Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Win8.1 hat 4 Viren:GenericPOP.x , TR/Dropper.MSIL.Gen,ADWARE.Gen7 und Artemis..

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 23.06.2015, 21:49   #1
H4VPHKARU
 
Win8.1 hat 4 Viren:GenericPOP.x , TR/Dropper.MSIL.Gen,ADWARE.Gen7 und Artemis.. - Standard

Win8.1 hat 4 Viren:GenericPOP.x , TR/Dropper.MSIL.Gen,ADWARE.Gen7 und Artemis..



Hallo,
Mein Avira Antivirus fand 4 Viren auf meinen Win8.1 Pc am 17.06.2015,die Namen der Viren sind; GenericPOP.x , TR/Dropper.MSIL.Gen,ADWARE.Gen7, Artemis!4FBA8E1ECB31.Ich ging nach einer Anleitung im Internet und benutzte die Programme Adwcleaner, Junkware Removal Tool und Malwarebytes ,allerdings traute ich Mich nicht an den letzten Schritt ,wo man in Safe Mode die Viren finden sollte . Ich habe nicht begriffen wie man die Viren nun findet ..
Nun installierte ich noch auf eigene Faust Malwarebytes Anti-Rootkit
mit einigen Funden und seitdem ist Ruhe .Ich habe angst das Internet wieder anzuschalten ,aber sonst laeuft alles bestens mit wirklich minimaler Verlangsammung des Pc's ,es werden
keine viren mehr gefunden ,trotzdem sind sie wohl noch da .
ich habe alle logfiles,doch musste GMER ueberspringen, ansonsten ist alles da !

Die zwei Zip datein sind bei Angehaengte Datein ,ich weiss nicht wie man den Rest loescht.

Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 19:50 on 23/06/2015 (Hikaru)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
FRST Additions Logfile:
Code:
ATTFilter
Additional
FRST Logfile:
Code:
ATTFilter
scan result of Farbar Recovery Scan Tool (x64) Version:21-06-2015 01
Ran by Hikaru at 2015-06-23 19:58:01
Running from C:\Users\Hikaru\Downloads\trojaner board
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-239342230-206131414-3666733320-500 - Administrator - Disabled)
Gast (S-1-5-21-239342230-206131414-3666733320-501 - Limited - Disabled)
Hikaru (S-1-5-21-239342230-206131414-3666733320-1002 - Administrator - Enabled) => C:\Users\Hikaru

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.144 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.160 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{3B367DD2-6E0F-ADBE-4510-5DD3F3B9D92A}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.11.574 - Avira Operations GmbH & Co. KG)
BEACON (HKLM-x32\...\{259BF8E7-28DB-461F-8D7F-7B6E267D2502}_is1) (Version: 1.4.0509.0 - Lenovo Inc.)
CLIP STUDIO PAINT (HKLM-x32\...\{E4F184C1-E62E-44F0-B142-AB6197490834}) (Version: 1.3.8 - CELSYS)
Content (x32 Version: 1.00.0000 - Your Company Name) Hidden
Corel Painter 11 - ICA (x32 Version: 11.0 - Corel Corporation) Hidden
Corel Painter 11 - IPM (x32 Version: 011 - Corel Corporation) Hidden
Corel Painter 11 (HKLM-x32\...\_{5B51BB5F-4E7C-4275-A653-E98534E9C1D2}) (Version:  - Corel Corporation)
Corel Painter 11 (x32 Version: 11.0 - Corel Corporation) Hidden
CyberLink MediaStory (HKLM-x32\...\InstallShield_{55762F9A-FCE3-45d5-817B-051218658423}) (Version: 1.0.1602 - CyberLink Corp.)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
Dependency Package Update (Version: 1.6.25.00 - Lenovo Inc.) Hidden
Dependency Package Update (Version: 1.6.29.00 - Lenovo Inc.) Hidden
Dependency Package Update (Version: 1.6.36.00 - Lenovo Inc.) Hidden
Die Sims 2 (HKLM-x32\...\{6E7DD182-9FC6-4651-0095-2E666CC6AF35}) (Version:  - )
Driver & Application Installation (HKLM-x32\...\{BFECCF2A-F094-4066-8BFA-29CCBB7F6602}) (Version: 6.13.0621 - Lenovo)
FamilySafetyGuide (HKLM-x32\...\{9A268503-5AB0-479E-9690-929BDEC55C00}) (Version: 1.00.0711 - lenovo)
Hightail for Lenovo (HKLM\...\{2F10E937-F6D7-4174-8AB9-B299E8FC5CEC}) (Version: 2.4.97.2751 - Hightail, Inc.)
HP Deskjet 2540 series - Grundlegende Software für das Gerät (HKLM\...\{6D7FCC52-8DDA-441C-849A-4BB7C7E3BF2E}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
HP Deskjet 2540 series Hilfe (HKLM-x32\...\{B3E5B153-CC4B-40F2-9802-288B0AF2A966}) (Version: 30.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
IconHandler 32 bit (x32 Version: 2.0 - Corel Corporation) Hidden
IconHandler 64 bit (Version: 2.0 - Corel Corporation) Hidden
Langauge (x32 Version: 1.00.0000 - Your Company Name) Hidden
Lenovo Assistant (HKLM-x32\...\{B2DE4F30-B8C7-49C0-85B9-2F37A5290F00}) (Version: 2.0.0.29 - Lenovo)
Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.6.13.0724 - Lenovo)
Lenovo Browser Guard (HKLM-x32\...\LenovoBrowserGuard) (Version: 2.16.60.37 - ClientConnect LTD) <==== ATTENTION
Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.25.00 - Lenovo Group Limited)
Lenovo Experience Improvement (HKLM\...\LenovoExperienceImprovement) (Version: 1.0.19.0 - Lenovo)
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.7 - CEWE COLOR AG u Co. OHG)
Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.7408 - CyberLink Corp.)
Lenovo Power2Go (x32 Version: 6.0.7408 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5723.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.5723.52 - CyberLink Corp.) Hidden
Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.1901 - CyberLink Corp.)
Lenovo Rescue System (Version: 4.0.0.1901 - CyberLink Corp.) Hidden
Lenovo SHAREit (HKLM-x32\...\Lenovo SHAREit_is1) (Version: 1.0.11.0 - Lenovo Group Limited)
Lenovo Solution Center (HKLM\...\{1CA74803-5CB2-4C03-BDBE-061EDC81CC7F}) (Version: 2.8.004.00 - Lenovo Group Limited)
LVT (HKLM-x32\...\{9E3469A6-443A-452C-BF44-8D7CE3A9A7E2}) (Version: 5.00.0914 - Lenovo)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
McAfee LiveSafe – Internet Security (HKLM-x32\...\MSC) (Version: 14.0.1029 - McAfee, Inc.)
Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Nitro Pro 9 (HKLM\...\{237990BC-415C-4CE8-B279-37892516D9F2}) (Version: 9.0.6.20 - Nitro)
PDF24 Creator 6.5.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.39054 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7106 - Realtek Semiconductor Corp.)
Setup (HKLM-x32\...\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}) (Version:  - )
Studie zur Verbesserung von HP Deskjet 2540 series (HKLM\...\{E1949FF0-9835-41AC-81E4-E6D9CDCBE49E}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

21-06-2015 12:22:52 Geplanter Prüfpunkt

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01A7284B-3E31-42E2-97A5-67AEEC918158} - \Emaenxsu No Task File <==== ATTENTION
Task: {07C46A96-D7B7-4CF2-BF1C-206E5575C72A} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {14741805-5D43-4A23-A500-70A1589D4184} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {190FFCA9-85C7-41E1-AC00-D0B049212C89} - \Winsta Update No Task File <==== ATTENTION
Task: {3B2DAE9D-6692-47F9-B0CB-267FD607CDAD} - System32\Tasks\HPCustParticipation HP Deskjet 2540 series => C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPCustPartic.exe [2013-08-13] (Hewlett-Packard Co.)
Task: {43032A1F-1912-474D-B219-70ECF3E41D57} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {45DA55EA-769E-4134-B2E0-498F33E307BA} - System32\Tasks\OFFICE2013ACT => C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs [2012-03-08] ()
Task: {4CD8EF42-014C-431C-B40B-52AE61986C4E} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe [2014-05-21] ()
Task: {7850D162-919D-4A85-9C1F-7B9C54565ABB} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {78E05431-1107-4FDF-8081-960AED57E308} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-06] (Microsoft Corporation)
Task: {8B4FACFD-472C-46C5-AE39-2C9D6B3F1367} - System32\Tasks\Lenovo\LSC\LSCTaskService => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCTaskService.exe [2015-03-09] (Lenovo)
Task: {944EC7A6-A629-4835-9DF6-C1844F6CDD7E} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2015-03-09] ()
Task: {999E23E7-DD91-4BB1-A7A1-BEC45DB79596} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {9E46E803-4A0E-4C95-B336-3DFA9688CF43} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {A738AFB9-328A-459E-9D9B-59E4BD0E5AD7} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo)
Task: {A92E79B0-FE62-4F50-A80C-E3F722FFDDE0} - System32\Tasks\Lenovo\Experience Improvement => C:\Program Files\Lenovo\ExperienceImprovement\LenovoExperienceImprovement.exe [2015-06-11] (Lenovo)
Task: {C28480F3-F0FB-4DA8-B5B2-10D75ACB7FBE} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {C8786A9E-5F94-4D87-B17E-D85DBC65A838} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-03-07] (Adobe Systems Incorporated)
Task: {CF1C55DF-98C9-4966-86DB-67519D498B3D} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-12] (Adobe Systems Incorporated)
Task: {CFF6D8EF-56A6-44CC-AB7F-B17830FFDBF6} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {E1571395-D58C-49AB-A0DF-4649E024EC17} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-05-27] (Microsoft Corporation)
Task: {E866D120-2739-4966-834F-7DD037EBE9CB} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattel\DiagTrackRunner.exe [2015-03-16] (Microsoft Corporation)
Task: {F028ECE7-B884-477B-9363-A39D281322E9} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Time-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (Whitelisted) ==============

2014-09-25 00:36 - 2011-08-16 20:46 - 00032768 _____ () C:\Windows\jmesoft\Service.exe
2014-09-25 00:51 - 2013-05-14 20:53 - 00390632 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2014-09-25 00:36 - 2011-08-16 20:46 - 00024576 _____ () C:\Windows\jmesoft\JME_LOAD.exe
2014-04-02 04:47 - 2014-04-02 04:47 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-05-21 18:29 - 2014-05-21 18:29 - 00033536 _____ () C:\Program Files\Lenovo\iMController\AutoUpdate.exe
2014-09-25 00:36 - 2011-05-17 13:27 - 00028672 _____ () C:\Windows\jmesoft\hidhook.dll
2009-12-04 16:59 - 2009-12-04 16:59 - 00619816 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll
2009-12-04 17:04 - 2009-12-04 17:04 - 00013096 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\Hikaru\OneDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-239342230-206131414-3666733320-1002\Control Panel\Desktop\\Wallpaper -> E:\p-es lohnt sich\manga\my anime clip\woah!.jpg
HKU\S-1-5-21-239342230-206131414-3666733320-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> E:\p-es lohnt sich\manga\my anime clip\woah!.jpg
HKU\S-1-5-21-239342230-206131414-3666733320-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Control Panel\Desktop\\Wallpaper -> E:\p-es lohnt sich\manga\my anime clip\woah!.jpg
HKU\S-1-5-21-239342230-206131414-3666733320-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Control Panel\Desktop\\Wallpaper -> E:\p-es lohnt sich\manga\my anime clip\woah!.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{05804A18-B410-462F-BFB6-5C779B59475F}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{71113D8F-B56B-43BF-8824-037E61A53747}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{1E1D15FF-4D5B-4EF4-BBCF-EC71C0F86424}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{3557079B-C9EC-4511-87BC-D058F1A138B1}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{F2E8AB92-3E7D-444E-8323-07D2CD4E5F3C}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{0A1E8F1D-AD34-445E-BE66-18C60131318A}] => (Allow) C:\Program Files (x86)\lenovo\SHAREit\SHAREit.exe
FirewallRules: [{C6C61864-C1F7-4B26-A1B7-FB80D7C895E1}] => (Allow) C:\Program Files (x86)\lenovo\SHAREit\SHAREit.exe
FirewallRules: [{A414C907-CF5F-4532-9982-D8F0677E24D1}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\DeviceSetup.exe
FirewallRules: [{CEDC01ED-A510-4C04-B063-CA12B4C93B19}] => (Allow) LPort=5357
FirewallRules: [{EA9FFA53-1F69-4F3F-999B-47653B7FD586}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{62923A26-3354-4756-8D2A-116BDDFCD275}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{B8BE5CBC-1DB2-43D3-AA2F-6E3FC87F3447}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{8C71827F-0F8B-437A-9D01-A1ED3C17BB67}] => (Allow) C:\Users\Hikaru\AppData\Local\BoBrowser\Application\bobrowser.exe
FirewallRules: [{4F179252-BEA9-442B-A821-E035B478046A}] => (Allow) C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/23/2015 07:56:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: GWXUX.exe, Version: 6.3.9600.17813, Zeitstempel: 0x554a15f3
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17736, Zeitstempel: 0x550f4336
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000003d85e
ID des fehlerhaften Prozesses: 0xc34
Startzeit der fehlerhaften Anwendung: 0xGWXUX.exe0
Pfad der fehlerhaften Anwendung: GWXUX.exe1
Pfad des fehlerhaften Moduls: GWXUX.exe2
Berichtskennung: GWXUX.exe3
Vollständiger Name des fehlerhaften Pakets: GWXUX.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: GWXUX.exe5

Error: (06/22/2015 11:36:32 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description: 

Error: (06/22/2015 10:40:19 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description: 

Error: (06/22/2015 10:35:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: GWXUX.exe, Version: 6.3.9600.17813, Zeitstempel: 0x554a15f3
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17736, Zeitstempel: 0x550f4336
Ausnahmecode: 0xc0000008
Fehleroffset: 0x00000000000ec180
ID des fehlerhaften Prozesses: 0x11b8
Startzeit der fehlerhaften Anwendung: 0xGWXUX.exe0
Pfad der fehlerhaften Anwendung: GWXUX.exe1
Pfad des fehlerhaften Moduls: GWXUX.exe2
Berichtskennung: GWXUX.exe3
Vollständiger Name des fehlerhaften Pakets: GWXUX.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: GWXUX.exe5

Error: (06/21/2015 11:56:35 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description: 

Error: (06/21/2015 03:42:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: GWXUX.exe, Version: 6.3.9600.17813, Zeitstempel: 0x554a15f3
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17736, Zeitstempel: 0x550f4336
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000003d85e
ID des fehlerhaften Prozesses: 0x75c
Startzeit der fehlerhaften Anwendung: 0xGWXUX.exe0
Pfad der fehlerhaften Anwendung: GWXUX.exe1
Pfad des fehlerhaften Moduls: GWXUX.exe2
Berichtskennung: GWXUX.exe3
Vollständiger Name des fehlerhaften Pakets: GWXUX.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: GWXUX.exe5

Error: (06/20/2015 03:56:28 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm mbar.exe, Version 1.9.1.1004 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 12ec

Startzeit: 01d0ab6062545e16

Endzeit: 13311

Anwendungspfad: C:\Users\Hikaru\Desktop\mbar\mbar.exe

Berichts-ID: 1b75cf84-1754-11e5-8266-4437e6e88be4

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (06/19/2015 01:22:05 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary scfd_1_10_0_16.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (06/19/2015 00:43:35 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary scfd_1_10_0_16.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (06/18/2015 06:31:01 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary scfd_1_10_0_16.

System Error:
Das System kann die angegebene Datei nicht finden.
.


System errors:
=============
Error: (06/20/2015 04:46:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "mail update Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (06/20/2015 04:19:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "mail update Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (06/20/2015 04:01:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Email-Schutz" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/20/2015 04:01:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Cyberlink RichVideo64 Service(CRVS)" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/20/2015 04:01:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Protexis Licensing V2" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/20/2015 04:01:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Lenovo System Agent Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/20/2015 04:01:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "JME Keyboard Driver" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/20/2015 04:01:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "AMD FUEL Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/20/2015 04:01:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Adobe Acrobat Update Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/20/2015 04:01:09 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Druckwarteschlange" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.


Microsoft Office:
=========================
Error: (06/23/2015 07:56:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: GWXUX.exe6.3.9600.17813554a15f3ntdll.dll6.3.9600.17736550f4336c0000005000000000003d85ec3401d0adddfa3639a0C:\WINDOWS\System32\GWX\GWXUX.exeC:\WINDOWS\SYSTEM32\ntdll.dll387b5ae4-19d1-11e5-8269-4437e6e88be4

Error: (06/22/2015 11:36:32 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description: 

Error: (06/22/2015 10:40:19 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description: 

Error: (06/22/2015 10:35:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: GWXUX.exe6.3.9600.17813554a15f3ntdll.dll6.3.9600.17736550f4336c000000800000000000ec18011b801d0ad2af31351ccC:\WINDOWS\System32\GWX\GWXUX.exeC:\WINDOWS\SYSTEM32\ntdll.dll314ed7f8-191e-11e5-8269-4437e6e88be4

Error: (06/21/2015 11:56:35 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description: 

Error: (06/21/2015 03:42:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: GWXUX.exe6.3.9600.17813554a15f3ntdll.dll6.3.9600.17736550f4336c0000005000000000003d85e75c01d0ac280ae166e3C:\WINDOWS\System32\GWX\GWXUX.exeC:\WINDOWS\SYSTEM32\ntdll.dll4bdeb74e-181b-11e5-8269-4437e6e88be4

Error: (06/20/2015 03:56:28 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: mbar.exe1.9.1.100412ec01d0ab6062545e1613311C:\Users\Hikaru\Desktop\mbar\mbar.exe1b75cf84-1754-11e5-8266-4437e6e88be4

Error: (06/19/2015 01:22:05 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary scfd_1_10_0_16.

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (06/19/2015 00:43:35 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary scfd_1_10_0_16.

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (06/18/2015 06:31:01 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary scfd_1_10_0_16.

System Error:
Das System kann die angegebene Datei nicht finden.


CodeIntegrity Errors:
===================================
  Date: 2015-06-17 23:29:26.855
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exe that did not meet the Microsoft signing level requirements.


==================== Memory info =========================== 

Processor: AMD A10-7800 Radeon R7, 12 Compute Cores 4C+8G 
Percentage of memory in use: 23%
Total physical RAM: 7093.19 MB
Available physical RAM: 5438.34 MB
Total Pagefile: 14517.19 MB
Available Pagefile: 12337.84 MB
Total Virtual: 131072 MB
Available Virtual: 131071.77 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:905.25 GB) (Free:859.29 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 1746FBBD)

Partition: GPT Partition Type.

==================== End of log ============================
         
--- --- --- --- --- ---
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 18.06.2015
Suchlauf-Zeit: 01:24:00
Logdatei: malwarebytes7.txt
Administrator: Ja

Version: 2.01.6.1022
Malware Datenbank: v2015.03.09.05
Rootkit Datenbank: v2015.02.25.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Hikaru

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 343990
Verstrichene Zeit: 11 Min, 6 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 27
PUP.Optional.MBot.A, HKLM\SOFTWARE\WOW6432NODE\MYBESTOFFERSTODAY, In Quarantäne, [6e0b0d362862d6602fd39236ed162cd4], 
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\WajIntEnhance, In Quarantäne, [d8a171d20783c07600c6486406fdb54b], 
PUP.Software.Updater, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}, In Quarantäne, [3d3c72d1cdbdc5714a5e58a40af9ec14], 
PUP.Optional.BoBrowser.A, HKU\S-1-5-21-239342230-206131414-3666733320-1002\SOFTWARE\BoBrowser, In Quarantäne, [fa7f83c0e3a785b1761b7837a75c6e92], 
PUP.Optional.CinemaPlus.A, HKU\S-1-5-21-239342230-206131414-3666733320-1002\SOFTWARE\CinemaPlus-3.2cV17.06, In Quarantäne, [2a4fd2716d1d83b35b7972451ae9ac54], 
PUP.Optional.CinemaPlus.A, HKU\S-1-5-21-239342230-206131414-3666733320-1002\SOFTWARE\CinemaPlus-3.2cV17.06-nv, In Quarantäne, [bbbe31129bef4cea468e4473c340619f], 
PUP.Optional.CinemaPlus.A, HKU\S-1-5-21-239342230-206131414-3666733320-1002\SOFTWARE\CinemaPlus-3.2cV17.06-nv-ie, In Quarantäne, [accd043f038773c324b08f28bf448f71], 
PUP.Optional.HomeTab.A, HKU\S-1-5-21-239342230-206131414-3666733320-1002\SOFTWARE\HomeTab, In Quarantäne, [3742c47fd3b7b6806ed215c44eb5df21], 
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-239342230-206131414-3666733320-1002\SOFTWARE\SearchProtectWS, In Quarantäne, [de9b2023682253e3bbd205a46f948b75], 
PUP.Optional.TNT.A, HKU\S-1-5-21-239342230-206131414-3666733320-1002\SOFTWARE\TNT2, In Quarantäne, [0079af949cee3006c6a86f3c55ae4ab6], 
PUP.Optional.Tuto4PC.A, HKU\S-1-5-21-239342230-206131414-3666733320-1002\SOFTWARE\TutoTag, In Quarantäne, [4e2b5fe46d1d89ad626456d70500ad53], 
PUP.Optional.Wajam.A, HKU\S-1-5-21-239342230-206131414-3666733320-1002\SOFTWARE\WajIEnhance, In Quarantäne, [a9d00142d9b169cda604902240c308f8], 
PUP.Optional.Wajam.A, HKU\S-1-5-21-239342230-206131414-3666733320-1002\SOFTWARE\WajIntEnhance, In Quarantäne, [caafd66d800a0e28bb0c595308fbcf31], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-239342230-206131414-3666733320-1002\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, In Quarantäne, [03763c07018965d14ceccc53768f44bc], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-239342230-206131414-3666733320-1002\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\30935, In Quarantäne, [3b3ede65286283b315a6fec473906f91], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-239342230-206131414-3666733320-1002\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\Cinema PlusV17.06, In Quarantäne, [cfaa2e156e1c36004a024a6dca39a060], 
PUP.Optional.Qone8, HKU\S-1-5-21-239342230-206131414-3666733320-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [bebb3d065a30f3432678c84e729326da], 
PUP.Optional.Iminent.A, HKU\S-1-5-21-239342230-206131414-3666733320-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IMBoosterARP, In Quarantäne, [5227331005851c1ac7aa4164956edd23], 
PUP.Optional.Iminent.A, HKU\S-1-5-21-239342230-206131414-3666733320-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IminentToolbar, In Quarantäne, [4831ae95296140f673ff9c09cb3814ec], 
PUP.Optional.Linkey.A, HKU\S-1-5-21-239342230-206131414-3666733320-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Linkey, In Quarantäne, [f287360d2b5f3006096a3e677f84ef11], 
PUP.Optional.Vosteran.A, HKU\S-1-5-21-239342230-206131414-3666733320-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Vosteran.com, In Quarantäne, [76039ba8a9e1ac8a41339c09f50ee020], 
PUP.Optional.Wajam.A, HKU\S-1-5-21-239342230-206131414-3666733320-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WajIntEnhance, In Quarantäne, [a2d7b48facde3204680da0056a99af51], 
PUP.Optional.HomeTab.A, HKU\S-1-5-21-239342230-206131414-3666733320-1002\SOFTWARE\SIMPLYTECH\HomeTab, In Quarantäne, [5821053ec9c1092d2048cb26a0637b85], 
PUP.Optional.Tuto4PC.A, HKU\S-1-5-21-239342230-206131414-3666733320-1002\SOFTWARE\TUTORIALS\updatetutorialeshp, In Quarantäne, [c9b02a194b3fa492e80a703a19eae21e], 
PUP.Optional.Tuto4PC.A, HKU\S-1-5-21-239342230-206131414-3666733320-1002\SOFTWARE\TUTORIALS\updatetutorialshp, In Quarantäne, [a9d0a3a0d1b90234797a3c6eb84b40c0], 
PUP.Optional.Tuto4PC.A, HKU\S-1-5-21-239342230-206131414-3666733320-1002\SOFTWARE\TUTORIALS\updv, In Quarantäne, [2257c47ff595ba7c30c4723857ac8e72], 
PUP.Optional.MBot.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\mbot_de_014010005_is1, In Quarantäne, [354454ef038792a49582454347bced13], 

Registrierungswerte: 0
(Keine schädliche Elemente gefunden)

Registrierungsdaten: 11
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\GOOGLE CHROME\SHELL\OPEN\COMMAND, "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" hxxp://www.istartsurf.com/?type=sc&ts=1434572693&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=face&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH, Gut: (Chrome.exe), Schlecht: ("C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" hxxp://www.istartsurf.com/?type=sc&ts=1434572693&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=face&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH),Ersetzt,[03767fc4bcce73c32995597ddd28d52b]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.istartsurf.com/web/?type=ds&ts=1434572693&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=face&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/web/?type=ds&ts=1434572693&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=face&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH&q={searchTerms}),Ersetzt,[81f81f242466aa8c9482f9dcca3b42be]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.istartsurf.com/?type=hp&ts=1434572693&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=face&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/?type=hp&ts=1434572693&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=face&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH),Ersetzt,[611856ede7a390a63dd9e0f59d6859a7]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://www.istartsurf.com/web/?type=ds&ts=1434572693&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=face&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/web/?type=ds&ts=1434572693&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=face&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH&q={searchTerms}),Ersetzt,[0475b88b2b5f20169a7c21b45fa6f808]
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[56235be836545adc26749f425ca937c9]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\GOOGLE CHROME\SHELL\OPEN\COMMAND, "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" hxxp://www.istartsurf.com/?type=sc&ts=1434572693&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=face&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH, Gut: (Chrome.exe), Schlecht: ("C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" hxxp://www.istartsurf.com/?type=sc&ts=1434572693&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=face&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH),Ersetzt,[8decf251ccbed660229c7462c44128d8]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.istartsurf.com/web/?type=ds&ts=1434572693&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=face&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/web/?type=ds&ts=1434572693&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=face&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH&q={searchTerms}),Ersetzt,[7cfd43008cfe79bdaf67a4313bca7987]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.istartsurf.com/?type=hp&ts=1434572693&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=face&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/?type=hp&ts=1434572693&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=face&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH),Ersetzt,[2554f350c6c491a561b52aab986df50b]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://www.istartsurf.com/web/?type=ds&ts=1434572693&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=face&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/web/?type=ds&ts=1434572693&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=face&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH&q={searchTerms}),Ersetzt,[90e9e2610684b87e0a0c548112f3619f]
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[93e684bf0b7f3afc0c8ea0412cd9946c]
PUP.Optional.IStartSurf.A, HKU\S-1-5-21-239342230-206131414-3666733320-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.istartsurf.com/?type=hp&ts=1434572693&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=face&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/?type=hp&ts=1434572693&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=face&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH),Ersetzt,[8eebcf747218d264d53f914459acd32d]

Ordner: 7
PUP.Optional.GlobalUpdate.A, C:\Users\Hikaru\AppData\Local\Temp\comh.266757, In Quarantäne, [c1b87fc4fe8c6bcb5534acd633d05ea2], 
PUP.Optional.MBot.A, C:\Users\Hikaru\AppData\Local\mbot_de_014010005, In Quarantäne, [631676cddeac2511b3632167e023867a], 
PUP.Optional.MBot.A, C:\Users\Hikaru\AppData\Local\mbot_de_014010005\Download, In Quarantäne, [631676cddeac2511b3632167e023867a], 
PUP.Optional.MBot.A, C:\Users\Hikaru\AppData\Local\mbot_de_014010005\mbot_de_014010005, In Quarantäne, [631676cddeac2511b3632167e023867a], 
PUP.Optional.MBot.A, C:\Users\Hikaru\AppData\Local\mbot_de_014010005\mbot_de_014010005\1.10, In Quarantäne, [631676cddeac2511b3632167e023867a], 
PUP.Optional.MBot.A, C:\Program Files (x86)\mbot_de_014010005, In Quarantäne, [354454ef038792a49582454347bced13], 
PUP.Optional.MBot.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MYBESTOFFERSTODAY, In Quarantäne, [5f1aa1a2088210268aec4643cd36728e], 

Dateien: 44
PUP.Optional.MyStartSearch.A, C:\Users\Hikaru\AppData\Local\Temp\nscE27C.tmp, In Quarantäne, [fe7b1033e6a4f4420748b565d630fa06], 
PUP.Optional.MyStartSearch.A, C:\Users\Hikaru\AppData\Local\Temp\nsp94CD.tmp, In Quarantäne, [97e245feb9d19d9973dc66b4778f01ff], 
PUP.Optional.Somoto, C:\Users\Hikaru\AppData\Local\Temp\bitool.dll, In Quarantäne, [c7b20d360e7cf442b6699fad7e84e21e], 
PUP.Optional.BoostSaves.A, C:\Users\Hikaru\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.boostsaves.com_0.localstorage, In Quarantäne, [86f36ad9e7a3dc5ae1a8239137cc7c84], 
PUP.Optional.BoostSaves.A, C:\Users\Hikaru\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.boostsaves.com_0.localstorage-journal, In Quarantäne, [afcabb882c5e999db9d007ad37cca957], 
PUP.Optional.Boost.A, C:\Users\Hikaru\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.boostsaves.com_0.localstorage, In Quarantäne, [4a2f350e800a52e4212c04ca689b2ed2], 
PUP.Optional.Boost.A, C:\Users\Hikaru\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.boostsaves.com_0.localstorage-journal, In Quarantäne, [53262c172f5bc86eb09d319dca39bd43], 
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\63e3ee49-bd6e-4291-b320-aae5c7f5c377-1-6, In Quarantäne, [3b3e6ed5a9e10f275c15e8e6fd06e917], 
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\63e3ee49-bd6e-4291-b320-aae5c7f5c377-1-7, In Quarantäne, [a2d70a394b3f96a0145dc30bb053b44c], 
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\63e3ee49-bd6e-4291-b320-aae5c7f5c377-10_user, In Quarantäne, [5c1dd96a90fa61d575fcdfefc93a9d63], 
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\63e3ee49-bd6e-4291-b320-aae5c7f5c377-11, In Quarantäne, [5821093a404a93a3a0d18945f90ad62a], 
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\63e3ee49-bd6e-4291-b320-aae5c7f5c377-3, In Quarantäne, [fb7ea59e25659d99b0c1f7d738cba957], 
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\63e3ee49-bd6e-4291-b320-aae5c7f5c377-5, In Quarantäne, [bebb0e3553374fe7e78a05c95ea5738d], 
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\63e3ee49-bd6e-4291-b320-aae5c7f5c377-5_user, In Quarantäne, [fc7d1e258dfd2b0b135e0bc3818243bd], 
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\63e3ee49-bd6e-4291-b320-aae5c7f5c377-6, In Quarantäne, [df9a67dc9af06dc93041b21c897a4ab6], 
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\63e3ee49-bd6e-4291-b320-aae5c7f5c377-7, In Quarantäne, [9ddca69def9bd4620869cfff4fb48d73], 
PUP.SoftwareUpdater.A, C:\Windows\System32\Tasks\AmiUpdXp, In Quarantäne, [0673e0636e1c42f41dec389bd72c16ea], 
PUP.Software.Updater, C:\Windows\Tasks\AmiUpdXp.job, In Quarantäne, [bbbe340f612983b3c3e410ec41c2bb45], 
PUP.Optional.CrossRider.T, C:\Windows\Tasks\63e3ee49-bd6e-4291-b320-aae5c7f5c377-1-6.job, In Quarantäne, [0376073c3159b284de8f0d1e19eca858], 
PUP.Optional.CrossRider.T, C:\Windows\Tasks\63e3ee49-bd6e-4291-b320-aae5c7f5c377-1-7.job, In Quarantäne, [52277cc7e5a5ef471c512506eb1ab050], 
PUP.Optional.CrossRider.T, C:\Windows\Tasks\63e3ee49-bd6e-4291-b320-aae5c7f5c377-10_user.job, In Quarantäne, [73068eb594f6092dd7968aa1b4510cf4], 
PUP.Optional.CrossRider.T, C:\Windows\Tasks\63e3ee49-bd6e-4291-b320-aae5c7f5c377-11.job, In Quarantäne, [0178c380bdcdbc7abeafdf4ce421b34d], 
PUP.Optional.CrossRider.T, C:\Windows\Tasks\63e3ee49-bd6e-4291-b320-aae5c7f5c377-3.job, In Quarantäne, [a7d2b78c14762214422b56d5ec19b34d], 
PUP.Optional.CrossRider.T, C:\Windows\Tasks\63e3ee49-bd6e-4291-b320-aae5c7f5c377-5.job, In Quarantäne, [99e07dc65931d85ecba264c718ed22de], 
PUP.Optional.CrossRider.T, C:\Windows\Tasks\63e3ee49-bd6e-4291-b320-aae5c7f5c377-5_user.job, In Quarantäne, [b7c294aff09a73c3620b31fa13f2a858], 
PUP.Optional.CrossRider.T, C:\Windows\Tasks\63e3ee49-bd6e-4291-b320-aae5c7f5c377-6.job, In Quarantäne, [5a1fea598a00c1755d102b00c243d62a], 
PUP.Optional.CrossRider.T, C:\Windows\Tasks\63e3ee49-bd6e-4291-b320-aae5c7f5c377-7.job, In Quarantäne, [de9bcf74a9e17abcb0bdc16a03025aa6], 
PUP.Optional.Vitruvian.A, C:\Users\Hikaru\AppData\Local\Temp\vitruvian-installer-hardwareprofile-v0001, In Quarantäne, [48316ed5404a0f270fe20c2758adda26], 
PUP.Optional.Vitruvian.A, C:\Users\Hikaru\AppData\Local\Temp\vitruvian-installer-install-v0003, In Quarantäne, [01784ef54c3efa3cbc35181bbb4ade22], 
PUP.Optional.Vitruvian.A, C:\Users\Hikaru\AppData\Local\Temp\vitruvian-installer-processes-v0002, In Quarantäne, [6c0dde655139e45202efd85b58ad5ca4], 
PUP.Optional.Vitruvian.A, C:\Users\Hikaru\AppData\Local\Temp\vitruvian-installer-scheduledtasks-v0001, In Quarantäne, [611882c1305a8da9628f00334cb9cd33], 
PUP.Optional.Vitruvian.A, C:\Users\Hikaru\AppData\Local\Temp\vitruvian-installer-softwareregkeys-v0002, In Quarantäne, [68115be8f39779bd37ba3ff4ad58e31d], 
PUP.Optional.GlobalUpdate.A, C:\Users\Hikaru\AppData\Local\Temp\comh.266757\globalupdateBroker.exe, In Quarantäne, [c1b87fc4fe8c6bcb5534acd633d05ea2], 
PUP.Optional.GlobalUpdate.A, C:\Users\Hikaru\AppData\Local\Temp\comh.266757\globalupdateHelper.msi, In Quarantäne, [c1b87fc4fe8c6bcb5534acd633d05ea2], 
PUP.Optional.GlobalUpdate.A, C:\Users\Hikaru\AppData\Local\Temp\comh.266757\globalupdateOnDemand.exe, In Quarantäne, [c1b87fc4fe8c6bcb5534acd633d05ea2], 
PUP.Optional.GlobalUpdate.A, C:\Users\Hikaru\AppData\Local\Temp\comh.266757\goopdate.dll, In Quarantäne, [c1b87fc4fe8c6bcb5534acd633d05ea2], 
PUP.Optional.MBot.A, C:\Users\Hikaru\AppData\Local\mbot_de_014010005\upgmsd_de_005010005.cyl, In Quarantäne, [631676cddeac2511b3632167e023867a], 
PUP.Optional.MBot.A, C:\Users\Hikaru\AppData\Local\mbot_de_014010005\upmbot_de_014010005.cyl, In Quarantäne, [631676cddeac2511b3632167e023867a], 
PUP.Optional.MBot.A, C:\Users\Hikaru\AppData\Local\mbot_de_014010005\user_profil.cyp, In Quarantäne, [631676cddeac2511b3632167e023867a], 
PUP.Optional.MBot.A, C:\Users\Hikaru\AppData\Local\mbot_de_014010005\mbot_de_014010005\1.10\cnf.cyl, In Quarantäne, [631676cddeac2511b3632167e023867a], 
PUP.Optional.MBot.A, C:\Users\Hikaru\AppData\Local\mbot_de_014010005\mbot_de_014010005\1.10\eorezo.cyl, In Quarantäne, [631676cddeac2511b3632167e023867a], 
PUP.Optional.MBot.A, C:\Program Files (x86)\mbot_de_014010005\unins000.dat, In Quarantäne, [354454ef038792a49582454347bced13], 
PUP.Optional.MBot.A, C:\Program Files (x86)\mbot_de_014010005\unins000.exe, In Quarantäne, [354454ef038792a49582454347bced13], 
PUP.Optional.MBot.A, C:\Program Files (x86)\mbot_de_014010005\unins000.msg, In Quarantäne, [354454ef038792a49582454347bced13], 

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)
         
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 20.06.2015
Suchlauf-Zeit: 16:34:21
Logdatei: malwarebytes2.txt
Administrator: Ja

Version: 2.01.6.1022
Malware Datenbank: v2015.06.20.02
Rootkit Datenbank: v2015.06.15.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Hikaru

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 345863
Verstrichene Zeit: 9 Min, 30 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 1
PUP.Optional.MultiPlug.Gen, C:\Users\Hikaru\AppData\Roaming\3BDD7C98-1434566357-11E4-8357-1C2C465E1100\knsfF8D0.tmp, 1780, Löschen bei Neustart, [569cb20aee9c280e2a0c117812f346ba]

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 9
PUP.Optional.Amonetize.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{B0660298-91AA-421F-BF0D-BFF6BB8BF3AE}, In Quarantäne, [b2408636f892ef470b67f0c15aa9d030], 
PUP.Optional.Amonetize.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{EAC7DE5C-9520-435D-91AA-4A02E4773CEA}, In Quarantäne, [b2408636f892ef470b67f0c15aa9d030], 
PUP.Optional.Amonetize.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{EAC7DE5C-9520-435D-91AA-4A02E4773CEA}, In Quarantäne, [b2408636f892ef470b67f0c15aa9d030], 
PUP.Optional.Amonetize.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{EAC7DE5C-9520-435D-91AA-4A02E4773CEA}, In Quarantäne, [b2408636f892ef470b67f0c15aa9d030], 
PUP.Optional.Amonetize.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{B0660298-91AA-421F-BF0D-BFF6BB8BF3AE}, In Quarantäne, [b2408636f892ef470b67f0c15aa9d030], 
PUP.Optional.Amonetize.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{B0660298-91AA-421F-BF0D-BFF6BB8BF3AE}, In Quarantäne, [b2408636f892ef470b67f0c15aa9d030], 
PUP.Optional.MultiPlug.Gen, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\levukyhy, In Quarantäne, [569cb20aee9c280e2a0c117812f346ba], 
PUP.Optional.SuperClick.A, HKLM\SOFTWARE\WOW6432NODE\SuperClick_1.10.0.16, In Quarantäne, [bc3615a74743db5be273444bf015d32d], 
PUP.Optional.PCSpeedUp.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\PCSUUCDRV, In Quarantäne, [1ed46854a8e277bf12cee6acfe0749b7], 

Registrierungswerte: 1
PUP.Optional.MultiPlug.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\levukyhy|ImagePath, C:\Users\Hikaru\AppData\Roaming\3BDD7C98-1434566357-11E4-8357-1C2C465E1100\knsfF8D0.tmp, In Quarantäne, [15dd9d1f305a77bf96261176709555ab]

Registrierungsdaten: 2
PUP.Optional.OurSurfing.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.oursurfing.com/?type=sc&ts=1434566156&z=62208703c51793706665884g7z8cfz8w4q8qegawbw&from=amt&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH, Gut: (iexplore.exe), Schlecht: (C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.oursurfing.com/?type=sc&ts=1434566156&z=62208703c51793706665884g7z8cfz8w4q8qegawbw&from=amt&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH),Ersetzt,[539f4c70444679bdc376ea61fb0be11f]
PUP.Optional.OurSurfing.A, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.oursurfing.com/?type=sc&ts=1434566156&z=62208703c51793706665884g7z8cfz8w4q8qegawbw&from=amt&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH, Gut: (iexplore.exe), Schlecht: (C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.oursurfing.com/?type=sc&ts=1434566156&z=62208703c51793706665884g7z8cfz8w4q8qegawbw&from=amt&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH),Ersetzt,[1ed4a517e1a9f5413ffae96255b15ba5]

Ordner: 5
PUP.Optional.MultiPlug.Gen, C:\Users\Hikaru\AppData\Roaming\3BDD7C98-1434566357-11E4-8357-1C2C465E1100, Löschen bei Neustart, [569cb20aee9c280e2a0c117812f346ba], 
PUP.Optional.Amonetize.A, C:\ProgramData\Emaenxsu\1.0.1.0, In Quarantäne, [52a04c703e4ca88e77d5820ef21338c8], 
PUP.Optional.Amonetize.A, C:\ProgramData\Emaenxsu, In Quarantäne, [52a04c703e4ca88e77d5820ef21338c8], 
PUP.Optional.PullUpdate.A, C:\ProgramData\hUYXYdNI\dat, In Quarantäne, [c42e328a55358ea832a56621a5617e82], 
PUP.Optional.PullUpdate.A, C:\ProgramData\hUYXYdNI, In Quarantäne, [c42e328a55358ea832a56621a5617e82], 

Dateien: 17
PUP.Optional.PullUpdate.A, C:\ProgramData\hUYXYdNI\dat\OoZhholiwT.exe, In Quarantäne, [3cb6f7c5fe8c0b2b21a15b2ae5216f91], 
PUP.Optional.AnyProtect, C:\Users\Hikaru\AppData\Local\Temp\nsmAB0D.tmp, In Quarantäne, [d41e9329751559ddf37b0564d033ce32], 
PUP.Optional.AnyProtect, C:\Users\Hikaru\AppData\Local\Temp\nspA54.tmp, In Quarantäne, [fff3a6162a6083b3214dd495ec17a55b], 
PUP.Optional.IStartSurf.A, C:\Users\Hikaru\AppData\Local\Temp\nswFA3A.tmp, In Quarantäne, [c32f13a9781220164b873152d333e31d], 
PUP.Optional.Clara.A, C:\Users\Hikaru\AppData\Local\Temp\CR_B2D82.tmp\setup.exe, In Quarantäne, [ca288636682287afc6a27b0a80860cf4], 
PUP.Optional.MultiPlug.Gen, C:\Users\Hikaru\AppData\Roaming\3BDD7C98-1434566357-11E4-8357-1C2C465E1100\knsfF8D0.tmp, Löschen bei Neustart, [569cb20aee9c280e2a0c117812f346ba], 
PUP.Optional.MultiPlug.Gen, C:\Users\Hikaru\AppData\Roaming\3BDD7C98-1434566357-11E4-8357-1C2C465E1100\rnsoC31F.exe, In Quarantäne, [569cb20aee9c280e2a0c117812f346ba], 
PUP.Optional.MultiPlug.Gen, C:\Users\Hikaru\AppData\Roaming\3BDD7C98-1434566357-11E4-8357-1C2C465E1100\Uninstall.exe, In Quarantäne, [569cb20aee9c280e2a0c117812f346ba], 
PUP.Optional.MultiPlug.Gen, C:\Users\Hikaru\AppData\Roaming\3BDD7C98-1434566357-11E4-8357-1C2C465E1100\vnsv9FB1.tmp, In Quarantäne, [569cb20aee9c280e2a0c117812f346ba], 
PUP.Optional.Amonetize.A, C:\ProgramData\Emaenxsu\1.0.1.0\kugnoaah.exe.config, In Quarantäne, [52a04c703e4ca88e77d5820ef21338c8], 
PUP.Optional.Amonetize.A, C:\ProgramData\Emaenxsu\1.0.1.0\sqlite3.dll, In Quarantäne, [52a04c703e4ca88e77d5820ef21338c8], 
PUP.Optional.Amonetize.A, C:\ProgramData\Emaenxsu\dat.dat, In Quarantäne, [52a04c703e4ca88e77d5820ef21338c8], 
PUP.Optional.PullUpdate.A, C:\ProgramData\hUYXYdNI\dat\OoZhholiwT.exe.config, In Quarantäne, [c42e328a55358ea832a56621a5617e82], 
PUP.Optional.PullUpdate.A, C:\ProgramData\hUYXYdNI\dat\REaCcB.exe.config, In Quarantäne, [c42e328a55358ea832a56621a5617e82], 
PUP.Optional.PullUpdate.A, C:\ProgramData\hUYXYdNI\info.dat, In Quarantäne, [c42e328a55358ea832a56621a5617e82], 
PUP.Optional.PullUpdate.A, C:\ProgramData\hUYXYdNI\wPDBXOj.dat, In Quarantäne, [c42e328a55358ea832a56621a5617e82], 
PUP.Optional.PullUpdate.A, C:\ProgramData\hUYXYdNI\wPDBXOj.exe.config, In Quarantäne, [c42e328a55358ea832a56621a5617e82], 

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)
         
AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v4.206 - Bericht erstellt 19/06/2015 um 14:48:28
# Aktualisiert 01/06/2015 von Xplode
# Datenbank : 2015-05-31.5 [Lokal]
# Betriebssystem : Windows 8.1  (x64)
# Benutzername : Hikaru - HIKARU-UKE
# Gestarted von : C:\Users\Hikaru\Downloads\adwcleaner_4.206.exe
# Option : Suchlauf

***** [ Dienste ] *****

Dienst Gefunden : 0014681434673201mcinstcleanup

***** [ Dateien / Ordner ] *****

Datei Gefunden : C:\claraInstaller.txt
Datei Gefunden : C:\Users\Hikaru\AppData\Local\Temp\Uninstall.exe
Datei Gefunden : C:\Users\Hikaru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crossbrowse.lnk
Ordner Gefunden : C:\DesktopSearch
Ordner Gefunden : C:\Program Files (x86)\Amazon\ABB
Ordner Gefunden : C:\Program Files (x86)\LenovoBrowserGuard
Ordner Gefunden : C:\Program Files (x86)\MyPCBU
Ordner Gefunden : C:\ProgramData\MailUpdate
Ordner Gefunden : C:\Users\Hikaru\AppData\Local\LenovoBrowserGuard
Ordner Gefunden : C:\Users\Hikaru\AppData\Roaming\AnyProtectEx
Ordner Gefunden : C:\Users\Hikaru\AppData\Roaming\MailUpdate
Ordner Gefunden : C:\Users\Hikaru\SupTab

***** [ Geplante Tasks ] *****

Task Gefunden : Run_Bobby_Browser
Task Gefunden : WinKit
Task Gefunden : amiupdaterExd
Task Gefunden : amiupdaterExi

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Daten Gefunden : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [(Default)] - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.oursurfing.com/?type=sc&ts=1434566156&z=62208703c51793706665884g7z8cfz8w4q8qegawbw&from=amt&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH
Schlüssel Gefunden : HKCU\Software\AnyProtect
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\SmartWeb
Schlüssel Gefunden : HKCU\Software\Classes\AllFileSystemObjects\shell\pokki
Schlüssel Gefunden : HKCU\Software\Classes\Directory\shell\pokki
Schlüssel Gefunden : HKCU\Software\Classes\Drive\shell\pokki
Schlüssel Gefunden : HKCU\Software\Classes\lnkfile\shell\pokki
Schlüssel Gefunden : HKCU\Software\Classes\pokki
Schlüssel Gefunden : HKCU\Software\Crossbrowse
Schlüssel Gefunden : HKCU\Software\InstalledBrowserExtensions
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\istartsurf.com
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mystartsearch.com
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.mystartsearch.com
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_04bb6df446330549a2cb8d67fbd1a745025b7bd1
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_3dc0e1fa754e445f813f28d62945a52a0bd61e67
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_ae6fb69cb32e90696231047775a0c6f978b07da9
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_Start_Menu
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_Start_Menu
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Schlüssel Gefunden : HKCU\Software\Pokki
Schlüssel Gefunden : HKCU\Software\simplytech
Schlüssel Gefunden : HKCU\Software\YorkNewCin
Schlüssel Gefunden : [x64] HKCU\Software\AnyProtect
Schlüssel Gefunden : [x64] HKCU\Software\Crossbrowse
Schlüssel Gefunden : [x64] HKCU\Software\InstalledBrowserExtensions
Schlüssel Gefunden : [x64] HKCU\Software\Pokki
Schlüssel Gefunden : [x64] HKCU\Software\simplytech
Schlüssel Gefunden : [x64] HKCU\Software\YorkNewCin
Schlüssel Gefunden : HKLM\SOFTWARE\Clara
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CRSBRWSHTML
Schlüssel Gefunden : HKLM\SOFTWARE\Clients\StartMenuInternet\Crossbrowse
Schlüssel Gefunden : HKLM\SOFTWARE\Crossbrowse
Schlüssel Gefunden : HKLM\SOFTWARE\InstalledBrowserExtensions
Schlüssel Gefunden : HKLM\SOFTWARE\LenovoBrowserGuard
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Mediaplayer\Shiminclusionlist\crossbrowse.exe
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\crossbrowse.exe
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7D7D6742-5B49-4454-9E9B-748E731E741A}_is1
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LenovoBrowserGuard
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
Schlüssel Gefunden : HKLM\SOFTWARE\SpeedBit
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Wert Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [DesktopSearch]
Wert Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Pokki]
Wert Gefunden : HKLM\SOFTWARE\Classes\.htm\OpenWithProgids [CRSBRWSHTML]
Wert Gefunden : HKLM\SOFTWARE\Classes\.html\OpenWithProgids [CRSBRWSHTML]
Wert Gefunden : HKLM\SOFTWARE\RegisteredApplications [Crossbrowse]

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17840

Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.oursurfing.com/web/?type=dspp&ts=1434566190&z=32bcc1b7c366af09ca67085gfzbc1zdwcqcqfg5b5t&from=amt&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH&q={searchTerms}

-\\ Google Chrome v43.0.2357.124

[C:\Users\Hikaru\AppData\Local\Google\Chrome\User Data\Default\Web data] - Gefunden [Search Provider] : hxxp://www.oursurfing.com/web/?type=dspp&ts=1434566190&z=32bcc1b7c366af09ca67085gfzbc1zdwcqcqfg5b5t&from=amt&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH&q={searchTerms}
[C:\Users\Hikaru\AppData\Local\Google\Chrome\User Data\Default\Web data] - Gefunden [Search Provider] : hxxp://www.mystartsearch.com/web/?type=ds&ts=1434566816&z=8b97c00d9112e167a535dfag6zcc1zfwbq0qebag3z&from=cmi&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH&q={searchTerms}
[C:\Users\Hikaru\AppData\Local\Google\Chrome\User Data\Default\Web data] - Gefunden [Search Provider] : hxxp://www.mystartsearch.com/web/?type=ds&ts=1434568576&z=fba18cf542c87940cb20379g6zdc8z9w3q7b0w1m4c&from=cmi&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH&q={searchTerms}
[C:\Users\Hikaru\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gefunden [Homepage] : hxxp://www.istartsurf.com/?type=hp&ts=1434572693&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=face&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH
[C:\Users\Hikaru\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gefunden [Startup_URLs] : 93A55B492FEB7464388C2C261637300566D6E725DBADCA3B754E284982CCE7E6"},"software_reporter":{"prompt_reason":"7938A6963AC8F761A3F63E0665B547EDF681916AF182CCCCC47C50AE360F2C89","prompt_seed":"B2EFCB0A98218F63BFB170E434B95A75FCE4852979F10D3CC157C8E93DDDD3CA","prompt_version":"E751FD164EC0A9FC981339425CC9E66BFD39F86F8BD53F7EDE1D3A7A5D5E9708"},"sync":{"remaining_rollback_tries":"86F27B85CB90EEB25001882FC235F735D5AA5453F9EF07115E1DD73993429D32"}},"super_mac":"BD73C878C87EBD394B95322CC69F8F85C696D0377BB4B374B19DA4BA3E02B9AF"},"session":{"restore_on_startup":4,"startup_urls":["hxxp://www.istartsurf.com/?type=hp&ts=1434572693&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=face&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH

*************************

AdwCleaner[R0].txt - [7369 Bytes] - [19/06/2015 14:48:28]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [7428 Bytes] ##########
         
--- --- --- AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v4.206 - Bericht erstellt 19/06/2015 um 14:55:00
# Aktualisiert 01/06/2015 von Xplode
# Datenbank : 2015-05-31.5 [Lokal]
# Betriebssystem : Windows 8.1  (x64)
# Benutzername : Hikaru - HIKARU-UKE
# Gestarted von : C:\Users\Hikaru\Downloads\adwcleaner_4.206.exe
# Option : Löschen

***** [ Dienste ] *****

[x] Nicht Gelöscht : 0014681434673201mcinstcleanup

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\DesktopSearch
Ordner Gelöscht : C:\ProgramData\MailUpdate
Ordner Gelöscht : C:\Program Files (x86)\Amazon\ABB
[x] Nicht Gelöscht : C:\Program Files (x86)\LenovoBrowserGuard
Ordner Gelöscht : C:\Program Files (x86)\MyPCBU
Ordner Gelöscht : C:\Users\Hikaru\SupTab
[x] Nicht Gelöscht : C:\Users\Hikaru\AppData\Local\LenovoBrowserGuard
Ordner Gelöscht : C:\Users\Hikaru\AppData\Roaming\AnyProtectEx
Ordner Gelöscht : C:\Users\Hikaru\AppData\Roaming\MailUpdate
Datei Gelöscht : C:\claraInstaller.txt
Datei Gelöscht : C:\Users\Hikaru\AppData\Local\Temp\Uninstall.exe
Datei Gelöscht : C:\Users\Hikaru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crossbrowse.lnk

***** [ Geplante Tasks ] *****

Task Gelöscht : Run_Bobby_Browser
Task Gelöscht : WinKit
Task Gelöscht : amiupdaterExd
Task Gelöscht : amiupdaterExi

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\Classes\pokki
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Pokki]
Schlüssel Gelöscht : HKCU\Software\Classes\AllFileSystemObjects\shell\pokki
Schlüssel Gelöscht : HKCU\Software\Classes\Directory\shell\pokki
Schlüssel Gelöscht : HKCU\Software\Classes\Drive\shell\pokki
Schlüssel Gelöscht : HKCU\Software\Classes\lnkfile\shell\pokki
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Mediaplayer\Shiminclusionlist\crossbrowse.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CRSBRWSHTML
Schlüssel Gelöscht : HKLM\SOFTWARE\Clients\StartMenuInternet\Crossbrowse
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\crossbrowse.exe
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [DesktopSearch]
Wert Gelöscht : HKLM\SOFTWARE\Classes\.htm\OpenWithProgids [CRSBRWSHTML]
Wert Gelöscht : HKLM\SOFTWARE\Classes\.html\OpenWithProgids [CRSBRWSHTML]
Wert Gelöscht : HKLM\SOFTWARE\RegisteredApplications [Crossbrowse]
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_04bb6df446330549a2cb8d67fbd1a745025b7bd1
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_3dc0e1fa754e445f813f28d62945a52a0bd61e67
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_ae6fb69cb32e90696231047775a0c6f978b07da9
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_Start_Menu
[x] Nicht Gelöscht : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [Default]
Schlüssel Gelöscht : HKCU\Software\AnyProtect
Schlüssel Gelöscht : HKCU\Software\InstalledBrowserExtensions
Schlüssel Gelöscht : HKCU\Software\Pokki
Schlüssel Gelöscht : HKCU\Software\simplytech
Schlüssel Gelöscht : HKCU\Software\Crossbrowse
Schlüssel Gelöscht : HKCU\Software\YorkNewCin
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartWeb
Schlüssel Gelöscht : HKLM\SOFTWARE\InstalledBrowserExtensions
Schlüssel Gelöscht : HKLM\SOFTWARE\Clara
[x] Nicht Gelöscht : HKLM\SOFTWARE\LenovoBrowserGuard
Schlüssel Gelöscht : HKLM\SOFTWARE\Crossbrowse
Schlüssel Gelöscht : HKLM\SOFTWARE\SpeedBit
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
[x] Nicht Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LenovoBrowserGuard
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7D7D6742-5B49-4454-9E9B-748E731E741A}_is1
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\istartsurf.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mystartsearch.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.mystartsearch.com

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17840

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]

-\\ Google Chrome v43.0.2357.124

[C:\Users\Hikaru\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.oursurfing.com/web/?type=dspp&ts=1434566190&z=32bcc1b7c366af09ca67085gfzbc1zdwcqcqfg5b5t&from=amt&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH&q={searchTerms}
[C:\Users\Hikaru\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.mystartsearch.com/web/?type=ds&ts=1434566816&z=8b97c00d9112e167a535dfag6zcc1zfwbq0qebag3z&from=cmi&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH&q={searchTerms}
[C:\Users\Hikaru\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.mystartsearch.com/web/?type=ds&ts=1434568576&z=fba18cf542c87940cb20379g6zdc8z9w3q7b0w1m4c&from=cmi&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH&q={searchTerms}
[C:\Users\Hikaru\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Homepage] : hxxp://www.istartsurf.com/?type=hp&ts=1434572693&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=face&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH
[C:\Users\Hikaru\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Startup_URLs] : 93A55B492FEB7464388C2C261637300566D6E725DBADCA3B754E284982CCE7E6"},"software_reporter":{"prompt_reason":"7938A6963AC8F761A3F63E0665B547EDF681916AF182CCCCC47C50AE360F2C89","prompt_seed":"B2EFCB0A98218F63BFB170E434B95A75FCE4852979F10D3CC157C8E93DDDD3CA","prompt_version":"E751FD164EC0A9FC981339425CC9E66BFD39F86F8BD53F7EDE1D3A7A5D5E9708"},"sync":{"remaining_rollback_tries":"86F27B85CB90EEB25001882FC235F735D5AA5453F9EF07115E1DD73993429D32"}},"super_mac":"BD73C878C87EBD394B95322CC69F8F85C696D0377BB4B374B19DA4BA3E02B9AF"},"session":{"restore_on_startup":4,"startup_urls":["hxxp://www.istartsurf.com/?type=hp&ts=1434572693&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=face&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH

*************************

AdwCleaner[R0].txt - [7535 Bytes] - [19/06/2015 14:48:28]
AdwCleaner[S0].txt - [6673 Bytes] - [19/06/2015 14:55:00]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6732  Bytes] ##########
         
--- --- ---
AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v4.206 - Bericht erstellt 20/06/2015 um 15:56:42
# Aktualisiert 01/06/2015 von Xplode
# Datenbank : 2015-05-31.5 [Lokal]
# Betriebssystem : Windows 8.1  (x64)
# Benutzername : Hikaru - HIKARU-UKE
# Gestarted von : C:\Users\Hikaru\Downloads\adwcleaner_4.206.exe
# Option : Suchlauf

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Datei Gefunden : C:\Users\Hikaru\AppData\Local\Temp\Uninstall.exe
Ordner Gefunden : C:\Program Files (x86)\AnyProtectEx
Ordner Gefunden : C:\Program Files (x86)\LenovoBrowserGuard
Ordner Gefunden : C:\Users\Hikaru\AppData\Local\LenovoBrowserGuard
Ordner Gefunden : C:\Users\Hikaru\AppData\Roaming\AnyProtectEx

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Daten Gefunden : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [(Default)] - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.oursurfing.com/?type=sc&ts=1434566156&z=62208703c51793706665884g7z8cfz8w4q8qegawbw&from=amt&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH
Schlüssel Gefunden : HKLM\SOFTWARE\LenovoBrowserGuard
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LenovoBrowserGuard

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17840


-\\ Google Chrome v43.0.2357.124


*************************

AdwCleaner[R0].txt - [7535 Bytes] - [19/06/2015 14:48:28]
AdwCleaner[R1].txt - [1474 Bytes] - [20/06/2015 15:56:42]
AdwCleaner[S0].txt - [6816 Bytes] - [19/06/2015 14:55:00]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [1592 Bytes] ##########
         
--- --- ---


AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v4.206 - Bericht erstellt 20/06/2015 um 15:58:23
# Aktualisiert 01/06/2015 von Xplode
# Datenbank : 2015-05-31.5 [Lokal]
# Betriebssystem : Windows 8.1  (x64)
# Benutzername : Hikaru - HIKARU-UKE
# Gestarted von : C:\Users\Hikaru\Downloads\adwcleaner_4.206.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Program Files (x86)\AnyProtectEx
[x] Nicht Gelöscht : C:\Program Files (x86)\LenovoBrowserGuard
[x] Nicht Gelöscht : C:\Users\Hikaru\AppData\Local\LenovoBrowserGuard
Ordner Gelöscht : C:\Users\Hikaru\AppData\Roaming\AnyProtectEx
Datei Gelöscht : C:\Users\Hikaru\AppData\Local\Temp\Uninstall.exe

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

[x] Nicht Gelöscht : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [Default]
[x] Nicht Gelöscht : HKLM\SOFTWARE\LenovoBrowserGuard
[x] Nicht Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LenovoBrowserGuard

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17840


-\\ Google Chrome v43.0.2357.124


*************************

AdwCleaner[R0].txt - [7535 Bytes] - [19/06/2015 14:48:28]
AdwCleaner[R1].txt - [1671 Bytes] - [20/06/2015 15:56:42]
AdwCleaner[S0].txt - [6816 Bytes] - [19/06/2015 14:55:00]
AdwCleaner[S1].txt - [1400 Bytes] - [20/06/2015 15:58:23]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1459  Bytes] ##########
         
--- --- ---

[/CODE]

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 7.0.1 (06.17.2015:2)
OS: Windows 8.1 x64
Ran by Hikaru on 18.06.2015 at 13:55:44,34
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Failed to stop: [Service] scfd_1_10_0_16
Successfully stopped: [Service] scsvc_1.10.0.16
Successfully deleted: [Service] scsvc_1.10.0.16
Failed to stop: [Service] scfd_1_10_0_16 [Adware.Vitruvian]



~~~ Tasks

Successfully deleted: [Task] C:\WINDOWS\system32\tasks\APSnotifierPP1
Successfully deleted: [Task] C:\WINDOWS\system32\tasks\APSnotifierPP2
Successfully deleted: [Task] C:\WINDOWS\system32\tasks\APSnotifierPP3
Successfully deleted: [Task] C:\WINDOWS\system32\tasks\Convertor
Successfully deleted: [Task] C:\WINDOWS\system32\tasks\Crossbrowse
Successfully deleted: [Task] C:\WINDOWS\system32\tasks\SuperClick Auto Updater 1.10.0.16 Core
Successfully deleted: [Task] C:\WINDOWS\system32\tasks\SuperClick Auto Updater 1.10.0.16 Pending Update
Successfully deleted: [Task] C:\WINDOWS\tasks\APSnotifierPP1.job
Successfully deleted: [Task] C:\WINDOWS\tasks\APSnotifierPP2.job
Successfully deleted: [Task] C:\WINDOWS\tasks\APSnotifierPP3.job
Successfully deleted: [Task] C:\WINDOWS\tasks\Crossbrowse.job



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_592333F42A0D1CD48BDC7C5A423F80B7
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_9053764826F483F018422F1AA87409D2
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Search Page
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\APN PIP
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AskPartnerNetwork
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{16C56A97-C4BD-433D-9355-D9B3814853D9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\scfd_1_10_0_16 [Adware.Vitruvian]



~~~ Files

Successfully deleted: [File] C:\Users\Hikaru\appdata\local\nseA54A.tmp
Successfully deleted: [File] C:\Users\Hikaru\AppData\Roaming\microsoft\internet explorer\quick launch\crossbrowse.lnk
Successfully deleted: [File] C:\Users\Hikaru\AppData\Roaming\microsoft\internet explorer\quick launch\user pinned\taskbar\pc app store.lnk
Successfully deleted: [File] C:\users\public\desktop\crossbrowse.lnk
Successfully deleted: [File] C:\WINDOWS\system32\drivers\scfd_1_10_0_16.sys [Adware.Vitruvian]
Successfully disinfected: [Shortcut] C:\Users\Hikaru\AppData\Roaming\microsoft\internet explorer\quick launch\Launch Internet Explorer Browser.lnk
Successfully disinfected: [Shortcut] C:\Users\Hikaru\AppData\Roaming\microsoft\internet explorer\quick launch\User Pinned\TaskBar\Internet Explorer.lnk
Successfully disinfected: [Shortcut] C:\Users\Hikaru\AppData\Roaming\microsoft\windows\start menu\Programs\Internet Explorer.lnk



~~~ Folders

Successfully deleted: [Folder] C:\Program Files (x86)\app_setup
Successfully deleted: [Folder] C:\Program Files (x86)\crossbrowse
Successfully deleted: [Folder] C:\Program Files (x86)\SuperClick_1.10.0.16
Successfully deleted: [Folder] C:\ProgramData\desktopsearch
Successfully deleted: [Folder] C:\ProgramData\microsoft\windows\start menu\programs\crossbrowse
Successfully deleted: [Folder] C:\ProgramData\pokki
Successfully deleted: [Folder] C:\Users\Hikaru\appdata\local\crossbrowse
Successfully deleted: [Folder] C:\Users\Hikaru\appdata\local\desktopsearch
Successfully deleted: [Folder] C:\Users\Hikaru\appdata\local\pokki
Successfully deleted: [Folder] C:\Users\Hikaru\appdata\locallow\smartweb
Successfully deleted: [Folder] C:\Users\Hikaru\AppData\Roaming\microsoft\windows\start menu\programs\anyprotect pc backup
Successfully deleted: [Folder] C:\Users\Hikaru\appdata\local\16516



~~~ Chrome


[C:\Users\Hikaru\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Hikaru\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Hikaru\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Hikaru\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 18.06.2015 at 13:58:43,97
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
JRT Logfile:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 7.0.1 (06.17.2015:2)
OS: Windows 8.1 x64
Ran by Hikaru on 20.06.2015 at 16:00:44,54
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Chrome


[C:\Users\Hikaru\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Hikaru\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Hikaru\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Hikaru\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 20.06.2015 at 16:02:48,29
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
--- --- ---


Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2015.06.20.02
  rootkit: v2015.06.15.01

Windows 8.1 x64 NTFS
Internet Explorer 11.0.9600.17842
Hikaru :: HIKARU-UKE [administrator]

20.06.2015 16:06:56
mbar-log-2015-06-20 (16-06-56).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 346308
Time elapsed: 11 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\Hikaru\AppData\Local\Temp\is-E6PLG.tmp\package_optimizerpro_installer_multilang.exe (Adware.EoRezo) -> Delete on reboot. [9e547a42107aff371c71bbb7808235cb]
C:\Users\Hikaru\AppData\Local\Temp\is-E6PLG.tmp\11.exe (Adware.EoRezo) -> Delete on reboot. [42b0a913bfcb78be9cf1b7bbd72b38c8]

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         
Angehängte Dateien
Dateityp: log defogger_disable.log (474 Bytes, 79x aufgerufen)
Dateityp: txt Addition.txt (28,9 KB, 83x aufgerufen)
Dateityp: zip FRST.zip (64,4 KB, 19x aufgerufen)
Dateityp: zip avira Ereignisse.zip (7,1 KB, 19x aufgerufen)
Dateityp: txt malwarebytes7.txt (17,8 KB, 77x aufgerufen)
Dateityp: txt malwarebytes2.txt (6,6 KB, 252x aufgerufen)
Dateityp: txt AdwCleaner[R0].txt (7,4 KB, 260x aufgerufen)
Dateityp: txt AdwCleaner[S0].txt (6,7 KB, 90x aufgerufen)
Dateityp: txt AdwCleaner[R1].txt (1,6 KB, 73x aufgerufen)
Dateityp: txt AdwCleaner[S1].txt (1,5 KB, 72x aufgerufen)
Dateityp: txt JRT.txt (5,7 KB, 76x aufgerufen)
Dateityp: txt JRT2.txt (1,0 KB, 72x aufgerufen)
Dateityp: txt mbar-log-2015-06-20 (16-06-56)this.txt (2,6 KB, 70x aufgerufen)

Geändert von H4VPHKARU (23.06.2015 um 22:10 Uhr)

Alt 23.06.2015, 21:53   #2
M-K-D-B
/// TB-Ausbilder
 
Win8.1 hat 4 Viren:GenericPOP.x , TR/Dropper.MSIL.Gen,ADWARE.Gen7 und Artemis.. - Standard

Win8.1 hat 4 Viren:GenericPOP.x , TR/Dropper.MSIL.Gen,ADWARE.Gen7 und Artemis..






Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo. Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
  • Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
  • Bitte beachten: Download bei filepony.de: So ladet Ihr unsere Tools richtig!
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!


Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:
So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke aauf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Danke für deine Mitarbeit!








Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________

__________________

Alt 23.06.2015, 22:37   #3
H4VPHKARU
 
Win8.1 hat 4 Viren:GenericPOP.x , TR/Dropper.MSIL.Gen,ADWARE.Gen7 und Artemis.. - Standard

Win8.1 hat 4 Viren:GenericPOP.x , TR/Dropper.MSIL.Gen,ADWARE.Gen7 und Artemis..



Danke, fuer die schnelle Antwort !
Das hat TDSSKiller gefunden:

Code:
ATTFilter
22:26:26.0092 0x0094  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
22:26:26.0092 0x0094  UEFI system
22:29:39.0795 0x0094  ============================================================
22:29:39.0795 0x0094  Current date / time: 2015/06/23 22:29:39.0795
22:29:39.0795 0x0094  SystemInfo:
22:29:39.0795 0x0094  
22:29:39.0795 0x0094  OS Version: 6.3.9600 ServicePack: 0.0
22:29:39.0795 0x0094  Product type: Workstation
22:29:39.0795 0x0094  ComputerName: HIKARU-UKE
22:29:39.0795 0x0094  UserName: Hikaru
22:29:39.0795 0x0094  Windows directory: C:\WINDOWS
22:29:39.0795 0x0094  System windows directory: C:\WINDOWS
22:29:39.0795 0x0094  Running under WOW64
22:29:39.0795 0x0094  Processor architecture: Intel x64
22:29:39.0795 0x0094  Number of processors: 4
22:29:39.0795 0x0094  Page size: 0x1000
22:29:39.0795 0x0094  Boot type: Normal boot
22:29:39.0795 0x0094  ============================================================
22:29:40.0045 0x0094  KLMD registered as C:\WINDOWS\system32\drivers\96701308.sys
22:29:40.0452 0x0094  System UUID: {38DB27D8-083D-7F2B-7D77-5BC8190BCF8F}
22:29:41.0077 0x0094  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:29:41.0093 0x0094  Drive \Device\Harddisk1\DR7 - Size: 0x1D1A00000 ( 7.28 Gb ), SectorSize: 0x200, Cylinders: 0x3B5, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:29:41.0108 0x0094  ============================================================
22:29:41.0108 0x0094  \Device\Harddisk0\DR0:
22:29:41.0108 0x0094  GPT partitions:
22:29:41.0139 0x0094  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {31E51611-5E9F-411D-AD11-943E06E03D7D}, Name: , StartLBA 0x800, BlocksNum 0x1F4000
22:29:41.0139 0x0094  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {F045FAC7-10FC-4BBC-AB32-351ABB46455F}, Name: EFI system partition, StartLBA 0x1F4800, BlocksNum 0x82000
22:29:41.0139 0x0094  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {BFBFAFE7-A34F-448A-9A5B-6213EB736C22}, UniqueGUID: {1C106FCA-C812-4AA5-9AB0-9CF86E3D03F4}, Name: , StartLBA 0x276800, BlocksNum 0xFA000
22:29:41.0139 0x0094  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {0C8B3E96-E220-423B-AFD3-378D2139EA3A}, Name: Microsoft reserved partition, StartLBA 0x370800, BlocksNum 0x40000
22:29:41.0139 0x0094  \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {5D3AAD72-25D4-436B-8379-D8A97982E08D}, Name: Basic data partition, StartLBA 0x3B0800, BlocksNum 0x71282000
22:29:41.0139 0x0094  \Device\Harddisk0\DR0\Partition6: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {6BFB61E5-951F-4DC5-9E4C-D976D5657743}, Name: , StartLBA 0x71632800, BlocksNum 0x30D4000
22:29:41.0139 0x0094  MBR partitions:
22:29:41.0139 0x0094  \Device\Harddisk1\DR7:
22:29:41.0139 0x0094  MBR partitions:
22:29:41.0139 0x0094  \Device\Harddisk1\DR7\Partition1: MBR, Type 0xB, StartLBA 0xB98, BlocksNum 0xE8C468
22:29:41.0139 0x0094  ============================================================
22:29:41.0170 0x0094  C: <-> \Device\Harddisk0\DR0\Partition5
22:29:41.0170 0x0094  ============================================================
22:29:41.0170 0x0094  Initialize success
22:29:41.0170 0x0094  ============================================================
22:30:28.0124 0x09fc  ============================================================
22:30:28.0124 0x09fc  Scan started
22:30:28.0124 0x09fc  Mode: Manual; SigCheck; TDLFS; 
22:30:28.0124 0x09fc  ============================================================
22:30:28.0124 0x09fc  KSN ping started
22:30:28.0186 0x09fc  KSN ping finished: false
22:30:31.0186 0x09fc  ================ Scan system memory ========================
22:30:31.0186 0x09fc  System memory - ok
22:30:31.0186 0x09fc  ================ Scan services =============================
22:30:31.0342 0x09fc  [ E1832BD9FD7E0FC2DC9FA5935DE3E8C1, 41FF7418887AFC8B9C96EF21C5950DD342CC9E3C0D87AFD60A05B988C1D6CC23 ] 1394ohci        C:\WINDOWS\System32\drivers\1394ohci.sys
22:30:31.0592 0x09fc  1394ohci - ok
22:30:31.0639 0x09fc  [ AD508A1A46EC21B740AB31C28EFDFDB1, 9B1046CF0B80723149BD359B55CC0B8B3ABBEAA9038469F542A4C345C503FB02 ] 3ware           C:\WINDOWS\system32\drivers\3ware.sys
22:30:31.0655 0x09fc  3ware - ok
22:30:31.0686 0x09fc  [ E796AE43DDD1844281DB4D57294D17C0, 21AE69615044A96041E46476BE814B52C22624B6C7EA6BFC77BB64F69C3C21F5 ] ACPI            C:\WINDOWS\system32\drivers\ACPI.sys
22:30:31.0717 0x09fc  ACPI - ok
22:30:31.0733 0x09fc  [ AC8279D229398BCF05C3154ADCA86813, 083E86CBE53244D24C334DB1511C77025133AE7875191845764B890A8CA5AFA9 ] acpiex          C:\WINDOWS\system32\Drivers\acpiex.sys
22:30:31.0749 0x09fc  acpiex - ok
22:30:31.0764 0x09fc  [ A8970D9BF23CD309E0403978A1B58F3F, 9946C8477104EEC7DB197E2222F9905307F101C398CCED4B5FD0F86A5622C791 ] acpipagr        C:\WINDOWS\System32\drivers\acpipagr.sys
22:30:31.0780 0x09fc  acpipagr - ok
22:30:31.0795 0x09fc  [ 111A89C99C5B4F1A7BCE5F643DD86F65, 41A2E49FF443927D05F7EF638518108227852984E68D4663C8761178C0B84A45 ] AcpiPmi         C:\WINDOWS\System32\drivers\acpipmi.sys
22:30:31.0842 0x09fc  AcpiPmi - ok
22:30:31.0858 0x09fc  [ 5758387D68A20AE7D3245011B07E36E7, 77832E200E8B0D259552F6F60FE454A887E3EBBB9EA2F3590E6645289A04E293 ] acpitime        C:\WINDOWS\System32\drivers\acpitime.sys
22:30:31.0874 0x09fc  acpitime - ok
22:30:31.0936 0x09fc  [ 929593D76589294BA3F74540298D1B3E, 3D1C1772579141BD1040363BD65F2A2D78BF42EC85AE96317AE397E3D5267145 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:30:31.0967 0x09fc  AdobeARMservice - ok
22:30:32.0030 0x09fc  [ 7C58046ACEAF10525077BD586A740E9F, E26D446EDB158A9EDA7FC7E1DA650FA8896748B7DEB9FDBF5BD4352ACF01B721 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:30:32.0045 0x09fc  AdobeFlashPlayerUpdateSvc - ok
22:30:32.0077 0x09fc  [ 7C1FDF1B48298CBA7CE4BDD4978951AD, 80F4D536E1231B30E836F72ADC8814AE6AA9FEC573FB5F3F965FAC8ABCCAF0F8 ] ADP80XX         C:\WINDOWS\system32\drivers\ADP80XX.SYS
22:30:32.0108 0x09fc  ADP80XX - ok
22:30:32.0139 0x09fc  [ BCD58DACAA1EAAADC115EDD940478F6D, F31613F583C302F62A00E6766B031531C9E193CAED563689B178BA257715B992 ] AeLookupSvc     C:\WINDOWS\System32\aelupsvc.dll
22:30:32.0170 0x09fc  AeLookupSvc - ok
22:30:32.0202 0x09fc  [ 374E27295F0A9DCAA8FC96370F9BEEA5, 51C394E0C2322D7D093941A1B8766171B5D1F47DF2FE0834209492891EA7D999 ] AFD             C:\WINDOWS\system32\drivers\afd.sys
22:30:32.0249 0x09fc  AFD - ok
22:30:32.0264 0x09fc  [ 7DFAEBA9AD62D20102B576D5CAC45EC8, 9FA5207335303D1E8E9A3C9E1FB82C09AD21B04382F69D777A67E48EE91D2093 ] agp440          C:\WINDOWS\system32\drivers\agp440.sys
22:30:32.0280 0x09fc  agp440 - ok
22:30:32.0311 0x09fc  [ FE14D249D39368CA62D8DA6BC94AC694, E1036E22BFBD3750FD2D3DA6AB939B2DD54E824F4BD3E6539EF0E45AB5453DD1 ] ahcache         C:\WINDOWS\system32\DRIVERS\ahcache.sys
22:30:32.0342 0x09fc  ahcache - ok
22:30:32.0358 0x09fc  [ 14A45BE6F5678339F0EC5752D9849410, DD0F60E96FAC68FBD5B86382E541408C613BD0F871D0E0A1EF9AB6E7B26E545C ] ALG             C:\WINDOWS\System32\alg.exe
22:30:32.0389 0x09fc  ALG - ok
22:30:32.0420 0x09fc  [ 55F45A141BA12B13BBB92B73E2523FF7, DB8E47E6AD2E9F62CB047CCFD92C8BFC586EC066DF71FBBBC41DED0F90A1DE9F ] AMD External Events Utility C:\WINDOWS\system32\atiesrxx.exe
22:30:32.0467 0x09fc  AMD External Events Utility - ok
22:30:32.0499 0x09fc  AMD FUEL Service - ok
22:30:32.0515 0x09fc  [ 7589DE749DB6F71A68489DCE04158729, 5F35EDD50737985595C9D6703237CA2ADE49AA5443331020899698EB5114A0FB ] AmdK8           C:\WINDOWS\System32\drivers\amdk8.sys
22:30:32.0530 0x09fc  AmdK8 - ok
22:30:32.0858 0x09fc  [ F50B1FD2E3997FF233ADD107E4F576A9, 68A63209264877450FA587187476E3722AEFC2F4AA762EF4D0E0BC0514CC5519 ] amdkmdag        C:\WINDOWS\system32\DRIVERS\atikmdag.sys
22:30:33.0264 0x09fc  amdkmdag - ok
22:30:33.0327 0x09fc  [ 7A639FD25D7F21FDE32B29A624623448, 1D19D7DFA9DEEE6C275ECCCBB0B102E652F7A6A440C41D6A8ABB80E0A2CCB5CA ] amdkmdap        C:\WINDOWS\system32\DRIVERS\atikmpag.sys
22:30:33.0358 0x09fc  amdkmdap - ok
22:30:33.0374 0x09fc  [ B46D2D89AFF8A9490FA8C98C7A5616E3, BE0765B5423B690E0F097FECD9717FAA95BFDFFDC6CF1B93DE5A19A1B7797879 ] AmdPPM          C:\WINDOWS\System32\drivers\amdppm.sys
22:30:33.0405 0x09fc  AmdPPM - ok
22:30:33.0420 0x09fc  [ D2BF2F94A47D332814910FD47C6BBCD2, FE273D77D119D958676E1197D9EA7B008E3B05C6192B1962A81D4223ED204C35 ] amdsata         C:\WINDOWS\system32\drivers\amdsata.sys
22:30:33.0436 0x09fc  amdsata - ok
22:30:33.0452 0x09fc  [ A8E04943C7BBA7219AA50400272C3C6E, 794C0BD12DF0392654E9A37AE4A24B5BE2D83F1F24F74DD48A1A0BF3AB8B1FF8 ] amdsbs          C:\WINDOWS\system32\drivers\amdsbs.sys
22:30:33.0468 0x09fc  amdsbs - ok
22:30:33.0483 0x09fc  [ CEA5F4F27CFC08E3A44D576811B35F50, 89DF64B81BD109BAABAE93A4603C1617241219F38DDAF325EFE6BD35FF6FD717 ] amdxata         C:\WINDOWS\system32\drivers\amdxata.sys
22:30:33.0499 0x09fc  amdxata - ok
22:30:33.0514 0x09fc  [ E7B1078DBB261D4809CE85FB80999A01, 7B99C0C2D25DFD83A1DE7BC34808E7AFBED5E7B1C2EBAAB7416263C5388201F0 ] amd_sata        C:\WINDOWS\system32\drivers\amd_sata.sys
22:30:33.0530 0x09fc  amd_sata - ok
22:30:33.0545 0x09fc  [ AA1F5BDD3B6CAA9F13FEEAD40949E748, 83CA7CD1E7808492FD8376AA8C9C9CA8F1527EC535BE557F4BBCA610A33B9286 ] amd_xata        C:\WINDOWS\system32\drivers\amd_xata.sys
22:30:33.0561 0x09fc  amd_xata - ok
22:30:33.0655 0x09fc  [ 3358CAD1887DDDDD2A36B7796B579292, 40BA1A836276C2AA78914F294661C3C918F2D6DFAA9D6EF3FEB6D1EE3B07F584 ] AntiVirMailService C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
22:30:33.0702 0x09fc  AntiVirMailService - ok
22:30:33.0733 0x09fc  [ 1892E1DB0B6431720B98B52AE9388C28, 141098794D774265662FF0EBB4E938D70ADB8BD54B62B1C9A19F6C3C1F263FEC ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
22:30:33.0749 0x09fc  AntiVirSchedulerService - ok
22:30:33.0780 0x09fc  [ 1892E1DB0B6431720B98B52AE9388C28, 141098794D774265662FF0EBB4E938D70ADB8BD54B62B1C9A19F6C3C1F263FEC ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
22:30:33.0795 0x09fc  AntiVirService - ok
22:30:33.0842 0x09fc  [ 6FD5165364D88FDABE4FA59E1768376F, B82D11E6FCC297F822E29A49D46C9985955C9F5676D107A397B00D0468F93504 ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
22:30:33.0905 0x09fc  AntiVirWebService - ok
22:30:33.0936 0x09fc  [ 10378ADFA7F832B68616C3B8C6470DBB, 4738F81C40BF3B75612E983AC0DADCA8B4A7D3A5B3FBB5058B93D421A32979AC ] AODDriver4.3    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
22:30:33.0936 0x09fc  AODDriver4.3 - ok
22:30:33.0967 0x09fc  [ 415DD71628795197F7AFC176CBADC74E, 5F0359053A6CD6EE239139E0E6F46E1FA9A73F017C0CE9B7BC052216B2C846EC ] AppID           C:\WINDOWS\system32\drivers\appid.sys
22:30:33.0984 0x09fc  AppID - ok
22:30:34.0014 0x09fc  [ 34B2E222F82D05398DAE7203B36B6A2B, AC04BC6B5A36A6807FFE302E9ACF073342B4D76B0BB386249251CB3CA1852CE8 ] AppIDSvc        C:\WINDOWS\System32\appidsvc.dll
22:30:34.0061 0x09fc  AppIDSvc - ok
22:30:34.0077 0x09fc  [ 680BFB820C5A943AB709BAA2B1EF27F2, A51D2A7976A762FE470C13C6D1BA0319A0FB19C9E66BF02AA44F83EAEC7130F8 ] Appinfo         C:\WINDOWS\System32\appinfo.dll
22:30:34.0139 0x09fc  Appinfo - ok
22:30:34.0170 0x09fc  [ 35E28923A23ADABAA5A1B43256D0AB58, A5F3AF8BBEE58B2165BAFACC5FF8B167B55B020998D3D1565C2229ED8753B269 ] AppReadiness    C:\WINDOWS\system32\AppReadiness.dll
22:30:34.0217 0x09fc  AppReadiness - ok
22:30:34.0295 0x09fc  [ 573542B5E97772021B73E854DA861DAA, C3FD00FA28060F8D7CDFD455BBB5FF8239CB76DDFFF2BDAE6AA944674DD993D3 ] AppXSvc         C:\WINDOWS\system32\appxdeploymentserver.dll
22:30:34.0342 0x09fc  AppXSvc - ok
22:30:34.0358 0x09fc  [ 65045784366F7EC5FB4E71BCF923187B, 53C215C64FF12E44B097F7CB88E8482438CE0ACBD3C68D8FD38BA0D0D8747FAA ] arcsas          C:\WINDOWS\system32\drivers\arcsas.sys
22:30:34.0389 0x09fc  arcsas - ok
22:30:34.0405 0x09fc  [ 3DB7721F06BC2FEDB25029EA23AB27DA, 221861148C66FE53E4D6EE49C6E656479AB5804A2D348A280A1CD8093E8AB788 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:30:34.0452 0x09fc  AsyncMac - ok
22:30:34.0467 0x09fc  [ 74B14192CF79A72F7536B27CB8814FBD, 0CF6BBB63FFE0C12777664D80B2797923844C8392D0FD81D7962EE5EE2C3C3D9 ] atapi           C:\WINDOWS\system32\drivers\atapi.sys
22:30:34.0483 0x09fc  atapi - ok
22:30:34.0499 0x09fc  [ 517334A411CD079EE9AEF4C2167875A5, 7C6A450BADCA211D553102ABDC06E1F367FBFC359711AF1DC88027B34502B484 ] AtiHDAudioService C:\WINDOWS\system32\drivers\AtihdWB6.sys
22:30:34.0530 0x09fc  AtiHDAudioService - ok
22:30:34.0545 0x09fc  [ 8779FDAE68BC948B0FE152E758CC8DA7, 13070C2073F8E7546B48AE9CF54067B9BB75DFCD98F2987B90FFAD20D40D54CF ] AudioEndpointBuilder C:\WINDOWS\System32\AudioEndpointBuilder.dll
22:30:34.0592 0x09fc  AudioEndpointBuilder - ok
22:30:34.0639 0x09fc  [ 61EA45A645854FE81D8A924E2D93DFFE, 34F79532297F609CA93C380B68BB8B7B0F027F9C8F4FB8E02A9A43EA3D155F1B ] Audiosrv        C:\WINDOWS\System32\Audiosrv.dll
22:30:34.0686 0x09fc  Audiosrv - ok
22:30:34.0717 0x09fc  [ CC1ABBD9E61B7AA5CCBB45EA87CB033F, 4E5DE485833721E19B36455C017B9D908BAA7D12637A878934A0FAF2326E000B ] avgntflt        C:\WINDOWS\system32\DRIVERS\avgntflt.sys
22:30:34.0733 0x09fc  avgntflt - ok
22:30:34.0749 0x09fc  [ 07C8454D3A94BA478752FAFA2B94E0FE, EB19396D4A6D51D6C33ED55C8EF0259045801D39CCE2945931F9163D6006C133 ] avipbb          C:\WINDOWS\system32\DRIVERS\avipbb.sys
22:30:34.0764 0x09fc  avipbb - ok
22:30:34.0780 0x09fc  [ 390184FAD8FCC1B6DA25AEBAE928C3B6, 537B0E0FAE080B55D70E990BBA0F7F22903CA340F6A42039BAD617A8ECF59119 ] avkmgr          C:\WINDOWS\system32\DRIVERS\avkmgr.sys
22:30:34.0780 0x09fc  avkmgr - ok
22:30:34.0795 0x09fc  [ 83586138F23A4C284EB68AFC852D7AFA, 9ADE8924B4518ED0A8E3FC4CC3F9964BC05B5FF67F230A7FD0BDABCFFA0BB0C8 ] avnetflt        C:\WINDOWS\system32\DRIVERS\avnetflt.sys
22:30:34.0811 0x09fc  avnetflt - ok
22:30:34.0842 0x09fc  [ 3C6ED74AF41DD1A5585CE5EF3D00915F, A742F576407776634E5A8E49C60023FFDF395DE0B2DE36662A23F85B79405ED2 ] AxInstSV        C:\WINDOWS\System32\AxInstSV.dll
22:30:34.0889 0x09fc  AxInstSV - ok
22:30:34.0920 0x09fc  [ A4A73F631FE2AA2826FBE4A399B04DEF, 973AACE8DC8DA669D0DF20F17EFDEEABB90AA046AC980948D16A62D39A606A79 ] b06bdrv         C:\WINDOWS\system32\drivers\bxvbda.sys
22:30:34.0967 0x09fc  b06bdrv - ok
22:30:34.0967 0x09fc  [ 8CC7F7E4AFCBA605921B137ED7992C68, 71406E6D6E9964740A6D90B05329D5492BB90AF40E0630CF2FBF4BA4BA14F2DD ] BasicDisplay    C:\WINDOWS\System32\drivers\BasicDisplay.sys
22:30:35.0061 0x09fc  BasicDisplay - ok
22:30:35.0077 0x09fc  [ 38A82F4EE8C416A6744B6D30381ED768, 9EAAE5F43BA09359130AC04B1DCA0F5D4DF32ED89C02DC5CEB640918948847F7 ] BasicRender     C:\WINDOWS\System32\drivers\BasicRender.sys
22:30:35.0108 0x09fc  BasicRender - ok
22:30:35.0124 0x09fc  [ C1ABB0F7E3BEA48A0417BDF6FF14AB21, 1CAC63A1A0FB9855A27EE977794576A860F6650C9EF7667FFB27F2A2FF721857 ] bcmfn2          C:\WINDOWS\System32\drivers\bcmfn2.sys
22:30:35.0139 0x09fc  bcmfn2 - ok
22:30:35.0170 0x09fc  [ 77D760E9B477C21487C171F561497F98, 2393D466CEC863C771C5BB4CD81B251635DC084386134B8E13F74F3E1C6D68DF ] BDESVC          C:\WINDOWS\System32\bdesvc.dll
22:30:35.0233 0x09fc  BDESVC - ok
22:30:35.0249 0x09fc  [ EC19013E4CF87609534165DF897274D6, 8ED45537CF2D58D759A587CCBFDADD5580C7447B0C3B172CF19ECC7585E073FC ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
22:30:35.0295 0x09fc  Beep - ok
22:30:35.0342 0x09fc  [ 7BCB00EA702F78EC74CD9699D85CE80B, 17241ADAA13051B560DB9FA9079CAE6321D5B49788B596C125DC912443B00421 ] BFE             C:\WINDOWS\System32\bfe.dll
22:30:35.0405 0x09fc  BFE - ok
22:30:35.0436 0x09fc  [ 48554994279BFE17A3D2B00076D0CB1A, 6521B1EC0BC6B01F63976370D89FE7DC2E7404899F68B6FAC37A9173B9C5D489 ] BITS            C:\WINDOWS\System32\qmgr.dll
22:30:35.0483 0x09fc  BITS - ok
22:30:35.0499 0x09fc  [ 6B4FFFDDC618FCF64473CAA86E305697, 29EA66071D5822920F5C50533673ADAB5204F8B25C11027AD27450D881F1142D ] bowser          C:\WINDOWS\system32\DRIVERS\bowser.sys
22:30:35.0514 0x09fc  bowser - ok
22:30:35.0545 0x09fc  [ FA601515FF2B59F25FDD8EDB1D2A1104, 21DFB53241F8E880F7546B9ADF38F47D6AD0782EC7F8F0284ED69DE7CEF7DCB9 ] BrokerInfrastructure C:\WINDOWS\System32\bisrv.dll
22:30:35.0608 0x09fc  BrokerInfrastructure - ok
22:30:35.0639 0x09fc  [ BC111AADACD0BF59D56547461D13AB6E, 91E3619930C29EE4B2683683888BA7EE3CF6B1DDB0C19A14E0880470CBE40EF4 ] Browser         C:\WINDOWS\System32\browser.dll
22:30:35.0670 0x09fc  Browser - ok
22:30:35.0686 0x09fc  [ A8F23D453A424FF4DE04989C4727ECC7, AE4A9081395C7379F1C947EF8243F7609F90C843E086B8E77E1A2C06E36D4381 ] BthAvrcpTg      C:\WINDOWS\System32\drivers\BthAvrcpTg.sys
22:30:35.0717 0x09fc  BthAvrcpTg - ok
22:30:35.0733 0x09fc  [ 272A62B660A48AEF366F8A1836CED19F, 78EFAC6B1B2313482329BBFFBF0DDA6462BD88E5BE3C817C5E8E0EAF3074C925 ] BthHFEnum       C:\WINDOWS\System32\drivers\bthhfenum.sys
22:30:35.0749 0x09fc  BthHFEnum - ok
22:30:35.0764 0x09fc  [ 71FE2A48E4C93DDB9798C024880B6C07, 8E93DE29C61A5FA64216231228CB3C4A1A693FE87CAA2C070BCAD7BE2D8ED000 ] bthhfhid        C:\WINDOWS\System32\drivers\BthHFHid.sys
22:30:35.0780 0x09fc  bthhfhid - ok
22:30:35.0811 0x09fc  [ 9307A4B743D277C499CDA8E19E5687AC, 7A01989EC3D54581F292BDEDC9B9445F2ABD50165102617E3089BDD061C63A19 ] BthHFSrv        C:\WINDOWS\System32\BthHFSrv.dll
22:30:35.0827 0x09fc  BthHFSrv - ok
22:30:35.0842 0x09fc  [ 66B791F6B11DC4303DD18A224A501542, 502AE4D6FFC6B0FCED081B0E0F61F699F96F20DFEE737B53828F5DEE3BD0FCB1 ] BTHMODEM        C:\WINDOWS\System32\drivers\bthmodem.sys
22:30:35.0874 0x09fc  BTHMODEM - ok
22:30:35.0889 0x09fc  [ 043A0F37631BF453F16D478B71320F46, C368296B802984F438852927B8A40EA3F4205724A05828F3173F08EC17228356 ] bthserv         C:\WINDOWS\system32\bthserv.dll
22:30:35.0920 0x09fc  bthserv - ok
22:30:35.0936 0x09fc  [ 2FA6510E33F7DEFEC03658B74101A9B9, 61C8C8E3F09B427711464C974EE22E1E01C48E10DB54A4EC9901F482FC36C978 ] cdfs            C:\WINDOWS\system32\DRIVERS\cdfs.sys
22:30:35.0967 0x09fc  cdfs - ok
22:30:35.0983 0x09fc  [ C6796EA22B513E3457514D92DCDB1A3D, 2B893F3950C6B913B934C2089B69F3B0B77F229AE1820907E598455CBB78139C ] cdrom           C:\WINDOWS\System32\drivers\cdrom.sys
22:30:35.0999 0x09fc  cdrom - ok
22:30:36.0030 0x09fc  [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] CertPropSvc     C:\WINDOWS\System32\certprop.dll
22:30:36.0061 0x09fc  CertPropSvc - ok
22:30:36.0077 0x09fc  [ 71BC80BF1B93EB7C8B58E706A9B486F4, 7C1B67A2E71EB4016015F70CC0A2EE0802EED2B7337FBC1C9140626210D84A9F ] cfwids          C:\WINDOWS\system32\drivers\cfwids.sys
22:30:36.0092 0x09fc  cfwids - ok
22:30:36.0092 0x09fc  [ BE9936EDD3267FAAFF94A7835867F00B, 3CEEF2377D45ED38C7CD3CE4C746EC5EA7277EFEC728A5438F0EF5F62FC7C859 ] circlass        C:\WINDOWS\System32\drivers\circlass.sys
22:30:36.0108 0x09fc  circlass - ok
22:30:36.0139 0x09fc  [ 8EB7E70C2D348FE2476A2E3F2D585E3D, 2B5D407FACF1D049261026CC552A7C93B028A661B0F4E959815EAE7670054127 ] CLFS            C:\WINDOWS\system32\drivers\CLFS.sys
22:30:36.0155 0x09fc  CLFS - ok
22:30:36.0170 0x09fc  [ EF6EF85DADC3184A10D8F2F7159973CB, 42FCB286CED95A5DEBC5C0C894FCBC4818A2C818BB71087142FB51A08A0BE96B ] CmBatt          C:\WINDOWS\System32\drivers\CmBatt.sys
22:30:36.0202 0x09fc  CmBatt - ok
22:30:36.0234 0x09fc  [ 5E5AB950693F2C6D6ACBEE3A74697ED7, 3790A7DD0AC65F47A697A577744FDFA4CC1CA3422884C84E499F97AC91BA84F3 ] CNG             C:\WINDOWS\system32\Drivers\cng.sys
22:30:36.0249 0x09fc  CNG - ok
22:30:36.0281 0x09fc  [ 03AAED827C36F35D70900558B8274905, 8E44A23C6013FFAE7769F99CAA3B1D6288DE00A38937F9056903AC265B503AFA ] CompositeBus    C:\WINDOWS\System32\drivers\CompositeBus.sys
22:30:36.0295 0x09fc  CompositeBus - ok
22:30:36.0311 0x09fc  COMSysApp - ok
22:30:36.0311 0x09fc  [ A1FF7DFBFBE164CF92603C651D304DD2, 470ACE5A75E64FC62C950037201199857E974803625DC73BEDBCF6FA4DDD496C ] condrv          C:\WINDOWS\system32\drivers\condrv.sys
22:30:36.0358 0x09fc  condrv - ok
22:30:36.0389 0x09fc  [ 6324F0D18FB52833BA64BC828E29054C, 04118FA1BDFC512F76E4A81FEF34C78B6BD98429DB1D65123B6802B4A1E30584 ] CryptSvc        C:\WINDOWS\system32\cryptsvc.dll
22:30:36.0420 0x09fc  CryptSvc - ok
22:30:36.0437 0x09fc  [ 315BA4BC19316D72B2E037534E048B93, 69613635DB23E6A935673B1025C2010ED3E195473D25368CF74234C4C36910BE ] dam             C:\WINDOWS\system32\drivers\dam.sys
22:30:36.0452 0x09fc  dam - ok
22:30:36.0499 0x09fc  [ A6F17C299A03BAFEFB9257C462A19E00, EB68967D28355271897166D7B6FD963D1E546D3C24AE1AEAAC561F94357A9345 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
22:30:36.0545 0x09fc  DcomLaunch - ok
22:30:36.0577 0x09fc  [ 95E1ABFB27F8A62ED764805775F0D2F3, 692865DA60C93481E01592883678B2C51FD9AC9A835DFB00A8E3F2DFEE7AB0ED ] defragsvc       C:\WINDOWS\System32\defragsvc.dll
22:30:36.0608 0x09fc  defragsvc - ok
22:30:36.0639 0x09fc  [ FF086DEF5995558CCB1B5AAC2110195D, CED52FF01F9247BFDAFC5C7EFC538F8638146ED715574A422496EE0F846CB079 ] DeviceAssociationService C:\WINDOWS\system32\das.dll
22:30:36.0686 0x09fc  DeviceAssociationService - ok
22:30:36.0702 0x09fc  [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] DeviceInstall   C:\WINDOWS\system32\umpnpmgr.dll
22:30:36.0717 0x09fc  DeviceInstall - ok
22:30:36.0750 0x09fc  [ A03F362C5557E238CBFA914689C77248, BAD0A1124E6A384C15028FBE121ADF650F7716442555AD3737B9EA1F58A69246 ] Dfsc            C:\WINDOWS\system32\Drivers\dfsc.sys
22:30:36.0780 0x09fc  Dfsc - ok
22:30:36.0795 0x09fc  [ 73BDD44A6088916964945886F9025409, 8E2ECC9AAEF3C6EBA2E61D25F657FDFCC72AB517CC4FD5FFF992E1F9EB942662 ] dg_ssudbus      C:\WINDOWS\system32\DRIVERS\ssudbus.sys
22:30:36.0811 0x09fc  dg_ssudbus - ok
22:30:36.0842 0x09fc  [ 3EEAADA3125431980E5804ED7143458A, 381E12C83E3211C255B321D35536F4049D67E31061F8D82155E4D4509E97F43D ] Dhcp            C:\WINDOWS\system32\dhcpcore.dll
22:30:36.0874 0x09fc  Dhcp - ok
22:30:36.0952 0x09fc  [ 3ECB752A6963B1CBC9AD65ED89C8ACED, 1D47D2EBD2C8D2B9F8D2D12A5FD93E6B10335EB6B23252DDEA6DF2233655FA59 ] DiagTrack       C:\WINDOWS\system32\diagtrack.dll
22:30:36.0999 0x09fc  DiagTrack - ok
22:30:37.0031 0x09fc  [ 4D40C9B33F738797CF50E77CB7C53E85, 7BA341342A47DEB15B51971C97A5237ACD8BDAD9033F63DF0000892BE43F8E13 ] disk            C:\WINDOWS\system32\drivers\disk.sys
22:30:37.0045 0x09fc  disk - ok
22:30:37.0045 0x09fc  [ EB70A894708D1BC176AFD690FF06085F, 0DD2A97F5E1B38D1F7C0D44E50F09EA222B18B3B074CC9C8CD25A7526CB1A112 ] dmvsc           C:\WINDOWS\System32\drivers\dmvsc.sys
22:30:37.0077 0x09fc  dmvsc - ok
22:30:37.0108 0x09fc  [ 33ADFB7453BF3271463712C4BCE61AD1, A1DB30F874BA7B2C4C653494D70B46B94BF7D39D0DD8559F6CA7A14B676FD617 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
22:30:37.0139 0x09fc  Dnscache - ok
22:30:37.0170 0x09fc  [ 811EACBCC7C51A03AE11F13CC27B2AB6, FAB94F84950FFB7D3649BAFB8D96D43B880D7FDE8D5B879472AE26C4BC4203B0 ] dot3svc         C:\WINDOWS\System32\dot3svc.dll
22:30:37.0217 0x09fc  dot3svc - ok
22:30:37.0249 0x09fc  [ B99CB575986789A93A683DCF292A43A1, 6ACEA31C723B74003E106FC8303542FCC6DBC4952B6B523F6590D006BE57238D ] DPS             C:\WINDOWS\system32\dps.dll
22:30:37.0264 0x09fc  DPS - ok
22:30:37.0295 0x09fc  [ 00C594D5A1DBD22AD8B2902B9F6EFF94, 2920D62B5F7C49A8AFA80FCAD1E834BBAA670AEBDD7E6F21F0496D1D3CCB4E90 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
22:30:37.0295 0x09fc  drmkaud - ok
22:30:37.0327 0x09fc  [ 263625A4F616538EB867B6306A6590DB, 2A064720C247EAA3446EFDCC9E01D84CBA875905D78DFED0FBD62D1EE422D416 ] DsmSvc          C:\WINDOWS\System32\DeviceSetupManager.dll
22:30:37.0358 0x09fc  DsmSvc - ok
22:30:37.0405 0x09fc  [ E1BB0B6F00F470B451AB45EA13EBA0B3, 3A2FC2175B69A5EB98D6C2D563DBFDCB320647AB87A14E47FAE800423DCACDAB ] DXGKrnl         C:\WINDOWS\System32\drivers\dxgkrnl.sys
22:30:37.0452 0x09fc  DXGKrnl - ok
22:30:37.0483 0x09fc  [ FA988D76745C917CDFE20031C06DE860, B01AA3611869854D3BCA8B6CD7A6F48CC3537145DD3EBE50F5BEF72239924BF7 ] e1iexpress      C:\WINDOWS\system32\DRIVERS\e1i63x64.sys
22:30:37.0514 0x09fc  e1iexpress - ok
22:30:37.0547 0x09fc  [ E253530BD5EDE28F1FF6AF93C4D8034D, 787A70C3E946348F066FB8EB81FCE60157217D93FD78ADC631B5835E8D76A253 ] Eaphost         C:\WINDOWS\System32\eapsvc.dll
22:30:37.0577 0x09fc  Eaphost - ok
22:30:37.0655 0x09fc  [ 114BCFDF367FF37C3F1B0A96AF542E4D, D385BC1D91BC1406091C8C3691C07A90BD60EDE05B1384E5AA3506FCB909C857 ] ebdrv           C:\WINDOWS\system32\drivers\evbda.sys
22:30:37.0780 0x09fc  ebdrv - ok
22:30:37.0811 0x09fc  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] EFS             C:\WINDOWS\System32\lsass.exe
22:30:37.0827 0x09fc  EFS - ok
22:30:37.0842 0x09fc  [ 43531A5993380CC5113242C29D265FD9, EE0076D96F7F3CF29884AC7A67C08A429115A7201354A1FB5DE45FD63ABB4960 ] EhStorClass     C:\WINDOWS\system32\drivers\EhStorClass.sys
22:30:37.0858 0x09fc  EhStorClass - ok
22:30:37.0874 0x09fc  [ 6F8E738A9505A388B1157FDDE7B3101B, 3696CA634102B41EEA11EB9DCA0B24439D8636AED4A7190C138C5E64A2EFB514 ] EhStorTcgDrv    C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys
22:30:37.0889 0x09fc  EhStorTcgDrv - ok
22:30:37.0905 0x09fc  [ DFFFAE1442BA4076E18EED5E406FA0D3, 329FC6FB8D14BEACDBE2A5D4C496EDEA485E838B1DF27566E278F8F8E0D8E82E ] ErrDev          C:\WINDOWS\System32\drivers\errdev.sys
22:30:37.0905 0x09fc  ErrDev - ok
22:30:37.0952 0x09fc  [ F00C593994D57C75273F820653440536, 2DC986D9890EC907405FB2045E6F55ACC384169B45F0B56CCB1A953CF71D9A5D ] EventSystem     C:\WINDOWS\system32\es.dll
22:30:37.0983 0x09fc  EventSystem - ok
22:30:37.0983 0x09fc  [ 7729D294A555C7AEB281ED8E4D0E01E4, 7269E79D72CCE477AC108294D0DDFB59CF533B03C587599C5AB0507C43A0B6D4 ] exfat           C:\WINDOWS\system32\drivers\exfat.sys
22:30:38.0030 0x09fc  exfat - ok
22:30:38.0046 0x09fc  [ 7C4E0D5900B2A1D11EDD626D6DDB937B, 732F310F8F6016C56F432A81636B13CE0124A802FE8DD91287B618EED22C9A1D ] fastfat         C:\WINDOWS\system32\drivers\fastfat.sys
22:30:38.0077 0x09fc  fastfat - ok
22:30:38.0108 0x09fc  [ 304B6AEC4639A7CCCCF544C6BA6177B2, B75CDD52FD3890B3008E06C503945D1E36478F0EC5E067C8DBC2822D7935D24B ] Fax             C:\WINDOWS\system32\fxssvc.exe
22:30:38.0139 0x09fc  Fax - ok
22:30:38.0155 0x09fc  [ 5D8402613E778B3BD45E687A8372710B, EE9EA10805168D309A609B9019AEC5961EE46D18207B5E0EA2DE4064A5770AF8 ] fdc             C:\WINDOWS\System32\drivers\fdc.sys
22:30:38.0170 0x09fc  fdc - ok
22:30:38.0202 0x09fc  [ 020D2F29009F893ADEFF4405B4B44565, 9F8501064C72933D1442DA00E70392B30D0207EB7D60F50E6648FF363799E6F1 ] fdPHost         C:\WINDOWS\system32\fdPHost.dll
22:30:38.0217 0x09fc  fdPHost - ok
22:30:38.0233 0x09fc  [ E80D2EDD2F88B6E20076A0A4F5A5A245, E3CD6E0BE152B22E8A7340EFFD10CCDB1B632CD3EDF487E83F697D2E22A7D594 ] FDResPub        C:\WINDOWS\system32\fdrespub.dll
22:30:38.0280 0x09fc  FDResPub - ok
22:30:38.0297 0x09fc  [ 47AB7D16EDE434B934AA4D661456C2D5, D375A92FB3E4BB0A8DA5270DACC888E53FB9F514516039FE6DAE4D4EF6B9A970 ] fhsvc           C:\WINDOWS\system32\fhsvc.dll
22:30:38.0327 0x09fc  fhsvc - ok
22:30:38.0327 0x09fc  [ BCFD8B149B3ADF92D0DB1E909CAF0265, 002B085C131473642450176B4B8359F3E5B04350AFB659B9C0F9EB587D1181E7 ] FileInfo        C:\WINDOWS\system32\drivers\fileinfo.sys
22:30:38.0342 0x09fc  FileInfo - ok
22:30:38.0358 0x09fc  [ A1A66C4FDAFD6B0289523232AFB7D8AF, 0F5832F626BB62190D5F3A088CE6E048D8A400CCF9EA527F06973CAD96D3A81C ] Filetrace       C:\WINDOWS\system32\drivers\filetrace.sys
22:30:38.0389 0x09fc  Filetrace - ok
22:30:38.0405 0x09fc  [ BE743083CF7063C486A4398E3AEFE59A, 85796D89943DD6FE3932C1ED6CF01470C1B4DFD243C390B07055FFDA3C231551 ] flpydisk        C:\WINDOWS\System32\drivers\flpydisk.sys
22:30:38.0420 0x09fc  flpydisk - ok
22:30:38.0452 0x09fc  [ C1FB505A73FA2E9019D32444AB33B75A, 765F0635C18295855CA4C0394192E8B94BA2EA1C4D74F86B720358ABA019FFAA ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
22:30:38.0483 0x09fc  FltMgr - ok
22:30:38.0547 0x09fc  [ 6C068E7207F183FF3647E45D2599E80C, D65C9888522CA29596D5C8BEFF42356F0310E812117E72C1D612BA089C0940D9 ] FontCache       C:\WINDOWS\system32\FntCache.dll
22:30:38.0608 0x09fc  FontCache - ok
22:30:38.0655 0x09fc  [ 1C52387BF5A127F5F3BFB31288F30D93, 90D13F60170CD74304F3036A90D596AA3E1E134455A780310BDF67AC7815F2E7 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:30:38.0686 0x09fc  FontCache3.0.0.0 - ok
22:30:38.0703 0x09fc  [ A7C31B168F371E8E6796219F23E354DB, C51C9BF568F1E96CBBE57D2432B38F93F40520086DDB6AAAAC48CBCD1691B441 ] FsDepends       C:\WINDOWS\system32\drivers\FsDepends.sys
22:30:38.0733 0x09fc  FsDepends - ok
22:30:38.0733 0x09fc  [ 09F460AFEDCA03F3BF6E07D1CCC9AC42, B832091BC9B2C2FE38A4BCA132ABB58251E851F21EC6F39636E73777AB9A5791 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:30:38.0749 0x09fc  Fs_Rec - ok
22:30:38.0796 0x09fc  [ F152D55E497E12256290C43B31C7D0CE, FFC54B14CCFBC1548948C07FB3866E40A11D0C05AC352BD000E71CEF053F6A6E ] fvevol          C:\WINDOWS\system32\DRIVERS\fvevol.sys
22:30:38.0811 0x09fc  fvevol - ok
22:30:38.0827 0x09fc  [ 9591D0B9351ED489EAFD9D1CE52A8015, AC64C236C3AE545FCE8ED44A4A87FB86265A453BA60026EC9A4DE2B631E99996 ] FxPPM           C:\WINDOWS\System32\drivers\fxppm.sys
22:30:38.0858 0x09fc  FxPPM - ok
22:30:38.0874 0x09fc  [ FC3EF65EE20D39F8749C2218DBA681CA, 12980F1DE99B25E6920A33556F3ABDA5EC9BFE4757BE602130B5E939D8D25CE3 ] gagp30kx        C:\WINDOWS\system32\drivers\gagp30kx.sys
22:30:38.0889 0x09fc  gagp30kx - ok
22:30:38.0905 0x09fc  [ 0BF5CAD281E25F1418E5B8875DC5ADD1, 0929AD8437DD78234553D8B2CDF0D6838FD54ACDE1918AFEBE48684EB32A07A3 ] gencounter      C:\WINDOWS\System32\drivers\vmgencounter.sys
22:30:38.0936 0x09fc  gencounter - ok
22:30:38.0952 0x09fc  [ 8DF1254093B5C354CE725EB6B9B0DE19, DE6C5661CC076DA44B8A5D044FDB7280EDCF38D322A98C14FDC82E25586B3014 ] GPIOClx0101     C:\WINDOWS\system32\Drivers\msgpioclx.sys
22:30:38.0967 0x09fc  GPIOClx0101 - ok
22:30:39.0030 0x09fc  [ 0D03F87D4FF4ADBAF8336DD80548155A, BC10CFA88EA2F41A8D96CB810B7953A4C168B79273A3E804A9F020F49AB58CD3 ] gpsvc           C:\WINDOWS\System32\gpsvc.dll
22:30:39.0092 0x09fc  gpsvc - ok
22:30:39.0170 0x09fc  [ 56F69F7C25FB67C970997D7066DBC593, 83E03A82237DCC5BCB3E722ACECACEF3510CAA619F33E0D7C4D902A482E90418 ] HdAudAddService C:\WINDOWS\system32\drivers\HdAudio.sys
22:30:39.0217 0x09fc  HdAudAddService - ok
22:30:39.0249 0x09fc  [ D4B7ED39C7900384D9E5C1283F1E7926, F93F98858067B40F1C071EAD0F8E85442A78B95342BC692AF4D726540634923F ] HDAudBus        C:\WINDOWS\System32\drivers\HDAudBus.sys
22:30:39.0264 0x09fc  HDAudBus - ok
22:30:39.0280 0x09fc  [ 10A70BC1871CD955D85CD88372724906, 2480A74854D0A89FF028EE9BA41224D4B2F9B0863066BFC43097920794FEE08D ] HidBatt         C:\WINDOWS\System32\drivers\HidBatt.sys
22:30:39.0296 0x09fc  HidBatt - ok
22:30:39.0327 0x09fc  [ 42F88B57CAE42FC10059C887B3FCFCEA, 9363AA2B8E839A6935A7C6A36C491938DF78024886DCCE6D29CB18E1D6A6D806 ] HidBth          C:\WINDOWS\System32\drivers\hidbth.sys
22:30:39.0358 0x09fc  HidBth - ok
22:30:39.0374 0x09fc  [ C241A8BAFBBFC90176EA0F5240EACC17, 571E20B87818618BE9179986177D55739A240F04D1F740B3C1B7809B9427B767 ] hidi2c          C:\WINDOWS\System32\drivers\hidi2c.sys
22:30:39.0389 0x09fc  hidi2c - ok
22:30:39.0405 0x09fc  [ 9BDDEE26255421017E161CCB9D5EDA95, B766FD5E31708F29384F69418FC33C4BCC6E3064AA553D5B1D30EE0B8B1BFB40 ] HidIr           C:\WINDOWS\System32\drivers\hidir.sys
22:30:39.0420 0x09fc  HidIr - ok
22:30:39.0452 0x09fc  [ EA85B5093DF7B5C3E80362B053740AE2, 1D4251385402A2ADEE8FA1642F54180304F88337DA74989BDE44025ABB145FE5 ] hidserv         C:\WINDOWS\system32\hidserv.dll
22:30:39.0467 0x09fc  hidserv - ok
22:30:39.0483 0x09fc  [ 8DB8EAB9D0C6A5DF0BDCADEA239220B4, EDA23E6909EB83E5E148816DFB16CC29EA01BD6BD2F73AA46B3D820B85FB9C83 ] HidUsb          C:\WINDOWS\System32\drivers\hidusb.sys
22:30:39.0499 0x09fc  HidUsb - ok
22:30:39.0530 0x09fc  [ 29F981739E50305128022CBE10B3659C, 25060937145B0DCA8CD088E78993BFEF1430CDDFF433E606AFC93993CBBF4B3E ] HipShieldK      C:\WINDOWS\system32\drivers\HipShieldK.sys
22:30:39.0561 0x09fc  HipShieldK - ok
22:30:39.0592 0x09fc  [ 93C4315F47F8D635C6DB0DF49FCE10EE, 70C52B8927D54ACD23F27948780B522974250FD5CD81AA9801C3F158C402889F ] hkmsvc          C:\WINDOWS\system32\kmsvc.dll
22:30:39.0639 0x09fc  hkmsvc - ok
22:30:39.0670 0x09fc  [ AC49522ED106BD4B545D6614D71C2445, 40BD738A301170378ECFC031635EB04E2F812B676376CADDD6607ECABEC9255F ] HomeGroupListener C:\WINDOWS\system32\ListSvc.dll
22:30:39.0702 0x09fc  HomeGroupListener - ok
22:30:39.0749 0x09fc  [ 99932E30CE0283B73BB6E5019E150394, 1F88C2F56A7B8E1F75E6359281F418F9661DA4FB7B7D7B14FA7F718B15D4DCE0 ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll
22:30:39.0780 0x09fc  HomeGroupProvider - ok
22:30:39.0827 0x09fc  [ 0E5107F7558414409BF027E3A09475C7, BEBC89DC9CA49462344AC74307B35CDAA9C4E5547ABA8584267E92B7411499B8 ] HomeNetSvc      C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
22:30:39.0842 0x09fc  HomeNetSvc - ok
22:30:39.0858 0x09fc  [ A6AACEA4C785789BDA5912AD1FEDA80D, D197012A5DA6AB3F76FF298336DF0CF027C07ECC71267BAEF5912DE12893E096 ] HpSAMD          C:\WINDOWS\system32\drivers\HpSAMD.sys
22:30:39.0874 0x09fc  HpSAMD - ok
22:30:39.0920 0x09fc  [ E87A6D3B8FECD5B93BC0CFBB48C27970, 55C49B6F3822450447C082B40A263F3370694DB53AD0018ADEB911E4A9F65A88 ] HTTP            C:\WINDOWS\system32\drivers\HTTP.sys
22:30:39.0952 0x09fc  HTTP - ok
22:30:39.0967 0x09fc  [ 90656C0B3864804B090434EFC582404F, BDB60050B729AACB9E009AC7129BEBD6298BBD8A9DB14B817D02E8E13669BD6E ] hwpolicy        C:\WINDOWS\system32\drivers\hwpolicy.sys
22:30:39.0984 0x09fc  hwpolicy - ok
22:30:39.0984 0x09fc  [ 6D6F9E3BF0484967E52F7E846BFF1CA1, C982966BDE6A3E6773D9441ADA7A3B08D13511DFC68D04DF303248B942423F38 ] hyperkbd        C:\WINDOWS\System32\drivers\hyperkbd.sys
22:30:40.0014 0x09fc  hyperkbd - ok
22:30:40.0030 0x09fc  [ 907C870F8C31F8DDD6F090857B46AB25, 308664A31717383D06185875E76C6612407A9F04E7DB28404F574A5706C6715D ] HyperVideo      C:\WINDOWS\system32\DRIVERS\HyperVideo.sys
22:30:40.0046 0x09fc  HyperVideo - ok
22:30:40.0077 0x09fc  [ D887446F3F6051C60C26F4FD1FC8D43F, A3235C64E9D5378E3409FA7CDD9DB0DD1B3CE6A6EB018F2C40558EB9C427A498 ] i8042prt        C:\WINDOWS\System32\drivers\i8042prt.sys
22:30:40.0108 0x09fc  i8042prt - ok
22:30:40.0123 0x09fc  [ 5D90E32E36CE5D4C535D17CE08AEAF05, 976A463343E8C8308AFBE9E64DF56C430D2241DE002430D00318AB065EB72E4A ] iaLPSSi_GPIO    C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys
22:30:40.0139 0x09fc  iaLPSSi_GPIO - ok
22:30:40.0155 0x09fc  [ DD05E7E80F52ADE9AEB292819920F32C, E71AB6A50B0F90C8F94569CE89F66F915A0A4A00D4AC091B2E5E750D88CFC334 ] iaLPSSi_I2C     C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys
22:30:40.0170 0x09fc  iaLPSSi_I2C - ok
22:30:40.0202 0x09fc  [ 08BFE413B0B4AA8DFA4B5684CE06D3DC, 95DEEBB203E12EE6E191F5247A74C04AEC0E16DE981FADDC4D6C42EE41D8D079 ] iaStorAV        C:\WINDOWS\system32\drivers\iaStorAV.sys
22:30:40.0217 0x09fc  iaStorAV - ok
22:30:40.0249 0x09fc  [ A2200C3033FA4EF249FC096A7A7D02A2, 5819F5C2020DE2EEE339B0C08CD4B1E3490EAFBBEA1277CE649DB5A5150986B0 ] iaStorV         C:\WINDOWS\system32\drivers\iaStorV.sys
22:30:40.0264 0x09fc  iaStorV - ok
22:30:40.0280 0x09fc  IEEtwCollectorService - ok
22:30:40.0327 0x09fc  [ 3DBDBD9581C015F02651D6A89801FAD5, 81B6D302C9CD29AD8319515056CFBCD0BD25619B2B166937ACD5F1416B568837 ] IKEEXT          C:\WINDOWS\System32\ikeext.dll
22:30:40.0420 0x09fc  IKEEXT - ok
22:30:40.0530 0x09fc  [ 7A3585C4000C8340AE6B7FA08F9EF50F, B93F23464E7D929B90D80650698372128546CFEDA72216823CBE51A08D3368E0 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHD64.sys
22:30:40.0639 0x09fc  IntcAzAudAddService - ok
22:30:40.0670 0x09fc  [ 4E448FCFFD00E8D657CD9E48D3E47157, 4A958CF0BF8DAEAE5E008500BA67CE89B21388592811274331EE39CAC1043A00 ] intelide        C:\WINDOWS\system32\drivers\intelide.sys
22:30:40.0670 0x09fc  intelide - ok
22:30:40.0702 0x09fc  [ A770340FC02B999EF0DE6C2A6BC8437C, 214567BE706B21BEA7EC13AF6B10FBFF658000511DBBA79BAA28D1D4EFD029A7 ] intelpep        C:\WINDOWS\system32\drivers\intelpep.sys
22:30:40.0733 0x09fc  intelpep - ok
22:30:40.0749 0x09fc  [ 47E74A8E53C7C24DCE38311E1451C1D9, 79B06E37A552C8A847404D4C572CDB8CF525354D8AE3BEBC06892B7C3B330761 ] intelppm        C:\WINDOWS\System32\drivers\intelppm.sys
22:30:40.0764 0x09fc  intelppm - ok
22:30:40.0780 0x09fc  [ 9DB76D7F9E4E53EFE5DD8C53DE837514, 07BA4EDA9BE9139A689A2C3EFC1D1A4F3D1216625ED145F313398292A2CD5703 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:30:40.0796 0x09fc  IpFilterDriver - ok
22:30:40.0842 0x09fc  [ A5800036E4EA06697A34742A24ACFBE1, BA67060526E9213000B4206F86A74F904999AD7018EFCBE4FE9708650DA9D973 ] iphlpsvc        C:\WINDOWS\System32\iphlpsvc.dll
22:30:40.0889 0x09fc  iphlpsvc - ok
22:30:40.0920 0x09fc  [ 9C096BF5E10CA8BFA56F32522A89FAF1, 6C1151160799338DA351C7237AB049926C6C15F24F5E154BBF5929B4A96C0B8D ] IPMIDRV         C:\WINDOWS\System32\drivers\IPMIDrv.sys
22:30:40.0936 0x09fc  IPMIDRV - ok
22:30:40.0952 0x09fc  [ B7342B3C58E91107F6E946A93D9D4EFD, D5DA3C02C5C5A343785745EF6983CC9B5FBD3FB8D49FE9B450523E50212D1A32 ] IPNAT           C:\WINDOWS\system32\drivers\ipnat.sys
22:30:40.0967 0x09fc  IPNAT - ok
22:30:40.0983 0x09fc  [ AE44C526AB5F8A487D941CEB57B10C97, A783A2EAF7A6FF450FB3F189A5930036FA60D125C42171AC44B6FE2E3DBD6F7A ] IRENUM          C:\WINDOWS\system32\drivers\irenum.sys
22:30:41.0014 0x09fc  IRENUM - ok
22:30:41.0030 0x09fc  [ 8AFEEA3955AA43616A60F133B1D25F21, E99359A4F1D653790133F145CF7C9F97399FD75C5E135AA7E5F989BB660789AF ] isapnp          C:\WINDOWS\system32\drivers\isapnp.sys
22:30:41.0045 0x09fc  isapnp - ok
22:30:41.0077 0x09fc  [ D90AB68D0FAC9F357F663670FDBB511E, A82AAA5DF1B38EFBDCF834535A0C520D1BB2D7A4A906C18CFDD22BCF16BDB97D ] iScsiPrt        C:\WINDOWS\System32\drivers\msiscsi.sys
22:30:41.0092 0x09fc  iScsiPrt - ok
22:30:41.0124 0x09fc  [ E2CFDA7E9606FD5ECAB93E4817414661, F60A1EFFD7EB9D69620E971AB30D3FF4138D233A6EDE51CFD1BE8CCB5776E321 ] JME Keyboard    C:\Windows\jmesoft\Service.exe
22:30:41.0139 0x09fc  JME Keyboard - detected UnsignedFile.Multi.Generic ( 1 )
22:30:41.0202 0x09fc  JME Keyboard ( UnsignedFile.Multi.Generic ) - warning
22:30:41.0202 0x09fc  Force sending object to P2P due to detect: JME Keyboard
22:30:41.0202 0x09fc  Object send P2P result: false
22:30:41.0233 0x09fc  [ A1D4D34A56DF1D5122CDB265038A2E72, AE061BA1A65C98AF875FA18878B014B57E33594D4AC4C39B050AA532E2220F83 ] kbdclass        C:\WINDOWS\System32\drivers\kbdclass.sys
22:30:41.0249 0x09fc  kbdclass - ok
22:30:41.0281 0x09fc  [ 4A34D7084B862A92F3ABC4969166B3D3, 87B2635873DA4DD06D9E3B8E4313CBDBDC1488E4E340EC2101393EC65823771F ] kbdhid          C:\WINDOWS\System32\drivers\kbdhid.sys
22:30:41.0295 0x09fc  kbdhid - ok
22:30:41.0295 0x09fc  [ 813871C7D402A05F2E3A7075F9584A05, FF0C2F87EB083F8CE74C679D80C845CDFBFBBC70BE818F899F3336BBB54A3FFB ] kdnic           C:\WINDOWS\system32\DRIVERS\kdnic.sys
22:30:41.0312 0x09fc  kdnic - ok
22:30:41.0327 0x09fc  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] KeyIso          C:\WINDOWS\system32\lsass.exe
22:30:41.0342 0x09fc  KeyIso - ok
22:30:41.0374 0x09fc  [ 4E829B18D5BAEC29893792A3C671A847, 64C3B99F53A9D1ACA802B46B09E820AD210B667D5A1CD0ADAF1F12944B15B52E ] KSecDD          C:\WINDOWS\system32\Drivers\ksecdd.sys
22:30:41.0389 0x09fc  KSecDD - ok
22:30:41.0405 0x09fc  [ 15C8C65CEA018C02EA0F648448C491C5, DF909704D22D891BE439B2E3D8386EA659444F91DC92AABFF9766446AEE5EBC0 ] KSecPkg         C:\WINDOWS\system32\Drivers\ksecpkg.sys
22:30:41.0436 0x09fc  KSecPkg - ok
22:30:41.0436 0x09fc  [ 11AFB527AA370B1DAFD5C36F35F6D45F, 757AD234284467ADB826F7CA0251F58D48866B91995BC867DEA4BAF676947163 ] ksthunk         C:\WINDOWS\system32\drivers\ksthunk.sys
22:30:41.0452 0x09fc  ksthunk - ok
22:30:41.0483 0x09fc  [ C1591A66028C71147A3E2EAB0B1CCB7E, 82F3D5DCC1614398A144D9791E4BAA814DBA9112677341FD57D5E9834CEDEB41 ] KtmRm           C:\WINDOWS\system32\msdtckrm.dll
22:30:41.0514 0x09fc  KtmRm - ok
22:30:41.0545 0x09fc  [ CA2828DDE4B09FEFFDB7CE68B3D8D00A, B514792FF1EF36C678BB51644A1C420105D5E2CD6DD5A89A3FB252D08277A40C ] LanmanServer    C:\WINDOWS\system32\srvsvc.dll
22:30:41.0577 0x09fc  LanmanServer - ok
22:30:41.0624 0x09fc  [ 3DBD9100745F9B8506B8FEC6FE6CCDE3, C3EF2856A1680AFDE133887E48946CF9CAB6755C3BDC07F0326965DCD4096F62 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
22:30:41.0655 0x09fc  LanmanWorkstation - ok
22:30:41.0717 0x09fc  [ 754891B0F48F961571580569C185EB00, 0818FCF23E0C795DFDB72A7215973D801E6559818F5A4AF050E0994522B6EAF7 ] Lenovo EasyPlus Hotspot C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe
22:30:41.0749 0x09fc  Lenovo EasyPlus Hotspot - ok
22:30:41.0795 0x09fc  [ 8CD7568B0F809731D931144DE376FD16, 78902FA1BED048B336DE71FB82A3614A58BBAA834483F2F2B5ABF4A70FA491F3 ] Lenovo System Agent Service C:\Program Files\Lenovo\iMController\SystemAgentService.exe
22:30:41.0811 0x09fc  Lenovo System Agent Service - ok
22:30:41.0874 0x09fc  [ 2B7479EB47731A8ACBA28AF4C4BDA32D, 67AEB98E7B41337FEFD92CC81BFAD25FBB679998B318C110A4873B1AD8927A97 ] lfsvc           C:\WINDOWS\System32\GeofenceMonitorService.dll
22:30:41.0889 0x09fc  lfsvc - ok
22:30:41.0905 0x09fc  [ C09010B3680860131631F53E8FE7BAD8, 35F2A06D5F29478D22ABDCC20DA893EF9D96504C65594A0CEA674D1C21B04FF8 ] lltdio          C:\WINDOWS\system32\DRIVERS\lltdio.sys
22:30:41.0920 0x09fc  lltdio - ok
22:30:41.0952 0x09fc  [ DAE98CC96C5EE308BF4EA7B18F226CB8, 7A6CC56BF075010707715AB6608764291E358EDF27C806A025532869004C686B ] lltdsvc         C:\WINDOWS\System32\lltdsvc.dll
22:30:42.0014 0x09fc  lltdsvc - ok
22:30:42.0045 0x09fc  [ 1E2662D847B7D9995C65D90D254A7E0F, AFD4063D2071FFCB6B0EAC0715276D986F42326919C86E525DCE12E1109A93E2 ] lmhosts         C:\WINDOWS\System32\lmhsvc.dll
22:30:42.0061 0x09fc  lmhosts - ok
22:30:42.0077 0x09fc  [ 30223D9D80819C55531F2CF0CCB7C355, 1CA88470D6ECCF84BE23A71B1198B42107789EFD6EE7A37B2F880380F888FC83 ] LSCWinService   C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe
22:30:42.0092 0x09fc  LSCWinService - ok
22:30:42.0108 0x09fc  [ C755AE4635457AA2A11F79C0DF857ABC, E03D1ACAC155287291FE1BD0B653953ADC94279A74D0152088D698FAA796460F ] LSI_SAS         C:\WINDOWS\system32\drivers\lsi_sas.sys
22:30:42.0124 0x09fc  LSI_SAS - ok
22:30:42.0139 0x09fc  [ ADAC09CBE7A2040B7F68B5E5C9A75141, 7865DA7E91404F3642BC444B97F6B7AA42B9523D5EDD7F6365DA236B8EC3410F ] LSI_SAS2        C:\WINDOWS\system32\drivers\lsi_sas2.sys
22:30:42.0155 0x09fc  LSI_SAS2 - ok
22:30:42.0170 0x09fc  [ 04D1274BB9BBCCF12BD12374002AA191, 4B9618F8D25F2278DE1610A70ACAADB074D171D162C3AF27D464F5DC800A8E60 ] LSI_SAS3        C:\WINDOWS\system32\drivers\lsi_sas3.sys
22:30:42.0186 0x09fc  LSI_SAS3 - ok
22:30:42.0202 0x09fc  [ 327469EEF3833D0C584B7E88A76AEC0C, 3D88B5A2D68F93F01B39C6E3D8D5C7A2A20686EFC756086E66AFFF1BC3019B85 ] LSI_SSS         C:\WINDOWS\system32\drivers\lsi_sss.sys
22:30:42.0217 0x09fc  LSI_SSS - ok
22:30:42.0249 0x09fc  [ 9A7A7E45DAED2E8C2816716D8D28236A, C94787988826E546A8DC752BD6BE4EA7423DC3762B2D371DB297A63F865A95FF ] LSM             C:\WINDOWS\System32\lsm.dll
22:30:42.0312 0x09fc  LSM - ok
22:30:42.0328 0x09fc  [ DDEE191AB32DFC22C6465002ECDF5EE4, 190C3930A8449118F9FEDF43C482837EF1C255E6D67F9651156E66A1E2BC6553 ] luafv           C:\WINDOWS\system32\drivers\luafv.sys
22:30:42.0358 0x09fc  luafv - ok
22:30:42.0374 0x09fc  mailUpdate - ok
22:30:42.0389 0x09fc  [ 1E9E32AEC3E1EB1B31B8169F33168B56, 39114585E1FDBBA31E1F781C6A627281907183F94626EB347B08D1F78992ED2A ] MBAMProtector   C:\WINDOWS\system32\drivers\mbam.sys
22:30:42.0405 0x09fc  MBAMProtector - ok
22:30:42.0467 0x09fc  [ 2B983F067AEE3F9EB4DF5E97F45D21D1, 0B9ED0E91FF01A5445927650113E320C3C0EA16F1401AA55A509DDBF704DF22F ] MBAMService     C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
22:30:42.0514 0x09fc  MBAMService - ok
22:30:42.0530 0x09fc  [ 28B597A61C9AC9B59BC0573D70A62CBF, 032C095ECDAEEE800BD9C7AB08C089E7530A9DD09AE577D1612035F2BFFAA61C ] MBAMWebAccessControl C:\WINDOWS\system32\drivers\mwac.sys
22:30:42.0562 0x09fc  MBAMWebAccessControl - ok
22:30:42.0624 0x09fc  [ A85ABA4547E99D7FF985D564763D9E20, D32F539F0B2643A8EF86AD3F3A15A17A817698E971860E90549712FC14BCF9F2 ] McAPExe         C:\Program Files\McAfee\MSC\McAPExe.exe
22:30:42.0639 0x09fc  McAPExe - ok
22:30:42.0686 0x09fc  [ 16EF8A0930296943D124F06EA4E21544, 61248EAD26E1296E1445C17EC44693A3ECF1C64738213EF3AA2ADCBD4E9CB89A ] McAWFwk         c:\PROGRA~1\COMMON~1\mcafee\actwiz\mcawfwk.exe
22:30:42.0717 0x09fc  McAWFwk - ok
22:30:42.0764 0x09fc  [ 0E5107F7558414409BF027E3A09475C7, BEBC89DC9CA49462344AC74307B35CDAA9C4E5547ABA8584267E92B7411499B8 ] mcbootdelaystartsvc C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
22:30:42.0780 0x09fc  mcbootdelaystartsvc - ok
22:30:42.0827 0x09fc  [ 5DDFE5AF5D91A8754530EC0CF2A0125F, F4B8DCD4D2863895509F7E9EFC965CA2A59CEDA1DD50CF8354A8FAF3E245CAB2 ] mccspsvc        C:\Program Files\Common Files\McAfee\CSP\1.5.450.0\McCSPServiceHost.exe
22:30:42.0842 0x09fc  mccspsvc - ok
22:30:42.0842 0x09fc  [ 0E5107F7558414409BF027E3A09475C7, BEBC89DC9CA49462344AC74307B35CDAA9C4E5547ABA8584267E92B7411499B8 ] McMPFSvc        C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
22:30:42.0858 0x09fc  McMPFSvc - ok
22:30:42.0889 0x09fc  [ 0E5107F7558414409BF027E3A09475C7, BEBC89DC9CA49462344AC74307B35CDAA9C4E5547ABA8584267E92B7411499B8 ] McOobeSv2       C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
22:30:42.0905 0x09fc  McOobeSv2 - ok
22:30:42.0920 0x09fc  [ 0E5107F7558414409BF027E3A09475C7, BEBC89DC9CA49462344AC74307B35CDAA9C4E5547ABA8584267E92B7411499B8 ] mcpltsvc        C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
22:30:42.0936 0x09fc  mcpltsvc - ok
22:30:42.0936 0x09fc  [ 0E5107F7558414409BF027E3A09475C7, BEBC89DC9CA49462344AC74307B35CDAA9C4E5547ABA8584267E92B7411499B8 ] McProxy         C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
22:30:42.0967 0x09fc  McProxy - ok
22:30:42.0967 0x09fc  [ EB5C03A070F30D64A6DF80E53B22F53F, 12051B6AEBDEE1E28F24364F25A52BA3A6E282ECF86D6290E34BD38E6D4E066D ] megasas         C:\WINDOWS\system32\drivers\megasas.sys
22:30:42.0983 0x09fc  megasas - ok
22:30:43.0015 0x09fc  [ F6F13533196DE7A582D422B0241E4363, B3CD9B08937AFFF12141B38634AF3A56F5AC5FF3EF03941802B9841DEC559469 ] megasr          C:\WINDOWS\system32\drivers\megasr.sys
22:30:43.0045 0x09fc  megasr - ok
22:30:43.0077 0x09fc  [ B069A1B8072AC23CA31638CAF6E1CC90, 726E3B744F39E265C9B8FDDCD7EBD1B87327A92719EEB1924820BC90FE67B277 ] mfeaack         C:\WINDOWS\system32\drivers\mfeaack.sys
22:30:43.0108 0x09fc  mfeaack - ok
22:30:43.0124 0x09fc  [ B540EED782123308F865ACAF0F1C2E64, D1F163AA2E37A72958E78B5F96D1E087AF3B9AA33ABB89ADCEBF6CA5A44C8DFA ] mfeavfk         C:\WINDOWS\system32\drivers\mfeavfk.sys
22:30:43.0139 0x09fc  mfeavfk - ok
22:30:43.0170 0x09fc  [ 225CC932EDDC7935147FC5FD43920EAB, 868872EB3F11BA29FAABA4CCF5A075D12C8B705DC737BD3DAC5886788579934D ] mfedisk         C:\WINDOWS\system32\DRIVERS\mfedisk.sys
22:30:43.0186 0x09fc  mfedisk - ok
22:30:43.0202 0x09fc  [ 5F4CABAFF1858C54DD5AFB33BD76926E, 06BDEE2B5325E605774C095D9DADFF5E6E124259482C4B7D9E74F1CEDC5A194E ] mfeelamk        C:\WINDOWS\system32\drivers\mfeelamk.sys
22:30:43.0217 0x09fc  mfeelamk - ok
22:30:43.0264 0x09fc  [ B080F4161DFC8B4555ADE5AEF8BEA10C, AEB88FACB90981BF5A9B532D83A0792F78D30F6CCCA107FBDC4EECD6D29AD124 ] mfefire         C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
22:30:43.0295 0x09fc  mfefire - ok
22:30:43.0327 0x09fc  [ 7E44DEBA7851496841C7D4849668B4E9, 6B5E42BB81B3F841D7C1B312A309542969D6FECEAD9379BD88213809AA2DEC5B ] mfefirek        C:\WINDOWS\system32\drivers\mfefirek.sys
22:30:43.0342 0x09fc  mfefirek - ok
22:30:43.0405 0x09fc  [ E66C388028FC6D4B837504BB350FF368, 517B03CC0F622EE7027923051696326472924F43513C1E6201FBB3F29D7F6DD1 ] mfehidk         C:\WINDOWS\system32\drivers\mfehidk.sys
22:30:43.0436 0x09fc  mfehidk - ok
22:30:43.0467 0x09fc  [ 63B1C0B982EC1A91C82F53CD22F21B91, F242E2E9E4F5893E63879A4D9FDCC13B3FF571F7108A6E9B98F4DEEB2C01BA3A ] mfemms          C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe
22:30:43.0483 0x09fc  mfemms - ok
22:30:43.0500 0x09fc  [ F9881B099DD511A9A53B0B9DB668EA9D, 3E57AC8137F893760C7C3DD06D47CCAE9F3EA419E698E5A08925120F3186E11F ] mfevtp          C:\WINDOWS\system32\mfevtps.exe
22:30:43.0514 0x09fc  mfevtp - ok
22:30:43.0545 0x09fc  [ 06E22CD1696D37862CFB154E008C7921, 3994F3749716CC956E35AE699027FC2BEFA5F5402E0774323C9C9EA4FBBBC5BD ] mfewfpk         C:\WINDOWS\system32\drivers\mfewfpk.sys
22:30:43.0562 0x09fc  mfewfpk - ok
22:30:43.0592 0x09fc  [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] MMCSS           C:\WINDOWS\system32\mmcss.dll
22:30:43.0608 0x09fc  MMCSS - ok
22:30:43.0624 0x09fc  [ 8B38C44F69259987C95135C9627E2378, E698B82D4EFFF56D66C7FC9866369BA5736FDBDBE2028CC421C51E70DEA74727 ] Modem           C:\WINDOWS\system32\drivers\modem.sys
22:30:43.0655 0x09fc  Modem - ok
22:30:43.0670 0x09fc  [ 601589000CC90F0DF8DA2CC254A3CCC9, D1238A386C41B6C368D9A44B7C112C943995B5403E2A5B4B7346B266DDB0C5A0 ] monitor         C:\WINDOWS\System32\drivers\monitor.sys
22:30:43.0702 0x09fc  monitor - ok
22:30:43.0733 0x09fc  [ 2A2F8D5284E59815169A88F1FC9CEE28, 58EFBCF3C849FD088CFB7FE287FC7D9DD7E03D4E6AA98F0497C09E4596E42538 ] mouclass        C:\WINDOWS\System32\drivers\mouclass.sys
22:30:43.0764 0x09fc  mouclass - ok
22:30:43.0780 0x09fc  [ 91223A2AE2955B3E0DA3DB79C3A897A6, 32B59CF1586C2300D60AF8A1D819515033ACC7F7A1F3523FC4AC7725E29B5A90 ] mouhid          C:\WINDOWS\System32\drivers\mouhid.sys
22:30:43.0811 0x09fc  mouhid - ok
22:30:43.0827 0x09fc  [ D1D82F007A079A4D623DBD1F36EF30A1, 7901F81B62C5A4196D75A10C05386B16831CB290EFB9A1611CECF281068C520F ] mountmgr        C:\WINDOWS\system32\drivers\mountmgr.sys
22:30:43.0842 0x09fc  mountmgr - ok
22:30:43.0874 0x09fc  [ 6FC047578785B0435F4E2660946D1ADC, 8AEA5659F01FC2F75160922C69622502DABA39F33CB90D5178DD679A1CDE617D ] mpsdrv          C:\WINDOWS\system32\drivers\mpsdrv.sys
22:30:43.0889 0x09fc  mpsdrv - ok
22:30:43.0936 0x09fc  [ C18AA14126ADC66478E8E962B2DFAA98, A6F8CE9D88D590DC083253004392572C3BD02C33433CD6C0D9117D2AA7171EEC ] MpsSvc          C:\WINDOWS\system32\mpssvc.dll
22:30:43.0967 0x09fc  MpsSvc - ok
22:30:44.0014 0x09fc  [ DB32958F0E704EFBF7F15161A569E39F, 8A26448B954F8A16EE9BA72EF47F6C549A75B30BD13FEB5A29EB099A74D8F678 ] MRxDAV          C:\WINDOWS\system32\drivers\mrxdav.sys
22:30:44.0045 0x09fc  MRxDAV - ok
22:30:44.0077 0x09fc  [ 31233271EDE50D1BBB220F78AFA60486, 2122FAB5BD353DF63CF0FE9CEDBD5DFD1F26F2DE04303E1B3FFB03AA02AECED9 ] mrxsmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:30:44.0108 0x09fc  mrxsmb - ok
22:30:44.0123 0x09fc  [ 3E28B99198B514DFEB152EACF913025E, 6C1D8353DCD5F811F39C0C3CB5DF3D2457F0D17EE80FB06196AA169E3D19E9B2 ] mrxsmb10        C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys
22:30:44.0155 0x09fc  mrxsmb10 - ok
22:30:44.0202 0x09fc  [ 6276AC2AA203CF47811F6EFBBD214FBF, AE55D87D863A626347B0074F4E962080F1989A94153DAF8475593249F616DA2F ] mrxsmb20        C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys
22:30:44.0249 0x09fc  mrxsmb20 - ok
22:30:44.0264 0x09fc  [ F3C060444777A59FC63D920719E43CCD, 8766A2746E3DFB0749E902F458141269335CA6F0CEDCA3D5F8C204637C19E783 ] MsBridge        C:\WINDOWS\system32\DRIVERS\bridge.sys
22:30:44.0295 0x09fc  MsBridge - ok
22:30:44.0311 0x09fc  [ 915747E010A9414B069173284A9B93F4, 8A335C28FE1EF96DD71485877F2E86155D24B5614ACE05468F4B07E2ACD56331 ] MSDTC           C:\WINDOWS\System32\msdtc.exe
22:30:44.0342 0x09fc  MSDTC - ok
22:30:44.0358 0x09fc  [ D13329FBF8345B28AB30F44CC247DC08, 9C7EC2D4D65E6510EB5B9E61BB0D14F725D7E8FE98D65161C3971E43EF1AB6EB ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
22:30:44.0389 0x09fc  Msfs - ok
22:30:44.0389 0x09fc  [ C6B474E46F9E543B875981ED3FFE6ADD, E16687E52FB649C23D92159A1F036CB662202C1E58D961EECDAA528AA4FA669A ] msgpiowin32     C:\WINDOWS\System32\drivers\msgpiowin32.sys
22:30:44.0405 0x09fc  msgpiowin32 - ok
22:30:44.0420 0x09fc  [ 65C92EB9D08DB5C69F28C7FFD4E84E31, D709BA4723225321F665B1157A33A4AE230420752308EF535DA9A41CAC164628 ] mshidkmdf       C:\WINDOWS\System32\drivers\mshidkmdf.sys
22:30:44.0436 0x09fc  mshidkmdf - ok
22:30:44.0436 0x09fc  [ 52299F086AC2DAFD100DD5DC4A8614BA, B36BE0FC96798E5EB8C193C318970E3906961E3ABC3BFAAD73138C76D9A95B0B ] mshidumdf       C:\WINDOWS\System32\drivers\mshidumdf.sys
22:30:44.0483 0x09fc  mshidumdf - ok
22:30:44.0499 0x09fc  [ 36D92AF3343C3A3E57FEF11C449AEA4C, ECC85AA1E530DF55B4A4545798219F87F0FCA66DDD2E37BCEF0850D3C9129DD2 ] msisadrv        C:\WINDOWS\system32\drivers\msisadrv.sys
22:30:44.0514 0x09fc  msisadrv - ok
22:30:44.0545 0x09fc  [ 4EAEEBAC8CFF4E0D717DFA920BC58A90, A65CB1BB3392B6A04B978348CAC18A414560A6B04A727F22DFC0ADB20DD3AF6B ] MSiSCSI         C:\WINDOWS\system32\iscsiexe.dll
22:30:44.0577 0x09fc  MSiSCSI - ok
22:30:44.0577 0x09fc  msiserver - ok
22:30:44.0592 0x09fc  [ 0E5107F7558414409BF027E3A09475C7, BEBC89DC9CA49462344AC74307B35CDAA9C4E5547ABA8584267E92B7411499B8 ] MSK80Service    C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
22:30:44.0608 0x09fc  MSK80Service - ok
22:30:44.0624 0x09fc  [ A9BBBD2BAE6142253B9195E949AC2E8D, 599D2952D4E0B0B3E02D91E38A30F4900B1ADA330716B887B156A1CB9A3E6EE9 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:30:44.0655 0x09fc  MSKSSRV - ok
22:30:44.0670 0x09fc  [ 51B3AC0560848CD6D65AC2033E293113, 73A27E88774C6929328E6C9FC9C389F4DF76D4D4D5CBFC4F51651CC308829628 ] MsLldp          C:\WINDOWS\system32\DRIVERS\mslldp.sys
22:30:44.0717 0x09fc  MsLldp - ok
22:30:44.0733 0x09fc  [ 7B2128EB875DCBC006E6A913211006D6, 97BBD7FF770741FBFC0F181A609AD0954EA926DA203B742E8F08C89AD8FE476E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:30:44.0749 0x09fc  MSPCLOCK - ok
22:30:44.0764 0x09fc  [ 1E88171579B218115C7A772F8DE04BD8, B9EAA835D0BF8F9C4DF8403D95EF1400E8AE38F28F9DBA87657DE2129FEF02D2 ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
22:30:44.0780 0x09fc  MSPQM - ok
22:30:44.0811 0x09fc  [ BBE2A455053E63BECBF42C2F9B21FAE0, 7C5DF563499DF59DF9895A1581E47ADF5FD54C94ECEF6C886CDB60E5E95A6DAE ] MsRPC           C:\WINDOWS\system32\drivers\MsRPC.sys
22:30:44.0842 0x09fc  MsRPC - ok
22:30:44.0858 0x09fc  [ 8D6B7D515C5CBCDB75B928A0B73C3C5E, 1EB4DC3DD21D2627C78EC3F9931D9E5D033169087E43B5D7C17BF1FF2A0028CD ] mssmbios        C:\WINDOWS\System32\drivers\mssmbios.sys
22:30:44.0874 0x09fc  mssmbios - ok
22:30:44.0889 0x09fc  [ 115019AE01E0EB9C048530D2928AB4A2, 6E2275E85EACF2D0FC784792E0D72A165589D33CBAB3BCFA8E271CA09566C925 ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
22:30:44.0889 0x09fc  MSTEE - ok
22:30:44.0905 0x09fc  [ 96D604A35070360F0DD4A7A8AF410B5E, F94DD1A3566C7C8D0A76D6E1E2530552A9B7F99C5DA0DE11829325EAB9F8B7ED ] MTConfig        C:\WINDOWS\System32\drivers\MTConfig.sys
22:30:44.0920 0x09fc  MTConfig - ok
22:30:44.0920 0x09fc  [ 619CA29326B82372621DB2C0964D8365, 4091F08E266DB45A6E33A4A8B1CE9FA78BB294B3111526AA9E3868620F30AFDF ] Mup             C:\WINDOWS\system32\Drivers\mup.sys
22:30:44.0952 0x09fc  Mup - ok
22:30:44.0952 0x09fc  [ B8C35C94DCB2DFEAF03BB42131F2F77F, F0FCF367CA8F722D6ABCF7F363CD406D890D71452E91C3FC6677B47AD74D6324 ] mvumis          C:\WINDOWS\system32\drivers\mvumis.sys
22:30:44.0967 0x09fc  mvumis - ok
22:30:45.0014 0x09fc  [ 8DF30698BDD9492A9D45A4B94FB4A82A, 26B1B2D7E785E29B8BCB74C467C66AE4EBDD481ACFF36334F3BDF4506B778244 ] napagent        C:\WINDOWS\system32\qagentRT.dll
22:30:45.0045 0x09fc  napagent - ok
22:30:45.0078 0x09fc  [ 008F7CED69FD5B30CBDE1E03C6F36A27, D4ADA7834C470B17A3CD976012DC5A511B32545B9F91D23D09A85722E0B75320 ] NativeWifiP     C:\WINDOWS\system32\DRIVERS\nwifi.sys
22:30:45.0108 0x09fc  NativeWifiP - ok
22:30:45.0139 0x09fc  [ BFCE1225D10619029E68946929CEB64C, 499F560331FFBA82E3D673B47F027FDAB7BEE4F2CB5B811D69E0218839F6E6A5 ] NcaSvc          C:\WINDOWS\System32\ncasvc.dll
22:30:45.0186 0x09fc  NcaSvc - ok
22:30:45.0217 0x09fc  [ 267C97373110B7AFD3B46DF60B6CBB85, CEBB99F71D47634BB9C04DF2836DF6B47F15B3073FEFC237F85526DF01E4E38B ] NcbService      C:\WINDOWS\System32\ncbservice.dll
22:30:45.0233 0x09fc  NcbService - ok
22:30:45.0264 0x09fc  [ 9ACED0F5B458C9011F39143326494E93, 9DFFC7EE7DE6FD92545EC6A203213C498A01EEFB0BC55460D339BCE498E56A7F ] NcdAutoSetup    C:\WINDOWS\System32\NcdAutoSetup.dll
22:30:45.0280 0x09fc  NcdAutoSetup - ok
22:30:45.0327 0x09fc  [ 6D3A2565E01B3E4B0F1BEDB0D4B00B3F, 95F2608E17CA3E25BD7958D1A49F7030EC8088BC1DF12422F1DAC5BA99113E34 ] NDIS            C:\WINDOWS\system32\drivers\ndis.sys
22:30:45.0389 0x09fc  NDIS - ok
22:30:45.0405 0x09fc  [ 8CECC8DA55F3274181FD1EA28AD76664, 188112424CEF97FB926A0FB915260B803555A775DD2E1846725A9C8616300F42 ] NdisCap         C:\WINDOWS\system32\DRIVERS\ndiscap.sys
22:30:45.0436 0x09fc  NdisCap - ok
22:30:45.0467 0x09fc  [ 269882812E9A68FFF1AFE1283D428322, 50B99EBC42DA9B46A8C2C28C9BADCF58AE3079535CDD1227D0F5C86291C715FF ] NdisImPlatform  C:\WINDOWS\system32\DRIVERS\NdisImPlatform.sys
22:30:45.0514 0x09fc  NdisImPlatform - ok
22:30:45.0545 0x09fc  [ 82821F4EEC776B4CF11695A38F3ABA46, 23184F9D31E662855DC4D23EFE7C2FE00E5487D3762B6024704A5D8C87762E1C ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:30:45.0578 0x09fc  NdisTapi - ok
22:30:45.0592 0x09fc  [ B832B35055BA2B7B4181861FF94D8E59, 2E60E5D503E88D27E35ECFEE265D51328E93A9C7B9B931F86D9CBC947636BB00 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:30:45.0608 0x09fc  Ndisuio - ok
22:30:45.0624 0x09fc  [ 1F58E48EF75F34C35D8E93A0DC535CFE, D65619A6C4B1747F8B05DA08A44EF0E46B5CC384880E04E4755A2BA6CDB3C4EA ] NdisVirtualBus  C:\WINDOWS\System32\drivers\NdisVirtualBus.sys
22:30:45.0639 0x09fc  NdisVirtualBus - ok
22:30:45.0655 0x09fc  [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:30:45.0686 0x09fc  NdisWan - ok
22:30:45.0686 0x09fc  [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWanLegacy   C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:30:45.0702 0x09fc  NdisWanLegacy - ok
22:30:45.0734 0x09fc  [ DDD7F92A83F74D1476B71FBA9530A8DC, D3F94FC9F48854E09B0B77CE5E1C1DB948D54EAC63C5583437051BB893B5A386 ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
22:30:45.0749 0x09fc  NDProxy - ok
22:30:45.0764 0x09fc  [ 3083926D1CC5B56EA0786527B557DD1B, 3C3F0CA0D43398576DBE8F677B353ADDA7E8F56829874958CE668E31261C1590 ] Ndu             C:\WINDOWS\system32\drivers\Ndu.sys
22:30:45.0780 0x09fc  Ndu - ok
22:30:45.0811 0x09fc  [ 42FF4975D032CAE558AE4BB8448F6E5A, 0B8FACF3382443DED79A8004A6AA14C32471A6A1C6BAA543AA9F3FEC52620A6D ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
22:30:45.0827 0x09fc  NetBIOS - ok
22:30:45.0843 0x09fc  [ 0217532E19A748F0E5D569307363D5FD, C40C2E7AFA276057E7327A7BB173122689D6CEC9AE443C3850C3F94AF03DFBF5 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
22:30:45.0874 0x09fc  NetBT - ok
22:30:45.0874 0x09fc  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] Netlogon        C:\WINDOWS\system32\lsass.exe
22:30:45.0889 0x09fc  Netlogon - ok
22:30:45.0936 0x09fc  [ 8F074B62E66B6117D9598C62A12069C5, 5FDB19045D3E2F6D0F0C5158AC2ECB0D5404CD2AF7A319755D7E3753CA3B7CF3 ] Netman          C:\WINDOWS\System32\netman.dll
22:30:45.0952 0x09fc  Netman - ok
22:30:46.0014 0x09fc  [ 4A04B1CD5BFB4A978C5F60E86D6C3E45, A946922C1C38ADD3CF9D3B09DDCC301AE4DAC960A081B2F42B32BE1E7095B3FD ] netprofm        C:\WINDOWS\System32\netprofmsvc.dll
22:30:46.0045 0x09fc  netprofm - ok
22:30:46.0092 0x09fc  [ 1092B3190E69E0C5ECBCE90F171DE047, C16106EEFC324EE80E5F659CB71A5DD69FA800D36D829F5B0E6AD3393BD1BAF7 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:30:46.0108 0x09fc  NetTcpPortSharing - ok
22:30:46.0124 0x09fc  [ D4DCE03870314D3354F3501F9DDD4123, 5BFE8299B3F72B8C39A4965365CBF5BA151024451F02DD872FAD1CC35CF94CEA ] netvsc          C:\WINDOWS\System32\drivers\netvsc63.sys
22:30:46.0155 0x09fc  netvsc - ok
22:30:46.0311 0x09fc  [ B636B4A8E59A73033B766EA7FD7C3B81, CAC8614DEE83623DE56C969C668A33366793779084B6A23F59ADC98392115F8C ] NETwNe64        C:\WINDOWS\system32\DRIVERS\NETwew02.sys
22:30:46.0452 0x09fc  NETwNe64 - ok
22:30:46.0514 0x09fc  [ 82CB4A679121EAE6370B79152FD4207A, ABE3D935125BB0F15E4112F81380B1AFA64977C1296B185640F9764BAAD5868D ] NitroDriverReadSpool9 C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
22:30:46.0545 0x09fc  NitroDriverReadSpool9 - ok
22:30:46.0592 0x09fc  [ E94EB2A95D7D016E119C4D6868788831, 3E4A925D23262FBA0A6432DD635FBE94B0CEF76BD9BB323254B66977497FEE2A ] NlaSvc          C:\WINDOWS\System32\nlasvc.dll
22:30:46.0639 0x09fc  NlaSvc - ok
22:30:46.0702 0x09fc  [ F13529E410DE911BA558D111E5B75E42, 534147B06D7AC6C508D88362958B80ED121924E2DD9B0773D2ECBA56B7DDF97F ] nlsX86cc        C:\WINDOWS\SysWOW64\NLSSRV32.EXE
22:30:46.0717 0x09fc  nlsX86cc - ok
22:30:46.0733 0x09fc  [ 8F44A2F57C9F1A19AC9C6288C10FB351, 310274DDBAC0FE4BE54ECD3B90C97D82A0F9F5CFCA7A35711A36164DE4B94074 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
22:30:46.0749 0x09fc  Npfs - ok
22:30:46.0764 0x09fc  [ CBDB4F0871C88DF930FC0E8588CA67FC, 7E4AA3EA81A9D532F236FD7896744F07ED07CA9B37A9F18A9778BCCCC67490F2 ] npsvctrig       C:\WINDOWS\System32\drivers\npsvctrig.sys
22:30:46.0780 0x09fc  npsvctrig - ok
22:30:46.0795 0x09fc  [ 0F12A72A753CFD7FB0631EE8D08FE983, 860A96471F6CD90DDA9AB3A48E95CEAD826C87D2FA98A00EF91B61C44A4C8B82 ] nsi             C:\WINDOWS\system32\nsisvc.dll
22:30:46.0858 0x09fc  nsi - ok
22:30:46.0874 0x09fc  [ 0E046FF5823B95326D10CF1B4AF23541, 39D22715003746527AB4BFEDED8C34B695DAF589091AE7F3A2A2C4B8A35675A9 ] nsiproxy        C:\WINDOWS\system32\drivers\nsiproxy.sys
22:30:46.0920 0x09fc  nsiproxy - ok
22:30:46.0983 0x09fc  [ 7F68063A5A0461E02BC860CE0E6BFDDC, 47E9F75D27B97278B74034B7D3951A26B1644911ED321455E08D935731C858DE ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
22:30:47.0061 0x09fc  Ntfs - ok
22:30:47.0077 0x09fc  [ EF1B290FC9F0E47CC0B537292BEE5904, DBC07BBC54EBC2D2E576B23A4CE116B3DA988577AD0D96CB7289A6748A60F9EA ] Null            C:\WINDOWS\system32\drivers\Null.sys
22:30:47.0092 0x09fc  Null - ok
22:30:47.0108 0x09fc  [ BC6B5942AFF25EBAF62DE43C3807EDF8, CB0FA194084B8C309039D571B5760FDA800E9531B8660C499B4F9977BA5C36D5 ] nvraid          C:\WINDOWS\system32\drivers\nvraid.sys
22:30:47.0124 0x09fc  nvraid - ok
22:30:47.0124 0x09fc  [ 1F43ABFFAC3D6CA356851D517392966E, 6FD7621F67BA94B0E1D8F43BEC2951DBCDEEA1E848BB265AC169E27C01DA68F2 ] nvstor          C:\WINDOWS\system32\drivers\nvstor.sys
22:30:47.0139 0x09fc  nvstor - ok
22:30:47.0155 0x09fc  [ 6934A936A7369DFE37B7DBA93F5E5E49, 0900FEEB0CE8D09F0FC60630B5B986034A8BCD3882ED66E47170810C32492892 ] nv_agp          C:\WINDOWS\system32\drivers\nv_agp.sys
22:30:47.0170 0x09fc  nv_agp - ok
22:30:47.0202 0x09fc  [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] p2pimsvc        C:\WINDOWS\system32\pnrpsvc.dll
22:30:47.0264 0x09fc  p2pimsvc - ok
22:30:47.0296 0x09fc  [ FD8F61F0D1F64BBB3D835F39A3F979C9, E5C5F86576488EA7F605E26C06EE5AFB36506A446F60C894D55E0A148BF7F02D ] p2psvc          C:\WINDOWS\system32\p2psvc.dll
22:30:47.0327 0x09fc  p2psvc - ok
22:30:47.0342 0x09fc  [ 764B1121867B2D9B31C491668AC72B2B, 32C04B6FCE1DDD09697B81473A23BDCED8BEEFBCD0D2D58DDC9A11A33C756967 ] Parport         C:\WINDOWS\System32\drivers\parport.sys
22:30:47.0358 0x09fc  Parport - ok
22:30:47.0389 0x09fc  [ BAFF6122CFC9F95CA175AD8C348179A4, 079A912D951DF6A57BC1BDB0D182977EE9592751EC9DDCDA2932BDEDB333850C ] partmgr         C:\WINDOWS\system32\drivers\partmgr.sys
22:30:47.0405 0x09fc  partmgr - ok
22:30:47.0452 0x09fc  [ ABE95ABE27A8BD9701782BBCD82C9925, AE3BA1E9ECDE692374D8DAC95A8DAA289DD2470E3D8D58EFAD9F83A37F3AC8E5 ] PcaSvc          C:\WINDOWS\System32\pcasvc.dll
22:30:47.0483 0x09fc  PcaSvc - ok
22:30:47.0530 0x09fc  [ 91ED124E261EA8FAA1C0FFDF2A71B0C4, 20E41A38067395D03184938983A9BE459717A1941352972DBC28D83D542319EC ] pci             C:\WINDOWS\system32\drivers\pci.sys
22:30:47.0561 0x09fc  pci - ok
22:30:47.0578 0x09fc  [ 346E38FCC6859A727DD28AFAD1F0AFF4, FF3DA26F79B3BC3A5B8A8AA0B9139B9EF70297F4EA1203B1E68FB5A212C3AA58 ] pciide          C:\WINDOWS\system32\drivers\pciide.sys
22:30:47.0594 0x09fc  pciide - ok
22:30:47.0594 0x09fc  [ 4D3BDCC1C7B40C9D7B6AD990E6DEC397, 27A7AF2127B699F4579CB77936F38DC102211E26E5E2947DB808756FE06FC98E ] pcmcia          C:\WINDOWS\system32\drivers\pcmcia.sys
22:30:47.0608 0x09fc  pcmcia - ok
22:30:47.0624 0x09fc  [ BF28771D1436C88BE1D297D3098B0F7D, 5F7630916A76A8CF31289E9C577F522B999C74C39E541CD40E62BD53004BEF74 ] pcw             C:\WINDOWS\system32\drivers\pcw.sys
22:30:47.0639 0x09fc  pcw - ok
22:30:47.0670 0x09fc  [ 24A8DFC07E4BAF29AEA26E383D4CC886, 1B903FE52CD816662D37A8113930B4B7019B6996D49F1982D8F42933A3525A67 ] pdc             C:\WINDOWS\system32\drivers\pdc.sys
22:30:47.0686 0x09fc  pdc - ok
22:30:47.0717 0x09fc  [ 0ECEE590F2E2EF969FB74A6FC583A1E6, 1C611D9225C863CF32125F684B324C58BDE1942F4F283F5674133200AC505D44 ] PEAUTH          C:\WINDOWS\system32\drivers\peauth.sys
22:30:47.0764 0x09fc  PEAUTH - ok
22:30:47.0796 0x09fc  [ 8E3C640FFF5A963F570233AE99C0FFF3, 3DE978B005BF2E88BA858CE37D9E27BD3584642B8412E22C300A1E739743838A ] PerfHost        C:\WINDOWS\SysWow64\perfhost.exe
22:30:47.0811 0x09fc  PerfHost - ok
22:30:47.0874 0x09fc  [ 70B39E7241F750A248798CE82C44596D, 54A72199EB277EE586611DCBC21654786FD2196F91D5884C4F531297893CC3EC ] pla             C:\WINDOWS\system32\pla.dll
22:30:47.0952 0x09fc  pla - ok
22:30:47.0983 0x09fc  [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] PlugPlay        C:\WINDOWS\system32\umpnpmgr.dll
22:30:48.0014 0x09fc  PlugPlay - ok
22:30:48.0046 0x09fc  [ 4570F8A37D221660F3A09D6F4DD4BA94, 0EA190CFFA53DF9CCA2D53A4EF1BCB837BA3F2489A3AC5BD11F6D6ED811D118E ] PNRPAutoReg     C:\WINDOWS\system32\pnrpauto.dll
22:30:48.0061 0x09fc  PNRPAutoReg - ok
22:30:48.0077 0x09fc  [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] PNRPsvc         C:\WINDOWS\system32\pnrpsvc.dll
22:30:48.0108 0x09fc  PNRPsvc - ok
22:30:48.0139 0x09fc  [ BDD52AB4AEBB8B1904568DBD0CCB70CB, C3D1DBA349C79B43DCDD9EF5255C5EE973EFB844235B808B5EF9B63A51FF00AA ] PolicyAgent     C:\WINDOWS\System32\ipsecsvc.dll
22:30:48.0170 0x09fc  PolicyAgent - ok
22:30:48.0186 0x09fc  [ C8DD82C3035E60D671B8CC5DF128D3A9, 6AABF632CBEDA9A7B553BC9134FF100CB6FDC88000D499D2883408FCEDD97576 ] Power           C:\WINDOWS\system32\umpo.dll
22:30:48.0217 0x09fc  Power - ok
22:30:48.0217 0x09fc  [ E075CC071022BD4E9BE7C024717C0E0A, BE65A8C1082AE8DF8C37CA06B2BCC521478AC153EA7388B03F7FAE3913920E75 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:30:48.0249 0x09fc  PptpMiniport - ok
22:30:48.0374 0x09fc  [ E3514CE7CB4AF80ECCA383F065BC77C0, 1EA06D358A07EB9DFB703CEFC4EB834B947B899E0ACFE1C494E2DAED63F1D4B5 ] PrintNotify     C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
22:30:48.0530 0x09fc  PrintNotify - ok
22:30:48.0545 0x09fc  [ ECD373F9571C745894367CC2635EA44F, E08B2A1017DAE1BF10B986DAFAD14BDE20D79703E0EF3A8C700A3753908C1392 ] Processor       C:\WINDOWS\System32\drivers\processr.sys
22:30:48.0592 0x09fc  Processor - ok
22:30:48.0655 0x09fc  [ 19424364D8C03B990C4281BE53963FD0, 958FC8436E6B754858E20BC48B0D4B269991E8CA94C15C2761BF04ED52591907 ] ProfSvc         C:\WINDOWS\system32\profsvc.dll
22:30:48.0686 0x09fc  ProfSvc - ok
22:30:48.0717 0x09fc  [ FC0141B4A5AD6D637D883C1A89FC45C5, DCE8942C02EEDAE7A57707CA60CAC3A8CD6BA68E6571E405CA882D4DD6D69E43 ] Psched          C:\WINDOWS\system32\DRIVERS\pacer.sys
22:30:48.0749 0x09fc  Psched - ok
22:30:48.0795 0x09fc  [ A6A7AD767BF5141665F5C675F671B3E1, 11D43F732C3B82679E53516F83E675B60B0EFEDE3F4EE3C42AC752AD8D5155AF ] PSI_SVC_2       c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
22:30:48.0827 0x09fc  PSI_SVC_2 - ok
22:30:48.0874 0x09fc  [ DAA9DEE0A5D5F238C4EE54C2C7FB67C5, 7EC8C603BD92699AC35BDCD294F13BEE90D5C2C195FD93A3F16928BFCF53CA93 ] QWAVE           C:\WINDOWS\system32\qwave.dll
22:30:48.0905 0x09fc  QWAVE - ok
22:30:48.0920 0x09fc  [ 83868EB2924E6BC21A54337C65D614D1, 8D1BE01EBD190231153B867C32120DC8FBFBD32050448A778134D435D76A0B07 ] QWAVEdrv        C:\WINDOWS\system32\drivers\qwavedrv.sys
22:30:48.0952 0x09fc  QWAVEdrv - ok
22:30:48.0967 0x09fc  [ B337B1F1E82A83E20A1743E008E25C0F, A2E8AF041B4CAB78AEE28A2147A189FF0F9D2FCEFB167D60FBBA0A787A5A5BE7 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:30:48.0999 0x09fc  RasAcd - ok
22:30:49.0030 0x09fc  [ E8FFD8BE3C50E7A71C5FBB87BDD1128E, 3E3EB906CC9A1CCA09580DA9F94DD0E1162CABD343874B76718DC4F2E9069C4E ] RasAgileVpn     C:\WINDOWS\system32\DRIVERS\AgileVpn.sys
22:30:49.0061 0x09fc  RasAgileVpn - ok
22:30:49.0092 0x09fc  [ 044638489B4A5FE5334F46C5314A0826, E06CC2A9EF369794DAD69FBB5AFD1676D4283DDAB2AD5E3EFE454C473F62F955 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
22:30:49.0124 0x09fc  RasAuto - ok
22:30:49.0155 0x09fc  [ BBB6272B7F46C4640A8CDB8A70C3450F, 4266C3ABD0D1D0219F715EA0F155744F7C1E3A7B722BE863831B57AE785419A2 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:30:49.0170 0x09fc  Rasl2tp - ok
22:30:49.0202 0x09fc  [ F83B38FCD4F69157B3D158433FA149CC, AB103BD3E2B3B134CB355C556DF70BCF0CF4DB11EFF7DB4A9876D5AA43D81293 ] RasMan          C:\WINDOWS\System32\rasmans.dll
22:30:49.0249 0x09fc  RasMan - ok
22:30:49.0264 0x09fc  [ 5247F308C4103CDC4FE12AE1D235800A, E567CD33CA1897D53795E071B7AFBAF98B2C8F725F8BED0BA90F5EF611520E48 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:30:49.0280 0x09fc  RasPppoe - ok
22:30:49.0295 0x09fc  [ 41F631007A158FEBB67F0E2AD1601BBA, EB5EA7277F4178BC27E55BF850AEBCD84B6BED80B2383CFB29548824AAFED135 ] RasSstp         C:\WINDOWS\system32\DRIVERS\rassstp.sys
22:30:49.0327 0x09fc  RasSstp - ok
22:30:49.0358 0x09fc  [ A1A5E79C0D1352AFDC08328A623DA051, 01546DDE6F1FF159A7EB7F2BF104910445D3D863F1F37DEA695579BA60D84280 ] rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:30:49.0405 0x09fc  rdbss - ok
22:30:49.0420 0x09fc  [ 6B21EBF892CD8CACB71669B35AB5DE32, 0AD8E14FEF16FB2559F5FC8AFBC9D49E4E24F43CF65F480DBF9FAB593269B419 ] rdpbus          C:\WINDOWS\System32\drivers\rdpbus.sys
22:30:49.0436 0x09fc  rdpbus - ok
22:30:49.0452 0x09fc  [ 680C1DAE268B6FB67FA21B389A8B79EF, 856911F77BDD8830C3D683EBE8AF399FB3A54C7D8D0B34EA37D903377F0A39BD ] RDPDR           C:\WINDOWS\system32\drivers\rdpdr.sys
22:30:49.0483 0x09fc  RDPDR - ok
22:30:49.0514 0x09fc  [ BC8A79C625568DDB7DCA49D0C2741A64, AB0A7ED9EC2282EC0356D27EA4F70515943E41C2112428B787636B8BEC278933 ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys
22:30:49.0530 0x09fc  RdpVideoMiniport - ok
22:30:49.0562 0x09fc  [ A26AEC49F318FEE141DDDB2C5F99B3E6, 246AD79FF27E79DEDCB0AAA7C22A8EA6349DEDAC863413A1E378E68FD94C9C4F ] rdyboost        C:\WINDOWS\system32\drivers\rdyboost.sys
22:30:49.0593 0x09fc  rdyboost - ok
22:30:49.0624 0x09fc  [ 615DFD97DEA56CE1C3A52185A3038FF8, 707BF5F9FAE478A12656D15013F507CC1335E7B72BD21CA99BB813CB95E37BC0 ] ReFS            C:\WINDOWS\system32\drivers\ReFS.sys
22:30:49.0655 0x09fc  ReFS - ok
22:30:49.0702 0x09fc  [ 0CF7CB56BF2D5E9DBCEE0185CB626FAD, 2BD2E2FB1D2EADD1F70EF55E8523C353F95D4FEB1BAD5017FA4D94F790F27825 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
22:30:49.0717 0x09fc  RemoteAccess - ok
22:30:49.0764 0x09fc  [ AC8785B53F8436058C90450DA1840AE7, CC1FFC2713910211F8A6AD532DBB9253ACD188CBD784F1BE6613DF382825A3C1 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
22:30:49.0811 0x09fc  RemoteRegistry - ok
22:30:49.0858 0x09fc  [ FBA61BB4C484A01A655AFB18FF86C417, D53B2110CB09D0A909C4E330C468351BFE076BB056CCDDCB8ADA2FB91E96352E ] RichVideo64     C:\Program Files\CyberLink\Shared files\RichVideo64.exe
22:30:49.0889 0x09fc  RichVideo64 - ok
22:30:49.0905 0x09fc  [ 65B9FDE300A6DECC03BA44C4616DCAD6, CAD992982733DD20282A3453DC4E554AE1FC077C35479C0CA4E8BC3A9DCD3BB0 ] RpcEptMapper    C:\WINDOWS\System32\RpcEpMap.dll
22:30:49.0920 0x09fc  RpcEptMapper - ok
22:30:49.0936 0x09fc  [ A737B433ABAF3F2DCB2BD7B4CC582B26, 3B5706B0CF0969A9F82060FD4DCC745F2D83C066B663FE8A4F0F493B64032C9C ] RpcLocator      C:\WINDOWS\system32\locator.exe
22:30:49.0952 0x09fc  RpcLocator - ok
22:30:49.0999 0x09fc  [ A6F17C299A03BAFEFB9257C462A19E00, EB68967D28355271897166D7B6FD963D1E546D3C24AE1AEAAC561F94357A9345 ] RpcSs           C:\WINDOWS\system32\rpcss.dll
22:30:50.0062 0x09fc  RpcSs - ok
22:30:50.0077 0x09fc  [ 2D05A5508F4685412F2B89E8C2189ABC, 82F12B4E0E73411A121EFD35FBD3B44CBBC0AE96ACFBB45D8C3C3777E2EA320D ] rspndr          C:\WINDOWS\system32\DRIVERS\rspndr.sys
22:30:50.0109 0x09fc  rspndr - ok
22:30:50.0124 0x09fc  [ 99E927EA78E4B20F02B4B900F6FAB569, C4F6EC9B3BA4FA39926673F39BA3A183CDB7FFC04404F115779C7397C482A795 ] RSUSBVSTOR      C:\WINDOWS\System32\Drivers\RtsUVStor.sys
22:30:50.0155 0x09fc  RSUSBVSTOR - ok
22:30:50.0202 0x09fc  [ 948D5E71CF9DB59961353A355EA45139, A23D012B07A92CC217C67C904CDFBA2BCCDCC2BD49B24FB694BD230D000F2B7B ] RTL8168         C:\WINDOWS\system32\DRIVERS\Rt630x64.sys
22:30:50.0217 0x09fc  RTL8168 - ok
22:30:50.0249 0x09fc  [ 1A063730F221B2746FF00457AE17E4F0, 39A3C258CBFE3BC566C63528C9020A3BC9409736AE5289C08A7BA471D8409263 ] s3cap           C:\WINDOWS\System32\drivers\vms3cap.sys
22:30:50.0264 0x09fc  s3cap - ok
22:30:50.0295 0x09fc  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] SamSs           C:\WINDOWS\system32\lsass.exe
22:30:50.0327 0x09fc  SamSs - ok
22:30:50.0342 0x09fc  [ C624A1B32211C3166EDB3F4AB02A30B7, 6B2A4607DB52D74242787ED9DF9067058983D310431D8612D2B0236E6201E681 ] sbp2port        C:\WINDOWS\system32\drivers\sbp2port.sys
22:30:50.0358 0x09fc  sbp2port - ok
22:30:50.0374 0x09fc  [ 74A3B67F03877D06B09B1B40C5ED582E, A8FF9BF416F0BF365BFB4E1796859825C811A74B5E54DDDCE8345193BEEBE206 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.dll
22:30:50.0420 0x09fc  SCardSvr - ok
22:30:50.0436 0x09fc  [ 8B9C4D55B4A536FB01C360DDB9533574, 9B939FE68F6F9C171ED0D91E2CE1E67515295D34EC23606BCDFD097DCC8CFD4A ] ScDeviceEnum    C:\WINDOWS\System32\ScDeviceEnum.dll
22:30:50.0467 0x09fc  ScDeviceEnum - ok
22:30:50.0499 0x09fc  [ 13BEA6C882D4D877A5A85CA149C86BC1, 8E9BE5C2A36D5881D9985C3A31309FE03966EA13A3541D3C5B542AB67FA0D55F ] scfilter        C:\WINDOWS\system32\DRIVERS\scfilter.sys
22:30:50.0530 0x09fc  scfilter - ok
22:30:50.0592 0x09fc  [ A626F5E446860F22835E783142D7AE33, 3A786639E1FABCA512F4F91A10811DD3C4D9C9C9BB893362E4D019219D0BD8E2 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
22:30:50.0670 0x09fc  Schedule - ok
22:30:50.0702 0x09fc  [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] SCPolicySvc     C:\WINDOWS\System32\certprop.dll
22:30:50.0749 0x09fc  SCPolicySvc - ok
22:30:50.0780 0x09fc  [ C54B6B2170BF628FD42F799A66956D75, BCF460A124CAA6F1F1A9A7BCBDCC2D5E39B0404D96B7C9FFAC806E041782B91E ] sdbus           C:\WINDOWS\System32\drivers\sdbus.sys
22:30:50.0795 0x09fc  sdbus - ok
22:30:50.0795 0x09fc  [ 0B1E929D11A8E358106955603FAC65E8, A5EC91BFC0873EC6AB1D0DB4E91654BD35339BD680E7E82DA2DC64996B4AE515 ] sdstor          C:\WINDOWS\System32\drivers\sdstor.sys
22:30:50.0811 0x09fc  sdstor - ok
22:30:50.0828 0x09fc  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\WINDOWS\system32\drivers\secdrv.sys
22:30:50.0859 0x09fc  secdrv - ok
22:30:50.0889 0x09fc  [ BA24CEA7152239F42ECD04AFB7C89D24, A2A11EABB0C283772B74667C7544B61BEB1B9745FBF065E831542129EB585AFA ] seclogon        C:\WINDOWS\system32\seclogon.dll
22:30:50.0920 0x09fc  seclogon - ok
22:30:50.0952 0x09fc  [ 81FE9A81EDF8016816C9E91FBFBF7D35, 87FB92A3D15F312F0B9C423EF851061A944B013E5668D8C9A441B4DC0EB690AF ] SENS            C:\WINDOWS\System32\sens.dll
22:30:50.0967 0x09fc  SENS - ok
22:30:50.0999 0x09fc  [ 6E4012AE67F09F867EF620C8D5524C0B, 63933E51F8E413E63481369CE2F9FD224560550FBD3BD2B4573E9F4AD88708A2 ] SensrSvc        C:\WINDOWS\system32\sensrsvc.dll
22:30:51.0014 0x09fc  SensrSvc - ok
22:30:51.0030 0x09fc  [ DB2FF24CE0BDD15FE75870AFE312BA89, 7DB0D978C92CD0A0A81F7AB46FE323B4929CEA01585B0F330921E6DFA7DE1B85 ] SerCx           C:\WINDOWS\system32\drivers\SerCx.sys
22:30:51.0045 0x09fc  SerCx - ok
22:30:51.0061 0x09fc  [ 0044B31F93946D5D41982314381FE431, 95B8A94BA9EF770F29ACD5B23D447EC2B6CF1CB3D0030343BA1550AC31F6E2A5 ] SerCx2          C:\WINDOWS\system32\drivers\SerCx2.sys
22:30:51.0078 0x09fc  SerCx2 - ok
22:30:51.0092 0x09fc  [ 3CD600C089C1251BEEB4CD4CD5164F9E, D9F81951B4454B24E821E33ACA53A851A61F3135E8EC6FBE6761A1A3E1CDCBE2 ] Serenum         C:\WINDOWS\System32\drivers\serenum.sys
22:30:51.0124 0x09fc  Serenum - ok
22:30:51.0124 0x09fc  [ D864381BC9C725FAB01D94C060660166, 132FED95222BBE3B0B25B3F1F0EFC5903D04564BD047BA4D2042AD51E3FDA724 ] Serial          C:\WINDOWS\System32\drivers\serial.sys
22:30:51.0139 0x09fc  Serial - ok
22:30:51.0170 0x09fc  [ 96B01F117057FB4DAE0FF919ACB55770, D0F58F1CAE4F81D60FCE60BB0065A34B4F897E8105DF17B6DAA334938CD25A56 ] sermouse        C:\WINDOWS\System32\drivers\sermouse.sys
22:30:51.0186 0x09fc  sermouse - ok
22:30:51.0233 0x09fc  [ 3A2F1A7472C3B7CC9B89C8516C726488, 9BCBBAC10C900EA7B30822B463A77EE5067F217C4B490857A09E5277983CB89B ] SessionEnv      C:\WINDOWS\system32\sessenv.dll
22:30:51.0264 0x09fc  SessionEnv - ok
22:30:51.0280 0x09fc  [ 472B7A5AC181C050888DB454663DD764, C950A8615D57BFD455E18880398350642B2E1D6B951EC9754FD8D429F3418835 ] sfloppy         C:\WINDOWS\System32\drivers\sfloppy.sys
22:30:51.0296 0x09fc  sfloppy - ok
22:30:51.0327 0x09fc  [ 8081FF3DAE8159FE8956B09BC29CE983, AC0F305AEE8B1AB2E1275F1D33EC1D2F3E23F234F831BD9D41F415A94A19D3AB ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
22:30:51.0343 0x09fc  SharedAccess - ok
22:30:51.0389 0x09fc  [ 7FD9A61A3523A61FC135D61D6E160314, 409E1CF7A62FD90CBC31AEAFBB7230B02DBEC6CFCA2D266D221A7643FAEBA13B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
22:30:51.0452 0x09fc  ShellHWDetection - ok
22:30:51.0483 0x09fc  [ 2F518D13DD6F3053837FE606F1A2EA1F, 64109296CE95BD233525688A350D575CF97B9464659AA07CF78B307B6ADBC835 ] SiSRaid2        C:\WINDOWS\system32\drivers\SiSRaid2.sys
22:30:51.0483 0x09fc  SiSRaid2 - ok
22:30:51.0499 0x09fc  [ 1AC9A200A9C49C4508F04AAFFCA34A3F, 972BCB2A39169155F74111FAC74ACCD8F50E34EADCF087833B0980827627BBF4 ] SiSRaid4        C:\WINDOWS\system32\drivers\sisraid4.sys
22:30:51.0514 0x09fc  SiSRaid4 - ok
22:30:51.0530 0x09fc  [ 3C84DCCE5B322F745A75CA8BA3A0F6B3, 1FB94A8A1C63D6FDB82E28ED5B696B3CB1F64183A89A3B5153B266C292CB7815 ] smphost         C:\WINDOWS\System32\smphost.dll
22:30:51.0562 0x09fc  smphost - ok
22:30:51.0577 0x09fc  [ D0EB0DF8C603BBA084351A92732B1CBE, E24ED8F78EF41C1BC17386AE4BBCE0DC892C5B89B12C03FC9FB61D359B13F1B4 ] SNMPTRAP        C:\WINDOWS\System32\snmptrap.exe
22:30:51.0609 0x09fc  SNMPTRAP - ok
22:30:51.0655 0x09fc  [ D24B1945ED1F9C96DA786DBBF1E983CE, B46CB0B72B7A3DF94A46B8D65E38535C5F8E72A55CF2DC48EFA1F9A0108691C4 ] spaceport       C:\WINDOWS\system32\drivers\spaceport.sys
22:30:51.0686 0x09fc  spaceport - ok
22:30:51.0686 0x09fc  [ F337BE11071818FC3F5DC2940B6BDE34, D5CFF00E5DF37045F71AEE101AC9B270EBB29F372F404757B58600E9966C7E4D ] SpbCx           C:\WINDOWS\system32\drivers\SpbCx.sys
22:30:51.0702 0x09fc  SpbCx - ok
22:30:51.0749 0x09fc  [ FCB156A6745631A67DEA61827061D483, 9275ABFA1E1E595969A71C0DA228D18D1B868BF46E097E1276142BD80F8A32C9 ] Spooler         C:\WINDOWS\System32\spoolsv.exe
22:30:51.0780 0x09fc  Spooler - ok
22:30:51.0936 0x09fc  [ C993A0B97BECD3AAF5158E3869878465, 8B86F37DEFCBE55DE507D830EC4980EBB39B3CCA30C2B3E76B588AAB282A50FC ] sppsvc          C:\WINDOWS\system32\sppsvc.exe
22:30:52.0170 0x09fc  sppsvc - ok
22:30:52.0202 0x09fc  [ 6416E79A58A8FCC33A447A4DDDD3BF04, 839E3107ACCD520C309BD6C8324DF7A8EB724EAD442AB1F1CACB0D83F84BE488 ] srv             C:\WINDOWS\system32\DRIVERS\srv.sys
22:30:52.0233 0x09fc  srv - ok
22:30:52.0280 0x09fc  [ 00D8AC8E3053290BDE6EA2FB6810D2FC, 957FEF84CBBAE71829529AE99A1B24F52D7831BD666442D0132FBB825409A75D ] srv2            C:\WINDOWS\system32\DRIVERS\srv2.sys
22:30:52.0327 0x09fc  srv2 - ok
22:30:52.0358 0x09fc  [ D047CD668E6277FD80F0C613946F034C, BD0209E7FD89F9295D4DE48C9652DF2A2990277C16AFA473B96704B1CBD2F338 ] srvnet          C:\WINDOWS\system32\DRIVERS\srvnet.sys
22:30:52.0374 0x09fc  srvnet - ok
22:30:52.0405 0x09fc  [ CF6C3037839CF78421A94F9060C2886F, CA98C180AE03F5BE8FEFFBA75BD98DEE2AD4FA975E1EF83215C9CD2476946811 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
22:30:52.0436 0x09fc  SSDPSRV - ok
22:30:52.0452 0x09fc  [ 198A737DBA666F4808D62E9A8277A6B7, 90B6E5E2ACE95D850C913A3A1DA1F966C44955C530004C228FA93B2A536F5C27 ] SstpSvc         C:\WINDOWS\system32\sstpsvc.dll
22:30:52.0467 0x09fc  SstpSvc - ok
22:30:52.0499 0x09fc  [ 5252D7BC56E5E0ED715AEA8FE173A455, 1408B3E98B35A449434718777EE70595F0D306197A428279C6281D2F1953F259 ] ssudmdm         C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
22:30:52.0514 0x09fc  ssudmdm - ok
22:30:52.0530 0x09fc  [ 366DEA74BBA65B362BCCFC6FC2ADFD8B, 4D28122AB9D8DAB724021E6513B4474BD34FCEDF47769B1D27AC7551FCA002F8 ] stexstor        C:\WINDOWS\system32\drivers\stexstor.sys
22:30:52.0545 0x09fc  stexstor - ok
22:30:52.0578 0x09fc  [ 63E9CE568CF1192771A5F0460DE7D2B9, C27B21FD2C14AD41A59EF62EB8AC95C08EB13CCB1CEECD8378B8CDD4DC352E69 ] stisvc          C:\WINDOWS\System32\wiaservc.dll
22:30:52.0608 0x09fc  stisvc - ok
22:30:52.0639 0x09fc  [ 0ED2E318ABB68C1A35A8B8038BDB4C90, 5C3ABC245F4BCFE64E646D9C0E2F5E211244956C84D03084C71FF6A7E0CDED30 ] storahci        C:\WINDOWS\system32\drivers\storahci.sys
22:30:52.0655 0x09fc  storahci - ok
22:30:52.0686 0x09fc  [ 8B9486B64E5FC17FB9CC04CA10B77A34, C1EAC9D27DC83E4C56B890D97988C3CCFAE3877309610601F2E3FFFE97686D43 ] storflt         C:\WINDOWS\system32\drivers\vmstorfl.sys
22:30:52.0702 0x09fc  storflt - ok
22:30:52.0717 0x09fc  [ 6B06E2D11E604BE2B1A406C4CB3B90DE, 2DDEA1568A85AD64FCE5D10D348304FCD9BE6E96C2313353EF70A2933306D188 ] stornvme        C:\WINDOWS\system32\drivers\stornvme.sys
22:30:52.0733 0x09fc  stornvme - ok
22:30:52.0764 0x09fc  [ A45F5AC9D8069D0EC66E3CA73103073B, 996788F1C58E016E8E5CF3FD1D220A3C40AFFD6C21361A34636415DB12E0D381 ] StorSvc         C:\WINDOWS\system32\storsvc.dll
22:30:52.0780 0x09fc  StorSvc - ok
22:30:52.0795 0x09fc  [ 548759755BC73DAD663250239D7E0B9F, D31A05A8CE800B539420B6E545F1F4BF6E4B02EAF8366DE89CAF13A83C6CA48D ] storvsc         C:\WINDOWS\system32\drivers\storvsc.sys
22:30:52.0811 0x09fc  storvsc - ok
22:30:52.0842 0x09fc  [ E395BE02F80A79A6CF973BA38DBB8135, 4C6F85B0EB8E7725BA720F9742561D229726C0D7C17505D1E79F19A5626F6325 ] svsvc           C:\WINDOWS\system32\svsvc.dll
22:30:52.0858 0x09fc  svsvc - ok
22:30:52.0874 0x09fc  [ 65454187E0F8B6C0DCECB0287D06EC43, 87550000CF5B3C1DF3E69633934AFE8554AE40B6638F190D3185AD63F1D7A2EE ] swenum          C:\WINDOWS\System32\drivers\swenum.sys
22:30:52.0889 0x09fc  swenum - ok
22:30:52.0936 0x09fc  [ 1C71D72D4997A284128FBEE770726330, 21682BDE74A1108FED1124FB1EA35A03CBFA94ABE1B89CC0FADB4DD82596C43E ] swprv           C:\WINDOWS\System32\swprv.dll
22:30:52.0967 0x09fc  swprv - ok
22:30:53.0030 0x09fc  [ 3114CB46C2853CA71525428CB0C7CB58, A9CC51506AABBC23BAB2B90E30AB13197A72268A3DE6D2F281C1C367ED7118AE ] SysMain         C:\WINDOWS\system32\sysmain.dll
22:30:53.0077 0x09fc  SysMain - ok
22:30:53.0092 0x09fc  [ 23BECB70654B192A7E378DEE3DBD8D42, 7596174AE7508B62C40A429645198F6A420D0CD5B62A10AB78516113584E7EDB ] SystemEventsBroker C:\WINDOWS\System32\SystemEventsBrokerServer.dll
22:30:53.0139 0x09fc  SystemEventsBroker - ok
22:30:53.0170 0x09fc  [ D6A71B95ACF71ACA63B67232059F1BCD, C5CEC032E7AB507500D1CC7A4E65DA6322412C798201A9D770CBDE892E50DFC8 ] TabletInputService C:\WINDOWS\System32\TabSvc.dll
22:30:53.0202 0x09fc  TabletInputService - ok
22:30:53.0233 0x09fc  [ 5A5BAB1CA9621E73E25EE4744B67CDA6, 479EBD7BAE1E2AD431153FDC016742F7A8D824716EAB1A4CA87EBBD21D61DECD ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
22:30:53.0264 0x09fc  TapiSrv - ok
22:30:53.0327 0x09fc  [ 468273F7089A3A33D149955F0F203FA4, 18FD0B73FBD63550E904EE76D4323EFE163BFF8C3DC6DE67F4BE6003C7DC6879 ] Tcpip           C:\WINDOWS\system32\drivers\tcpip.sys
22:30:53.0420 0x09fc  Tcpip - ok
22:30:53.0483 0x09fc  [ 468273F7089A3A33D149955F0F203FA4, 18FD0B73FBD63550E904EE76D4323EFE163BFF8C3DC6DE67F4BE6003C7DC6879 ] TCPIP6          C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:30:53.0545 0x09fc  TCPIP6 - ok
22:30:53.0578 0x09fc  [ 41CF802064F72E55F50CA0A221FD36D4, 70ABCDF9E96611E8C83042C581575E26649FE479475E8E118CD3FF6CB1C84C3F ] tcpipreg        C:\WINDOWS\system32\drivers\tcpipreg.sys
22:30:53.0592 0x09fc  tcpipreg - ok
22:30:53.0608 0x09fc  [ FFF28F9F6823EB1756C60F1649560BBF, 208DFF8BF0329D0D4761C7E31527AEED7FF5F3C36C5005953D01477F35408D5C ] tdx             C:\WINDOWS\system32\DRIVERS\tdx.sys
22:30:53.0624 0x09fc  tdx - ok
22:30:53.0639 0x09fc  [ 232D185D2337F141311D0CF1983E1431, 02EB56D3F26174AF1741C1A444CE30DE84D5BAF583C1A52C7A953BCC52445547 ] terminpt        C:\WINDOWS\System32\drivers\terminpt.sys
22:30:53.0655 0x09fc  terminpt - ok
22:30:53.0702 0x09fc  [ C50997E282576DA492EBA66B059D4196, EBD793CB396F9503376207FA60353F5672DEDB620C8E01C8D6AE0030B3B03339 ] TermService     C:\WINDOWS\System32\termsrv.dll
22:30:53.0749 0x09fc  TermService - ok
22:30:53.0780 0x09fc  [ 2180DBCE75B914E5E5BBFFFAAE97AA21, 8000AECC8855903DB50ABA7E304396D1FCEAE8DC9ADD4FC50275CF24B4D914DE ] Themes          C:\WINDOWS\system32\themeservice.dll
22:30:53.0795 0x09fc  Themes - ok
22:30:53.0828 0x09fc  [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] THREADORDER     C:\WINDOWS\system32\mmcss.dll
22:30:53.0842 0x09fc  THREADORDER - ok
22:30:53.0858 0x09fc  [ B5ED9CC61798C7D44BD535D40B89EFB5, 1BDCEAA9AF2096381870D92129C748F4EE06A1167ABA9367B9DD43BAF27E3F5B ] TimeBroker      C:\WINDOWS\System32\TimeBrokerServer.dll
22:30:53.0889 0x09fc  TimeBroker - ok
22:30:53.0905 0x09fc  [ 82F909359600D3603FE852DB7F135626, 2EB2BB9D81AC9A2E432B2628E296B7B21F1C82EAE8009300EEF1B8596A9F418D ] TPM             C:\WINDOWS\system32\drivers\tpm.sys
22:30:53.0920 0x09fc  TPM - ok
22:30:53.0952 0x09fc  [ 884113C2BB703FE806C8608B75F34831, 24DE5750CA4363455412BABB0B1FAB08497153E8F158ED44958F100410F93506 ] TrkWks          C:\WINDOWS\System32\trkwks.dll
22:30:53.0983 0x09fc  TrkWks - ok
22:30:54.0014 0x09fc  [ 44A94FB4C76528D2382FFE04B05827C3, B0BCDF7CD1D65E61A9061D539D83527A89B69583958F8A26C6BF9766C1B61E0C ] TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe
22:30:54.0045 0x09fc  TrustedInstaller - ok
22:30:54.0061 0x09fc  [ BF8F54CA37E9C9D6582C31C5761F8C93, 337C566792F6FB9B7FD5D1D4384B767CFE4CF5DBB2E4688CCC36CBB018A0DD0F ] TsUsbFlt        C:\WINDOWS\system32\drivers\tsusbflt.sys
22:30:54.0077 0x09fc  TsUsbFlt - ok
22:30:54.0108 0x09fc  [ 20185BEB7512EDE4EFECDFA148AC9F99, 6F539478493C0F87F3DDF67A4A6D4D41E9474EEF21434E856350CE149A34EA9F ] TsUsbGD         C:\WINDOWS\System32\drivers\TsUsbGD.sys
22:30:54.0125 0x09fc  TsUsbGD - ok
22:30:54.0139 0x09fc  [ C8E0E78B5D284C2FF59BDFFDAF997242, BA1576C491A1246EF9866762426D110F4570F9DB42A68C174943C7D5020FE3E2 ] tunnel          C:\WINDOWS\system32\DRIVERS\tunnel.sys
22:30:54.0186 0x09fc  tunnel - ok
22:30:54.0202 0x09fc  [ F6EEAD052943B5A3104C1405BB856C54, FE422813E6C1012E9F392EFF2AE4C6D3A4DBD9CB2BD5E6A5CAB57D4E89A29468 ] uagp35          C:\WINDOWS\system32\drivers\uagp35.sys
22:30:54.0233 0x09fc  uagp35 - ok
22:30:54.0264 0x09fc  [ FE6067B1FD4E63650C667B33D080565B, 2C330ED00E49BA55E25564230E0DFB8A35F2B5320EB18D4AF7CAACFA9A449044 ] UASPStor        C:\WINDOWS\System32\drivers\uaspstor.sys
22:30:54.0280 0x09fc  UASPStor - ok
22:30:54.0311 0x09fc  [ 807F8CF3E973305FC435C61CBBEE2A49, 43CDEAC2BFC5091C11DFC0E7F7171AF9A598AE56CB056C3CF382AE7807F79EF0 ] UCX01000        C:\WINDOWS\System32\drivers\ucx01000.sys
22:30:54.0327 0x09fc  UCX01000 - ok
22:30:54.0358 0x09fc  [ C61EAF8E1E4B2F62BA4FDF457440B2C6, 961F76A789925234AC27F56AAE34556FA06088D71580B42C24B0BC209EAFD67E ] udfs            C:\WINDOWS\system32\DRIVERS\udfs.sys
22:30:54.0374 0x09fc  udfs - ok
22:30:54.0389 0x09fc  [ 9578691F297E1B1F519970FE6D47CB21, 080C352AAF22A16A4F3C4AB4DCEA5BFA656457C73F735CEBA30516FDACCF6301 ] UEFI            C:\WINDOWS\System32\drivers\UEFI.sys
22:30:54.0405 0x09fc  UEFI - ok
22:30:54.0436 0x09fc  [ A867F0F978EE64C87FADC3B100869EE4, 2686BE85F963D0D0BB275E92E5B543280D8742CF10772303E3189D0719B6A277 ] UI0Detect       C:\WINDOWS\system32\UI0Detect.exe
22:30:54.0452 0x09fc  UI0Detect - ok
22:30:54.0467 0x09fc  [ 5EAB5117DDB24FC4D39E6FFFCF1837B9, 2BC709240867F161E94BE6625A04F478EAAA3EEE7BC7C37ED0DFA9EEA5928E98 ] uliagpkx        C:\WINDOWS\system32\drivers\uliagpkx.sys
22:30:54.0483 0x09fc  uliagpkx - ok
22:30:54.0499 0x09fc  [ DA34C39A18E60E7C3FA0630566408034, 2F162504214053894C72760D9933D01DBF3578609FE5E2376C3272818599FE32 ] umbus           C:\WINDOWS\System32\drivers\umbus.sys
22:30:54.0514 0x09fc  umbus - ok
22:30:54.0530 0x09fc  [ AE8294875E5446E359B1E8035D40C05E, AE0357BAB47C07C3576BC76951CD258C009BC5A1B93259D2122A841BD9CDA8FA ] UmPass          C:\WINDOWS\System32\drivers\umpass.sys
22:30:54.0561 0x09fc  UmPass - ok
22:30:54.0592 0x09fc  [ A023F267A262D5DA6CE1436D9C5E8FD9, 92AD7AF91184C244A7E392F49663143193A80D5D81114546A00F18227DE31D23 ] UmRdpService    C:\WINDOWS\System32\umrdp.dll
22:30:54.0624 0x09fc  UmRdpService - ok
22:30:54.0670 0x09fc  [ C98493DD8E6A50154FAC75C15E1C36BB, CECD1C826C8F7AF05468871BF6A0ACDBB6B0202F4F87F48C6D367E5BD699E800 ] upnphost        C:\WINDOWS\System32\upnphost.dll
22:30:54.0702 0x09fc  upnphost - ok
22:30:54.0733 0x09fc  [ FF78D053A05E5A394F4E3C1816CC65A8, 5DAE02414271231F5FDBB751AFEB99874779B467947020815D4AE54432D4269D ] usbccgp         C:\WINDOWS\System32\drivers\usbccgp.sys
22:30:54.0749 0x09fc  usbccgp - ok
22:30:54.0764 0x09fc  [ 0139248F6B95CF0D837B5B46A2722D40, 38E3E704E0364F07732DB418AEBD126B040FB3CDB7D78EA36E8605D50D528A80 ] usbcir          C:\WINDOWS\System32\drivers\usbcir.sys
22:30:54.0795 0x09fc  usbcir - ok
22:30:54.0827 0x09fc  [ 48BA326A3DBA5B5BEB5F2777F4618696, B9EC8155F11A3A7644BD9DC8910681B46AE44AE3BF53F052DF50E9C5555E3229 ] usbehci         C:\WINDOWS\System32\drivers\usbehci.sys
22:30:54.0842 0x09fc  usbehci - ok
22:30:54.0889 0x09fc  [ FEF0BC107812B36849741C3211BA6B60, B3EF738BE1E6B6027F29C9713CD3F367EA067D2BE46580AFBC0FB58046EF6BBD ] usbhub          C:\WINDOWS\System32\drivers\usbhub.sys
22:30:54.0920 0x09fc  usbhub - ok
22:30:54.0967 0x09fc  [ 95B0179BDA907252025DEEA183699FB3, A6BDFB93EE9418A83407024204A41640A08638C60E2BE75C249D102601DC1D80 ] USBHUB3         C:\WINDOWS\System32\drivers\UsbHub3.sys
22:30:54.0983 0x09fc  USBHUB3 - ok
22:30:55.0014 0x09fc  [ 3019097FB6C985EF24C058090FF3BDBD, 24AC518D34E338D94BF3D5B3F72E53F8A1369BAA7F32FEA3EDBCF928C4FF1D17 ] usbohci         C:\WINDOWS\System32\drivers\usbohci.sys
22:30:55.0030 0x09fc  usbohci - ok
22:30:55.0045 0x09fc  [ 4D655E3B684BE9B0F7FFD8A2935C348C, 3A7FC1748C5AEA8CFE0E7C22ADC77E3DCA475455FC16D9C6A5C16EB5E949A516 ] usbprint        C:\WINDOWS\System32\drivers\usbprint.sys
22:30:55.0108 0x09fc  usbprint - ok
22:30:55.0139 0x09fc  [ 0F030491BA4A27BD46F8B8ACEEE83F1A, 7063855611BEF94D4D229BA1BE507ECBDD89F5861641A407EB3E2919A352F9D4 ] usbscan         C:\WINDOWS\System32\drivers\usbscan.sys
22:30:55.0170 0x09fc  usbscan - ok
22:30:55.0202 0x09fc  [ 66732C13628BDB1AB0D6FD46027327C2, B582C0F348D8F79419CA5A58F10CA151E06D7CA3BE162344CADA46D9D7FED97C ] USBSTOR         C:\WINDOWS\System32\drivers\USBSTOR.SYS
22:30:55.0217 0x09fc  USBSTOR - ok
22:30:55.0233 0x09fc  [ 064260B3A5868AC894A4943543BC7AB7, D3534E98B34C4AC9A430D7E0AB301A0E5E1511E3117C2FEA392636B0DE2C38E2 ] usbuhci         C:\WINDOWS\System32\drivers\usbuhci.sys
22:30:55.0264 0x09fc  usbuhci - ok
22:30:55.0295 0x09fc  [ 5C8F604F6DC74177CDD8372D7B1ADFF0, C1DE9A37A7A01CCCBFCE13C1E5B26683F620AB21EDA5A14C82022E2F49C84484 ] usbvideo        C:\WINDOWS\System32\Drivers\usbvideo.sys
22:30:55.0327 0x09fc  usbvideo - ok
22:30:55.0342 0x09fc  [ 44603DA5A87FB491EF59C889EBBB4DDB, 59AA9B6B0B5D66F9312CD3F999D0D9F12F1A2C5D230365AD7287CD71FD86961C ] USBXHCI         C:\WINDOWS\System32\drivers\USBXHCI.SYS
22:30:55.0358 0x09fc  USBXHCI - ok
22:30:55.0374 0x09fc  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] VaultSvc        C:\WINDOWS\system32\lsass.exe
22:30:55.0390 0x09fc  VaultSvc - ok
22:30:55.0405 0x09fc  [ FEB26E3B8345A7E8D62F945C4AE86562, 3AAFE87C402FC8E92542DFE60EC9540559863065F88D429A16D7B1BF829223FF ] vdrvroot        C:\WINDOWS\system32\drivers\vdrvroot.sys
22:30:55.0420 0x09fc  vdrvroot - ok
22:30:55.0467 0x09fc  [ 8A4D808D1EC7C1C47B2C8BF488A9A07A, 63C07312ADB6F8A8BDE93361C30AC63DAB4DE1141AF54630EEF11E54B0BF983D ] vds             C:\WINDOWS\System32\vds.exe
22:30:55.0545 0x09fc  vds - ok
22:30:55.0561 0x09fc  [ A026EDEAA5EECAE0B08E2748B616D4BD, 2525A54DC7F49DDFBB999C22BF3FAB6D9E9F70C0806E58D81E90AC59F9F46089 ] VerifierExt     C:\WINDOWS\system32\drivers\VerifierExt.sys
22:30:55.0577 0x09fc  VerifierExt - ok
22:30:55.0608 0x09fc  [ C06E8481E068F170A258441639AC5792, 2F550530BACB511A195D5047F003B01CB6E04FA9A0DCCF638CB3D51FF5467DC7 ] vhdmp           C:\WINDOWS\System32\drivers\vhdmp.sys
22:30:55.0655 0x09fc  vhdmp - ok
22:30:55.0670 0x09fc  [ 06D38968028E9AB19DE9B618C7B6D199, 62022297A47F440D1C82CA0B0E57C0C8E9D5033D83DD3B40492B218DF65EBF68 ] viaide          C:\WINDOWS\system32\drivers\viaide.sys
22:30:55.0686 0x09fc  viaide - ok
22:30:55.0717 0x09fc  [ 511AD3FF957A0127E6BD336FF6F89C38, 55325BFD0857A1204F7F6F8ED8C91C07B0E20A50402105708E7365ECD9E25A21 ] vmbus           C:\WINDOWS\system32\drivers\vmbus.sys
22:30:55.0733 0x09fc  vmbus - ok
22:30:55.0733 0x09fc  [ DA40BEA0A863CE768C940CA9723BF81F, 567C0C3F422325635808B0CF76E05D3B6187F96845C33F85F92F98C9FE53A5B8 ] VMBusHID        C:\WINDOWS\System32\drivers\VMBusHID.sys
22:30:55.0764 0x09fc  VMBusHID - ok
22:30:55.0795 0x09fc  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicguestinterface C:\WINDOWS\System32\ICSvc.dll
22:30:55.0827 0x09fc  vmicguestinterface - ok
22:30:55.0842 0x09fc  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicheartbeat   C:\WINDOWS\System32\ICSvc.dll
22:30:55.0874 0x09fc  vmicheartbeat - ok
22:30:55.0889 0x09fc  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmickvpexchange C:\WINDOWS\System32\ICSvc.dll
22:30:55.0905 0x09fc  vmickvpexchange - ok
22:30:55.0920 0x09fc  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicrdv         C:\WINDOWS\System32\ICSvc.dll
22:30:55.0952 0x09fc  vmicrdv - ok
22:30:55.0967 0x09fc  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicshutdown    C:\WINDOWS\System32\ICSvc.dll
22:30:55.0999 0x09fc  vmicshutdown - ok
22:30:56.0014 0x09fc  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmictimesync    C:\WINDOWS\System32\ICSvc.dll
22:30:56.0045 0x09fc  vmictimesync - ok
22:30:56.0061 0x09fc  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicvss         C:\WINDOWS\System32\ICSvc.dll
22:30:56.0092 0x09fc  vmicvss - ok
22:30:56.0092 0x09fc  [ 55D7D963DE85162F1C49721E502F9744, 5AD34D6DB707EF3E5242BD8CA67B21D6258EE7E7FC477D5227BD15500AE7F45F ] volmgr          C:\WINDOWS\system32\drivers\volmgr.sys
22:30:56.0108 0x09fc  volmgr - ok
22:30:56.0140 0x09fc  [ CCB9E901F7254BF96D28EB1B0E5329B7, F0E3CA4EFA544CDAEF4092284CF3EC7DF07F806A770285E281816457AD8813F5 ] volmgrx         C:\WINDOWS\system32\drivers\volmgrx.sys
22:30:56.0170 0x09fc  volmgrx - ok
22:30:56.0186 0x09fc  [ 64CA2B4A49A8EAF495E435623ECCE7DB, 81151F295A54DE2B8B88C7F48C86BF58CDFF96F98493509C06D6F41484594386 ] volsnap         C:\WINDOWS\system32\drivers\volsnap.sys
22:30:56.0202 0x09fc  volsnap - ok
22:30:56.0217 0x09fc  [ EF31713EE4C7CCFE4049F7E7F15645A2, 35D198D3F1061E19A7EF89FA1E75377049CD6BCA9702F8076B9F95BB8737E0D4 ] vpci            C:\WINDOWS\System32\drivers\vpci.sys
22:30:56.0233 0x09fc  vpci - ok
22:30:56.0264 0x09fc  [ 4539F45F9F4C9757A86A56C949421E07, DEC362314B2C66414F39354AFE79C02B18BF4EEF90787FB58307F6EB62237E2C ] vsmraid         C:\WINDOWS\system32\drivers\vsmraid.sys
22:30:56.0280 0x09fc  vsmraid - ok
22:30:56.0327 0x09fc  [ 94FAFD473CDD80CE19A21FB9503D7ED1, 953E5E8C753C0017E1258695A76F60CC05D283F7476B9D9C5C8AC78B8E3FCE18 ] VSS             C:\WINDOWS\system32\vssvc.exe
22:30:56.0389 0x09fc  VSS - ok
22:30:56.0405 0x09fc  [ 0849B7260F26FE05EA56DED0672E2F4B, 7EAC0E7988F45CB4133A15932955B7B03CE715C967A3BAC9999D81543EBCAEC5 ] VSTXRAID        C:\WINDOWS\system32\drivers\vstxraid.sys
22:30:56.0436 0x09fc  VSTXRAID - ok
22:30:56.0452 0x09fc  [ BE970C369E43B509C1EDA2B8FA7CECB0, 18951F2AA842A0795AA79A4E164EE925A35E6270EBE4C4CDB19D0A891830E383 ] vwifibus        C:\WINDOWS\System32\drivers\vwifibus.sys
22:30:56.0467 0x09fc  vwifibus - ok
22:30:56.0483 0x09fc  [ 6B26AD573CCDD5209DF4397438B76354, 2C8AC314EC471F6D8B0B12D49D621360A10DCADA7C52E73596730C954FF89FCF ] vwififlt        C:\WINDOWS\system32\DRIVERS\vwififlt.sys
22:30:56.0514 0x09fc  vwififlt - ok
22:30:56.0530 0x09fc  [ 0B48E0DFB44EE475F4FD8A8EE599AF30, 28271D4CA0C642304CD8826A3D514F44E3391F9D6D07A1595BB30CE65E7E3494 ] vwifimp         C:\WINDOWS\system32\DRIVERS\vwifimp.sys
22:30:56.0545 0x09fc  vwifimp - ok
22:30:56.0577 0x09fc  [ DC821E811EFBB65CDD77FBB8B6ECA385, B7C8AACDF81DBA298F2F384983D36B269876C31F0398D89BF9070217A069B96F ] W32Time         C:\WINDOWS\system32\w32time.dll
22:30:56.0608 0x09fc  W32Time - ok
22:30:56.0624 0x09fc  [ 0910AB9ED404C1434E2D0376C2AD5D8B, 62585CA5F1375BDA440D28D5DF1ADDC9DE3DDFA196D49BBFF3456A5A09EE1C6B ] WacomPen        C:\WINDOWS\System32\drivers\wacompen.sys
22:30:56.0655 0x09fc  WacomPen - ok
22:30:56.0686 0x09fc  [ 6505C9E72910F91D4C317EECF22D1DE6, 838BAEA6F0BBA916B3291EB165F65DA2F4EC35395678D450EEEB1E540A123FC4 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:30:56.0717 0x09fc  Wanarp - ok
22:30:56.0733 0x09fc  [ 6505C9E72910F91D4C317EECF22D1DE6, 838BAEA6F0BBA916B3291EB165F65DA2F4EC35395678D450EEEB1E540A123FC4 ] Wanarpv6        C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:30:56.0749 0x09fc  Wanarpv6 - ok
22:30:56.0811 0x09fc  [ A81988DCC4FA440AA88B84CA452F5E22, 3573AAA09971E8ADB6FEFA778E02B2D8EE5E4249267CF37A524D9F019CC836FB ] wbengine        C:\WINDOWS\system32\wbengine.exe
22:30:56.0858 0x09fc  wbengine - ok
22:30:56.0890 0x09fc  [ 0F1DFA2FED73FA78B8C3CDE332A870F6, 1089F6F585F5350D349A640EBD3117832DF6B3657EB6667CB00AE217E04ACA17 ] WbioSrvc        C:\WINDOWS\System32\wbiosrvc.dll
22:30:56.0936 0x09fc  WbioSrvc - ok
22:30:56.0952 0x09fc  [ 0EAEC313B24837613621B4A2536ED382, 61C194ED7FA7D65BBE61A546D5FCA52F52AB08324E084D3EC23C9706E9BF0175 ] Wcmsvc          C:\WINDOWS\System32\wcmsvc.dll
22:30:56.0983 0x09fc  Wcmsvc - ok
22:30:57.0014 0x09fc  [ F6B4C2280FF7C7156AC8A4687B9DA35E, 1899D584D7469BB49355D84080051E2575B033E6312009D9C6C1DD3F7F9AA4C5 ] wcncsvc         C:\WINDOWS\System32\wcncsvc.dll
22:30:57.0045 0x09fc  wcncsvc - ok
22:30:57.0061 0x09fc  [ B7BF1D783F5B2484E8CE1C0C78257F16, 468601199FCCF63DBAE86EE6B8825EA85B2A1EE177413353FFA2CC9CA5249FCD ] WcsPlugInService C:\WINDOWS\System32\WcsPlugInService.dll
22:30:57.0092 0x09fc  WcsPlugInService - ok
22:30:57.0108 0x09fc  [ 1751F6B031ADAC34724511057D2E455D, BCBC77DE02718868302F7469E8FBB8F2E7E0F8A5D3E46A5B4D48713E829FBAF6 ] WdBoot          C:\WINDOWS\system32\drivers\WdBoot.sys
22:30:57.0139 0x09fc  WdBoot - ok
22:30:57.0186 0x09fc  [ CB6C63FF8342B467E2EF76E98D5B934D, BE017CE91E3BAB293DE6ECF143797CCE3F33CC63024437472B4E38C6961AD884 ] Wdf01000        C:\WINDOWS\system32\drivers\Wdf01000.sys
22:30:57.0217 0x09fc  Wdf01000 - ok
22:30:57.0249 0x09fc  [ D296D0F0DB2CD1504F90405603664493, 9531034AE2E027B5C7366713AA9003085501800B35F971D1CE7FFB8E5DAE3825 ] WdFilter        C:\WINDOWS\system32\drivers\WdFilter.sys
22:30:57.0264 0x09fc  WdFilter - ok
22:30:57.0295 0x09fc  [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiServiceHost  C:\WINDOWS\system32\wdi.dll
22:30:57.0311 0x09fc  WdiServiceHost - ok
22:30:57.0311 0x09fc  [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiSystemHost   C:\WINDOWS\system32\wdi.dll
22:30:57.0342 0x09fc  WdiSystemHost - ok
22:30:57.0359 0x09fc  [ 9F4DF0043965808973023A9B51A11136, 3A799125CBC5C214D9FBB91C348B39563B1FDB7403B520270752E9A177464723 ] WdNisDrv        C:\WINDOWS\system32\Drivers\WdNisDrv.sys
22:30:57.0374 0x09fc  WdNisDrv - ok
22:30:57.0406 0x09fc  WdNisSvc - ok
22:30:57.0436 0x09fc  [ 185E4111627F7AA6799E1366B5E91D65, 7A02C816DFBCCF47EDB49E5E2005A3D0B80719FAC94F9298D2DBAC63950EDA05 ] WebClient       C:\WINDOWS\System32\webclnt.dll
22:30:57.0467 0x09fc  WebClient - ok
22:30:57.0499 0x09fc  [ 384E1D04FE20845B2559D292F17A9FA1, AD3B0B2B2219691AC30FEEC8AFDB3BBB74B51BB7D02038AE2B4DEA514E245315 ] Wecsvc          C:\WINDOWS\system32\wecsvc.dll
22:30:57.0545 0x09fc  Wecsvc - ok
22:30:57.0561 0x09fc  [ 455014F4E48B67EBE0F032E2B0E06BF2, A36435784A034B27056A0E606683A20C69F1B0AB2B6BAEDEAEAA190F6287CAEF ] WEPHOSTSVC      C:\WINDOWS\system32\wephostsvc.dll
22:30:57.0592 0x09fc  WEPHOSTSVC - ok
22:30:57.0624 0x09fc  [ F13DBA57CEA9B7074B95EDCA6AD2635E, 1D9BA4841EF1343A5D9096B5FE27FC65DC1901D6683DD13516171638549666B5 ] wercplsupport   C:\WINDOWS\System32\wercplsupport.dll
22:30:57.0655 0x09fc  wercplsupport - ok
22:30:57.0702 0x09fc  [ FD7E58B6AA3EABF2D12B9762A20E11E4, 4C5E2E246C5C70074866BB3DBC2AAF483ECE4345004CCB8D1FE285047268685D ] WerSvc          C:\WINDOWS\System32\WerSvc.dll
22:30:57.0733 0x09fc  WerSvc - ok
22:30:57.0749 0x09fc  [ BAB713B409258DB7B5D9F9693F802B0E, C0D0391EC4FDC07E0A07F4EEB2DC9CC5B2BE5D2E292E7D01929E8D39D6F73EA5 ] WFPLWFS         C:\WINDOWS\system32\DRIVERS\wfplwfs.sys
22:30:57.0764 0x09fc  WFPLWFS - ok
22:30:57.0795 0x09fc  [ 8C840E1FD7584E74BD0CC1EA581EC187, 148E534A94B4882E7396B13FABE17407802292E7890713540080D03D5629C81D ] WiaRpc          C:\WINDOWS\System32\wiarpc.dll
22:30:57.0827 0x09fc  WiaRpc - ok
22:30:57.0842 0x09fc  [ 5F66B7BB330AA80067FC66149A692620, 92C5D7115A168A23108B65EEEB5FBA8FA43D781855355792596D2419160263C2 ] WIMMount        C:\WINDOWS\system32\drivers\wimmount.sys
22:30:57.0858 0x09fc  WIMMount - ok
22:30:57.0858 0x09fc  WinDefend - ok
22:30:57.0905 0x09fc  [ 10DAD6A7FC617A221313BD584E3C3A00, F139B878668ECF38FE59831E8595A207D5CEEE76C6FFDA8C9F735435E601A763 ] WinHttpAutoProxySvc C:\WINDOWS\system32\winhttp.dll
22:30:57.0936 0x09fc  WinHttpAutoProxySvc - ok
22:30:57.0999 0x09fc  [ FC8BD690321216C32BB58B035B6D5674, D61698DB19D9DB2593B60B6BA13F7B7735667206F41D751D507135469D6D3CDD ] Winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
22:30:58.0030 0x09fc  Winmgmt - ok
22:30:58.0139 0x09fc  [ 75436315AA383CF527695C6D49D0CA59, E3D55F2ACBD45D4D031FA6CA799394459C89BE50FF6ADE4FE36F2CAB2D2E63D0 ] WinRM           C:\WINDOWS\system32\WsmSvc.dll
22:30:58.0233 0x09fc  WinRM - ok
22:30:58.0264 0x09fc  [ AC263C2F66405589528995AA41040599, 81B46E551D6130A2C3D113EC3B563CEDB5A06BB340986C0E03136CE5BE729481 ] WinUsb          C:\WINDOWS\System32\drivers\WinUsb.sys
22:30:58.0295 0x09fc  WinUsb - ok
22:30:58.0327 0x09fc  [ DC079BA8390089E4EBCA63D27EEA3ECB, 4D549217A68292E2B16C09FD9F84317011EE54A2DAF4E2AB85554267DF0D3249 ] WlanSvc         C:\WINDOWS\System32\wlansvc.dll
22:30:58.0420 0x09fc  WlanSvc - ok
22:30:58.0499 0x09fc  [ 06BF5897949A8F24893F792E876B71F5, 9D3719492A86BF52A56E2EA798FD6FDB5862A03F6D360FCC4B0CEA9BE9792AE4 ] wlidsvc         C:\WINDOWS\system32\wlidsvc.dll
22:30:58.0561 0x09fc  wlidsvc - ok
22:30:58.0592 0x09fc  [ 2834D9D3B4F554A39C72F00EA3F0E128, D10124343C67FE9A0B711AD569BB8080495FCEA0ECEF9AC3F3FBD6865F436A44 ] WmiAcpi         C:\WINDOWS\System32\drivers\wmiacpi.sys
22:30:58.0608 0x09fc  WmiAcpi - ok
22:30:58.0655 0x09fc  [ B96F7A1236C3F21212DE2C40A3DDB005, 5A29EBB6DA036E303611EB1304192655021405BB05452FD37886DDE604FF0D9D ] wmiApSrv        C:\WINDOWS\system32\wbem\WmiApSrv.exe
22:30:58.0686 0x09fc  wmiApSrv - ok
22:30:58.0702 0x09fc  WMPNetworkSvc - ok
22:30:58.0733 0x09fc  [ 7FC5667DF73D4B04AA457CC3A4180E09, CB7B014945DCA16B6D120DBE0E5876C4C867A4ACD3C3536AEADC14B908613D4E ] Wof             C:\WINDOWS\system32\drivers\Wof.sys
22:30:58.0749 0x09fc  Wof - ok
22:30:58.0827 0x09fc  [ 588040D595BBF0856CA1ADD941A8ED17, CBC92BB5453FE1BEA6F33239B7CE884F312559591383408EA5F95A006156C5D3 ] workfolderssvc  C:\WINDOWS\system32\workfolderssvc.dll
22:30:58.0890 0x09fc  workfolderssvc - ok
22:30:58.0920 0x09fc  [ A2468CC3509394A33C4C32F99563D845, 62690C7D41F382DF74B8F4B942647842858E37DE35FF2DE028192E4D09ABB2C5 ] wpcfltr         C:\WINDOWS\system32\DRIVERS\wpcfltr.sys
22:30:58.0936 0x09fc  wpcfltr - ok
22:30:58.0952 0x09fc  [ 19F4DF69876DA7E9C4965351560FE6B7, 127247A7964F55EE3AF842D25120F5ACD387632BEE2BF3D28FAC05840CEA19BA ] WPCSvc          C:\WINDOWS\System32\wpcsvc.dll
22:30:58.0967 0x09fc  WPCSvc - ok
22:30:58.0999 0x09fc  [ 2ADE11F3D84709C5F6781E4C59F11683, F003C43396CF8FCF44EAB87583650DB4D2A233322D28D6A78D1694945D9073BB ] WPDBusEnum      C:\WINDOWS\system32\wpdbusenum.dll
22:30:59.0030 0x09fc  WPDBusEnum - ok
22:30:59.0045 0x09fc  [ 9F2904B55F6CECCD1A8D986B5CE2609A, E19ED4DD3CEF3A22C058FC324824604FB3FC98A029C94E6C2A3389F938D680B6 ] WpdUpFltr       C:\WINDOWS\system32\drivers\WpdUpFltr.sys
22:30:59.0061 0x09fc  WpdUpFltr - ok
22:30:59.0061 0x09fc  [ AE072B0339D0A18E455DC21666CAD572, AB1DAEA25E2C7AD610818D4B4783F6D4190D85EBB3963BBAD410E8CEA7899EDB ] ws2ifsl         C:\WINDOWS\system32\drivers\ws2ifsl.sys
22:30:59.0092 0x09fc  ws2ifsl - ok
22:30:59.0124 0x09fc  [ 5596C0960ED6ED7494BF2A55DE428684, C95CF09A657F37F421CC80E16F2F95B8EC59A8D5D48F104551155EAC8E53DCB2 ] wscsvc          C:\WINDOWS\System32\wscsvc.dll
22:30:59.0139 0x09fc  wscsvc - ok
22:30:59.0139 0x09fc  WSearch - ok
22:30:59.0264 0x09fc  [ 6B2D71124C1EA86B74412F414C42431D, 078CC6C9667EF6BDA3E6900BC26A5A5B030CAA66928A6BBB7B7DC43C5C199EDC ] WSService       C:\WINDOWS\System32\WSService.dll
22:30:59.0389 0x09fc  WSService - ok
22:30:59.0420 0x09fc  [ 72B4E9DF6456C43C42A1419B09486045, 536BA7377B5BEA7EA46864453933111DB88DB8FB689C68915ACD7261A996E61D ] wsvd            C:\WINDOWS\system32\DRIVERS\wsvd.sys
22:30:59.0436 0x09fc  wsvd - ok
22:30:59.0577 0x09fc  [ 5F3D70B19BCAC985DA90F22CA2FF45E4, BBD82BAEF0DCA2C6361F8D1ADF5BED36D0F1AB1A2AEADB0E4526B917F40C2E52 ] wuauserv        C:\WINDOWS\system32\wuaueng.dll
22:30:59.0686 0x09fc  wuauserv - ok
22:30:59.0733 0x09fc  [ 481286719402E4BAEFEA0604AB1B5113, F3CF65DF2AB39F79AE4C1335831408418E40726706E0242677E8B96B0FAD988F ] WudfPf          C:\WINDOWS\system32\drivers\WudfPf.sys
22:30:59.0749 0x09fc  WudfPf - ok
22:30:59.0795 0x09fc  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFRd          C:\WINDOWS\System32\drivers\WUDFRd.sys
22:30:59.0811 0x09fc  WUDFRd - ok
22:30:59.0827 0x09fc  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFSensorLP    C:\WINDOWS\System32\drivers\WUDFRd.sys
22:30:59.0842 0x09fc  WUDFSensorLP - ok
22:30:59.0858 0x09fc  [ 51D28F7F1F888DDCF2C67DCF3B79A5D3, 74FF2936AFCEB9A36175D5B00EB91A5AD614B52BE3FB3FA9B994A025A484D2B7 ] wudfsvc         C:\WINDOWS\System32\WUDFSvc.dll
22:30:59.0889 0x09fc  wudfsvc - ok
22:30:59.0905 0x09fc  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdFs       C:\WINDOWS\System32\drivers\WUDFRd.sys
22:30:59.0920 0x09fc  WUDFWpdFs - ok
22:30:59.0920 0x09fc  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdMtp      C:\WINDOWS\System32\drivers\WUDFRd.sys
22:30:59.0936 0x09fc  WUDFWpdMtp - ok
22:30:59.0983 0x09fc  [ A0900F8F628B5AF6841414EB3CF11E50, 8A531F2472FF4B4D895D469D28C215C834ECADBEF539894B8F3F606079A86184 ] WwanSvc         C:\WINDOWS\System32\wwansvc.dll
22:30:59.0999 0x09fc  WwanSvc - ok
22:31:00.0014 0x09fc  ================ Scan global ===============================
22:31:00.0061 0x09fc  [ 243F54DBA6EB48A369CA465E263ABA4A, 9D9F9DE783D000F3EA130EB68FD71319F21E4F1CD4232FB8B2F8A9A67E08F5F4 ] C:\WINDOWS\system32\basesrv.dll
22:31:00.0077 0x09fc  [ EAB311B0A7A8EA0346F14F08D4BC8F46, 11168E4074679F8A69DA714C0ABD0C68BA49D171B379343F14783C9C563202CA ] C:\WINDOWS\system32\winsrv.dll
22:31:00.0108 0x09fc  [ 3600ED7EA8AED849E20700551C0BD63B, 4A8C346C1646E80B58EF93F87F915A41E05CA2E993BB1C96955AE62A0669AF66 ] C:\WINDOWS\system32\sxssrv.dll
22:31:00.0124 0x09fc  [ E0C7813A97CA7947FF5C18A8F3B61A45, 083BB4F3B20419C87DB656F1465E5F782ACDE76838CDE6207F26AAD035C69DE0 ] C:\WINDOWS\system32\services.exe
22:31:00.0139 0x09fc  [ Global ] - ok
22:31:00.0139 0x09fc  ================ Scan MBR ==================================
22:31:00.0170 0x09fc  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
22:31:00.0264 0x09fc  \Device\Harddisk0\DR0 - ok
22:31:00.0280 0x09fc  [ DDAE9D649DB12F6AFF24483F2C298989 ] \Device\Harddisk1\DR7
22:31:00.0483 0x09fc  \Device\Harddisk1\DR7 - ok
22:31:00.0483 0x09fc  ================ Scan VBR ==================================
22:31:00.0483 0x09fc  [ D8FA1788F4CA74FB8A309E3165A09D83 ] \Device\Harddisk0\DR0\Partition1
22:31:00.0545 0x09fc  \Device\Harddisk0\DR0\Partition1 - ok
22:31:00.0561 0x09fc  [ 42C214443098E322C2052B8B938CAD7D ] \Device\Harddisk0\DR0\Partition2
22:31:00.0624 0x09fc  \Device\Harddisk0\DR0\Partition2 - ok
22:31:00.0640 0x09fc  [ 0C67991C25DD9AFFA29B9782CDCC939C ] \Device\Harddisk0\DR0\Partition3
22:31:00.0686 0x09fc  \Device\Harddisk0\DR0\Partition3 - ok
22:31:00.0717 0x09fc  [ 495E37546AA24032873EE424E9C33648 ] \Device\Harddisk0\DR0\Partition4
22:31:00.0717 0x09fc  \Device\Harddisk0\DR0\Partition4 - ok
22:31:00.0734 0x09fc  [ 87F02A404C53F34C8C05C519C885884E ] \Device\Harddisk0\DR0\Partition5
22:31:00.0764 0x09fc  \Device\Harddisk0\DR0\Partition5 - ok
22:31:00.0812 0x09fc  [ CAC83B919CCDA524A2218543017448EA ] \Device\Harddisk0\DR0\Partition6
22:31:00.0827 0x09fc  \Device\Harddisk0\DR0\Partition6 - ok
22:31:00.0827 0x09fc  [ FCD9CD1A8BC19A8BC83772C9F8A0A5F1 ] \Device\Harddisk1\DR7\Partition1
22:31:00.0843 0x09fc  \Device\Harddisk1\DR7\Partition1 - ok
22:31:00.0843 0x09fc  ================ Scan generic autorun ======================
22:31:01.0217 0x09fc  [ 16438B000BF56F2CD7FDB5E6C3B38C7E, 32D6E69E6367D3ADB2189DA89103CB9910CE791EFB0879515DDD380A96D85BAE ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
22:31:01.0625 0x09fc  RTHDVCPL - ok
22:31:01.0702 0x09fc  [ F31CDC26F3624750C2AE2DEFF1E598DA, 06B606E849FB946A9E4CFC8E6799A6B18C4E3233A77ED62DEBCC375649F3D7A8 ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
22:31:01.0749 0x09fc  RtHDVBg_LENOVO_MICPKEY - ok
22:31:01.0842 0x09fc  [ FABE304460CE5FBD10139403DFAF1853, 1C3BDCEA4508FC2768A6B2CB56D2B08FCDA6047D6F1B52FE2E2901DBCD72B37C ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe
22:31:01.0858 0x09fc  StartCCC - ok
22:31:01.0890 0x09fc  [ 17716C3DD52BF815291D80FAAF329AC7, 3E42FBED89BF8CE6C0EE8C97C050358ED98577BB1DDFA93CDE25F431FC55138E ] C:\WINDOWS\jmesoft\hotkey.exe
22:31:01.0905 0x09fc  jmekey - detected UnsignedFile.Multi.Generic ( 1 )
22:31:01.0905 0x09fc  jmekey ( UnsignedFile.Multi.Generic ) - warning
22:31:01.0920 0x09fc  [ A7464F6ED03611109F435218E424AAB8, 2C582D2E97F5AE97D1FBEC0493DF45A8EAF2D2CA93048556FD11B4AAA09956E6 ] C:\Windows\jmesoft\ServiceLoader.exe
22:31:01.0936 0x09fc  jmesoft - detected UnsignedFile.Multi.Generic ( 1 )
22:31:01.0936 0x09fc  jmesoft ( UnsignedFile.Multi.Generic ) - warning
22:31:01.0999 0x09fc  [ 50299DBA20F8A1735830914777B55932, 7A8864A9FA81BF6C53797B7B8FCC2199B812A7E913D35387A0C5C63C170BAC02 ] C:\Program Files\Lenovo\LVT\LJYZ.exe
22:31:02.0030 0x09fc  LVT - ok
22:31:02.0077 0x09fc  [ B29819926AD9A9F991E5927095262D1B, 4035412786398CF4C36453BB2919FCC328ED4C8F5CB730A89DCE7A2B16FFF287 ] C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
22:31:02.0108 0x09fc  mcpltui_exe - ok
22:31:02.0155 0x09fc  [ 0B427D9943C838620AFA30CBB24A6D77, 5A98B1405126F79846C810E739E964B11A4397F3DE597991308DB3C6AABB8F81 ] C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
22:31:02.0186 0x09fc  CLMLServer - ok
22:31:02.0217 0x09fc  [ 8F83160C43C61FC6775391B46B7C16BF, 648588126B2CD0B9F50F478BF4F7474137D1285061A3B22B56C1CB5B4FD3C3BF ] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe
22:31:02.0233 0x09fc  UpdateP2GoShortCut - ok
22:31:02.0264 0x09fc  [ C049C40CAEE8900130BD5F80B594CC7B, F54FC31662A9B8032B380793D534F34A0C63FED9C84DE313D17A61612EB31DC4 ] C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
22:31:02.0280 0x09fc  RemoteControl10 - ok
22:31:02.0311 0x09fc  [ 1385CE7ADFD546084E1E6D5E82C91D1C, 15EBA35046D9E6E73792746BE99F2A3843C4E84983637A26674C04308091D5C5 ] C:\Program Files (x86)\PDF24\pdf24.exe
22:31:02.0327 0x09fc  PDFPrint - ok
22:31:02.0358 0x09fc  [ 34D296AFC913E302953C70463EF09A48, BC413307CBC56C039EE8A05B51A56E14EF59678FBB33815AEB320078056C8CE7 ] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
22:31:02.0358 0x09fc  HP Software Update - ok
22:31:02.0405 0x09fc  [ 6F94A57D1F05A1A68C33D49B6751C8C6, D37ADB69E8FB2209F6DBD9A55E67800AAED35973DE0830878C6177BDCC073676 ] C:\Windows\System32\StikyNot.exe
22:31:02.0452 0x09fc  RESTART_STICKY_NOTES - ok
22:31:02.0561 0x09fc  AV detected via SS2: Avira Antivirus, C:\Program Files (x86)\Avira\AntiVir Desktop\wsctool.exe ( 15.0.11.550 ), 0x41000 ( enabled : updated )
22:31:02.0577 0x09fc  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.7.205.0 ), 0x60100 ( disabled : updated )
22:31:02.0577 0x09fc  FW detected via SS2: McAfee Firewall, C:\Program Files\McAfee.com\Agent\mcupdate.exe ( 14.0.0.0 ), 0x51010 ( enabled )
22:31:02.0577 0x09fc  ============================================================
22:31:02.0577 0x09fc  Scan finished
22:31:02.0577 0x09fc  ============================================================
22:31:02.0592 0x1268  Detected object count: 3
22:31:02.0592 0x1268  Actual detected object count: 3
22:31:42.0890 0x1268  JME Keyboard ( UnsignedFile.Multi.Generic ) - skipped by user
22:31:42.0890 0x1268  JME Keyboard ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:31:42.0890 0x1268  jmekey ( UnsignedFile.Multi.Generic ) - skipped by user
22:31:42.0890 0x1268  jmekey ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:31:42.0890 0x1268  jmesoft ( UnsignedFile.Multi.Generic ) - skipped by user
22:31:42.0890 0x1268  jmesoft ( UnsignedFile.Multi.Generic ) - User select action: Skip
         
__________________

Alt 24.06.2015, 14:20   #4
M-K-D-B
/// TB-Ausbilder
 
Win8.1 hat 4 Viren:GenericPOP.x , TR/Dropper.MSIL.Gen,ADWARE.Gen7 und Artemis.. - Standard

Win8.1 hat 4 Viren:GenericPOP.x , TR/Dropper.MSIL.Gen,ADWARE.Gen7 und Artemis..



Servus,





So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke aauf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Danke für deine Mitarbeit!







bitte nochmal die folgenden Programme in der angegebenen Reihenfolge ausführen und alle Funde entfernen lassen und die Logdateien dazu posten:

1. AdwCleaner
2. MBAM
3. JRT


Und dann noch ein frisches Logfile bitte:
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.
__________________
Gruß
M-K-D-B



Das Trojaner-Board unterstützen

Alt 24.06.2015, 15:31   #5
H4VPHKARU
 
Win8.1 hat 4 Viren:GenericPOP.x , TR/Dropper.MSIL.Gen,ADWARE.Gen7 und Artemis.. - Standard

Win8.1 hat 4 Viren:GenericPOP.x , TR/Dropper.MSIL.Gen,ADWARE.Gen7 und Artemis..



Hi Matthias , hier sind die logfiles ,aber die FRST file hat wieder 500 kb gehabt ,
also ist sie gezippt .



Code:
ATTFilter
# AdwCleaner v4.206 - Bericht erstellt 24/06/2015 um 14:54:12
# Aktualisiert 01/06/2015 von Xplode
# Datenbank : 2015-05-31.5 [Lokal]
# Betriebssystem : Windows 8.1  (x64)
# Benutzername : Hikaru - HIKARU-UKE
# Gestarted von : C:\Users\Hikaru\Desktop\adwcleaner_4.206.exe
# Option : Löschen

***** [ Dienste ] *****


**** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Program Files (x86)\LenovoBrowserGuard
Ordner Gelöscht : C:\Users\Hikaru\AppData\Local\LenovoBrowserGuard

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\LenovoBrowserGuard
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LenovoBrowserGuard

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17840


-\\ Google Chrome v


*************************

AdwCleaner[R0].txt - [7535 Bytes] - [19/06/2015 14:48:28]
AdwCleaner[R1].txt - [1671 Bytes] - [20/06/2015 15:56:42]
AdwCleaner[R2].txt - [1273 Bytes] - [24/06/2015 14:52:27]
AdwCleaner[S0].txt - [6816 Bytes] - [19/06/2015 14:55:00]
AdwCleaner[S1].txt - [1539 Bytes] - [20/06/2015 15:58:23]
AdwCleaner[S2].txt - [1193 Bytes] - [24/06/2015 14:54:12]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1252  Bytes] ##########
         
scanlog mbam
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 24.06.2015
Suchlauf-Zeit: 14:56:34
Logdatei: mbam24.6-1.txt
Administrator: Ja

Version: 2.01.6.1022
Malware Datenbank: v2015.06.20.02
Rootkit Datenbank: v2015.06.15.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Hikaru

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 345618
Verstrichene Zeit: 11 Min, 43 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 0
(Keine schädliche Elemente gefunden)

Registrierungswerte: 0
(Keine schädliche Elemente gefunden)

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 0
(Keine schädliche Elemente gefunden)

Dateien: 0
(Keine schädliche Elemente gefunden)

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)
         
mbam prtection log

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org


Error, 24.06.2015 14:55:14, SYSTEM, HIKARU-UKE, Protection, IsLicensed, 13, 
Protection, 24.06.2015 14:55:14, SYSTEM, HIKARU-UKE, Protection, Malware Protection, Stopping, 
Protection, 24.06.2015 14:55:14, SYSTEM, HIKARU-UKE, Protection, Malware Protection, Stopped, 
Update, 24.06.2015 14:56:34, SYSTEM, HIKARU-UKE, Manual, Failed, Unable to access update server, 
Scan, 24.06.2015 15:08:18, SYSTEM, HIKARU-UKE, Manual, Start: 24.06.2015 14:56:34, Dauer: 11 Minuten 43 Sekunden, Bedrohungs-Suchlauf, Abgeschlossen, 0 Malwareerkennung, "0" nicht-Malwareerkennung, 

(end)
         
jrt

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 7.0.1 (06.17.2015:2)
OS: Windows 8.1 x64
Ran by Hikaru on 24.06.2015 at 15:11:44,88
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 24.06.2015 at 15:13:50,58
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
addittion.txt

Code:
ATTFilter
Additional
FRST Logfile:
Code:
ATTFilter
scan result of Farbar Recovery Scan Tool (x64) Version:21-06-2015 01
Ran by Hikaru at 2015-06-24 15:15:42
Running from C:\Users\Hikaru\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-239342230-206131414-3666733320-500 - Administrator - Disabled)
Gast (S-1-5-21-239342230-206131414-3666733320-501 - Limited - Disabled)
Hikaru (S-1-5-21-239342230-206131414-3666733320-1002 - Administrator - Enabled) => C:\Users\Hikaru

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.144 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.160 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{3B367DD2-6E0F-ADBE-4510-5DD3F3B9D92A}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.11.574 - Avira Operations GmbH & Co. KG)
BEACON (HKLM-x32\...\{259BF8E7-28DB-461F-8D7F-7B6E267D2502}_is1) (Version: 1.4.0509.0 - Lenovo Inc.)
CLIP STUDIO PAINT (HKLM-x32\...\{E4F184C1-E62E-44F0-B142-AB6197490834}) (Version: 1.3.8 - CELSYS)
Content (x32 Version: 1.00.0000 - Your Company Name) Hidden
Corel Painter 11 - ICA (x32 Version: 11.0 - Corel Corporation) Hidden
Corel Painter 11 - IPM (x32 Version: 011 - Corel Corporation) Hidden
Corel Painter 11 (HKLM-x32\...\_{5B51BB5F-4E7C-4275-A653-E98534E9C1D2}) (Version:  - Corel Corporation)
Corel Painter 11 (x32 Version: 11.0 - Corel Corporation) Hidden
CyberLink MediaStory (HKLM-x32\...\InstallShield_{55762F9A-FCE3-45d5-817B-051218658423}) (Version: 1.0.1602 - CyberLink Corp.)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
Dependency Package Update (Version: 1.6.25.00 - Lenovo Inc.) Hidden
Dependency Package Update (Version: 1.6.29.00 - Lenovo Inc.) Hidden
Dependency Package Update (Version: 1.6.36.00 - Lenovo Inc.) Hidden
Die Sims 2 (HKLM-x32\...\{6E7DD182-9FC6-4651-0095-2E666CC6AF35}) (Version:  - )
Driver & Application Installation (HKLM-x32\...\{BFECCF2A-F094-4066-8BFA-29CCBB7F6602}) (Version: 6.13.0621 - Lenovo)
FamilySafetyGuide (HKLM-x32\...\{9A268503-5AB0-479E-9690-929BDEC55C00}) (Version: 1.00.0711 - lenovo)
Hightail for Lenovo (HKLM\...\{2F10E937-F6D7-4174-8AB9-B299E8FC5CEC}) (Version: 2.4.97.2751 - Hightail, Inc.)
HP Deskjet 2540 series - Grundlegende Software für das Gerät (HKLM\...\{6D7FCC52-8DDA-441C-849A-4BB7C7E3BF2E}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
HP Deskjet 2540 series Hilfe (HKLM-x32\...\{B3E5B153-CC4B-40F2-9802-288B0AF2A966}) (Version: 30.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
IconHandler 32 bit (x32 Version: 2.0 - Corel Corporation) Hidden
IconHandler 64 bit (Version: 2.0 - Corel Corporation) Hidden
Langauge (x32 Version: 1.00.0000 - Your Company Name) Hidden
Lenovo Assistant (HKLM-x32\...\{B2DE4F30-B8C7-49C0-85B9-2F37A5290F00}) (Version: 2.0.0.29 - Lenovo)
Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.6.13.0724 - Lenovo)
Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.25.00 - Lenovo Group Limited)
Lenovo Experience Improvement (HKLM\...\LenovoExperienceImprovement) (Version: 1.0.19.0 - Lenovo)
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.7 - CEWE COLOR AG u Co. OHG)
Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.7408 - CyberLink Corp.)
Lenovo Power2Go (x32 Version: 6.0.7408 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5723.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.5723.52 - CyberLink Corp.) Hidden
Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.1901 - CyberLink Corp.)
Lenovo Rescue System (Version: 4.0.0.1901 - CyberLink Corp.) Hidden
Lenovo SHAREit (HKLM-x32\...\Lenovo SHAREit_is1) (Version: 1.0.11.0 - Lenovo Group Limited)
Lenovo Solution Center (HKLM\...\{1CA74803-5CB2-4C03-BDBE-061EDC81CC7F}) (Version: 2.8.004.00 - Lenovo Group Limited)
LVT (HKLM-x32\...\{9E3469A6-443A-452C-BF44-8D7CE3A9A7E2}) (Version: 5.00.0914 - Lenovo)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
McAfee LiveSafe – Internet Security (HKLM-x32\...\MSC) (Version: 14.0.1029 - McAfee, Inc.)
Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Nitro Pro 9 (HKLM\...\{237990BC-415C-4CE8-B279-37892516D9F2}) (Version: 9.0.6.20 - Nitro)
PDF24 Creator 6.5.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.39054 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7106 - Realtek Semiconductor Corp.)
Setup (HKLM-x32\...\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}) (Version:  - )
Studie zur Verbesserung von HP Deskjet 2540 series (HKLM\...\{E1949FF0-9835-41AC-81E4-E6D9CDCBE49E}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

24-06-2015 11:14:21 Geplanter Prüfpunkt

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01A7284B-3E31-42E2-97A5-67AEEC918158} - \Emaenxsu No Task File <==== ATTENTION
Task: {07C46A96-D7B7-4CF2-BF1C-206E5575C72A} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {14741805-5D43-4A23-A500-70A1589D4184} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {190FFCA9-85C7-41E1-AC00-D0B049212C89} - \Winsta Update No Task File <==== ATTENTION
Task: {3B2DAE9D-6692-47F9-B0CB-267FD607CDAD} - System32\Tasks\HPCustParticipation HP Deskjet 2540 series => C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPCustPartic.exe [2013-08-13] (Hewlett-Packard Co.)
Task: {43032A1F-1912-474D-B219-70ECF3E41D57} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {45DA55EA-769E-4134-B2E0-498F33E307BA} - System32\Tasks\OFFICE2013ACT => C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs [2012-03-08] ()
Task: {4CD8EF42-014C-431C-B40B-52AE61986C4E} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe [2014-05-21] ()
Task: {7850D162-919D-4A85-9C1F-7B9C54565ABB} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {78E05431-1107-4FDF-8081-960AED57E308} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-06] (Microsoft Corporation)
Task: {8B4FACFD-472C-46C5-AE39-2C9D6B3F1367} - System32\Tasks\Lenovo\LSC\LSCTaskService => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCTaskService.exe [2015-03-09] (Lenovo)
Task: {944EC7A6-A629-4835-9DF6-C1844F6CDD7E} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2015-03-09] ()
Task: {999E23E7-DD91-4BB1-A7A1-BEC45DB79596} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {9E46E803-4A0E-4C95-B336-3DFA9688CF43} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {A738AFB9-328A-459E-9D9B-59E4BD0E5AD7} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo)
Task: {A92E79B0-FE62-4F50-A80C-E3F722FFDDE0} - System32\Tasks\Lenovo\Experience Improvement => C:\Program Files\Lenovo\ExperienceImprovement\LenovoExperienceImprovement.exe [2015-06-11] (Lenovo)
Task: {C28480F3-F0FB-4DA8-B5B2-10D75ACB7FBE} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {C8786A9E-5F94-4D87-B17E-D85DBC65A838} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-03-07] (Adobe Systems Incorporated)
Task: {CF1C55DF-98C9-4966-86DB-67519D498B3D} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-12] (Adobe Systems Incorporated)
Task: {CFF6D8EF-56A6-44CC-AB7F-B17830FFDBF6} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {E1571395-D58C-49AB-A0DF-4649E024EC17} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-05-27] (Microsoft Corporation)
Task: {E866D120-2739-4966-834F-7DD037EBE9CB} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattel\DiagTrackRunner.exe [2015-03-16] (Microsoft Corporation)
Task: {F028ECE7-B884-477B-9363-A39D281322E9} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Time-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (Whitelisted) ==============


==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\Hikaru\OneDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-239342230-206131414-3666733320-1002\Control Panel\Desktop\\Wallpaper -> E:\p-es lohnt sich\manga\my anime clip\woah!.jpg
HKU\S-1-5-21-239342230-206131414-3666733320-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> E:\p-es lohnt sich\manga\my anime clip\woah!.jpg
DNS Servers: Media is not connected to internet.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{05804A18-B410-462F-BFB6-5C779B59475F}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{71113D8F-B56B-43BF-8824-037E61A53747}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{1E1D15FF-4D5B-4EF4-BBCF-EC71C0F86424}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{3557079B-C9EC-4511-87BC-D058F1A138B1}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{F2E8AB92-3E7D-444E-8323-07D2CD4E5F3C}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{0A1E8F1D-AD34-445E-BE66-18C60131318A}] => (Allow) C:\Program Files (x86)\lenovo\SHAREit\SHAREit.exe
FirewallRules: [{C6C61864-C1F7-4B26-A1B7-FB80D7C895E1}] => (Allow) C:\Program Files (x86)\lenovo\SHAREit\SHAREit.exe
FirewallRules: [{A414C907-CF5F-4532-9982-D8F0677E24D1}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\DeviceSetup.exe
FirewallRules: [{CEDC01ED-A510-4C04-B063-CA12B4C93B19}] => (Allow) LPort=5357
FirewallRules: [{EA9FFA53-1F69-4F3F-999B-47653B7FD586}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{62923A26-3354-4756-8D2A-116BDDFCD275}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{B8BE5CBC-1DB2-43D3-AA2F-6E3FC87F3447}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{8C71827F-0F8B-437A-9D01-A1ED3C17BB67}] => (Allow) C:\Users\Hikaru\AppData\Local\BoBrowser\Application\bobrowser.exe
FirewallRules: [{4F179252-BEA9-442B-A821-E035B478046A}] => (Allow) C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/24/2015 00:02:17 AM) (Source: Adobe Reader) (EventID: 16) (User: )
Description: 

Error: (06/23/2015 07:56:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: GWXUX.exe, Version: 6.3.9600.17813, Zeitstempel: 0x554a15f3
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17736, Zeitstempel: 0x550f4336
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000003d85e
ID des fehlerhaften Prozesses: 0xc34
Startzeit der fehlerhaften Anwendung: 0xGWXUX.exe0
Pfad der fehlerhaften Anwendung: GWXUX.exe1
Pfad des fehlerhaften Moduls: GWXUX.exe2
Berichtskennung: GWXUX.exe3
Vollständiger Name des fehlerhaften Pakets: GWXUX.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: GWXUX.exe5

Error: (06/22/2015 11:36:32 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description: 

Error: (06/22/2015 10:40:19 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description: 

Error: (06/22/2015 10:35:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: GWXUX.exe, Version: 6.3.9600.17813, Zeitstempel: 0x554a15f3
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17736, Zeitstempel: 0x550f4336
Ausnahmecode: 0xc0000008
Fehleroffset: 0x00000000000ec180
ID des fehlerhaften Prozesses: 0x11b8
Startzeit der fehlerhaften Anwendung: 0xGWXUX.exe0
Pfad der fehlerhaften Anwendung: GWXUX.exe1
Pfad des fehlerhaften Moduls: GWXUX.exe2
Berichtskennung: GWXUX.exe3
Vollständiger Name des fehlerhaften Pakets: GWXUX.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: GWXUX.exe5

Error: (06/21/2015 11:56:35 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description: 

Error: (06/21/2015 03:42:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: GWXUX.exe, Version: 6.3.9600.17813, Zeitstempel: 0x554a15f3
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17736, Zeitstempel: 0x550f4336
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000003d85e
ID des fehlerhaften Prozesses: 0x75c
Startzeit der fehlerhaften Anwendung: 0xGWXUX.exe0
Pfad der fehlerhaften Anwendung: GWXUX.exe1
Pfad des fehlerhaften Moduls: GWXUX.exe2
Berichtskennung: GWXUX.exe3
Vollständiger Name des fehlerhaften Pakets: GWXUX.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: GWXUX.exe5

Error: (06/20/2015 03:56:28 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm mbar.exe, Version 1.9.1.1004 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 12ec

Startzeit: 01d0ab6062545e16

Endzeit: 13311

Anwendungspfad: C:\Users\Hikaru\Desktop\mbar\mbar.exe

Berichts-ID: 1b75cf84-1754-11e5-8266-4437e6e88be4

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (06/19/2015 01:22:05 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary scfd_1_10_0_16.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (06/19/2015 00:43:35 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary scfd_1_10_0_16.

System Error:
Das System kann die angegebene Datei nicht finden.
.


System errors:
=============
Error: (06/24/2015 03:12:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Email-Schutz" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/24/2015 03:12:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Cyberlink RichVideo64 Service(CRVS)" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/24/2015 03:12:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Protexis Licensing V2" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/24/2015 03:12:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Lenovo System Agent Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/24/2015 03:12:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "JME Keyboard Driver" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/24/2015 03:12:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "AMD FUEL Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/24/2015 03:12:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Adobe Acrobat Update Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/24/2015 03:12:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Druckwarteschlange" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/24/2015 03:12:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "AMD External Events Utility" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/24/2015 02:55:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "mail update Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2


Microsoft Office:
=========================
Error: (06/24/2015 00:02:17 AM) (Source: Adobe Reader) (EventID: 16) (User: )
Description: 

Error: (06/23/2015 07:56:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: GWXUX.exe6.3.9600.17813554a15f3ntdll.dll6.3.9600.17736550f4336c0000005000000000003d85ec3401d0adddfa3639a0C:\WINDOWS\System32\GWX\GWXUX.exeC:\WINDOWS\SYSTEM32\ntdll.dll387b5ae4-19d1-11e5-8269-4437e6e88be4

Error: (06/22/2015 11:36:32 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description: 

Error: (06/22/2015 10:40:19 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description: 

Error: (06/22/2015 10:35:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: GWXUX.exe6.3.9600.17813554a15f3ntdll.dll6.3.9600.17736550f4336c000000800000000000ec18011b801d0ad2af31351ccC:\WINDOWS\System32\GWX\GWXUX.exeC:\WINDOWS\SYSTEM32\ntdll.dll314ed7f8-191e-11e5-8269-4437e6e88be4

Error: (06/21/2015 11:56:35 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description: 

Error: (06/21/2015 03:42:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: GWXUX.exe6.3.9600.17813554a15f3ntdll.dll6.3.9600.17736550f4336c0000005000000000003d85e75c01d0ac280ae166e3C:\WINDOWS\System32\GWX\GWXUX.exeC:\WINDOWS\SYSTEM32\ntdll.dll4bdeb74e-181b-11e5-8269-4437e6e88be4

Error: (06/20/2015 03:56:28 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: mbar.exe1.9.1.100412ec01d0ab6062545e1613311C:\Users\Hikaru\Desktop\mbar\mbar.exe1b75cf84-1754-11e5-8266-4437e6e88be4

Error: (06/19/2015 01:22:05 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary scfd_1_10_0_16.

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (06/19/2015 00:43:35 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary scfd_1_10_0_16.

System Error:
Das System kann die angegebene Datei nicht finden.


CodeIntegrity Errors:
===================================
  Date: 2015-06-17 23:29:26.855
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exe that did not meet the Microsoft signing level requirements.


==================== Memory info =========================== 

Processor: AMD A10-7800 Radeon R7, 12 Compute Cores 4C+8G 
Percentage of memory in use: 17%
Total physical RAM: 7093.19 MB
Available physical RAM: 5886.44 MB
Total Pagefile: 14517.19 MB
Available Pagefile: 12908.66 MB
Total Virtual: 131072 MB
Available Virtual: 131071.81 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:905.25 GB) (Free:861.69 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 1746FBBD)

Partition: GPT Partition Type.

==================== End of log ============================
         
--- --- ---

Angehängte Dateien
Dateityp: zip FRST.zip (64,1 KB, 18x aufgerufen)

Alt 24.06.2015, 17:09   #6
M-K-D-B
/// TB-Ausbilder
 
Win8.1 hat 4 Viren:GenericPOP.x , TR/Dropper.MSIL.Gen,ADWARE.Gen7 und Artemis.. - Standard

Win8.1 hat 4 Viren:GenericPOP.x , TR/Dropper.MSIL.Gen,ADWARE.Gen7 und Artemis..



Servus,


Wir entfernen die letzten Reste und kontrollieren nochmal alles. ESET kann länger (> 2 h) dauern.
Im Anschluss entfernen wir alle verwendeten Tools und ich gebe dir noch ein paar Tipps mit auf den Weg.




Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
ATTFilter
start
CloseProcesses:
S2 mailUpdate; C:\ProgramData\MailUpdate\mailUpdate.exe -service [X]
SearchScopes: HKU\S-1-5-21-239342230-206131414-3666733320-1002 -> {16C56A97-C4BD-433D-9355-D9B3814853D9} URL = 
SearchScopes: HKU\S-1-5-21-239342230-206131414-3666733320-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {16C56A97-C4BD-433D-9355-D9B3814853D9} URL = 
Task: {01A7284B-3E31-42E2-97A5-67AEEC918158} - \Emaenxsu No Task File <==== ATTENTION
Task: {190FFCA9-85C7-41E1-AC00-D0B049212C89} - \Winsta Update No Task File <==== ATTENTION
FirewallRules: [{8C71827F-0F8B-437A-9D01-A1ED3C17BB67}] => (Allow) C:\Users\Hikaru\AppData\Local\BoBrowser\Application\bobrowser.exe
FirewallRules: [{4F179252-BEA9-442B-A821-E035B478046A}] => (Allow) C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe
RemoveProxy:
EmptyTemp:
end
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.






Schritt 2

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset






Schritt 3
Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei des FRST-Fix,
  • die Logdatei von ESET,
  • die Logdatei von SecurityCheck.
__________________
--> Win8.1 hat 4 Viren:GenericPOP.x , TR/Dropper.MSIL.Gen,ADWARE.Gen7 und Artemis..

Alt 24.06.2015, 21:24   #7
H4VPHKARU
 
Win8.1 hat 4 Viren:GenericPOP.x , TR/Dropper.MSIL.Gen,ADWARE.Gen7 und Artemis.. - Standard

Win8.1 hat 4 Viren:GenericPOP.x , TR/Dropper.MSIL.Gen,ADWARE.Gen7 und Artemis..



N'Abend ,
hier ist die FRST fIxlog :

Code:
ATTFilter
Fix result of Farbar Recovery Scan Tool (x64) Version:21-06-2015 01
Ran by Hikaru at 2015-06-24 18:40:00 Run:1
Running from C:\Users\Hikaru\Desktop
Loaded Profiles: Hikaru &  (Available Profiles: Hikaru)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CloseProcesses:
S2 mailUpdate; C:\ProgramData\MailUpdate\mailUpdate.exe -service [X]
SearchScopes: HKU\S-1-5-21-239342230-206131414-3666733320-1002 -> {16C56A97-C4BD-433D-9355-D9B3814853D9} URL = 
SearchScopes: HKU\S-1-5-21-239342230-206131414-3666733320-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {16C56A97-C4BD-433D-9355-D9B3814853D9} URL = 
Task: {01A7284B-3E31-42E2-97A5-67AEEC918158} - \Emaenxsu No Task File <==== ATTENTION
Task: {190FFCA9-85C7-41E1-AC00-D0B049212C89} - \Winsta Update No Task File <==== ATTENTION
FirewallRules: [{8C71827F-0F8B-437A-9D01-A1ED3C17BB67}] => (Allow) C:\Users\Hikaru\AppData\Local\BoBrowser\Application\bobrowser.exe
FirewallRules: [{4F179252-BEA9-442B-A821-E035B478046A}] => (Allow) C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe
RemoveProxy:
EmptyTemp:
end
      
*****************

Processes closed successfully.
mailUpdate => Service removed successfully
"HKU\S-1-5-21-239342230-206131414-3666733320-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{16C56A97-C4BD-433D-9355-D9B3814853D9}" => key removed successfully
HKCR\CLSID\{16C56A97-C4BD-433D-9355-D9B3814853D9} => key not found. 
"HKU\S-1-5-21-239342230-206131414-3666733320-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{16C56A97-C4BD-433D-9355-D9B3814853D9}" => key removed successfully
HKCR\CLSID\{16C56A97-C4BD-433D-9355-D9B3814853D9} => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{01A7284B-3E31-42E2-97A5-67AEEC918158}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{01A7284B-3E31-42E2-97A5-67AEEC918158}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Emaenxsu" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{190FFCA9-85C7-41E1-AC00-D0B049212C89}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{190FFCA9-85C7-41E1-AC00-D0B049212C89}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Winsta Update" => key removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8C71827F-0F8B-437A-9D01-A1ED3C17BB67} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4F179252-BEA9-442B-A821-E035B478046A} => value removed successfully

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-239342230-206131414-3666733320-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-239342230-206131414-3666733320-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-239342230-206131414-3666733320-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-239342230-206131414-3666733320-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========

EmptyTemp: => 732.5 MB temporary data Removed.


The system needed a reboot.. 

==== End of Fixlog 18:40:31 ====
         
ESET:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=d02caeca3c90e348863edc84b853a2fe
# end=init
# utc_time=2015-06-24 05:18:22
# local_time=2015-06-24 07:18:22 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT 
Update Init
Update Download
Update Finalize
Updated modules version: 24482
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=d02caeca3c90e348863edc84b853a2fe
# end=updated
# utc_time=2015-06-24 05:21:29
# local_time=2015-06-24 07:21:29 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT 
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=d02caeca3c90e348863edc84b853a2fe
# engine=24482
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-06-24 07:00:19
# local_time=2015-06-24 09:00:19 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 954528 60053712 0 0
# scanned=324718
# found=12
# cleaned=0
# scan_time=5930
sh=6DE39BA2182720CDEB45E8B9936CDC07EAB52085 ft=1 fh=a289755de31c3d50 vn="Variante von Win32/Conduit.SearchProtect.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LenovoBrowserGuard\LenovoBrowserGuard\bin\cltmng.exe.vir"
sh=713A353AC8CEF22000E5640F0DB9155BBF245491 ft=1 fh=c58d002dc5bd92a3 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPTool64.exe.vir"
sh=6C9A4683E78599CDCB2F5FDA91AA49E61ED9858C ft=1 fh=5601d77d4e6a9c3c vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC32.dll.vir"
sh=DAA572BB067FAE9152ACE0450D532296B8DBE026 ft=1 fh=9fa1d9f57ff7247a vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC32Loader.dll.vir"
sh=1BE5A8E26AF3A963669AF440AE8C7501F20159AC ft=1 fh=7c9cd284f3175fea vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC64.dll.vir"
sh=63E6C5AC0021F16B40DBF00DAA68C4E09676DD4B ft=1 fh=add9d73cb55e69cf vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC64Loader.dll.vir"
sh=EA6717E7E8489F91FD4BA34BA7763A03597F04AA ft=1 fh=35b314d511d4babd vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LenovoBrowserGuard\Main\bin\CltMngSvc.exe.vir"
sh=FFA86971C39536FEFAE13BBE7D597600C6699098 ft=1 fh=adb1763c5f5104b9 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LenovoBrowserGuard\Main\bin\SPTool.dll.vir"
sh=1923F473B9710CC8072E28CEE49AA5AC8C62E2AF ft=1 fh=40e068b85a9362d6 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LenovoBrowserGuard\Main\bin\uninstall.exe.vir"
sh=524E998587FBEC044FA27244D6D742F4B4D19CEB ft=1 fh=e7e84e08d468813d vn="Variante von Win32/Conduit.SearchProtect.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LenovoBrowserGuard\UI\bin\cltmngui.exe.vir"
sh=97F7C1011A73443860463BB24240AA099E1960A4 ft=1 fh=194dba6be4004f73 vn="Variante von Win32/InstallIQ.A evtl. unerwünschte Anwendung" ac=I fn="F:\collect\texturesbrushes\brushes-searchmodify\whatever\gimp_31.exe"
sh=6B3FC04C49FA646056EF9E546F9E823ADE523616 ft=0 fh=0000000000000000 vn="Variante von Win32/InstallIQ.A evtl. unerwünschte Anwendung" ac=I fn="F:\Storytelling\safekeeping\to facebook\1brushes.zip"
         
Und Security Check

Code:
ATTFilter
 Results of screen317's Security Check version 1.004  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Security Center service is not running! This report may not be accurate! 
Avira Antivirus    
Windows Defender   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Adobe Flash Player 	18.0.0.160  
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````
         

Alt 24.06.2015, 22:10   #8
M-K-D-B
/// TB-Ausbilder
 
Win8.1 hat 4 Viren:GenericPOP.x , TR/Dropper.MSIL.Gen,ADWARE.Gen7 und Artemis.. - Standard

Win8.1 hat 4 Viren:GenericPOP.x , TR/Dropper.MSIL.Gen,ADWARE.Gen7 und Artemis..



Servus,



Downloade dir bitte Farbar Service Scanner Farbar Service Scanner
  • Starte das Tool mit Doppelklick auf die FSS.exe
  • Gehe sicher, dass folgende Optionen angehakt sind.
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Klicke auf Scan.
  • Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.

Poste bitte den Inhalt hier.


__________________
Gruß
M-K-D-B



Das Trojaner-Board unterstützen

Alt 24.06.2015, 23:29   #9
H4VPHKARU
 
Win8.1 hat 4 Viren:GenericPOP.x , TR/Dropper.MSIL.Gen,ADWARE.Gen7 und Artemis.. - Standard

Win8.1 hat 4 Viren:GenericPOP.x , TR/Dropper.MSIL.Gen,ADWARE.Gen7 und Artemis..



Hi ,
ich verstehe nicht ganz ,die Windows Firewall ist deaktiviert ?
Ich habe zweimal geprueft und es sagt es ist Aktiv .
Habe ich irgendwas nicht richtig angestellt ?

Hier die FSS.txt Datei und :

Code:
ATTFilter
Farbar Service Scanner Version: 17-01-2015
Ran by Hikaru (administrator) on 24-06-2015 at 23:16:38
Running from "C:\Users\Hikaru\Desktop"
Microsoft Windows 8.1  (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy: 
==================


System Restore:
============

System Restore Policy: 
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy: 
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".


Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****
         

Alt 25.06.2015, 14:46   #10
M-K-D-B
/// TB-Ausbilder
 
Win8.1 hat 4 Viren:GenericPOP.x , TR/Dropper.MSIL.Gen,ADWARE.Gen7 und Artemis.. - Standard

Win8.1 hat 4 Viren:GenericPOP.x , TR/Dropper.MSIL.Gen,ADWARE.Gen7 und Artemis..



Servus,


gibt es aktuell noch Probleme mit Adware/Malware? Wenn ja, welche und welche Browser sind betroffen?
__________________
Gruß
M-K-D-B



Das Trojaner-Board unterstützen

Alt 25.06.2015, 15:33   #11
H4VPHKARU
 
Win8.1 hat 4 Viren:GenericPOP.x , TR/Dropper.MSIL.Gen,ADWARE.Gen7 und Artemis.. - Standard

Win8.1 hat 4 Viren:GenericPOP.x , TR/Dropper.MSIL.Gen,ADWARE.Gen7 und Artemis..



Laeuft alles Einwandfrei , also bin ich nun sicher ? Danke Dir !

Alt 25.06.2015, 20:41   #12
M-K-D-B
/// TB-Ausbilder
 
Win8.1 hat 4 Viren:GenericPOP.x , TR/Dropper.MSIL.Gen,ADWARE.Gen7 und Artemis.. - Standard

Win8.1 hat 4 Viren:GenericPOP.x , TR/Dropper.MSIL.Gen,ADWARE.Gen7 und Artemis..



Wenn du keine Probleme mehr mit Malware hast, dann sind wir hier fertig. Deine Logdateien sind sauber.
Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.


Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

Falls Combofix verwendet wurde:
Combofix deinstallieren
  • Wichtig: Bitte Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.
  • Drücke bitte die + R Taste und schreibe Combofix /Uninstall in das Ausführen-Fenster.
  • Klicke auf OK.
    Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert.
  • Nun die eben deaktivierten Programme wieder aktivieren.

Alle Logs gepostet? Dann lade Dir bitte DelFix herunter.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...und/oder das Forum mit einer kleinen Spende unterstützen.


Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:

Browser
Java
Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Verwende ein einziges der folgenden Antivirusprogramme mit Echtzeitscanner und stets aktueller Signaturendatenbank:

   
 
 


Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:
Adblock Plus Kann Banner, Pop-ups, Videowerbung, Tracking und Malware-Seiten blockieren.
NoScript Verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.
Ghostery Erkennt und blockiert Tracker, Web Bugs, Pixel und Beacons und weitere Scripte, die das Surfverhalten ausspähen/beobachten.
Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.


Lade Software von einem sauberen Portal wie .
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner .


Abschließend noch ein paar grundsätzliche Bemerkungen:
Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.
__________________
Gruß
M-K-D-B



Das Trojaner-Board unterstützen

Alt 26.06.2015, 14:00   #13
H4VPHKARU
 
Win8.1 hat 4 Viren:GenericPOP.x , TR/Dropper.MSIL.Gen,ADWARE.Gen7 und Artemis.. - Standard

Win8.1 hat 4 Viren:GenericPOP.x , TR/Dropper.MSIL.Gen,ADWARE.Gen7 und Artemis..



Alles erledigt .

Alt 26.06.2015, 21:16   #14
M-K-D-B
/// TB-Ausbilder
 
Win8.1 hat 4 Viren:GenericPOP.x , TR/Dropper.MSIL.Gen,ADWARE.Gen7 und Artemis.. - Standard

Win8.1 hat 4 Viren:GenericPOP.x , TR/Dropper.MSIL.Gen,ADWARE.Gen7 und Artemis..



Ich bin froh, dass wir helfen konnten

In diesem Forum kannst du eine kurze Rückmeldung zur Bereinigung abgeben, sofern du das möchtest:
Lob, Kritik und Wünsche
Klicke dazu auf den Button "NEUES THEMA" und poste ein kleines Feedback. Vielen Dank!

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen.
__________________
Gruß
M-K-D-B



Das Trojaner-Board unterstützen

Antwort

Themen zu Win8.1 hat 4 Viren:GenericPOP.x , TR/Dropper.MSIL.Gen,ADWARE.Gen7 und Artemis..
adware.gen7, angst, anime, anleitung, antivirus, artemis!, avira, benutzte, beste, bobrowser, faust, feedback, funde, genericpop.x, gmer, install.exe, installier, installierte, interne, internet, launch, leitung, logfiles, malwarebytes, namen, onedrive, programme, removal, schritt, seitdem, tool, tr/dropper.msil.gen, viren, win, wirklich



Ähnliche Themen: Win8.1 hat 4 Viren:GenericPOP.x , TR/Dropper.MSIL.Gen,ADWARE.Gen7 und Artemis..


  1. Windows 7 nach Datei download Virenbefall (ADWARE/SuperFish.342192 und ADWARE/CrossRider.Gen7)
    Log-Analyse und Auswertung - 23.07.2015 (36)
  2. Viren (APPL/RedCap (Cloud), SPR/Agent.dkb, TR/Drop.Rotbrow.K.1, ADWARE/InstallCore.Gen7 und zweimal ADWARE/BHO.Bprotector.1.4).
    Plagegeister aller Art und deren Bekämpfung - 10.05.2015 (7)
  3. Windows 7: TR/Crypt.XPACK.Gen7, ADWARE/Adware.Gen7
    Plagegeister aller Art und deren Bekämpfung - 23.03.2015 (9)
  4. [Win8.1] TR/Dropper.MSIL.Gen wurde gefunden
    Log-Analyse und Auswertung - 11.02.2015 (11)
  5. Win7 64Bit ADWARE/Adware.Gen7 , 'TR/Rogue.230400.8
    Log-Analyse und Auswertung - 31.01.2015 (24)
  6. ADWARE/Adware.gen7 + vllt noch andere Sachen auf dem PC/ CD-Laufwerk geht nicht mehr
    Plagegeister aller Art und deren Bekämpfung - 30.01.2015 (3)
  7. Adware.Gen7 - Adware/Cherished.oia - Adware/InstallCore.Gen9 - TR/Trash.Gen bei Antivir gefunden
    Plagegeister aller Art und deren Bekämpfung - 03.12.2014 (13)
  8. Win7/Avira meldet ADWARE/Adware.Gen7
    Log-Analyse und Auswertung - 24.11.2014 (8)
  9. TR/Dropper.MSIL.Gen gefunden
    Plagegeister aller Art und deren Bekämpfung - 25.06.2014 (12)
  10. TR/Dropper.MSIL.GEN
    Log-Analyse und Auswertung - 31.05.2014 (5)
  11. Trojaner gefunden TR/Dldr.Agent.314440 und verschiedene Adwares ADWARE/EoRezo.AF, ADWARE/Adware.Gen7, ADWARE/AgentCV.A.2919
    Log-Analyse und Auswertung - 02.05.2014 (19)
  12. Adware:MSIL/Yontoo
    Plagegeister aller Art und deren Bekämpfung - 10.01.2014 (25)
  13. Der Virus ADWARE/Adware.Gen7 taucht immer wieder auf!
    Plagegeister aller Art und deren Bekämpfung - 27.12.2013 (3)
  14. ADWARE/Adware.Gen7 .....Problem
    Log-Analyse und Auswertung - 07.10.2013 (8)
  15. Trojaner seit gestern TR/Dropper.Gen + ADWARE/INstallCore.Gen7 wie entfernen?
    Plagegeister aller Art und deren Bekämpfung - 30.08.2013 (10)
  16. ADWARE/Adware.Gen7 gefunden Was soll ich machen?
    Plagegeister aller Art und deren Bekämpfung - 02.06.2013 (20)
  17. ADWARE/Adware.Gen7 Datei einfach löschen?
    Log-Analyse und Auswertung - 15.05.2013 (9)

Zum Thema Win8.1 hat 4 Viren:GenericPOP.x , TR/Dropper.MSIL.Gen,ADWARE.Gen7 und Artemis.. - Hallo, Mein Avira Antivirus fand 4 Viren auf meinen Win8.1 Pc am 17.06.2015,die Namen der Viren sind; GenericPOP.x , TR/Dropper.MSIL.Gen,ADWARE.Gen7, Artemis!4FBA8E1ECB31.Ich ging nach einer Anleitung im Internet und benutzte die - Win8.1 hat 4 Viren:GenericPOP.x , TR/Dropper.MSIL.Gen,ADWARE.Gen7 und Artemis.....
Archiv
Du betrachtest: Win8.1 hat 4 Viren:GenericPOP.x , TR/Dropper.MSIL.Gen,ADWARE.Gen7 und Artemis.. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.