13:27 - 00001425 _____ () C:\Users\Fabian\Desktop\Bewerbung - 3. Seite Motivationsschreiben.lnk
2015-04-19 13:15 - 2015-04-21 16:22 - 00000325 _____ () C:\Users\Fabian\Desktop\Köln - wer hat wann Zeit.txt
2015-04-19 12:15 - 2015-04-19 12:24 - 00000188 _____ () C:\Users\Fabian\Desktop\Hochschul- Besichtigungen.txt
2015-04-19 12:15 - 2015-04-19 12:15 - 00000061 _____ () C:\Users\Fabian\Desktop\Hochschul- Bewerbungsfristen.txt
2015-04-19 00:10 - 2015-05-06 22:27 - 00000000 ____D () C:\Users\Fabian\Desktop\meine Ernährung
2015-04-17 14:56 - 2015-04-17 14:57 - 00000000 ____D () C:\Users\Fabian\Downloads\KnAuszüge
2015-04-17 00:05 - 2015-05-06 12:19 - 00000000 ____D () C:\Users\Fabian\Desktop\Bewerbungskram
2015-04-14 12:51 - 2015-04-28 22:44 - 00000158 _____ () C:\Users\Fabian\Desktop\Girokonto-Banken (empfohlene).txt
2015-04-13 16:40 - 2015-04-14 23:00 - 00001269 _____ () C:\Users\Fabian\Desktop\Finanzieller Bedarf (mein).txt
2015-04-12 01:05 - 2015-05-08 11:46 - 00001736 _____ () C:\Windows\setupact.log
2015-04-12 01:05 - 2015-04-12 01:05 - 00000000 _____ () C:\Windows\setuperr.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-08 11:54 - 2009-07-14 06:45 - 00031856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-08 11:54 - 2009-07-14 06:45 - 00031856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-08 11:51 - 2011-04-12 09:43 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2015-05-08 11:51 - 2011-04-12 09:43 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2015-05-08 11:51 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-08 11:46 - 2013-06-17 01:14 - 01146693 _____ () C:\Windows\WindowsUpdate.log
2015-05-08 11:46 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-08 11:00 - 2013-06-23 16:22 - 00000000 ____D () C:\Users\Fabian\Documents\Outlook-Dateien
2015-05-08 10:57 - 2014-08-19 15:36 - 00000000 ____D () C:\Users\Fabian\AppData\Local\Adobe
2015-05-07 12:26 - 2013-06-16 20:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-07 12:04 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2015-05-07 11:59 - 2013-06-16 20:03 - 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
2015-05-07 11:59 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2015-05-07 01:21 - 2015-03-17 18:57 - 00000330 _____ () C:\Users\Fabian\Desktop\Ordnungssystem - einzelne Themen.txt
2015-05-06 01:19 - 2014-03-26 23:51 - 00000000 ____D () C:\Users\Fabian\.gimp-2.8
2015-05-06 01:17 - 2014-03-26 23:56 - 00000000 ____D () C:\Users\Fabian\AppData\Local\gtk-2.0
2015-05-05 12:10 - 2015-03-05 22:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-05-05 12:08 - 2013-09-15 11:46 - 00152744 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-05-05 12:08 - 2013-09-15 11:46 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-04-20 12:21 - 2012-01-02 00:12 - 00000000 ____D () C:\Users\Fabian\Documents\Archiv
2015-04-10 13:35 - 2014-03-22 02:43 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-10 13:35 - 2013-09-15 11:46 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-04-09 13:55 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-04-09 13:35 - 2013-06-16 20:04 - 00030528 _____ () C:\Windows\GVTDrv64.sys

==================== Files in the root of some directories =======

2015-05-06 01:18 - 2015-05-06 01:18 - 0026429 _____ () C:\Users\Fabian\AppData\Local\recently-used.xbel
2014-11-10 13:20 - 2015-03-06 00:53 - 0007597 _____ () C:\Users\Fabian\AppData\Local\Resmon.ResmonCfg

Some content of TEMP:
====================
C:\Users\Fabian\AppData\Local\Temp\avgnt.exe
C:\Users\Fabian\AppData\Local\Temp\Quarantine.exe
C:\Users\Fabian\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-06 14:15

==================== End Of Log ============================
         
--- --- ---

Geändert von ThomasLanger (08.05.2015 um 11:03 Uhr) Grund: nachträglich: frisches FRST log

Alt 09.05.2015, 08:10   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Unerwünschte automatische Aktivität durch Aufruf einer Webseite - Standard

Unerwünschte automatische Aktivität durch Aufruf einer Webseite




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 10.05.2015, 15:21   #13
ThomasLanger
 
Unerwünschte automatische Aktivität durch Aufruf einer Webseite - Standard

ESET | SecurityCheck | frisches FRST-Log



Keine neuen Funde.

ESET-Log:
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=dc34d7da2d7f8f4a8a4c9bc6a38cd4b3
# engine=23777
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-05-10 01:55:23
# local_time=2015-05-10 03:55:23 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 52028784 182895973 0 0
# scanned=445498
# found=0
# cleaned=0
# scan_time=5841
         
SecurityCheck-Log:
Code:
ATTFilter
 Results of screen317's Security Check version 1.001  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Antivirus   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 67  
 Java 8 Update 25  
 Java version 32-bit out of Date! 
 Adobe Flash Player 17.0.0.134  
 Adobe Reader XI  
 Mozilla Firefox (37.0.2) 
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         
frisches FRST-Log:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-05-2015
Ran by Fabian (administrator) on BEST-PC on 10-05-2015 16:03:56
Running from C:\Users\Fabian\Desktop
Loaded Profiles: Fabian (Available profiles: Fabian)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
() C:\Program Files (x86)\Anker Precision Laser Gaming Mouse\AnkerMonEx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files (x86)\Gaming Mouse\DareUMonitor.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5263504 2012-08-09] (VIA)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-20] (Intel Corporation)
HKLM-x32\...\Run: [EsternTimesMouseExRun] => C:\Program Files (x86)\Anker Precision Laser Gaming Mouse\AnkerMonEx.exe [3351040 2013-04-23] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [728312 2015-05-05] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Dare-U mouse] => C:\Program Files (x86)\Gaming Mouse\DareUMonitor.exe [786432 2012-08-21] ()
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3330181468-2195716113-3604754730-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3330181468-2195716113-3604754730-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3330181468-2195716113-3604754730-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-12-10] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-10] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-3330181468-2195716113-3604754730-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 80.69.103.78 80.69.102.158

FireFox:
========
FF ProfilePath: C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\pvfukepq.default-1423612076849
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-18] ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-23] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-18] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-12-10] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-10] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-09-26] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3330181468-2195716113-3604754730-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Fabian\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-02-20] (Unity Technologies ApS)
FF Extension: YouTube Unblocker - C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\pvfukepq.default-1423612076849\Extensions\youtubeunblocker@unblocker.yt [2015-02-11]
FF Extension: Undo Closed Tabs Button - C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\pvfukepq.default-1423612076849\Extensions\undoclosedtabsbutton@supernova00.biz.xpi [2015-02-11]
FF Extension: Tab Notifier Free - C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\pvfukepq.default-1423612076849\Extensions\{1a94bb10-95a5-43e3-a933-808cd0a6e5fc}.xpi [2015-05-07]
FF Extension: {cfd61a71-5d8b-423c-99d3-cb9c245739be} - C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\pvfukepq.default-1423612076849\Extensions\{cfd61a71-5d8b-423c-99d3-cb9c245739be}.xpi [2015-03-18]
FF Extension: Adblock Plus - C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\pvfukepq.default-1423612076849\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-11]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827640 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-05-05] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1185584 2015-05-05] (Avira Operations GmbH & Co. KG)
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
S3 ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S4 mi-raysat_3dsmax2013_64; C:\Program Files\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64server.exe [86016 2011-09-15] () [File not signed]
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910640 2015-03-20] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-07-16] ()
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-08-03] (VIA Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22680 2012-10-25] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [152744 2015-05-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-05-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-05] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-12-30] (Disc Soft Ltd)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2015-04-09] ()
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [110744 2012-07-19] (Qualcomm Atheros Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-10 16:03 - 2015-05-10 16:03 - 00000000 ____D () C:\Users\Fabian\Desktop\FRST-OlderVersion
2015-05-10 16:02 - 2015-05-10 16:02 - 00000843 _____ () C:\Users\Fabian\Desktop\checkup.txt
2015-05-10 14:15 - 2015-05-10 14:15 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-05-09 22:53 - 2015-05-09 22:53 - 00852630 _____ () C:\Users\Fabian\Desktop\SecurityCheck.exe
2015-05-09 22:52 - 2015-05-09 22:52 - 02347384 _____ (ESET) C:\Users\Fabian\Desktop\esetsmartinstaller_deu.exe
2015-05-08 11:57 - 2015-05-08 11:38 - 00001374 _____ () C:\Users\Fabian\Desktop\AdwCleaner[S0].txt
2015-05-08 11:45 - 2015-05-08 11:45 - 00000601 _____ () C:\Users\Fabian\Desktop\JRT.txt
2015-05-08 11:44 - 2015-05-08 11:44 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-BEST-PC-Windows-7-Professional-(64-bit).dat
2015-05-08 11:43 - 2015-05-08 11:43 - 00000000 ____D () C:\RegBackup
2015-05-08 11:37 - 2015-05-08 11:38 - 00000000 ____D () C:\AdwCleaner
2015-05-08 11:09 - 2015-05-08 11:09 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-05-08 11:09 - 2015-05-08 11:09 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-05-08 11:09 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-08 11:09 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-08 11:06 - 2015-05-08 11:06 - 02716843 _____ (Thisisu) C:\Users\Fabian\Desktop\JRT.exe
2015-05-08 11:05 - 2015-05-08 11:05 - 02204160 _____ () C:\Users\Fabian\Desktop\AdwCleaner_4.203.exe
2015-05-07 12:04 - 2015-05-07 12:04 - 00014557 _____ () C:\Users\Fabian\Desktop\ComboFix.txt
2015-05-07 11:59 - 2015-05-08 11:35 - 00003056 _____ () C:\Windows\PFRO.log
2015-05-07 11:51 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-05-07 11:51 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-05-07 11:51 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-05-07 11:51 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-05-07 11:51 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-05-07 11:51 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-05-07 11:51 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-05-07 11:51 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-05-07 11:50 - 2015-05-07 12:04 - 00000000 ____D () C:\Qoobox
2015-05-07 11:50 - 2015-05-07 12:02 - 00000000 ____D () C:\Windows\erdnt
2015-05-07 11:45 - 2015-05-07 11:45 - 05621999 ____R (Swearware) C:\Users\Fabian\Desktop\ComboFix.exe
2015-05-06 13:12 - 2015-05-08 11:09 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-06 13:12 - 2015-05-08 11:09 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-06 13:12 - 2015-05-06 13:21 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-05-06 13:11 - 2015-05-06 13:21 - 00000000 ____D () C:\Users\Fabian\Desktop\mbar
2015-05-06 13:11 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-06 12:21 - 2015-05-06 12:21 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Fabian\Desktop\tdsskiller.exe
2015-05-06 01:18 - 2015-05-06 01:18 - 00026429 _____ () C:\Users\Fabian\AppData\Local\recently-used.xbel
2015-05-05 23:11 - 2015-05-05 23:13 - 00056342 _____ () C:\Users\Fabian\Desktop\Addition.txt
2015-05-05 23:10 - 2015-05-10 16:03 - 00013851 _____ () C:\Users\Fabian\Desktop\FRST.txt
2015-05-05 23:10 - 2015-05-10 16:03 - 00000000 ____D () C:\FRST
2015-05-05 23:09 - 2015-05-10 16:03 - 02102784 _____ (Farbar) C:\Users\Fabian\Desktop\FRST64.exe
2015-04-24 11:15 - 2015-04-24 11:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-21 16:22 - 2015-05-04 12:39 - 00001522 _____ () C:\Users\Fabian\Desktop\Weiterkommen (Mitte April 2015).txt
2015-04-21 13:08 - 2015-05-03 15:50 - 00000000 ____D () C:\Users\Fabian\Desktop\soziale Modelle und sonstiges
2015-04-20 23:39 - 2015-05-02 21:36 - 00000313 _____ () C:\Users\Fabian\Desktop\Fahrt nach Köln.txt
2015-04-19 13:38 - 2015-04-19 13:40 - 00000249 _____ () C:\Users\Fabian\Desktop\Bewerbungsgestaltung und -inhaltsideen - Soziale Arbeit (Hochschule).txt
2015-04-19 13:27 - 2015-04-19 13:27 - 00001425 _____ () C:\Users\Fabian\Desktop\Bewerbung - 3. Seite Motivationsschreiben.lnk
2015-04-19 13:15 - 2015-04-21 16:22 - 00000325 _____ () C:\Users\Fabian\Desktop\Köln - wer hat wann Zeit.txt
2015-04-19 12:15 - 2015-04-19 12:24 - 00000188 _____ () C:\Users\Fabian\Desktop\Hochschul- Besichtigungen.txt
2015-04-19 12:15 - 2015-04-19 12:15 - 00000061 _____ () C:\Users\Fabian\Desktop\Hochschul- Bewerbungsfristen.txt
2015-04-19 00:10 - 2015-05-06 22:27 - 00000000 ____D () C:\Users\Fabian\Desktop\meine Ernährung
2015-04-17 14:56 - 2015-04-17 14:57 - 00000000 ____D () C:\Users\Fabian\Downloads\KnAuszüge
2015-04-17 00:05 - 2015-05-08 17:29 - 00000000 ____D () C:\Users\Fabian\Desktop\Bewerbungskram
2015-04-14 12:51 - 2015-04-28 22:44 - 00000158 _____ () C:\Users\Fabian\Desktop\Girokonto-Banken (empfohlene).txt
2015-04-13 16:40 - 2015-04-14 23:00 - 00001269 _____ () C:\Users\Fabian\Desktop\Finanzieller Bedarf (mein).txt
2015-04-12 01:05 - 2015-05-08 11:46 - 00001736 _____ () C:\Windows\setupact.log
2015-04-12 01:05 - 2015-04-12 01:05 - 00000000 _____ () C:\Windows\setuperr.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-10 14:16 - 2014-08-19 15:36 - 00000000 ____D () C:\Users\Fabian\AppData\Local\Adobe
2015-05-10 14:07 - 2013-06-23 16:22 - 00000000 ____D () C:\Users\Fabian\Documents\Outlook-Dateien
2015-05-10 14:07 - 2013-06-17 01:14 - 01148628 _____ () C:\Windows\WindowsUpdate.log
2015-05-09 22:51 - 2011-04-12 09:43 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2015-05-09 22:51 - 2011-04-12 09:43 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2015-05-09 22:51 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-08 11:54 - 2009-07-14 06:45 - 00031856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-08 11:54 - 2009-07-14 06:45 - 00031856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-08 11:46 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-07 12:26 - 2013-06-16 20:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-07 12:04 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2015-05-07 11:59 - 2013-06-16 20:03 - 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
2015-05-07 11:59 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2015-05-07 01:21 - 2015-03-17 18:57 - 00000330 _____ () C:\Users\Fabian\Desktop\Ordnungssystem - einzelne Themen.txt
2015-05-06 01:19 - 2014-03-26 23:51 - 00000000 ____D () C:\Users\Fabian\.gimp-2.8
2015-05-06 01:17 - 2014-03-26 23:56 - 00000000 ____D () C:\Users\Fabian\AppData\Local\gtk-2.0
2015-05-05 12:10 - 2015-03-05 22:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-05-05 12:08 - 2013-09-15 11:46 - 00152744 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-05-05 12:08 - 2013-09-15 11:46 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-04-20 12:21 - 2012-01-02 00:12 - 00000000 ____D () C:\Users\Fabian\Documents\Archiv
2015-04-10 13:35 - 2014-03-22 02:43 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-10 13:35 - 2013-09-15 11:46 - 00000000 ____D () C:\Program Files (x86)\Avira

==================== Files in the root of some directories =======

2015-05-06 01:18 - 2015-05-06 01:18 - 0026429 _____ () C:\Users\Fabian\AppData\Local\recently-used.xbel
2014-11-10 13:20 - 2015-03-06 00:53 - 0007597 _____ () C:\Users\Fabian\AppData\Local\Resmon.ResmonCfg

Some content of TEMP:
====================
C:\Users\Fabian\AppData\Local\Temp\avgnt.exe
C:\Users\Fabian\AppData\Local\Temp\Quarantine.exe
C:\Users\Fabian\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-06 14:15

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Probleme habe ich keine mehr mit dem Rechner. Ist die Operation damit beendet?

Eine Frage für die Zukunft wäre noch offen:
Ist es generell ungefährlich, mit den bisherigen Programmen bloß zu scannen, soweit ich weitere Maßnahmen nur auf Nachfrage hin ergreife? (allein um zu schauen ob sich etwas auf dem PC finden lässt)

Freundlichen Gruß

Alt 11.05.2015, 09:43   #14
schrauber
/// the machine
/// TB-Ausbilder
 

Unerwünschte automatische Aktivität durch Aufruf einer Webseite - Standard

Unerwünschte automatische Aktivität durch Aufruf einer Webseite



AdwCleaner und MBAM kann man schon mal benutzen

Java updaten.


Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

Falls Combofix verwendet wurde:
Combofix deinstallieren .
  • Wichtig: Bitte Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.
  • Drücke bitte die + R Taste und schreibe Combofix /Uninstall in das Ausführen-Fenster.
  • Klicke auf OK.
    Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert.
  • Nun die eben deaktivierten Programme wieder aktivieren.

Alle Logs gepostet? Dann lade Dir bitte DelFix herunter.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...und/oder das Forum mit einer kleinen Spende unterstützen.

Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:

Browser
Java
Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank.
Meine Empfehlung:

Emsisoft

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:
NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.
Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.


Lade Software von einem sauberen Portal wie .
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwarecleaner .


Abschließend noch ein paar grundsätzliche Bemerkungen:
Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 11.05.2015, 12:14   #15
ThomasLanger
 
Unerwünschte automatische Aktivität durch Aufruf einer Webseite - Standard

Danke!



Super, vielen Dank für die Hilfe!

Antwort

Themen zu Unerwünschte automatische Aktivität durch Aufruf einer Webseite
antivir, appdata, aufruf, automatische, bildschirm, cpu-auslastung, dateien, design, gelöscht, gen, kleines, link, links, neue, neuen, nichts, offen, ordner, prozesse, rechner, seite, tab, temp, unerwünschte aktivität, viele prozesse, win



Ähnliche Themen: Unerwünschte automatische Aktivität durch Aufruf einer Webseite


  1. Verdächtige aktivität nach aufruf einer Spam seite
    Plagegeister aller Art und deren Bekämpfung - 04.09.2014 (1)
  2. Bei Aufruf einer Seite oder Funktion öffnen sich ständig Fenster, die nicht gewünscht sind, auch während ich dies schreibe.
    Log-Analyse und Auswertung - 08.06.2014 (1)
  3. Viagra Werbung beim Aufruf einer Webseite - aber nur mit Internet Explorer
    Plagegeister aller Art und deren Bekämpfung - 19.09.2013 (11)
  4. ständig Fehlermeldung: der Zugang zu einer potenziell gefährlichen Webseite wurde geblockt,...
    Plagegeister aller Art und deren Bekämpfung - 19.08.2013 (23)
  5. Malwarebytes: Zugang zu einer potenziell gefärlichen webseite gestoppt
    Log-Analyse und Auswertung - 30.04.2013 (3)
  6. Ich habe mir das Plugin von einer Streaming-Webseite gedownloadet/installiert
    Log-Analyse und Auswertung - 21.03.2013 (14)
  7. SMTP-Aktivität ohne Auslösung durch User
    Log-Analyse und Auswertung - 20.12.2012 (19)
  8. Gesperrt durch automatische Informationskontrolle
    Log-Analyse und Auswertung - 24.09.2012 (11)
  9. computer durch automatische informationskontrolle gesperrt
    Plagegeister aller Art und deren Bekämpfung - 14.09.2012 (15)
  10. Malwarebytes stoppt nach Neuinstallation ständig zugang zu einer potenziell gefährlichen Webseite
    Antiviren-, Firewall- und andere Schutzprogramme - 17.08.2012 (2)
  11. Computer durch automatische Informationskontrolle gesperrt.
    Plagegeister aller Art und deren Bekämpfung - 02.07.2012 (11)
  12. Zugang zu einer Potenziell gefährlichen Webseite erfolgreich gestoppt. Art: ausgehend
    Plagegeister aller Art und deren Bekämpfung - 21.03.2012 (11)
  13. Automatische Email-Versand durch Virus
    Log-Analyse und Auswertung - 19.12.2010 (1)
  14. Virusmeldung bei Aufruf einer Internetseite
    Diskussionsforum - 13.01.2010 (4)
  15. ungewollte automatische Weiterleitung bei URL aufruf
    Log-Analyse und Auswertung - 25.09.2007 (4)
  16. Trojaner-Download bei Aufruf einer Webseite
    Diskussionsforum - 25.06.2007 (3)
  17. Browsereinstellungen die automatische Umleitung zu einer neuen URL verhindern
    Alles rund um Windows - 02.05.2005 (16)

Zum Thema Unerwünschte automatische Aktivität durch Aufruf einer Webseite - Guten Tag, ich bin vorhin durch einen Link auf die Seite hxxp://www.meetandfuckgames.com/index.html gekommen. Diese öffnete sich in einem neuen Tab, den ich sofort schloß (noch bevor die Seite geladen hatte). - Unerwünschte automatische Aktivität durch Aufruf einer Webseite...
Archiv
Du betrachtest: Unerwünschte automatische Aktivität durch Aufruf einer Webseite auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.