Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: avast erkennt bgbutton finished.png-passwortgeschützte Archive

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 22.06.2015, 15:52   #1
louis cyphre
 
avast erkennt bgbutton finished.png-passwortgeschützte Archive - Standard

avast erkennt bgbutton finished.png-passwortgeschützte Archive



Hallo,

Aufgrund einer erheblichen Verlangsamung meines Systems hab ich ein vollständigen Scan
durchgeführt, welcher 2 bgbutton finished.png Datein als passwortgeschützte Archive gemeldet hat.



FRST- Scan
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:21-06-2015 01
Ran by **** (administrator) on MADI on 22-06-2015 16:34:07
Running from C:\Users\****\Desktop
Loaded Profiles: **** (Available Profiles: ****)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\OTBSurvey.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SETF631.tmp
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmprph.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6846096 2012-11-20] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1253520 2012-11-20] (Realtek Semiconductor)
HKLM\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe
HKLM\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5757328 2012-10-19] (Dell Inc.)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2796272 2013-11-22] (Synaptics Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-11-19] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642728 2012-10-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-04] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [143888 2012-06-01] (CyberLink Corp.)
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-20] (Avast Software s.r.o.)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3246641006-4039149904-3516313396-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-3246641006-4039149904-3516313396-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [28787840 2015-06-02] (Skype Technologies S.A.)
HKU\S-1-5-21-3246641006-4039149904-3516313396-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [479744 2014-10-29] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-04-23] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3246641006-4039149904-3516313396-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell13.msn.com
HKU\S-1-5-21-3246641006-4039149904-3516313396-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-11-27] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-04-23] (Avast Software s.r.o.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-11-27] (Oracle Corporation)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll [2015-01-28] (DVDVideoSoft Ltd.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-04-14] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-23] (Avast Software s.r.o.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-04-14] (Oracle Corporation)
BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll [2015-01-28] (DVDVideoSoft Ltd.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\7j1nc3sb.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-06-09] ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-11-27] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-11-27] (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-09] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-04-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-04-14] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll [2013-07-24] (Nullsoft, Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Extension: FlyOrDie Quick Java Installer - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\7j1nc3sb.default\Extensions\java@flyordie.com.xpi [2013-11-16]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\7j1nc3sb.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi [2015-02-16]
FF Extension: Adblock Plus - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\7j1nc3sb.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-08-19]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-08-19]

Chrome: 
=======
CHR Profile: C:\Users\****\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-19]
CHR Extension: (Google Drive) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-19]
CHR Extension: (YouTube) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-19]
CHR Extension: (Google Search) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-19]
CHR Extension: (Google Wallet) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-08]
CHR Extension: (Gmail) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-19]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-23]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-23] (Avast Software s.r.o.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\OTBSurvey.exe [145288 2015-04-09] (Dell Inc.)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2557136 2015-02-26] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201936 2015-02-26] (Dell Inc.)
S2 DellDigitalDelivery; c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [173056 2012-06-19] (Dell Products, LP.) [File not signed]
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [232152 2015-05-20] (Dell Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-21] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-25] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201872 2012-11-23] (Realtek Semiconductor)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1914728 2012-09-12] (SoftThinks SAS)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [19288 2015-04-10] (Dell Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2013-12-15] (Advanced Micro Devices, Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-04-23] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-04-23] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-04-23] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-04-23] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-04-23] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-04-23] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-04-23] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-04-23] ()
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [857472 2012-08-29] (Motorola Solutions, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-01-31] (Dell Computer Corporation)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [23312 2015-01-31] (Dell Computer Corporation)
S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-25] (OSR Open Systems Resources, Inc.)
R3 NETwNe64; C:\Windows\system32\DRIVERS\Netwew00.sys [3345376 2013-10-08] (Intel Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [28040 2012-12-21] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2013-11-22] (Synaptics Incorporated)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-22 16:34 - 2015-06-22 16:34 - 00017895 _____ C:\Users\****\Desktop\FRST.txt
2015-06-22 16:33 - 2015-06-22 16:34 - 00000000 ____D C:\FRST
2015-06-22 16:30 - 2015-06-22 16:31 - 02109952 _____ (Farbar) C:\Users\****\Desktop\FRST64.exe
2015-06-22 16:02 - 2015-06-22 16:02 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\****\Desktop\tdsskiller.exe
2015-06-21 21:07 - 2015-06-21 21:07 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2015-06-21 21:06 - 2015-06-21 21:06 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
2015-06-21 21:06 - 2015-06-21 21:06 - 00000000 ____D C:\WINDOWS\LastGood
2015-06-21 21:06 - 2013-11-22 15:36 - 00540912 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\SynTP.sys
2015-06-21 21:06 - 2013-11-22 15:36 - 00402672 _____ (Synaptics Incorporated) C:\WINDOWS\SysWOW64\SynCom.dll
2015-06-21 21:06 - 2013-11-22 15:36 - 00254704 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SETEABF.tmp
2015-06-21 21:06 - 2013-11-22 15:36 - 00208112 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynTPCo20.dll
2015-06-21 21:06 - 2013-11-22 15:36 - 00031472 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_Intel.sys
2015-06-21 21:06 - 2013-04-16 18:33 - 01795952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01011.dll
2015-06-21 21:05 - 2013-08-05 21:20 - 00053248 _____ (Windows XP Bundled build C-Centric Single User) C:\WINDOWS\SysWOW64\CSVer.dll
2015-06-12 09:42 - 2015-06-12 09:42 - 00000000 ____D C:\Program Files (x86)\Dell Customer Connect
2015-06-12 09:35 - 2015-06-12 09:35 - 00000000 ____D C:\Program Files (x86)\Dell Update
2015-06-11 13:51 - 2015-05-25 15:23 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-06-11 13:51 - 2015-05-25 15:07 - 01430528 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-06-11 13:51 - 2015-04-16 08:17 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-06-11 13:51 - 2015-04-14 00:37 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2015-06-11 13:51 - 2015-04-14 00:34 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2015-06-11 13:51 - 2015-04-10 02:40 - 01249280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-06-11 13:51 - 2015-04-10 02:17 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-06-11 13:51 - 2015-04-09 00:41 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rgb9rast.dll
2015-06-11 13:51 - 2015-04-09 00:07 - 00410336 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-06-11 13:51 - 2015-04-02 00:42 - 03097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-06-11 13:51 - 2015-04-02 00:30 - 02483712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-06-11 13:51 - 2015-04-01 06:21 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2015-06-11 13:51 - 2015-04-01 06:18 - 00468480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2015-06-11 13:51 - 2015-04-01 06:17 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssphtb.dll
2015-06-11 13:51 - 2015-04-01 06:08 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2015-06-11 13:51 - 2015-04-01 05:46 - 03633664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2015-06-11 13:51 - 2015-04-01 05:17 - 02551808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2015-06-11 13:51 - 2015-04-01 05:17 - 00903168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2015-06-11 13:51 - 2015-04-01 04:53 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2015-06-11 13:51 - 2015-04-01 04:53 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2015-06-11 13:51 - 2015-04-01 04:45 - 02749952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2015-06-11 13:51 - 2015-04-01 04:45 - 00699392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2015-06-11 13:51 - 2015-04-01 04:14 - 01920000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2015-06-11 13:51 - 2015-04-01 04:12 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2015-06-11 13:51 - 2015-03-20 05:49 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2015-06-11 13:51 - 2015-03-20 05:08 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2015-06-11 13:51 - 2015-03-20 04:37 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2015-06-11 13:51 - 2015-03-20 04:07 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-06-11 13:51 - 2015-03-02 03:43 - 00222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastapi.dll
2015-06-11 13:51 - 2015-03-02 03:21 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastapi.dll
2015-06-10 16:32 - 2015-05-27 16:35 - 24917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-06-10 16:32 - 2015-05-27 16:08 - 19607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-06-10 16:32 - 2015-05-23 05:15 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-06-10 16:32 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-06-10 16:32 - 2015-05-23 05:10 - 02278912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-06-10 16:32 - 2015-05-23 05:05 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-06-10 16:32 - 2015-05-23 05:04 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2015-06-10 16:32 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-06-10 16:32 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-06-10 16:32 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-06-10 16:32 - 2015-05-23 04:47 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-06-10 16:32 - 2015-05-23 04:43 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-06-10 16:32 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-06-10 16:32 - 2015-05-23 04:38 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-06-10 16:32 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-06-10 16:32 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-06-10 16:32 - 2015-05-23 04:28 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-06-10 16:32 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-06-10 16:32 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-06-10 16:32 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-06-10 16:32 - 2015-05-22 21:00 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-06-10 16:32 - 2015-05-22 21:00 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-06-10 16:32 - 2015-05-22 21:00 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-06-10 16:32 - 2015-05-22 20:52 - 06026240 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-06-10 16:32 - 2015-05-22 20:48 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-06-10 16:32 - 2015-05-22 20:47 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-06-10 16:32 - 2015-05-22 20:47 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-06-10 16:32 - 2015-05-22 20:24 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-06-10 16:32 - 2015-05-22 20:23 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-06-10 16:32 - 2015-05-22 20:21 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-06-10 16:32 - 2015-05-22 20:15 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-06-10 16:32 - 2015-05-22 20:09 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-06-10 16:32 - 2015-05-22 20:08 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-06-10 16:32 - 2015-05-22 20:06 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-06-10 16:32 - 2015-05-22 20:05 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-06-10 16:32 - 2015-05-22 19:57 - 14404096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-06-10 16:32 - 2015-05-22 19:50 - 02426880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-06-10 16:32 - 2015-05-22 19:49 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-06-10 16:32 - 2015-05-22 19:38 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-06-10 16:32 - 2015-05-22 19:26 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-06-10 16:32 - 2015-05-21 18:47 - 04177920 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-06-10 16:32 - 2015-04-25 04:34 - 00653824 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2015-06-10 16:32 - 2015-04-25 04:33 - 00549888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2015-06-08 13:29 - 2015-06-08 13:31 - 00000000 ____D C:\Users\****\Documents\Heroes of the Storm
2015-06-08 13:28 - 2015-06-08 13:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm
2015-06-08 13:13 - 2015-06-18 23:19 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm
2015-06-08 13:11 - 2015-06-08 13:11 - 00000000 ____D C:\Users\****\AppData\Local\GWX
2015-06-05 14:50 - 2015-05-22 15:08 - 00700416 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-06-05 14:50 - 2015-05-21 15:08 - 01119232 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-06-05 14:50 - 2015-05-21 15:08 - 01020928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-06-05 14:50 - 2015-05-21 15:08 - 00756736 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-06-05 14:50 - 2015-05-21 15:08 - 00422912 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-06-05 14:50 - 2015-05-21 15:08 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2015-06-05 14:50 - 2015-05-21 15:08 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-06-05 14:50 - 2015-04-17 00:07 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-06-03 07:59 - 2015-06-13 17:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-02 22:51 - 2015-06-02 22:51 - 00018473 _____ C:\Users\****\Desktop\zeitformen.odt
2015-05-30 19:15 - 2015-05-31 15:56 - 00018985 _____ C:\Users\****\Desktop\finn.odt
2015-05-26 17:34 - 2015-05-27 22:58 - 00016011 _____ C:\Users\****\Desktop\Umschreiben_Mieter.odt
2015-05-25 14:46 - 2015-05-25 14:46 - 01196832 _____ C:\Users\****\Downloads\lame3.99.5 - CHIP-Installer.exe
2015-05-25 14:43 - 2015-05-25 14:43 - 00202295 _____ C:\Users\****\Downloads\libmp3lame-win-3.99.3.zip

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-22 16:27 - 2014-10-20 05:08 - 01615160 _____ C:\WINDOWS\WindowsUpdate.log
2015-06-22 16:00 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-06-22 15:58 - 2013-08-19 00:29 - 00000000 ____D C:\Users\****\AppData\Roaming\Skype
2015-06-22 09:16 - 2015-02-12 13:34 - 00000000 ____D C:\ProgramData\SupportAssistAgent
2015-06-22 00:40 - 2013-08-18 17:59 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-06-21 23:29 - 2013-08-18 17:44 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3246641006-4039149904-3516313396-1001
2015-06-21 21:11 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-06-21 21:07 - 2014-09-24 08:17 - 01780340 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-06-21 21:07 - 2014-09-24 07:43 - 00766620 _____ C:\WINDOWS\system32\perfh007.dat
2015-06-21 21:07 - 2014-09-24 07:43 - 00159902 _____ C:\WINDOWS\system32\perfc007.dat
2015-06-21 21:07 - 2013-08-22 16:46 - 00307591 _____ C:\WINDOWS\setupact.log
2015-06-21 21:07 - 2013-03-18 06:12 - 00011608 _____ C:\WINDOWS\DPINST.LOG
2015-06-21 21:06 - 2014-12-14 21:37 - 00000000 ____D C:\Users\****\AppData\Local\Battle.net
2015-06-21 21:05 - 2014-10-20 04:38 - 00000000 ____D C:\Program Files (x86)\Intel
2015-06-21 21:05 - 2013-03-18 06:25 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2015-06-21 21:04 - 2013-03-18 06:10 - 00000000 ____D C:\ProgramData\Dell
2015-06-21 21:01 - 2013-08-19 00:28 - 00000000 ____D C:\ProgramData\Skype
2015-06-21 10:22 - 2014-12-14 21:37 - 00000000 ____D C:\Program Files (x86)\Battle.net
2015-06-18 15:40 - 2013-08-18 17:42 - 00000000 ____D C:\Users\****\AppData\Local\softthinks
2015-06-16 21:56 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-06-16 21:55 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-06-16 15:10 - 2015-01-26 17:09 - 00000000 ____D C:\Users\****\Desktop\Tor Browser
2015-06-16 15:08 - 2013-10-02 19:57 - 00000000 ____D C:\Users\****\Documents\VirtualDJ
2015-06-15 23:36 - 2014-12-14 21:48 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2015-06-13 19:39 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache
2015-06-13 17:34 - 2013-08-22 16:44 - 00371640 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-06-13 17:33 - 2014-09-23 23:06 - 00158030 _____ C:\WINDOWS\PFRO.log
2015-06-13 17:33 - 2013-08-18 17:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-13 17:31 - 2015-04-17 12:30 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-06-13 17:31 - 2014-09-24 09:43 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-06-13 17:31 - 2013-08-22 17:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-06-13 17:31 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-06-13 15:39 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-06-13 15:38 - 2013-08-30 02:42 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-06-13 15:35 - 2013-08-30 02:42 - 140135120 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-06-12 09:42 - 2014-07-11 15:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2015-06-11 09:16 - 2015-02-12 13:34 - 00003900 _____ C:\WINDOWS\System32\Tasks\Dell SupportAssistAgent AutoUpdate
2015-06-09 19:40 - 2013-08-18 17:59 - 00003772 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-06-08 18:53 - 2015-04-13 10:36 - 00000000 ____D C:\Users\****\Desktop\avec plaisir
2015-06-08 13:29 - 2014-12-14 21:37 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2015-06-03 18:18 - 2015-04-17 17:44 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-06-03 18:18 - 2015-04-17 17:44 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-28 07:37 - 2013-03-18 06:16 - 00000000 ____D C:\ProgramData\PCDr
2015-05-27 23:00 - 2013-10-02 20:33 - 00000000 ____D C:\Users\****\AppData\Roaming\Audacity
2015-05-25 14:49 - 2013-10-04 23:01 - 00000000 ____D C:\Users\****\Desktop\auda
2015-05-24 13:27 - 2015-04-13 10:34 - 00000000 ____D C:\Users\****\Desktop\écriture

==================== Files in the root of some directories =======

2015-05-19 14:57 - 2015-05-19 14:57 - 0000850 _____ () C:\Users\****\AppData\Local\recently-used.xbel
2013-11-10 19:44 - 2013-11-10 19:44 - 0007602 _____ () C:\Users\****\AppData\Local\Resmon.ResmonCfg
2013-03-18 06:21 - 2013-03-18 06:21 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2013-03-18 06:16 - 2013-03-18 06:18 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2013-03-18 06:18 - 2013-03-18 06:19 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2013-03-18 06:16 - 2013-03-18 06:16 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2013-03-18 06:19 - 2013-03-18 06:21 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log

Some files in TEMP:
====================
C:\Users\****\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\****\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\****\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\****\AppData\Local\Temp\SDShelEx-x64.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-17 09:32

==================== End of log ============================
         
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version:21-06-2015 01
Ran by **** at 2015-06-22 16:35:42
Running from C:\Users\****\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3246641006-4039149904-3516313396-500 - Administrator - Disabled)
Gast (S-1-5-21-3246641006-4039149904-3516313396-501 - Limited - Disabled)
**** (S-1-5-21-3246641006-4039149904-3516313396-1001 - Administrator - Enabled) => C:\Users\****

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Age of Empires III (HKLM-x32\...\InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
AMD Catalyst Install Manager (HKLM\...\{B9C542F2-31A8-8EC1-B349-28C74D2A865C}) (Version: 8.0.891.0 - Advanced Micro Devices, Inc.)
Audacity 2.0.4 (HKLM-x32\...\Audacity_is1) (Version: 2.0.4 - Audacity Team)
Audials USB (HKLM-x32\...\{8BF5D162-E215-4C00-8CDF-FDD9DADC7A34}) (Version: 10.3.34300.0 - RapidSolution Software AG)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.0.0.2 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.0.0.2 - Dell Inc.)
Dell Customer Connect (HKLM-x32\...\{FEFDCDCF-C49C-45D0-AAF8-5345858ADEC7}) (Version: 1.2.1.0 - Dell Inc.)
Dell Data Vault (Version: 4.2.2.0 - Dell Inc.) Hidden
Dell Digital Delivery (HKLM-x32\...\{D9ED3EFC-AB00-4CE0-ADED-80EE6B1158A7}) (Version: 2.2.2000.0 - Dell Products, LP)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.0.6584.81 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.0.3.60494 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 18.0.1.0 - Synaptics Incorporated)
Dell Update (HKLM-x32\...\{3FB000F3-7444-41C1-A0A6-53E8FD0B7D9C}) (Version: 1.6.1007.0 - Dell Inc.)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Free YouTube Download version 3.2.56.324 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.56.324 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.57.324 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.57.324 - DVDVideoSoft Ltd.)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (HKLM\...\{F13921D6-AE6D-41BF-807A-17BD99C0A4FD}) (Version: 15.5.5.0480 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{0728A184-F899-4356-B93D-8228674F0DEB}) (Version: 2.6.1209.0268 - Motorola Solutions, Inc.)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.7.0.1013 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 - Intel Corporation)
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.550 - Oracle)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 38.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 de)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
OpenOffice 4.0.0 (HKLM-x32\...\{B28DBCBA-60F8-40ED-B35B-F510C327946C}) (Version: 4.00.9702 - Apache Software Foundation)
PowerXpressHybrid (x32 Version: 1.00.0000 - Ihr Firmenname) Hidden
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.15.012 - Dell Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6788 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.102 - Skype Technologies S.A.)
Überwachungstool für die Intel® Turbo-Boost-Technik 2.6 (HKLM\...\{6C9365EB-1F9E-4893-9196-3EC77C88D0C5}) (Version: 2.6.2.0 - Intel)
VirtualDJ Home FREE (HKLM-x32\...\{A6AC699F-8315-40CA-8F70-E917494978AB}) (Version: 7.4 - Atomix Productions)
Winamp (HKLM-x32\...\Winamp) (Version: 5.65  - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKU\S-1-5-21-3246641006-4039149904-3516313396-1001\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3246641006-4039149904-3516313396-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\****\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
CustomCLSID: HKU\S-1-5-21-3246641006-4039149904-3516313396-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

==================== Restore Points =========================

04-06-2015 07:47:48 Geplanter Prüfpunkt
10-06-2015 17:03:18 Windows Update
12-06-2015 09:41:16 Dell Update: Dell Customer Connect
21-06-2015 02:17:49 Geplanter Prüfpunkt

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0470A8BC-37DB-4D93-8191-A2A4C8A7F60C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-03-07] (Adobe Systems Incorporated)
Task: {0ACFBC51-5F33-4FE4-BC7E-3FC19A0D6C6C} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Time-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {15BDC69C-C9B2-4E67-ADD4-1A7FCA1D7A49} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {1E5759DA-69AF-4B09-8547-D9A42272DD8E} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-06-20] (Avast Software s.r.o.)
Task: {2C3912E4-CF8E-43B1-9CEB-BED8129DD371} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {486318D5-65EE-4CAA-AF21-C3769DA1E893} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-09] (Adobe Systems Incorporated)
Task: {4A9AA1BD-66BB-44ED-BD43-F42540893EE2} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-06] (Microsoft Corporation)
Task: {5C6C8F72-86EC-4850-B598-164EF859339A} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {69AB49E5-B7E0-408D-B323-A1813F2937A7} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-04-10] (Dell Inc.)
Task: {71DE1EDC-DEC3-4B6C-A626-D760C775A3E7} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattel\DiagTrackRunner.exe [2015-03-16] (Microsoft Corporation)
Task: {750AF2DA-A927-4A39-9950-070B95EF44FB} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {84328D5F-4033-4D99-8E6A-B56A51F2E0FE} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-03-20] (PC-Doctor, Inc.)
Task: {91837365-C856-4A5E-92E9-1D6121E2C0DB} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-03-20] (PC-Doctor, Inc.)
Task: {A300981C-094F-4A20-9B85-3548E39B159F} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {B9F5A4DB-6C71-4A15-AA46-82754A7999E0} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {C8E2E9DA-98BC-479F-8E84-18D4F8CBEEC2} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {EA625C72-EF28-436E-BFA2-CCF54567007B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-06-13] (Microsoft Corporation)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Loaded Modules (Whitelisted) ==============

2013-03-18 06:19 - 2012-04-25 04:43 - 00254512 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2015-04-23 10:56 - 2015-04-23 10:56 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-04-23 10:56 - 2015-04-23 10:56 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-06-16 19:15 - 2015-06-16 19:15 - 02952704 _____ () C:\Program Files\AVAST Software\Avast\defs\15061602\algo.dll
2015-06-22 16:06 - 2015-06-22 16:06 - 02952704 _____ () C:\Program Files\AVAST Software\Avast\defs\15062200\algo.dll
2015-01-17 22:10 - 2015-01-17 22:10 - 00016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\8a4ebd0132a76f2a7ce438310a41e9d1\PSIClient.ni.dll
2013-03-18 06:10 - 2012-06-25 20:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-03-18 06:25 - 2012-09-12 22:18 - 02003304 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll
2013-03-18 06:25 - 2012-08-06 11:59 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll
2013-03-18 06:25 - 2012-08-06 11:59 - 00117608 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll
2013-03-18 06:17 - 2012-06-08 05:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 12:34 - 2012-06-08 12:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2015-04-23 10:56 - 2015-04-23 10:56 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS\system32\Drivers\btmhsf.sys:Microsoft_Appcompat_ReinstallUpgrade

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3246641006-4039149904-3516313396-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\****\Pictures\ne_travaillez_jamais.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3246641006-4039149904-3516313396-1001\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-3246641006-4039149904-3516313396-1001\...\StartupApproved\Run: => "DAEMON Tools Lite"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{D3C7EA35-5C17-4A71-B77F-EEAA696FA8C5}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{D0670AF8-5DEF-4540-8963-23717760A22D}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{F5026456-FAE8-4702-81C0-06BB861B02EE}] => (Allow) C:\Program Files (x86)\Microsoft Games\Age of Empires III\age3.exe
FirewallRules: [{4E452A3F-1D82-49BA-B7E7-C75EE0A7CB74}] => (Allow) C:\Program Files (x86)\Microsoft Games\Age of Empires III\age3.exe
FirewallRules: [{320B8612-CE1C-44B6-9CDA-1C8AE5AEAF60}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{C6D51B65-3AA2-4266-A54B-1A5539BC4C17}] => (Allow) C:\Users\****\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{1CCF7CC1-2BF8-4396-98E0-9D7232B55C96}] => (Allow) C:\Users\****\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [UDP Query User{043A1D66-2310-4671-8BFC-F6E775229917}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{B570E7A0-599E-4460-9296-42FCA655B091}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{0E1A943E-83D6-46B1-88D0-22B8DCCB4648}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{F4A414B7-4A05-403B-BED1-C6A5EDA51D88}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{7A6D8C81-693F-49A2-8CC4-7B7B47BB0D01}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{13069498-78AB-40B3-8D1C-25424818091D}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{5538CDE4-DA39-445C-BB36-445277B41CA3}] => (Allow) LPort=1900
FirewallRules: [{186CA9B3-0355-436D-BC40-16773016712B}] => (Allow) LPort=2869
FirewallRules: [{0185ADD7-F72A-4A1F-88AB-6E2A0A9A095A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{EE742F37-0514-497C-9282-4A0A971FC677}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{CBAB3269-5C3B-475B-9737-5424CCB4105F}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{D194B9A1-FF98-44EE-8B3A-A614A3CD04AC}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{FBC2AC37-32F2-4409-AEF0-93BF8212D9A8}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{6970F63D-74B9-420B-B122-9F8149BB9963}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{51EBC294-DEE2-4165-8063-E62BECAEBACC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{1FC81DEF-E32D-40B0-974F-26FF3C5DA7F9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{BC0BE92E-8F60-455E-AD5B-B844A5003C38}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{80B8A612-A323-4118-9777-E3ABE328C90F}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{429D299D-A284-4A0F-9631-5F86778C97A2}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{B757FF51-1DB2-4017-ACD1-F2916066F6DC}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{80914421-9DAD-4A54-B176-7C059528BCCB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{44FDCD91-C8C7-4963-A096-4B2BC66F23BB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [TCP Query User{E89A937B-AB00-4F5C-A085-25C4B7C46A09}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{A023ACAC-2446-4A07-99FA-5E77A923DAB3}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [{1AD6AEF3-9257-468E-8E90-72312636F68C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3632\Agent.exe
FirewallRules: [{C7EBA08C-0FF8-43B1-8F5B-C7A17D2D69CE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3632\Agent.exe
FirewallRules: [{9DE4C0D4-28E4-4769-B729-71C09B0B737F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{5EE3E263-30CB-4050-B09E-012FB6C280F3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{98980CE1-F8FB-4AAE-9553-04BCD98A975E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{65BFA5B4-0C01-4F5B-8D38-37CEB44888EA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [TCP Query User{54790678-E434-416E-A395-88DC55B21D5E}C:\programdata\battle.net\agent\agent.3668\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.3668\agent.exe
FirewallRules: [UDP Query User{1F1A3CEE-9E51-4DCC-A8F8-48F9456046BB}C:\programdata\battle.net\agent\agent.3668\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.3668\agent.exe
FirewallRules: [TCP Query User{51367C30-7AB8-4D1B-B74A-7A4E7285919F}C:\programdata\battle.net\agent\agent.3669\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.3669\agent.exe
FirewallRules: [UDP Query User{BBEA8BC4-AF7F-4307-B48A-4C5513380CC1}C:\programdata\battle.net\agent\agent.3669\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.3669\agent.exe
FirewallRules: [{E1A4DFF5-B770-4C61-AECA-ABA9A75B41AB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9D397C94-92D6-4FF2-84B0-066165226A11}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{AD50D1A1-1CF1-49AC-B9D2-D63E58CCDFA6}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{56E46199-B1D8-43D0-820C-D3C1EA4D0C0A}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [TCP Query User{7BD4749E-0BF2-4026-8C8B-CC03CCDE0A86}C:\programdata\battle.net\agent\agent.3688\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.3688\agent.exe
FirewallRules: [UDP Query User{22FBEDB4-CD2B-45D3-AA33-6EF1EC91D879}C:\programdata\battle.net\agent\agent.3688\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.3688\agent.exe
FirewallRules: [{66082769-62E8-4D07-B36A-8785B6A735FA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
FirewallRules: [{B4ABE796-A708-4F0A-AF69-879EB0AC568A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
FirewallRules: [TCP Query User{10986305-74CC-4422-A901-4FA6AE9A2570}C:\programdata\battle.net\agent\agent.3715\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.3715\agent.exe
FirewallRules: [UDP Query User{B36A8C92-7F56-42D0-BE2B-DE8AD2542825}C:\programdata\battle.net\agent\agent.3715\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.3715\agent.exe
FirewallRules: [TCP Query User{7C30D662-B12D-4F2E-B728-1246B8D49752}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{D46201EA-6B51-46A7-A9F8-12E3C1F09E83}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{5B9C6EE1-3B96-4BA2-AA38-802E50B8D188}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{D2F83138-9AA6-44DF-8CCC-65BE69A9C501}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [TCP Query User{95A2540C-B0EF-4195-9E5A-61D6B40257C9}C:\program files (x86)\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe] => (Block) C:\program files (x86)\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{216EF17D-8086-4D23-BE01-03220F76E28E}C:\program files (x86)\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe] => (Block) C:\program files (x86)\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/22/2015 03:58:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: GWXUX.exe, Version: 6.3.9600.17813, Zeitstempel: 0x554a15f3
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17736, Zeitstempel: 0x550f4336
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000003d85e
ID des fehlerhaften Prozesses: 0x116c
Startzeit der fehlerhaften Anwendung: 0xGWXUX.exe0
Pfad der fehlerhaften Anwendung: GWXUX.exe1
Pfad des fehlerhaften Moduls: GWXUX.exe2
Berichtskennung: GWXUX.exe3
Vollständiger Name des fehlerhaften Pakets: GWXUX.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: GWXUX.exe5

Error: (06/21/2015 09:09:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm quickset.exe, Version 10.15.12.3 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1200

Startzeit: 01d0ac547e4cf346

Endzeit: 0

Anwendungspfad: C:\Program Files\Dell\QuickSet\quickset.exe

Berichts-ID: 0000f57a-1849-11e5-beeb-74867a073a29

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (06/21/2015 09:07:03 PM) (Source: Dell-System-Update) (EventID: 0) (User: )
Description: Synaptics MUP installation Utilies
Description: Synaptics Pointing device driver
Log file: 
Exit code: 3010

Error: (06/21/2015 08:57:12 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description: ATI EEU Client has failed to start

Error: (06/21/2015 07:21:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: GWXUX.exe, Version: 6.3.9600.17813, Zeitstempel: 0x554a15f3
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17736, Zeitstempel: 0x550f4336
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000003d85e
ID des fehlerhaften Prozesses: 0x2080
Startzeit der fehlerhaften Anwendung: 0xGWXUX.exe0
Pfad der fehlerhaften Anwendung: GWXUX.exe1
Pfad des fehlerhaften Moduls: GWXUX.exe2
Berichtskennung: GWXUX.exe3
Vollständiger Name des fehlerhaften Pakets: GWXUX.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: GWXUX.exe5

Error: (06/19/2015 04:30:35 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: WmiApRplC:\WINDOWS\system32\wbem\wmiaprpl.dll4

Error: (06/19/2015 04:30:35 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4

Error: (06/19/2015 04:30:35 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: 

Error: (06/19/2015 04:30:35 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: MSDTCC:\WINDOWS\system32\msdtcuiu.DLL4

Error: (06/19/2015 04:30:35 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: LsaC:\Windows\System32\Secur32.dll4


System errors:
=============
Error: (06/22/2015 04:25:03 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "COMPUTER",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{699E1AB3-798B-460F-A639-81E2753AF0E1}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (06/22/2015 03:58:36 PM) (Source: Service Control Manager) (EventID: 7046) (User: )
Description: Vom folgenden Dienst wurde wiederholt nicht auf Dienststeuerungsanforderungen reagiert: Dell Data Vault

Erkundigen Sie sich beim Diensthersteller oder beim Systemadministrator danach, ob der Dienst deaktiviert werden sollte, bis das Problem gefunden wurde.

Der Computer muss unter Umständen im abgesicherten Modus gestartet werden, um den Dienst deaktivieren zu können.

Error: (06/22/2015 00:24:13 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst DellDataVault erreicht.

Error: (06/22/2015 00:23:43 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst DellDataVault erreicht.

Error: (06/22/2015 09:23:11 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst DellDataVault erreicht.

Error: (06/22/2015 09:07:24 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst DellDataVault erreicht.

Error: (06/22/2015 08:57:29 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst DellDataVault erreicht.

Error: (06/22/2015 08:56:59 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst DellDataVault erreicht.

Error: (06/22/2015 04:07:40 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst DellDataVault erreicht.

Error: (06/22/2015 04:07:10 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst DellDataVault erreicht.


Microsoft Office:
=========================
Error: (06/22/2015 03:58:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: GWXUX.exe6.3.9600.17813554a15f3ntdll.dll6.3.9600.17736550f4336c0000005000000000003d85e116c01d0acf38359749eC:\WINDOWS\System32\GWX\GWXUX.exeC:\WINDOWS\SYSTEM32\ntdll.dllc24b3aff-18e6-11e5-beeb-74867a073a29

Error: (06/21/2015 09:09:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: quickset.exe10.15.12.3120001d0ac547e4cf3460C:\Program Files\Dell\QuickSet\quickset.exe0000f57a-1849-11e5-beeb-74867a073a29

Error: (06/21/2015 09:07:03 PM) (Source: Dell-System-Update) (EventID: 0) (User: )
Description: Synaptics MUP installation Utilies
Description: Synaptics Pointing device driver
Log file: 
Exit code: 3010

Error: (06/21/2015 08:57:12 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description: 

Error: (06/21/2015 07:21:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: GWXUX.exe6.3.9600.17813554a15f3ntdll.dll6.3.9600.17736550f4336c0000005000000000003d85e208001d0ac46b8ac8b04C:\WINDOWS\System32\GWX\GWXUX.exeC:\WINDOWS\SYSTEM32\ntdll.dll0137d06a-183a-11e5-beeb-74867a073a29

Error: (06/19/2015 04:30:35 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: WmiApRplC:\WINDOWS\system32\wbem\wmiaprpl.dll4

Error: (06/19/2015 04:30:35 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4

Error: (06/19/2015 04:30:35 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: 

Error: (06/19/2015 04:30:35 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: MSDTCC:\WINDOWS\system32\msdtcuiu.DLL4

Error: (06/19/2015 04:30:35 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: LsaC:\Windows\System32\Secur32.dll4


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-3337U CPU @ 1.80GHz
Percentage of memory in use: 55%
Total physical RAM: 3965.27 MB
Available physical RAM: 1782.98 MB
Total Pagefile: 4733.27 MB
Available Pagefile: 1819.96 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:916.12 GB) (Free:668 GB) NTFS
Drive x: (PBR Image) (Fixed) (Total:13.81 GB) (Free:0.25 GB) NTFS
Drive y: (WINRETOOLS) (Fixed) (Total:0.49 GB) (Free:0.22 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 4CDD2617)

Partition: GPT Partition Type.

==================== End of log ============================
         
Addition-log

Ich hoffe ich konnte so schon einmal ein wenig vorarbeiten.

Vielen Dank schonmal!

Alt 22.06.2015, 16:29   #2
schrauber
/// the machine
/// TB-Ausbilder
 

avast erkennt bgbutton finished.png-passwortgeschützte Archive - Standard

avast erkennt bgbutton finished.png-passwortgeschützte Archive



hi,

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________

__________________

Alt 22.06.2015, 19:53   #3
louis cyphre
 
avast erkennt bgbutton finished.png-passwortgeschützte Archive - Standard

avast erkennt bgbutton finished.png-passwortgeschützte Archive



hallo,

also ich habe beide Programme durchlaufen lassen, allerdings sind beide nicht fündig geworden.

Nochmals Hallo,

seltsamerweise hat der TDSSKIller im zweiten Durchlauf folgendes erkannt

Code:
ATTFilter
20:02:28.0154 0x12bc  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
20:02:28.0154 0x12bc  UEFI system
20:02:32.0045 0x12bc  ============================================================
20:02:32.0045 0x12bc  Current date / time: 2015/06/22 20:02:32.0045
20:02:32.0045 0x12bc  SystemInfo:
20:02:32.0045 0x12bc  
20:02:32.0045 0x12bc  OS Version: 6.3.9600 ServicePack: 0.0
20:02:32.0045 0x12bc  Product type: Workstation
20:02:32.0045 0x12bc  ComputerName: MADI
20:02:32.0045 0x12bc  UserName: ****
20:02:32.0045 0x12bc  Windows directory: C:\WINDOWS
20:02:32.0045 0x12bc  System windows directory: C:\WINDOWS
20:02:32.0045 0x12bc  Running under WOW64
20:02:32.0045 0x12bc  Processor architecture: Intel x64
20:02:32.0045 0x12bc  Number of processors: 4
20:02:32.0045 0x12bc  Page size: 0x1000
20:02:32.0045 0x12bc  Boot type: Normal boot
20:02:32.0045 0x12bc  ============================================================
20:02:32.0513 0x12bc  KLMD registered as C:\WINDOWS\system32\drivers\72298865.sys
20:02:33.0935 0x12bc  System UUID: {E1D80447-BB38-EB75-10C9-9DBF4F504794}
20:02:35.0139 0x12bc  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:02:35.0217 0x12bc  ============================================================
20:02:35.0217 0x12bc  \Device\Harddisk0\DR0:
20:02:35.0217 0x12bc  GPT partitions:
20:02:35.0217 0x12bc  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {CB6F62F4-FD97-452C-A954-45951A58354D}, Name: EFI system partition, StartLBA 0x800, BlocksNum 0xFA000
20:02:35.0217 0x12bc  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {796BADD3-6BBF-4D9F-B631-466EB71A4965}, UniqueGUID: {9AC705D9-E2BF-452D-8497-8A5086ACC71F}, Name: Basic data partition, StartLBA 0xFA800, BlocksNum 0x14000
20:02:35.0217 0x12bc  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {851117FD-17F7-407A-AD0E-CE9184ABA9C6}, Name: Microsoft reserved partition, StartLBA 0x10E800, BlocksNum 0x40000
20:02:35.0217 0x12bc  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {A80F32E9-B193-421D-9F72-40081D734072}, Name: Basic data partition, StartLBA 0x14E800, BlocksNum 0xFA000
20:02:35.0217 0x12bc  \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {80B6DA3D-1495-4C7A-B252-2317ED686991}, Name: Basic data partition, StartLBA 0x248800, BlocksNum 0x7283E000
20:02:35.0217 0x12bc  \Device\Harddisk0\DR0\Partition6: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {44576358-A9E3-418F-9711-EFFBB41B38D2}, Name: , StartLBA 0x72A86800, BlocksNum 0xE1000
20:02:35.0217 0x12bc  \Device\Harddisk0\DR0\Partition7: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {37D5B3C4-F641-4AA1-A100-52E80B69C120}, Name: Microsoft recovery partition, StartLBA 0x72B67800, BlocksNum 0x1B9EDB0
20:02:35.0217 0x12bc  MBR partitions:
20:02:35.0217 0x12bc  ============================================================
20:02:35.0295 0x12bc  C: <-> \Device\Harddisk0\DR0\Partition5
20:02:35.0295 0x12bc  ============================================================
20:02:35.0295 0x12bc  Initialize success
20:02:35.0295 0x12bc  ============================================================
20:02:50.0421 0x1ec8  ============================================================
20:02:50.0421 0x1ec8  Scan started
20:02:50.0421 0x1ec8  Mode: Manual; SigCheck; TDLFS; 
20:02:50.0421 0x1ec8  ============================================================
20:02:50.0421 0x1ec8  KSN ping started
20:02:52.0890 0x1ec8  KSN ping finished: true
20:02:53.0874 0x1ec8  ================ Scan system memory ========================
20:02:53.0874 0x1ec8  System memory - ok
20:02:53.0874 0x1ec8  ================ Scan services =============================
20:02:54.0452 0x1ec8  [ E1832BD9FD7E0FC2DC9FA5935DE3E8C1, 41FF7418887AFC8B9C96EF21C5950DD342CC9E3C0D87AFD60A05B988C1D6CC23 ] 1394ohci        C:\WINDOWS\System32\drivers\1394ohci.sys
20:02:54.0530 0x1ec8  1394ohci - ok
20:02:54.0546 0x1ec8  [ AD508A1A46EC21B740AB31C28EFDFDB1, 9B1046CF0B80723149BD359B55CC0B8B3ABBEAA9038469F542A4C345C503FB02 ] 3ware           C:\WINDOWS\system32\drivers\3ware.sys
20:02:54.0561 0x1ec8  3ware - ok
20:02:54.0640 0x1ec8  [ E796AE43DDD1844281DB4D57294D17C0, 21AE69615044A96041E46476BE814B52C22624B6C7EA6BFC77BB64F69C3C21F5 ] ACPI            C:\WINDOWS\system32\drivers\ACPI.sys
20:02:54.0655 0x1ec8  ACPI - ok
20:02:54.0702 0x1ec8  [ AC8279D229398BCF05C3154ADCA86813, 083E86CBE53244D24C334DB1511C77025133AE7875191845764B890A8CA5AFA9 ] acpiex          C:\WINDOWS\system32\Drivers\acpiex.sys
20:02:54.0733 0x1ec8  acpiex - ok
20:02:54.0749 0x1ec8  [ A8970D9BF23CD309E0403978A1B58F3F, 9946C8477104EEC7DB197E2222F9905307F101C398CCED4B5FD0F86A5622C791 ] acpipagr        C:\WINDOWS\System32\drivers\acpipagr.sys
20:02:54.0765 0x1ec8  acpipagr - ok
20:02:54.0796 0x1ec8  [ 111A89C99C5B4F1A7BCE5F643DD86F65, 41A2E49FF443927D05F7EF638518108227852984E68D4663C8761178C0B84A45 ] AcpiPmi         C:\WINDOWS\System32\drivers\acpipmi.sys
20:02:54.0827 0x1ec8  AcpiPmi - ok
20:02:54.0843 0x1ec8  [ 5758387D68A20AE7D3245011B07E36E7, 77832E200E8B0D259552F6F60FE454A887E3EBBB9EA2F3590E6645289A04E293 ] acpitime        C:\WINDOWS\System32\drivers\acpitime.sys
20:02:54.0858 0x1ec8  acpitime - ok
20:02:54.0952 0x1ec8  [ 929593D76589294BA3F74540298D1B3E, 3D1C1772579141BD1040363BD65F2A2D78BF42EC85AE96317AE397E3D5267145 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:02:54.0983 0x1ec8  AdobeARMservice - ok
20:02:55.0358 0x1ec8  [ 00CC35F515079F5F94FABC3AC5C7D363, 7CE8B1715009602059DEDD6CBCA9C18EF079EDA344E7809813D6C0A395622B82 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:02:55.0390 0x1ec8  AdobeFlashPlayerUpdateSvc - ok
20:02:55.0515 0x1ec8  [ 7C1FDF1B48298CBA7CE4BDD4978951AD, 80F4D536E1231B30E836F72ADC8814AE6AA9FEC573FB5F3F965FAC8ABCCAF0F8 ] ADP80XX         C:\WINDOWS\system32\drivers\ADP80XX.SYS
20:02:55.0546 0x1ec8  ADP80XX - ok
20:02:55.0577 0x1ec8  [ BCD58DACAA1EAAADC115EDD940478F6D, F31613F583C302F62A00E6766B031531C9E193CAED563689B178BA257715B992 ] AeLookupSvc     C:\WINDOWS\System32\aelupsvc.dll
20:02:55.0624 0x1ec8  AeLookupSvc - ok
20:02:55.0718 0x1ec8  [ D1E343BC00136CE03C4D403194D06A80, 94F2543164A2CEA179EDE53E1294EE24391A59CAEFF83BA5CE9385E8E686E89C ] AERTFilters     C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
20:02:55.0749 0x1ec8  AERTFilters - ok
20:02:55.0780 0x1ec8  [ 374E27295F0A9DCAA8FC96370F9BEEA5, 51C394E0C2322D7D093941A1B8766171B5D1F47DF2FE0834209492891EA7D999 ] AFD             C:\WINDOWS\system32\drivers\afd.sys
20:02:55.0812 0x1ec8  AFD - ok
20:02:55.0858 0x1ec8  [ 7DFAEBA9AD62D20102B576D5CAC45EC8, 9FA5207335303D1E8E9A3C9E1FB82C09AD21B04382F69D777A67E48EE91D2093 ] agp440          C:\WINDOWS\system32\drivers\agp440.sys
20:02:55.0890 0x1ec8  agp440 - ok
20:02:55.0952 0x1ec8  [ FE14D249D39368CA62D8DA6BC94AC694, E1036E22BFBD3750FD2D3DA6AB939B2DD54E824F4BD3E6539EF0E45AB5453DD1 ] ahcache         C:\WINDOWS\system32\DRIVERS\ahcache.sys
20:02:56.0015 0x1ec8  ahcache - ok
20:02:56.0046 0x1ec8  [ 14A45BE6F5678339F0EC5752D9849410, DD0F60E96FAC68FBD5B86382E541408C613BD0F871D0E0A1EF9AB6E7B26E545C ] ALG             C:\WINDOWS\System32\alg.exe
20:02:56.0077 0x1ec8  ALG - ok
20:02:56.0171 0x1ec8  [ B85B5F067E29A94D598E3C35CC76EE2B, 4D6890FCF677637C6FB1E73E212D9208DB2B72432E4155557290892C21895F59 ] AMD External Events Utility C:\WINDOWS\system32\atiesrxx.exe
20:02:56.0312 0x1ec8  AMD External Events Utility - ok
20:02:56.0374 0x1ec8  [ 7589DE749DB6F71A68489DCE04158729, 5F35EDD50737985595C9D6703237CA2ADE49AA5443331020899698EB5114A0FB ] AmdK8           C:\WINDOWS\System32\drivers\amdk8.sys
20:02:56.0405 0x1ec8  AmdK8 - ok
20:02:57.0405 0x1ec8  [ 8E5F9BD597E596ABC7D0CBBF1F5DD229, 2F7A64B3C6F555D13DB151C77816889090DE4CEA0A62EC7B1618748C10F589B4 ] amdkmdag        C:\WINDOWS\system32\DRIVERS\atikmdag.sys
20:02:57.0687 0x1ec8  amdkmdag - ok
20:02:57.0734 0x1ec8  [ C80088CF1D9BE6391051D080EE20BB40, 3CFA490DAAB6E4E8B96497C58308D30A87086A7B1B3F2C542004FEDEDCC2A17F ] amdkmdap        C:\WINDOWS\system32\DRIVERS\atikmpag.sys
20:02:57.0765 0x1ec8  amdkmdap - ok
20:02:57.0796 0x1ec8  [ 8A375CB3B6D1A56A2AEEE72A5F1D0926, 03D6EA77B141675B719E66DA09D1DACC7137B19F9918C303DD6870B3F36ADEBB ] amdkmpfd        C:\WINDOWS\system32\drivers\amdkmpfd.sys
20:02:57.0796 0x1ec8  amdkmpfd - ok
20:02:57.0859 0x1ec8  [ B46D2D89AFF8A9490FA8C98C7A5616E3, BE0765B5423B690E0F097FECD9717FAA95BFDFFDC6CF1B93DE5A19A1B7797879 ] AmdPPM          C:\WINDOWS\System32\drivers\amdppm.sys
20:02:57.0859 0x1ec8  AmdPPM - ok
20:02:57.0890 0x1ec8  [ D2BF2F94A47D332814910FD47C6BBCD2, FE273D77D119D958676E1197D9EA7B008E3B05C6192B1962A81D4223ED204C35 ] amdsata         C:\WINDOWS\system32\drivers\amdsata.sys
20:02:57.0905 0x1ec8  amdsata - ok
20:02:57.0937 0x1ec8  [ A8E04943C7BBA7219AA50400272C3C6E, 794C0BD12DF0392654E9A37AE4A24B5BE2D83F1F24F74DD48A1A0BF3AB8B1FF8 ] amdsbs          C:\WINDOWS\system32\drivers\amdsbs.sys
20:02:57.0984 0x1ec8  amdsbs - ok
20:02:58.0030 0x1ec8  [ CEA5F4F27CFC08E3A44D576811B35F50, 89DF64B81BD109BAABAE93A4603C1617241219F38DDAF325EFE6BD35FF6FD717 ] amdxata         C:\WINDOWS\system32\drivers\amdxata.sys
20:02:58.0062 0x1ec8  amdxata - ok
20:02:58.0140 0x1ec8  [ 444459C4A5530343E786AA71B0047B7C, 5213103CBF608B58D508E297A61C92836D30E321F1810137BB5C1A1C0C9309F7 ] AMPPAL          C:\WINDOWS\System32\drivers\AMPPAL.sys
20:02:58.0187 0x1ec8  AMPPAL - ok
20:02:58.0359 0x1ec8  [ AA6FC5C35650A953DFDB2C4444A79823, 841B700601D73B8B1125597EA17B81D36642A26F0E609CBB4DB1FA9268F1122B ] AMPPALR3        C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
20:02:58.0405 0x1ec8  AMPPALR3 - ok
20:02:58.0437 0x1ec8  [ 415DD71628795197F7AFC176CBADC74E, 5F0359053A6CD6EE239139E0E6F46E1FA9A73F017C0CE9B7BC052216B2C846EC ] AppID           C:\WINDOWS\system32\drivers\appid.sys
20:02:58.0468 0x1ec8  AppID - ok
20:02:58.0499 0x1ec8  [ 34B2E222F82D05398DAE7203B36B6A2B, AC04BC6B5A36A6807FFE302E9ACF073342B4D76B0BB386249251CB3CA1852CE8 ] AppIDSvc        C:\WINDOWS\System32\appidsvc.dll
20:02:58.0530 0x1ec8  AppIDSvc - ok
20:02:58.0562 0x1ec8  [ 680BFB820C5A943AB709BAA2B1EF27F2, A51D2A7976A762FE470C13C6D1BA0319A0FB19C9E66BF02AA44F83EAEC7130F8 ] Appinfo         C:\WINDOWS\System32\appinfo.dll
20:02:58.0609 0x1ec8  Appinfo - ok
20:02:58.0780 0x1ec8  [ 35E28923A23ADABAA5A1B43256D0AB58, A5F3AF8BBEE58B2165BAFACC5FF8B167B55B020998D3D1565C2229ED8753B269 ] AppReadiness    C:\WINDOWS\system32\AppReadiness.dll
20:02:58.0843 0x1ec8  AppReadiness - ok
20:02:59.0046 0x1ec8  [ 573542B5E97772021B73E854DA861DAA, C3FD00FA28060F8D7CDFD455BBB5FF8239CB76DDFFF2BDAE6AA944674DD993D3 ] AppXSvc         C:\WINDOWS\system32\appxdeploymentserver.dll
20:02:59.0109 0x1ec8  AppXSvc - ok
20:02:59.0140 0x1ec8  [ 65045784366F7EC5FB4E71BCF923187B, 53C215C64FF12E44B097F7CB88E8482438CE0ACBD3C68D8FD38BA0D0D8747FAA ] arcsas          C:\WINDOWS\system32\drivers\arcsas.sys
20:02:59.0155 0x1ec8  arcsas - ok
20:02:59.0187 0x1ec8  [ B5B4C90E9F52DA8586F1E5461AD90A5D, D1EAA34E6AEB014E942D22F8CB5FB19BF1E2EADE5B5357274C001F44FDC25F05 ] aswHwid         C:\WINDOWS\system32\drivers\aswHwid.sys
20:02:59.0218 0x1ec8  aswHwid - ok
20:02:59.0234 0x1ec8  [ 300CB8E510855189CAD0B72FFB5590CB, EB50DC553FA8FD9DE3F60AAFED20702EAFBB1498EBD3220A39CC52A12F694246 ] aswMonFlt       C:\WINDOWS\system32\drivers\aswMonFlt.sys
20:02:59.0265 0x1ec8  aswMonFlt - ok
20:02:59.0281 0x1ec8  [ 6D37D8DB30D086739507C5F6E542656A, 746D9E32E729138EA19062F4E6B6C98B6833504020A296E3E2A9CD92E0FED0B9 ] aswRdr          C:\WINDOWS\system32\drivers\aswRdr2.sys
20:02:59.0312 0x1ec8  aswRdr - ok
20:02:59.0343 0x1ec8  [ 07E32DFCA422A2920482D762D01957EC, A6502D26266D708E55EB2883897673AD3087C41D9EA0B41CD6BF6BD923EBDCB8 ] aswRvrt         C:\WINDOWS\system32\drivers\aswRvrt.sys
20:02:59.0359 0x1ec8  aswRvrt - ok
20:02:59.0437 0x1ec8  [ 3B4AC2DBFC86F7247C1FF1FAF2860530, A54A693D01C02AAE2B78BFE9B3900B5A6DD0C2C37C8FA58B14B5F57107032FF5 ] aswSnx          C:\WINDOWS\system32\drivers\aswSnx.sys
20:02:59.0468 0x1ec8  aswSnx - ok
20:02:59.0499 0x1ec8  [ B1368BE5F6BA529E0886F4DA2361BD2D, B95F430B4E4EFE9D257870722AA8F0507FB96FBE3AAB12068C662CCB6A180FE2 ] aswSP           C:\WINDOWS\system32\drivers\aswSP.sys
20:02:59.0531 0x1ec8  aswSP - ok
20:02:59.0609 0x1ec8  [ 6E53278ECCFFBC2ACC2A5006745ED4BB, 392170073A8933DB43CD1D64AD087F972F1971BF83BCAFE5B8FA1273C02026CE ] aswStm          C:\WINDOWS\system32\drivers\aswStm.sys
20:02:59.0702 0x1ec8  aswStm - ok
20:02:59.0781 0x1ec8  [ 91782404718C6352C26B3242BAC3F0F1, 84B1CDD1EBC83FAEBDCC8F67B13CA405C6CF0C518FC016603889EBE48FC91AB9 ] aswVmm          C:\WINDOWS\system32\drivers\aswVmm.sys
20:02:59.0827 0x1ec8  aswVmm - ok
20:02:59.0859 0x1ec8  [ 74B14192CF79A72F7536B27CB8814FBD, 0CF6BBB63FFE0C12777664D80B2797923844C8392D0FD81D7962EE5EE2C3C3D9 ] atapi           C:\WINDOWS\system32\drivers\atapi.sys
20:02:59.0890 0x1ec8  atapi - ok
20:02:59.0999 0x1ec8  [ 8779FDAE68BC948B0FE152E758CC8DA7, 13070C2073F8E7546B48AE9CF54067B9BB75DFCD98F2987B90FFAD20D40D54CF ] AudioEndpointBuilder C:\WINDOWS\System32\AudioEndpointBuilder.dll
20:03:00.0093 0x1ec8  AudioEndpointBuilder - ok
20:03:00.0296 0x1ec8  [ 61EA45A645854FE81D8A924E2D93DFFE, 34F79532297F609CA93C380B68BB8B7B0F027F9C8F4FB8E02A9A43EA3D155F1B ] Audiosrv        C:\WINDOWS\System32\Audiosrv.dll
20:03:00.0359 0x1ec8  Audiosrv - ok
20:03:00.0531 0x1ec8  [ 54236E79A44F909612391C8A2D70D512, B0DF5BCC4F90AF087D0306F8D81F90B2CAE0176813E3AA6A7D5460F7878677CD ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
20:03:00.0562 0x1ec8  avast! Antivirus - ok
20:03:00.0562 0x1ec8  AvastVBoxSvc - ok
20:03:00.0609 0x1ec8  [ 3C6ED74AF41DD1A5585CE5EF3D00915F, A742F576407776634E5A8E49C60023FFDF395DE0B2DE36662A23F85B79405ED2 ] AxInstSV        C:\WINDOWS\System32\AxInstSV.dll
20:03:00.0718 0x1ec8  AxInstSV - ok
20:03:00.0843 0x1ec8  [ A4A73F631FE2AA2826FBE4A399B04DEF, 973AACE8DC8DA669D0DF20F17EFDEEABB90AA046AC980948D16A62D39A606A79 ] b06bdrv         C:\WINDOWS\system32\drivers\bxvbda.sys
20:03:00.0874 0x1ec8  b06bdrv - ok
20:03:00.0937 0x1ec8  [ 8CC7F7E4AFCBA605921B137ED7992C68, 71406E6D6E9964740A6D90B05329D5492BB90AF40E0630CF2FBF4BA4BA14F2DD ] BasicDisplay    C:\WINDOWS\System32\drivers\BasicDisplay.sys
20:03:00.0999 0x1ec8  BasicDisplay - ok
20:03:01.0015 0x1ec8  [ 38A82F4EE8C416A6744B6D30381ED768, 9EAAE5F43BA09359130AC04B1DCA0F5D4DF32ED89C02DC5CEB640918948847F7 ] BasicRender     C:\WINDOWS\System32\drivers\BasicRender.sys
20:03:01.0062 0x1ec8  BasicRender - ok
20:03:01.0109 0x1ec8  [ C1ABB0F7E3BEA48A0417BDF6FF14AB21, 1CAC63A1A0FB9855A27EE977794576A860F6650C9EF7667FFB27F2A2FF721857 ] bcmfn2          C:\WINDOWS\System32\drivers\bcmfn2.sys
20:03:01.0124 0x1ec8  bcmfn2 - ok
20:03:01.0187 0x1ec8  [ 77D760E9B477C21487C171F561497F98, 2393D466CEC863C771C5BB4CD81B251635DC084386134B8E13F74F3E1C6D68DF ] BDESVC          C:\WINDOWS\System32\bdesvc.dll
20:03:01.0234 0x1ec8  BDESVC - ok
20:03:01.0281 0x1ec8  [ EC19013E4CF87609534165DF897274D6, 8ED45537CF2D58D759A587CCBFDADD5580C7447B0C3B172CF19ECC7585E073FC ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
20:03:01.0359 0x1ec8  Beep - ok
20:03:01.0515 0x1ec8  [ 7BCB00EA702F78EC74CD9699D85CE80B, 17241ADAA13051B560DB9FA9079CAE6321D5B49788B596C125DC912443B00421 ] BFE             C:\WINDOWS\System32\bfe.dll
20:03:01.0577 0x1ec8  BFE - ok
20:03:01.0734 0x1ec8  [ 48554994279BFE17A3D2B00076D0CB1A, 6521B1EC0BC6B01F63976370D89FE7DC2E7404899F68B6FAC37A9173B9C5D489 ] BITS            C:\WINDOWS\System32\qmgr.dll
20:03:01.0874 0x1ec8  BITS - ok
20:03:02.0109 0x1ec8  [ 13C358D27CBFAF537FA7CA48B9052CF3, BC6AD061DA6B348774E9B65750C986F43148B78E8F97CCBE9AA99EA7D8759620 ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
20:03:02.0156 0x1ec8  Bluetooth Device Monitor - ok
20:03:02.0296 0x1ec8  [ 7525C93645FDA8E9D8F677FEA833798A, 9878B88C57119580EF1F5D1DF93C62A3CFFFD0AC4E764D9AC05C727D0D1B2EED ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
20:03:02.0343 0x1ec8  Bluetooth OBEX Service - ok
20:03:02.0374 0x1ec8  [ 6B4FFFDDC618FCF64473CAA86E305697, 29EA66071D5822920F5C50533673ADAB5204F8B25C11027AD27450D881F1142D ] bowser          C:\WINDOWS\system32\DRIVERS\bowser.sys
20:03:02.0406 0x1ec8  bowser - ok
20:03:02.0531 0x1ec8  [ FA601515FF2B59F25FDD8EDB1D2A1104, 21DFB53241F8E880F7546B9ADF38F47D6AD0782EC7F8F0284ED69DE7CEF7DCB9 ] BrokerInfrastructure C:\WINDOWS\System32\bisrv.dll
20:03:02.0593 0x1ec8  BrokerInfrastructure - ok
20:03:02.0640 0x1ec8  [ BC111AADACD0BF59D56547461D13AB6E, 91E3619930C29EE4B2683683888BA7EE3CF6B1DDB0C19A14E0880470CBE40EF4 ] Browser         C:\WINDOWS\System32\browser.dll
20:03:02.0734 0x1ec8  Browser - ok
20:03:02.0796 0x1ec8  [ A8F23D453A424FF4DE04989C4727ECC7, AE4A9081395C7379F1C947EF8243F7609F90C843E086B8E77E1A2C06E36D4381 ] BthAvrcpTg      C:\WINDOWS\System32\drivers\BthAvrcpTg.sys
20:03:02.0843 0x1ec8  BthAvrcpTg - ok
20:03:02.0874 0x1ec8  [ 1104A31260CCF4318C884E0AE6C513BF, A8F83B558944DEF0F84414A11DC3CB90C3A92377B46760EC0A9B8BC22FB0D5C7 ] BthEnum         C:\WINDOWS\System32\drivers\BthEnum.sys
20:03:02.0937 0x1ec8  BthEnum - ok
20:03:02.0968 0x1ec8  [ 272A62B660A48AEF366F8A1836CED19F, 78EFAC6B1B2313482329BBFFBF0DDA6462BD88E5BE3C817C5E8E0EAF3074C925 ] BthHFEnum       C:\WINDOWS\System32\drivers\bthhfenum.sys
20:03:03.0031 0x1ec8  BthHFEnum - ok
20:03:03.0046 0x1ec8  [ 71FE2A48E4C93DDB9798C024880B6C07, 8E93DE29C61A5FA64216231228CB3C4A1A693FE87CAA2C070BCAD7BE2D8ED000 ] bthhfhid        C:\WINDOWS\System32\drivers\BthHFHid.sys
20:03:03.0078 0x1ec8  bthhfhid - ok
20:03:03.0187 0x1ec8  [ 9307A4B743D277C499CDA8E19E5687AC, 7A01989EC3D54581F292BDEDC9B9445F2ABD50165102617E3089BDD061C63A19 ] BthHFSrv        C:\WINDOWS\System32\BthHFSrv.dll
20:03:03.0249 0x1ec8  BthHFSrv - ok
20:03:03.0281 0x1ec8  [ D30C67473A2E229662D21F27EAA9AAA5, D009C4836B0DFE963D8E3DEEDE611068838F2BBCAB146E6D70692FAB838E11F1 ] BthLEEnum       C:\WINDOWS\system32\DRIVERS\BthLEEnum.sys
20:03:03.0312 0x1ec8  BthLEEnum - ok
20:03:03.0359 0x1ec8  [ EF4B9E7C9AD88C00C18A12B0D22D1894, 672537E75201E690D86CD65252B8AEF887C76EBD37AB0C419462D69164B350CC ] BTHMODEM        C:\WINDOWS\System32\drivers\bthmodem.sys
20:03:03.0390 0x1ec8  BTHMODEM - ok
20:03:03.0453 0x1ec8  [ 25BB93167DEF270188072603F92A1EF5, CE4637CE4B63420E218F53CAF89A8C85D036B879B80456FEF3C7C395590E26BB ] BthPan          C:\WINDOWS\system32\DRIVERS\bthpan.sys
20:03:03.0562 0x1ec8  BthPan - ok
20:03:03.0749 0x1ec8  [ C37F4930795B771400C63C3C87E7A6C2, 0D0F54184B2DAA45F646E4F69B85C4411E8DFA88EB4763BB0F386055A420F217 ] BTHPORT         C:\WINDOWS\System32\Drivers\BTHport.sys
20:03:03.0906 0x1ec8  BTHPORT - ok
20:03:03.0921 0x1ec8  [ 043A0F37631BF453F16D478B71320F46, C368296B802984F438852927B8A40EA3F4205724A05828F3173F08EC17228356 ] bthserv         C:\WINDOWS\system32\bthserv.dll
20:03:03.0984 0x1ec8  bthserv - ok
20:03:04.0031 0x1ec8  [ F5F860CD0C1AC84F299295277E436701, 94A38146DE2C1354E4EA3B1C8CF8670C56C06F6147387D8A88E11F6BC0912A2F ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
20:03:04.0046 0x1ec8  BTHSSecurityMgr - ok
20:03:04.0078 0x1ec8  [ 08EA90955AED2D959EE67DF6EDF0E2B6, 0A70AA67E5DD24C473C66A570C0FEBA9D398A0F0AD8386FE05D01C4D16346968 ] BTHUSB          C:\WINDOWS\System32\Drivers\BTHUSB.sys
20:03:04.0109 0x1ec8  BTHUSB - ok
20:03:04.0187 0x1ec8  [ 76D0DDD58A773CA1BFB4D30AAE03517A, E631CAAEEA5D1F632FF0A60F4466664A6FD9DA19F4A28A379294D8E6690ADAD9 ] btmhsf          C:\WINDOWS\system32\DRIVERS\btmhsf.sys
20:03:04.0218 0x1ec8  btmhsf - ok
20:03:04.0281 0x1ec8  [ 2FA6510E33F7DEFEC03658B74101A9B9, 61C8C8E3F09B427711464C974EE22E1E01C48E10DB54A4EC9901F482FC36C978 ] cdfs            C:\WINDOWS\system32\DRIVERS\cdfs.sys
20:03:04.0375 0x1ec8  cdfs - ok
20:03:04.0406 0x1ec8  [ C6796EA22B513E3457514D92DCDB1A3D, 2B893F3950C6B913B934C2089B69F3B0B77F229AE1820907E598455CBB78139C ] cdrom           C:\WINDOWS\System32\drivers\cdrom.sys
20:03:04.0437 0x1ec8  cdrom - ok
20:03:04.0500 0x1ec8  [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] CertPropSvc     C:\WINDOWS\System32\certprop.dll
20:03:04.0593 0x1ec8  CertPropSvc - ok
20:03:04.0640 0x1ec8  [ BE9936EDD3267FAAFF94A7835867F00B, 3CEEF2377D45ED38C7CD3CE4C746EC5EA7277EFEC728A5438F0EF5F62FC7C859 ] circlass        C:\WINDOWS\System32\drivers\circlass.sys
20:03:04.0687 0x1ec8  circlass - ok
20:03:04.0765 0x1ec8  [ 8EB7E70C2D348FE2476A2E3F2D585E3D, 2B5D407FACF1D049261026CC552A7C93B028A661B0F4E959815EAE7670054127 ] CLFS            C:\WINDOWS\system32\drivers\CLFS.sys
20:03:04.0796 0x1ec8  CLFS - ok
20:03:04.0843 0x1ec8  [ 075CCE75090786F124573A788C8656E6, AA188CFF2F8EE2D9F50701AB2315D24E15D7715FD84F5054D3FC175D4BD35734 ] CLVirtualDrive  C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys
20:03:04.0890 0x1ec8  CLVirtualDrive - ok
20:03:04.0906 0x1ec8  [ EF6EF85DADC3184A10D8F2F7159973CB, 42FCB286CED95A5DEBC5C0C894FCBC4818A2C818BB71087142FB51A08A0BE96B ] CmBatt          C:\WINDOWS\System32\drivers\CmBatt.sys
20:03:04.0953 0x1ec8  CmBatt - ok
20:03:05.0015 0x1ec8  [ 5E5AB950693F2C6D6ACBEE3A74697ED7, 3790A7DD0AC65F47A697A577744FDFA4CC1CA3422884C84E499F97AC91BA84F3 ] CNG             C:\WINDOWS\system32\Drivers\cng.sys
20:03:05.0046 0x1ec8  CNG - ok
20:03:05.0062 0x1ec8  [ 03AAED827C36F35D70900558B8274905, 8E44A23C6013FFAE7769F99CAA3B1D6288DE00A38937F9056903AC265B503AFA ] CompositeBus    C:\WINDOWS\System32\drivers\CompositeBus.sys
20:03:05.0078 0x1ec8  CompositeBus - ok
20:03:05.0093 0x1ec8  COMSysApp - ok
20:03:05.0109 0x1ec8  [ A1FF7DFBFBE164CF92603C651D304DD2, 470ACE5A75E64FC62C950037201199857E974803625DC73BEDBCF6FA4DDD496C ] condrv          C:\WINDOWS\system32\drivers\condrv.sys
20:03:05.0125 0x1ec8  condrv - ok
20:03:05.0281 0x1ec8  [ 15FBADDC84ED202E59A4F1B201CC692C, A50092155B18DAD51049A72503002F08C1BB2DFDA239C4D3555360C163F2F782 ] cphs            C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
20:03:05.0312 0x1ec8  cphs - ok
20:03:05.0359 0x1ec8  [ 6324F0D18FB52833BA64BC828E29054C, 04118FA1BDFC512F76E4A81FEF34C78B6BD98429DB1D65123B6802B4A1E30584 ] CryptSvc        C:\WINDOWS\system32\cryptsvc.dll
20:03:05.0406 0x1ec8  CryptSvc - ok
20:03:05.0421 0x1ec8  [ 315BA4BC19316D72B2E037534E048B93, 69613635DB23E6A935673B1025C2010ED3E195473D25368CF74234C4C36910BE ] dam             C:\WINDOWS\system32\drivers\dam.sys
20:03:05.0453 0x1ec8  dam - ok
20:03:05.0531 0x1ec8  [ A6F17C299A03BAFEFB9257C462A19E00, EB68967D28355271897166D7B6FD963D1E546D3C24AE1AEAAC561F94357A9345 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
20:03:05.0578 0x1ec8  DcomLaunch - ok
20:03:05.0609 0x1ec8  [ B56714DED87E29377F1EE930691DADA2, B3C3BC4F546A786A93823C1471D560BF678A9C95237065E3B99B2B80E6C28131 ] DDDriver        C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys
20:03:05.0640 0x1ec8  DDDriver - ok
20:03:05.0703 0x1ec8  [ 95E1ABFB27F8A62ED764805775F0D2F3, 692865DA60C93481E01592883678B2C51FD9AC9A835DFB00A8E3F2DFEE7AB0ED ] defragsvc       C:\WINDOWS\System32\defragsvc.dll
20:03:05.0781 0x1ec8  defragsvc - ok
20:03:05.0859 0x1ec8  [ 0418874EFFE3498B95422781C8049D1F, FF7275B948DA13F36ABC15290EC4956013476DC486E9ED2A829CE2FE018C8C69 ] Dell Customer Connect C:\Program Files (x86)\Dell Customer Connect\OTBSurvey.exe
20:03:05.0922 0x1ec8  Dell Customer Connect - ok
20:03:06.0093 0x1ec8  [ 013D165C6E3E5ED2BA0E20E4695DB5BF, EFCF3023AF86388DB3D8F696179CAD6B801B8CEDEEF9207967C25F0F39503764 ] DellDataVault   C:\Program Files\Dell\DellDataVault\DellDataVault.exe
20:03:06.0203 0x1ec8  DellDataVault - ok
20:03:06.0234 0x1ec8  [ 9C2CD6A0D0EEDD4EE72113DA554E374B, 45D76852B60B0D5399865FAE93FA0BE1BB320E0A4902BF58F6E0E43ACC9274FD ] DellDataVaultWiz C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
20:03:06.0250 0x1ec8  DellDataVaultWiz - ok
20:03:06.0312 0x1ec8  [ 18B5C959CBE24D4D4C2381EFB87611DE, 57E974F13D316E1A89BDB93CEF8D790B499219A159277944644F533A5010AB23 ] DellDigitalDelivery c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
20:03:06.0343 0x1ec8  DellDigitalDelivery - detected UnsignedFile.Multi.Generic ( 1 )
20:03:16.0469 0x1ec8  DellDigitalDelivery ( UnsignedFile.Multi.Generic ) - warning
20:03:19.0000 0x1ec8  [ 66C87079CFCB61B650086802693114E0, B1EE411DF69BB98D5D9FA2D88C4C9FE1E4877FD8BBF572C3F444C90576ED0724 ] DellProf        C:\WINDOWS\system32\drivers\DellProf.sys
20:03:19.0032 0x1ec8  DellProf - ok
20:03:19.0110 0x1ec8  [ DC253191A553DACA7684CFB5B03A4268, 2D651A059F1334671E875EB4FC642383DCC00710809255DA29F96C41EC2C8205 ] DellRbtn        C:\WINDOWS\System32\drivers\DellRbtn.sys
20:03:19.0172 0x1ec8  DellRbtn - ok
20:03:19.0313 0x1ec8  [ 62BA877214616495BCC33BBC941FC8B3, 48584CC8279DAC11FF14EF6C69FA31F30EE07BAA0FD4F4B132016F222B1F09AC ] DellUpdate      C:\Program Files (x86)\Dell Update\DellUpService.exe
20:03:19.0344 0x1ec8  DellUpdate - ok
20:03:19.0407 0x1ec8  [ FF086DEF5995558CCB1B5AAC2110195D, CED52FF01F9247BFDAFC5C7EFC538F8638146ED715574A422496EE0F846CB079 ] DeviceAssociationService C:\WINDOWS\system32\das.dll
20:03:19.0438 0x1ec8  DeviceAssociationService - ok
20:03:19.0469 0x1ec8  [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] DeviceInstall   C:\WINDOWS\system32\umpnpmgr.dll
20:03:19.0532 0x1ec8  DeviceInstall - ok
20:03:19.0579 0x1ec8  [ A03F362C5557E238CBFA914689C77248, BAD0A1124E6A384C15028FBE121ADF650F7716442555AD3737B9EA1F58A69246 ] Dfsc            C:\WINDOWS\system32\Drivers\dfsc.sys
20:03:19.0641 0x1ec8  Dfsc - ok
20:03:19.0750 0x1ec8  [ 3EEAADA3125431980E5804ED7143458A, 381E12C83E3211C255B321D35536F4049D67E31061F8D82155E4D4509E97F43D ] Dhcp            C:\WINDOWS\system32\dhcpcore.dll
20:03:19.0813 0x1ec8  Dhcp - ok
20:03:19.0985 0x1ec8  [ 3ECB752A6963B1CBC9AD65ED89C8ACED, 1D47D2EBD2C8D2B9F8D2D12A5FD93E6B10335EB6B23252DDEA6DF2233655FA59 ] DiagTrack       C:\WINDOWS\system32\diagtrack.dll
20:03:20.0063 0x1ec8  DiagTrack - ok
20:03:20.0141 0x1ec8  [ 4D40C9B33F738797CF50E77CB7C53E85, 7BA341342A47DEB15B51971C97A5237ACD8BDAD9033F63DF0000892BE43F8E13 ] disk            C:\WINDOWS\system32\drivers\disk.sys
20:03:20.0204 0x1ec8  disk - ok
20:03:20.0250 0x1ec8  [ EB70A894708D1BC176AFD690FF06085F, 0DD2A97F5E1B38D1F7C0D44E50F09EA222B18B3B074CC9C8CD25A7526CB1A112 ] dmvsc           C:\WINDOWS\System32\drivers\dmvsc.sys
20:03:20.0297 0x1ec8  dmvsc - ok
20:03:20.0360 0x1ec8  [ 33ADFB7453BF3271463712C4BCE61AD1, A1DB30F874BA7B2C4C653494D70B46B94BF7D39D0DD8559F6CA7A14B676FD617 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
20:03:20.0407 0x1ec8  Dnscache - ok
20:03:20.0500 0x1ec8  [ 811EACBCC7C51A03AE11F13CC27B2AB6, FAB94F84950FFB7D3649BAFB8D96D43B880D7FDE8D5B879472AE26C4BC4203B0 ] dot3svc         C:\WINDOWS\System32\dot3svc.dll
20:03:20.0547 0x1ec8  dot3svc - ok
20:03:20.0641 0x1ec8  [ B99CB575986789A93A683DCF292A43A1, 6ACEA31C723B74003E106FC8303542FCC6DBC4952B6B523F6590D006BE57238D ] DPS             C:\WINDOWS\system32\dps.dll
20:03:20.0688 0x1ec8  DPS - ok
20:03:20.0750 0x1ec8  [ 00C594D5A1DBD22AD8B2902B9F6EFF94, 2920D62B5F7C49A8AFA80FCAD1E834BBAA670AEBDD7E6F21F0496D1D3CCB4E90 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
20:03:20.0797 0x1ec8  drmkaud - ok
20:03:20.0891 0x1ec8  [ 263625A4F616538EB867B6306A6590DB, 2A064720C247EAA3446EFDCC9E01D84CBA875905D78DFED0FBD62D1EE422D416 ] DsmSvc          C:\WINDOWS\System32\DeviceSetupManager.dll
20:03:20.0938 0x1ec8  DsmSvc - ok
20:03:21.0188 0x1ec8  [ E1BB0B6F00F470B451AB45EA13EBA0B3, 3A2FC2175B69A5EB98D6C2D563DBFDCB320647AB87A14E47FAE800423DCACDAB ] DXGKrnl         C:\WINDOWS\System32\drivers\dxgkrnl.sys
20:03:21.0282 0x1ec8  DXGKrnl - ok
20:03:21.0313 0x1ec8  [ E253530BD5EDE28F1FF6AF93C4D8034D, 787A70C3E946348F066FB8EB81FCE60157217D93FD78ADC631B5835E8D76A253 ] Eaphost         C:\WINDOWS\System32\eapsvc.dll
20:03:21.0375 0x1ec8  Eaphost - ok
20:03:22.0157 0x1ec8  [ 114BCFDF367FF37C3F1B0A96AF542E4D, D385BC1D91BC1406091C8C3691C07A90BD60EDE05B1384E5AA3506FCB909C857 ] ebdrv           C:\WINDOWS\system32\drivers\evbda.sys
20:03:22.0266 0x1ec8  ebdrv - ok
20:03:22.0297 0x1ec8  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] EFS             C:\WINDOWS\System32\lsass.exe
20:03:22.0313 0x1ec8  EFS - ok
20:03:22.0360 0x1ec8  [ 43531A5993380CC5113242C29D265FD9, EE0076D96F7F3CF29884AC7A67C08A429115A7201354A1FB5DE45FD63ABB4960 ] EhStorClass     C:\WINDOWS\system32\drivers\EhStorClass.sys
20:03:22.0391 0x1ec8  EhStorClass - ok
20:03:22.0438 0x1ec8  [ 6F8E738A9505A388B1157FDDE7B3101B, 3696CA634102B41EEA11EB9DCA0B24439D8636AED4A7190C138C5E64A2EFB514 ] EhStorTcgDrv    C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys
20:03:22.0485 0x1ec8  EhStorTcgDrv - ok
20:03:22.0516 0x1ec8  [ DFFFAE1442BA4076E18EED5E406FA0D3, 329FC6FB8D14BEACDBE2A5D4C496EDEA485E838B1DF27566E278F8F8E0D8E82E ] ErrDev          C:\WINDOWS\System32\drivers\errdev.sys
20:03:22.0547 0x1ec8  ErrDev - ok
20:03:22.0626 0x1ec8  [ F00C593994D57C75273F820653440536, 2DC986D9890EC907405FB2045E6F55ACC384169B45F0B56CCB1A953CF71D9A5D ] EventSystem     C:\WINDOWS\system32\es.dll
20:03:22.0719 0x1ec8  EventSystem - ok
20:03:23.0063 0x1ec8  [ 21FFB87A70019E9B39C5A8469695ACBA, B41BEDB737CFD33707181DA0B69FC47C01C897AF8B42211A46B54A9FDB2B9004 ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
20:03:23.0141 0x1ec8  EvtEng - ok
20:03:23.0188 0x1ec8  [ 7729D294A555C7AEB281ED8E4D0E01E4, 7269E79D72CCE477AC108294D0DDFB59CF533B03C587599C5AB0507C43A0B6D4 ] exfat           C:\WINDOWS\system32\drivers\exfat.sys
20:03:23.0344 0x1ec8  exfat - ok
20:03:23.0422 0x1ec8  [ 7C4E0D5900B2A1D11EDD626D6DDB937B, 732F310F8F6016C56F432A81636B13CE0124A802FE8DD91287B618EED22C9A1D ] fastfat         C:\WINDOWS\system32\drivers\fastfat.sys
20:03:23.0469 0x1ec8  fastfat - ok
20:03:23.0547 0x1ec8  [ 304B6AEC4639A7CCCCF544C6BA6177B2, B75CDD52FD3890B3008E06C503945D1E36478F0EC5E067C8DBC2822D7935D24B ] Fax             C:\WINDOWS\system32\fxssvc.exe
20:03:23.0657 0x1ec8  Fax - ok
20:03:23.0704 0x1ec8  [ 5D8402613E778B3BD45E687A8372710B, EE9EA10805168D309A609B9019AEC5961EE46D18207B5E0EA2DE4064A5770AF8 ] fdc             C:\WINDOWS\System32\drivers\fdc.sys
20:03:23.0735 0x1ec8  fdc - ok
20:03:23.0766 0x1ec8  [ 020D2F29009F893ADEFF4405B4B44565, 9F8501064C72933D1442DA00E70392B30D0207EB7D60F50E6648FF363799E6F1 ] fdPHost         C:\WINDOWS\system32\fdPHost.dll
20:03:23.0844 0x1ec8  fdPHost - ok
20:03:23.0891 0x1ec8  [ E80D2EDD2F88B6E20076A0A4F5A5A245, E3CD6E0BE152B22E8A7340EFFD10CCDB1B632CD3EDF487E83F697D2E22A7D594 ] FDResPub        C:\WINDOWS\system32\fdrespub.dll
20:03:23.0922 0x1ec8  FDResPub - ok
20:03:23.0985 0x1ec8  [ 47AB7D16EDE434B934AA4D661456C2D5, D375A92FB3E4BB0A8DA5270DACC888E53FB9F514516039FE6DAE4D4EF6B9A970 ] fhsvc           C:\WINDOWS\system32\fhsvc.dll
20:03:24.0079 0x1ec8  fhsvc - ok
20:03:24.0141 0x1ec8  [ BCFD8B149B3ADF92D0DB1E909CAF0265, 002B085C131473642450176B4B8359F3E5B04350AFB659B9C0F9EB587D1181E7 ] FileInfo        C:\WINDOWS\system32\drivers\fileinfo.sys
20:03:24.0172 0x1ec8  FileInfo - ok
20:03:24.0204 0x1ec8  [ A1A66C4FDAFD6B0289523232AFB7D8AF, 0F5832F626BB62190D5F3A088CE6E048D8A400CCF9EA527F06973CAD96D3A81C ] Filetrace       C:\WINDOWS\system32\drivers\filetrace.sys
20:03:24.0251 0x1ec8  Filetrace - ok
20:03:24.0297 0x1ec8  [ BE743083CF7063C486A4398E3AEFE59A, 85796D89943DD6FE3932C1ED6CF01470C1B4DFD243C390B07055FFDA3C231551 ] flpydisk        C:\WINDOWS\System32\drivers\flpydisk.sys
20:03:24.0344 0x1ec8  flpydisk - ok
20:03:24.0454 0x1ec8  [ C1FB505A73FA2E9019D32444AB33B75A, 765F0635C18295855CA4C0394192E8B94BA2EA1C4D74F86B720358ABA019FFAA ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
20:03:24.0469 0x1ec8  FltMgr - ok
20:03:24.0672 0x1ec8  [ 6C068E7207F183FF3647E45D2599E80C, D65C9888522CA29596D5C8BEFF42356F0310E812117E72C1D612BA089C0940D9 ] FontCache       C:\WINDOWS\system32\FntCache.dll
20:03:24.0751 0x1ec8  FontCache - ok
20:03:24.0938 0x1ec8  [ 1C52387BF5A127F5F3BFB31288F30D93, 90D13F60170CD74304F3036A90D596AA3E1E134455A780310BDF67AC7815F2E7 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:03:24.0985 0x1ec8  FontCache3.0.0.0 - ok
20:03:25.0016 0x1ec8  [ A7C31B168F371E8E6796219F23E354DB, C51C9BF568F1E96CBBE57D2432B38F93F40520086DDB6AAAAC48CBCD1691B441 ] FsDepends       C:\WINDOWS\system32\drivers\FsDepends.sys
20:03:25.0063 0x1ec8  FsDepends - ok
20:03:25.0079 0x1ec8  [ 09F460AFEDCA03F3BF6E07D1CCC9AC42, B832091BC9B2C2FE38A4BCA132ABB58251E851F21EC6F39636E73777AB9A5791 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:03:25.0094 0x1ec8  Fs_Rec - ok
20:03:25.0188 0x1ec8  [ F152D55E497E12256290C43B31C7D0CE, FFC54B14CCFBC1548948C07FB3866E40A11D0C05AC352BD000E71CEF053F6A6E ] fvevol          C:\WINDOWS\system32\DRIVERS\fvevol.sys
20:03:25.0219 0x1ec8  fvevol - ok
20:03:25.0251 0x1ec8  [ 9591D0B9351ED489EAFD9D1CE52A8015, AC64C236C3AE545FCE8ED44A4A87FB86265A453BA60026EC9A4DE2B631E99996 ] FxPPM           C:\WINDOWS\System32\drivers\fxppm.sys
20:03:25.0266 0x1ec8  FxPPM - ok
20:03:25.0313 0x1ec8  [ FC3EF65EE20D39F8749C2218DBA681CA, 12980F1DE99B25E6920A33556F3ABDA5EC9BFE4757BE602130B5E939D8D25CE3 ] gagp30kx        C:\WINDOWS\system32\drivers\gagp30kx.sys
20:03:25.0344 0x1ec8  gagp30kx - ok
20:03:25.0407 0x1ec8  [ 0BF5CAD281E25F1418E5B8875DC5ADD1, 0929AD8437DD78234553D8B2CDF0D6838FD54ACDE1918AFEBE48684EB32A07A3 ] gencounter      C:\WINDOWS\System32\drivers\vmgencounter.sys
20:03:25.0454 0x1ec8  gencounter - ok
20:03:25.0501 0x1ec8  [ 8DF1254093B5C354CE725EB6B9B0DE19, DE6C5661CC076DA44B8A5D044FDB7280EDCF38D322A98C14FDC82E25586B3014 ] GPIOClx0101     C:\WINDOWS\system32\Drivers\msgpioclx.sys
20:03:25.0548 0x1ec8  GPIOClx0101 - ok
20:03:25.0860 0x1ec8  [ 0D03F87D4FF4ADBAF8336DD80548155A, BC10CFA88EA2F41A8D96CB810B7953A4C168B79273A3E804A9F020F49AB58CD3 ] gpsvc           C:\WINDOWS\System32\gpsvc.dll
20:03:25.0938 0x1ec8  gpsvc - ok
20:03:25.0985 0x1ec8  [ D4B7ED39C7900384D9E5C1283F1E7926, F93F98858067B40F1C071EAD0F8E85442A78B95342BC692AF4D726540634923F ] HDAudBus        C:\WINDOWS\System32\drivers\HDAudBus.sys
20:03:26.0032 0x1ec8  HDAudBus - ok
20:03:26.0048 0x1ec8  [ 10A70BC1871CD955D85CD88372724906, 2480A74854D0A89FF028EE9BA41224D4B2F9B0863066BFC43097920794FEE08D ] HidBatt         C:\WINDOWS\System32\drivers\HidBatt.sys
20:03:26.0079 0x1ec8  HidBatt - ok
20:03:26.0126 0x1ec8  [ 42F88B57CAE42FC10059C887B3FCFCEA, 9363AA2B8E839A6935A7C6A36C491938DF78024886DCCE6D29CB18E1D6A6D806 ] HidBth          C:\WINDOWS\System32\drivers\hidbth.sys
20:03:26.0157 0x1ec8  HidBth - ok
20:03:26.0204 0x1ec8  [ C241A8BAFBBFC90176EA0F5240EACC17, 571E20B87818618BE9179986177D55739A240F04D1F740B3C1B7809B9427B767 ] hidi2c          C:\WINDOWS\System32\drivers\hidi2c.sys
20:03:26.0235 0x1ec8  hidi2c - ok
20:03:26.0266 0x1ec8  [ 9BDDEE26255421017E161CCB9D5EDA95, B766FD5E31708F29384F69418FC33C4BCC6E3064AA553D5B1D30EE0B8B1BFB40 ] HidIr           C:\WINDOWS\System32\drivers\hidir.sys
20:03:26.0298 0x1ec8  HidIr - ok
20:03:26.0329 0x1ec8  [ EA85B5093DF7B5C3E80362B053740AE2, 1D4251385402A2ADEE8FA1642F54180304F88337DA74989BDE44025ABB145FE5 ] hidserv         C:\WINDOWS\system32\hidserv.dll
20:03:26.0407 0x1ec8  hidserv - ok
20:03:26.0438 0x1ec8  [ 8DB8EAB9D0C6A5DF0BDCADEA239220B4, EDA23E6909EB83E5E148816DFB16CC29EA01BD6BD2F73AA46B3D820B85FB9C83 ] HidUsb          C:\WINDOWS\System32\drivers\hidusb.sys
20:03:26.0501 0x1ec8  HidUsb - ok
20:03:26.0548 0x1ec8  [ 93C4315F47F8D635C6DB0DF49FCE10EE, 70C52B8927D54ACD23F27948780B522974250FD5CD81AA9801C3F158C402889F ] hkmsvc          C:\WINDOWS\system32\kmsvc.dll
20:03:26.0626 0x1ec8  hkmsvc - ok
20:03:26.0673 0x1ec8  [ AC49522ED106BD4B545D6614D71C2445, 40BD738A301170378ECFC031635EB04E2F812B676376CADDD6607ECABEC9255F ] HomeGroupListener C:\WINDOWS\system32\ListSvc.dll
20:03:26.0704 0x1ec8  HomeGroupListener - ok
20:03:26.0766 0x1ec8  [ 99932E30CE0283B73BB6E5019E150394, 1F88C2F56A7B8E1F75E6359281F418F9661DA4FB7B7D7B14FA7F718B15D4DCE0 ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll
20:03:26.0844 0x1ec8  HomeGroupProvider - ok
20:03:26.0891 0x1ec8  [ A6AACEA4C785789BDA5912AD1FEDA80D, D197012A5DA6AB3F76FF298336DF0CF027C07ECC71267BAEF5912DE12893E096 ] HpSAMD          C:\WINDOWS\system32\drivers\HpSAMD.sys
20:03:26.0923 0x1ec8  HpSAMD - ok
20:03:27.0204 0x1ec8  [ E87A6D3B8FECD5B93BC0CFBB48C27970, 55C49B6F3822450447C082B40A263F3370694DB53AD0018ADEB911E4A9F65A88 ] HTTP            C:\WINDOWS\system32\drivers\HTTP.sys
20:03:27.0298 0x1ec8  HTTP - ok
20:03:27.0345 0x1ec8  [ 90656C0B3864804B090434EFC582404F, BDB60050B729AACB9E009AC7129BEBD6298BBD8A9DB14B817D02E8E13669BD6E ] hwpolicy        C:\WINDOWS\system32\drivers\hwpolicy.sys
20:03:27.0376 0x1ec8  hwpolicy - ok
20:03:27.0407 0x1ec8  [ 6D6F9E3BF0484967E52F7E846BFF1CA1, C982966BDE6A3E6773D9441ADA7A3B08D13511DFC68D04DF303248B942423F38 ] hyperkbd        C:\WINDOWS\System32\drivers\hyperkbd.sys
20:03:27.0454 0x1ec8  hyperkbd - ok
20:03:27.0470 0x1ec8  [ 907C870F8C31F8DDD6F090857B46AB25, 308664A31717383D06185875E76C6612407A9F04E7DB28404F574A5706C6715D ] HyperVideo      C:\WINDOWS\system32\DRIVERS\HyperVideo.sys
20:03:27.0501 0x1ec8  HyperVideo - ok
20:03:27.0563 0x1ec8  [ D887446F3F6051C60C26F4FD1FC8D43F, A3235C64E9D5378E3409FA7CDD9DB0DD1B3CE6A6EB018F2C40558EB9C427A498 ] i8042prt        C:\WINDOWS\System32\drivers\i8042prt.sys
20:03:27.0688 0x1ec8  i8042prt - ok
20:03:27.0735 0x1ec8  [ 5D90E32E36CE5D4C535D17CE08AEAF05, 976A463343E8C8308AFBE9E64DF56C430D2241DE002430D00318AB065EB72E4A ] iaLPSSi_GPIO    C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys
20:03:27.0766 0x1ec8  iaLPSSi_GPIO - ok
20:03:27.0813 0x1ec8  [ DD05E7E80F52ADE9AEB292819920F32C, E71AB6A50B0F90C8F94569CE89F66F915A0A4A00D4AC091B2E5E750D88CFC334 ] iaLPSSi_I2C     C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys
20:03:27.0860 0x1ec8  iaLPSSi_I2C - ok
20:03:28.0032 0x1ec8  [ AE0C5DF7E7DA3E7AC29B64CFA8C4F044, 0486DDD6EC60A9695BC8D030158503E02BB0561EEA4B9F4A7FB19F89B3622C90 ] iaStorA         C:\WINDOWS\system32\drivers\iaStorA.sys
20:03:28.0048 0x1ec8  iaStorA - ok
20:03:28.0095 0x1ec8  [ 08BFE413B0B4AA8DFA4B5684CE06D3DC, 95DEEBB203E12EE6E191F5247A74C04AEC0E16DE981FADDC4D6C42EE41D8D079 ] iaStorAV        C:\WINDOWS\system32\drivers\iaStorAV.sys
20:03:28.0126 0x1ec8  iaStorAV - ok
20:03:28.0266 0x1ec8  [ 777788D9B63CCEEEF2DB353BA4EDD454, 36A3099C252F1F18D09A8B03A4F103E5E8AF09C80AB4F08133CCD4D3BB71EE25 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
20:03:28.0298 0x1ec8  IAStorDataMgrSvc - ok
20:03:28.0423 0x1ec8  [ A2200C3033FA4EF249FC096A7A7D02A2, 5819F5C2020DE2EEE339B0C08CD4B1E3490EAFBBEA1277CE649DB5A5150986B0 ] iaStorV         C:\WINDOWS\system32\drivers\iaStorV.sys
20:03:28.0454 0x1ec8  iaStorV - ok
20:03:28.0516 0x1ec8  [ C430482AC892D52CED021EDDD4D368A2, C54C12EAC14F40BE3E7D7159F8876A664D00CA928000E25306071D28B52EA33A ] iBtFltCoex      C:\WINDOWS\system32\DRIVERS\iBtFltCoex.sys
20:03:28.0548 0x1ec8  iBtFltCoex - ok
20:03:28.0563 0x1ec8  IEEtwCollectorService - ok
20:03:29.0173 0x1ec8  [ C38AFE18A40ADF005647090DD3AC24F3, 302810C31B005DD4C9143233AB5B4F332C62AD866A7C7AB0E8F8F81AE1766B11 ] igfx            C:\WINDOWS\system32\DRIVERS\igdkmd64.sys
20:03:29.0485 0x1ec8  igfx - ok
20:03:29.0563 0x1ec8  [ 7A510A9AFC7955DEE63F8DC243E31292, 13906F6212F4C116BE224F2A8AFFF089ACFED8F543E26FC6208FF38463366173 ] igfxCUIService1.0.0.0 C:\WINDOWS\system32\igfxCUIService.exe
20:03:29.0595 0x1ec8  igfxCUIService1.0.0.0 - ok
20:03:29.0782 0x1ec8  [ 3DBDBD9581C015F02651D6A89801FAD5, 81B6D302C9CD29AD8319515056CFBCD0BD25619B2B166937ACD5F1416B568837 ] IKEEXT          C:\WINDOWS\System32\ikeext.dll
20:03:29.0829 0x1ec8  IKEEXT - ok
20:03:30.0220 0x1ec8  [ 5C0BBE779BA3D6F84EB5AE3CB8793E11, EA729B622F30E847E2700787E6747A33769B405DD08D36175AACF42BE7A8600F ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHD64.sys
20:03:30.0329 0x1ec8  IntcAzAudAddService - ok
20:03:30.0392 0x1ec8  [ F5495B38BFB9149925F54F65AB40EFBF, 7CBB72C41E2343DACBFB967A39CA04788561EDECB289C41BC2D6A06B80882AC4 ] IntcDAud        C:\WINDOWS\system32\DRIVERS\IntcDAud.sys
20:03:30.0501 0x1ec8  IntcDAud - ok
20:03:30.0626 0x1ec8  [ C99F8E90DE4B8F0C7FE15BB1CBCD29DC, F791EE101EEF8B9F48102B6C63A89B78F7C0041C750C4F4C0D16D54B583B7B5C ] Intel(R) Capability Licensing Service Interface c:\Program Files\Intel\iCLS Client\HeciServer.exe
20:03:30.0688 0x1ec8  Intel(R) Capability Licensing Service Interface - ok
20:03:30.0720 0x1ec8  [ 4E448FCFFD00E8D657CD9E48D3E47157, 4A958CF0BF8DAEAE5E008500BA67CE89B21388592811274331EE39CAC1043A00 ] intelide        C:\WINDOWS\system32\drivers\intelide.sys
20:03:30.0751 0x1ec8  intelide - ok
20:03:30.0798 0x1ec8  [ A770340FC02B999EF0DE6C2A6BC8437C, 214567BE706B21BEA7EC13AF6B10FBFF658000511DBBA79BAA28D1D4EFD029A7 ] intelpep        C:\WINDOWS\system32\drivers\intelpep.sys
20:03:30.0845 0x1ec8  intelpep - ok
20:03:30.0876 0x1ec8  [ 47E74A8E53C7C24DCE38311E1451C1D9, 79B06E37A552C8A847404D4C572CDB8CF525354D8AE3BEBC06892B7C3B330761 ] intelppm        C:\WINDOWS\System32\drivers\intelppm.sys
20:03:30.0907 0x1ec8  intelppm - ok
20:03:30.0938 0x1ec8  [ 9DB76D7F9E4E53EFE5DD8C53DE837514, 07BA4EDA9BE9139A689A2C3EFC1D1A4F3D1216625ED145F313398292A2CD5703 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:03:31.0079 0x1ec8  IpFilterDriver - ok
20:03:31.0251 0x1ec8  [ A5800036E4EA06697A34742A24ACFBE1, BA67060526E9213000B4206F86A74F904999AD7018EFCBE4FE9708650DA9D973 ] iphlpsvc        C:\WINDOWS\System32\iphlpsvc.dll
20:03:31.0313 0x1ec8  iphlpsvc - ok
20:03:31.0360 0x1ec8  [ 9C096BF5E10CA8BFA56F32522A89FAF1, 6C1151160799338DA351C7237AB049926C6C15F24F5E154BBF5929B4A96C0B8D ] IPMIDRV         C:\WINDOWS\System32\drivers\IPMIDrv.sys
20:03:31.0423 0x1ec8  IPMIDRV - ok
20:03:31.0470 0x1ec8  [ B7342B3C58E91107F6E946A93D9D4EFD, D5DA3C02C5C5A343785745EF6983CC9B5FBD3FB8D49FE9B450523E50212D1A32 ] IPNAT           C:\WINDOWS\system32\drivers\ipnat.sys
20:03:31.0532 0x1ec8  IPNAT - ok
20:03:31.0579 0x1ec8  [ AE44C526AB5F8A487D941CEB57B10C97, A783A2EAF7A6FF450FB3F189A5930036FA60D125C42171AC44B6FE2E3DBD6F7A ] IRENUM          C:\WINDOWS\system32\drivers\irenum.sys
20:03:31.0626 0x1ec8  IRENUM - ok
20:03:31.0642 0x1ec8  [ 8AFEEA3955AA43616A60F133B1D25F21, E99359A4F1D653790133F145CF7C9F97399FD75C5E135AA7E5F989BB660789AF ] isapnp          C:\WINDOWS\system32\drivers\isapnp.sys
20:03:31.0657 0x1ec8  isapnp - ok
20:03:31.0782 0x1ec8  [ D90AB68D0FAC9F357F663670FDBB511E, A82AAA5DF1B38EFBDCF834535A0C520D1BB2D7A4A906C18CFDD22BCF16BDB97D ] iScsiPrt        C:\WINDOWS\System32\drivers\msiscsi.sys
20:03:31.0845 0x1ec8  iScsiPrt - ok
20:03:31.0892 0x1ec8  [ A90C843F4FDD7A07129BA73C6BE13976, A76DEA9F09E3B2F18D3B646A0DD39E2773EC62E2F3C55421BA61C12190D78C1C ] iwdbus          C:\WINDOWS\System32\drivers\iwdbus.sys
20:03:32.0079 0x1ec8  iwdbus - ok
20:03:32.0235 0x1ec8  [ 3C4002D339491AF73D663FFC7F6E5ECB, 0B53047989BDB781572253BC3AA757912FE54366870C1955E687972CE210C285 ] jhi_service     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
20:03:32.0282 0x1ec8  jhi_service - ok
20:03:32.0314 0x1ec8  [ A1D4D34A56DF1D5122CDB265038A2E72, AE061BA1A65C98AF875FA18878B014B57E33594D4AC4C39B050AA532E2220F83 ] kbdclass        C:\WINDOWS\System32\drivers\kbdclass.sys
20:03:32.0345 0x1ec8  kbdclass - ok
20:03:32.0423 0x1ec8  [ 4A34D7084B862A92F3ABC4969166B3D3, 87B2635873DA4DD06D9E3B8E4313CBDBDC1488E4E340EC2101393EC65823771F ] kbdhid          C:\WINDOWS\System32\drivers\kbdhid.sys
20:03:32.0454 0x1ec8  kbdhid - ok
20:03:32.0501 0x1ec8  [ 813871C7D402A05F2E3A7075F9584A05, FF0C2F87EB083F8CE74C679D80C845CDFBFBBC70BE818F899F3336BBB54A3FFB ] kdnic           C:\WINDOWS\system32\DRIVERS\kdnic.sys
20:03:32.0548 0x1ec8  kdnic - ok
20:03:32.0595 0x1ec8  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] KeyIso          C:\WINDOWS\system32\lsass.exe
20:03:32.0626 0x1ec8  KeyIso - ok
20:03:32.0673 0x1ec8  [ 4E829B18D5BAEC29893792A3C671A847, 64C3B99F53A9D1ACA802B46B09E820AD210B667D5A1CD0ADAF1F12944B15B52E ] KSecDD          C:\WINDOWS\system32\Drivers\ksecdd.sys
20:03:32.0720 0x1ec8  KSecDD - ok
20:03:32.0814 0x1ec8  [ 15C8C65CEA018C02EA0F648448C491C5, DF909704D22D891BE439B2E3D8386EA659444F91DC92AABFF9766446AEE5EBC0 ] KSecPkg         C:\WINDOWS\system32\Drivers\ksecpkg.sys
20:03:32.0860 0x1ec8  KSecPkg - ok
20:03:32.0876 0x1ec8  [ 11AFB527AA370B1DAFD5C36F35F6D45F, 757AD234284467ADB826F7CA0251F58D48866B91995BC867DEA4BAF676947163 ] ksthunk         C:\WINDOWS\system32\drivers\ksthunk.sys
20:03:32.0923 0x1ec8  ksthunk - ok
20:03:32.0970 0x1ec8  [ C1591A66028C71147A3E2EAB0B1CCB7E, 82F3D5DCC1614398A144D9791E4BAA814DBA9112677341FD57D5E9834CEDEB41 ] KtmRm           C:\WINDOWS\system32\msdtckrm.dll
20:03:33.0001 0x1ec8  KtmRm - ok
20:03:33.0048 0x1ec8  [ CA2828DDE4B09FEFFDB7CE68B3D8D00A, B514792FF1EF36C678BB51644A1C420105D5E2CD6DD5A89A3FB252D08277A40C ] LanmanServer    C:\WINDOWS\system32\srvsvc.dll
20:03:33.0126 0x1ec8  LanmanServer - ok
20:03:33.0204 0x1ec8  [ 3DBD9100745F9B8506B8FEC6FE6CCDE3, C3EF2856A1680AFDE133887E48946CF9CAB6755C3BDC07F0326965DCD4096F62 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
20:03:33.0282 0x1ec8  LanmanWorkstation - ok
20:03:33.0345 0x1ec8  [ 2B7479EB47731A8ACBA28AF4C4BDA32D, 67AEB98E7B41337FEFD92CC81BFAD25FBB679998B318C110A4873B1AD8927A97 ] lfsvc           C:\WINDOWS\System32\GeofenceMonitorService.dll
20:03:33.0392 0x1ec8  lfsvc - ok
20:03:33.0439 0x1ec8  [ C09010B3680860131631F53E8FE7BAD8, 35F2A06D5F29478D22ABDCC20DA893EF9D96504C65594A0CEA674D1C21B04FF8 ] lltdio          C:\WINDOWS\system32\DRIVERS\lltdio.sys
20:03:33.0485 0x1ec8  lltdio - ok
20:03:33.0564 0x1ec8  [ DAE98CC96C5EE308BF4EA7B18F226CB8, 7A6CC56BF075010707715AB6608764291E358EDF27C806A025532869004C686B ] lltdsvc         C:\WINDOWS\System32\lltdsvc.dll
20:03:33.0610 0x1ec8  lltdsvc - ok
20:03:33.0673 0x1ec8  [ 1E2662D847B7D9995C65D90D254A7E0F, AFD4063D2071FFCB6B0EAC0715276D986F42326919C86E525DCE12E1109A93E2 ] lmhosts         C:\WINDOWS\System32\lmhsvc.dll
20:03:33.0751 0x1ec8  lmhosts - ok
20:03:33.0829 0x1ec8  [ 4269D44BB47A6DA5D80B11F4C8536458, 7A8FFC8F851DD9E5C43986BE0888831CB71D188138DF3CF7F787DADDA70915B0 ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
20:03:33.0860 0x1ec8  LMS - ok
20:03:33.0939 0x1ec8  [ C755AE4635457AA2A11F79C0DF857ABC, E03D1ACAC155287291FE1BD0B653953ADC94279A74D0152088D698FAA796460F ] LSI_SAS         C:\WINDOWS\system32\drivers\lsi_sas.sys
20:03:33.0985 0x1ec8  LSI_SAS - ok
20:03:34.0017 0x1ec8  [ ADAC09CBE7A2040B7F68B5E5C9A75141, 7865DA7E91404F3642BC444B97F6B7AA42B9523D5EDD7F6365DA236B8EC3410F ] LSI_SAS2        C:\WINDOWS\system32\drivers\lsi_sas2.sys
20:03:34.0048 0x1ec8  LSI_SAS2 - ok
20:03:34.0079 0x1ec8  [ 04D1274BB9BBCCF12BD12374002AA191, 4B9618F8D25F2278DE1610A70ACAADB074D171D162C3AF27D464F5DC800A8E60 ] LSI_SAS3        C:\WINDOWS\system32\drivers\lsi_sas3.sys
20:03:34.0110 0x1ec8  LSI_SAS3 - ok
20:03:34.0142 0x1ec8  [ 327469EEF3833D0C584B7E88A76AEC0C, 3D88B5A2D68F93F01B39C6E3D8D5C7A2A20686EFC756086E66AFFF1BC3019B85 ] LSI_SSS         C:\WINDOWS\system32\drivers\lsi_sss.sys
20:03:34.0173 0x1ec8  LSI_SSS - ok
20:03:34.0329 0x1ec8  [ 9A7A7E45DAED2E8C2816716D8D28236A, C94787988826E546A8DC752BD6BE4EA7423DC3762B2D371DB297A63F865A95FF ] LSM             C:\WINDOWS\System32\lsm.dll
20:03:34.0376 0x1ec8  LSM - ok
20:03:34.0407 0x1ec8  [ DDEE191AB32DFC22C6465002ECDF5EE4, 190C3930A8449118F9FEDF43C482837EF1C255E6D67F9651156E66A1E2BC6553 ] luafv           C:\WINDOWS\system32\drivers\luafv.sys
20:03:34.0501 0x1ec8  luafv - ok
20:03:34.0532 0x1ec8  [ EB5C03A070F30D64A6DF80E53B22F53F, 12051B6AEBDEE1E28F24364F25A52BA3A6E282ECF86D6290E34BD38E6D4E066D ] megasas         C:\WINDOWS\system32\drivers\megasas.sys
20:03:34.0579 0x1ec8  megasas - ok
20:03:34.0657 0x1ec8  [ F6F13533196DE7A582D422B0241E4363, B3CD9B08937AFFF12141B38634AF3A56F5AC5FF3EF03941802B9841DEC559469 ] megasr          C:\WINDOWS\system32\drivers\megasr.sys
20:03:34.0704 0x1ec8  megasr - ok
20:03:34.0751 0x1ec8  [ 772A1DEEDFDBC244183B5C805D1B7D85, 7D821B8DF1F174E5414FFDEAB5207DB687740E9842F7203600AEBA086945AFC9 ] MEIx64          C:\WINDOWS\System32\drivers\HECIx64.sys
20:03:34.0782 0x1ec8  MEIx64 - ok
20:03:34.0829 0x1ec8  [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] MMCSS           C:\WINDOWS\system32\mmcss.dll
20:03:34.0923 0x1ec8  MMCSS - ok
20:03:34.0986 0x1ec8  [ 8B38C44F69259987C95135C9627E2378, E698B82D4EFFF56D66C7FC9866369BA5736FDBDBE2028CC421C51E70DEA74727 ] Modem           C:\WINDOWS\system32\drivers\modem.sys
20:03:35.0032 0x1ec8  Modem - ok
20:03:35.0079 0x1ec8  [ 601589000CC90F0DF8DA2CC254A3CCC9, D1238A386C41B6C368D9A44B7C112C943995B5403E2A5B4B7346B266DDB0C5A0 ] monitor         C:\WINDOWS\System32\drivers\monitor.sys
20:03:35.0157 0x1ec8  monitor - ok
20:03:35.0220 0x1ec8  [ 2A2F8D5284E59815169A88F1FC9CEE28, 58EFBCF3C849FD088CFB7FE287FC7D9DD7E03D4E6AA98F0497C09E4596E42538 ] mouclass        C:\WINDOWS\System32\drivers\mouclass.sys
20:03:35.0267 0x1ec8  mouclass - ok
20:03:35.0298 0x1ec8  [ 91223A2AE2955B3E0DA3DB79C3A897A6, 32B59CF1586C2300D60AF8A1D819515033ACC7F7A1F3523FC4AC7725E29B5A90 ] mouhid          C:\WINDOWS\System32\drivers\mouhid.sys
20:03:35.0329 0x1ec8  mouhid - ok
20:03:35.0376 0x1ec8  [ D1D82F007A079A4D623DBD1F36EF30A1, 7901F81B62C5A4196D75A10C05386B16831CB290EFB9A1611CECF281068C520F ] mountmgr        C:\WINDOWS\system32\drivers\mountmgr.sys
20:03:35.0392 0x1ec8  mountmgr - ok
20:03:35.0454 0x1ec8  [ 9FC679D10A7377BB04ECC3D0E2E26B53, 24ACD4EC1618A052C29E4463138B28F62C8B78D442DB82F4925E64FC5849A096 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:03:35.0486 0x1ec8  MozillaMaintenance - ok
20:03:35.0564 0x1ec8  [ 6FC047578785B0435F4E2660946D1ADC, 8AEA5659F01FC2F75160922C69622502DABA39F33CB90D5178DD679A1CDE617D ] mpsdrv          C:\WINDOWS\system32\drivers\mpsdrv.sys
20:03:35.0642 0x1ec8  mpsdrv - ok
20:03:35.0970 0x1ec8  [ C18AA14126ADC66478E8E962B2DFAA98, A6F8CE9D88D590DC083253004392572C3BD02C33433CD6C0D9117D2AA7171EEC ] MpsSvc          C:\WINDOWS\system32\mpssvc.dll
20:03:36.0017 0x1ec8  MpsSvc - ok
20:03:36.0095 0x1ec8  [ DB32958F0E704EFBF7F15161A569E39F, 8A26448B954F8A16EE9BA72EF47F6C549A75B30BD13FEB5A29EB099A74D8F678 ] MRxDAV          C:\WINDOWS\system32\drivers\mrxdav.sys
20:03:36.0173 0x1ec8  MRxDAV - ok
20:03:36.0251 0x1ec8  [ 31233271EDE50D1BBB220F78AFA60486, 2122FAB5BD353DF63CF0FE9CEDBD5DFD1F26F2DE04303E1B3FFB03AA02AECED9 ] mrxsmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:03:36.0329 0x1ec8  mrxsmb - ok
20:03:36.0411 0x1ec8  [ 3E28B99198B514DFEB152EACF913025E, 6C1D8353DCD5F811F39C0C3CB5DF3D2457F0D17EE80FB06196AA169E3D19E9B2 ] mrxsmb10        C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys
20:03:36.0489 0x1ec8  mrxsmb10 - ok
20:03:36.0583 0x1ec8  [ 6276AC2AA203CF47811F6EFBBD214FBF, AE55D87D863A626347B0074F4E962080F1989A94153DAF8475593249F616DA2F ] mrxsmb20        C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys
20:03:36.0614 0x1ec8  mrxsmb20 - ok
20:03:36.0661 0x1ec8  [ F3C060444777A59FC63D920719E43CCD, 8766A2746E3DFB0749E902F458141269335CA6F0CEDCA3D5F8C204637C19E783 ] MsBridge        C:\WINDOWS\system32\DRIVERS\bridge.sys
20:03:36.0677 0x1ec8  MsBridge - ok
20:03:36.0739 0x1ec8  [ 915747E010A9414B069173284A9B93F4, 8A335C28FE1EF96DD71485877F2E86155D24B5614ACE05468F4B07E2ACD56331 ] MSDTC           C:\WINDOWS\System32\msdtc.exe
20:03:36.0786 0x1ec8  MSDTC - ok
20:03:36.0817 0x1ec8  [ D13329FBF8345B28AB30F44CC247DC08, 9C7EC2D4D65E6510EB5B9E61BB0D14F725D7E8FE98D65161C3971E43EF1AB6EB ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
20:03:36.0849 0x1ec8  Msfs - ok
20:03:36.0895 0x1ec8  [ C6B474E46F9E543B875981ED3FFE6ADD, E16687E52FB649C23D92159A1F036CB662202C1E58D961EECDAA528AA4FA669A ] msgpiowin32     C:\WINDOWS\System32\drivers\msgpiowin32.sys
20:03:36.0927 0x1ec8  msgpiowin32 - ok
20:03:36.0942 0x1ec8  [ 65C92EB9D08DB5C69F28C7FFD4E84E31, D709BA4723225321F665B1157A33A4AE230420752308EF535DA9A41CAC164628 ] mshidkmdf       C:\WINDOWS\System32\drivers\mshidkmdf.sys
20:03:36.0989 0x1ec8  mshidkmdf - ok
20:03:37.0005 0x1ec8  [ 52299F086AC2DAFD100DD5DC4A8614BA, B36BE0FC96798E5EB8C193C318970E3906961E3ABC3BFAAD73138C76D9A95B0B ] mshidumdf       C:\WINDOWS\System32\drivers\mshidumdf.sys
20:03:37.0052 0x1ec8  mshidumdf - ok
20:03:37.0067 0x1ec8  [ 36D92AF3343C3A3E57FEF11C449AEA4C, ECC85AA1E530DF55B4A4545798219F87F0FCA66DDD2E37BCEF0850D3C9129DD2 ] msisadrv        C:\WINDOWS\system32\drivers\msisadrv.sys
20:03:37.0083 0x1ec8  msisadrv - ok
20:03:37.0114 0x1ec8  [ 4EAEEBAC8CFF4E0D717DFA920BC58A90, A65CB1BB3392B6A04B978348CAC18A414560A6B04A727F22DFC0ADB20DD3AF6B ] MSiSCSI         C:\WINDOWS\system32\iscsiexe.dll
20:03:37.0145 0x1ec8  MSiSCSI - ok
20:03:37.0145 0x1ec8  msiserver - ok
20:03:37.0161 0x1ec8  [ A9BBBD2BAE6142253B9195E949AC2E8D, 599D2952D4E0B0B3E02D91E38A30F4900B1ADA330716B887B156A1CB9A3E6EE9 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:03:37.0177 0x1ec8  MSKSSRV - ok
20:03:37.0208 0x1ec8  [ 51B3AC0560848CD6D65AC2033E293113, 73A27E88774C6929328E6C9FC9C389F4DF76D4D4D5CBFC4F51651CC308829628 ] MsLldp          C:\WINDOWS\system32\DRIVERS\mslldp.sys
20:03:37.0317 0x1ec8  MsLldp - ok
20:03:37.0364 0x1ec8  [ 7B2128EB875DCBC006E6A913211006D6, 97BBD7FF770741FBFC0F181A609AD0954EA926DA203B742E8F08C89AD8FE476E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:03:37.0411 0x1ec8  MSPCLOCK - ok
20:03:37.0427 0x1ec8  [ 1E88171579B218115C7A772F8DE04BD8, B9EAA835D0BF8F9C4DF8403D95EF1400E8AE38F28F9DBA87657DE2129FEF02D2 ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
20:03:37.0474 0x1ec8  MSPQM - ok
20:03:37.0567 0x1ec8  [ BBE2A455053E63BECBF42C2F9B21FAE0, 7C5DF563499DF59DF9895A1581E47ADF5FD54C94ECEF6C886CDB60E5E95A6DAE ] MsRPC           C:\WINDOWS\system32\drivers\MsRPC.sys
20:03:37.0599 0x1ec8  MsRPC - ok
20:03:37.0646 0x1ec8  [ 8D6B7D515C5CBCDB75B928A0B73C3C5E, 1EB4DC3DD21D2627C78EC3F9931D9E5D033169087E43B5D7C17BF1FF2A0028CD ] mssmbios        C:\WINDOWS\System32\drivers\mssmbios.sys
20:03:37.0646 0x1ec8  mssmbios - ok
20:03:37.0677 0x1ec8  [ 115019AE01E0EB9C048530D2928AB4A2, 6E2275E85EACF2D0FC784792E0D72A165589D33CBAB3BCFA8E271CA09566C925 ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
20:03:37.0677 0x1ec8  MSTEE - ok
20:03:37.0708 0x1ec8  [ 96D604A35070360F0DD4A7A8AF410B5E, F94DD1A3566C7C8D0A76D6E1E2530552A9B7F99C5DA0DE11829325EAB9F8B7ED ] MTConfig        C:\WINDOWS\System32\drivers\MTConfig.sys
20:03:37.0724 0x1ec8  MTConfig - ok
20:03:37.0739 0x1ec8  [ 619CA29326B82372621DB2C0964D8365, 4091F08E266DB45A6E33A4A8B1CE9FA78BB294B3111526AA9E3868620F30AFDF ] Mup             C:\WINDOWS\system32\Drivers\mup.sys
20:03:37.0739 0x1ec8  Mup - ok
20:03:37.0786 0x1ec8  [ B8C35C94DCB2DFEAF03BB42131F2F77F, F0FCF367CA8F722D6ABCF7F363CD406D890D71452E91C3FC6677B47AD74D6324 ] mvumis          C:\WINDOWS\system32\drivers\mvumis.sys
20:03:37.0833 0x1ec8  mvumis - ok
20:03:37.0895 0x1ec8  [ 53EE034F83E9A7A8E421572E385F67CD, 29F718B95B9D6CBDA49D5DE14FEC46DA64D7977131D585C975B3D703559D0988 ] MyWiFiDHCPDNS   C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
20:03:37.0927 0x1ec8  MyWiFiDHCPDNS - ok
20:03:38.0005 0x1ec8  [ 8DF30698BDD9492A9D45A4B94FB4A82A, 26B1B2D7E785E29B8BCB74C467C66AE4EBDD481ACFF36334F3BDF4506B778244 ] napagent        C:\WINDOWS\system32\qagentRT.dll
20:03:38.0036 0x1ec8  napagent - ok
20:03:38.0146 0x1ec8  [ 008F7CED69FD5B30CBDE1E03C6F36A27, D4ADA7834C470B17A3CD976012DC5A511B32545B9F91D23D09A85722E0B75320 ] NativeWifiP     C:\WINDOWS\system32\DRIVERS\nwifi.sys
20:03:38.0271 0x1ec8  NativeWifiP - ok
20:03:38.0317 0x1ec8  [ BFCE1225D10619029E68946929CEB64C, 499F560331FFBA82E3D673B47F027FDAB7BEE4F2CB5B811D69E0218839F6E6A5 ] NcaSvc          C:\WINDOWS\System32\ncasvc.dll
20:03:38.0364 0x1ec8  NcaSvc - ok
20:03:38.0411 0x1ec8  [ 267C97373110B7AFD3B46DF60B6CBB85, CEBB99F71D47634BB9C04DF2836DF6B47F15B3073FEFC237F85526DF01E4E38B ] NcbService      C:\WINDOWS\System32\ncbservice.dll
20:03:38.0474 0x1ec8  NcbService - ok
20:03:38.0521 0x1ec8  [ 9ACED0F5B458C9011F39143326494E93, 9DFFC7EE7DE6FD92545EC6A203213C498A01EEFB0BC55460D339BCE498E56A7F ] NcdAutoSetup    C:\WINDOWS\System32\NcdAutoSetup.dll
20:03:38.0599 0x1ec8  NcdAutoSetup - ok
20:03:38.0833 0x1ec8  [ 6D3A2565E01B3E4B0F1BEDB0D4B00B3F, 95F2608E17CA3E25BD7958D1A49F7030EC8088BC1DF12422F1DAC5BA99113E34 ] NDIS            C:\WINDOWS\system32\drivers\ndis.sys
20:03:38.0864 0x1ec8  NDIS - ok
20:03:38.0942 0x1ec8  [ 8CECC8DA55F3274181FD1EA28AD76664, 188112424CEF97FB926A0FB915260B803555A775DD2E1846725A9C8616300F42 ] NdisCap         C:\WINDOWS\system32\DRIVERS\ndiscap.sys
20:03:38.0989 0x1ec8  NdisCap - ok
20:03:39.0052 0x1ec8  [ 269882812E9A68FFF1AFE1283D428322, 50B99EBC42DA9B46A8C2C28C9BADCF58AE3079535CDD1227D0F5C86291C715FF ] NdisImPlatform  C:\WINDOWS\system32\DRIVERS\NdisImPlatform.sys
20:03:39.0146 0x1ec8  NdisImPlatform - ok
20:03:39.0208 0x1ec8  [ 82821F4EEC776B4CF11695A38F3ABA46, 23184F9D31E662855DC4D23EFE7C2FE00E5487D3762B6024704A5D8C87762E1C ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:03:39.0302 0x1ec8  NdisTapi - ok
20:03:39.0349 0x1ec8  [ B832B35055BA2B7B4181861FF94D8E59, 2E60E5D503E88D27E35ECFEE265D51328E93A9C7B9B931F86D9CBC947636BB00 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:03:39.0427 0x1ec8  Ndisuio - ok
20:03:39.0458 0x1ec8  [ 1F58E48EF75F34C35D8E93A0DC535CFE, D65619A6C4B1747F8B05DA08A44EF0E46B5CC384880E04E4755A2BA6CDB3C4EA ] NdisVirtualBus  C:\WINDOWS\System32\drivers\NdisVirtualBus.sys
20:03:39.0505 0x1ec8  NdisVirtualBus - ok
20:03:39.0552 0x1ec8  [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:03:39.0614 0x1ec8  NdisWan - ok
20:03:39.0646 0x1ec8  [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWanLegacy   C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:03:39.0677 0x1ec8  NdisWanLegacy - ok
20:03:39.0739 0x1ec8  [ DDD7F92A83F74D1476B71FBA9530A8DC, D3F94FC9F48854E09B0B77CE5E1C1DB948D54EAC63C5583437051BB893B5A386 ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
20:03:39.0771 0x1ec8  NDProxy - ok
20:03:39.0802 0x1ec8  [ 3083926D1CC5B56EA0786527B557DD1B, 3C3F0CA0D43398576DBE8F677B353ADDA7E8F56829874958CE668E31261C1590 ] Ndu             C:\WINDOWS\system32\drivers\Ndu.sys
20:03:39.0880 0x1ec8  Ndu - ok
20:03:39.0911 0x1ec8  [ 42FF4975D032CAE558AE4BB8448F6E5A, 0B8FACF3382443DED79A8004A6AA14C32471A6A1C6BAA543AA9F3FEC52620A6D ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
20:03:39.0974 0x1ec8  NetBIOS - ok
20:03:40.0099 0x1ec8  [ 0217532E19A748F0E5D569307363D5FD, C40C2E7AFA276057E7327A7BB173122689D6CEC9AE443C3850C3F94AF03DFBF5 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
20:03:40.0224 0x1ec8  NetBT - ok
20:03:40.0255 0x1ec8  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] Netlogon        C:\WINDOWS\system32\lsass.exe
20:03:40.0286 0x1ec8  Netlogon - ok
20:03:40.0333 0x1ec8  [ 8F074B62E66B6117D9598C62A12069C5, 5FDB19045D3E2F6D0F0C5158AC2ECB0D5404CD2AF7A319755D7E3753CA3B7CF3 ] Netman          C:\WINDOWS\System32\netman.dll
20:03:40.0364 0x1ec8  Netman - ok
20:03:40.0458 0x1ec8  [ 4A04B1CD5BFB4A978C5F60E86D6C3E45, A946922C1C38ADD3CF9D3B09DDCC301AE4DAC960A081B2F42B32BE1E7095B3FD ] netprofm        C:\WINDOWS\System32\netprofmsvc.dll
20:03:40.0505 0x1ec8  netprofm - ok
20:03:40.0818 0x1ec8  [ 1092B3190E69E0C5ECBCE90F171DE047, C16106EEFC324EE80E5F659CB71A5DD69FA800D36D829F5B0E6AD3393BD1BAF7 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:03:40.0864 0x1ec8  NetTcpPortSharing - ok
20:03:40.0927 0x1ec8  [ D4DCE03870314D3354F3501F9DDD4123, 5BFE8299B3F72B8C39A4965365CBF5BA151024451F02DD872FAD1CC35CF94CEA ] netvsc          C:\WINDOWS\System32\drivers\netvsc63.sys
20:03:41.0036 0x1ec8  netvsc - ok
20:03:41.0458 0x1ec8  [ 75B9B86878CC159FBC40C4F9202ADBE3, 80D9176112BAFB42E6568E723781E5C03BD5472AB382496C1BD784DB9B2FB6E6 ] NETwNe64        C:\WINDOWS\system32\DRIVERS\Netwew00.sys
20:03:41.0552 0x1ec8  NETwNe64 - ok
20:03:41.0677 0x1ec8  [ E94EB2A95D7D016E119C4D6868788831, 3E4A925D23262FBA0A6432DD635FBE94B0CEF76BD9BB323254B66977497FEE2A ] NlaSvc          C:\WINDOWS\System32\nlasvc.dll
20:03:41.0802 0x1ec8  NlaSvc - ok
20:03:41.0833 0x1ec8  [ 8F44A2F57C9F1A19AC9C6288C10FB351, 310274DDBAC0FE4BE54ECD3B90C97D82A0F9F5CFCA7A35711A36164DE4B94074 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
20:03:41.0880 0x1ec8  Npfs - ok
20:03:41.0927 0x1ec8  [ CBDB4F0871C88DF930FC0E8588CA67FC, 7E4AA3EA81A9D532F236FD7896744F07ED07CA9B37A9F18A9778BCCCC67490F2 ] npsvctrig       C:\WINDOWS\System32\drivers\npsvctrig.sys
20:03:42.0052 0x1ec8  npsvctrig - ok
20:03:42.0114 0x1ec8  [ 0F12A72A753CFD7FB0631EE8D08FE983, 860A96471F6CD90DDA9AB3A48E95CEAD826C87D2FA98A00EF91B61C44A4C8B82 ] nsi             C:\WINDOWS\system32\nsisvc.dll
20:03:42.0239 0x1ec8  nsi - ok
20:03:42.0302 0x1ec8  [ 0E046FF5823B95326D10CF1B4AF23541, 39D22715003746527AB4BFEDED8C34B695DAF589091AE7F3A2A2C4B8A35675A9 ] nsiproxy        C:\WINDOWS\system32\drivers\nsiproxy.sys
20:03:42.0380 0x1ec8  nsiproxy - ok
20:03:42.0630 0x1ec8  [ 7F68063A5A0461E02BC860CE0E6BFDDC, 47E9F75D27B97278B74034B7D3951A26B1644911ED321455E08D935731C858DE ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
20:03:42.0708 0x1ec8  Ntfs - ok
20:03:42.0802 0x1ec8  [ EF1B290FC9F0E47CC0B537292BEE5904, DBC07BBC54EBC2D2E576B23A4CE116B3DA988577AD0D96CB7289A6748A60F9EA ] Null            C:\WINDOWS\system32\drivers\Null.sys
20:03:42.0880 0x1ec8  Null - ok
20:03:42.0943 0x1ec8  [ BC6B5942AFF25EBAF62DE43C3807EDF8, CB0FA194084B8C309039D571B5760FDA800E9531B8660C499B4F9977BA5C36D5 ] nvraid          C:\WINDOWS\system32\drivers\nvraid.sys
20:03:42.0958 0x1ec8  nvraid - ok
20:03:43.0052 0x1ec8  [ 1F43ABFFAC3D6CA356851D517392966E, 6FD7621F67BA94B0E1D8F43BEC2951DBCDEEA1E848BB265AC169E27C01DA68F2 ] nvstor          C:\WINDOWS\system32\drivers\nvstor.sys
20:03:43.0099 0x1ec8  nvstor - ok
20:03:43.0146 0x1ec8  [ 6934A936A7369DFE37B7DBA93F5E5E49, 0900FEEB0CE8D09F0FC60630B5B986034A8BCD3882ED66E47170810C32492892 ] nv_agp          C:\WINDOWS\system32\drivers\nv_agp.sys
20:03:43.0161 0x1ec8  nv_agp - ok
20:03:43.0240 0x1ec8  [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] p2pimsvc        C:\WINDOWS\system32\pnrpsvc.dll
20:03:43.0380 0x1ec8  p2pimsvc - ok
20:03:43.0490 0x1ec8  [ FD8F61F0D1F64BBB3D835F39A3F979C9, E5C5F86576488EA7F605E26C06EE5AFB36506A446F60C894D55E0A148BF7F02D ] p2psvc          C:\WINDOWS\system32\p2psvc.dll
20:03:43.0615 0x1ec8  p2psvc - ok
20:03:43.0661 0x1ec8  [ 764B1121867B2D9B31C491668AC72B2B, 32C04B6FCE1DDD09697B81473A23BDCED8BEEFBCD0D2D58DDC9A11A33C756967 ] Parport         C:\WINDOWS\System32\drivers\parport.sys
20:03:43.0724 0x1ec8  Parport - ok
20:03:43.0771 0x1ec8  [ BAFF6122CFC9F95CA175AD8C348179A4, 079A912D951DF6A57BC1BDB0D182977EE9592751EC9DDCDA2932BDEDB333850C ] partmgr         C:\WINDOWS\system32\drivers\partmgr.sys
20:03:43.0818 0x1ec8  partmgr - ok
20:03:43.0896 0x1ec8  [ ABE95ABE27A8BD9701782BBCD82C9925, AE3BA1E9ECDE692374D8DAC95A8DAA289DD2470E3D8D58EFAD9F83A37F3AC8E5 ] PcaSvc          C:\WINDOWS\System32\pcasvc.dll
20:03:43.0927 0x1ec8  PcaSvc - ok
20:03:44.0036 0x1ec8  [ 91ED124E261EA8FAA1C0FFDF2A71B0C4, 20E41A38067395D03184938983A9BE459717A1941352972DBC28D83D542319EC ] pci             C:\WINDOWS\system32\drivers\pci.sys
20:03:44.0115 0x1ec8  pci - ok
20:03:44.0130 0x1ec8  [ 346E38FCC6859A727DD28AFAD1F0AFF4, FF3DA26F79B3BC3A5B8A8AA0B9139B9EF70297F4EA1203B1E68FB5A212C3AA58 ] pciide          C:\WINDOWS\system32\drivers\pciide.sys
20:03:44.0146 0x1ec8  pciide - ok
20:03:44.0193 0x1ec8  [ 4D3BDCC1C7B40C9D7B6AD990E6DEC397, 27A7AF2127B699F4579CB77936F38DC102211E26E5E2947DB808756FE06FC98E ] pcmcia          C:\WINDOWS\system32\drivers\pcmcia.sys
20:03:44.0224 0x1ec8  pcmcia - ok
20:03:44.0255 0x1ec8  [ BF28771D1436C88BE1D297D3098B0F7D, 5F7630916A76A8CF31289E9C577F522B999C74C39E541CD40E62BD53004BEF74 ] pcw             C:\WINDOWS\system32\drivers\pcw.sys
20:03:44.0286 0x1ec8  pcw - ok
20:03:44.0333 0x1ec8  [ 24A8DFC07E4BAF29AEA26E383D4CC886, 1B903FE52CD816662D37A8113930B4B7019B6996D49F1982D8F42933A3525A67 ] pdc             C:\WINDOWS\system32\drivers\pdc.sys
20:03:44.0380 0x1ec8  pdc - ok
20:03:44.0583 0x1ec8  [ 0ECEE590F2E2EF969FB74A6FC583A1E6, 1C611D9225C863CF32125F684B324C58BDE1942F4F283F5674133200AC505D44 ] PEAUTH          C:\WINDOWS\system32\drivers\peauth.sys
20:03:44.0677 0x1ec8  PEAUTH - ok
20:03:45.0443 0x1ec8  [ 8E3C640FFF5A963F570233AE99C0FFF3, 3DE978B005BF2E88BA858CE37D9E27BD3584642B8412E22C300A1E739743838A ] PerfHost        C:\WINDOWS\SysWow64\perfhost.exe
20:03:45.0583 0x1ec8  PerfHost - ok
20:03:45.0912 0x1ec8  [ 70B39E7241F750A248798CE82C44596D, 54A72199EB277EE586611DCBC21654786FD2196F91D5884C4F531297893CC3EC ] pla             C:\WINDOWS\system32\pla.dll
20:03:45.0990 0x1ec8  pla - ok
20:03:46.0021 0x1ec8  [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] PlugPlay        C:\WINDOWS\system32\umpnpmgr.dll
20:03:46.0037 0x1ec8  PlugPlay - ok
20:03:46.0099 0x1ec8  [ 4570F8A37D221660F3A09D6F4DD4BA94, 0EA190CFFA53DF9CCA2D53A4EF1BCB837BA3F2489A3AC5BD11F6D6ED811D118E ] PNRPAutoReg     C:\WINDOWS\system32\pnrpauto.dll
20:03:46.0146 0x1ec8  PNRPAutoReg - ok
20:03:46.0208 0x1ec8  [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] PNRPsvc         C:\WINDOWS\system32\pnrpsvc.dll
20:03:46.0240 0x1ec8  PNRPsvc - ok
20:03:46.0287 0x1ec8  [ BDD52AB4AEBB8B1904568DBD0CCB70CB, C3D1DBA349C79B43DCDD9EF5255C5EE973EFB844235B808B5EF9B63A51FF00AA ] PolicyAgent     C:\WINDOWS\System32\ipsecsvc.dll
20:03:46.0333 0x1ec8  PolicyAgent - ok
20:03:46.0380 0x1ec8  [ C8DD82C3035E60D671B8CC5DF128D3A9, 6AABF632CBEDA9A7B553BC9134FF100CB6FDC88000D499D2883408FCEDD97576 ] Power           C:\WINDOWS\system32\umpo.dll
20:03:46.0458 0x1ec8  Power - ok
20:03:47.0099 0x1ec8  [ E3514CE7CB4AF80ECCA383F065BC77C0, 1EA06D358A07EB9DFB703CEFC4EB834B947B899E0ACFE1C494E2DAED63F1D4B5 ] PrintNotify     C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
20:03:47.0224 0x1ec8  PrintNotify - ok
20:03:47.0287 0x1ec8  [ ECD373F9571C745894367CC2635EA44F, E08B2A1017DAE1BF10B986DAFAD14BDE20D79703E0EF3A8C700A3753908C1392 ] Processor       C:\WINDOWS\System32\drivers\processr.sys
20:03:47.0318 0x1ec8  Processor - ok
20:03:47.0396 0x1ec8  [ 19424364D8C03B990C4281BE53963FD0, 958FC8436E6B754858E20BC48B0D4B269991E8CA94C15C2761BF04ED52591907 ] ProfSvc         C:\WINDOWS\system32\profsvc.dll
20:03:47.0521 0x1ec8  ProfSvc - ok
20:03:47.0599 0x1ec8  [ FC0141B4A5AD6D637D883C1A89FC45C5, DCE8942C02EEDAE7A57707CA60CAC3A8CD6BA68E6571E405CA882D4DD6D69E43 ] Psched          C:\WINDOWS\system32\DRIVERS\pacer.sys
20:03:47.0646 0x1ec8  Psched - ok
20:03:47.0755 0x1ec8  [ DAA9DEE0A5D5F238C4EE54C2C7FB67C5, 7EC8C603BD92699AC35BDCD294F13BEE90D5C2C195FD93A3F16928BFCF53CA93 ] QWAVE           C:\WINDOWS\system32\qwave.dll
20:03:47.0880 0x1ec8  QWAVE - ok
20:03:47.0943 0x1ec8  [ 83868EB2924E6BC21A54337C65D614D1, 8D1BE01EBD190231153B867C32120DC8FBFBD32050448A778134D435D76A0B07 ] QWAVEdrv        C:\WINDOWS\system32\drivers\qwavedrv.sys
20:03:48.0005 0x1ec8  QWAVEdrv - ok
20:03:48.0068 0x1ec8  [ B337B1F1E82A83E20A1743E008E25C0F, A2E8AF041B4CAB78AEE28A2147A189FF0F9D2FCEFB167D60FBBA0A787A5A5BE7 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:03:48.0146 0x1ec8  RasAcd - ok
20:03:48.0193 0x1ec8  [ 044638489B4A5FE5334F46C5314A0826, E06CC2A9EF369794DAD69FBB5AFD1676D4283DDAB2AD5E3EFE454C473F62F955 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
20:03:48.0271 0x1ec8  RasAuto - ok
20:03:48.0396 0x1ec8  [ F83B38FCD4F69157B3D158433FA149CC, AB103BD3E2B3B134CB355C556DF70BCF0CF4DB11EFF7DB4A9876D5AA43D81293 ] RasMan          C:\WINDOWS\System32\rasmans.dll
20:03:48.0459 0x1ec8  RasMan - ok
20:03:48.0505 0x1ec8  [ 5247F308C4103CDC4FE12AE1D235800A, E567CD33CA1897D53795E071B7AFBAF98B2C8F725F8BED0BA90F5EF611520E48 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:03:48.0552 0x1ec8  RasPppoe - ok
20:03:48.0568 0x1ec8  [ 41F631007A158FEBB67F0E2AD1601BBA, EB5EA7277F4178BC27E55BF850AEBCD84B6BED80B2383CFB29548824AAFED135 ] RasSstp         C:\WINDOWS\system32\DRIVERS\rassstp.sys
20:03:48.0615 0x1ec8  RasSstp - ok
20:03:48.0693 0x1ec8  [ A1A5E79C0D1352AFDC08328A623DA051, 01546DDE6F1FF159A7EB7F2BF104910445D3D863F1F37DEA695579BA60D84280 ] rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:03:48.0787 0x1ec8  rdbss - ok
20:03:48.0849 0x1ec8  [ 6B21EBF892CD8CACB71669B35AB5DE32, 0AD8E14FEF16FB2559F5FC8AFBC9D49E4E24F43CF65F480DBF9FAB593269B419 ] rdpbus          C:\WINDOWS\System32\drivers\rdpbus.sys
20:03:48.0912 0x1ec8  rdpbus - ok
20:03:48.0990 0x1ec8  [ 680C1DAE268B6FB67FA21B389A8B79EF, 856911F77BDD8830C3D683EBE8AF399FB3A54C7D8D0B34EA37D903377F0A39BD ] RDPDR           C:\WINDOWS\system32\drivers\rdpdr.sys
20:03:49.0068 0x1ec8  RDPDR - ok
20:03:49.0099 0x1ec8  [ BC8A79C625568DDB7DCA49D0C2741A64, AB0A7ED9EC2282EC0356D27EA4F70515943E41C2112428B787636B8BEC278933 ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys
20:03:49.0115 0x1ec8  RdpVideoMiniport - ok
20:03:49.0193 0x1ec8  [ A26AEC49F318FEE141DDDB2C5F99B3E6, 246AD79FF27E79DEDCB0AAA7C22A8EA6349DEDAC863413A1E378E68FD94C9C4F ] rdyboost        C:\WINDOWS\system32\drivers\rdyboost.sys
20:03:49.0240 0x1ec8  rdyboost - ok
20:03:49.0380 0x1ec8  [ 615DFD97DEA56CE1C3A52185A3038FF8, 707BF5F9FAE478A12656D15013F507CC1335E7B72BD21CA99BB813CB95E37BC0 ] ReFS            C:\WINDOWS\system32\drivers\ReFS.sys
20:03:49.0427 0x1ec8  ReFS - ok
20:03:49.0599 0x1ec8  [ 1791B1C8C72E13D193ADE659E7DB87C1, F0C1EA05283BB89ACBE721D0CDBB30FD8F1E75D5545158D29D6EC11E41B145BA ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
20:03:49.0630 0x1ec8  RegSrvc - ok
20:03:49.0693 0x1ec8  [ 0CF7CB56BF2D5E9DBCEE0185CB626FAD, 2BD2E2FB1D2EADD1F70EF55E8523C353F95D4FEB1BAD5017FA4D94F790F27825 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
20:03:49.0756 0x1ec8  RemoteAccess - ok
20:03:49.0834 0x1ec8  [ AC8785B53F8436058C90450DA1840AE7, CC1FFC2713910211F8A6AD532DBB9253ACD188CBD784F1BE6613DF382825A3C1 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
20:03:49.0943 0x1ec8  RemoteRegistry - ok
20:03:49.0990 0x1ec8  [ DC66AE45816614D2999DCD3834DCCC4E, 1C26225135E851DDD1307F52401DD7055B26B3F3B8FDD693B21042C2896E235A ] RFCOMM          C:\WINDOWS\System32\drivers\rfcomm.sys
20:03:50.0005 0x1ec8  RFCOMM - ok
20:03:50.0224 0x1ec8  [ 41DDCF1ADD1FB7DE23DCF671740DDBE6, 87ECB5C883CEFF76D126A5B4D92E069C9298FA5B62CC981870F9ECCA13C074F1 ] RichVideo       C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
20:03:50.0255 0x1ec8  RichVideo - ok
20:03:50.0287 0x1ec8  [ 65B9FDE300A6DECC03BA44C4616DCAD6, CAD992982733DD20282A3453DC4E554AE1FC077C35479C0CA4E8BC3A9DCD3BB0 ] RpcEptMapper    C:\WINDOWS\System32\RpcEpMap.dll
20:03:50.0334 0x1ec8  RpcEptMapper - ok
20:03:50.0365 0x1ec8  [ A737B433ABAF3F2DCB2BD7B4CC582B26, 3B5706B0CF0969A9F82060FD4DCC745F2D83C066B663FE8A4F0F493B64032C9C ] RpcLocator      C:\WINDOWS\system32\locator.exe
20:03:50.0443 0x1ec8  RpcLocator - ok
20:03:50.0521 0x1ec8  [ A6F17C299A03BAFEFB9257C462A19E00, EB68967D28355271897166D7B6FD963D1E546D3C24AE1AEAAC561F94357A9345 ] RpcSs           C:\WINDOWS\system32\rpcss.dll
20:03:50.0552 0x1ec8  RpcSs - ok
20:03:50.0584 0x1ec8  [ 2D05A5508F4685412F2B89E8C2189ABC, 82F12B4E0E73411A121EFD35FBD3B44CBBC0AE96ACFBB45D8C3C3777E2EA320D ] rspndr          C:\WINDOWS\system32\DRIVERS\rspndr.sys
20:03:50.0646 0x1ec8  rspndr - ok
20:03:50.0709 0x1ec8  [ 8EB6DCEB7473C232D8BC9A886E3183AC, D81B089443306AD9D89F59DBC5F9C2F5B6A86112B4AB59316B97EE7D8B97D2FA ] RSUSBVSTOR      C:\WINDOWS\System32\Drivers\RtsUVStor.sys
20:03:50.0740 0x1ec8  RSUSBVSTOR - ok
20:03:50.0818 0x1ec8  [ A10CF010E1A2B4337230B4929E0FE4A1, AE9F6896029FE00F8642E1DDD705D4F35E77ECD4BC6CE59C96351BC21499150A ] RtkAudioService C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
20:03:50.0849 0x1ec8  RtkAudioService - ok
20:03:50.0912 0x1ec8  [ 19764658C1468C2C0CEF133D28414A6B, 87AD4056F6C67052433A366B200B75613148B69B9B9D502AD926A7F7F037B8DE ] RTL8168         C:\WINDOWS\system32\DRIVERS\Rt630x64.sys
20:03:50.0927 0x1ec8  RTL8168 - ok
20:03:50.0959 0x1ec8  [ 1A063730F221B2746FF00457AE17E4F0, 39A3C258CBFE3BC566C63528C9020A3BC9409736AE5289C08A7BA471D8409263 ] s3cap           C:\WINDOWS\System32\drivers\vms3cap.sys
20:03:50.0990 0x1ec8  s3cap - ok
20:03:51.0037 0x1ec8  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] SamSs           C:\WINDOWS\system32\lsass.exe
20:03:51.0052 0x1ec8  SamSs - ok
20:03:51.0146 0x1ec8  [ C624A1B32211C3166EDB3F4AB02A30B7, 6B2A4607DB52D74242787ED9DF9067058983D310431D8612D2B0236E6201E681 ] sbp2port        C:\WINDOWS\system32\drivers\sbp2port.sys
20:03:51.0193 0x1ec8  sbp2port - ok
20:03:51.0240 0x1ec8  [ 74A3B67F03877D06B09B1B40C5ED582E, A8FF9BF416F0BF365BFB4E1796859825C811A74B5E54DDDCE8345193BEEBE206 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.dll
20:03:51.0287 0x1ec8  SCardSvr - ok
20:03:51.0349 0x1ec8  [ 8B9C4D55B4A536FB01C360DDB9533574, 9B939FE68F6F9C171ED0D91E2CE1E67515295D34EC23606BCDFD097DCC8CFD4A ] ScDeviceEnum    C:\WINDOWS\System32\ScDeviceEnum.dll
20:03:51.0412 0x1ec8  ScDeviceEnum - ok
20:03:51.0459 0x1ec8  [ 13BEA6C882D4D877A5A85CA149C86BC1, 8E9BE5C2A36D5881D9985C3A31309FE03966EA13A3541D3C5B542AB67FA0D55F ] scfilter        C:\WINDOWS\system32\DRIVERS\scfilter.sys
20:03:51.0521 0x1ec8  scfilter - ok
20:03:51.0662 0x1ec8  [ A626F5E446860F22835E783142D7AE33, 3A786639E1FABCA512F4F91A10811DD3C4D9C9C9BB893362E4D019219D0BD8E2 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
20:03:51.0709 0x1ec8  Schedule - ok
20:03:51.0756 0x1ec8  [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] SCPolicySvc     C:\WINDOWS\System32\certprop.dll
20:03:51.0787 0x1ec8  SCPolicySvc - ok
20:03:51.0834 0x1ec8  [ C54B6B2170BF628FD42F799A66956D75, BCF460A124CAA6F1F1A9A7BCBDCC2D5E39B0404D96B7C9FFAC806E041782B91E ] sdbus           C:\WINDOWS\System32\drivers\sdbus.sys
20:03:51.0881 0x1ec8  sdbus - ok
20:03:51.0927 0x1ec8  [ 0B1E929D11A8E358106955603FAC65E8, A5EC91BFC0873EC6AB1D0DB4E91654BD35339BD680E7E82DA2DC64996B4AE515 ] sdstor          C:\WINDOWS\System32\drivers\sdstor.sys
20:03:51.0974 0x1ec8  sdstor - ok
20:03:52.0021 0x1ec8  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\WINDOWS\system32\drivers\secdrv.sys
20:03:52.0099 0x1ec8  secdrv - ok
20:03:52.0146 0x1ec8  [ BA24CEA7152239F42ECD04AFB7C89D24, A2A11EABB0C283772B74667C7544B61BEB1B9745FBF065E831542129EB585AFA ] seclogon        C:\WINDOWS\system32\seclogon.dll
20:03:52.0209 0x1ec8  seclogon - ok
20:03:52.0256 0x1ec8  [ 81FE9A81EDF8016816C9E91FBFBF7D35, 87FB92A3D15F312F0B9C423EF851061A944B013E5668D8C9A441B4DC0EB690AF ] SENS            C:\WINDOWS\System32\sens.dll
20:03:52.0302 0x1ec8  SENS - ok
20:03:52.0365 0x1ec8  [ 6E4012AE67F09F867EF620C8D5524C0B, 63933E51F8E413E63481369CE2F9FD224560550FBD3BD2B4573E9F4AD88708A2 ] SensrSvc        C:\WINDOWS\system32\sensrsvc.dll
20:03:52.0474 0x1ec8  SensrSvc - ok
20:03:52.0506 0x1ec8  [ DB2FF24CE0BDD15FE75870AFE312BA89, 7DB0D978C92CD0A0A81F7AB46FE323B4929CEA01585B0F330921E6DFA7DE1B85 ] SerCx           C:\WINDOWS\system32\drivers\SerCx.sys
20:03:52.0552 0x1ec8  SerCx - ok
20:03:52.0599 0x1ec8  [ 0044B31F93946D5D41982314381FE431, 95B8A94BA9EF770F29ACD5B23D447EC2B6CF1CB3D0030343BA1550AC31F6E2A5 ] SerCx2          C:\WINDOWS\system32\drivers\SerCx2.sys
20:03:52.0646 0x1ec8  SerCx2 - ok
20:03:52.0662 0x1ec8  [ 3CD600C089C1251BEEB4CD4CD5164F9E, D9F81951B4454B24E821E33ACA53A851A61F3135E8EC6FBE6761A1A3E1CDCBE2 ] Serenum         C:\WINDOWS\System32\drivers\serenum.sys
20:03:52.0693 0x1ec8  Serenum - ok
20:03:52.0740 0x1ec8  [ D864381BC9C725FAB01D94C060660166, 132FED95222BBE3B0B25B3F1F0EFC5903D04564BD047BA4D2042AD51E3FDA724 ] Serial          C:\WINDOWS\System32\drivers\serial.sys
20:03:52.0818 0x1ec8  Serial - ok
20:03:52.0881 0x1ec8  [ 96B01F117057FB4DAE0FF919ACB55770, D0F58F1CAE4F81D60FCE60BB0065A34B4F897E8105DF17B6DAA334938CD25A56 ] sermouse        C:\WINDOWS\System32\drivers\sermouse.sys
20:03:52.0959 0x1ec8  sermouse - ok
20:03:53.0068 0x1ec8  [ 3A2F1A7472C3B7CC9B89C8516C726488, 9BCBBAC10C900EA7B30822B463A77EE5067F217C4B490857A09E5277983CB89B ] SessionEnv      C:\WINDOWS\system32\sessenv.dll
20:03:53.0209 0x1ec8  SessionEnv - ok
20:03:53.0240 0x1ec8  [ 472B7A5AC181C050888DB454663DD764, C950A8615D57BFD455E18880398350642B2E1D6B951EC9754FD8D429F3418835 ] sfloppy         C:\WINDOWS\System32\drivers\sfloppy.sys
20:03:53.0287 0x1ec8  sfloppy - ok
20:03:53.0584 0x1ec8  [ AA37EE4C012656A974561D68E0A40291, 3C029D3A0929B698ED02185354DD2AAF9575774B3AE1FC2AEF65F08F19235A8C ] SftService      C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
20:03:53.0646 0x1ec8  SftService - ok
20:03:53.0740 0x1ec8  [ 8081FF3DAE8159FE8956B09BC29CE983, AC0F305AEE8B1AB2E1275F1D33EC1D2F3E23F234F831BD9D41F415A94A19D3AB ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
20:03:53.0818 0x1ec8  SharedAccess - ok
20:03:53.0912 0x1ec8  [ 7FD9A61A3523A61FC135D61D6E160314, 409E1CF7A62FD90CBC31AEAFBB7230B02DBEC6CFCA2D266D221A7643FAEBA13B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
20:03:53.0990 0x1ec8  ShellHWDetection - ok
20:03:54.0037 0x1ec8  [ 2F518D13DD6F3053837FE606F1A2EA1F, 64109296CE95BD233525688A350D575CF97B9464659AA07CF78B307B6ADBC835 ] SiSRaid2        C:\WINDOWS\system32\drivers\SiSRaid2.sys
20:03:54.0068 0x1ec8  SiSRaid2 - ok
20:03:54.0084 0x1ec8  [ 1AC9A200A9C49C4508F04AAFFCA34A3F, 972BCB2A39169155F74111FAC74ACCD8F50E34EADCF087833B0980827627BBF4 ] SiSRaid4        C:\WINDOWS\system32\drivers\sisraid4.sys
20:03:54.0115 0x1ec8  SiSRaid4 - ok
20:03:54.0256 0x1ec8  [ 704B4F81729F676BBF034529FC334D82, 1E50DAF97836807A500284385D99272780A8B69CA88761250451060B207824F8 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
20:03:54.0318 0x1ec8  SkypeUpdate - ok
20:03:54.0349 0x1ec8  [ DC3DE448C5B5FA63B6CC58BBD08C96C0, B2FA665F913AF96E32D8364CE3C0229C69420536F1C416E8FF17D8EB94A94478 ] SmbDrv          C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys
20:03:54.0381 0x1ec8  SmbDrv - ok
20:03:54.0443 0x1ec8  [ 016B6E23FC7F2E4C63D0F5C00501EEEE, 61A920C1289D25DB7F4A07A690D2152B9994BDFDEC8DA836D9D3BCBBF824185D ] SmbDrvI         C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys
20:03:54.0474 0x1ec8  SmbDrvI - ok
20:03:54.0521 0x1ec8  [ 3C84DCCE5B322F745A75CA8BA3A0F6B3, 1FB94A8A1C63D6FDB82E28ED5B696B3CB1F64183A89A3B5153B266C292CB7815 ] smphost         C:\WINDOWS\System32\smphost.dll
20:03:54.0568 0x1ec8  smphost - ok
20:03:54.0600 0x1ec8  [ D0EB0DF8C603BBA084351A92732B1CBE, E24ED8F78EF41C1BC17386AE4BBCE0DC892C5B89B12C03FC9FB61D359B13F1B4 ] SNMPTRAP        C:\WINDOWS\System32\snmptrap.exe
20:03:54.0631 0x1ec8  SNMPTRAP - ok
20:03:54.0818 0x1ec8  [ D24B1945ED1F9C96DA786DBBF1E983CE, B46CB0B72B7A3DF94A46B8D65E38535C5F8E72A55CF2DC48EFA1F9A0108691C4 ] spaceport       C:\WINDOWS\system32\drivers\spaceport.sys
20:03:54.0928 0x1ec8  spaceport - ok
20:03:54.0990 0x1ec8  [ F337BE11071818FC3F5DC2940B6BDE34, D5CFF00E5DF37045F71AEE101AC9B270EBB29F372F404757B58600E9966C7E4D ] SpbCx           C:\WINDOWS\system32\drivers\SpbCx.sys
20:03:55.0021 0x1ec8  SpbCx - ok
20:03:55.0162 0x1ec8  [ FCB156A6745631A67DEA61827061D483, 9275ABFA1E1E595969A71C0DA228D18D1B868BF46E097E1276142BD80F8A32C9 ] Spooler         C:\WINDOWS\System32\spoolsv.exe
20:03:55.0225 0x1ec8  Spooler - ok
20:03:56.0131 0x1ec8  [ C993A0B97BECD3AAF5158E3869878465, 8B86F37DEFCBE55DE507D830EC4980EBB39B3CCA30C2B3E76B588AAB282A50FC ] sppsvc          C:\WINDOWS\system32\sppsvc.exe
20:03:56.0428 0x1ec8  sppsvc - ok
20:03:56.0537 0x1ec8  [ 6416E79A58A8FCC33A447A4DDDD3BF04, 839E3107ACCD520C309BD6C8324DF7A8EB724EAD442AB1F1CACB0D83F84BE488 ] srv             C:\WINDOWS\system32\DRIVERS\srv.sys
20:03:56.0662 0x1ec8  srv - ok
20:03:56.0771 0x1ec8  [ 00D8AC8E3053290BDE6EA2FB6810D2FC, 957FEF84CBBAE71829529AE99A1B24F52D7831BD666442D0132FBB825409A75D ] srv2            C:\WINDOWS\system32\DRIVERS\srv2.sys
20:03:56.0818 0x1ec8  srv2 - ok
20:03:56.0865 0x1ec8  [ D047CD668E6277FD80F0C613946F034C, BD0209E7FD89F9295D4DE48C9652DF2A2990277C16AFA473B96704B1CBD2F338 ] srvnet          C:\WINDOWS\system32\DRIVERS\srvnet.sys
20:03:56.0912 0x1ec8  srvnet - ok
20:03:56.0990 0x1ec8  [ CF6C3037839CF78421A94F9060C2886F, CA98C180AE03F5BE8FEFFBA75BD98DEE2AD4FA975E1EF83215C9CD2476946811 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
20:03:57.0068 0x1ec8  SSDPSRV - ok
20:03:57.0131 0x1ec8  [ 198A737DBA666F4808D62E9A8277A6B7, 90B6E5E2ACE95D850C913A3A1DA1F966C44955C530004C228FA93B2A536F5C27 ] SstpSvc         C:\WINDOWS\system32\sstpsvc.dll
20:03:57.0146 0x1ec8  SstpSvc - ok
20:03:57.0193 0x1ec8  [ 366DEA74BBA65B362BCCFC6FC2ADFD8B, 4D28122AB9D8DAB724021E6513B4474BD34FCEDF47769B1D27AC7551FCA002F8 ] stexstor        C:\WINDOWS\system32\drivers\stexstor.sys
20:03:57.0209 0x1ec8  stexstor - ok
20:03:57.0350 0x1ec8  [ 63E9CE568CF1192771A5F0460DE7D2B9, C27B21FD2C14AD41A59EF62EB8AC95C08EB13CCB1CEECD8378B8CDD4DC352E69 ] stisvc          C:\WINDOWS\System32\wiaservc.dll
20:03:57.0459 0x1ec8  stisvc - ok
20:03:57.0475 0x1ec8  [ 0ED2E318ABB68C1A35A8B8038BDB4C90, 5C3ABC245F4BCFE64E646D9C0E2F5E211244956C84D03084C71FF6A7E0CDED30 ] storahci        C:\WINDOWS\system32\drivers\storahci.sys
20:03:57.0506 0x1ec8  storahci - ok
20:03:57.0537 0x1ec8  [ 8B9486B64E5FC17FB9CC04CA10B77A34, C1EAC9D27DC83E4C56B890D97988C3CCFAE3877309610601F2E3FFFE97686D43 ] storflt         C:\WINDOWS\system32\drivers\vmstorfl.sys
20:03:57.0568 0x1ec8  storflt - ok
20:03:57.0600 0x1ec8  [ 6B06E2D11E604BE2B1A406C4CB3B90DE, 2DDEA1568A85AD64FCE5D10D348304FCD9BE6E96C2313353EF70A2933306D188 ] stornvme        C:\WINDOWS\system32\drivers\stornvme.sys
20:03:57.0615 0x1ec8  stornvme - ok
20:03:57.0631 0x1ec8  [ A45F5AC9D8069D0EC66E3CA73103073B, 996788F1C58E016E8E5CF3FD1D220A3C40AFFD6C21361A34636415DB12E0D381 ] StorSvc         C:\WINDOWS\system32\storsvc.dll
20:03:57.0709 0x1ec8  StorSvc - ok
20:03:57.0756 0x1ec8  [ 548759755BC73DAD663250239D7E0B9F, D31A05A8CE800B539420B6E545F1F4BF6E4B02EAF8366DE89CAF13A83C6CA48D ] storvsc         C:\WINDOWS\system32\drivers\storvsc.sys
20:03:57.0787 0x1ec8  storvsc - ok
20:03:57.0850 0x1ec8  [ ACABD09AFD92D37BED3B7BA010C03A1C, 5E4DF020C90062C7D79C5FBC945D60E25C814FDCF7B8143C69EEABF79440752F ] SupportAssistAgent C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
20:03:57.0865 0x1ec8  SupportAssistAgent - ok
20:03:57.0881 0x1ec8  [ E395BE02F80A79A6CF973BA38DBB8135, 4C6F85B0EB8E7725BA720F9742561D229726C0D7C17505D1E79F19A5626F6325 ] svsvc           C:\WINDOWS\system32\svsvc.dll
20:03:57.0975 0x1ec8  svsvc - ok
20:03:58.0006 0x1ec8  [ 65454187E0F8B6C0DCECB0287D06EC43, 87550000CF5B3C1DF3E69633934AFE8554AE40B6638F190D3185AD63F1D7A2EE ] swenum          C:\WINDOWS\System32\drivers\swenum.sys
20:03:58.0037 0x1ec8  swenum - ok
20:03:58.0131 0x1ec8  [ 1C71D72D4997A284128FBEE770726330, 21682BDE74A1108FED1124FB1EA35A03CBFA94ABE1B89CC0FADB4DD82596C43E ] swprv           C:\WINDOWS\System32\swprv.dll
20:03:58.0193 0x1ec8  swprv - ok
20:03:58.0240 0x1ec8  [ F80FE7A585E3B855D8680FDEB3107A1F, 73786227B4D90155A3FF37634BE1E92CAB30FF992B7B0EDBA6B14901DEDBD04B ] SynTP           C:\WINDOWS\system32\DRIVERS\SynTP.sys
20:03:58.0303 0x1ec8  SynTP - ok
20:03:58.0490 0x1ec8  [ 3114CB46C2853CA71525428CB0C7CB58, A9CC51506AABBC23BAB2B90E30AB13197A72268A3DE6D2F281C1C367ED7118AE ] SysMain         C:\WINDOWS\system32\sysmain.dll
20:03:58.0631 0x1ec8  SysMain - ok
20:03:58.0740 0x1ec8  [ 23BECB70654B192A7E378DEE3DBD8D42, 7596174AE7508B62C40A429645198F6A420D0CD5B62A10AB78516113584E7EDB ] SystemEventsBroker C:\WINDOWS\System32\SystemEventsBrokerServer.dll
20:03:58.0834 0x1ec8  SystemEventsBroker - ok
20:03:58.0912 0x1ec8  [ D6A71B95ACF71ACA63B67232059F1BCD, C5CEC032E7AB507500D1CC7A4E65DA6322412C798201A9D770CBDE892E50DFC8 ] TabletInputService C:\WINDOWS\System32\TabSvc.dll
20:03:59.0053 0x1ec8  TabletInputService - ok
20:03:59.0147 0x1ec8  [ 5A5BAB1CA9621E73E25EE4744B67CDA6, 479EBD7BAE1E2AD431153FDC016742F7A8D824716EAB1A4CA87EBBD21D61DECD ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
20:03:59.0193 0x1ec8  TapiSrv - ok
20:03:59.0584 0x1ec8  [ 468273F7089A3A33D149955F0F203FA4, 18FD0B73FBD63550E904EE76D4323EFE163BFF8C3DC6DE67F4BE6003C7DC6879 ] Tcpip           C:\WINDOWS\system32\drivers\tcpip.sys
20:03:59.0678 0x1ec8  Tcpip - ok
20:03:59.0756 0x1ec8  [ 468273F7089A3A33D149955F0F203FA4, 18FD0B73FBD63550E904EE76D4323EFE163BFF8C3DC6DE67F4BE6003C7DC6879 ] TCPIP6          C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:03:59.0834 0x1ec8  TCPIP6 - ok
20:03:59.0865 0x1ec8  [ 41CF802064F72E55F50CA0A221FD36D4, 70ABCDF9E96611E8C83042C581575E26649FE479475E8E118CD3FF6CB1C84C3F ] tcpipreg        C:\WINDOWS\system32\drivers\tcpipreg.sys
20:03:59.0928 0x1ec8  tcpipreg - ok
20:03:59.0975 0x1ec8  [ FFF28F9F6823EB1756C60F1649560BBF, 208DFF8BF0329D0D4761C7E31527AEED7FF5F3C36C5005953D01477F35408D5C ] tdx             C:\WINDOWS\system32\DRIVERS\tdx.sys
20:04:00.0037 0x1ec8  tdx - ok
20:04:00.0069 0x1ec8  [ 232D185D2337F141311D0CF1983E1431, 02EB56D3F26174AF1741C1A444CE30DE84D5BAF583C1A52C7A953BCC52445547 ] terminpt        C:\WINDOWS\System32\drivers\terminpt.sys
20:04:00.0100 0x1ec8  terminpt - ok
20:04:00.0381 0x1ec8  [ C50997E282576DA492EBA66B059D4196, EBD793CB396F9503376207FA60353F5672DEDB620C8E01C8D6AE0030B3B03339 ] TermService     C:\WINDOWS\System32\termsrv.dll
20:04:00.0459 0x1ec8  TermService - ok
20:04:00.0506 0x1ec8  [ 2180DBCE75B914E5E5BBFFFAAE97AA21, 8000AECC8855903DB50ABA7E304396D1FCEAE8DC9ADD4FC50275CF24B4D914DE ] Themes          C:\WINDOWS\system32\themeservice.dll
20:04:00.0537 0x1ec8  Themes - ok
20:04:00.0584 0x1ec8  [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] THREADORDER     C:\WINDOWS\system32\mmcss.dll
20:04:00.0600 0x1ec8  THREADORDER - ok
20:04:00.0647 0x1ec8  [ B5ED9CC61798C7D44BD535D40B89EFB5, 1BDCEAA9AF2096381870D92129C748F4EE06A1167ABA9367B9DD43BAF27E3F5B ] TimeBroker      C:\WINDOWS\System32\TimeBrokerServer.dll
20:04:00.0740 0x1ec8  TimeBroker - ok
20:04:00.0819 0x1ec8  [ 82F909359600D3603FE852DB7F135626, 2EB2BB9D81AC9A2E432B2628E296B7B21F1C82EAE8009300EEF1B8596A9F418D ] TPM             C:\WINDOWS\system32\drivers\tpm.sys
20:04:00.0865 0x1ec8  TPM - ok
20:04:00.0897 0x1ec8  [ 884113C2BB703FE806C8608B75F34831, 24DE5750CA4363455412BABB0B1FAB08497153E8F158ED44958F100410F93506 ] TrkWks          C:\WINDOWS\System32\trkwks.dll
20:04:00.0959 0x1ec8  TrkWks - ok
20:04:01.0037 0x1ec8  [ 44A94FB4C76528D2382FFE04B05827C3, B0BCDF7CD1D65E61A9061D539D83527A89B69583958F8A26C6BF9766C1B61E0C ] TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe
20:04:01.0162 0x1ec8  TrustedInstaller - ok
20:04:01.0178 0x1ec8  [ BF8F54CA37E9C9D6582C31C5761F8C93, 337C566792F6FB9B7FD5D1D4384B767CFE4CF5DBB2E4688CCC36CBB018A0DD0F ] TsUsbFlt        C:\WINDOWS\system32\drivers\tsusbflt.sys
20:04:01.0240 0x1ec8  TsUsbFlt - ok
20:04:01.0272 0x1ec8  [ 20185BEB7512EDE4EFECDFA148AC9F99, 6F539478493C0F87F3DDF67A4A6D4D41E9474EEF21434E856350CE149A34EA9F ] TsUsbGD         C:\WINDOWS\System32\drivers\TsUsbGD.sys
20:04:01.0334 0x1ec8  TsUsbGD - ok
20:04:01.0412 0x1ec8  [ C8E0E78B5D284C2FF59BDFFDAF997242, BA1576C491A1246EF9866762426D110F4570F9DB42A68C174943C7D5020FE3E2 ] tunnel          C:\WINDOWS\system32\DRIVERS\tunnel.sys
20:04:01.0475 0x1ec8  tunnel - ok
20:04:01.0537 0x1ec8  [ 42350E49DA754D2D77362FDAE3491651, F29E8BA444ECB0484066B02C0A3DCE09B8417159EE37D7A2E05D4C06A98449C4 ] TurboB          C:\WINDOWS\system32\DRIVERS\TurboB.sys
20:04:01.0569 0x1ec8  TurboB - ok
20:04:01.0740 0x1ec8  [ 4F4B0AB2FB69C414CCBCEF7CF2E1C8D8, E1F197554369C97DBF61389346B4CB0233F40AAA2575F5D2FEC809AC9123FC69 ] TurboBoost      C:\Program Files\Intel\TurboBoost\TurboBoost.exe
20:04:01.0787 0x1ec8  TurboBoost - ok
20:04:01.0865 0x1ec8  [ F6EEAD052943B5A3104C1405BB856C54, FE422813E6C1012E9F392EFF2AE4C6D3A4DBD9CB2BD5E6A5CAB57D4E89A29468 ] uagp35          C:\WINDOWS\system32\drivers\uagp35.sys
20:04:01.0912 0x1ec8  uagp35 - ok
20:04:01.0959 0x1ec8  [ FE6067B1FD4E63650C667B33D080565B, 2C330ED00E49BA55E25564230E0DFB8A35F2B5320EB18D4AF7CAACFA9A449044 ] UASPStor        C:\WINDOWS\System32\drivers\uaspstor.sys
20:04:01.0990 0x1ec8  UASPStor - ok
20:04:02.0069 0x1ec8  [ 807F8CF3E973305FC435C61CBBEE2A49, 43CDEAC2BFC5091C11DFC0E7F7171AF9A598AE56CB056C3CF382AE7807F79EF0 ] UCX01000        C:\WINDOWS\System32\drivers\ucx01000.sys
20:04:02.0100 0x1ec8  UCX01000 - ok
20:04:02.0209 0x1ec8  [ C61EAF8E1E4B2F62BA4FDF457440B2C6, 961F76A789925234AC27F56AAE34556FA06088D71580B42C24B0BC209EAFD67E ] udfs            C:\WINDOWS\system32\DRIVERS\udfs.sys
20:04:02.0350 0x1ec8  udfs - ok
20:04:02.0412 0x1ec8  [ 9578691F297E1B1F519970FE6D47CB21, 080C352AAF22A16A4F3C4AB4DCEA5BFA656457C73F735CEBA30516FDACCF6301 ] UEFI            C:\WINDOWS\System32\drivers\UEFI.sys
20:04:02.0428 0x1ec8  UEFI - ok
20:04:02.0475 0x1ec8  [ A867F0F978EE64C87FADC3B100869EE4, 2686BE85F963D0D0BB275E92E5B543280D8742CF10772303E3189D0719B6A277 ] UI0Detect       C:\WINDOWS\system32\UI0Detect.exe
20:04:02.0522 0x1ec8  UI0Detect - ok
20:04:02.0537 0x1ec8  [ 5EAB5117DDB24FC4D39E6FFFCF1837B9, 2BC709240867F161E94BE6625A04F478EAAA3EEE7BC7C37ED0DFA9EEA5928E98 ] uliagpkx        C:\WINDOWS\system32\drivers\uliagpkx.sys
20:04:02.0569 0x1ec8  uliagpkx - ok
20:04:02.0584 0x1ec8  [ DA34C39A18E60E7C3FA0630566408034, 2F162504214053894C72760D9933D01DBF3578609FE5E2376C3272818599FE32 ] umbus           C:\WINDOWS\System32\drivers\umbus.sys
20:04:02.0616 0x1ec8  umbus - ok
20:04:02.0631 0x1ec8  [ AE8294875E5446E359B1E8035D40C05E, AE0357BAB47C07C3576BC76951CD258C009BC5A1B93259D2122A841BD9CDA8FA ] UmPass          C:\WINDOWS\System32\drivers\umpass.sys
20:04:02.0662 0x1ec8  UmPass - ok
20:04:02.0756 0x1ec8  [ A023F267A262D5DA6CE1436D9C5E8FD9, 92AD7AF91184C244A7E392F49663143193A80D5D81114546A00F18227DE31D23 ] UmRdpService    C:\WINDOWS\System32\umrdp.dll
20:04:02.0819 0x1ec8  UmRdpService - ok
20:04:02.0975 0x1ec8  [ DBE2E6388379D5CC78099650541E9566, 1914BC929F109A49FB18ED31F239A9813A010B0A3914BC8CD0D6A94A67A072D7 ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
20:04:03.0022 0x1ec8  UNS - ok
20:04:03.0147 0x1ec8  [ C98493DD8E6A50154FAC75C15E1C36BB, CECD1C826C8F7AF05468871BF6A0ACDBB6B0202F4F87F48C6D367E5BD699E800 ] upnphost        C:\WINDOWS\System32\upnphost.dll
20:04:03.0225 0x1ec8  upnphost - ok
20:04:03.0303 0x1ec8  [ FF78D053A05E5A394F4E3C1816CC65A8, 5DAE02414271231F5FDBB751AFEB99874779B467947020815D4AE54432D4269D ] usbccgp         C:\WINDOWS\System32\drivers\usbccgp.sys
20:04:03.0412 0x1ec8  usbccgp - ok
20:04:03.0491 0x1ec8  [ 0139248F6B95CF0D837B5B46A2722D40, 38E3E704E0364F07732DB418AEBD126B040FB3CDB7D78EA36E8605D50D528A80 ] usbcir          C:\WINDOWS\System32\drivers\usbcir.sys
20:04:03.0616 0x1ec8  usbcir - ok
20:04:03.0662 0x1ec8  [ 48BA326A3DBA5B5BEB5F2777F4618696, B9EC8155F11A3A7644BD9DC8910681B46AE44AE3BF53F052DF50E9C5555E3229 ] usbehci         C:\WINDOWS\System32\drivers\usbehci.sys
20:04:03.0741 0x1ec8  usbehci - ok
20:04:03.0772 0x1ec8  [ FEF0BC107812B36849741C3211BA6B60, B3EF738BE1E6B6027F29C9713CD3F367EA067D2BE46580AFBC0FB58046EF6BBD ] usbhub          C:\WINDOWS\System32\drivers\usbhub.sys
20:04:03.0850 0x1ec8  usbhub - ok
20:04:03.0975 0x1ec8  [ 95B0179BDA907252025DEEA183699FB3, A6BDFB93EE9418A83407024204A41640A08638C60E2BE75C249D102601DC1D80 ] USBHUB3         C:\WINDOWS\System32\drivers\UsbHub3.sys
20:04:04.0069 0x1ec8  USBHUB3 - ok
20:04:04.0100 0x1ec8  [ 3019097FB6C985EF24C058090FF3BDBD, 24AC518D34E338D94BF3D5B3F72E53F8A1369BAA7F32FEA3EDBCF928C4FF1D17 ] usbohci         C:\WINDOWS\System32\drivers\usbohci.sys
20:04:04.0194 0x1ec8  usbohci - ok
20:04:04.0241 0x1ec8  [ 4D655E3B684BE9B0F7FFD8A2935C348C, 3A7FC1748C5AEA8CFE0E7C22ADC77E3DCA475455FC16D9C6A5C16EB5E949A516 ] usbprint        C:\WINDOWS\System32\drivers\usbprint.sys
20:04:04.0350 0x1ec8  usbprint - ok
20:04:04.0428 0x1ec8  [ 66732C13628BDB1AB0D6FD46027327C2, B582C0F348D8F79419CA5A58F10CA151E06D7CA3BE162344CADA46D9D7FED97C ] USBSTOR         C:\WINDOWS\System32\drivers\USBSTOR.SYS
20:04:04.0491 0x1ec8  USBSTOR - ok
20:04:04.0522 0x1ec8  [ 064260B3A5868AC894A4943543BC7AB7, D3534E98B34C4AC9A430D7E0AB301A0E5E1511E3117C2FEA392636B0DE2C38E2 ] usbuhci         C:\WINDOWS\System32\drivers\usbuhci.sys
20:04:04.0616 0x1ec8  usbuhci - ok
20:04:04.0756 0x1ec8  [ 5C8F604F6DC74177CDD8372D7B1ADFF0, C1DE9A37A7A01CCCBFCE13C1E5B26683F620AB21EDA5A14C82022E2F49C84484 ] usbvideo        C:\WINDOWS\System32\Drivers\usbvideo.sys
20:04:04.0897 0x1ec8  usbvideo - ok
20:04:05.0038 0x1ec8  [ 44603DA5A87FB491EF59C889EBBB4DDB, 59AA9B6B0B5D66F9312CD3F999D0D9F12F1A2C5D230365AD7287CD71FD86961C ] USBXHCI         C:\WINDOWS\System32\drivers\USBXHCI.SYS
20:04:05.0147 0x1ec8  USBXHCI - ok
20:04:05.0178 0x1ec8  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] VaultSvc        C:\WINDOWS\system32\lsass.exe
20:04:05.0194 0x1ec8  VaultSvc - ok
20:04:05.0256 0x1ec8  VBoxAswDrv - ok
20:04:05.0288 0x1ec8  [ FEB26E3B8345A7E8D62F945C4AE86562, 3AAFE87C402FC8E92542DFE60EC9540559863065F88D429A16D7B1BF829223FF ] vdrvroot        C:\WINDOWS\system32\drivers\vdrvroot.sys
20:04:05.0303 0x1ec8  vdrvroot - ok
20:04:05.0491 0x1ec8  [ 8A4D808D1EC7C1C47B2C8BF488A9A07A, 63C07312ADB6F8A8BDE93361C30AC63DAB4DE1141AF54630EEF11E54B0BF983D ] vds             C:\WINDOWS\System32\vds.exe
20:04:05.0584 0x1ec8  vds - ok
20:04:05.0616 0x1ec8  [ A026EDEAA5EECAE0B08E2748B616D4BD, 2525A54DC7F49DDFBB999C22BF3FAB6D9E9F70C0806E58D81E90AC59F9F46089 ] VerifierExt     C:\WINDOWS\system32\drivers\VerifierExt.sys
20:04:05.0647 0x1ec8  VerifierExt - ok
20:04:05.0944 0x1ec8  [ C06E8481E068F170A258441639AC5792, 2F550530BACB511A195D5047F003B01CB6E04FA9A0DCCF638CB3D51FF5467DC7 ] vhdmp           C:\WINDOWS\System32\drivers\vhdmp.sys
20:04:06.0069 0x1ec8  vhdmp - ok
20:04:06.0116 0x1ec8  [ 06D38968028E9AB19DE9B618C7B6D199, 62022297A47F440D1C82CA0B0E57C0C8E9D5033D83DD3B40492B218DF65EBF68 ] viaide          C:\WINDOWS\system32\drivers\viaide.sys
20:04:06.0163 0x1ec8  viaide - ok
20:04:06.0225 0x1ec8  [ 511AD3FF957A0127E6BD336FF6F89C38, 55325BFD0857A1204F7F6F8ED8C91C07B0E20A50402105708E7365ECD9E25A21 ] vmbus           C:\WINDOWS\system32\drivers\vmbus.sys
20:04:06.0272 0x1ec8  vmbus - ok
20:04:06.0319 0x1ec8  [ DA40BEA0A863CE768C940CA9723BF81F, 567C0C3F422325635808B0CF76E05D3B6187F96845C33F85F92F98C9FE53A5B8 ] VMBusHID        C:\WINDOWS\System32\drivers\VMBusHID.sys
20:04:06.0381 0x1ec8  VMBusHID - ok
20:04:06.0475 0x1ec8  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicguestinterface C:\WINDOWS\System32\ICSvc.dll
20:04:06.0538 0x1ec8  vmicguestinterface - ok
20:04:06.0584 0x1ec8  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicheartbeat   C:\WINDOWS\System32\ICSvc.dll
20:04:06.0616 0x1ec8  vmicheartbeat - ok
20:04:06.0694 0x1ec8  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmickvpexchange C:\WINDOWS\System32\ICSvc.dll
20:04:06.0725 0x1ec8  vmickvpexchange - ok
20:04:06.0788 0x1ec8  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicrdv         C:\WINDOWS\System32\ICSvc.dll
20:04:06.0819 0x1ec8  vmicrdv - ok
20:04:06.0834 0x1ec8  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicshutdown    C:\WINDOWS\System32\ICSvc.dll
20:04:06.0850 0x1ec8  vmicshutdown - ok
20:04:06.0897 0x1ec8  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmictimesync    C:\WINDOWS\System32\ICSvc.dll
20:04:06.0928 0x1ec8  vmictimesync - ok
20:04:06.0959 0x1ec8  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicvss         C:\WINDOWS\System32\ICSvc.dll
20:04:06.0975 0x1ec8  vmicvss - ok
20:04:07.0038 0x1ec8  [ 55D7D963DE85162F1C49721E502F9744, 5AD34D6DB707EF3E5242BD8CA67B21D6258EE7E7FC477D5227BD15500AE7F45F ] volmgr          C:\WINDOWS\system32\drivers\volmgr.sys
20:04:07.0069 0x1ec8  volmgr - ok
20:04:07.0116 0x1ec8  [ CCB9E901F7254BF96D28EB1B0E5329B7, F0E3CA4EFA544CDAEF4092284CF3EC7DF07F806A770285E281816457AD8813F5 ] volmgrx         C:\WINDOWS\system32\drivers\volmgrx.sys
20:04:07.0147 0x1ec8  volmgrx - ok
20:04:07.0241 0x1ec8  [ 64CA2B4A49A8EAF495E435623ECCE7DB, 81151F295A54DE2B8B88C7F48C86BF58CDFF96F98493509C06D6F41484594386 ] volsnap         C:\WINDOWS\system32\drivers\volsnap.sys
20:04:07.0319 0x1ec8  volsnap - ok
20:04:07.0381 0x1ec8  [ EF31713EE4C7CCFE4049F7E7F15645A2, 35D198D3F1061E19A7EF89FA1E75377049CD6BCA9702F8076B9F95BB8737E0D4 ] vpci            C:\WINDOWS\System32\drivers\vpci.sys
20:04:07.0413 0x1ec8  vpci - ok
20:04:07.0460 0x1ec8  [ 4539F45F9F4C9757A86A56C949421E07, DEC362314B2C66414F39354AFE79C02B18BF4EEF90787FB58307F6EB62237E2C ] vsmraid         C:\WINDOWS\system32\drivers\vsmraid.sys
20:04:07.0491 0x1ec8  vsmraid - ok
20:04:07.0850 0x1ec8  [ 94FAFD473CDD80CE19A21FB9503D7ED1, 953E5E8C753C0017E1258695A76F60CC05D283F7476B9D9C5C8AC78B8E3FCE18 ] VSS             C:\WINDOWS\system32\vssvc.exe
20:04:07.0928 0x1ec8  VSS - ok
20:04:07.0991 0x1ec8  [ 0849B7260F26FE05EA56DED0672E2F4B, 7EAC0E7988F45CB4133A15932955B7B03CE715C967A3BAC9999D81543EBCAEC5 ] VSTXRAID        C:\WINDOWS\system32\drivers\vstxraid.sys
20:04:08.0038 0x1ec8  VSTXRAID - ok
20:04:08.0100 0x1ec8  [ BE970C369E43B509C1EDA2B8FA7CECB0, 18951F2AA842A0795AA79A4E164EE925A35E6270EBE4C4CDB19D0A891830E383 ] vwifibus        C:\WINDOWS\System32\drivers\vwifibus.sys
20:04:08.0194 0x1ec8  vwifibus - ok
20:04:08.0241 0x1ec8  [ 35BF5C5F5E3C9902C98978C7640574DA, C61E50B04000DCEC72365723F0C0725C2E005529DAF2777A59E624C14DA29E55 ] vwififlt        C:\WINDOWS\system32\DRIVERS\vwififlt.sys
20:04:08.0350 0x1ec8  vwififlt - ok
20:04:08.0381 0x1ec8  [ 65ED7B9CFEA893DF7748D5FF692690DE, 73AB9D8BB928B3247BDFC7BB47AD7FCA763B375DC250C251DB4E0573531040E8 ] vwifimp         C:\WINDOWS\system32\DRIVERS\vwifimp.sys
20:04:08.0460 0x1ec8  vwifimp - ok
20:04:08.0569 0x1ec8  [ DC821E811EFBB65CDD77FBB8B6ECA385, B7C8AACDF81DBA298F2F384983D36B269876C31F0398D89BF9070217A069B96F ] W32Time         C:\WINDOWS\system32\w32time.dll
20:04:08.0663 0x1ec8  W32Time - ok
20:04:08.0694 0x1ec8  [ 0910AB9ED404C1434E2D0376C2AD5D8B, 62585CA5F1375BDA440D28D5DF1ADDC9DE3DDFA196D49BBFF3456A5A09EE1C6B ] WacomPen        C:\WINDOWS\System32\drivers\wacompen.sys
20:04:08.0756 0x1ec8  WacomPen - ok
20:04:08.0991 0x1ec8  [ A81988DCC4FA440AA88B84CA452F5E22, 3573AAA09971E8ADB6FEFA778E02B2D8EE5E4249267CF37A524D9F019CC836FB ] wbengine        C:\WINDOWS\system32\wbengine.exe
20:04:09.0053 0x1ec8  wbengine - ok
20:04:09.0163 0x1ec8  [ 0F1DFA2FED73FA78B8C3CDE332A870F6, 1089F6F585F5350D349A640EBD3117832DF6B3657EB6667CB00AE217E04ACA17 ] WbioSrvc        C:\WINDOWS\System32\wbiosrvc.dll
20:04:09.0256 0x1ec8  WbioSrvc - ok
20:04:09.0303 0x1ec8  [ 0EAEC313B24837613621B4A2536ED382, 61C194ED7FA7D65BBE61A546D5FCA52F52AB08324E084D3EC23C9706E9BF0175 ] Wcmsvc          C:\WINDOWS\System32\wcmsvc.dll
20:04:09.0335 0x1ec8  Wcmsvc - ok
20:04:09.0381 0x1ec8  [ F6B4C2280FF7C7156AC8A4687B9DA35E, 1899D584D7469BB49355D84080051E2575B033E6312009D9C6C1DD3F7F9AA4C5 ] wcncsvc         C:\WINDOWS\System32\wcncsvc.dll
20:04:09.0413 0x1ec8  wcncsvc - ok
20:04:09.0444 0x1ec8  [ B7BF1D783F5B2484E8CE1C0C78257F16, 468601199FCCF63DBAE86EE6B8825EA85B2A1EE177413353FFA2CC9CA5249FCD ] WcsPlugInService C:\WINDOWS\System32\WcsPlugInService.dll
20:04:09.0538 0x1ec8  WcsPlugInService - ok
20:04:09.0585 0x1ec8  [ 1751F6B031ADAC34724511057D2E455D, BCBC77DE02718868302F7469E8FBB8F2E7E0F8A5D3E46A5B4D48713E829FBAF6 ] WdBoot          C:\WINDOWS\system32\drivers\WdBoot.sys
20:04:09.0631 0x1ec8  WdBoot - ok
20:04:09.0772 0x1ec8  [ CB6C63FF8342B467E2EF76E98D5B934D, BE017CE91E3BAB293DE6ECF143797CCE3F33CC63024437472B4E38C6961AD884 ] Wdf01000        C:\WINDOWS\system32\drivers\Wdf01000.sys
20:04:09.0803 0x1ec8  Wdf01000 - ok
20:04:09.0835 0x1ec8  [ D296D0F0DB2CD1504F90405603664493, 9531034AE2E027B5C7366713AA9003085501800B35F971D1CE7FFB8E5DAE3825 ] WdFilter        C:\WINDOWS\system32\drivers\WdFilter.sys
20:04:09.0850 0x1ec8  WdFilter - ok
20:04:09.0897 0x1ec8  [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiServiceHost  C:\WINDOWS\system32\wdi.dll
20:04:09.0928 0x1ec8  WdiServiceHost - ok
20:04:09.0928 0x1ec8  [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiSystemHost   C:\WINDOWS\system32\wdi.dll
20:04:09.0944 0x1ec8  WdiSystemHost - ok
20:04:09.0975 0x1ec8  [ 9F4DF0043965808973023A9B51A11136, 3A799125CBC5C214D9FBB91C348B39563B1FDB7403B520270752E9A177464723 ] WdNisDrv        C:\WINDOWS\system32\Drivers\WdNisDrv.sys
20:04:09.0991 0x1ec8  WdNisDrv - ok
20:04:10.0053 0x1ec8  WdNisSvc - ok
20:04:10.0132 0x1ec8  [ 185E4111627F7AA6799E1366B5E91D65, 7A02C816DFBCCF47EDB49E5E2005A3D0B80719FAC94F9298D2DBAC63950EDA05 ] WebClient       C:\WINDOWS\System32\webclnt.dll
20:04:10.0194 0x1ec8  WebClient - ok
20:04:10.0257 0x1ec8  [ 384E1D04FE20845B2559D292F17A9FA1, AD3B0B2B2219691AC30FEEC8AFDB3BBB74B51BB7D02038AE2B4DEA514E245315 ] Wecsvc          C:\WINDOWS\system32\wecsvc.dll
20:04:10.0335 0x1ec8  Wecsvc - ok
20:04:10.0366 0x1ec8  [ 455014F4E48B67EBE0F032E2B0E06BF2, A36435784A034B27056A0E606683A20C69F1B0AB2B6BAEDEAEAA190F6287CAEF ] WEPHOSTSVC      C:\WINDOWS\system32\wephostsvc.dll
20:04:10.0397 0x1ec8  WEPHOSTSVC - ok
20:04:10.0444 0x1ec8  [ F13DBA57CEA9B7074B95EDCA6AD2635E, 1D9BA4841EF1343A5D9096B5FE27FC65DC1901D6683DD13516171638549666B5 ] wercplsupport   C:\WINDOWS\System32\wercplsupport.dll
20:04:10.0507 0x1ec8  wercplsupport - ok
20:04:10.0538 0x1ec8  [ FD7E58B6AA3EABF2D12B9762A20E11E4, 4C5E2E246C5C70074866BB3DBC2AAF483ECE4345004CCB8D1FE285047268685D ] WerSvc          C:\WINDOWS\System32\WerSvc.dll
20:04:10.0585 0x1ec8  WerSvc - ok
20:04:10.0632 0x1ec8  [ BAB713B409258DB7B5D9F9693F802B0E, C0D0391EC4FDC07E0A07F4EEB2DC9CC5B2BE5D2E292E7D01929E8D39D6F73EA5 ] WFPLWFS         C:\WINDOWS\system32\DRIVERS\wfplwfs.sys
20:04:10.0663 0x1ec8  WFPLWFS - ok
20:04:10.0710 0x1ec8  [ 8C840E1FD7584E74BD0CC1EA581EC187, 148E534A94B4882E7396B13FABE17407802292E7890713540080D03D5629C81D ] WiaRpc          C:\WINDOWS\System32\wiarpc.dll
20:04:10.0757 0x1ec8  WiaRpc - ok
20:04:10.0788 0x1ec8  [ 5F66B7BB330AA80067FC66149A692620, 92C5D7115A168A23108B65EEEB5FBA8FA43D781855355792596D2419160263C2 ] WIMMount        C:\WINDOWS\system32\drivers\wimmount.sys
20:04:10.0803 0x1ec8  WIMMount - ok
20:04:10.0803 0x1ec8  WinDefend - ok
20:04:10.0960 0x1ec8  [ 10DAD6A7FC617A221313BD584E3C3A00, F139B878668ECF38FE59831E8595A207D5CEEE76C6FFDA8C9F735435E601A763 ] WinHttpAutoProxySvc C:\WINDOWS\system32\winhttp.dll
20:04:11.0038 0x1ec8  WinHttpAutoProxySvc - ok
20:04:11.0147 0x1ec8  [ FC8BD690321216C32BB58B035B6D5674, D61698DB19D9DB2593B60B6BA13F7B7735667206F41D751D507135469D6D3CDD ] Winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
20:04:11.0241 0x1ec8  Winmgmt - ok
20:04:11.0741 0x1ec8  [ 75436315AA383CF527695C6D49D0CA59, E3D55F2ACBD45D4D031FA6CA799394459C89BE50FF6ADE4FE36F2CAB2D2E63D0 ] WinRM           C:\WINDOWS\system32\WsmSvc.dll
20:04:11.0819 0x1ec8  WinRM - ok
20:04:11.0866 0x1ec8  [ AC263C2F66405589528995AA41040599, 81B46E551D6130A2C3D113EC3B563CEDB5A06BB340986C0E03136CE5BE729481 ] WinUsb          C:\WINDOWS\System32\drivers\WinUsb.sys
20:04:11.0882 0x1ec8  WinUsb - ok
20:04:12.0132 0x1ec8  [ DC079BA8390089E4EBCA63D27EEA3ECB, 4D549217A68292E2B16C09FD9F84317011EE54A2DAF4E2AB85554267DF0D3249 ] WlanSvc         C:\WINDOWS\System32\wlansvc.dll
20:04:12.0241 0x1ec8  WlanSvc - ok
20:04:12.0444 0x1ec8  [ 06BF5897949A8F24893F792E876B71F5, 9D3719492A86BF52A56E2EA798FD6FDB5862A03F6D360FCC4B0CEA9BE9792AE4 ] wlidsvc         C:\WINDOWS\system32\wlidsvc.dll
20:04:12.0507 0x1ec8  wlidsvc - ok
20:04:12.0554 0x1ec8  [ 2834D9D3B4F554A39C72F00EA3F0E128, D10124343C67FE9A0B711AD569BB8080495FCEA0ECEF9AC3F3FBD6865F436A44 ] WmiAcpi         C:\WINDOWS\System32\drivers\wmiacpi.sys
20:04:12.0600 0x1ec8  WmiAcpi - ok
20:04:12.0694 0x1ec8  [ B96F7A1236C3F21212DE2C40A3DDB005, 5A29EBB6DA036E303611EB1304192655021405BB05452FD37886DDE604FF0D9D ] wmiApSrv        C:\WINDOWS\system32\wbem\WmiApSrv.exe
20:04:12.0725 0x1ec8  wmiApSrv - ok
20:04:12.0772 0x1ec8  WMPNetworkSvc - ok
20:04:12.0819 0x1ec8  [ 7FC5667DF73D4B04AA457CC3A4180E09, CB7B014945DCA16B6D120DBE0E5876C4C867A4ACD3C3536AEADC14B908613D4E ] Wof             C:\WINDOWS\system32\drivers\Wof.sys
20:04:12.0866 0x1ec8  Wof - ok
20:04:13.0069 0x1ec8  [ 588040D595BBF0856CA1ADD941A8ED17, CBC92BB5453FE1BEA6F33239B7CE884F312559591383408EA5F95A006156C5D3 ] workfolderssvc  C:\WINDOWS\system32\workfolderssvc.dll
20:04:13.0179 0x1ec8  workfolderssvc - ok
20:04:13.0225 0x1ec8  [ A2468CC3509394A33C4C32F99563D845, 62690C7D41F382DF74B8F4B942647842858E37DE35FF2DE028192E4D09ABB2C5 ] wpcfltr         C:\WINDOWS\system32\DRIVERS\wpcfltr.sys
20:04:13.0272 0x1ec8  wpcfltr - ok
20:04:13.0350 0x1ec8  [ 19F4DF69876DA7E9C4965351560FE6B7, 127247A7964F55EE3AF842D25120F5ACD387632BEE2BF3D28FAC05840CEA19BA ] WPCSvc          C:\WINDOWS\System32\wpcsvc.dll
20:04:13.0444 0x1ec8  WPCSvc - ok
20:04:13.0507 0x1ec8  [ 2ADE11F3D84709C5F6781E4C59F11683, F003C43396CF8FCF44EAB87583650DB4D2A233322D28D6A78D1694945D9073BB ] WPDBusEnum      C:\WINDOWS\system32\wpdbusenum.dll
20:04:13.0616 0x1ec8  WPDBusEnum - ok
20:04:13.0710 0x1ec8  [ 9F2904B55F6CECCD1A8D986B5CE2609A, E19ED4DD3CEF3A22C058FC324824604FB3FC98A029C94E6C2A3389F938D680B6 ] WpdUpFltr       C:\WINDOWS\system32\drivers\WpdUpFltr.sys
20:04:13.0757 0x1ec8  WpdUpFltr - ok
20:04:13.0788 0x1ec8  [ AE072B0339D0A18E455DC21666CAD572, AB1DAEA25E2C7AD610818D4B4783F6D4190D85EBB3963BBAD410E8CEA7899EDB ] ws2ifsl         C:\WINDOWS\system32\drivers\ws2ifsl.sys
20:04:13.0804 0x1ec8  ws2ifsl - ok
20:04:13.0929 0x1ec8  [ 5596C0960ED6ED7494BF2A55DE428684, C95CF09A657F37F421CC80E16F2F95B8EC59A8D5D48F104551155EAC8E53DCB2 ] wscsvc          C:\WINDOWS\System32\wscsvc.dll
20:04:14.0007 0x1ec8  wscsvc - ok
20:04:14.0022 0x1ec8  WSearch - ok
20:04:14.0272 0x1ec8  [ 6B2D71124C1EA86B74412F414C42431D, 078CC6C9667EF6BDA3E6900BC26A5A5B030CAA66928A6BBB7B7DC43C5C199EDC ] WSService       C:\WINDOWS\System32\WSService.dll
20:04:14.0475 0x1ec8  WSService - ok
20:04:14.0913 0x1ec8  [ 5F3D70B19BCAC985DA90F22CA2FF45E4, BBD82BAEF0DCA2C6361F8D1ADF5BED36D0F1AB1A2AEADB0E4526B917F40C2E52 ] wuauserv        C:\WINDOWS\system32\wuaueng.dll
20:04:15.0054 0x1ec8  wuauserv - ok
20:04:15.0101 0x1ec8  [ 481286719402E4BAEFEA0604AB1B5113, F3CF65DF2AB39F79AE4C1335831408418E40726706E0242677E8B96B0FAD988F ] WudfPf          C:\WINDOWS\system32\drivers\WudfPf.sys
20:04:15.0147 0x1ec8  WudfPf - ok
20:04:15.0194 0x1ec8  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFRd          C:\WINDOWS\System32\drivers\WUDFRd.sys
20:04:15.0226 0x1ec8  WUDFRd - ok
20:04:15.0288 0x1ec8  [ 51D28F7F1F888DDCF2C67DCF3B79A5D3, 74FF2936AFCEB9A36175D5B00EB91A5AD614B52BE3FB3FA9B994A025A484D2B7 ] wudfsvc         C:\WINDOWS\System32\WUDFSvc.dll
20:04:15.0319 0x1ec8  wudfsvc - ok
20:04:15.0335 0x1ec8  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdFs       C:\WINDOWS\System32\drivers\WUDFRd.sys
20:04:15.0351 0x1ec8  WUDFWpdFs - ok
20:04:15.0382 0x1ec8  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdMtp      C:\WINDOWS\System32\drivers\WUDFRd.sys
20:04:15.0397 0x1ec8  WUDFWpdMtp - ok
20:04:15.0554 0x1ec8  [ A0900F8F628B5AF6841414EB3CF11E50, 8A531F2472FF4B4D895D469D28C215C834ECADBEF539894B8F3F606079A86184 ] WwanSvc         C:\WINDOWS\System32\wwansvc.dll
20:04:15.0601 0x1ec8  WwanSvc - ok
20:04:16.0022 0x1ec8  [ 2AC426C57AC3D6A226D66E5A03223C90, 45AD44153D280E4066BA62260CE7733AC3DC23D59951BBCC0F8D4F5226F97203 ] ZeroConfigService C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
20:04:16.0116 0x1ec8  ZeroConfigService - ok
20:04:16.0132 0x1ec8  ================ Scan global ===============================
20:04:16.0179 0x1ec8  [ 243F54DBA6EB48A369CA465E263ABA4A, 9D9F9DE783D000F3EA130EB68FD71319F21E4F1CD4232FB8B2F8A9A67E08F5F4 ] C:\WINDOWS\system32\basesrv.dll
20:04:16.0272 0x1ec8  [ EAB311B0A7A8EA0346F14F08D4BC8F46, 11168E4074679F8A69DA714C0ABD0C68BA49D171B379343F14783C9C563202CA ] C:\WINDOWS\system32\winsrv.dll
20:04:16.0351 0x1ec8  [ 3600ED7EA8AED849E20700551C0BD63B, 4A8C346C1646E80B58EF93F87F915A41E05CA2E993BB1C96955AE62A0669AF66 ] C:\WINDOWS\system32\sxssrv.dll
20:04:16.0460 0x1ec8  [ E0C7813A97CA7947FF5C18A8F3B61A45, 083BB4F3B20419C87DB656F1465E5F782ACDE76838CDE6207F26AAD035C69DE0 ] C:\WINDOWS\system32\services.exe
20:04:16.0476 0x1ec8  [ Global ] - ok
20:04:16.0476 0x1ec8  ================ Scan MBR ==================================
20:04:16.0491 0x1ec8  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
20:04:16.0694 0x1ec8  \Device\Harddisk0\DR0 - ok
20:04:16.0694 0x1ec8  ================ Scan VBR ==================================
20:04:16.0710 0x1ec8  [ 4C49D53AA476855E3485C61A14C987D4 ] \Device\Harddisk0\DR0\Partition1
20:04:16.0788 0x1ec8  \Device\Harddisk0\DR0\Partition1 - ok
20:04:16.0804 0x1ec8  [ E96D4A28BD700A0B814FA233FD9C11E1 ] \Device\Harddisk0\DR0\Partition2
20:04:16.0898 0x1ec8  \Device\Harddisk0\DR0\Partition2 - ok
20:04:16.0929 0x1ec8  [ 3D0A13E45AFD71F8B59F7DB9F2549E3A ] \Device\Harddisk0\DR0\Partition3
20:04:16.0929 0x1ec8  \Device\Harddisk0\DR0\Partition3 - ok
20:04:16.0960 0x1ec8  [ 3AF665597E151921275445B1A2BEB24E ] \Device\Harddisk0\DR0\Partition4
20:04:17.0116 0x1ec8  \Device\Harddisk0\DR0\Partition4 - ok
20:04:17.0148 0x1ec8  [ 5DE80B69AD3F57738072843BF8A55C5F ] \Device\Harddisk0\DR0\Partition5
20:04:17.0241 0x1ec8  \Device\Harddisk0\DR0\Partition5 - ok
20:04:17.0288 0x1ec8  [ FE1DD004C2B6791DE4E15675F0E3C105 ] \Device\Harddisk0\DR0\Partition6
20:04:17.0304 0x1ec8  \Device\Harddisk0\DR0\Partition6 - ok
20:04:17.0382 0x1ec8  [ A809C9099632BF76C0564CB29E7D36AC ] \Device\Harddisk0\DR0\Partition7
20:04:17.0398 0x1ec8  \Device\Harddisk0\DR0\Partition7 - ok
20:04:17.0398 0x1ec8  ================ Scan generic autorun ======================
20:04:18.0851 0x1ec8  [ DB333A5F69B00A6B550901A5C854929F, 7CAB6D0D20CDE3AE41B06826C9045CC3E3438AB94BB3D9D5C0E50EEF3C41101F ] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
20:04:19.0132 0x1ec8  RTHDVCPL - ok
20:04:19.0460 0x1ec8  [ E9752E0CD9FB37612474B23973443FC9, B497B77BCC70A721D74DDE5551C0314D43FDAFE547D071C26750F0314128FCB8 ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
20:04:19.0507 0x1ec8  RtHDVBg - ok
20:04:19.0538 0x1ec8  [ E85BD90950497619C39D1F5068228CF4, BA5CD7035EC1ACDB214EB8D534B00EA409739DD2DDD01D92D98A1B3925FB428E ] C:\Windows\system32\igfxtray.exe
20:04:19.0569 0x1ec8  IgfxTray - ok
20:04:19.0569 0x1ec8  HotKeysCmds - ok
20:04:19.0585 0x1ec8  Persistence - ok
20:04:20.0273 0x1ec8  [ AC4FF112191B096061FFE1FDFACE89EB, FF0379F5CF2E3A9E2937DA82F777B06DCC1114FAF44C325047275392AA08DA90 ] c:\Program Files\Dell\QuickSet\QuickSet.exe
20:04:20.0476 0x1ec8  QuickSet - ok
20:04:20.0491 0x1ec8  IntelTBRunOnce - ok
20:04:20.0491 0x1ec8  BTMTrayAgent - ok
20:04:20.0491 0x1ec8  SynTPEnh - ok
20:04:20.0554 0x1ec8  [ 7BC5778BF0A2E87D3270DA11ECB5110A, 957FE93DC86DC3B0353787233BF2307EC446B5BA77F096024A7A45704C81A9CD ] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
20:04:20.0570 0x1ec8  IAStorIcon - ok
20:04:20.0945 0x1ec8  [ B9646FA4D1A66FE3402DB028A19904F5, 4B26375BC6AC8618E0A5ED9FEBE1ED5B601DFA8149AD226CA059B970774E2FA5 ] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
20:04:21.0007 0x1ec8  StartCCC - ok
20:04:21.0116 0x1ec8  [ 724CB7A116F7E1A67009D751BCF86586, F0C4BE7451C5573AD584F5EF125C0702841E30D928909B5B3EA702831EF2FD9B ] C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
20:04:21.0163 0x1ec8  CLMLServer_For_P2G8 - ok
20:04:21.0304 0x1ec8  [ 3A632F4EA3386DFEE9D8FDE68C34EFE0, 481B3732D47E3738F74C073CEA41CAD3AF64F702FD42ECCE6551B53AFDAE72AD ] C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe
20:04:21.0351 0x1ec8  CLVirtualDrive - ok
20:04:21.0445 0x1ec8  [ 9388FBA0B9985B18B3693A32B530A16B, F3C3DCDB4D66433EB33C7BA3BD1B8B80E8E67E6B3614DDF37EE77FEA143015B3 ] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
20:04:21.0476 0x1ec8  RemoteControl10 - ok
20:04:21.0476 0x1ec8  mcui_exe - ok
20:04:21.0616 0x1ec8  [ 5B6E8E09BE6401A7E022F52FDFCB2FF8, 471C556CF9405BBB380A8CEFE945C126B954B7C94F79CC72441B51F80141FC5E ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
20:04:21.0663 0x1ec8  SunJavaUpdateSched - ok
20:04:22.0163 0x1ec8  [ 65C6AA484AD2287D20541C7735989437, 1842787640391F4A4CD9ED0A531298A61F4B2FB09BEC98FEE256313AFB458EDB ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
20:04:22.0304 0x1ec8  AvastUI.exe - ok
20:04:22.0679 0x1ec8  [ F73154E180105822A5F9B755BA933737, 1CD775B6CE3736A70EC5FC7A6B77A2FEDA70D59B49A66046CC20B341005501D9 ] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
20:04:22.0804 0x1ec8  DAEMON Tools Lite - ok
20:04:22.0851 0x1ec8  Skype - ok
20:04:22.0945 0x1ec8  [ 6F94A57D1F05A1A68C33D49B6751C8C6, D37ADB69E8FB2209F6DBD9A55E67800AAED35973DE0830878C6177BDCC073676 ] C:\Windows\System32\StikyNot.exe
20:04:23.0070 0x1ec8  RESTART_STICKY_NOTES - ok
20:04:23.0070 0x1ec8  Waiting for KSN requests completion. In queue: 13
20:04:24.0085 0x1ec8  Waiting for KSN requests completion. In queue: 13
20:04:25.0101 0x1ec8  Waiting for KSN requests completion. In queue: 13
20:04:26.0148 0x1ec8  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.7.205.0 ), 0x60100 ( disabled : updated )
20:04:26.0148 0x1ec8  AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 10.2.2218.942 ), 0x41000 ( enabled : updated )
20:04:26.0179 0x1ec8  Win FW state via NFP2: enabled
20:04:28.0632 0x1ec8  ============================================================
20:04:28.0632 0x1ec8  Scan finished
20:04:28.0632 0x1ec8  ============================================================
20:04:28.0648 0x1e68  Detected object count: 1
20:04:28.0648 0x1e68  Actual detected object count: 1
20:05:49.0980 0x1e68  DellDigitalDelivery ( UnsignedFile.Multi.Generic ) - skipped by user
20:05:49.0980 0x1e68  DellDigitalDelivery ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:05:56.0746 0x10ac  Deinitialize success
         
die Suche mit dem anderen Tool blieb wieder ergebnislos.
__________________

Alt 23.06.2015, 12:04   #4
schrauber
/// the machine
/// TB-Ausbilder
 

avast erkennt bgbutton finished.png-passwortgeschützte Archive - Standard

avast erkennt bgbutton finished.png-passwortgeschützte Archive



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 23.06.2015, 17:05   #5
louis cyphre
 
avast erkennt bgbutton finished.png-passwortgeschützte Archive - Standard

avast erkennt bgbutton finished.png-passwortgeschützte Archive



Hallo,

Die jeweiligen logs

adcleaner
Code:
ATTFilter
# AdwCleaner v4.207 - Bericht erstellt 23/06/2015 um 17:38:25
# Aktualisiert 21/06/2015 von Xplode
# Datenbank : 2015-06-21.2 [Server]
# Betriebssystem : Windows 8.1  (x64)
# Benutzername : **** - MADI
# Gestarted von : C:\Users\****\Desktop\AdwCleaner_4.207.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\****\AppData\Roaming\RHEng

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\PIP

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17840


-\\ Mozilla Firefox v38.0.5 (x86 de)


-\\ Google Chrome v


*************************

AdwCleaner[R0].txt - [1982 Bytes] - [23/06/2015 17:30:21]
AdwCleaner[R1].txt - [2041 Bytes] - [23/06/2015 17:32:44]
AdwCleaner[R2].txt - [2100 Bytes] - [23/06/2015 17:37:04]
AdwCleaner[S0].txt - [1865 Bytes] - [23/06/2015 17:38:25]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1924  Bytes] ##########
         
JRT

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.0.9 (06.23.2015:1)
OS: Windows 8.1 x64
Ran by **** on 23.06.2015 at 17:47:49,09
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks

Successfully deleted: [Task] C:\WINDOWS\system32\tasks\PCDEventLauncherTask
Successfully deleted: [Task] C:\WINDOWS\system32\tasks\PCDoctorBackgroundMonitorTask



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] C:\ProgramData\pcdr
Successfully deleted: [Folder] C:\Users\****\appdata\local\crashrpt
Successfully deleted: [Folder] C:\Users\****\AppData\Roaming\pcdr



~~~ FireFox






~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23.06.2015 at 17:50:44,11
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

mbam
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 23.06.2015
Suchlauf-Zeit: 17:05:56
Logdatei: mbamlog.txt
Administrator: Ja

Version: 2.01.6.1022
Malware Datenbank: v2015.06.23.05
Rootkit Datenbank: v2015.06.22.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: ****

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 390990
Verstrichene Zeit: 18 Min, 49 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 0
(Keine schädliche Elemente gefunden)

Registrierungswerte: 0
(Keine schädliche Elemente gefunden)

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 0
(Keine schädliche Elemente gefunden)

Dateien: 4
PUP.Optional.Breitschopp, C:\Users\****\Downloads\anpfiff10-Downloader.exe, , [df42d3eb8307231388d3f90857afe020], 
PUP.Optional.Softonic.A, C:\Users\****\Downloads\SoftonicDownloader_fuer_turn-off-lcd.exe, , [849d11adb2d8152149f8223724dd02fe], 
PUP.Optional.Breitschopp, C:\Users\****\Downloads\fussballmanager-anpfiff2012-inklusive-saisondaten2013-2014-Downloader.exe, , [8e93942addadc175cd8e27da1de94cb4], 
PUP.Optional.OpenCandy.A, C:\Users\****\Downloads\winamp565_full_emusic-7plus_all.exe, , [0819b707fa904aec0da42a1ac937a15f], 

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)
         
und zu guter Letzt der frische FRST

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:21-06-2015 01
Ran by **** (administrator) on MADI on 23-06-2015 17:58:12
Running from C:\Users\****\Desktop
Loaded Profiles: **** (Available Profiles: ****)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6846096 2012-11-20] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1253520 2012-11-20] (Realtek Semiconductor)
HKLM\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe
HKLM\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5757328 2012-10-19] (Dell Inc.)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2796272 2013-11-22] (Synaptics Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-11-19] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642728 2012-10-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-04] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [143888 2012-06-01] (CyberLink Corp.)
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-20] (Avast Software s.r.o.)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3246641006-4039149904-3516313396-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-3246641006-4039149904-3516313396-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [28787840 2015-06-02] (Skype Technologies S.A.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-04-23] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3246641006-4039149904-3516313396-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell13.msn.com
HKU\S-1-5-21-3246641006-4039149904-3516313396-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-11-27] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-04-23] (Avast Software s.r.o.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-11-27] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-04-14] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-23] (Avast Software s.r.o.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-04-14] (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\7j1nc3sb.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-06-09] ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-11-27] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-11-27] (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-09] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-04-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-04-14] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll [2013-07-24] (Nullsoft, Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Extension: FlyOrDie Quick Java Installer - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\7j1nc3sb.default\Extensions\java@flyordie.com.xpi [2013-11-16]
FF Extension: Adblock Plus - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\7j1nc3sb.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-08-19]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-08-19]

Chrome: 
=======
CHR Profile: C:\Users\****\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-19]
CHR Extension: (Google Drive) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-19]
CHR Extension: (YouTube) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-19]
CHR Extension: (Google Search) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-19]
CHR Extension: (Google Wallet) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-08]
CHR Extension: (Gmail) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-19]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-23]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-23] (Avast Software s.r.o.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
S2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\OTBSurvey.exe [145288 2015-04-09] (Dell Inc.)
S2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2557136 2015-02-26] (Dell Inc.)
S2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201936 2015-02-26] (Dell Inc.)
S2 DellDigitalDelivery; c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [173056 2012-06-19] (Dell Products, LP.) [File not signed]
S2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [232152 2015-05-20] (Dell Inc.)
S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-21] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
S2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-25] ()
S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201872 2012-11-23] (Realtek Semiconductor)
S2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1914728 2012-09-12] (SoftThinks SAS)
S2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [19288 2015-04-10] (Dell Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2013-12-15] (Advanced Micro Devices, Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-04-23] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-04-23] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-04-23] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-04-23] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-04-23] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-04-23] (Avast Software s.r.o.)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-04-23] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-04-23] ()
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [857472 2012-08-29] (Motorola Solutions, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-01-31] (Dell Computer Corporation)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [23312 2015-01-31] (Dell Computer Corporation)
S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-25] (OSR Open Systems Resources, Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\Netwew00.sys [3345376 2013-10-08] (Intel Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [28040 2012-12-21] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2013-11-22] (Synaptics Incorporated)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-23 17:50 - 2015-06-23 17:50 - 00000969 _____ C:\Users\****\Desktop\JRT.txt
2015-06-23 17:47 - 2015-06-23 17:47 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-MADI-Windows-8.1-(64-bit).dat
2015-06-23 17:47 - 2015-06-23 17:47 - 00000000 ____D C:\RegBackup
2015-06-23 17:30 - 2015-06-23 17:38 - 00000000 ____D C:\AdwCleaner
2015-06-23 17:05 - 2015-06-23 17:05 - 00001120 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-06-23 17:05 - 2015-06-23 17:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-06-23 17:05 - 2015-06-23 17:05 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-06-23 17:05 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-06-23 17:05 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-06-23 17:03 - 2015-06-23 17:03 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\****\Desktop\mbam-setup-2.1.6.1022.exe
2015-06-23 16:57 - 2015-06-23 16:57 - 02951367 _____ (Malwarebytes Corporation) C:\Users\****\Desktop\JRT.exe
2015-06-23 16:56 - 2015-06-23 16:56 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\****\Desktop\mbam-setup-2.1.6.1022.exe.part
2015-06-23 16:56 - 2015-06-23 16:56 - 02244096 _____ C:\Users\****\Desktop\AdwCleaner_4.207.exe
2015-06-22 17:37 - 2015-06-23 17:05 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-06-22 17:37 - 2015-06-23 17:05 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-22 17:37 - 2015-06-22 20:49 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-06-22 17:35 - 2015-06-22 17:36 - 00000000 ____D C:\Users\****\Desktop\Neuer Ordner
2015-06-22 17:34 - 2015-06-22 20:49 - 00000000 ____D C:\Users\****\Desktop\mbar
2015-06-22 17:34 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-06-22 16:35 - 2015-06-22 16:36 - 00032530 _____ C:\Users\****\Desktop\Addition.txt
2015-06-22 16:34 - 2015-06-23 17:58 - 00014740 _____ C:\Users\****\Desktop\FRST.txt
2015-06-22 16:33 - 2015-06-23 17:58 - 00000000 ____D C:\FRST
2015-06-22 16:30 - 2015-06-22 16:31 - 02109952 _____ (Farbar) C:\Users\****\Desktop\FRST64.exe
2015-06-22 16:02 - 2015-06-22 16:02 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\****\Desktop\tdsskiller.exe
2015-06-21 21:07 - 2015-06-21 21:07 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2015-06-21 21:06 - 2015-06-21 21:06 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
2015-06-21 21:06 - 2015-06-21 21:06 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2015-06-21 21:06 - 2013-11-22 15:36 - 00540912 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\SynTP.sys
2015-06-21 21:06 - 2013-11-22 15:36 - 00402672 _____ (Synaptics Incorporated) C:\WINDOWS\SysWOW64\SynCom.dll
2015-06-21 21:06 - 2013-11-22 15:36 - 00254704 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynTPAPI.dll
2015-06-21 21:06 - 2013-11-22 15:36 - 00208112 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynTPCo20.dll
2015-06-21 21:06 - 2013-11-22 15:36 - 00031472 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_Intel.sys
2015-06-21 21:06 - 2013-04-16 18:33 - 01795952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01011.dll
2015-06-21 21:05 - 2013-08-05 21:20 - 00053248 _____ (Windows XP Bundled build C-Centric Single User) C:\WINDOWS\SysWOW64\CSVer.dll
2015-06-12 09:42 - 2015-06-12 09:42 - 00000000 ____D C:\Program Files (x86)\Dell Customer Connect
2015-06-12 09:35 - 2015-06-12 09:35 - 00000000 ____D C:\Program Files (x86)\Dell Update
2015-06-11 13:51 - 2015-05-25 15:23 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-06-11 13:51 - 2015-05-25 15:07 - 01430528 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-06-11 13:51 - 2015-04-16 08:17 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-06-11 13:51 - 2015-04-14 00:37 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2015-06-11 13:51 - 2015-04-14 00:34 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2015-06-11 13:51 - 2015-04-10 02:40 - 01249280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-06-11 13:51 - 2015-04-10 02:17 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-06-11 13:51 - 2015-04-09 00:41 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rgb9rast.dll
2015-06-11 13:51 - 2015-04-09 00:07 - 00410336 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-06-11 13:51 - 2015-04-02 00:42 - 03097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-06-11 13:51 - 2015-04-02 00:30 - 02483712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-06-11 13:51 - 2015-04-01 06:21 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2015-06-11 13:51 - 2015-04-01 06:18 - 00468480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2015-06-11 13:51 - 2015-04-01 06:17 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssphtb.dll
2015-06-11 13:51 - 2015-04-01 06:08 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2015-06-11 13:51 - 2015-04-01 05:46 - 03633664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2015-06-11 13:51 - 2015-04-01 05:17 - 02551808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2015-06-11 13:51 - 2015-04-01 05:17 - 00903168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2015-06-11 13:51 - 2015-04-01 04:53 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2015-06-11 13:51 - 2015-04-01 04:53 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2015-06-11 13:51 - 2015-04-01 04:45 - 02749952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2015-06-11 13:51 - 2015-04-01 04:45 - 00699392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2015-06-11 13:51 - 2015-04-01 04:14 - 01920000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2015-06-11 13:51 - 2015-04-01 04:12 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2015-06-11 13:51 - 2015-03-20 05:49 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2015-06-11 13:51 - 2015-03-20 05:08 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2015-06-11 13:51 - 2015-03-20 04:37 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2015-06-11 13:51 - 2015-03-20 04:07 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-06-11 13:51 - 2015-03-02 03:43 - 00222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastapi.dll
2015-06-11 13:51 - 2015-03-02 03:21 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastapi.dll
2015-06-10 16:32 - 2015-05-27 16:35 - 24917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-06-10 16:32 - 2015-05-27 16:08 - 19607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-06-10 16:32 - 2015-05-23 05:15 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-06-10 16:32 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-06-10 16:32 - 2015-05-23 05:10 - 02278912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-06-10 16:32 - 2015-05-23 05:05 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-06-10 16:32 - 2015-05-23 05:04 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2015-06-10 16:32 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-06-10 16:32 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-06-10 16:32 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-06-10 16:32 - 2015-05-23 04:47 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-06-10 16:32 - 2015-05-23 04:43 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-06-10 16:32 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-06-10 16:32 - 2015-05-23 04:38 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-06-10 16:32 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-06-10 16:32 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-06-10 16:32 - 2015-05-23 04:28 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-06-10 16:32 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-06-10 16:32 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-06-10 16:32 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-06-10 16:32 - 2015-05-22 21:00 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-06-10 16:32 - 2015-05-22 21:00 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-06-10 16:32 - 2015-05-22 21:00 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-06-10 16:32 - 2015-05-22 20:52 - 06026240 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-06-10 16:32 - 2015-05-22 20:48 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-06-10 16:32 - 2015-05-22 20:47 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-06-10 16:32 - 2015-05-22 20:47 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-06-10 16:32 - 2015-05-22 20:24 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-06-10 16:32 - 2015-05-22 20:23 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-06-10 16:32 - 2015-05-22 20:21 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-06-10 16:32 - 2015-05-22 20:15 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-06-10 16:32 - 2015-05-22 20:09 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-06-10 16:32 - 2015-05-22 20:08 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-06-10 16:32 - 2015-05-22 20:06 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-06-10 16:32 - 2015-05-22 20:05 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-06-10 16:32 - 2015-05-22 19:57 - 14404096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-06-10 16:32 - 2015-05-22 19:50 - 02426880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-06-10 16:32 - 2015-05-22 19:49 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-06-10 16:32 - 2015-05-22 19:38 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-06-10 16:32 - 2015-05-22 19:26 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-06-10 16:32 - 2015-05-21 18:47 - 04177920 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-06-10 16:32 - 2015-04-25 04:34 - 00653824 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2015-06-10 16:32 - 2015-04-25 04:33 - 00549888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2015-06-08 13:29 - 2015-06-08 13:31 - 00000000 ____D C:\Users\****\Documents\Heroes of the Storm
2015-06-08 13:28 - 2015-06-08 13:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm
2015-06-08 13:13 - 2015-06-18 23:19 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm
2015-06-08 13:11 - 2015-06-08 13:11 - 00000000 ____D C:\Users\****\AppData\Local\GWX
2015-06-05 14:50 - 2015-05-22 15:08 - 00700416 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-06-05 14:50 - 2015-05-21 15:08 - 01119232 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-06-05 14:50 - 2015-05-21 15:08 - 01020928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-06-05 14:50 - 2015-05-21 15:08 - 00756736 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-06-05 14:50 - 2015-05-21 15:08 - 00422912 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-06-05 14:50 - 2015-05-21 15:08 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2015-06-05 14:50 - 2015-05-21 15:08 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-06-05 14:50 - 2015-04-17 00:07 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-06-03 07:59 - 2015-06-13 17:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-02 22:51 - 2015-06-02 22:51 - 00018473 _____ C:\Users\****\Desktop\zeitformen.odt
2015-05-30 19:15 - 2015-05-31 15:56 - 00018985 _____ C:\Users\****\Desktop\finn.odt
2015-05-26 17:34 - 2015-05-27 22:58 - 00016011 _____ C:\Users\****\Desktop\Umschreiben_Mieter.odt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-23 17:55 - 2014-10-20 05:08 - 01714674 _____ C:\WINDOWS\WindowsUpdate.log
2015-06-23 17:54 - 2013-08-18 17:44 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3246641006-4039149904-3516313396-1001
2015-06-23 17:45 - 2013-03-18 06:25 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2015-06-23 17:43 - 2013-08-19 00:29 - 00000000 ____D C:\Users\****\AppData\Roaming\Skype
2015-06-23 17:40 - 2014-09-23 23:06 - 00158700 _____ C:\WINDOWS\PFRO.log
2015-06-23 17:40 - 2013-08-22 16:46 - 00307668 _____ C:\WINDOWS\setupact.log
2015-06-23 17:40 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-06-23 17:27 - 2015-04-13 10:34 - 00000000 ____D C:\Users\****\Desktop\écriture
2015-06-23 17:02 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-06-22 20:40 - 2013-08-18 17:59 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-06-22 19:58 - 2014-12-14 21:37 - 00000000 ____D C:\Users\****\AppData\Local\Battle.net
2015-06-22 09:16 - 2015-02-12 13:34 - 00000000 ____D C:\ProgramData\SupportAssistAgent
2015-06-21 21:11 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-06-21 21:07 - 2014-09-24 08:17 - 01780340 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-06-21 21:07 - 2014-09-24 07:43 - 00766620 _____ C:\WINDOWS\system32\perfh007.dat
2015-06-21 21:07 - 2014-09-24 07:43 - 00159902 _____ C:\WINDOWS\system32\perfc007.dat
2015-06-21 21:07 - 2013-03-18 06:12 - 00011608 _____ C:\WINDOWS\DPINST.LOG
2015-06-21 21:05 - 2014-10-20 04:38 - 00000000 ____D C:\Program Files (x86)\Intel
2015-06-21 21:04 - 2013-03-18 06:10 - 00000000 ____D C:\ProgramData\Dell
2015-06-21 21:01 - 2013-08-19 00:28 - 00000000 ____D C:\ProgramData\Skype
2015-06-21 10:22 - 2014-12-14 21:37 - 00000000 ____D C:\Program Files (x86)\Battle.net
2015-06-18 15:40 - 2013-08-18 17:42 - 00000000 ____D C:\Users\****\AppData\Local\softthinks
2015-06-16 21:55 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-06-16 15:10 - 2015-01-26 17:09 - 00000000 ____D C:\Users\****\Desktop\Tor Browser
2015-06-16 15:08 - 2013-10-02 19:57 - 00000000 ____D C:\Users\****\Documents\VirtualDJ
2015-06-15 23:36 - 2014-12-14 21:48 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2015-06-13 19:39 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache
2015-06-13 17:34 - 2013-08-22 16:44 - 00371640 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-06-13 17:33 - 2013-08-18 17:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-13 17:31 - 2015-04-17 12:30 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-06-13 17:31 - 2014-09-24 09:43 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-06-13 17:31 - 2013-08-22 17:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-06-13 17:31 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-06-13 15:39 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-06-13 15:38 - 2013-08-30 02:42 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-06-13 15:35 - 2013-08-30 02:42 - 140135120 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-06-12 09:42 - 2014-07-11 15:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2015-06-11 09:16 - 2015-02-12 13:34 - 00003900 _____ C:\WINDOWS\System32\Tasks\Dell SupportAssistAgent AutoUpdate
2015-06-09 19:40 - 2013-08-18 17:59 - 00003772 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-06-08 18:53 - 2015-04-13 10:36 - 00000000 ____D C:\Users\****\Desktop\avec plaisir
2015-06-08 13:29 - 2014-12-14 21:37 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2015-06-03 18:18 - 2015-04-17 17:44 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-06-03 18:18 - 2015-04-17 17:44 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-27 23:00 - 2013-10-02 20:33 - 00000000 ____D C:\Users\****\AppData\Roaming\Audacity
2015-05-25 14:49 - 2013-10-04 23:01 - 00000000 ____D C:\Users\****\Desktop\auda

==================== Files in the root of some directories =======

2015-05-19 14:57 - 2015-05-19 14:57 - 0000850 _____ () C:\Users\****\AppData\Local\recently-used.xbel
2013-11-10 19:44 - 2013-11-10 19:44 - 0007602 _____ () C:\Users\****\AppData\Local\Resmon.ResmonCfg
2013-03-18 06:21 - 2013-03-18 06:21 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2013-03-18 06:16 - 2013-03-18 06:18 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2013-03-18 06:18 - 2013-03-18 06:19 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2013-03-18 06:16 - 2013-03-18 06:16 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2013-03-18 06:19 - 2013-03-18 06:21 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log

Some files in TEMP:
====================
C:\Users\****\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\****\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\****\AppData\Local\Temp\Quarantine.exe
C:\Users\****\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\****\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\****\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-17 09:32

==================== End of log ============================
         
So das soll's gewesen sein.

LG Louis


Alt 24.06.2015, 08:52   #6
schrauber
/// the machine
/// TB-Ausbilder
 

avast erkennt bgbutton finished.png-passwortgeschützte Archive - Standard

avast erkennt bgbutton finished.png-passwortgeschützte Archive




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
--> avast erkennt bgbutton finished.png-passwortgeschützte Archive

Alt 26.06.2015, 18:21   #7
louis cyphre
 
avast erkennt bgbutton finished.png-passwortgeschützte Archive - Standard

avast erkennt bgbutton finished.png-passwortgeschützte Archive



Hallo,

also der eset erkennt noch ein problem/ bzw. eine unerwünschte datei.

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=11c8d9d94169614785c97036c25b0b03
# end=init
# utc_time=2015-06-24 04:48:21
# local_time=2015-06-24 06:48:21 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT 
Update Init
Update Download
Update Finalize
Updated modules version: 24482
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=11c8d9d94169614785c97036c25b0b03
# end=updated
# utc_time=2015-06-24 04:50:36
# local_time=2015-06-24 06:50:36 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT 
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=11c8d9d94169614785c97036c25b0b03
# engine=24482
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-06-24 05:59:29
# local_time=2015-06-24 07:59:29 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 71 95 94754 26762518 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 5389120 12251161 0 0
# scanned=181286
# found=1
# cleaned=0
# scan_time=4132
sh=1F93F5FE420B28E0C9E9161E81DDEB4F9C9DE449 ft=1 fh=c138ae358509f971 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\PhDä\AppData\Local\Temp\DMR\dmr_72.exe"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=11c8d9d94169614785c97036c25b0b03
# end=init
# utc_time=2015-06-25 01:43:30
# local_time=2015-06-25 03:43:30 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT 
Update Init
Update Download
Update Finalize
Updated modules version: 24494
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=11c8d9d94169614785c97036c25b0b03
# end=updated
# utc_time=2015-06-25 01:43:59
# local_time=2015-06-25 03:43:59 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT 
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=11c8d9d94169614785c97036c25b0b03
# engine=24494
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-06-25 03:19:01
# local_time=2015-06-25 05:19:01 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 71 95 171526 26839290 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 5465892 12327933 0 0
# scanned=253137
# found=1
# cleaned=0
# scan_time=5702
sh=1F93F5FE420B28E0C9E9161E81DDEB4F9C9DE449 ft=1 fh=c138ae358509f971 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\PhDä\AppData\Local\Temp\DMR\dmr_72.exe"
         
Code:
ATTFilter
 Results of screen317's Security Check version 1.004  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Windows Defender   
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Java 8 Update 45  
  Adobe Flash Player 	17.0.0.190 Flash Player out of Date!  
 Mozilla Firefox (38.0.5) 
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast avastui.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````
         
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:24-06-2015
Ran by **** (administrator) on MADI on 26-06-2015 19:15:57
Running from C:\Users\****\Desktop
Loaded Profiles: **** (Available Profiles: ****)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\OTBSurvey.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.4150\Agent.exe
(Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.5942\Battle.net.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssist\imstrayicon.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6846096 2012-11-20] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1253520 2012-11-20] (Realtek Semiconductor)
HKLM\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe
HKLM\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5757328 2012-10-19] (Dell Inc.)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2796272 2013-11-22] (Synaptics Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-11-19] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642728 2012-10-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-04] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [143888 2012-06-01] (CyberLink Corp.)
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-20] (Avast Software s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3246641006-4039149904-3516313396-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-3246641006-4039149904-3516313396-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [28787840 2015-06-02] (Skype Technologies S.A.)
HKU\S-1-5-21-3246641006-4039149904-3516313396-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [479744 2014-10-29] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-04-23] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3246641006-4039149904-3516313396-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell13.msn.com
HKU\S-1-5-21-3246641006-4039149904-3516313396-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-04-23] (Avast Software s.r.o.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-06-23] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-23] (Avast Software s.r.o.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-23] (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\7j1nc3sb.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_190.dll [2015-06-23] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_190.dll [2015-06-23] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-23] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll [2013-07-24] (Nullsoft, Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Extension: FlyOrDie Quick Java Installer - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\7j1nc3sb.default\Extensions\java@flyordie.com.xpi [2013-11-16]
FF Extension: Adblock Plus - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\7j1nc3sb.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-08-19]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-08-19]

Chrome: 
=======
CHR Profile: C:\Users\****\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-19]
CHR Extension: (Google Drive) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-19]
CHR Extension: (YouTube) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-19]
CHR Extension: (Google Search) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-19]
CHR Extension: (Google Wallet) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-08]
CHR Extension: (Gmail) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-19]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-23]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-23] (Avast Software s.r.o.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\OTBSurvey.exe [145288 2015-04-09] (Dell Inc.)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2557136 2015-02-26] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201936 2015-02-26] (Dell Inc.)
S2 DellDigitalDelivery; c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [173056 2012-06-19] (Dell Products, LP.) [File not signed]
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [232152 2015-05-20] (Dell Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-21] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-25] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201872 2012-11-23] (Realtek Semiconductor)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1914728 2012-09-12] (SoftThinks SAS)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [19288 2015-04-10] (Dell Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2013-12-15] (Advanced Micro Devices, Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-04-23] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-04-23] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-04-23] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-04-23] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-04-23] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-04-23] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-04-23] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-04-23] ()
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [857472 2012-08-29] (Motorola Solutions, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-01-31] (Dell Computer Corporation)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [23312 2015-01-31] (Dell Computer Corporation)
S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-25] (OSR Open Systems Resources, Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\Netwew00.sys [3345376 2013-10-08] (Intel Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [28040 2012-12-21] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2013-11-22] (Synaptics Incorporated)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-26 19:15 - 2015-06-26 19:15 - 00000000 ____D C:\Users\****\Desktop\FRST-OlderVersion
2015-06-26 19:09 - 2015-06-26 19:09 - 00852662 _____ C:\Users\****\Desktop\SecurityCheck.exe
2015-06-24 18:48 - 2015-06-24 18:48 - 00000000 ____D C:\Program Files (x86)\ESET
2015-06-24 18:46 - 2015-06-24 18:46 - 02870984 _____ (ESET) C:\Users\****\Desktop\esetsmartinstaller_deu.exe
2015-06-24 18:11 - 2015-06-24 18:11 - 00004020 _____ C:\WINDOWS\System32\Tasks\PCDoctorBackgroundMonitorTask
2015-06-24 18:04 - 2015-06-24 18:07 - 00000000 ____D C:\Users\****\AppData\Roaming\PCDr
2015-06-24 18:03 - 2015-06-24 18:09 - 00000000 ____D C:\ProgramData\PCDr
2015-06-24 18:03 - 2015-06-24 18:03 - 00003484 _____ C:\WINDOWS\System32\Tasks\PCDEventLauncherTask
2015-06-23 23:08 - 2015-06-23 23:07 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-06-23 23:07 - 2015-06-23 23:07 - 00000000 ____D C:\Program Files (x86)\Java
2015-06-23 17:50 - 2015-06-23 17:50 - 00000969 _____ C:\Users\****\Desktop\JRT.txt
2015-06-23 17:47 - 2015-06-23 17:47 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-MADI-Windows-8.1-(64-bit).dat
2015-06-23 17:47 - 2015-06-23 17:47 - 00000000 ____D C:\RegBackup
2015-06-23 17:30 - 2015-06-23 17:38 - 00000000 ____D C:\AdwCleaner
2015-06-23 17:05 - 2015-06-23 17:05 - 00001120 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-06-23 17:05 - 2015-06-23 17:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-06-23 17:05 - 2015-06-23 17:05 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-06-23 17:05 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-06-23 17:05 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-06-23 17:03 - 2015-06-23 17:03 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\****\Desktop\mbam-setup-2.1.6.1022.exe
2015-06-23 16:57 - 2015-06-23 16:57 - 02951367 _____ (Malwarebytes Corporation) C:\Users\****\Desktop\JRT.exe
2015-06-23 16:56 - 2015-06-23 16:56 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\****\Desktop\mbam-setup-2.1.6.1022.exe.part
2015-06-23 16:56 - 2015-06-23 16:56 - 02244096 _____ C:\Users\****\Desktop\AdwCleaner_4.207.exe
2015-06-22 17:37 - 2015-06-23 17:05 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-06-22 17:37 - 2015-06-23 17:05 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-22 17:37 - 2015-06-22 20:49 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-06-22 17:35 - 2015-06-22 17:36 - 00000000 ____D C:\Users\****\Desktop\Neuer Ordner
2015-06-22 17:34 - 2015-06-22 20:49 - 00000000 ____D C:\Users\****\Desktop\mbar
2015-06-22 17:34 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-06-22 16:35 - 2015-06-22 16:36 - 00032530 _____ C:\Users\****\Desktop\Addition.txt
2015-06-22 16:34 - 2015-06-26 19:15 - 00017506 _____ C:\Users\****\Desktop\FRST.txt
2015-06-22 16:33 - 2015-06-26 19:16 - 00000000 ____D C:\FRST
2015-06-22 16:30 - 2015-06-26 19:15 - 02112512 _____ (Farbar) C:\Users\****\Desktop\FRST64.exe
2015-06-22 16:02 - 2015-06-22 16:02 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\****\Desktop\tdsskiller.exe
2015-06-21 21:07 - 2015-06-21 21:07 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2015-06-21 21:06 - 2015-06-21 21:06 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
2015-06-21 21:06 - 2013-11-22 15:36 - 00540912 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\SynTP.sys
2015-06-21 21:06 - 2013-11-22 15:36 - 00402672 _____ (Synaptics Incorporated) C:\WINDOWS\SysWOW64\SynCom.dll
2015-06-21 21:06 - 2013-11-22 15:36 - 00254704 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynTPAPI.dll
2015-06-21 21:06 - 2013-11-22 15:36 - 00208112 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynTPCo20.dll
2015-06-21 21:06 - 2013-11-22 15:36 - 00031472 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_Intel.sys
2015-06-21 21:06 - 2013-04-16 18:33 - 01795952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01011.dll
2015-06-21 21:05 - 2013-08-05 21:20 - 00053248 _____ (Windows XP Bundled build C-Centric Single User) C:\WINDOWS\SysWOW64\CSVer.dll
2015-06-12 09:42 - 2015-06-12 09:42 - 00000000 ____D C:\Program Files (x86)\Dell Customer Connect
2015-06-12 09:35 - 2015-06-12 09:35 - 00000000 ____D C:\Program Files (x86)\Dell Update
2015-06-11 13:51 - 2015-05-25 15:23 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-06-11 13:51 - 2015-05-25 15:07 - 01430528 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-06-11 13:51 - 2015-04-16 08:17 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-06-11 13:51 - 2015-04-14 00:37 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2015-06-11 13:51 - 2015-04-14 00:34 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2015-06-11 13:51 - 2015-04-10 02:40 - 01249280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-06-11 13:51 - 2015-04-10 02:17 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-06-11 13:51 - 2015-04-09 00:41 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rgb9rast.dll
2015-06-11 13:51 - 2015-04-09 00:07 - 00410336 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-06-11 13:51 - 2015-04-02 00:42 - 03097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-06-11 13:51 - 2015-04-02 00:30 - 02483712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-06-11 13:51 - 2015-04-01 06:21 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2015-06-11 13:51 - 2015-04-01 06:18 - 00468480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2015-06-11 13:51 - 2015-04-01 06:17 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssphtb.dll
2015-06-11 13:51 - 2015-04-01 06:08 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2015-06-11 13:51 - 2015-04-01 05:46 - 03633664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2015-06-11 13:51 - 2015-04-01 05:17 - 02551808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2015-06-11 13:51 - 2015-04-01 05:17 - 00903168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2015-06-11 13:51 - 2015-04-01 04:53 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2015-06-11 13:51 - 2015-04-01 04:53 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2015-06-11 13:51 - 2015-04-01 04:45 - 02749952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2015-06-11 13:51 - 2015-04-01 04:45 - 00699392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2015-06-11 13:51 - 2015-04-01 04:14 - 01920000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2015-06-11 13:51 - 2015-04-01 04:12 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2015-06-11 13:51 - 2015-03-20 05:49 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2015-06-11 13:51 - 2015-03-20 05:08 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2015-06-11 13:51 - 2015-03-20 04:37 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2015-06-11 13:51 - 2015-03-20 04:07 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-06-11 13:51 - 2015-03-02 03:43 - 00222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastapi.dll
2015-06-11 13:51 - 2015-03-02 03:21 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastapi.dll
2015-06-10 16:32 - 2015-05-27 16:35 - 24917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-06-10 16:32 - 2015-05-27 16:08 - 19607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-06-10 16:32 - 2015-05-23 05:15 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-06-10 16:32 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-06-10 16:32 - 2015-05-23 05:10 - 02278912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-06-10 16:32 - 2015-05-23 05:05 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-06-10 16:32 - 2015-05-23 05:04 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2015-06-10 16:32 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-06-10 16:32 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-06-10 16:32 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-06-10 16:32 - 2015-05-23 04:47 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-06-10 16:32 - 2015-05-23 04:43 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-06-10 16:32 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-06-10 16:32 - 2015-05-23 04:38 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-06-10 16:32 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-06-10 16:32 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-06-10 16:32 - 2015-05-23 04:28 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-06-10 16:32 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-06-10 16:32 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-06-10 16:32 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-06-10 16:32 - 2015-05-22 21:00 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-06-10 16:32 - 2015-05-22 21:00 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-06-10 16:32 - 2015-05-22 21:00 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-06-10 16:32 - 2015-05-22 20:52 - 06026240 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-06-10 16:32 - 2015-05-22 20:48 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-06-10 16:32 - 2015-05-22 20:47 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-06-10 16:32 - 2015-05-22 20:47 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-06-10 16:32 - 2015-05-22 20:24 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-06-10 16:32 - 2015-05-22 20:23 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-06-10 16:32 - 2015-05-22 20:21 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-06-10 16:32 - 2015-05-22 20:15 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-06-10 16:32 - 2015-05-22 20:09 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-06-10 16:32 - 2015-05-22 20:08 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-06-10 16:32 - 2015-05-22 20:06 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-06-10 16:32 - 2015-05-22 20:05 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-06-10 16:32 - 2015-05-22 19:57 - 14404096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-06-10 16:32 - 2015-05-22 19:50 - 02426880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-06-10 16:32 - 2015-05-22 19:49 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-06-10 16:32 - 2015-05-22 19:38 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-06-10 16:32 - 2015-05-22 19:26 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-06-10 16:32 - 2015-05-21 18:47 - 04177920 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-06-10 16:32 - 2015-04-25 04:34 - 00653824 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2015-06-10 16:32 - 2015-04-25 04:33 - 00549888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2015-06-08 13:29 - 2015-06-08 13:31 - 00000000 ____D C:\Users\****\Documents\Heroes of the Storm
2015-06-08 13:28 - 2015-06-08 13:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm
2015-06-08 13:13 - 2015-06-18 23:19 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm
2015-06-08 13:11 - 2015-06-08 13:11 - 00000000 ____D C:\Users\****\AppData\Local\GWX
2015-06-05 14:50 - 2015-05-22 15:08 - 00700416 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-06-05 14:50 - 2015-05-21 15:08 - 01119232 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-06-05 14:50 - 2015-05-21 15:08 - 01020928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-06-05 14:50 - 2015-05-21 15:08 - 00756736 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-06-05 14:50 - 2015-05-21 15:08 - 00422912 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-06-05 14:50 - 2015-05-21 15:08 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2015-06-05 14:50 - 2015-05-21 15:08 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-06-05 14:50 - 2015-04-17 00:07 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-06-03 07:59 - 2015-06-13 17:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-02 22:51 - 2015-06-02 22:51 - 00018473 _____ C:\Users\****\Desktop\zeitformen.odt
2015-05-30 19:15 - 2015-05-31 15:56 - 00018985 _____ C:\Users\****\Desktop\finn.odt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-26 19:13 - 2014-10-20 05:08 - 01088397 _____ C:\WINDOWS\WindowsUpdate.log
2015-06-26 19:08 - 2013-08-19 00:29 - 00000000 ____D C:\Users\****\AppData\Roaming\Skype
2015-06-26 19:00 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-06-26 18:40 - 2013-08-18 17:59 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-06-26 16:09 - 2014-12-14 21:37 - 00000000 ____D C:\Users\****\AppData\Local\Battle.net
2015-06-25 17:19 - 2013-08-18 17:44 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3246641006-4039149904-3516313396-1001
2015-06-25 15:46 - 2015-05-18 22:49 - 00003886 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-06-25 15:37 - 2013-03-18 06:25 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2015-06-24 18:39 - 2013-08-22 16:46 - 00307745 _____ C:\WINDOWS\setupact.log
2015-06-24 18:39 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-06-24 18:38 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-06-24 18:38 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-06-24 18:10 - 2015-03-31 20:10 - 00000000 ____D C:\Program Files\Dell Support Center
2015-06-24 18:10 - 2014-07-11 15:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2015-06-23 23:08 - 2013-11-27 21:28 - 00000000 ____D C:\ProgramData\Oracle
2015-06-23 23:07 - 2013-11-16 00:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-06-23 18:40 - 2013-08-18 17:59 - 00003772 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-06-23 17:40 - 2014-09-23 23:06 - 00158700 _____ C:\WINDOWS\PFRO.log
2015-06-23 17:27 - 2015-04-13 10:34 - 00000000 ____D C:\Users\****\Desktop\écriture
2015-06-22 09:16 - 2015-02-12 13:34 - 00000000 ____D C:\ProgramData\SupportAssistAgent
2015-06-21 21:11 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-06-21 21:07 - 2014-09-24 08:17 - 01780340 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-06-21 21:07 - 2014-09-24 07:43 - 00766620 _____ C:\WINDOWS\system32\perfh007.dat
2015-06-21 21:07 - 2014-09-24 07:43 - 00159902 _____ C:\WINDOWS\system32\perfc007.dat
2015-06-21 21:07 - 2013-03-18 06:12 - 00011608 _____ C:\WINDOWS\DPINST.LOG
2015-06-21 21:05 - 2014-10-20 04:38 - 00000000 ____D C:\Program Files (x86)\Intel
2015-06-21 21:04 - 2013-03-18 06:10 - 00000000 ____D C:\ProgramData\Dell
2015-06-21 21:01 - 2013-08-19 00:28 - 00000000 ____D C:\ProgramData\Skype
2015-06-21 10:22 - 2014-12-14 21:37 - 00000000 ____D C:\Program Files (x86)\Battle.net
2015-06-20 05:02 - 2015-04-17 17:44 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-06-20 05:02 - 2015-04-17 17:44 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-18 15:40 - 2013-08-18 17:42 - 00000000 ____D C:\Users\****\AppData\Local\softthinks
2015-06-16 15:10 - 2015-01-26 17:09 - 00000000 ____D C:\Users\****\Desktop\Tor Browser
2015-06-16 15:08 - 2013-10-02 19:57 - 00000000 ____D C:\Users\****\Documents\VirtualDJ
2015-06-15 23:36 - 2014-12-14 21:48 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2015-06-13 19:39 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache
2015-06-13 17:34 - 2013-08-22 16:44 - 00371640 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-06-13 17:33 - 2013-08-18 17:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-13 17:31 - 2015-04-17 12:30 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-06-13 17:31 - 2014-09-24 09:43 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-06-13 17:31 - 2013-08-22 17:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-06-13 17:31 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-06-13 15:38 - 2013-08-30 02:42 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-06-13 15:35 - 2013-08-30 02:42 - 140135120 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-06-11 09:16 - 2015-02-12 13:34 - 00003900 _____ C:\WINDOWS\System32\Tasks\Dell SupportAssistAgent AutoUpdate
2015-06-08 18:53 - 2015-04-13 10:36 - 00000000 ____D C:\Users\****\Desktop\avec plaisir
2015-06-08 13:29 - 2014-12-14 21:37 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2015-05-27 23:00 - 2013-10-02 20:33 - 00000000 ____D C:\Users\****\AppData\Roaming\Audacity
2015-05-27 22:58 - 2015-05-26 17:34 - 00016011 _____ C:\Users\****\Desktop\Umschreiben_Mieter.odt

==================== Files in the root of some directories =======

2015-05-19 14:57 - 2015-05-19 14:57 - 0000850 _____ () C:\Users\****\AppData\Local\recently-used.xbel
2013-11-10 19:44 - 2013-11-10 19:44 - 0007602 _____ () C:\Users\****\AppData\Local\Resmon.ResmonCfg
2013-03-18 06:21 - 2013-03-18 06:21 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2013-03-18 06:16 - 2013-03-18 06:18 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2013-03-18 06:18 - 2013-03-18 06:19 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2013-03-18 06:16 - 2013-03-18 06:16 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2013-03-18 06:19 - 2013-03-18 06:21 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log

Some files in TEMP:
====================
C:\Users\****\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\****\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\****\AppData\Local\Temp\Quarantine.exe
C:\Users\****\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\****\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\****\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-25 17:19

==================== End of log ============================
         
was sagst du?

LG Louis

Alt 27.06.2015, 08:39   #8
schrauber
/// the machine
/// TB-Ausbilder
 

avast erkennt bgbutton finished.png-passwortgeschützte Archive - Standard

avast erkennt bgbutton finished.png-passwortgeschützte Archive



Das ist nur ein Fund in den Temps. Flash Player updaten.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
Emptytemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.





Bemerkst Du noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 27.06.2015, 14:34   #9
louis cyphre
 
avast erkennt bgbutton finished.png-passwortgeschützte Archive - Standard

avast erkennt bgbutton finished.png-passwortgeschützte Archive



Hallo,

also hier die fixlist.
Es läuft an und für sich alles wieder ganz gut.

Code:
ATTFilter
Fix result of Farbar Recovery Scan Tool (x64) Version:24-06-2015
Ran by **** at 2015-06-27 15:20:31 Run:2
Running from C:\Users\****\Desktop
Loaded Profiles: **** (Available Profiles: ****)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Emptytemp:
*****************

EmptyTemp: => 497.4 MB temporary data Removed.


The system needed a reboot.. 

==== End of Fixlog 15:21:01 ====
         
Was sagst du?

tausend Dank schonmal für deine Hilfe.
LG Louis

Alt 28.06.2015, 12:10   #10
schrauber
/// the machine
/// TB-Ausbilder
 

avast erkennt bgbutton finished.png-passwortgeschützte Archive - Standard

avast erkennt bgbutton finished.png-passwortgeschützte Archive



fertig


Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

Falls Combofix verwendet wurde:
Combofix deinstallieren
  • Wichtig: Bitte Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.
  • Drücke bitte die + R Taste und schreibe Combofix /Uninstall in das Ausführen-Fenster.
  • Klicke auf OK.
    Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert.
  • Nun die eben deaktivierten Programme wieder aktivieren.

Alle Logs gepostet? Dann lade Dir bitte DelFix herunter.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...und/oder das Forum mit einer kleinen Spende unterstützen.


Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:

Browser
Java
Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank.
Meine Empfehlung:

Emsisoft

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:
NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.
Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.


Lade Software von einem sauberen Portal wie .
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner .


Abschließend noch ein paar grundsätzliche Bemerkungen:
Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 30.06.2015, 19:32   #11
louis cyphre
 
avast erkennt bgbutton finished.png-passwortgeschützte Archive - Standard

avast erkennt bgbutton finished.png-passwortgeschützte Archive



Alles klar. tausend Dank für deine Hilfe, hat wirklich super funktioniert.

Alt 01.07.2015, 10:38   #12
schrauber
/// the machine
/// TB-Ausbilder
 

avast erkennt bgbutton finished.png-passwortgeschützte Archive - Standard

avast erkennt bgbutton finished.png-passwortgeschützte Archive



Gern Geschehen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu avast erkennt bgbutton finished.png-passwortgeschützte Archive
adware, antivirus, browser, computer, converter, cpu, failed, firefox, flash player, google, home, installation, kaspersky, mozilla, mp3, programm, realtek, registry, rundll, services.exe, software, svchost.exe, udp, windows, windows xp



Ähnliche Themen: avast erkennt bgbutton finished.png-passwortgeschützte Archive


  1. Passwortgeschützte Archive von Bitfender gefunden
    Log-Analyse und Auswertung - 11.10.2015 (1)
  2. dns probe finished nxdomain bei WIN 10 Was tun ?
    Plagegeister aller Art und deren Bekämpfung - 07.10.2015 (7)
  3. Avast erkennt Malware Prozess:prgramme32/svchost.exe
    Plagegeister aller Art und deren Bekämpfung - 16.07.2015 (8)
  4. Avast erkennt kennwortgeschützte Archive (\bgbutton.png) Virus,Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 06.02.2015 (13)
  5. Windows 7: Avast erkennt Viren in Java Datei
    Log-Analyse und Auswertung - 07.02.2014 (11)
  6. Windows 7: Avast erkennt Win32:Evo-gen im Steam Ordner - Fehlalarm oder nicht?
    Log-Analyse und Auswertung - 13.01.2014 (7)
  7. avast erkennt eine datei im scan ordner von windows defender als trojaner. mbam nicht. fehlmeldung?
    Plagegeister aller Art und deren Bekämpfung - 17.11.2013 (5)
  8. Bitdefender: Passwortgeschützte Objekte sind nicht zu finden
    Log-Analyse und Auswertung - 11.02.2013 (49)
  9. AVAST! erkennt GVU Trojaner NICHT
    Antiviren-, Firewall- und andere Schutzprogramme - 22.12.2012 (19)
  10. Avast erkennt eigene Logdatei als Virus?
    Antiviren-, Firewall- und andere Schutzprogramme - 28.06.2012 (2)
  11. Avast: Kennwortgeschützte Archive
    Antiviren-, Firewall- und andere Schutzprogramme - 22.04.2012 (6)
  12. Avast erkennt 57018be4.sys immer wieder als virus
    Log-Analyse und Auswertung - 08.04.2009 (1)
  13. Outlook Archive
    Alles rund um Windows - 24.05.2006 (1)
  14. Avast erkennt Panda als virus !!!
    Plagegeister aller Art und deren Bekämpfung - 06.10.2005 (4)
  15. Avast erkennt Panda als virus !!!
    Mülltonne - 06.10.2005 (1)
  16. Kaspersky + Passwortgeschützte viren?
    Plagegeister aller Art und deren Bekämpfung - 09.04.2005 (1)
  17. KAV scannt passwortgeschützte ZIP-Archive!?!
    Antiviren-, Firewall- und andere Schutzprogramme - 03.03.2004 (3)

Zum Thema avast erkennt bgbutton finished.png-passwortgeschützte Archive - Hallo, Aufgrund einer erheblichen Verlangsamung meines Systems hab ich ein vollständigen Scan durchgeführt, welcher 2 bgbutton finished.png Datein als passwortgeschützte Archive gemeldet hat. FRST- Scan Code: Alles auswählen Aufklappen ATTFilter - avast erkennt bgbutton finished.png-passwortgeschützte Archive...
Archiv
Du betrachtest: avast erkennt bgbutton finished.png-passwortgeschützte Archive auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.