Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows7: Trojaner, registy befallen, HKU, HKCU

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 29.11.2015, 19:52   #1
Marie Schauk
 
Windows7: Trojaner, registy befallen, HKU, HKCU - Standard

Windows7: Trojaner, registy befallen, HKU, HKCU



AVIRA hat einen Virus/ Trojaner gefunden.
Habe die betreffenden Dateien in Quarantäne geschickt.
In den Tagen danach kamen erneut zwei Virusmeldungen.
Habe Malware heruntergeladen, Suche ergab keine Treffer.
Systemprüfung mit AdwCleaner: 2 Funde in der Registy.

Kann mir jemand helfen, den Virus/ Trojaner komplett zu entfernen?
Untenstehend die LOG vom AdwCleaner
und die letzte logfile von Avira

Vielen, herzlichen Dank, Marie

AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v5.022 - Bericht erstellt am 29/11/2015 um 20:19:08
# Aktualisiert am 22/11/2015 von Xplode
# Datenbank : 2015-11-29.2 [Server]
# Betriebssystem : Windows 7 Professional Service Pack 1 (x64)
# Benutzername : Marie-Luise - MARIE-NOTEBOOK
# Gestartet von : C:\Users\Marie-Luise\Desktop\adwcleaner_5.022.exe
# Option : Löschen
# Unterstützung : hxxp://toolslib.net/forum

***** [ Dienste ] *****


***** [ Ordner ] *****


***** [ Dateien ] *****


***** [ DLLs ] *****


***** [ Verknüpfungen ] *****


***** [ Aufgabenplanung ] *****


***** [ Registrierungsdatenbank ] *****

[-] Schlüssel Gelöscht : HKCU\Software\OCS
[-] Schlüssel Gelöscht : HKU\S-1-5-21-1401465016-1591747146-3379758321-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\OCS

***** [ Internetbrowser ] *****


*************************

:: "Tracing" Schlüssel gelöscht
:: Winsock Einstellungen zurückgesetzt

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [944 Bytes] ##########
         
--- --- ---



Letzte logfile von Antivira:

Code:
ATTFilter
Free Antivirus
Erstellungsdatum der Reportdatei: Samstag, 28. November 2015  21:06


Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer   : Free
Seriennummer   : 0000149996-AVHOE-0000001
Plattform      : Windows 7 Professional
Windowsversion : (Service Pack 1)  [6.1.7601]
Boot Modus     : Normal gebootet
Benutzername   : SYSTEM
Computername   : MARIE-NOTEBOOK

Versionsinformationen:
BUILD.DAT      : 15.0.13.210    92152 Bytes  05.10.2015 15:51:00
AVSCAN.EXE     : 15.0.13.202  1183208 Bytes  11.10.2015 18:10:03
AVSCANRC.DLL   : 15.0.13.158    67688 Bytes  11.10.2015 18:10:03
LUKE.DLL       : 15.0.13.190    69248 Bytes  11.10.2015 18:10:13
AVSCPLR.DLL    : 15.0.13.202   106352 Bytes  11.10.2015 18:10:03
REPAIR.DLL     : 15.0.13.193   517328 Bytes  11.10.2015 18:10:02
REPAIR.RDF     : 1.0.12.48    1359646 Bytes  27.11.2015 18:03:05
AVREG.DLL      : 15.0.13.193   339632 Bytes  11.10.2015 18:10:02
AVLODE.DLL     : 15.0.13.193   633688 Bytes  11.10.2015 18:10:01
AVLODE.RDF     : 14.0.5.6       84211 Bytes  31.08.2015 19:47:03
XBV00029.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:23:57
XBV00030.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:23:57
XBV00031.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:23:57
XBV00032.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:23:57
XBV00033.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:23:57
XBV00034.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:23:57
XBV00035.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:23:57
XBV00036.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:23:57
XBV00037.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:23:57
XBV00038.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:23:57
XBV00039.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:23:57
XBV00040.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:23:57
XBV00041.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:23:57
XBV00154.VDF   : 8.12.28.114     2048 Bytes  17.11.2015 18:02:59
XBV00155.VDF   : 8.12.28.114     2048 Bytes  17.11.2015 18:02:59
XBV00156.VDF   : 8.12.28.114     2048 Bytes  17.11.2015 18:02:59
XBV00157.VDF   : 8.12.28.114     2048 Bytes  17.11.2015 18:02:59
XBV00158.VDF   : 8.12.28.114     2048 Bytes  17.11.2015 18:03:00
XBV00159.VDF   : 8.12.28.114     2048 Bytes  17.11.2015 18:03:00
XBV00160.VDF   : 8.12.28.114     2048 Bytes  17.11.2015 18:03:00
XBV00161.VDF   : 8.12.28.114     2048 Bytes  17.11.2015 18:03:00
XBV00162.VDF   : 8.12.28.114     2048 Bytes  17.11.2015 18:03:00
XBV00163.VDF   : 8.12.28.114     2048 Bytes  17.11.2015 18:03:00
XBV00164.VDF   : 8.12.28.114     2048 Bytes  17.11.2015 18:03:00
XBV00165.VDF   : 8.12.28.114     2048 Bytes  17.11.2015 18:03:00
XBV00166.VDF   : 8.12.28.114     2048 Bytes  17.11.2015 18:03:00
XBV00167.VDF   : 8.12.28.114     2048 Bytes  17.11.2015 18:03:00
XBV00168.VDF   : 8.12.28.114     2048 Bytes  17.11.2015 18:03:00
XBV00169.VDF   : 8.12.28.114     2048 Bytes  17.11.2015 18:03:00
XBV00170.VDF   : 8.12.28.114     2048 Bytes  17.11.2015 18:03:00
XBV00171.VDF   : 8.12.28.114     2048 Bytes  17.11.2015 18:03:00
XBV00172.VDF   : 8.12.28.114     2048 Bytes  17.11.2015 18:03:00
XBV00173.VDF   : 8.12.28.114     2048 Bytes  17.11.2015 18:03:00
XBV00174.VDF   : 8.12.28.114     2048 Bytes  17.11.2015 18:03:00
XBV00175.VDF   : 8.12.28.114     2048 Bytes  17.11.2015 18:03:00
XBV00176.VDF   : 8.12.28.114     2048 Bytes  17.11.2015 18:03:00
XBV00177.VDF   : 8.12.28.114     2048 Bytes  17.11.2015 18:03:00
XBV00178.VDF   : 8.12.28.114     2048 Bytes  17.11.2015 18:03:00
XBV00179.VDF   : 8.12.28.114     2048 Bytes  17.11.2015 18:03:00
XBV00180.VDF   : 8.12.28.114     2048 Bytes  17.11.2015 18:03:00
XBV00181.VDF   : 8.12.28.114     2048 Bytes  17.11.2015 18:03:00
XBV00182.VDF   : 8.12.28.114     2048 Bytes  17.11.2015 18:03:00
XBV00183.VDF   : 8.12.28.114     2048 Bytes  17.11.2015 18:03:00
XBV00184.VDF   : 8.12.28.114     2048 Bytes  17.11.2015 18:03:00
XBV00185.VDF   : 8.12.28.114     2048 Bytes  17.11.2015 18:03:00
XBV00186.VDF   : 8.12.28.114     2048 Bytes  17.11.2015 18:03:00
XBV00187.VDF   : 8.12.28.114     2048 Bytes  17.11.2015 18:03:00
XBV00188.VDF   : 8.12.28.114     2048 Bytes  17.11.2015 18:03:00
XBV00189.VDF   : 8.12.28.114     2048 Bytes  17.11.2015 18:03:00
XBV00190.VDF   : 8.12.28.114     2048 Bytes  17.11.2015 18:03:00
XBV00191.VDF   : 8.12.28.114     2048 Bytes  17.11.2015 18:03:01
XBV00192.VDF   : 8.12.28.114     2048 Bytes  17.11.2015 18:03:01
XBV00193.VDF   : 8.12.28.114     2048 Bytes  17.11.2015 18:03:01
XBV00194.VDF   : 8.12.28.114     2048 Bytes  17.11.2015 18:03:01
XBV00195.VDF   : 8.12.28.114     2048 Bytes  17.11.2015 18:03:01
XBV00196.VDF   : 8.12.28.114     2048 Bytes  17.11.2015 18:03:01
XBV00197.VDF   : 8.12.28.114     2048 Bytes  17.11.2015 18:03:01
XBV00198.VDF   : 8.12.28.114     2048 Bytes  17.11.2015 18:03:01
XBV00199.VDF   : 8.12.28.114     2048 Bytes  17.11.2015 18:03:01
XBV00200.VDF   : 8.12.28.114     2048 Bytes  17.11.2015 18:03:01
XBV00201.VDF   : 8.12.28.114     2048 Bytes  17.11.2015 18:03:01
XBV00202.VDF   : 8.12.28.114     2048 Bytes  17.11.2015 18:03:01
XBV00203.VDF   : 8.12.28.114     2048 Bytes  17.11.2015 18:03:01
XBV00204.VDF   : 8.12.28.114     2048 Bytes  17.11.2015 18:03:01
XBV00205.VDF   : 8.12.28.114     2048 Bytes  17.11.2015 18:03:01
XBV00206.VDF   : 8.12.28.114     2048 Bytes  17.11.2015 18:03:01
XBV00207.VDF   : 8.12.28.114     2048 Bytes  17.11.2015 18:03:01
XBV00208.VDF   : 8.12.28.114     2048 Bytes  17.11.2015 18:03:01
XBV00209.VDF   : 8.12.28.114     2048 Bytes  17.11.2015 18:03:01
XBV00210.VDF   : 8.12.28.114     2048 Bytes  17.11.2015 18:03:01
XBV00211.VDF   : 8.12.28.114     2048 Bytes  17.11.2015 18:03:01
XBV00212.VDF   : 8.12.28.114     2048 Bytes  17.11.2015 18:03:01
XBV00213.VDF   : 8.12.28.114     2048 Bytes  17.11.2015 18:03:01
XBV00214.VDF   : 8.12.28.114     2048 Bytes  17.11.2015 18:03:01
XBV00215.VDF   : 8.12.28.114     2048 Bytes  17.11.2015 18:03:01
XBV00216.VDF   : 8.12.28.114     2048 Bytes  17.11.2015 18:03:01
XBV00217.VDF   : 8.12.28.114     2048 Bytes  17.11.2015 18:03:01
XBV00218.VDF   : 8.12.28.114     2048 Bytes  17.11.2015 18:03:01
XBV00219.VDF   : 8.12.28.114     2048 Bytes  17.11.2015 18:03:01
XBV00220.VDF   : 8.12.28.114     2048 Bytes  17.11.2015 18:03:01
XBV00221.VDF   : 8.12.28.114     2048 Bytes  17.11.2015 18:03:01
XBV00222.VDF   : 8.12.28.114     2048 Bytes  17.11.2015 18:03:02
XBV00223.VDF   : 8.12.28.114     2048 Bytes  17.11.2015 18:03:02
XBV00224.VDF   : 8.12.28.114     2048 Bytes  17.11.2015 18:03:02
XBV00225.VDF   : 8.12.28.114     2048 Bytes  17.11.2015 18:03:02
XBV00226.VDF   : 8.12.28.114     2048 Bytes  17.11.2015 18:03:02
XBV00227.VDF   : 8.12.28.114     2048 Bytes  17.11.2015 18:03:02
XBV00228.VDF   : 8.12.28.114     2048 Bytes  17.11.2015 18:03:02
XBV00229.VDF   : 8.12.28.114     2048 Bytes  17.11.2015 18:03:02
XBV00230.VDF   : 8.12.28.114     2048 Bytes  17.11.2015 18:03:02
XBV00231.VDF   : 8.12.28.114     2048 Bytes  17.11.2015 18:03:02
XBV00232.VDF   : 8.12.28.114     2048 Bytes  17.11.2015 18:03:02
XBV00233.VDF   : 8.12.28.114     2048 Bytes  17.11.2015 18:03:02
XBV00234.VDF   : 8.12.28.114     2048 Bytes  17.11.2015 18:03:02
XBV00235.VDF   : 8.12.28.114     2048 Bytes  17.11.2015 18:03:02
XBV00236.VDF   : 8.12.28.114     2048 Bytes  17.11.2015 18:03:02
XBV00237.VDF   : 8.12.28.114     2048 Bytes  17.11.2015 18:03:02
XBV00238.VDF   : 8.12.28.114     2048 Bytes  17.11.2015 18:03:02
XBV00239.VDF   : 8.12.28.114     2048 Bytes  17.11.2015 18:03:02
XBV00240.VDF   : 8.12.28.114     2048 Bytes  17.11.2015 18:03:02
XBV00241.VDF   : 8.12.28.114     2048 Bytes  17.11.2015 18:03:02
XBV00242.VDF   : 8.12.28.114     2048 Bytes  17.11.2015 18:03:02
XBV00243.VDF   : 8.12.28.114     2048 Bytes  17.11.2015 18:03:02
XBV00244.VDF   : 8.12.28.114     2048 Bytes  17.11.2015 18:03:02
XBV00245.VDF   : 8.12.28.114     2048 Bytes  17.11.2015 18:03:02
XBV00246.VDF   : 8.12.28.114     2048 Bytes  17.11.2015 18:03:02
XBV00247.VDF   : 8.12.28.114     2048 Bytes  17.11.2015 18:03:02
XBV00248.VDF   : 8.12.28.114     2048 Bytes  17.11.2015 18:03:02
XBV00249.VDF   : 8.12.28.114     2048 Bytes  17.11.2015 18:03:02
XBV00250.VDF   : 8.12.28.114     2048 Bytes  17.11.2015 18:03:02
XBV00251.VDF   : 8.12.28.114     2048 Bytes  17.11.2015 18:03:02
XBV00252.VDF   : 8.12.28.114     2048 Bytes  17.11.2015 18:03:02
XBV00253.VDF   : 8.12.28.114     2048 Bytes  17.11.2015 18:03:02
XBV00254.VDF   : 8.12.28.114     2048 Bytes  17.11.2015 18:03:03
XBV00255.VDF   : 8.12.28.114     2048 Bytes  17.11.2015 18:03:03
XBV00000.VDF   : 7.11.70.0   66736640 Bytes  04.04.2013 13:23:57
XBV00001.VDF   : 7.11.74.226  2201600 Bytes  30.04.2013 13:23:57
XBV00002.VDF   : 7.11.80.60   2751488 Bytes  28.05.2013 13:23:57
XBV00003.VDF   : 7.11.85.214  2162688 Bytes  21.06.2013 13:23:57
XBV00004.VDF   : 7.11.91.176  3903488 Bytes  23.07.2013 13:23:57
XBV00005.VDF   : 7.11.98.186  6822912 Bytes  29.08.2013 13:23:57
XBV00006.VDF   : 7.11.139.38 15708672 Bytes  27.03.2014 13:23:57
XBV00007.VDF   : 7.11.152.100  4193792 Bytes  02.06.2014 13:23:57
XBV00008.VDF   : 8.11.165.192  4251136 Bytes  07.08.2014 13:23:57
XBV00009.VDF   : 8.11.172.30  2094080 Bytes  15.09.2014 13:23:57
XBV00010.VDF   : 8.11.178.32  1581056 Bytes  14.10.2014 13:23:57
XBV00011.VDF   : 8.11.184.50  2178560 Bytes  11.11.2014 13:23:57
XBV00012.VDF   : 8.11.190.32  1876992 Bytes  03.12.2014 13:23:57
XBV00013.VDF   : 8.11.201.28  2973696 Bytes  14.01.2015 13:23:57
XBV00014.VDF   : 8.11.206.252  2695680 Bytes  04.02.2015 13:23:57
XBV00015.VDF   : 8.11.213.84  3175936 Bytes  03.03.2015 13:23:57
XBV00016.VDF   : 8.11.213.176   212480 Bytes  05.03.2015 13:23:57
XBV00017.VDF   : 8.11.219.166  2033664 Bytes  25.03.2015 13:23:57
XBV00018.VDF   : 8.11.225.88  2367488 Bytes  22.04.2015 11:48:07
XBV00019.VDF   : 8.11.230.186  1674752 Bytes  13.05.2015 11:48:08
XBV00020.VDF   : 8.11.237.30  4711936 Bytes  02.06.2015 18:55:50
XBV00021.VDF   : 8.11.243.12  2747904 Bytes  26.06.2015 18:27:16
XBV00022.VDF   : 8.11.248.172  2350592 Bytes  17.07.2015 09:25:53
XBV00023.VDF   : 8.11.254.112  2570752 Bytes  07.08.2015 07:06:21
XBV00024.VDF   : 8.12.3.6     2196480 Bytes  27.08.2015 18:04:01
XBV00025.VDF   : 8.12.8.238   1951232 Bytes  16.09.2015 12:28:20
XBV00026.VDF   : 8.12.16.180  2211328 Bytes  07.10.2015 09:54:27
XBV00027.VDF   : 8.12.21.126  2252288 Bytes  27.10.2015 21:45:21
XBV00028.VDF   : 8.12.28.114  2935296 Bytes  17.11.2015 18:02:56
XBV00042.VDF   : 8.12.28.118    33792 Bytes  17.11.2015 18:02:56
XBV00043.VDF   : 8.12.28.122    39424 Bytes  17.11.2015 18:02:56
XBV00044.VDF   : 8.12.28.124     2048 Bytes  18.11.2015 18:02:56
XBV00045.VDF   : 8.12.28.128    51712 Bytes  18.11.2015 18:02:56
XBV00046.VDF   : 8.12.28.130     2048 Bytes  18.11.2015 18:02:56
XBV00047.VDF   : 8.12.28.132    14336 Bytes  18.11.2015 18:02:56
XBV00048.VDF   : 8.12.28.158    10752 Bytes  18.11.2015 18:02:56
XBV00049.VDF   : 8.12.28.184     5632 Bytes  18.11.2015 18:02:56
XBV00050.VDF   : 8.12.28.210     3584 Bytes  18.11.2015 18:02:56
XBV00051.VDF   : 8.12.28.236    10240 Bytes  18.11.2015 18:02:56
XBV00052.VDF   : 8.12.29.6      27136 Bytes  18.11.2015 18:02:56
XBV00053.VDF   : 8.12.29.8       3072 Bytes  18.11.2015 18:02:56
XBV00054.VDF   : 8.12.29.10     15360 Bytes  18.11.2015 18:02:56
XBV00055.VDF   : 8.12.29.12      2048 Bytes  18.11.2015 18:02:56
XBV00056.VDF   : 8.12.29.14      2048 Bytes  18.11.2015 18:02:56
XBV00057.VDF   : 8.12.29.16     13312 Bytes  18.11.2015 17:55:12
XBV00058.VDF   : 8.12.29.18      2048 Bytes  18.11.2015 17:55:13
XBV00059.VDF   : 8.12.29.20     15360 Bytes  18.11.2015 17:55:13
XBV00060.VDF   : 8.12.29.22      6144 Bytes  18.11.2015 17:55:13
XBV00061.VDF   : 8.12.29.24      6144 Bytes  18.11.2015 17:55:13
XBV00062.VDF   : 8.12.29.26     13312 Bytes  18.11.2015 17:55:13
XBV00063.VDF   : 8.12.29.28     15872 Bytes  18.11.2015 17:55:13
XBV00064.VDF   : 8.12.29.52     39424 Bytes  19.11.2015 17:55:13
XBV00065.VDF   : 8.12.29.72      8192 Bytes  19.11.2015 17:55:13
XBV00066.VDF   : 8.12.29.92     13824 Bytes  19.11.2015 17:55:13
XBV00067.VDF   : 8.12.29.112     2048 Bytes  19.11.2015 17:55:13
XBV00068.VDF   : 8.12.29.156    62464 Bytes  19.11.2015 17:41:21
XBV00069.VDF   : 8.12.29.176     2048 Bytes  19.11.2015 17:41:21
XBV00070.VDF   : 8.12.29.196    17408 Bytes  19.11.2015 17:41:21
XBV00071.VDF   : 8.12.29.198     2048 Bytes  19.11.2015 17:41:21
XBV00072.VDF   : 8.12.29.200     2048 Bytes  19.11.2015 17:41:21
XBV00073.VDF   : 8.12.29.202     2048 Bytes  19.11.2015 17:41:21
XBV00074.VDF   : 8.12.29.204     2048 Bytes  19.11.2015 17:41:21
XBV00075.VDF   : 8.12.29.206    13312 Bytes  19.11.2015 17:41:21
XBV00076.VDF   : 8.12.29.210    37888 Bytes  20.11.2015 17:41:21
XBV00077.VDF   : 8.12.29.212     2048 Bytes  20.11.2015 17:41:21
XBV00078.VDF   : 8.12.29.252     2048 Bytes  20.11.2015 17:41:21
XBV00079.VDF   : 8.12.30.16     27136 Bytes  20.11.2015 17:41:21
XBV00080.VDF   : 8.12.30.56     11776 Bytes  20.11.2015 17:41:21
XBV00081.VDF   : 8.12.30.76     39936 Bytes  20.11.2015 17:41:21
XBV00082.VDF   : 8.12.30.78     17920 Bytes  20.11.2015 17:41:22
XBV00083.VDF   : 8.12.30.80      9728 Bytes  20.11.2015 17:41:22
XBV00084.VDF   : 8.12.30.82     10240 Bytes  20.11.2015 17:41:22
XBV00085.VDF   : 8.12.30.84      8704 Bytes  20.11.2015 17:41:22
XBV00086.VDF   : 8.12.30.86      8192 Bytes  20.11.2015 17:41:22
XBV00087.VDF   : 8.12.30.90     33792 Bytes  21.11.2015 17:41:22
XBV00088.VDF   : 8.12.30.92      2048 Bytes  21.11.2015 17:41:22
XBV00089.VDF   : 8.12.30.94     12288 Bytes  21.11.2015 17:41:22
XBV00090.VDF   : 8.12.30.96     31744 Bytes  21.11.2015 17:41:22
XBV00091.VDF   : 8.12.30.116    89600 Bytes  22.11.2015 17:41:22
XBV00092.VDF   : 8.12.30.178    81920 Bytes  23.11.2015 17:41:22
XBV00093.VDF   : 8.12.30.198     5120 Bytes  23.11.2015 17:41:22
XBV00094.VDF   : 8.12.30.216     7168 Bytes  23.11.2015 17:41:22
XBV00095.VDF   : 8.12.30.218     4096 Bytes  23.11.2015 17:41:22
XBV00096.VDF   : 8.12.30.220     8704 Bytes  23.11.2015 17:41:22
XBV00097.VDF   : 8.12.30.222    12288 Bytes  23.11.2015 17:41:22
XBV00098.VDF   : 8.12.30.224     7168 Bytes  23.11.2015 17:41:22
XBV00099.VDF   : 8.12.30.226     7168 Bytes  23.11.2015 17:41:22
XBV00100.VDF   : 8.12.30.228    10752 Bytes  23.11.2015 17:41:22
XBV00101.VDF   : 8.12.30.246    13824 Bytes  23.11.2015 17:41:22
XBV00102.VDF   : 8.12.31.8       6144 Bytes  23.11.2015 17:41:22
XBV00103.VDF   : 8.12.31.26      5120 Bytes  23.11.2015 17:41:23
XBV00104.VDF   : 8.12.31.44     16384 Bytes  23.11.2015 17:41:23
XBV00105.VDF   : 8.12.31.62      4096 Bytes  23.11.2015 17:41:23
XBV00106.VDF   : 8.12.31.80     10752 Bytes  23.11.2015 17:41:23
XBV00107.VDF   : 8.12.31.82      2048 Bytes  23.11.2015 17:41:23
XBV00108.VDF   : 8.12.31.84      4608 Bytes  23.11.2015 17:41:23
XBV00109.VDF   : 8.12.31.86      8192 Bytes  23.11.2015 17:41:23
XBV00110.VDF   : 8.12.31.90     26624 Bytes  24.11.2015 17:41:23
XBV00111.VDF   : 8.12.31.92      3072 Bytes  24.11.2015 17:41:23
XBV00112.VDF   : 8.12.31.94      2048 Bytes  24.11.2015 17:41:23
XBV00113.VDF   : 8.12.31.96     14336 Bytes  24.11.2015 17:41:23
XBV00114.VDF   : 8.12.31.98      9216 Bytes  24.11.2015 17:41:23
XBV00115.VDF   : 8.12.31.100     6656 Bytes  24.11.2015 17:41:23
XBV00116.VDF   : 8.12.31.102     7168 Bytes  24.11.2015 17:41:23
XBV00117.VDF   : 8.12.31.104     3072 Bytes  24.11.2015 17:41:23
XBV00118.VDF   : 8.12.31.106     8704 Bytes  24.11.2015 17:41:23
XBV00119.VDF   : 8.12.31.108     2048 Bytes  24.11.2015 17:41:23
XBV00120.VDF   : 8.12.31.110     9728 Bytes  24.11.2015 21:01:36
XBV00121.VDF   : 8.12.31.128    10752 Bytes  24.11.2015 21:01:36
XBV00122.VDF   : 8.12.31.130    21504 Bytes  24.11.2015 21:01:36
XBV00123.VDF   : 8.12.31.132     9216 Bytes  24.11.2015 21:01:36
XBV00124.VDF   : 8.12.31.134    15872 Bytes  24.11.2015 21:01:36
XBV00125.VDF   : 8.12.31.140    13824 Bytes  25.11.2015 21:01:36
XBV00126.VDF   : 8.12.31.142     4608 Bytes  25.11.2015 21:01:36
XBV00127.VDF   : 8.12.31.144    23552 Bytes  25.11.2015 21:01:37
XBV00128.VDF   : 8.12.31.146    34816 Bytes  25.11.2015 21:01:37
XBV00129.VDF   : 8.12.31.154    60416 Bytes  25.11.2015 21:01:37
XBV00130.VDF   : 8.12.31.172     7680 Bytes  25.11.2015 18:03:04
XBV00131.VDF   : 8.12.31.188     8192 Bytes  25.11.2015 18:03:04
XBV00132.VDF   : 8.12.31.204     2048 Bytes  25.11.2015 18:03:04
XBV00133.VDF   : 8.12.31.220    12288 Bytes  25.11.2015 18:03:04
XBV00134.VDF   : 8.12.31.224     2048 Bytes  26.11.2015 18:03:04
XBV00135.VDF   : 8.12.31.242    18944 Bytes  26.11.2015 18:03:04
XBV00136.VDF   : 8.12.31.244     2048 Bytes  26.11.2015 18:03:04
XBV00137.VDF   : 8.12.31.246     2048 Bytes  26.11.2015 18:03:04
XBV00138.VDF   : 8.12.31.248    37888 Bytes  26.11.2015 18:03:04
XBV00139.VDF   : 8.12.31.250    11264 Bytes  26.11.2015 18:03:04
XBV00140.VDF   : 8.12.31.252     2048 Bytes  26.11.2015 18:03:04
XBV00141.VDF   : 8.12.31.254     6144 Bytes  26.11.2015 18:03:04
XBV00142.VDF   : 8.12.32.2      12800 Bytes  26.11.2015 18:03:04
XBV00143.VDF   : 8.12.32.4       2560 Bytes  26.11.2015 18:03:04
XBV00144.VDF   : 8.12.32.6      11776 Bytes  26.11.2015 18:03:04
XBV00145.VDF   : 8.12.32.8      17920 Bytes  26.11.2015 18:03:04
XBV00146.VDF   : 8.12.32.10      2048 Bytes  26.11.2015 18:03:04
XBV00147.VDF   : 8.12.32.12      3584 Bytes  27.11.2015 18:03:04
XBV00148.VDF   : 8.12.32.14     69632 Bytes  27.11.2015 18:03:05
XBV00149.VDF   : 8.12.32.30      2048 Bytes  27.11.2015 18:03:05
XBV00150.VDF   : 8.12.32.46      8192 Bytes  27.11.2015 18:03:05
XBV00151.VDF   : 8.12.32.62     12800 Bytes  27.11.2015 18:03:05
XBV00152.VDF   : 8.12.32.78      2048 Bytes  27.11.2015 18:03:05
XBV00153.VDF   : 8.12.32.94     16896 Bytes  27.11.2015 18:03:05
LOCAL000.VDF   : 8.12.32.94  146060288 Bytes  27.11.2015 18:03:27
Engineversion  : 8.3.34.82 
AEBB.DLL       : 8.1.3.0        59296 Bytes  19.11.2015 17:55:10
AECORE.DLL     : 8.3.9.0       249920 Bytes  13.11.2015 07:36:43
AEDROID.DLL    : 8.4.3.348    1800104 Bytes  06.11.2015 18:09:10
AEEMU.DLL      : 8.1.3.6       404328 Bytes  19.11.2015 17:55:10
AEEXP.DLL      : 8.4.2.134     277360 Bytes  13.11.2015 07:36:46
AEGEN.DLL      : 8.1.8.8       487480 Bytes  27.11.2015 18:03:01
AEHELP.DLL     : 8.3.2.6       284584 Bytes  19.11.2015 17:55:10
AEHEUR.DLL     : 8.1.4.2064   9923440 Bytes  27.11.2015 18:03:04
AEMOBILE.DLL   : 8.1.8.10      301936 Bytes  27.11.2015 18:03:04
AEOFFICE.DLL   : 8.3.1.56      408432 Bytes  25.10.2015 20:08:09
AEPACK.DLL     : 8.4.1.18      802880 Bytes  27.10.2015 14:35:40
AERDL.DLL      : 8.2.1.38      813928 Bytes  06.11.2015 18:09:08
AESBX.DLL      : 8.2.21.2     1629032 Bytes  06.11.2015 18:09:09
AESCN.DLL      : 8.3.4.0       141216 Bytes  13.11.2015 07:36:46
AESCRIPT.DLL   : 8.3.0.4       542632 Bytes  19.11.2015 17:55:12
AEVDF.DLL      : 8.3.2.4       141216 Bytes  19.11.2015 17:55:12
AVWINLL.DLL    : 15.0.13.158    29600 Bytes  11.10.2015 18:09:57
AVPREF.DLL     : 15.0.13.158    55864 Bytes  11.10.2015 18:10:02
AVREP.DLL      : 15.0.13.158   225320 Bytes  11.10.2015 18:10:02
AVARKT.DLL     : 15.0.13.158   232000 Bytes  11.10.2015 18:09:59
AVEVTLOG.DLL   : 15.0.13.190   202112 Bytes  11.10.2015 18:10:00
SQLITE3.DLL    : 15.0.13.158   461672 Bytes  11.10.2015 18:10:15
AVSMTP.DLL     : 15.0.13.158    82120 Bytes  11.10.2015 18:10:03
NETNT.DLL      : 15.0.13.158    18792 Bytes  11.10.2015 18:10:14
CommonImageRc.dll: 15.0.13.190  4308216 Bytes  11.10.2015 18:09:58
CommonTextRc.dll: 15.0.13.158    70784 Bytes  11.10.2015 18:09:58

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: AVGuardAsyncScan
Konfigurationsdatei...................: C:\ProgramData\Avira\Antivirus\TEMP\AVGUARD_565a04c0\guard_slideup.avp
Protokollierung.......................: standard
Primäre Aktion........................: Reparieren
Sekundäre Aktion......................: Quarantäne
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: aus
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Prüfe alle Dateien....................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: Vollständig

Beginn des Suchlaufs: Samstag, 28. November 2015  21:06

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'ibmpmsvc.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '109' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '150' Modul(e) wurden durchsucht
Durchsuche Prozess 'DisplayLinkManager.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'DisplayLinkUserAgent.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'WUDFHost.exe' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '72' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLANExt.exe' - '80' Modul(e) wurden durchsucht
Durchsuche Prozess 'conhost.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '95' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '79' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '112' Modul(e) wurden durchsucht
Durchsuche Prozess 'BBSvc.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'OfficeClickToRun.exe' - '102' Modul(e) wurden durchsucht
Durchsuche Prozess 'CxAudMsg64.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'DCService.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'EvtEng.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'PresentationFontCache.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'HeciServer.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'lvvsst.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'RegSrvc.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'SAsrv.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'valWBFPolicyService.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'ZeroConfigService.exe' - '91' Modul(e) wurden durchsucht
Durchsuche Prozess 'Avira.ServiceHost.exe' - '129' Modul(e) wurden durchsucht
Durchsuche Prozess 'unsecapp.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'TrustedInstaller.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'devmonsrv.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'mediasrv.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'obexsrv.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'jhi_service.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMS.exe' - '95' Modul(e) wurden durchsucht
Durchsuche Prozess 'ValBioService.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '117' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'SeaPort.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'virtscrl.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'SwipeMonitor.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'conhost.exe' - '15' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '221' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxsrvc.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'hkcmd.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxpers.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'CAudioFilterAgent64.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'fmapp.exe' - '13' Modul(e) wurden durchsucht
Durchsuche Prozess 'TpShocks.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'BleServicesCtrl.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '75' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPEnh.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'ScanToPCActivationApp.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'igpxtskmgn64win7.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'ONENOTEM.EXE' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'iusb3mon.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'RunDll32.exe' - '80' Modul(e) wurden durchsucht
Durchsuche Prozess 'VM331STI.EXE' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '112' Modul(e) wurden durchsucht
Durchsuche Prozess 'DCSHelper.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpwuschd2.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '86' Modul(e) wurden durchsucht
Durchsuche Prozess 'pdf24.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPLpr.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'SYNTPHELPER.EXE' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'HPNetworkCommunicatorCom.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'Avira.Systray.exe' - '122' Modul(e) wurden durchsucht
Durchsuche Prozess 'BTPlayerCtrl.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'SCHTASK.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'LSCNotify.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'PWMDBSVC.EXE' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '117' Modul(e) wurden durchsucht
Durchsuche Prozess 'HPNetworkCommunicator.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '31' Modul(e) wurden durchsucht

Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\Users\Marie-Luise\AppData\Roaming\doublers-6\doublers-3.exe'
C:\Users\Marie-Luise\AppData\Roaming\doublers-6\doublers-3.exe
  [FUND]      Ist das Trojanische Pferd TR/Crypt.ZPACK.217569
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '53489cce.qua' verschoben!


Ende des Suchlaufs: Samstag, 28. November 2015  21:07
Benötigte Zeit: 00:20 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

      0 Verzeichnisse wurden überprüft
    995 Dateien wurden geprüft
      1 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      1 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
    994 Dateien ohne Befall
      0 Archive wurden durchsucht
      0 Warnungen
      1 Hinweise
         

Geändert von Marie Schauk (29.11.2015 um 20:00 Uhr)

Alt 29.11.2015, 20:04   #2
M-K-D-B
/// TB-Ausbilder
 
Windows7: Trojaner, registy befallen, HKU, HKCU - Standard

Windows7: Trojaner, registy befallen, HKU, HKCU






Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo. Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
  • Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
  • Bitte beachten: Download bei filepony.de: So ladet Ihr unsere Tools richtig!
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!


Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:
So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke aauf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Danke für deine Mitarbeit!




Zur ersten Analyse bitte FRST und TDSS-Killer ausführen:



Schritt 1
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)






Schritt 2
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.







Bitte poste mit deiner nächsten Antwort
  • die Logdatei von TDSS-Killer,
  • die beiden neuen Logdateien von FRST.
__________________

__________________

Alt 29.11.2015, 20:43   #3
Marie Schauk
 
Windows7: Trojaner, registy befallen, HKU, HKCU - Standard

Windows7: Trojaner, registy befallen, HKU, HKCU



Hallo,
danke für deine schnelle Hilfe.

Anbei die FRST logfile und danach die Addition

Ich hoffe, das hilft weiter, um mich weiter zu beraten.
Vielen Dank,
Marie


FRST logfile

Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:29-11-2015
durchgeführt von Marie-Luise (Administrator) auf MARIE-NOTEBOOK (29-11-2015 21:18:35)
Gestartet von C:\Users\Marie-Luise\Desktop
Geladene Profile: Marie-Luise (Verfügbare Profile: Marie-Luise)
Platform: Windows 7 Professional Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
() C:\ProgramData\DatacardService\DCService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe
(Screenleap, Inc.) C:\Users\Marie-Luise\AppData\Local\Screenleap\Screenleap.exe
(Docking Station) C:\Program Files (x86)\Lenovo\USB3.0 DVI Adapter\igpxtskmgn64win7.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicatorCom.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Validity Sensors, Inc.) C:\Program Files\Lenovo Fingerprint Reader\ValBioService.exe
(Validity Sensors, Inc.) C:\Program Files\Lenovo Fingerprint Reader\SwipeMonitor.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [900704 2013-03-15] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [384344 2013-11-29] (Lenovo.)
HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [184112 2012-09-17] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2810608 2014-04-07] (Synaptics Incorporated)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-05-16] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-10-21] (Intel Corporation)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [552960 2013-05-14] (Vimicro)
HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [782520 2015-10-11] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66320 2015-10-14] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\...\Run: [HP Officejet 6700 (NET)] => C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\...\Run: [Screenleap] => C:\Users\Marie-Luise\AppData\Local\Screenleap\Screenleap.exe [2856992 2015-11-29] (Screenleap, Inc.)
HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\...\RunOnce: [Uninstall C:\Users\Marie-Luise\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Marie-Luise\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\amd64"
HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\...\MountPoints2: {8225d693-4841-11e5-9626-f8165465672d} - E:\AutoRun.exe
HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\...\MountPoints2: {de3f79ed-2748-11e4-b820-806e6f6e6963} - Q:\LenovoQDrive.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\igpxtskmgn.lnk [2014-08-19]
ShortcutTarget: igpxtskmgn.lnk -> C:\Program Files (x86)\Lenovo\USB3.0 DVI Adapter\igpxtskmgn64win7.exe (Docking Station)
Startup: C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2015-10-02]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pendulum-3.lnk [2015-11-25]
ShortcutTarget: pendulum-3.lnk -> C:\Users\Marie-Luise\AppData\Roaming\pendulum-28\pendulum-7.exe (Intel(R) Corporation)
Startup: C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 6700 (Netzwerk).lnk [2015-11-29]
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet 6700 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet 6700\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{B3636DED-3BAF-45B6-A1E8-E155B3A14D72}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{FC018661-EF6C-4533-B835-3D2AC0E19221}: [DhcpNameServer] 150.206.1.3

Internet Explorer:
==================
HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13-comm.msn.com/?pc=LNJB
HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad
HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
SearchScopes: HKU\S-1-5-21-1401465016-1591747146-3379758321-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2015-11-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2015-11-01] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2015-11-01] (Microsoft Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2015-11-01] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-11-01] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-11-01] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-11-01] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-11-01] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012
FF Homepage: hxxp://www.jugendlosungen.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-15] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-15] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-05-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-05-16] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2015-11-01] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Extension: GMX MailCheck - C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\extensions\mailcheck@gmx.net [2015-11-18]
FF Extension: Adblock Plus - C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-11-29]
FF HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] [ist nicht signiert]

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - hxxp://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [932912 2015-10-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [461672 2015-10-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [461672 2015-10-11] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1147720 2015-10-14] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [243968 2015-10-14] (Avira Operations GmbH & Co. KG)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2869432 2015-11-01] (Microsoft Corporation)
R2 DCService.exe; C:\ProgramData\DatacardService\DCService.exe [229376 2010-05-08] () [Datei ist nicht signiert]
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [9281840 2013-10-11] (DisplayLink Corp.)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [Datei ist nicht signiert]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-05-16] (Intel Corporation)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [136288 2012-08-10] (Lenovo Group Limited)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272424 2015-08-17] (Lenovo)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-17] ()
S3 Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software) [Datei ist nicht signiert]
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [21536 2015-09-29] ()
R2 ValBioService; C:\Program Files\Lenovo Fingerprint Reader\ValBioService.exe [22776 2015-03-03] (Validity Sensors, Inc.)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [49968 2015-03-03] (Synaptics Incorporated)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-01-17] (Intel® Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [163544 2015-10-11] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [141416 2015-09-01] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-04-16] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [74952 2015-10-11] (Avira Operations GmbH & Co. KG)
R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [132920 2013-04-23] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1385272 2013-08-08] (Motorola Solutions, Inc.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [250368 2010-04-07] (Huawei Technologies Co., Ltd.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-02] (Intel Corporation)
R3 ibtusb; C:\Windows\System32\DRIVERS\ibtusb.sys [113096 2013-08-20] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-11-29] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw02.sys [3429344 2014-02-18] (Intel Corporation)
R3 RTSPER; C:\Windows\System32\DRIVERS\RtsPer.sys [418008 2013-06-24] (Realsil Semiconductor Corporation)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [31472 2014-04-07] (Synaptics Incorporated)
S3 tvtvcamd; C:\Windows\System32\DRIVERS\tvtvcamd.sys [27432 2013-09-26] (ThinkVantage Communications Utility)
R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [206744 2013-06-20] (Windows (R) Win 7 DDK provider)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [1065344 2013-09-11] (Vimicro Corporation)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-11-29 21:19 - 2015-11-29 21:19 - 02740687 _____ C:\Users\Marie-Luise\Desktop\tdsskiller.exe.part
2015-11-29 21:19 - 2015-11-29 21:19 - 00000000 _____ C:\Users\Marie-Luise\Desktop\tdsskiller.exe
2015-11-29 21:18 - 2015-11-29 21:19 - 00021198 _____ C:\Users\Marie-Luise\Desktop\FRST.txt
2015-11-29 21:18 - 2015-11-29 21:18 - 00000000 ____D C:\FRST
2015-11-29 21:17 - 2015-11-29 21:17 - 02350080 _____ (Farbar) C:\Users\Marie-Luise\Desktop\FRST64.exe
2015-11-29 20:47 - 2015-11-29 20:47 - 00001025 _____ C:\Users\Marie-Luise\Desktop\AdwCleaner[C1].txt
2015-11-29 20:13 - 2015-11-29 20:19 - 00000000 ____D C:\AdwCleaner
2015-11-29 20:08 - 2015-11-29 20:08 - 01733632 _____ C:\Users\Marie-Luise\Desktop\adwcleaner_5.022.exe
2015-11-29 20:00 - 2015-11-29 20:21 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-29 20:00 - 2015-11-29 20:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-11-29 19:59 - 2015-11-29 20:00 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-11-29 19:59 - 2015-11-29 19:59 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-11-29 19:59 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-11-29 19:59 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-11-29 19:59 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-11-29 19:57 - 2015-11-29 19:59 - 22908888 _____ (Malwarebytes ) C:\Users\Marie-Luise\Desktop\mbam-setup-2.2.0.1024.exe.part
2015-11-29 19:57 - 2015-11-29 19:58 - 22908888 _____ (Malwarebytes ) C:\Users\Marie-Luise\Desktop\mbam-setup-2.2.0.1024.exe
2015-11-29 19:51 - 2015-11-29 21:13 - 00000064 _____ C:\Users\Marie-Luise\.screenleap
2015-11-29 19:51 - 2015-11-29 20:29 - 00000000 ____D C:\Users\Marie-Luise\AppData\Local\Screenleap
2015-11-29 19:51 - 2015-11-29 19:51 - 00002000 _____ C:\Users\Marie-Luise\Desktop\Screenleap.lnk
2015-11-25 21:59 - 2015-11-25 21:59 - 00000000 ____D C:\Users\Marie-Luise\AppData\Roaming\pendulum-28
2015-11-25 21:57 - 2015-11-25 21:57 - 00000000 ____D C:\ProgramData\molecule-26
2015-11-25 21:54 - 2015-11-28 21:07 - 00000000 ____D C:\Users\Marie-Luise\AppData\Roaming\doublers-6
2015-11-25 21:52 - 2015-11-25 23:02 - 00000000 ____D C:\ProgramData\powercap-44
2015-11-18 19:00 - 2015-11-18 21:40 - 00000000 ____D C:\Users\Marie-Luise\AppData\Roaming\glonass-89
2015-11-15 17:20 - 2015-11-03 18:55 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-11-13 08:38 - 2015-10-20 19:42 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-11-13 08:38 - 2015-10-20 19:42 - 02608128 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-11-13 08:38 - 2015-10-20 19:42 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-11-13 08:38 - 2015-10-20 19:42 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-11-13 08:38 - 2015-10-20 19:42 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-11-13 08:38 - 2015-10-20 19:42 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-11-13 08:38 - 2015-10-20 19:42 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-11-13 08:38 - 2015-10-20 19:41 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-11-13 08:38 - 2015-10-20 19:41 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-11-13 08:38 - 2015-10-20 19:41 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-11-13 08:38 - 2015-10-20 19:41 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-11-13 08:38 - 2015-10-20 18:46 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-11-13 08:38 - 2015-10-20 18:46 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-11-13 08:38 - 2015-10-20 18:46 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-11-13 08:38 - 2015-10-20 18:46 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-11-13 08:38 - 2015-10-20 18:45 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-11-13 08:35 - 2015-11-03 23:10 - 00390344 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-11-13 08:35 - 2015-11-03 22:51 - 00342728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-11-13 08:35 - 2015-10-31 00:46 - 25818624 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-11-13 08:35 - 2015-10-31 00:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-11-13 08:35 - 2015-10-31 00:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-11-13 08:35 - 2015-10-31 00:25 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-11-13 08:35 - 2015-10-31 00:25 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-11-13 08:35 - 2015-10-31 00:25 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-11-13 08:35 - 2015-10-31 00:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-11-13 08:35 - 2015-10-31 00:24 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-11-13 08:35 - 2015-10-31 00:24 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-11-13 08:35 - 2015-10-31 00:17 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-11-13 08:35 - 2015-10-31 00:16 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-11-13 08:35 - 2015-10-31 00:13 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-11-13 08:35 - 2015-10-31 00:12 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-11-13 08:35 - 2015-10-31 00:12 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-11-13 08:35 - 2015-10-31 00:11 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-11-13 08:35 - 2015-10-31 00:11 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-11-13 08:35 - 2015-10-31 00:11 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-11-13 08:35 - 2015-10-31 00:04 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-11-13 08:35 - 2015-10-31 00:01 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-11-13 08:35 - 2015-10-30 23:58 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-11-13 08:35 - 2015-10-30 23:53 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-11-13 08:35 - 2015-10-30 23:52 - 20331520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-11-13 08:35 - 2015-10-30 23:49 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-11-13 08:35 - 2015-10-30 23:49 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-11-13 08:35 - 2015-10-30 23:47 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-11-13 08:35 - 2015-10-30 23:46 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-11-13 08:35 - 2015-10-30 23:46 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-11-13 08:35 - 2015-10-30 23:45 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-11-13 08:35 - 2015-10-30 23:45 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-11-13 08:35 - 2015-10-30 23:44 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-11-13 08:35 - 2015-10-30 23:44 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-11-13 08:35 - 2015-10-30 23:42 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-11-13 08:35 - 2015-10-30 23:39 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-11-13 08:35 - 2015-10-30 23:39 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-11-13 08:35 - 2015-10-30 23:37 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-11-13 08:35 - 2015-10-30 23:36 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-11-13 08:35 - 2015-10-30 23:36 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-11-13 08:35 - 2015-10-30 23:36 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-11-13 08:35 - 2015-10-30 23:34 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-11-13 08:35 - 2015-10-30 23:32 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-11-13 08:35 - 2015-10-30 23:31 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-11-13 08:35 - 2015-10-30 23:29 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-11-13 08:35 - 2015-10-30 23:29 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-11-13 08:35 - 2015-10-30 23:28 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-11-13 08:35 - 2015-10-30 23:23 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-11-13 08:35 - 2015-10-30 23:22 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-11-13 08:35 - 2015-10-30 23:21 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-11-13 08:35 - 2015-10-30 23:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-11-13 08:35 - 2015-10-30 23:18 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-11-13 08:35 - 2015-10-30 23:17 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-11-13 08:35 - 2015-10-30 23:17 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-11-13 08:35 - 2015-10-30 23:16 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-11-13 08:35 - 2015-10-30 23:11 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-11-13 08:35 - 2015-10-30 23:10 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-11-13 08:35 - 2015-10-30 23:09 - 12854272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-11-13 08:35 - 2015-10-30 23:09 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-11-13 08:35 - 2015-10-30 23:09 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-11-13 08:35 - 2015-10-30 23:04 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-11-13 08:35 - 2015-10-30 22:53 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-11-13 08:35 - 2015-10-30 22:51 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-11-13 08:35 - 2015-10-30 22:48 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-11-13 08:35 - 2015-10-30 22:46 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-11-13 08:33 - 2015-10-20 02:12 - 05570496 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-11-13 08:32 - 2015-10-20 02:12 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-11-13 08:32 - 2015-10-20 02:12 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-11-13 08:32 - 2015-10-20 02:09 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-11-13 08:32 - 2015-10-20 02:06 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-11-13 08:32 - 2015-10-20 02:06 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-11-13 08:32 - 2015-10-20 02:06 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-11-13 08:32 - 2015-10-20 02:06 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-11-13 08:32 - 2015-10-20 02:05 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-11-13 08:32 - 2015-10-20 02:05 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-11-13 08:32 - 2015-10-20 02:05 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-11-13 08:32 - 2015-10-20 02:05 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-11-13 08:32 - 2015-10-20 02:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-11-13 08:32 - 2015-10-20 02:05 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-11-13 08:32 - 2015-10-20 02:05 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-11-13 08:32 - 2015-10-20 02:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-11-13 08:32 - 2015-10-20 02:05 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-11-13 08:32 - 2015-10-20 02:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-11-13 08:32 - 2015-10-20 02:05 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-11-13 08:32 - 2015-10-20 02:05 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-11-13 08:32 - 2015-10-20 02:05 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-11-13 08:32 - 2015-10-20 02:05 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-11-13 08:32 - 2015-10-20 02:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-11-13 08:32 - 2015-10-20 02:05 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-11-13 08:32 - 2015-10-20 02:05 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-11-13 08:32 - 2015-10-20 02:05 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-11-13 08:32 - 2015-10-20 02:05 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-11-13 08:32 - 2015-10-20 02:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-11-13 08:32 - 2015-10-20 02:05 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-11-13 08:32 - 2015-10-20 02:04 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-11-13 08:32 - 2015-10-20 02:04 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-11-13 08:32 - 2015-10-20 02:04 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-11-13 08:32 - 2015-10-20 02:00 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-11-13 08:32 - 2015-10-20 01:59 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:52 - 03991488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-11-13 08:32 - 2015-10-20 01:52 - 03935680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-11-13 08:32 - 2015-10-20 01:48 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-11-13 08:32 - 2015-10-20 01:45 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-11-13 08:32 - 2015-10-20 01:45 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-11-13 08:32 - 2015-10-20 01:45 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-11-13 08:32 - 2015-10-20 01:45 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-11-13 08:32 - 2015-10-20 01:45 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-11-13 08:32 - 2015-10-20 01:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-11-13 08:32 - 2015-10-20 01:45 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-11-13 08:32 - 2015-10-20 01:45 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-11-13 08:32 - 2015-10-20 01:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-11-13 08:32 - 2015-10-20 01:45 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-11-13 08:32 - 2015-10-20 01:45 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-11-13 08:32 - 2015-10-20 01:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-11-13 08:32 - 2015-10-20 01:44 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-11-13 08:32 - 2015-10-20 01:44 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-11-13 08:32 - 2015-10-20 01:44 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-11-13 08:32 - 2015-10-20 01:44 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-11-13 08:32 - 2015-10-20 01:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-11-13 08:32 - 2015-10-20 01:44 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-11-13 08:32 - 2015-10-20 01:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-11-13 08:32 - 2015-10-20 01:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-11-13 08:32 - 2015-10-20 01:35 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-11-13 08:32 - 2015-10-20 01:35 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-11-13 08:32 - 2015-10-20 01:35 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:35 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 00:41 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-11-13 08:32 - 2015-10-20 00:40 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-11-13 08:32 - 2015-10-20 00:40 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-11-13 08:32 - 2015-10-20 00:29 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-11-13 08:32 - 2015-10-20 00:29 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-11-13 08:32 - 2015-10-20 00:27 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 00:27 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 00:27 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 00:27 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-11-13 08:32 - 2015-10-13 17:41 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-11-13 08:32 - 2015-10-13 17:40 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-11-13 08:32 - 2015-10-13 05:57 - 00950720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-11-13 08:32 - 2015-09-23 14:15 - 00460776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-11-13 08:32 - 2015-09-23 14:15 - 00299632 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2015-11-13 08:32 - 2015-09-23 14:09 - 00251000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2015-11-13 08:31 - 2015-10-01 19:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-11-13 08:31 - 2015-10-01 19:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-11-13 08:31 - 2015-10-01 18:50 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-11-11 21:39 - 2015-11-14 17:48 - 00000000 ____D C:\ProgramData\en

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-11-29 21:18 - 2009-07-14 04:20 - 00000000 ____D C:\Windows
2015-11-29 21:08 - 2015-08-18 19:53 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-11-29 20:28 - 2009-07-14 05:45 - 00031904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-29 20:28 - 2009-07-14 05:45 - 00031904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-29 20:26 - 2014-08-19 13:14 - 00699342 _____ C:\Windows\system32\perfh007.dat
2015-11-29 20:26 - 2014-08-19 13:14 - 00149450 _____ C:\Windows\system32\perfc007.dat
2015-11-29 20:26 - 2009-07-14 06:13 - 01619284 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-29 20:26 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2015-11-29 20:20 - 2014-08-19 03:53 - 00000000 ____D C:\ProgramData\Validity
2015-11-29 20:20 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-29 19:51 - 2015-05-05 19:38 - 00000000 ____D C:\Users\Marie-Luise
2015-11-18 21:52 - 2014-08-19 04:04 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2015-11-18 21:50 - 2014-08-19 04:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-11-17 18:25 - 2014-01-30 22:17 - 00000000 __SHD C:\Users\Marie-Luise\AppData\Roaming\aghubwrh
2015-11-16 18:49 - 2009-07-14 05:45 - 00353816 _____ C:\Windows\system32\FNTCACHE.DAT
2015-11-15 20:49 - 2014-08-18 20:55 - 00000000 ____D C:\ProgramData\Lenovo
2015-11-15 20:48 - 2014-08-19 03:55 - 00000000 ____D C:\Windows\System32\Tasks\TVT
2015-11-15 20:48 - 2014-08-19 03:51 - 00000000 ___HD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools
2015-11-15 20:48 - 2014-08-19 03:41 - 00000000 ____D C:\Program Files (x86)\Lenovo
2015-11-15 17:08 - 2015-08-18 19:53 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-11-15 17:08 - 2015-05-23 19:20 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-11-15 17:08 - 2015-05-23 19:20 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-13 08:37 - 2014-01-30 22:46 - 01593564 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-11-13 08:35 - 2014-02-03 15:34 - 00000000 ____D C:\Program Files\Windows Journal
2015-11-10 18:33 - 2015-05-16 12:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-11-10 18:33 - 2014-08-19 03:44 - 00000000 ____D C:\ProgramData\Package Cache
2015-11-09 18:32 - 2015-05-16 12:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-11-01 20:08 - 2015-10-25 21:10 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-11-01 20:08 - 2015-07-05 19:31 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2015-05-25 17:00 - 2015-05-25 17:00 - 16342352 _____ (Geek Software GmbH                                          ) C:\Program Files (x86)\pdf24-creator-6.9.2.exe
2015-05-21 06:48 - 2015-05-21 06:48 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-08-19 03:53 - 2014-08-19 03:53 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-08-19 03:58 - 2014-08-19 03:59 - 0000107 _____ () C:\ProgramData\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}.log
2014-08-19 03:56 - 2014-08-19 03:57 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2014-08-19 03:57 - 2014-08-19 03:58 - 0000110 _____ () C:\ProgramData\{B7A0CE06-068E-11D6-97FD-0050BACBF861}.log
2014-08-19 03:58 - 2014-08-19 03:58 - 0000115 _____ () C:\ProgramData\{D6E853EC-8960-4D44-AF03-7361BB93227C}.log

Einige Dateien in TEMP:
====================
C:\Users\Marie-Luise\AppData\Local\Temp\avgnt.exe
C:\Users\Marie-Luise\AppData\Local\Temp\sqlite3.dll


Einige mit null Byte Größe Dateien/Ordner:
==========================
C:\Windows\SysWOW64\dlumd10.dll
C:\Windows\SysWOW64\dlumd11.dll
C:\Windows\SysWOW64\dlumd9.dll
C:\Windows\System32\dlumd10.dll
C:\Windows\System32\dlumd11.dll
C:\Windows\System32\dlumd9.dll

==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-09-25 15:01

==================== Ende von FRST.txt ============================
         
Und hier die Addition:
Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:29-11-2015
durchgeführt von Marie-Luise (2015-11-29 21:19:32)
Gestartet von C:\Users\Marie-Luise\Desktop
Windows 7 Professional Service Pack 1 (X64) (2015-05-05 18:38:17)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-1401465016-1591747146-3379758321-500 - Administrator - Disabled)
Gast (S-1-5-21-1401465016-1591747146-3379758321-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1401465016-1591747146-3379758321-1002 - Limited - Enabled)
Marie-Luise (S-1-5-21-1401465016-1591747146-3379758321-1001 - Administrator - Enabled) => C:\Users\Marie-Luise

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.009.20077 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.180 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.13.210 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{59c4462d-a177-4d44-a95b-deda1be79844}) (Version: 1.1.49.18939 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.49.18939 - Avira Operations GmbH & Co. KG) Hidden
Bing Bar (HKLM-x32\...\{3611CA6C-5FCA-4900-A329-6A118123CCFC}) (Version: 7.1.355.0 - Microsoft Corporation)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.64.62.50 - Conexant)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
DisplayLink Core Software (HKLM\...\{BB07E020-7224-4EC3-864E-2AA0BF42A7DD}) (Version: 7.4.51572.0 - DisplayLink Corp.)
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 16.1.20150424 - Landesfinanzdirektion Thüringen)
Energie-Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.64.1 - Lenovo Group Limited)
HP Officejet 6700 - Grundlegende Software für das Gerät (HKLM\...\{9086D601-50B7-491D-A143-28193DADE36B}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 6700 Hilfe (HKLM-x32\...\{E1AE0CB7-1333-4728-8520-CB3F88A252B4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Integrated Camera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 5.13.911.3 - Vimicro)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.10.1372 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3272 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 3.0.1332.1) (HKLM\...\{302600C1-6BDF-4FD1-1307-148929CC1385}) (Version: 3.1.1307.0366 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Intel(R) Update Manager (x32 Version: 1.6.3.70 - Intel Corporation) Hidden
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.2.32 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{F949AE30-83D1-41B2-92D2-F44478DD058A}) (Version: 4.2.24.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{7e493493-a430-4b7b-b8a2-48d61599e220}) (Version: 17.0.0 - Intel Corporation)
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 2.10 - )
Lenovo Fingerprint Manager (HKLM\...\{D6006D3A-B3F5-48DC-8CC0-D353912379F3}) (Version: 4.5.289.0 - Synaptics)
Lenovo Fingerprint Manager (HKLM\...\{F7AB2C19-6A27-4C75-A92A-8CC7C59E5FA2}) (Version: 4.5.289.0 - )
Lenovo Patch Utility (x32 Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.04 - )
Lenovo Solution Center (HKLM\...\{E92E1FF1-B188-43FE-BECA-2248E227E67D}) (Version: 2.8.005.00 - Lenovo Group Limited)
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.07.0013 - Lenovo)
Lenovo USB Graphics (HKLM\...\{7257526E-B74A-488E-BA2E-56327482B06B}) (Version: 7.4.51587.0 - Lenovo)
Lenovo USB3.0 to DVI VGA Monitor Adapter (HKLM-x32\...\{454D32AD-C149-49BE-9F2E-8C089C3D6620}) (Version: 1.07.15 - Lenovo)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0009.00 - Lenovo Group Limited)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0011.00 - Lenovo)
Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office Home and Student 2016 - de-de (HKLM\...\HomeStudentRetail - de-de) (Version: 16.0.6001.1038 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\...\OneDriveSetup.exe) (Version: 17.3.5951.0827 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{e6e75766-da0f-4ba2-9788-6ea593ce702d}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 11.302.09.04.382 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 42.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 de)) (Version: 42.0 - Mozilla)
Mozilla Thunderbird 31.7.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.7.0 (x86 de)) (Version: 31.7.0 - Mozilla)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6001.1038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6001.1038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6001.1038 - Microsoft Corporation) Hidden
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
PDF24 Creator 6.9.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.21234 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.73.618.2013 - Realtek)
Sony PC Companion 2.10.259 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.259 - Sony)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 18.0.7.40 - Synaptics Incorporated)
Thinkpad USB 3.0 Ethernet Adapter Driver (HKLM-x32\...\{D8102684-7BA1-4948-88B9-535F84E6E588}) (Version: 7.4.911.2013 - Lenovo)
ThinkVantage System für aktiven Festplattenschutz (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.78.0.11 - Lenovo)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows-Treiberpaket - Intel Corporation (iaStorA) HDC  (08/01/2013 12.8.0.1016) (HKLM\...\C8A921233C0C441A4E4EAABC2AB08C872FD77A6E) (Version: 08/01/2013 12.8.0.1016 - Intel Corporation)
Windows-Treiberpaket - Lenovo 1.67.04.04 (11/07/2013 1.67.04.04) (HKLM\...\70FB73D983446AEE2932B0ED51A770D1BD1348DA) (Version: 11/07/2013 1.67.04.04 - Lenovo)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Wiederherstellungspunkte =========================

13-10-2015 19:55:45 Windows Update
11-11-2015 21:42:10 Windows Update
13-11-2015 08:29:39 Windows Update
13-11-2015 08:34:45 Windows Update
14-11-2015 17:47:36 Windows Update
15-11-2015 21:57:56 Windows Update
17-11-2015 18:31:47 Free Antivirus - 17.11.2015 18:31

==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {16A98A40-6353-410F-BD28-5345C3E2DBFE} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2015-08-17] ()
Task: {170F753F-2D86-4F1F-9CE1-4AA1A116B757} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2015-08-17] (Lenovo)
Task: {2EFA6B85-313D-4DD0-B0EC-F2F364F27095} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {474F4629-0DE0-49C2-9D0C-EBF7918BE7D0} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2015-09-29] ()
Task: {4E62F553-C70D-4BC3-B8D2-453C72CBEFF9} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\Bootstrap.exe [2013-07-18] (Intel Corporation)
Task: {5F6F5F29-C047-400D-BD94-3D79F9F6CB0E} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PwmIdTsv.exe [2013-10-21] (Lenovo Group Limited)
Task: {7B3C18C9-06C4-485E-AEE2-91B94C98115F} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\Bootstrap.exe [2013-07-18] (Intel Corporation)
Task: {B2853026-549C-413A-AA6D-1DAF46B17F70} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2015-11-01] (Microsoft Corporation)
Task: {B9E972D3-A324-4B34-9048-0E6C4FC35A6E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2015-11-01] (Microsoft Corporation)
Task: {BDB79BDC-99DF-47C8-9513-0EFF6CD0C369} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2015-08-17] (Lenovo)
Task: {C3D0177B-A8A2-4DEE-B8BD-BDC9EAFD18DC} - System32\Tasks\StartPowerDVDService => C:\PROGRAM FILES (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe
Task: {CD821E1D-24FE-4AC5-AE1D-F3A372670DF9} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2015-08-17] ()
Task: {D29C9B0D-7B4F-442B-996D-3F2C93DED596} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2015-08-17] (Lenovo)
Task: {D5E0EB99-D92E-4F82-8685-FC48AC7298EE} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {E9CB273F-6CEF-4BA3-87EC-C20EE48E7600} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-15] (Adobe Systems Incorporated)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2015-10-02 18:45 - 2015-11-01 02:11 - 00161448 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2010-05-08 12:48 - 2010-05-08 12:48 - 00229376 _____ () C:\ProgramData\DatacardService\DCService.exe
2014-08-19 03:51 - 2013-10-21 23:04 - 00117248 ____N () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL
2014-08-19 03:45 - 2010-10-26 05:40 - 00049056 _____ () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
2014-08-19 03:39 - 2013-05-16 09:05 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-05-16 22:15 - 2015-05-07 21:20 - 03350640 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2015-05-16 22:15 - 2015-05-07 21:20 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2015-05-16 22:15 - 2015-05-07 21:20 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\Windows:nlsPreferences

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)


==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{19CCF886-E8AC-4BE6-8588-095562D3E5F8}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{E6EE83DD-7E36-419E-9EAD-11E70FF5AC53}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{78EE11AE-7BAF-4D29-9A6B-D2DC562442FD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F8B03271-CC30-4390-B53F-321E951E6ECB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A3A91B0D-E7FA-477D-AC4E-3E9B2CCAE2B6}] => (Allow) C:\Program Files\HP\HP Officejet 6700\bin\FaxApplications.exe
FirewallRules: [{584F2355-8676-46E0-9165-282BAFE01DDC}] => (Allow) C:\Program Files\HP\HP Officejet 6700\bin\DigitalWizards.exe
FirewallRules: [{17525D02-32D4-4C7B-8D25-7D7E990BAECB}] => (Allow) C:\Program Files\HP\HP Officejet 6700\bin\SendAFax.exe
FirewallRules: [{C5EAB0C6-B0D9-4803-92E6-E3338DFEDD26}] => (Allow) C:\Program Files\HP\HP Officejet 6700\Bin\DeviceSetup.exe
FirewallRules: [{E3B484FE-6055-466D-B607-E6B57FF8676B}] => (Allow) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe
FirewallRules: [{0048073E-4041-42F9-94E3-F25516F9143D}] => (Allow) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{3D2F336D-7117-49FD-B8A2-FC194C9598F5}] => (Allow) C:\Users\Marie-Luise\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [{9D60C568-89F2-42DB-9DEC-7D1704875119}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E921CD51-E941-4B81-A1A6-C79D2F14FDCA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3C7F4936-989A-4354-81B0-7FA153E46F75}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{F808B78E-F593-47C1-B7ED-C600D8D5916B}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (11/29/2015 08:21:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/29/2015 07:32:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/28/2015 08:47:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/27/2015 06:52:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/25/2015 10:54:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/25/2015 09:51:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/24/2015 06:30:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/22/2015 01:21:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/19/2015 09:06:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/19/2015 06:44:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


Systemfehler:
=============
Error: (11/29/2015 08:20:33 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎29.‎11.‎2015 um 20:19:30 unerwartet heruntergefahren.

Error: (11/29/2015 08:19:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Druckwarteschlange" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (11/29/2015 08:19:59 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "Spooler" konnte sich nicht als "NT AUTHORITY\SYSTEM" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%50

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (11/29/2015 08:19:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (11/29/2015 08:19:59 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "WSearch" konnte sich nicht als "NT AUTHORITY\SYSTEM" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%50

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (11/29/2015 08:19:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (11/29/2015 08:19:59 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "WMPNetworkSvc" konnte sich nicht als "NT AUTHORITY\NetworkService" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%50

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (11/29/2015 08:19:58 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Lenovo PM Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (11/29/2015 08:19:57 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.

Modulpfad: C:\Windows\System32\IWMSSvc.dll

Error: (11/29/2015 08:19:29 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "MBAMScheduler" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i3-4100M CPU @ 2.50GHz
Prozentuale Nutzung des RAM: 61%
Installierter physikalischer RAM: 3810.46 MB
Verfügbarer physikalischer RAM: 1459.78 MB
Summe virtueller Speicher: 7619.12 MB
Verfügbarer virtueller Speicher: 4434.14 MB

==================== Laufwerke ================================

Drive c: (Windows7_OS) (Fixed) (Total:301.89 GB) (Free:248.94 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive d: (Volume) (Fixed) (Total:146.48 GB) (Free:120.8 GB) NTFS
Drive q: (Lenovo_Recovery) (Fixed) (Total:15.92 GB) (Free:4.03 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 49FC2C21)
Partition 1: (Active) - (Size=1.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=301.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=146.5 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=15.9 GB) - (Type=07 NTFS)

==================== Ende von Addition.txt ============================
         
__________________

Alt 29.11.2015, 20:48   #4
Marie Schauk
 
Windows7: Trojaner, registy befallen, HKU, HKCU - Standard

Windows7: Trojaner, registy befallen, HKU, HKCU



Und hier die logfile von TDSS
Code:
ATTFilter
21:24:07.0173 0x13e8  TDSS rootkit removing tool 3.1.0.6 Nov 16 2015 12:17:23
21:24:13.0210 0x13e8  ============================================================
21:24:13.0210 0x13e8  Current date / time: 2015/11/29 21:24:13.0210
21:24:13.0210 0x13e8  SystemInfo:
21:24:13.0210 0x13e8  
21:24:13.0210 0x13e8  OS Version: 6.1.7601 ServicePack: 1.0
21:24:13.0210 0x13e8  Product type: Workstation
21:24:13.0210 0x13e8  ComputerName: MARIE-NOTEBOOK
21:24:13.0210 0x13e8  UserName: Marie-Luise
21:24:13.0210 0x13e8  Windows directory: C:\Windows
21:24:13.0210 0x13e8  System windows directory: C:\Windows
21:24:13.0210 0x13e8  Running under WOW64
21:24:13.0210 0x13e8  Processor architecture: Intel x64
21:24:13.0210 0x13e8  Number of processors: 4
21:24:13.0210 0x13e8  Page size: 0x1000
21:24:13.0210 0x13e8  Boot type: Normal boot
21:24:13.0210 0x13e8  ============================================================
21:24:13.0398 0x13e8  KLMD registered as C:\Windows\system32\drivers\09129714.sys
21:24:14.0006 0x13e8  System UUID: {4A4C0AD2-3B98-8D29-1106-303787C730DD}
21:24:14.0927 0x13e8  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:24:14.0942 0x13e8  ============================================================
21:24:14.0942 0x13e8  \Device\Harddisk0\DR0:
21:24:14.0942 0x13e8  MBR partitions:
21:24:14.0942 0x13e8  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2EE000
21:24:14.0942 0x13e8  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x25BC8800
21:24:14.0958 0x13e8  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x25EB7800, BlocksNum 0x124F8000
21:24:14.0958 0x13e8  \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x383AF800, BlocksNum 0x1FD6000
21:24:14.0958 0x13e8  ============================================================
21:24:15.0005 0x13e8  C: <-> \Device\Harddisk0\DR0\Partition2
21:24:15.0051 0x13e8  Q: <-> \Device\Harddisk0\DR0\Partition4
21:24:15.0098 0x13e8  D: <-> \Device\Harddisk0\DR0\Partition3
21:24:15.0098 0x13e8  ============================================================
21:24:15.0098 0x13e8  Initialize success
21:24:15.0098 0x13e8  ============================================================
21:24:21.0869 0x0204  ============================================================
21:24:21.0869 0x0204  Scan started
21:24:21.0869 0x0204  Mode: Manual; 
21:24:21.0869 0x0204  ============================================================
21:24:21.0869 0x0204  KSN ping started
21:24:35.0367 0x0204  KSN ping finished: true
21:24:37.0459 0x0204  ================ Scan system memory ========================
21:24:37.0459 0x0204  System memory - ok
21:24:37.0460 0x0204  ================ Scan services =============================
21:24:37.0592 0x0204  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
21:24:37.0596 0x0204  1394ohci - ok
21:24:37.0629 0x0204  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
21:24:37.0634 0x0204  ACPI - ok
21:24:37.0638 0x0204  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
21:24:37.0639 0x0204  AcpiPmi - ok
21:24:37.0739 0x0204  [ 5DB2C6B908C50767E2EDAA294A7566B5, 13AE4879D679BB0C6B2A5A5B13910359815A9D2E569BC1DE740B5A387A78CF33 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:24:37.0743 0x0204  AdobeARMservice - ok
21:24:37.0864 0x0204  [ 280A526E8111AC6A5BCC1A059E1E0340, FB92DDAE29A097D148AB23D8A0BD2B9E662EC1DBF0DA8B716374D6919B4C646F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:24:37.0876 0x0204  AdobeFlashPlayerUpdateSvc - ok
21:24:37.0901 0x0204  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
21:24:37.0910 0x0204  adp94xx - ok
21:24:37.0943 0x0204  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
21:24:37.0950 0x0204  adpahci - ok
21:24:37.0960 0x0204  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
21:24:37.0965 0x0204  adpu320 - ok
21:24:37.0994 0x0204  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
21:24:37.0995 0x0204  AeLookupSvc - ok
21:24:38.0050 0x0204  [ 9A4A1EEE802BF2F878EE8EAB407B21B7, 177EB7DF4B35FE4C0E45E775A0FD5D48D39B410052E3EE18BDEEC809E152D9D8 ] AFD             C:\Windows\system32\drivers\afd.sys
21:24:38.0058 0x0204  AFD - ok
21:24:38.0074 0x0204  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
21:24:38.0075 0x0204  agp440 - ok
21:24:38.0080 0x0204  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
21:24:38.0081 0x0204  ALG - ok
21:24:38.0086 0x0204  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
21:24:38.0087 0x0204  aliide - ok
21:24:38.0091 0x0204  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
21:24:38.0091 0x0204  amdide - ok
21:24:38.0095 0x0204  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
21:24:38.0097 0x0204  AmdK8 - ok
21:24:38.0103 0x0204  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
21:24:38.0105 0x0204  AmdPPM - ok
21:24:38.0111 0x0204  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
21:24:38.0113 0x0204  amdsata - ok
21:24:38.0120 0x0204  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
21:24:38.0123 0x0204  amdsbs - ok
21:24:38.0128 0x0204  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
21:24:38.0129 0x0204  amdxata - ok
21:24:38.0236 0x0204  [ 6B31C215750CD41567E962D22839EE44, FF0B92807296B88DE37F9F2EB27FF7B73AA998B98074AA54A949A2B79690AFE5 ] AntiVirMailService C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe
21:24:38.0262 0x0204  AntiVirMailService - ok
21:24:38.0349 0x0204  [ 18B0643B3B504E0FDCFCE0C8743B29C7, 1D4C004AD5066F52A4AA039F5364814F8F6B04EC1F704A5A3110172AD465661C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\Antivirus\sched.exe
21:24:38.0366 0x0204  AntiVirSchedulerService - ok
21:24:38.0420 0x0204  [ 18B0643B3B504E0FDCFCE0C8743B29C7, 1D4C004AD5066F52A4AA039F5364814F8F6B04EC1F704A5A3110172AD465661C ] AntiVirService  C:\Program Files (x86)\Avira\Antivirus\avguard.exe
21:24:38.0429 0x0204  AntiVirService - ok
21:24:38.0490 0x0204  [ D84E576299C73B0B1DC477D2B99958C4, D6703C2B63B9FA87C2DA009CC7B6DF76C3603C6A9874B152D685A1B92EE2DF28 ] AntiVirWebService C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe
21:24:38.0510 0x0204  AntiVirWebService - ok
21:24:38.0560 0x0204  [ 27DABFB4A6B0140C34DBEC713469592B, A355170D353AFBF0DE4EF53282F8404788FBBD0E2A1B7282B1B2925923E83141 ] AppID           C:\Windows\system32\drivers\appid.sys
21:24:38.0562 0x0204  AppID - ok
21:24:38.0654 0x0204  [ ABC373B9C6275D45F17DB559408FFD1B, 12B355393BEBE2D1D24D7A9DA5E69E03E334899407503BC1CADCF7BE39828223 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
21:24:38.0657 0x0204  AppIDSvc - ok
21:24:38.0704 0x0204  [ 978DC0A1FBE9CC91B21B40AF66CB396A, 90BAFF81D98F5AFD743D8BD65F716666A7A7BD2DA612492E03C79B29E9A0F8C2 ] Appinfo         C:\Windows\System32\appinfo.dll
21:24:38.0709 0x0204  Appinfo - ok
21:24:38.0735 0x0204  [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt         C:\Windows\System32\appmgmts.dll
21:24:38.0742 0x0204  AppMgmt - ok
21:24:38.0751 0x0204  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
21:24:38.0754 0x0204  arc - ok
21:24:38.0762 0x0204  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
21:24:38.0767 0x0204  arcsas - ok
21:24:38.0838 0x0204  [ 108FB6DDB69E537A2EA53F425363FAE5, B12A9F5338D39805E08A44A335FF7AA77F2266F535A2F5C8412CC746C75E5B1D ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
21:24:38.0859 0x0204  aspnet_state - ok
21:24:38.0871 0x0204  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
21:24:38.0873 0x0204  AsyncMac - ok
21:24:38.0879 0x0204  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
21:24:38.0881 0x0204  atapi - ok
21:24:38.0927 0x0204  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:24:38.0946 0x0204  AudioEndpointBuilder - ok
21:24:38.0964 0x0204  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv        C:\Windows\System32\Audiosrv.dll
21:24:38.0977 0x0204  AudioSrv - ok
21:24:39.0002 0x0204  [ 03C6DEB5C74C8140C2167677DBE2F79A, D5C727B007C5B486DECE1A1B83D8155299DD7CB46DC8208CE9185C5BAE5CC33A ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
21:24:39.0005 0x0204  avgntflt - ok
21:24:39.0035 0x0204  [ 043E5F34C3878C844568658B79B3E55C, D13D8FC5205562E02F252C0EE1AB2236C9212445D6EC3715041EBDF993CB467F ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
21:24:39.0037 0x0204  avipbb - ok
21:24:39.0147 0x0204  [ 6C4B9A2FF6924405E9ABFB558049D4DD, 9AB314B9ECF41832589726556A93CEAAE2AE774B1738A46A027E833B73A72118 ] Avira.ServiceHost C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
21:24:39.0160 0x0204  Avira.ServiceHost - ok
21:24:39.0175 0x0204  [ 390184FAD8FCC1B6DA25AEBAE928C3B6, 537B0E0FAE080B55D70E990BBA0F7F22903CA340F6A42039BAD617A8ECF59119 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
21:24:39.0177 0x0204  avkmgr - ok
21:24:39.0204 0x0204  [ 080860E03F0219AF0A0377A02292741F, F0A151509BFEBFE639CC15388847EB2EDA298CFAE0AC4A1358A1472F42320249 ] avnetflt        C:\Windows\system32\DRIVERS\avnetflt.sys
21:24:39.0208 0x0204  avnetflt - ok
21:24:39.0237 0x0204  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
21:24:39.0241 0x0204  AxInstSV - ok
21:24:39.0300 0x0204  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
21:24:39.0320 0x0204  b06bdrv - ok
21:24:39.0331 0x0204  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
21:24:39.0338 0x0204  b57nd60a - ok
21:24:39.0400 0x0204  [ 4BEFF67C1775D353A16A62347E727874, 62363C5E5F4BF049A3E49FADA8CB17269945056ACADB319FDC4F05B74E2553C8 ] BBSvc           C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BBSvc.exe
21:24:39.0405 0x0204  BBSvc - ok
21:24:39.0465 0x0204  [ A6DAAD3EA93DBDBD07FA821BCED133F6, 8F33D4E4B82091D09E62FD5487C88F3DF0DAC31FCBB846183CC4020533A131DE ] BBUpdate        C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.exe
21:24:39.0471 0x0204  BBUpdate - ok
21:24:39.0484 0x0204  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
21:24:39.0487 0x0204  BDESVC - ok
21:24:39.0492 0x0204  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
21:24:39.0493 0x0204  Beep - ok
21:24:39.0538 0x0204  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
21:24:39.0553 0x0204  BFE - ok
21:24:39.0603 0x0204  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
21:24:39.0621 0x0204  BITS - ok
21:24:39.0626 0x0204  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
21:24:39.0627 0x0204  blbdrive - ok
21:24:39.0736 0x0204  [ E7429ECD0C47CC065EEACF7E9D0E6341, 10D8231E14C908A0949108EB5F84E17BA10ABFC370D0C5F65945B23879AB12BF ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
21:24:39.0789 0x0204  Bluetooth Device Monitor - ok
21:24:39.0849 0x0204  [ 0F432B34D80351EFC5E35F14D9798CFD, 591D913E069C1C69212A7742D7182E24E669FE7B50680D8D337F32CF9F72B163 ] Bluetooth Media Service C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
21:24:39.0886 0x0204  Bluetooth Media Service - ok
21:24:39.0934 0x0204  [ 96924B1D3060B0C0FFD77D01CB234D9F, 2A02EEC4092646A0BD26B8E8BA8B75F82EB6F46003C56C9A838E412006457DD2 ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
21:24:39.0968 0x0204  Bluetooth OBEX Service - ok
21:24:39.0999 0x0204  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
21:24:40.0002 0x0204  bowser - ok
21:24:40.0007 0x0204  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
21:24:40.0008 0x0204  BrFiltLo - ok
21:24:40.0014 0x0204  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
21:24:40.0015 0x0204  BrFiltUp - ok
21:24:40.0033 0x0204  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
21:24:40.0037 0x0204  Browser - ok
21:24:40.0053 0x0204  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
21:24:40.0061 0x0204  Brserid - ok
21:24:40.0071 0x0204  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
21:24:40.0073 0x0204  BrSerWdm - ok
21:24:40.0081 0x0204  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
21:24:40.0082 0x0204  BrUsbMdm - ok
21:24:40.0092 0x0204  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
21:24:40.0092 0x0204  BrUsbSer - ok
21:24:40.0139 0x0204  [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum         C:\Windows\system32\DRIVERS\BthEnum.sys
21:24:40.0141 0x0204  BthEnum - ok
21:24:40.0146 0x0204  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
21:24:40.0149 0x0204  BTHMODEM - ok
21:24:40.0163 0x0204  [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
21:24:40.0167 0x0204  BthPan - ok
21:24:40.0201 0x0204  [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
21:24:40.0213 0x0204  BTHPORT - ok
21:24:40.0218 0x0204  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
21:24:40.0221 0x0204  bthserv - ok
21:24:40.0234 0x0204  [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
21:24:40.0236 0x0204  BTHUSB - ok
21:24:40.0253 0x0204  [ 5B8D71504FA8BFA308F6E1169B89D322, 1DC0CF47C5F655EA0F0992020C17A86D05637F55ACBB17380283EBB883A4D14D ] btmaux          C:\Windows\system32\DRIVERS\btmaux.sys
21:24:40.0257 0x0204  btmaux - ok
21:24:40.0305 0x0204  [ D66F3A4F11E42142722DCF9DC5A451D6, 6576421E24ABB4F0A7B5EFB5CF6F9C6F510AFDD0087415D57A5ABBB0866B3E39 ] btmhsf          C:\Windows\system32\DRIVERS\btmhsf.sys
21:24:40.0346 0x0204  btmhsf - ok
21:24:40.0355 0x0204  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
21:24:40.0358 0x0204  cdfs - ok
21:24:40.0365 0x0204  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
21:24:40.0369 0x0204  cdrom - ok
21:24:40.0414 0x0204  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
21:24:40.0417 0x0204  CertPropSvc - ok
21:24:40.0421 0x0204  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
21:24:40.0422 0x0204  circlass - ok
21:24:40.0442 0x0204  [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS            C:\Windows\system32\CLFS.sys
21:24:40.0452 0x0204  CLFS - ok
21:24:40.0692 0x0204  [ 2CE5D5AEE7EC90FE0CF8A8FBBB1B1A6C, E93E8362FB1D173D8F15C753190CF41474C183A667AF90378389563A70D93864 ] ClickToRunSvc   C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
21:24:40.0759 0x0204  ClickToRunSvc - ok
21:24:40.0820 0x0204  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:24:40.0822 0x0204  clr_optimization_v2.0.50727_32 - ok
21:24:40.0852 0x0204  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:24:40.0856 0x0204  clr_optimization_v2.0.50727_64 - ok
21:24:40.0897 0x0204  [ 6D7C8A951AF6AD6835C029B3CB88D333, 66F3D79887B2449B4C6912D1A258D1A96056888F51A8AA24FEDF37942AD5BDBB ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:24:40.0926 0x0204  clr_optimization_v4.0.30319_32 - ok
21:24:40.0942 0x0204  [ 86329C35FF23CFEF0FB6C0023BA06BCE, D915CE7AD564F97A1C3B047D5248B7EF67ADDC59687FBC90F1776C21DAA0D3FD ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:24:40.0948 0x0204  clr_optimization_v4.0.30319_64 - ok
21:24:40.0953 0x0204  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
21:24:40.0954 0x0204  CmBatt - ok
21:24:40.0958 0x0204  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
21:24:40.0959 0x0204  cmdide - ok
21:24:40.0997 0x0204  [ EC0511BB85BAA42A9734011685A6732C, 10B52F0860CCB3AA0FC34DDA5C5538BFCF7B6D40738B7756297237FD2D9E01C1 ] CNG             C:\Windows\system32\Drivers\cng.sys
21:24:41.0010 0x0204  CNG - ok
21:24:41.0119 0x0204  [ CE6D6C023F23F968ABF03892972A9DCF, EBF415F15A30ED76C1D416D3D7E2D0558273DF08A134BFEF108BBE2410803ECC ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
21:24:41.0173 0x0204  CnxtHdAudService - ok
21:24:41.0179 0x0204  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
21:24:41.0180 0x0204  Compbatt - ok
21:24:41.0199 0x0204  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
21:24:41.0201 0x0204  CompositeBus - ok
21:24:41.0212 0x0204  COMSysApp - ok
21:24:41.0278 0x0204  [ 76FE8C1490B70250921EC88D833742D0, 19625C894E457300641456F5BE0AEB8A7AE96661B5DE49EE772E2621FAAB92AA ] cphs            C:\Windows\SysWow64\IntelCpHeciSvc.exe
21:24:41.0285 0x0204  cphs - ok
21:24:41.0293 0x0204  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
21:24:41.0295 0x0204  crcdisk - ok
21:24:41.0317 0x0204  [ 1CD76A83B9E8E9A5A3519B39E28354D9, F9931743B99820FFBFB13136DFFD92F86802D543F9D8478648CDC554FB38899D ] CryptSvc        C:\Windows\system32\cryptsvc.dll
21:24:41.0320 0x0204  CryptSvc - ok
21:24:41.0353 0x0204  [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC             C:\Windows\system32\drivers\csc.sys
21:24:41.0364 0x0204  CSC - ok
21:24:41.0383 0x0204  [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService      C:\Windows\System32\cscsvc.dll
21:24:41.0396 0x0204  CscService - ok
21:24:41.0573 0x0204  [ 426B2624A1669D233BAB6C4AC5E9432E, C03746D04094FAEA0650032447667055E7C7D1094581D4C1EB414D22A164CA99 ] CxAudMsg        C:\Windows\system32\CxAudMsg64.exe
21:24:41.0580 0x0204  CxAudMsg - ok
21:24:41.0636 0x0204  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
21:24:41.0649 0x0204  DcomLaunch - ok
21:24:41.0779 0x0204  [ CC8B5C964B777F4EC3E89F13B4B5FF0F, 75E161265CCFFCB61FCE855C9790E2E06531E6B1C3DCCB1E3018466D03AD3919 ] DCService.exe   C:\ProgramData\DatacardService\DCService.exe
21:24:41.0792 0x0204  DCService.exe - ok
21:24:41.0834 0x0204  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
21:24:41.0846 0x0204  defragsvc - ok
21:24:41.0854 0x0204  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
21:24:41.0858 0x0204  DfsC - ok
21:24:41.0886 0x0204  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
21:24:41.0893 0x0204  Dhcp - ok
21:24:41.0900 0x0204  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
21:24:41.0901 0x0204  discache - ok
21:24:41.0916 0x0204  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
21:24:41.0918 0x0204  Disk - ok
21:24:42.0196 0x0204  [ 260169AFE0247D3817DDD7EC6C6AD0BC, 2C0FB869A23AC18B7874899C5599691464C158E1881AD5EEEE95D6D0B182C9CF ] DisplayLinkService C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
21:24:42.0441 0x1844  Object required for P2P: [ 6C4B9A2FF6924405E9ABFB558049D4DD ] Avira.ServiceHost
21:24:42.0468 0x0204  DisplayLinkService - ok
21:24:42.0516 0x0204  [ 5DB085A8A6600BE6401F2B24EECB5415, 5FC5C7C1B4DB7BF6EFD0992E91DB41FD047E90D1ABA0B8F868CB72557F88FB13 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
21:24:42.0518 0x0204  dmvsc - ok
21:24:42.0535 0x0204  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
21:24:42.0541 0x0204  Dnscache - ok
21:24:42.0551 0x0204  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
21:24:42.0557 0x0204  dot3svc - ok
21:24:42.0569 0x0204  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
21:24:42.0573 0x0204  DPS - ok
21:24:42.0590 0x0204  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
21:24:42.0591 0x0204  drmkaud - ok
21:24:42.0751 0x0204  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
21:24:42.0779 0x0204  DXGKrnl - ok
21:24:42.0793 0x0204  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
21:24:42.0796 0x0204  EapHost - ok
21:24:42.0896 0x0204  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
21:24:42.0987 0x0204  ebdrv - ok
21:24:43.0015 0x0204  [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] EFS             C:\Windows\System32\lsass.exe
21:24:43.0018 0x0204  EFS - ok
21:24:43.0076 0x0204  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
21:24:43.0094 0x0204  ehRecvr - ok
21:24:43.0099 0x0204  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
21:24:43.0103 0x0204  ehSched - ok
21:24:43.0127 0x0204  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
21:24:43.0138 0x0204  elxstor - ok
21:24:43.0143 0x0204  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
21:24:43.0144 0x0204  ErrDev - ok
21:24:43.0177 0x0204  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
21:24:43.0186 0x0204  EventSystem - ok
21:24:43.0286 0x0204  [ 7876CB89775B67347797E04775B2FAF9, F62D2778F7399B04E3A0DDE2E87428AB92D9FA63FBDF943709BC38A94F0015E6 ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
21:24:43.0299 0x0204  EvtEng - ok
21:24:43.0349 0x0204  [ 23B79B19F49A037EBA4A9A3BB03ED91D, 2E0918B20188CBFAC0E64A5B36739DF4638A343553908888DFDD708743370F3F ] ewusbnet        C:\Windows\system32\DRIVERS\ewusbnet.sys
21:24:43.0356 0x0204  ewusbnet - ok
21:24:43.0382 0x0204  [ E2CBB821C7CAE0EF8B56DE28ED85C740, 4AB358FEBC7B57774B2DD54705FAD3F5E0308F1E1FECBED73231DCEF11CF7D3B ] ew_hwusbdev     C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
21:24:43.0386 0x0204  ew_hwusbdev - ok
21:24:43.0393 0x0204  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
21:24:43.0399 0x0204  exfat - ok
21:24:43.0407 0x0204  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
21:24:43.0411 0x0204  fastfat - ok
21:24:43.0451 0x0204  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
21:24:43.0469 0x0204  Fax - ok
21:24:43.0474 0x0204  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
21:24:43.0475 0x0204  fdc - ok
21:24:43.0489 0x0204  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
21:24:43.0491 0x0204  fdPHost - ok
21:24:43.0497 0x0204  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
21:24:43.0499 0x0204  FDResPub - ok
21:24:43.0504 0x0204  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
21:24:43.0507 0x0204  FileInfo - ok
21:24:43.0511 0x0204  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
21:24:43.0512 0x0204  Filetrace - ok
21:24:43.0515 0x0204  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
21:24:43.0516 0x0204  flpydisk - ok
21:24:43.0537 0x0204  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
21:24:43.0544 0x0204  FltMgr - ok
21:24:43.0597 0x0204  [ D5A775990A7C202A037378FDBCDB6141, 27AD242914FAFB7A27B3045C0F0F6AFE6873FE331A51D8BB29A63B5D84C72EFB ] FontCache       C:\Windows\system32\FntCache.dll
21:24:43.0629 0x0204  FontCache - ok
21:24:43.0655 0x0204  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:24:43.0657 0x0204  FontCache3.0.0.0 - ok
21:24:43.0661 0x0204  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
21:24:43.0663 0x0204  FsDepends - ok
21:24:43.0668 0x0204  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
21:24:43.0669 0x0204  Fs_Rec - ok
21:24:43.0678 0x0204  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
21:24:43.0683 0x0204  fvevol - ok
21:24:43.0700 0x0204  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
21:24:43.0701 0x0204  gagp30kx - ok
21:24:43.0735 0x0204  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
21:24:43.0751 0x0204  gpsvc - ok
21:24:43.0772 0x0204  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
21:24:43.0774 0x0204  hcw85cir - ok
21:24:43.0791 0x0204  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:24:43.0799 0x0204  HdAudAddService - ok
21:24:43.0833 0x0204  [ 12DED0995AE2BA68EBBE70E14A76EE02, 54A658F4E8D6D98594BE43289083AD4267EB6B3F99D789A75719DBCA5188E87F ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
21:24:43.0837 0x0204  HDAudBus - ok
21:24:43.0840 0x0204  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
21:24:43.0841 0x0204  HidBatt - ok
21:24:43.0848 0x0204  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
21:24:43.0850 0x0204  HidBth - ok
21:24:43.0854 0x0204  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
21:24:43.0856 0x0204  HidIr - ok
21:24:43.0872 0x0204  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
21:24:43.0873 0x0204  hidserv - ok
21:24:43.0878 0x0204  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
21:24:43.0879 0x0204  HidUsb - ok
21:24:43.0889 0x0204  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
21:24:43.0893 0x0204  hkmsvc - ok
21:24:43.0910 0x0204  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:24:43.0916 0x0204  HomeGroupListener - ok
21:24:43.0933 0x0204  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:24:43.0938 0x0204  HomeGroupProvider - ok
21:24:43.0943 0x0204  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
21:24:43.0945 0x0204  HpSAMD - ok
21:24:43.0987 0x0204  [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
21:24:44.0004 0x0204  HTTP - ok
21:24:44.0024 0x0204  [ 08B1A06A55F068A17A51BA26618CF50F, 8ADFC9D3003208A9B3BE12DCD1418A13C4D19E13E00EFEE556EF87B70F49B2E6 ] huawei_enumerator C:\Windows\system32\DRIVERS\ew_jubusenum.sys
21:24:44.0027 0x0204  huawei_enumerator - ok
21:24:44.0050 0x0204  [ 6E5CD3984742A922D0C183C7E82C3C94, EE350C8736F0AC6751E18694E1F1142477112C8C2D83347C1EE9483BEC0DA117 ] hwdatacard      C:\Windows\system32\DRIVERS\ewusbmdm.sys
21:24:44.0054 0x0204  hwdatacard - ok
21:24:44.0062 0x0204  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
21:24:44.0063 0x0204  hwpolicy - ok
21:24:44.0076 0x0204  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
21:24:44.0079 0x0204  i8042prt - ok
21:24:44.0117 0x0204  [ 57CD95DEB3529181BCC931DD2DFB2341, 03ACF906E4C3CF954F503900F42C7A60FCD5624772B90A956F032484146E42B7 ] iaStorA         C:\Windows\system32\DRIVERS\iaStorA.sys
21:24:44.0127 0x0204  iaStorA - ok
21:24:44.0145 0x0204  [ CE5CD8CBE940965867D507AB8EA2795A, 1CC2C23A1436E4C911DD3B942D8F6DABB7249AB04426F9AB6B6045034226DD25 ] iaStorF         C:\Windows\system32\DRIVERS\iaStorF.sys
21:24:44.0147 0x0204  iaStorF - ok
21:24:44.0160 0x0204  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
21:24:44.0169 0x0204  iaStorV - ok
21:24:44.0203 0x0204  [ B005844661028E11480D724A709CC298, DC738AA0246581814915160BA824C2DB9009E6CFCCDB6A268F08C8D13F52BEB0 ] IBMPMDRV        C:\Windows\system32\DRIVERS\ibmpmdrv.sys
21:24:44.0206 0x0204  IBMPMDRV - ok
21:24:44.0215 0x0204  [ ED802CE6B36E280401197F593634C1DD, 620F2D5F40B8E61DE606FC1B1B1DCDD12BE7431E065F9CB776FDCFF915B1D243 ] IBMPMSVC        C:\Windows\system32\ibmpmsvc.exe
21:24:44.0216 0x0204  IBMPMSVC - ok
21:24:44.0257 0x0204  [ 617EEDD27FB557C9D95D68096564C930, 59AA6F9884C9B504D5B524B6EFF8148669251085FAF12AE3634F0C753850CDC3 ] ibtusb          C:\Windows\system32\DRIVERS\ibtusb.sys
21:24:44.0260 0x0204  ibtusb - ok
21:24:44.0324 0x0204  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:24:44.0342 0x0204  idsvc - ok
21:24:44.0347 0x0204  IEEtwCollectorService - ok
21:24:44.0521 0x0204  [ AEF200DC087141A5F66A6B006D2F0FD4, A38A0684637D9FE58271D91B93184A72414948E35145D19246BF6FBC60E28B3C ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
21:24:44.0687 0x0204  igfx - ok
21:24:44.0697 0x0204  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
21:24:44.0698 0x0204  iirsp - ok
21:24:44.0738 0x0204  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
21:24:44.0757 0x0204  IKEEXT - ok
21:24:44.0783 0x0204  [ 314285071F7117263BD246E35C17FD82, 12E135DAB9D717D697026800C97FB58A64C0C37ACE715C2805A411A5384CB55A ] intaud_WaveExtensible C:\Windows\system32\drivers\intelaud.sys
21:24:44.0786 0x0204  intaud_WaveExtensible - ok
21:24:44.0824 0x0204  [ EEE7376243CD8A4B49B885EF122D25E5, A3B89E7B513C95558C4DA41D3C136D464381263BA43E00EC136FC776DAA0BA94 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
21:24:44.0834 0x0204  IntcDAud - ok
21:24:44.0904 0x0204  [ DDA8E5AD97231AB50B81FED04C28F64C, 5C9E8F7CC45A9AE7FF12A02641562E271D84894DFA7C50218AC2AAA298251B60 ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
21:24:44.0921 0x0204  Intel(R) Capability Licensing Service Interface - ok
21:24:44.0923 0x1844  Object send P2P result: true
21:24:44.0948 0x0204  [ 86FE509640D77FB0998FC8B1FF5523C6, 13E895DEB9B84379251699D7E52C5E3FD888994425DE01B6C4634F9E959D5584 ] Intel(R) Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
21:24:44.0966 0x0204  Intel(R) Capability Licensing Service TCP IP Interface - ok
21:24:44.0971 0x0204  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
21:24:44.0972 0x0204  intelide - ok
21:24:44.0976 0x0204  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
21:24:44.0977 0x0204  intelppm - ok
21:24:44.0988 0x0204  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
21:24:44.0991 0x0204  IPBusEnum - ok
21:24:45.0001 0x0204  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:24:45.0004 0x0204  IpFilterDriver - ok
21:24:45.0033 0x0204  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
21:24:45.0047 0x0204  iphlpsvc - ok
21:24:45.0052 0x0204  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
21:24:45.0054 0x0204  IPMIDRV - ok
21:24:45.0058 0x0204  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
21:24:45.0061 0x0204  IPNAT - ok
21:24:45.0067 0x0204  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
21:24:45.0068 0x0204  IRENUM - ok
21:24:45.0071 0x0204  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
21:24:45.0072 0x0204  isapnp - ok
21:24:45.0093 0x0204  [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
21:24:45.0099 0x0204  iScsiPrt - ok
21:24:45.0117 0x0204  [ 72B203A1F805C07E920E537414A0EA5F, 7EFB2A397034FF3D451D1763865E8AA330D8D4656E7C6F8CDA6489868023C36E ] iusb3hcs        C:\Windows\system32\DRIVERS\iusb3hcs.sys
21:24:45.0119 0x0204  iusb3hcs - ok
21:24:45.0138 0x0204  [ 474BFFCF3214208C5FD440217D34FE6E, 181E4A091B24E8FBB9C1072E1FD2BABB1B0AD68D1112563A70A791FA3546D4CE ] iusb3hub        C:\Windows\system32\DRIVERS\iusb3hub.sys
21:24:45.0147 0x0204  iusb3hub - ok
21:24:45.0188 0x0204  [ 842A11F2020CD94A0120E61F902E3664, 464EDED37258A22AC38C007524E34ED1A795E5607FF8BD322455A8F76CB4BDCE ] iusb3xhc        C:\Windows\system32\DRIVERS\iusb3xhc.sys
21:24:45.0205 0x0204  iusb3xhc - ok
21:24:45.0217 0x0204  [ 4487AD9C070D3973FE28AB4406555FC6, 77D8DE3036613618D44D7E5E47C9C754B8F0FF294D9DD778C92A7AFDA8F778FC ] iwdbus          C:\Windows\system32\DRIVERS\iwdbus.sys
21:24:45.0219 0x0204  iwdbus - ok
21:24:45.0275 0x0204  [ 9BFDEFD51800A2D47D43919653F4BEF4, C7221D9F82F7F04343EDA6FE41A4EC4C97F6DC4170780AA3983C8735369A5026 ] jhi_service     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
21:24:45.0284 0x0204  jhi_service - ok
21:24:45.0290 0x0204  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
21:24:45.0292 0x0204  kbdclass - ok
21:24:45.0297 0x0204  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
21:24:45.0299 0x0204  kbdhid - ok
21:24:45.0342 0x0204  [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] KeyIso          C:\Windows\system32\lsass.exe
21:24:45.0345 0x0204  KeyIso - ok
21:24:45.0375 0x0204  [ BCC83F22805F560C8A487F2F296A78FE, B6729B9D85CC3B9377E3143FEF920EFAA82D152845A43074417E9266C9F5C1A8 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
21:24:45.0377 0x0204  KSecDD - ok
21:24:45.0391 0x0204  [ 33D52A96BEEE8AFCE9E07EEC9FE0C9DB, 5367B46A43296792A0E6294906D40511079D5CAA23F08D5A7EDE02C06AD34484 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
21:24:45.0396 0x0204  KSecPkg - ok
21:24:45.0414 0x0204  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
21:24:45.0416 0x0204  ksthunk - ok
21:24:45.0449 0x0204  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
21:24:45.0457 0x0204  KtmRm - ok
21:24:45.0484 0x0204  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
21:24:45.0491 0x0204  LanmanServer - ok
21:24:45.0507 0x0204  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:24:45.0512 0x0204  LanmanWorkstation - ok
21:24:45.0549 0x0204  [ D253E6009F05776F505F96866CCF460F, 8A39E77B4FC780BB9C6C8A892603248D87ED70255BF9BED0218BE2420B5E8C53 ] Lenovo.VIRTSCRLSVC C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
21:24:45.0555 0x0204  Lenovo.VIRTSCRLSVC - ok
21:24:45.0573 0x0204  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
21:24:45.0578 0x0204  lltdio - ok
21:24:45.0614 0x0204  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
21:24:45.0624 0x0204  lltdsvc - ok
21:24:45.0640 0x0204  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
21:24:45.0643 0x0204  lmhosts - ok
21:24:45.0683 0x0204  [ 9FE032AD8751C5DDCF01DE26C1EE84BC, FAE072D7FCAED0987EA7D822238521A7CF96662F8EFD154515EA2A6C5B4E64F5 ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
21:24:45.0694 0x0204  LMS - ok
21:24:45.0784 0x0204  [ CE87E8E09273791172F7A1C60B225648, 03AB8A69C5A58FD3BCFF9E36FF83338B6866D82E4E550CD7CED686C4CC096DC1 ] LSCWinService   C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe
21:24:45.0790 0x0204  LSCWinService - ok
21:24:45.0824 0x0204  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
21:24:45.0829 0x0204  LSI_FC - ok
21:24:45.0834 0x0204  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
21:24:45.0836 0x0204  LSI_SAS - ok
21:24:45.0842 0x0204  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
21:24:45.0844 0x0204  LSI_SAS2 - ok
21:24:45.0861 0x0204  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
21:24:45.0865 0x0204  LSI_SCSI - ok
21:24:45.0870 0x0204  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
21:24:45.0873 0x0204  luafv - ok
21:24:45.0903 0x0204  [ CFBC6C6D8A492697CABD1D353EE64933, DDAA844908324740C891EB8F08E2A8BB00457063B31C4A762745C1C2415FC12D ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
21:24:45.0905 0x0204  MBAMProtector - ok
21:24:46.0018 0x0204  [ AB176B9E59C0435499D83047D84EDD59, 85B826A3972CE9AD885313B69B9C60328B850257667D0EB65DDE890D0BB06361 ] MBAMScheduler   C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
21:24:46.0072 0x0204  MBAMScheduler - ok
21:24:46.0138 0x0204  [ 40C126CB15FAB7D6C66490DCA9C1AED2, B32CEE2D2409232C245427D5E9647FDF59AF1D8AB5E8A98EE2D1F1314599FD14 ] MBAMService     C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
21:24:46.0172 0x0204  MBAMService - ok
21:24:46.0213 0x0204  [ 78488AF2AB2111D67B3C4044707A519B, 7AA71B9C4C7949A1A21F60EF7CCEDE0079794990696B60557B5DC86F4D47223A ] MBAMSwissArmy   C:\Windows\system32\drivers\MBAMSwissArmy.sys
21:24:46.0229 0x0204  MBAMSwissArmy - ok
21:24:46.0250 0x0204  [ D61070CFAD43038DC56AEAD9BFE9CE2A, BD77AEF60E7FD2015CB14A464799304359547146C14A47F8D25274ACFA2E42D5 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
21:24:46.0252 0x0204  MBAMWebAccessControl - ok
21:24:46.0322 0x0204  [ 1704A8189EE5580AB147CFD25C5C8770, DFA076FD36B5CC844D4BE3B865E9A1F809E14CCB1D78D82A2D8D8EE38210E6EB ] McComponentHostService C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe
21:24:46.0330 0x0204  McComponentHostService - ok
21:24:46.0359 0x0204  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
21:24:46.0362 0x0204  Mcx2Svc - ok
21:24:46.0372 0x0204  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
21:24:46.0373 0x0204  megasas - ok
21:24:46.0381 0x0204  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
21:24:46.0389 0x0204  MegaSR - ok
21:24:46.0420 0x0204  [ 2BB3EAE2EA641515D4B205CAB29E1624, D3F18EE393EB1B0F919484281269A3C55A092D023E62C59D74CB63A55612024B ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
21:24:46.0422 0x0204  MEIx64 - ok
21:24:46.0440 0x0204  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
21:24:46.0443 0x0204  MMCSS - ok
21:24:46.0452 0x0204  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
21:24:46.0453 0x0204  Modem - ok
21:24:46.0474 0x0204  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
21:24:46.0475 0x0204  monitor - ok
21:24:46.0483 0x0204  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
21:24:46.0486 0x0204  mouclass - ok
21:24:46.0492 0x0204  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
21:24:46.0493 0x0204  mouhid - ok
21:24:46.0511 0x0204  [ 67050452C0118BAF2883928E6FCCFE47, 335FC0AEB7B47DCC7CE0CF3F424EB60ACB1327D2FF6515F04D9AC03A10FF1E31 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
21:24:46.0514 0x0204  mountmgr - ok
21:24:46.0520 0x0204  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
21:24:46.0525 0x0204  mpio - ok
21:24:46.0532 0x0204  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
21:24:46.0534 0x0204  mpsdrv - ok
21:24:46.0570 0x0204  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
21:24:46.0589 0x0204  MpsSvc - ok
21:24:46.0614 0x0204  [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
21:24:46.0619 0x0204  MRxDAV - ok
21:24:46.0649 0x0204  [ 73ADDCC406B86E7DA4416691E8E74BDA, 4EC970B9095E6DAA79BF7EFB92DF3F2C0AB0C46739AA36C171A262E05B63CBB5 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
21:24:46.0653 0x0204  mrxsmb - ok
21:24:46.0670 0x0204  [ 7C81098FBAF2EAF5B54B939F832B0F61, 999435DF4638ECB136D5BF1B84305A84B215BAB542E4D5301E57D28D507E11B3 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:24:46.0677 0x0204  mrxsmb10 - ok
21:24:46.0708 0x0204  [ ACB763673BCCE6C7B3B8F858C9FE4F1F, CCD49558F8A01A225AEAE60BF299BCA6E9399E39F4F553FABC36CADB164BBBC0 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:24:46.0712 0x0204  mrxsmb20 - ok
21:24:46.0727 0x0204  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
21:24:46.0730 0x0204  msahci - ok
21:24:46.0735 0x0204  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
21:24:46.0739 0x0204  msdsm - ok
21:24:46.0753 0x0204  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
21:24:46.0758 0x0204  MSDTC - ok
21:24:46.0778 0x0204  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
21:24:46.0780 0x0204  Msfs - ok
21:24:46.0790 0x0204  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
21:24:46.0791 0x0204  mshidkmdf - ok
21:24:46.0797 0x0204  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
21:24:46.0798 0x0204  msisadrv - ok
21:24:46.0820 0x0204  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
21:24:46.0828 0x0204  MSiSCSI - ok
21:24:46.0832 0x0204  msiserver - ok
21:24:46.0841 0x0204  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
21:24:46.0843 0x0204  MSKSSRV - ok
21:24:46.0850 0x0204  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
21:24:46.0852 0x0204  MSPCLOCK - ok
21:24:46.0855 0x0204  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
21:24:46.0856 0x0204  MSPQM - ok
21:24:46.0871 0x0204  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
21:24:46.0879 0x0204  MsRPC - ok
21:24:46.0890 0x0204  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
21:24:46.0891 0x0204  mssmbios - ok
21:24:46.0894 0x0204  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
21:24:46.0896 0x0204  MSTEE - ok
21:24:46.0899 0x0204  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
21:24:46.0900 0x0204  MTConfig - ok
21:24:46.0908 0x0204  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
21:24:46.0911 0x0204  Mup - ok
21:24:46.0966 0x0204  [ 35739E6A0C67147A9B75226946CDC903, C9DE77D6812C778F601F52E87ECDD228E52EA691AB9CEAD388998A7B5AFC3B89 ] MyWiFiDHCPDNS   C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
21:24:46.0975 0x0204  MyWiFiDHCPDNS - ok
21:24:47.0017 0x0204  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
21:24:47.0026 0x0204  napagent - ok
21:24:47.0046 0x0204  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
21:24:47.0054 0x0204  NativeWifiP - ok
21:24:47.0112 0x0204  [ F7309F42555F8AAB7144A51A1F2585B0, 065277A8AFAEE3888C997A76D2F751070F92DF4C3354D16B194860B4BDAFF937 ] NDIS            C:\Windows\system32\drivers\ndis.sys
21:24:47.0132 0x0204  NDIS - ok
21:24:47.0144 0x0204  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
21:24:47.0147 0x0204  NdisCap - ok
21:24:47.0157 0x0204  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
21:24:47.0158 0x0204  NdisTapi - ok
21:24:47.0165 0x0204  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
21:24:47.0167 0x0204  Ndisuio - ok
21:24:47.0183 0x0204  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
21:24:47.0188 0x0204  NdisWan - ok
21:24:47.0202 0x0204  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
21:24:47.0204 0x0204  NDProxy - ok
21:24:47.0209 0x0204  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
21:24:47.0210 0x0204  NetBIOS - ok
21:24:47.0218 0x0204  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
21:24:47.0225 0x0204  NetBT - ok
21:24:47.0252 0x0204  [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] Netlogon        C:\Windows\system32\lsass.exe
21:24:47.0254 0x0204  Netlogon - ok
21:24:47.0278 0x0204  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
21:24:47.0287 0x0204  Netman - ok
21:24:47.0338 0x0204  [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:24:47.0343 0x0204  NetMsmqActivator - ok
21:24:47.0349 0x0204  [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:24:47.0351 0x0204  NetPipeActivator - ok
21:24:47.0372 0x0204  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
21:24:47.0383 0x0204  netprofm - ok
21:24:47.0390 0x0204  [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:24:47.0393 0x0204  NetTcpActivator - ok
21:24:47.0398 0x0204  [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:24:47.0401 0x0204  NetTcpPortSharing - ok
21:24:47.0512 0x0204  [ C873B801A7D628474313B2887D051607, 894877BAB599F52FB606B240D53FEB84CC4A6BAD8A45CB1983231CD2AE0C7A79 ] NETwNs64        C:\Windows\system32\DRIVERS\Netwsw02.sys
21:24:47.0597 0x0204  NETwNs64 - ok
21:24:47.0608 0x0204  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
21:24:47.0610 0x0204  nfrd960 - ok
21:24:47.0641 0x0204  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
21:24:47.0648 0x0204  NlaSvc - ok
21:24:47.0652 0x0204  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
21:24:47.0653 0x0204  Npfs - ok
21:24:47.0669 0x0204  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
21:24:47.0670 0x0204  nsi - ok
21:24:47.0673 0x0204  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
21:24:47.0674 0x0204  nsiproxy - ok
21:24:47.0723 0x0204  [ B98F8C6E31CD07B2E6F71F7F648E38C0, 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
21:24:47.0765 0x0204  Ntfs - ok
21:24:47.0772 0x0204  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
21:24:47.0773 0x0204  Null - ok
21:24:47.0779 0x0204  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
21:24:47.0783 0x0204  nvraid - ok
21:24:47.0791 0x0204  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
21:24:47.0797 0x0204  nvstor - ok
21:24:47.0802 0x0204  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
21:24:47.0805 0x0204  nv_agp - ok
21:24:47.0810 0x0204  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
21:24:47.0812 0x0204  ohci1394 - ok
21:24:47.0881 0x0204  [ 1B9E7338761DAE4839ED87D7A248F817, 03AF40570DD8F8326EAF2A18227280DF0CEFFF1E12966E2829839C4B1E7F700E ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:24:47.0886 0x0204  ose - ok
21:24:48.0097 0x0204  [ FE9C0029E1AF26350D9985D00520E5C8, 967079CCF7B2CBD4B48C9F076675C26AF93A1CEC26C96811F279414E34004EE6 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:24:48.0286 0x0204  osppsvc - ok
21:24:48.0320 0x0204  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
21:24:48.0327 0x0204  p2pimsvc - ok
21:24:48.0347 0x0204  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
21:24:48.0355 0x0204  p2psvc - ok
21:24:48.0360 0x0204  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
21:24:48.0363 0x0204  Parport - ok
21:24:48.0369 0x0204  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
21:24:48.0371 0x0204  partmgr - ok
21:24:48.0399 0x0204  [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc          C:\Windows\System32\pcasvc.dll
21:24:48.0405 0x0204  PcaSvc - ok
21:24:48.0423 0x0204  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
21:24:48.0428 0x0204  pci - ok
21:24:48.0432 0x0204  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
21:24:48.0433 0x0204  pciide - ok
21:24:48.0440 0x0204  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
21:24:48.0446 0x0204  pcmcia - ok
21:24:48.0450 0x0204  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
21:24:48.0452 0x0204  pcw - ok
21:24:48.0481 0x0204  [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
21:24:48.0498 0x0204  PEAUTH - ok
21:24:48.0556 0x0204  [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
21:24:48.0580 0x0204  PeerDistSvc - ok
21:24:48.0625 0x0204  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
21:24:48.0628 0x0204  PerfHost - ok
21:24:48.0680 0x0204  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
21:24:48.0722 0x0204  pla - ok
21:24:48.0757 0x0204  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
21:24:48.0765 0x0204  PlugPlay - ok
21:24:48.0775 0x0204  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
21:24:48.0777 0x0204  PNRPAutoReg - ok
21:24:48.0787 0x0204  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
21:24:48.0793 0x0204  PNRPsvc - ok
21:24:48.0820 0x0204  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
21:24:48.0832 0x0204  PolicyAgent - ok
21:24:48.0855 0x0204  [ A2CCA4FB273E6050F17A0A416CFF2FCD, C42BA18DF0C8E3F7358669A784E51E4DC7A4112096345EA699EDC95F561E0255 ] Power           C:\Windows\system32\umpo.dll
21:24:48.0860 0x0204  Power - ok
21:24:48.0918 0x0204  [ 552F3539C70D010F97001E9B7228210B, 9CB45B7D67E0B99C78D0091173C983AB272FA8A18E1CB5AC3B1519B37964A11E ] Power Manager DBC Service C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
21:24:48.0945 0x0204  Power Manager DBC Service - ok
21:24:48.0961 0x0204  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
21:24:48.0967 0x0204  PptpMiniport - ok
21:24:48.0987 0x0204  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
21:24:48.0990 0x0204  Processor - ok
21:24:49.0013 0x0204  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\Windows\system32\profsvc.dll
21:24:49.0019 0x0204  ProfSvc - ok
21:24:49.0030 0x0204  [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:24:49.0031 0x0204  ProtectedStorage - ok
21:24:49.0053 0x0204  [ 05A4779E4994B21473EDBE85AABE8030, AFD597461B036FDE42013648A4D542B02AE1D7E128BF0B193BA4B478432F0C72 ] psadd           C:\Windows\system32\DRIVERS\psadd.sys
21:24:49.0054 0x0204  psadd - ok
21:24:49.0065 0x0204  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
21:24:49.0069 0x0204  Psched - ok
21:24:49.0119 0x0204  [ FB3D6070413925193EA32D1652B921F0, 5D0EEDC966BD5A042A761411E69B376BC16339032BCC460CD4F2965DF05C1033 ] PwmEWSvc        C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE
21:24:49.0170 0x0204  PwmEWSvc - ok
21:24:49.0226 0x0204  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
21:24:49.0267 0x0204  ql2300 - ok
21:24:49.0275 0x0204  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
21:24:49.0278 0x0204  ql40xx - ok
21:24:49.0293 0x0204  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
21:24:49.0300 0x0204  QWAVE - ok
21:24:49.0304 0x0204  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
21:24:49.0306 0x0204  QWAVEdrv - ok
21:24:49.0309 0x0204  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
21:24:49.0311 0x0204  RasAcd - ok
21:24:49.0321 0x0204  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
21:24:49.0323 0x0204  RasAgileVpn - ok
21:24:49.0338 0x0204  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
21:24:49.0344 0x0204  RasAuto - ok
21:24:49.0351 0x0204  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
21:24:49.0354 0x0204  Rasl2tp - ok
21:24:49.0370 0x0204  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
21:24:49.0379 0x0204  RasMan - ok
21:24:49.0384 0x0204  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
21:24:49.0387 0x0204  RasPppoe - ok
21:24:49.0392 0x0204  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
21:24:49.0394 0x0204  RasSstp - ok
21:24:49.0403 0x0204  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
21:24:49.0410 0x0204  rdbss - ok
21:24:49.0414 0x0204  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
21:24:49.0415 0x0204  rdpbus - ok
21:24:49.0418 0x0204  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
21:24:49.0419 0x0204  RDPCDD - ok
21:24:49.0477 0x0204  [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
21:24:49.0482 0x0204  RDPDR - ok
21:24:49.0489 0x0204  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
21:24:49.0489 0x0204  RDPENCDD - ok
21:24:49.0494 0x0204  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
21:24:49.0495 0x0204  RDPREFMP - ok
21:24:49.0523 0x0204  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
21:24:49.0531 0x0204  RDPWD - ok
21:24:49.0549 0x0204  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
21:24:49.0556 0x0204  rdyboost - ok
21:24:49.0632 0x0204  [ BC49E8BDBC6C1B161FDDB350CE423366, D98C7948EE36808164766DD9934C204599275BE9FCD83515F9C0153202D38C34 ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
21:24:49.0639 0x0204  RegSrvc - ok
21:24:49.0666 0x0204  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
21:24:49.0672 0x0204  RemoteAccess - ok
21:24:49.0696 0x0204  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
21:24:49.0701 0x0204  RemoteRegistry - ok
21:24:49.0733 0x0204  [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
21:24:49.0737 0x0204  RFCOMM - ok
21:24:49.0750 0x0204  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
21:24:49.0752 0x0204  RpcEptMapper - ok
21:24:49.0771 0x0204  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
21:24:49.0773 0x0204  RpcLocator - ok
21:24:49.0793 0x0204  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
21:24:49.0803 0x0204  RpcSs - ok
21:24:49.0815 0x0204  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
21:24:49.0817 0x0204  rspndr - ok
21:24:49.0857 0x0204  [ 1BE36AB59242A109697870F16A8E0EF8, CAC949D97EEFA0CE5E89084D0950B6E331145870355367803530D0DED4962F2E ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
21:24:49.0875 0x0204  RTL8167 - ok
21:24:49.0914 0x0204  [ 61EF084BB097FFAB50D05EE5115F7F98, 334E691C45A473977301DB8E8D03747388D2A2D940D3BC15493476404D801645 ] RTSPER          C:\Windows\system32\DRIVERS\RtsPer.sys
21:24:49.0925 0x0204  RTSPER - ok
21:24:49.0940 0x0204  [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
21:24:49.0942 0x0204  s3cap - ok
21:24:49.0947 0x0204  [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] SamSs           C:\Windows\system32\lsass.exe
21:24:49.0949 0x0204  SamSs - ok
21:24:49.0952 0x0204  SAService - ok
21:24:49.0957 0x0204  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
21:24:49.0960 0x0204  sbp2port - ok
21:24:49.0974 0x0204  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
21:24:49.0979 0x0204  SCardSvr - ok
21:24:49.0984 0x0204  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
21:24:49.0986 0x0204  scfilter - ok
21:24:50.0037 0x0204  [ 40686B59C127F0C93B4234E4A1E3472A, B2DD61CB796C6AA8AFD285D43472B94646CA6D331D282818E0FDC9DE28DDE9CF ] Schedule        C:\Windows\system32\schedsvc.dll
21:24:50.0060 0x0204  Schedule - ok
21:24:50.0083 0x0204  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
21:24:50.0086 0x0204  SCPolicySvc - ok
21:24:50.0100 0x0204  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
21:24:50.0106 0x0204  SDRSVC - ok
21:24:50.0109 0x0204  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
21:24:50.0110 0x0204  secdrv - ok
21:24:50.0121 0x0204  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
21:24:50.0124 0x0204  seclogon - ok
21:24:50.0134 0x0204  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
21:24:50.0137 0x0204  SENS - ok
21:24:50.0159 0x0204  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
21:24:50.0161 0x0204  SensrSvc - ok
21:24:50.0166 0x0204  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\drivers\serenum.sys
21:24:50.0167 0x0204  Serenum - ok
21:24:50.0172 0x0204  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\drivers\serial.sys
21:24:50.0174 0x0204  Serial - ok
21:24:50.0189 0x0204  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
21:24:50.0190 0x0204  sermouse - ok
21:24:50.0221 0x0204  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
21:24:50.0225 0x0204  SessionEnv - ok
21:24:50.0229 0x0204  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
21:24:50.0230 0x0204  sffdisk - ok
21:24:50.0233 0x0204  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
21:24:50.0234 0x0204  sffp_mmc - ok
21:24:50.0237 0x0204  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
21:24:50.0238 0x0204  sffp_sd - ok
21:24:50.0241 0x0204  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
21:24:50.0243 0x0204  sfloppy - ok
21:24:50.0288 0x0204  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
21:24:50.0296 0x0204  SharedAccess - ok
21:24:50.0317 0x0204  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:24:50.0328 0x0204  ShellHWDetection - ok
21:24:50.0349 0x0204  [ 07514491857759A5D02A741C9DB6ECA2, D3EB21D90DB68F8BE695961BFA1256E4FA1274D59B3AA465A5485215ABBAA8C5 ] Shockprf        C:\Windows\system32\DRIVERS\Apsx64.sys
21:24:50.0354 0x0204  Shockprf - ok
21:24:50.0365 0x0204  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
21:24:50.0367 0x0204  SiSRaid2 - ok
21:24:50.0385 0x0204  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
21:24:50.0388 0x0204  SiSRaid4 - ok
21:24:50.0392 0x0204  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
21:24:50.0395 0x0204  Smb - ok
21:24:50.0434 0x0204  [ 7C5B431BB6CD52C46295D9752C1C5A45, CBC2A342F019359629B7141ADD1A5AE3E97785D39ADD398EC60F897FABDD5554 ] SmbDrvI         C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys
21:24:50.0435 0x0204  SmbDrvI - ok
21:24:50.0445 0x0204  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
21:24:50.0447 0x0204  SNMPTRAP - ok
21:24:50.0506 0x0204  [ 3A4F2C0BB87A0895ABEBA341AA1E341B, 4DADEEF3C5D181502D6F4A00FBBF3B001FA626E49569FB330D7AE2955CC7DE08 ] Sony PC Companion C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
21:24:50.0510 0x0204  Sony PC Companion - ok
21:24:50.0514 0x0204  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
21:24:50.0515 0x0204  spldr - ok
21:24:50.0538 0x0204  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
21:24:50.0551 0x0204  Spooler - ok
21:24:50.0648 0x0204  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
21:24:50.0781 0x0204  sppsvc - ok
21:24:50.0790 0x0204  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
21:24:50.0793 0x0204  sppuinotify - ok
21:24:50.0818 0x0204  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
21:24:50.0828 0x0204  srv - ok
21:24:50.0840 0x0204  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
21:24:50.0849 0x0204  srv2 - ok
21:24:50.0856 0x0204  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
21:24:50.0860 0x0204  srvnet - ok
21:24:50.0878 0x0204  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
21:24:50.0884 0x0204  SSDPSRV - ok
21:24:50.0890 0x0204  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
21:24:50.0893 0x0204  SstpSvc - ok
21:24:50.0897 0x0204  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
21:24:50.0898 0x0204  stexstor - ok
21:24:50.0925 0x0204  [ DECACB6921DED1A38642642685D77DAC, 1633711CE973F818EBCCCA28538772431167C33ECDD44D1E846A9436598B52DC ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
21:24:50.0927 0x0204  StillCam - ok
21:24:50.0948 0x0204  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
21:24:50.0961 0x0204  stisvc - ok
21:24:50.0973 0x0204  [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
21:24:50.0975 0x0204  storflt - ok
21:24:51.0001 0x0204  [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc         C:\Windows\system32\storsvc.dll
21:24:51.0003 0x0204  StorSvc - ok
21:24:51.0008 0x0204  [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc         C:\Windows\system32\drivers\storvsc.sys
21:24:51.0010 0x0204  storvsc - ok
21:24:51.0099 0x0204  [ 4219A2A1C9049CC35ADC65C1E2AC8842, 7B52107880251C7BA75E5A083A80B25FDC6C6AB34ACE7CDDAA990A04D76FB98E ] SUService       C:\Program Files (x86)\Lenovo\System Update\SUService.exe
21:24:51.0102 0x0204  SUService - ok
21:24:51.0109 0x0204  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
21:24:51.0111 0x0204  swenum - ok
21:24:51.0151 0x0204  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
21:24:51.0170 0x0204  swprv - ok
21:24:51.0205 0x0204  [ 16021E640CFA11BFA5F4D789322CFC39, E7249AFD865607502A36A6EC931AA9D04185A255B568F9401D45608305DFBF83 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
21:24:51.0223 0x0204  SynTP - ok
21:24:51.0337 0x0204  [ 2E730941CC5BF6200A4F56D1E9C24AAD, 758836D55DC84F3EBE9917DC6FAB8E6170A5B238FEDBCFDB6D7C5C6EA98E08B2 ] SysMain         C:\Windows\system32\sysmain.dll
21:24:51.0370 0x0204  SysMain - ok
21:24:51.0389 0x0204  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:24:51.0393 0x0204  TabletInputService - ok
21:24:51.0405 0x0204  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
21:24:51.0413 0x0204  TapiSrv - ok
21:24:51.0421 0x0204  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
21:24:51.0423 0x0204  TBS - ok
21:24:51.0517 0x0204  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
21:24:51.0589 0x0204  Tcpip - ok
21:24:51.0659 0x0204  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
21:24:51.0708 0x0204  TCPIP6 - ok
21:24:51.0742 0x0204  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
21:24:51.0745 0x0204  tcpipreg - ok
21:24:51.0750 0x0204  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
21:24:51.0751 0x0204  TDPIPE - ok
21:24:51.0768 0x0204  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
21:24:51.0770 0x0204  TDTCP - ok
21:24:51.0786 0x0204  [ AA77EB517D2F07A947294F260E3ACA83, B7A5DF3066830C0C2302B059778A67419792058A0D300C471DE40AB245EA7E58 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
21:24:51.0790 0x0204  tdx - ok
21:24:51.0794 0x0204  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
21:24:51.0796 0x0204  TermDD - ok
21:24:51.0839 0x0204  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
21:24:51.0854 0x0204  TermService - ok
21:24:51.0866 0x0204  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
21:24:51.0868 0x0204  Themes - ok
21:24:51.0890 0x0204  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
21:24:51.0892 0x0204  THREADORDER - ok
21:24:51.0907 0x0204  [ D34181414FB3060A968DF24C4BA98764, EDD1AC4D41C8F9B32E47FF03A391AAC6BDB26D00A8C43898D35610EB08EEA25C ] TPDIGIMN        C:\Windows\system32\DRIVERS\ApsHM64.sys
21:24:51.0908 0x0204  TPDIGIMN - ok
21:24:51.0922 0x0204  [ F3B696FD7CFBB5D73FF59E1018D8043D, 20B96C409FCB67AA24D417CACBA516756EAE5D4574FDA7951BDB1FA1DF67209B ] TPHDEXLGSVC     C:\Windows\system32\TPHDEXLG64.exe
21:24:51.0926 0x0204  TPHDEXLGSVC - ok
21:24:51.0940 0x0204  [ DBCC20C02E8A3E43B03C304A4E40A84F, BF5F3ACCB0342304A6870E94D2576644B08DBF307C853C7DBA4B82B0C7309DA4 ] TPM             C:\Windows\system32\drivers\tpm.sys
21:24:51.0941 0x0204  TPM - ok
21:24:51.0954 0x0204  [ A9EF6C7E62DC3B01C51CFB92C1596C62, 432335FDA5DF9FF8C9B86767980A07C720E7158D5362E40D3A745817D4275A07 ] TPPWRIF         C:\Windows\system32\drivers\Tppwr64v.sys
21:24:51.0955 0x0204  TPPWRIF - ok
21:24:51.0968 0x0204  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
21:24:51.0972 0x0204  TrkWks - ok
21:24:52.0009 0x0204  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:24:52.0014 0x0204  TrustedInstaller - ok
21:24:52.0043 0x0204  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
21:24:52.0046 0x0204  tssecsrv - ok
21:24:52.0050 0x0204  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
21:24:52.0052 0x0204  TsUsbFlt - ok
21:24:52.0057 0x0204  [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
21:24:52.0058 0x0204  TsUsbGD - ok
21:24:52.0064 0x0204  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
21:24:52.0067 0x0204  tunnel - ok
21:24:52.0082 0x0204  [ 760B34088C2AD8D634CC3784EF3A2CA2, 20D23EDBDE7EBBA495C032097E7C5B1C6F94037971D9B2D6B98ABE11E7FF3643 ] tvtvcamd        C:\Windows\system32\DRIVERS\tvtvcamd.sys
21:24:52.0084 0x0204  tvtvcamd - ok
21:24:52.0100 0x0204  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
21:24:52.0102 0x0204  uagp35 - ok
21:24:52.0116 0x0204  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
21:24:52.0125 0x0204  udfs - ok
21:24:52.0140 0x0204  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
         

Alt 29.11.2015, 20:50   #5
Marie Schauk
 
Windows7: Trojaner, registy befallen, HKU, HKCU - Standard

Windows7: Trojaner, registy befallen, HKU, HKCU



Logfile von TDSS, Teil 2:
Code:
ATTFilter
21:24:52.0143 0x0204  UI0Detect - ok
21:24:52.0150 0x0204  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
21:24:52.0152 0x0204  uliagpkx - ok
21:24:52.0166 0x0204  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
21:24:52.0168 0x0204  umbus - ok
21:24:52.0172 0x0204  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
21:24:52.0173 0x0204  UmPass - ok
21:24:52.0191 0x0204  [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService    C:\Windows\System32\umrdp.dll
21:24:52.0197 0x0204  UmRdpService - ok
21:24:52.0219 0x0204  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
21:24:52.0228 0x0204  upnphost - ok
21:24:52.0268 0x0204  [ 524BFB402B1AB1007ED91E94D6AB6F72, 5A970292D2E7A580FAD86615BC6E66C2A5C74044EFF6C1543E928773E5B9C0F8 ] usb3Hub         C:\Windows\system32\DRIVERS\usb3Hub.sys
21:24:52.0273 0x0204  usb3Hub - ok
21:24:52.0289 0x0204  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
21:24:52.0292 0x0204  usbccgp - ok
21:24:52.0298 0x0204  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
21:24:52.0301 0x0204  usbcir - ok
21:24:52.0314 0x0204  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
21:24:52.0316 0x0204  usbehci - ok
21:24:52.0331 0x0204  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
21:24:52.0339 0x0204  usbhub - ok
21:24:52.0349 0x0204  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\drivers\usbohci.sys
21:24:52.0351 0x0204  usbohci - ok
21:24:52.0362 0x0204  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\drivers\usbprint.sys
21:24:52.0365 0x0204  usbprint - ok
21:24:52.0373 0x0204  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:24:52.0376 0x0204  USBSTOR - ok
21:24:52.0389 0x0204  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
21:24:52.0391 0x0204  usbuhci - ok
21:24:52.0411 0x0204  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
21:24:52.0416 0x0204  usbvideo - ok
21:24:52.0430 0x0204  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
21:24:52.0433 0x0204  UxSms - ok
21:24:52.0461 0x0204  [ 19B5A2B908BF97E81BA195B2321A9D8B, 08B0BBB5D0348D6C201137725FE0D5232C15889F6CB907DBA823F36036D89BAD ] ValBioService   C:\Program Files\Lenovo Fingerprint Reader\ValBioService.exe
21:24:52.0462 0x0204  ValBioService - ok
21:24:52.0489 0x0204  [ BF7FFCD223323F80E4DDB9ADB5DDF1AE, 4BC7EE65C577D93DBF25EC253526F2FE642F32017C1DA52CFEA83AC8BF3E18CA ] valWBFPolicyService C:\Windows\system32\valWBFPolicyService.exe
21:24:52.0493 0x0204  valWBFPolicyService - ok
21:24:52.0502 0x0204  [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] VaultSvc        C:\Windows\system32\lsass.exe
21:24:52.0504 0x0204  VaultSvc - ok
21:24:52.0509 0x0204  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
21:24:52.0511 0x0204  vdrvroot - ok
21:24:52.0538 0x0204  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
21:24:52.0550 0x0204  vds - ok
21:24:52.0556 0x0204  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
21:24:52.0557 0x0204  vga - ok
21:24:52.0560 0x0204  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
21:24:52.0562 0x0204  VgaSave - ok
21:24:52.0573 0x0204  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
21:24:52.0579 0x0204  vhdmp - ok
21:24:52.0584 0x0204  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
21:24:52.0586 0x0204  viaide - ok
21:24:52.0656 0x0204  [ D339DF97110C5E2C01FA191787E60CA0, 0798E9CB36BFC439CF536870E9B7594491D6027DC3FA89779B322761C1B8372D ] vm331avs        C:\Windows\system32\Drivers\vm331avs.sys
21:24:52.0691 0x0204  vm331avs - ok
21:24:52.0726 0x0204  [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
21:24:52.0731 0x0204  vmbus - ok
21:24:52.0735 0x0204  [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
21:24:52.0736 0x0204  VMBusHID - ok
21:24:52.0749 0x0204  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
21:24:52.0751 0x0204  volmgr - ok
21:24:52.0768 0x0204  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
21:24:52.0776 0x0204  volmgrx - ok
21:24:52.0786 0x0204  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
21:24:52.0792 0x0204  volsnap - ok
21:24:52.0811 0x0204  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
21:24:52.0815 0x0204  vsmraid - ok
21:24:52.0864 0x0204  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
21:24:52.0900 0x0204  VSS - ok
21:24:52.0906 0x0204  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
21:24:52.0907 0x0204  vwifibus - ok
21:24:52.0913 0x0204  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
21:24:52.0916 0x0204  vwififlt - ok
21:24:52.0999 0x0204  [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
21:24:53.0001 0x0204  vwifimp - ok
21:24:53.0025 0x0204  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
21:24:53.0038 0x0204  W32Time - ok
21:24:53.0044 0x0204  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
21:24:53.0048 0x0204  WacomPen - ok
21:24:53.0054 0x0204  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
21:24:53.0057 0x0204  WANARP - ok
21:24:53.0062 0x0204  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
21:24:53.0065 0x0204  Wanarpv6 - ok
21:24:53.0111 0x0204  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
21:24:53.0151 0x0204  wbengine - ok
21:24:53.0160 0x0204  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
21:24:53.0166 0x0204  WbioSrvc - ok
21:24:53.0176 0x0204  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
21:24:53.0186 0x0204  wcncsvc - ok
21:24:53.0195 0x0204  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:24:53.0198 0x0204  WcsPlugInService - ok
21:24:53.0202 0x0204  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
21:24:53.0203 0x0204  Wd - ok
21:24:53.0229 0x0204  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
21:24:53.0246 0x0204  Wdf01000 - ok
21:24:53.0262 0x0204  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
21:24:53.0282 0x0204  WdiServiceHost - ok
21:24:53.0286 0x0204  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
21:24:53.0289 0x0204  WdiSystemHost - ok
21:24:53.0325 0x0204  [ 4E89FC53493704BF835F0300DC201C34, FB3080725E144D93512DED81047D21C0582BC3412250EFF37E039108D7351F53 ] WebClient       C:\Windows\System32\webclnt.dll
21:24:53.0333 0x0204  WebClient - ok
21:24:53.0347 0x0204  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
21:24:53.0354 0x0204  Wecsvc - ok
21:24:53.0361 0x0204  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
21:24:53.0365 0x0204  wercplsupport - ok
21:24:53.0370 0x0204  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
21:24:53.0374 0x0204  WerSvc - ok
21:24:53.0378 0x0204  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
21:24:53.0379 0x0204  WfpLwf - ok
21:24:53.0392 0x0204  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
21:24:53.0393 0x0204  WIMMount - ok
21:24:53.0439 0x0204  WinDefend - ok
21:24:53.0445 0x0204  WinHttpAutoProxySvc - ok
21:24:53.0482 0x0204  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
21:24:53.0489 0x0204  Winmgmt - ok
21:24:53.0559 0x0204  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
21:24:53.0651 0x0204  WinRM - ok
21:24:53.0683 0x0204  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUSB.sys
21:24:53.0686 0x0204  WinUsb - ok
21:24:53.0714 0x0204  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
21:24:53.0735 0x0204  Wlansvc - ok
21:24:53.0742 0x0204  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
21:24:53.0744 0x0204  WmiAcpi - ok
21:24:53.0786 0x0204  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
21:24:53.0791 0x0204  wmiApSrv - ok
21:24:53.0804 0x0204  WMPNetworkSvc - ok
21:24:53.0822 0x0204  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
21:24:53.0824 0x0204  WPCSvc - ok
21:24:53.0839 0x0204  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
21:24:53.0844 0x0204  WPDBusEnum - ok
21:24:53.0852 0x0204  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
21:24:53.0853 0x0204  ws2ifsl - ok
21:24:53.0877 0x0204  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
21:24:53.0880 0x0204  wscsvc - ok
21:24:53.0885 0x0204  WSearch - ok
21:24:53.0986 0x0204  [ 361845875ED8ED13086E7F37265C45DA, A0931DC1E35712036E93BBC3600530C0DA12E94E0D898787C818C526DFF240C2 ] wuauserv        C:\Windows\system32\wuaueng.dll
21:24:54.0059 0x0204  wuauserv - ok
21:24:54.0182 0x0204  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
21:24:54.0189 0x0204  WudfPf - ok
21:24:54.0222 0x0204  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
21:24:54.0230 0x0204  WUDFRd - ok
21:24:54.0238 0x0204  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
21:24:54.0244 0x0204  wudfsvc - ok
21:24:54.0302 0x0204  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
21:24:54.0316 0x0204  WwanSvc - ok
21:24:54.0514 0x0204  [ C3FFB098C24A82B61E1818C3BB978B48, C7BC57A8D549B7478052F05FD0B4C623F1B70187358FD3CB5A7E9B5092FBD75F ] ZeroConfigService C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
21:24:54.0668 0x0204  ZeroConfigService - ok
21:24:54.0700 0x0204  ================ Scan global ===============================
21:24:54.0728 0x0204  [ 168EA9CD9BD6056BB6F60B57D5304BBE, 5A2F98754F042A7D80E7483842967EB362F01D57CE9720B24C7EDAA047F24C6F ] C:\Windows\system32\basesrv.dll
21:24:54.0756 0x0204  [ FF41063E45C6238CAF48CBE6D0D6FC4B, 9B755EA23E7D2554E3AC3ADFFC4AFF7EB4F4A0F5CD3E6F2300BC98B21474CBC6 ] C:\Windows\system32\winsrv.dll
21:24:54.0769 0x0204  [ FF41063E45C6238CAF48CBE6D0D6FC4B, 9B755EA23E7D2554E3AC3ADFFC4AFF7EB4F4A0F5CD3E6F2300BC98B21474CBC6 ] C:\Windows\system32\winsrv.dll
21:24:54.0786 0x0204  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
21:24:54.0814 0x0204  [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
21:24:54.0822 0x0204  [ Global ] - ok
21:24:54.0822 0x0204  ================ Scan MBR ==================================
21:24:54.0836 0x0204  [ 3C10CC64408FD361AA392029816603BE ] \Device\Harddisk0\DR0
21:24:55.0091 0x0204  \Device\Harddisk0\DR0 - ok
21:24:55.0092 0x0204  ================ Scan VBR ==================================
21:24:55.0095 0x0204  [ A268329E47236A1427D06FE623E25EDF ] \Device\Harddisk0\DR0\Partition1
21:24:55.0109 0x0204  \Device\Harddisk0\DR0\Partition1 - ok
21:24:55.0113 0x0204  [ 1BCC9905345EA33A52D3456ED16A5665 ] \Device\Harddisk0\DR0\Partition2
21:24:55.0120 0x0204  \Device\Harddisk0\DR0\Partition2 - ok
21:24:55.0142 0x0204  [ B54B30046ACAA40F06DB991EADCAD0E4 ] \Device\Harddisk0\DR0\Partition3
21:24:55.0145 0x0204  \Device\Harddisk0\DR0\Partition3 - ok
21:24:55.0150 0x0204  [ DFCA5FC290B016A3096325987A5D7C65 ] \Device\Harddisk0\DR0\Partition4
21:24:55.0173 0x0204  \Device\Harddisk0\DR0\Partition4 - ok
21:24:55.0173 0x0204  ================ Scan generic autorun ======================
21:24:55.0310 0x0204  [ 18CE3B3E42FBDF53883AE982152A0B45, E9E0DBA4CBE3B6CA7CE76591D65878ADB65DD4F3AF2CEAD0BD63559AE646AEB6 ] C:\Windows\system32\igfxtray.exe
21:24:55.0315 0x0204  IgfxTray - ok
21:24:55.0329 0x0204  [ FF71518046D79001513377100B79E2A3, 668057BF2B23212DA0C83849339D74949AE24E7F7866A2B9DE1D973E52F1BC3A ] C:\Windows\system32\hkcmd.exe
21:24:55.0340 0x0204  HotKeysCmds - ok
21:24:55.0374 0x0204  [ 763F57136C09C4A9E5B7C155400239CC, B661C8137322562E9014D946C7B58FAA15BC3948A1509A1B5A6DAEDCBF9FCA8C ] C:\Windows\system32\igfxpers.exe
21:24:55.0385 0x0204  Persistence - ok
21:24:55.0429 0x0204  [ 9E1738D18C61E6935AD0E8EE19D100D8, C2864677359A977CB67F16664DF44C4001CF4C04AD29401450D1BC3CDD9421AD ] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
21:24:55.0448 0x0204  cAudioFilterAgent - ok
21:24:55.0473 0x0204  [ 42361B4BD80768E82B80285851037665, A555A6BF8016645B838FEA993AD273D1F472586F3600619DC243B1C33438FA07 ] C:\Program Files\Conexant\ForteConfig\fmapp.exe
21:24:55.0475 0x0204  ForteConfig - ok
21:24:55.0540 0x0204  [ 8970A59A838FF1CDC3D62D85823AA61E, 5842DAFD20C1A024CF8984652A08D12DBA1DE15788794D01FF6070D4E24D2479 ] C:\Program Files\CONEXANT\SAII\SACpl.exe
21:24:55.0590 0x0204  SmartAudio - ok
21:24:55.0615 0x0204  [ 78C0F0EA63438D2441E7F9CAC9619889, DA121F5637D8BA09EE9BFAD58757775B4775EFCCC06DC1DEF68F26C90C0F985F ] C:\Windows\system32\TpShocks.exe
21:24:55.0624 0x0204  TpShocks - ok
21:24:55.0667 0x0204  [ 4420BBAC770EB87AB74E4B9146E18924, 6DB78DB9FD72F1E8C7651D2B3FF090CB4A8C90BA0D11F69D533960CE67170CFC ] C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
21:24:55.0672 0x0204  BLEServicesCtrl - ok
21:24:55.0674 0x0204  BTMTrayAgent - ok
21:24:55.0674 0x0204  SynTPEnh - ok
21:24:55.0713 0x0204  [ 2438CD7EFF8399E41B29A3D0DB0873D9, 5EA16FBF213E81013DE3FC83319C6A75214513A2AEE6A5403742348F739031D4 ] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe
21:24:55.0717 0x0204  IMSS - ok
21:24:55.0803 0x0204  [ E0E7C48CAF25943DB1B034364501134A, 6F3D325F82448668EBEBEE1DEA7CC686DE6ED37E903F28FE3521B4018F427B62 ] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
21:24:55.0818 0x0204  USB3MON - ok
21:24:55.0862 0x0204  [ FA6220C7FDF2D94CFF82D45B72E5C929, C3E414388F8818EC4B3BEABC8ED16DE6CBF965A6603328A45AD6D9A1808F3E55 ] C:\Program Files (x86)\USB Camera\VM331STI.EXE
21:24:55.0874 0x0204  331BigDog - ok
21:24:55.0876 0x0204  PWMTRV - ok
21:24:55.0976 0x0204  [ C1A86A6D6847DEFF009EAE85BA0C1F20, 7DC2A823FA281117B335B74876469C788A5C81534251179BE86F3FB35F1B6D67 ] C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
21:24:56.0009 0x0204  avgnt - ok
21:24:56.0080 0x0204  [ CE5C9977DA751DDC30952AC4DCBCA788, 295172C4681E9AC27121122CDD2BA6F2A62435917A083CC8490D584CA0164BE6 ] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
21:24:56.0085 0x0204  HP Software Update - ok
21:24:56.0214 0x0204  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
21:24:56.0259 0x0204  Sidebar - ok
21:24:56.0287 0x0204  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
21:24:56.0289 0x0204  mctadmin - ok
21:24:56.0336 0x0204  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
21:24:56.0355 0x0204  Sidebar - ok
21:24:56.0363 0x0204  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
21:24:56.0365 0x0204  mctadmin - ok
21:24:56.0601 0x0204  [ 22F7B9670AD770C7ED7F4738204C8E5C, 7B793AC094CB1B073419B5DAE09DFBB8EBED03D29301F490AA76EA0667613438 ] C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe
21:24:56.0672 0x0204  HP Officejet 6700 (NET) - ok
21:24:56.0675 0x0204  Web Companion - ok
21:24:57.0508 0x0204  [ 1FA9AC9760AA04253B4D5D7DD8BF1073, 8514D8C242495A2214321A501C04455428471A884C558B4983CEBC6FD71B11F7 ] C:\Users\Marie-Luise\AppData\Local\Screenleap\Screenleap.exe
21:24:57.0564 0x0204  Screenleap - ok
21:24:57.0602 0x0204  [ 5746BD7E255DD6A8AFA06F7C42C1BA41, DB06C3534964E3FC79D2763144BA53742D7FA250CA336F4A0FE724B75AAFF386 ] C:\Windows\system32\cmd.exe
21:24:57.0608 0x0204  Uninstall C:\Users\Marie-Luise\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\amd64 - ok
21:24:57.0609 0x0204  Waiting for KSN requests completion. In queue: 123
21:24:58.0609 0x0204  Waiting for KSN requests completion. In queue: 123
21:24:59.0609 0x0204  Waiting for KSN requests completion. In queue: 123
21:25:00.0609 0x0204  Waiting for KSN requests completion. In queue: 123
21:25:01.0642 0x0204  AV detected via SS2: Avira Antivirus, C:\Program Files (x86)\Avira\Antivirus\wsctool.exe ( 15.0.13.202 ), 0x41000 ( enabled : updated )
21:25:01.0699 0x0204  Win FW state via NFP2: enabled ( trusted )
21:25:04.0101 0x0204  ============================================================
21:25:04.0101 0x0204  Scan finished
21:25:04.0101 0x0204  ============================================================
21:25:04.0109 0x1d00  Detected object count: 0
21:25:04.0109 0x1d00  Actual detected object count: 0
21:27:18.0622 0x1a90  ============================================================
21:27:18.0622 0x1a90  Scan started
21:27:18.0622 0x1a90  Mode: Manual; 
21:27:18.0623 0x1a90  ============================================================
21:27:18.0623 0x1a90  KSN ping started
21:27:20.0969 0x1a90  KSN ping finished: true
21:27:21.0457 0x1a90  ================ Scan system memory ========================
21:27:21.0457 0x1a90  System memory - ok
21:27:21.0457 0x1a90  ================ Scan services =============================
21:27:21.0569 0x1a90  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
21:27:21.0581 0x1a90  1394ohci - ok
21:27:21.0598 0x1a90  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
21:27:21.0608 0x1a90  ACPI - ok
21:27:21.0616 0x1a90  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
21:27:21.0616 0x1a90  AcpiPmi - ok
21:27:21.0674 0x1a90  [ 5DB2C6B908C50767E2EDAA294A7566B5, 13AE4879D679BB0C6B2A5A5B13910359815A9D2E569BC1DE740B5A387A78CF33 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:27:21.0678 0x1a90  AdobeARMservice - ok
21:27:21.0783 0x1a90  [ 280A526E8111AC6A5BCC1A059E1E0340, FB92DDAE29A097D148AB23D8A0BD2B9E662EC1DBF0DA8B716374D6919B4C646F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:27:21.0797 0x1a90  AdobeFlashPlayerUpdateSvc - ok
21:27:21.0828 0x1a90  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
21:27:21.0841 0x1a90  adp94xx - ok
21:27:21.0862 0x1a90  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
21:27:21.0868 0x1a90  adpahci - ok
21:27:21.0876 0x1a90  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
21:27:21.0879 0x1a90  adpu320 - ok
21:27:21.0905 0x1a90  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
21:27:21.0907 0x1a90  AeLookupSvc - ok
21:27:21.0943 0x1a90  [ 9A4A1EEE802BF2F878EE8EAB407B21B7, 177EB7DF4B35FE4C0E45E775A0FD5D48D39B410052E3EE18BDEEC809E152D9D8 ] AFD             C:\Windows\system32\drivers\afd.sys
21:27:21.0951 0x1a90  AFD - ok
21:27:21.0968 0x1a90  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
21:27:21.0969 0x1a90  agp440 - ok
21:27:21.0976 0x1a90  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
21:27:21.0978 0x1a90  ALG - ok
21:27:21.0981 0x1a90  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
21:27:21.0982 0x1a90  aliide - ok
21:27:21.0985 0x1a90  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
21:27:21.0986 0x1a90  amdide - ok
21:27:21.0993 0x1a90  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
21:27:21.0994 0x1a90  AmdK8 - ok
21:27:21.0999 0x1a90  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
21:27:22.0000 0x1a90  AmdPPM - ok
21:27:22.0005 0x1a90  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
21:27:22.0007 0x1a90  amdsata - ok
21:27:22.0019 0x1a90  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
21:27:22.0022 0x1a90  amdsbs - ok
21:27:22.0025 0x1a90  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
21:27:22.0027 0x1a90  amdxata - ok
21:27:22.0132 0x1a90  [ 6B31C215750CD41567E962D22839EE44, FF0B92807296B88DE37F9F2EB27FF7B73AA998B98074AA54A949A2B79690AFE5 ] AntiVirMailService C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe
21:27:22.0155 0x1a90  AntiVirMailService - ok
21:27:22.0247 0x1a90  [ 18B0643B3B504E0FDCFCE0C8743B29C7, 1D4C004AD5066F52A4AA039F5364814F8F6B04EC1F704A5A3110172AD465661C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\Antivirus\sched.exe
21:27:22.0261 0x1a90  AntiVirSchedulerService - ok
21:27:22.0314 0x1a90  [ 18B0643B3B504E0FDCFCE0C8743B29C7, 1D4C004AD5066F52A4AA039F5364814F8F6B04EC1F704A5A3110172AD465661C ] AntiVirService  C:\Program Files (x86)\Avira\Antivirus\avguard.exe
21:27:22.0333 0x1a90  AntiVirService - ok
21:27:22.0385 0x1a90  [ D84E576299C73B0B1DC477D2B99958C4, D6703C2B63B9FA87C2DA009CC7B6DF76C3603C6A9874B152D685A1B92EE2DF28 ] AntiVirWebService C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe
21:27:22.0405 0x1a90  AntiVirWebService - ok
21:27:22.0438 0x1a90  [ 27DABFB4A6B0140C34DBEC713469592B, A355170D353AFBF0DE4EF53282F8404788FBBD0E2A1B7282B1B2925923E83141 ] AppID           C:\Windows\system32\drivers\appid.sys
21:27:22.0439 0x1a90  AppID - ok
21:27:22.0448 0x1a90  [ ABC373B9C6275D45F17DB559408FFD1B, 12B355393BEBE2D1D24D7A9DA5E69E03E334899407503BC1CADCF7BE39828223 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
21:27:22.0449 0x1a90  AppIDSvc - ok
21:27:22.0471 0x1a90  [ 978DC0A1FBE9CC91B21B40AF66CB396A, 90BAFF81D98F5AFD743D8BD65F716666A7A7BD2DA612492E03C79B29E9A0F8C2 ] Appinfo         C:\Windows\System32\appinfo.dll
21:27:22.0473 0x1a90  Appinfo - ok
21:27:22.0502 0x1a90  [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt         C:\Windows\System32\appmgmts.dll
21:27:22.0506 0x1a90  AppMgmt - ok
21:27:22.0511 0x1a90  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
21:27:22.0513 0x1a90  arc - ok
21:27:22.0518 0x1a90  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
21:27:22.0520 0x1a90  arcsas - ok
21:27:22.0584 0x1a90  [ 108FB6DDB69E537A2EA53F425363FAE5, B12A9F5338D39805E08A44A335FF7AA77F2266F535A2F5C8412CC746C75E5B1D ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
21:27:22.0587 0x1a90  aspnet_state - ok
21:27:22.0594 0x1a90  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
21:27:22.0595 0x1a90  AsyncMac - ok
21:27:22.0602 0x1a90  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
21:27:22.0604 0x1a90  atapi - ok
21:27:22.0667 0x1a90  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:27:22.0680 0x1a90  AudioEndpointBuilder - ok
21:27:22.0698 0x1a90  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv        C:\Windows\System32\Audiosrv.dll
21:27:22.0710 0x1a90  AudioSrv - ok
21:27:22.0738 0x1a90  [ 03C6DEB5C74C8140C2167677DBE2F79A, D5C727B007C5B486DECE1A1B83D8155299DD7CB46DC8208CE9185C5BAE5CC33A ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
21:27:22.0741 0x1a90  avgntflt - ok
21:27:22.0771 0x1a90  [ 043E5F34C3878C844568658B79B3E55C, D13D8FC5205562E02F252C0EE1AB2236C9212445D6EC3715041EBDF993CB467F ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
21:27:22.0774 0x1a90  avipbb - ok
21:27:22.0858 0x1a90  [ 6C4B9A2FF6924405E9ABFB558049D4DD, 9AB314B9ECF41832589726556A93CEAAE2AE774B1738A46A027E833B73A72118 ] Avira.ServiceHost C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
21:27:22.0871 0x1a90  Avira.ServiceHost - ok
21:27:22.0872 0x1a90  Object required for P2P: [ 6C4B9A2FF6924405E9ABFB558049D4DD ] Avira.ServiceHost
21:27:25.0312 0x1a90  Object send P2P result: true
21:27:25.0379 0x1a90  [ 390184FAD8FCC1B6DA25AEBAE928C3B6, 537B0E0FAE080B55D70E990BBA0F7F22903CA340F6A42039BAD617A8ECF59119 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
21:27:25.0381 0x1a90  avkmgr - ok
21:27:25.0418 0x1a90  [ 080860E03F0219AF0A0377A02292741F, F0A151509BFEBFE639CC15388847EB2EDA298CFAE0AC4A1358A1472F42320249 ] avnetflt        C:\Windows\system32\DRIVERS\avnetflt.sys
21:27:25.0422 0x1a90  avnetflt - ok
21:27:25.0452 0x1a90  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
21:27:25.0456 0x1a90  AxInstSV - ok
21:27:25.0483 0x1a90  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
21:27:25.0493 0x1a90  b06bdrv - ok
21:27:25.0502 0x1a90  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
21:27:25.0508 0x1a90  b57nd60a - ok
21:27:25.0570 0x1a90  [ 4BEFF67C1775D353A16A62347E727874, 62363C5E5F4BF049A3E49FADA8CB17269945056ACADB319FDC4F05B74E2553C8 ] BBSvc           C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BBSvc.exe
21:27:25.0573 0x1a90  BBSvc - ok
21:27:25.0617 0x1a90  [ A6DAAD3EA93DBDBD07FA821BCED133F6, 8F33D4E4B82091D09E62FD5487C88F3DF0DAC31FCBB846183CC4020533A131DE ] BBUpdate        C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.exe
21:27:25.0621 0x1a90  BBUpdate - ok
21:27:25.0646 0x1a90  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
21:27:25.0649 0x1a90  BDESVC - ok
21:27:25.0652 0x1a90  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
21:27:25.0654 0x1a90  Beep - ok
21:27:25.0675 0x1a90  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
21:27:25.0689 0x1a90  BFE - ok
21:27:25.0731 0x1a90  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
21:27:25.0749 0x1a90  BITS - ok
21:27:25.0755 0x1a90  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
21:27:25.0756 0x1a90  blbdrive - ok
21:27:25.0825 0x1a90  [ E7429ECD0C47CC065EEACF7E9D0E6341, 10D8231E14C908A0949108EB5F84E17BA10ABFC370D0C5F65945B23879AB12BF ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
21:27:25.0844 0x1a90  Bluetooth Device Monitor - ok
21:27:25.0895 0x1a90  [ 0F432B34D80351EFC5E35F14D9798CFD, 591D913E069C1C69212A7742D7182E24E669FE7B50680D8D337F32CF9F72B163 ] Bluetooth Media Service C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
21:27:25.0918 0x1a90  Bluetooth Media Service - ok
21:27:25.0955 0x1a90  [ 96924B1D3060B0C0FFD77D01CB234D9F, 2A02EEC4092646A0BD26B8E8BA8B75F82EB6F46003C56C9A838E412006457DD2 ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
21:27:25.0974 0x1a90  Bluetooth OBEX Service - ok
21:27:26.0003 0x1a90  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
21:27:26.0006 0x1a90  bowser - ok
21:27:26.0010 0x1a90  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
21:27:26.0010 0x1a90  BrFiltLo - ok
21:27:26.0014 0x1a90  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
21:27:26.0014 0x1a90  BrFiltUp - ok
21:27:26.0029 0x1a90  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
21:27:26.0032 0x1a90  Browser - ok
21:27:26.0041 0x1a90  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
21:27:26.0047 0x1a90  Brserid - ok
21:27:26.0051 0x1a90  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
21:27:26.0052 0x1a90  BrSerWdm - ok
21:27:26.0057 0x1a90  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
21:27:26.0058 0x1a90  BrUsbMdm - ok
21:27:26.0061 0x1a90  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
21:27:26.0062 0x1a90  BrUsbSer - ok
21:27:26.0085 0x1a90  [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum         C:\Windows\system32\DRIVERS\BthEnum.sys
21:27:26.0087 0x1a90  BthEnum - ok
21:27:26.0091 0x1a90  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
21:27:26.0093 0x1a90  BTHMODEM - ok
21:27:26.0109 0x1a90  [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
21:27:26.0112 0x1a90  BthPan - ok
21:27:26.0130 0x1a90  [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
21:27:26.0142 0x1a90  BTHPORT - ok
21:27:26.0150 0x1a90  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
21:27:26.0152 0x1a90  bthserv - ok
21:27:26.0163 0x1a90  [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
21:27:26.0165 0x1a90  BTHUSB - ok
21:27:26.0182 0x1a90  [ 5B8D71504FA8BFA308F6E1169B89D322, 1DC0CF47C5F655EA0F0992020C17A86D05637F55ACBB17380283EBB883A4D14D ] btmaux          C:\Windows\system32\DRIVERS\btmaux.sys
21:27:26.0186 0x1a90  btmaux - ok
21:27:26.0232 0x1a90  [ D66F3A4F11E42142722DCF9DC5A451D6, 6576421E24ABB4F0A7B5EFB5CF6F9C6F510AFDD0087415D57A5ABBB0866B3E39 ] btmhsf          C:\Windows\system32\DRIVERS\btmhsf.sys
21:27:26.0257 0x1a90  btmhsf - ok
21:27:26.0267 0x1a90  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
21:27:26.0270 0x1a90  cdfs - ok
21:27:26.0276 0x1a90  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
21:27:26.0279 0x1a90  cdrom - ok
21:27:26.0293 0x1a90  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
21:27:26.0295 0x1a90  CertPropSvc - ok
21:27:26.0298 0x1a90  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
21:27:26.0300 0x1a90  circlass - ok
21:27:26.0322 0x1a90  [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS            C:\Windows\system32\CLFS.sys
21:27:26.0328 0x1a90  CLFS - ok
21:27:26.0578 0x1a90  [ 2CE5D5AEE7EC90FE0CF8A8FBBB1B1A6C, E93E8362FB1D173D8F15C753190CF41474C183A667AF90378389563A70D93864 ] ClickToRunSvc   C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
21:27:26.0629 0x1a90  ClickToRunSvc - ok
21:27:26.0691 0x1a90  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:27:26.0694 0x1a90  clr_optimization_v2.0.50727_32 - ok
21:27:26.0726 0x1a90  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:27:26.0732 0x1a90  clr_optimization_v2.0.50727_64 - ok
21:27:26.0771 0x1a90  [ 6D7C8A951AF6AD6835C029B3CB88D333, 66F3D79887B2449B4C6912D1A258D1A96056888F51A8AA24FEDF37942AD5BDBB ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:27:26.0774 0x1a90  clr_optimization_v4.0.30319_32 - ok
21:27:26.0799 0x1a90  [ 86329C35FF23CFEF0FB6C0023BA06BCE, D915CE7AD564F97A1C3B047D5248B7EF67ADDC59687FBC90F1776C21DAA0D3FD ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:27:26.0803 0x1a90  clr_optimization_v4.0.30319_64 - ok
21:27:26.0808 0x1a90  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
21:27:26.0810 0x1a90  CmBatt - ok
21:27:26.0815 0x1a90  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
21:27:26.0816 0x1a90  cmdide - ok
21:27:26.0849 0x1a90  [ EC0511BB85BAA42A9734011685A6732C, 10B52F0860CCB3AA0FC34DDA5C5538BFCF7B6D40738B7756297237FD2D9E01C1 ] CNG             C:\Windows\system32\Drivers\cng.sys
21:27:26.0863 0x1a90  CNG - ok
21:27:26.0925 0x1a90  [ CE6D6C023F23F968ABF03892972A9DCF, EBF415F15A30ED76C1D416D3D7E2D0558273DF08A134BFEF108BBE2410803ECC ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
21:27:26.0991 0x1a90  CnxtHdAudService - ok
21:27:27.0006 0x1a90  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
21:27:27.0008 0x1a90  Compbatt - ok
21:27:27.0011 0x1a90  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
21:27:27.0013 0x1a90  CompositeBus - ok
21:27:27.0016 0x1a90  COMSysApp - ok
21:27:27.0066 0x1a90  [ 76FE8C1490B70250921EC88D833742D0, 19625C894E457300641456F5BE0AEB8A7AE96661B5DE49EE772E2621FAAB92AA ] cphs            C:\Windows\SysWow64\IntelCpHeciSvc.exe
21:27:27.0072 0x1a90  cphs - ok
21:27:27.0076 0x1a90  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
21:27:27.0077 0x1a90  crcdisk - ok
21:27:27.0105 0x1a90  [ 1CD76A83B9E8E9A5A3519B39E28354D9, F9931743B99820FFBFB13136DFFD92F86802D543F9D8478648CDC554FB38899D ] CryptSvc        C:\Windows\system32\cryptsvc.dll
21:27:27.0109 0x1a90  CryptSvc - ok
21:27:27.0140 0x1a90  [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC             C:\Windows\system32\drivers\csc.sys
21:27:27.0151 0x1a90  CSC - ok
21:27:27.0170 0x1a90  [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService      C:\Windows\System32\cscsvc.dll
21:27:27.0182 0x1a90  CscService - ok
21:27:27.0204 0x1a90  [ 426B2624A1669D233BAB6C4AC5E9432E, C03746D04094FAEA0650032447667055E7C7D1094581D4C1EB414D22A164CA99 ] CxAudMsg        C:\Windows\system32\CxAudMsg64.exe
21:27:27.0208 0x1a90  CxAudMsg - ok
21:27:27.0241 0x1a90  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
21:27:27.0250 0x1a90  DcomLaunch - ok
21:27:27.0375 0x1a90  [ CC8B5C964B777F4EC3E89F13B4B5FF0F, 75E161265CCFFCB61FCE855C9790E2E06531E6B1C3DCCB1E3018466D03AD3919 ] DCService.exe   C:\ProgramData\DatacardService\DCService.exe
21:27:27.0387 0x1a90  DCService.exe - ok
21:27:27.0427 0x1a90  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
21:27:27.0436 0x1a90  defragsvc - ok
21:27:27.0443 0x1a90  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
21:27:27.0447 0x1a90  DfsC - ok
21:27:27.0481 0x1a90  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
21:27:27.0487 0x1a90  Dhcp - ok
21:27:27.0492 0x1a90  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
21:27:27.0493 0x1a90  discache - ok
21:27:27.0497 0x1a90  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
21:27:27.0499 0x1a90  Disk - ok
21:27:27.0766 0x1a90  [ 260169AFE0247D3817DDD7EC6C6AD0BC, 2C0FB869A23AC18B7874899C5599691464C158E1881AD5EEEE95D6D0B182C9CF ] DisplayLinkService C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
21:27:28.0017 0x1a90  DisplayLinkService - ok
21:27:28.0046 0x1a90  [ 5DB085A8A6600BE6401F2B24EECB5415, 5FC5C7C1B4DB7BF6EFD0992E91DB41FD047E90D1ABA0B8F868CB72557F88FB13 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
21:27:28.0049 0x1a90  dmvsc - ok
21:27:28.0066 0x1a90  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
21:27:28.0070 0x1a90  Dnscache - ok
21:27:28.0078 0x1a90  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
21:27:28.0084 0x1a90  dot3svc - ok
21:27:28.0099 0x1a90  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
21:27:28.0103 0x1a90  DPS - ok
21:27:28.0108 0x1a90  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
21:27:28.0109 0x1a90  drmkaud - ok
21:27:28.0150 0x1a90  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
21:27:28.0171 0x1a90  DXGKrnl - ok
21:27:28.0182 0x1a90  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
21:27:28.0185 0x1a90  EapHost - ok
21:27:28.0275 0x1a90  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
21:27:28.0359 0x1a90  ebdrv - ok
21:27:28.0372 0x1a90  [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] EFS             C:\Windows\System32\lsass.exe
21:27:28.0373 0x1a90  EFS - ok
21:27:28.0452 0x1a90  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
21:27:28.0475 0x1a90  ehRecvr - ok
21:27:28.0482 0x1a90  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
21:27:28.0485 0x1a90  ehSched - ok
21:27:28.0508 0x1a90  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
21:27:28.0519 0x1a90  elxstor - ok
21:27:28.0523 0x1a90  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
21:27:28.0524 0x1a90  ErrDev - ok
21:27:28.0550 0x1a90  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
21:27:28.0557 0x1a90  EventSystem - ok
21:27:28.0662 0x1a90  [ 7876CB89775B67347797E04775B2FAF9, F62D2778F7399B04E3A0DDE2E87428AB92D9FA63FBDF943709BC38A94F0015E6 ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
21:27:28.0676 0x1a90  EvtEng - ok
21:27:28.0713 0x1a90  [ 23B79B19F49A037EBA4A9A3BB03ED91D, 2E0918B20188CBFAC0E64A5B36739DF4638A343553908888DFDD708743370F3F ] ewusbnet        C:\Windows\system32\DRIVERS\ewusbnet.sys
21:27:28.0719 0x1a90  ewusbnet - ok
21:27:28.0746 0x1a90  [ E2CBB821C7CAE0EF8B56DE28ED85C740, 4AB358FEBC7B57774B2DD54705FAD3F5E0308F1E1FECBED73231DCEF11CF7D3B ] ew_hwusbdev     C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
21:27:28.0750 0x1a90  ew_hwusbdev - ok
21:27:28.0757 0x1a90  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
21:27:28.0761 0x1a90  exfat - ok
21:27:28.0768 0x1a90  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
21:27:28.0773 0x1a90  fastfat - ok
21:27:28.0799 0x1a90  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
21:27:28.0813 0x1a90  Fax - ok
21:27:28.0818 0x1a90  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
21:27:28.0819 0x1a90  fdc - ok
21:27:28.0829 0x1a90  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
21:27:28.0830 0x1a90  fdPHost - ok
21:27:28.0837 0x1a90  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
21:27:28.0838 0x1a90  FDResPub - ok
21:27:28.0842 0x1a90  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
21:27:28.0844 0x1a90  FileInfo - ok
21:27:28.0848 0x1a90  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
21:27:28.0850 0x1a90  Filetrace - ok
21:27:28.0853 0x1a90  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
21:27:28.0854 0x1a90  flpydisk - ok
21:27:28.0869 0x1a90  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
21:27:28.0874 0x1a90  FltMgr - ok
21:27:28.0927 0x1a90  [ D5A775990A7C202A037378FDBCDB6141, 27AD242914FAFB7A27B3045C0F0F6AFE6873FE331A51D8BB29A63B5D84C72EFB ] FontCache       C:\Windows\system32\FntCache.dll
21:27:28.0961 0x1a90  FontCache - ok
21:27:28.0987 0x1a90  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:27:28.0989 0x1a90  FontCache3.0.0.0 - ok
21:27:28.0993 0x1a90  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
21:27:28.0994 0x1a90  FsDepends - ok
21:27:28.0998 0x1a90  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
21:27:28.0999 0x1a90  Fs_Rec - ok
21:27:29.0006 0x1a90  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
21:27:29.0010 0x1a90  fvevol - ok
21:27:29.0023 0x1a90  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
21:27:29.0025 0x1a90  gagp30kx - ok
21:27:29.0057 0x1a90  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
21:27:29.0073 0x1a90  gpsvc - ok
21:27:29.0087 0x1a90  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
21:27:29.0088 0x1a90  hcw85cir - ok
21:27:29.0106 0x1a90  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:27:29.0114 0x1a90  HdAudAddService - ok
21:27:29.0140 0x1a90  [ 12DED0995AE2BA68EBBE70E14A76EE02, 54A658F4E8D6D98594BE43289083AD4267EB6B3F99D789A75719DBCA5188E87F ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
21:27:29.0143 0x1a90  HDAudBus - ok
21:27:29.0148 0x1a90  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
21:27:29.0150 0x1a90  HidBatt - ok
21:27:29.0154 0x1a90  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
21:27:29.0157 0x1a90  HidBth - ok
21:27:29.0161 0x1a90  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
21:27:29.0162 0x1a90  HidIr - ok
21:27:29.0178 0x1a90  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
21:27:29.0179 0x1a90  hidserv - ok
21:27:29.0184 0x1a90  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
21:27:29.0185 0x1a90  HidUsb - ok
21:27:29.0196 0x1a90  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
21:27:29.0198 0x1a90  hkmsvc - ok
21:27:29.0216 0x1a90  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:27:29.0222 0x1a90  HomeGroupListener - ok
21:27:29.0239 0x1a90  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:27:29.0243 0x1a90  HomeGroupProvider - ok
21:27:29.0251 0x1a90  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
21:27:29.0254 0x1a90  HpSAMD - ok
21:27:29.0293 0x1a90  [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
21:27:29.0306 0x1a90  HTTP - ok
21:27:29.0329 0x1a90  [ 08B1A06A55F068A17A51BA26618CF50F, 8ADFC9D3003208A9B3BE12DCD1418A13C4D19E13E00EFEE556EF87B70F49B2E6 ] huawei_enumerator C:\Windows\system32\DRIVERS\ew_jubusenum.sys
21:27:29.0331 0x1a90  huawei_enumerator - ok
21:27:29.0348 0x1a90  [ 6E5CD3984742A922D0C183C7E82C3C94, EE350C8736F0AC6751E18694E1F1142477112C8C2D83347C1EE9483BEC0DA117 ] hwdatacard      C:\Windows\system32\DRIVERS\ewusbmdm.sys
21:27:29.0352 0x1a90  hwdatacard - ok
21:27:29.0361 0x1a90  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
21:27:29.0361 0x1a90  hwpolicy - ok
21:27:29.0369 0x1a90  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
21:27:29.0371 0x1a90  i8042prt - ok
21:27:29.0407 0x1a90  [ 57CD95DEB3529181BCC931DD2DFB2341, 03ACF906E4C3CF954F503900F42C7A60FCD5624772B90A956F032484146E42B7 ] iaStorA         C:\Windows\system32\DRIVERS\iaStorA.sys
21:27:29.0421 0x1a90  iaStorA - ok
21:27:29.0435 0x1a90  [ CE5CD8CBE940965867D507AB8EA2795A, 1CC2C23A1436E4C911DD3B942D8F6DABB7249AB04426F9AB6B6045034226DD25 ] iaStorF         C:\Windows\system32\DRIVERS\iaStorF.sys
21:27:29.0436 0x1a90  iaStorF - ok
21:27:29.0447 0x1a90  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
21:27:29.0455 0x1a90  iaStorV - ok
21:27:29.0468 0x1a90  [ B005844661028E11480D724A709CC298, DC738AA0246581814915160BA824C2DB9009E6CFCCDB6A268F08C8D13F52BEB0 ] IBMPMDRV        C:\Windows\system32\DRIVERS\ibmpmdrv.sys
21:27:29.0470 0x1a90  IBMPMDRV - ok
21:27:29.0480 0x1a90  [ ED802CE6B36E280401197F593634C1DD, 620F2D5F40B8E61DE606FC1B1B1DCDD12BE7431E065F9CB776FDCFF915B1D243 ] IBMPMSVC        C:\Windows\system32\ibmpmsvc.exe
21:27:29.0481 0x1a90  IBMPMSVC - ok
21:27:29.0506 0x1a90  [ 617EEDD27FB557C9D95D68096564C930, 59AA6F9884C9B504D5B524B6EFF8148669251085FAF12AE3634F0C753850CDC3 ] ibtusb          C:\Windows\system32\DRIVERS\ibtusb.sys
21:27:29.0509 0x1a90  ibtusb - ok
21:27:29.0553 0x1a90  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:27:29.0572 0x1a90  idsvc - ok
21:27:29.0576 0x1a90  IEEtwCollectorService - ok
21:27:29.0714 0x1a90  [ AEF200DC087141A5F66A6B006D2F0FD4, A38A0684637D9FE58271D91B93184A72414948E35145D19246BF6FBC60E28B3C ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
21:27:29.0832 0x1a90  igfx - ok
21:27:29.0844 0x1a90  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
21:27:29.0845 0x1a90  iirsp - ok
21:27:29.0877 0x1a90  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
21:27:29.0894 0x1a90  IKEEXT - ok
21:27:29.0915 0x1a90  [ 314285071F7117263BD246E35C17FD82, 12E135DAB9D717D697026800C97FB58A64C0C37ACE715C2805A411A5384CB55A ] intaud_WaveExtensible C:\Windows\system32\drivers\intelaud.sys
21:27:29.0917 0x1a90  intaud_WaveExtensible - ok
21:27:29.0947 0x1a90  [ EEE7376243CD8A4B49B885EF122D25E5, A3B89E7B513C95558C4DA41D3C136D464381263BA43E00EC136FC776DAA0BA94 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
21:27:29.0957 0x1a90  IntcDAud - ok
21:27:30.0010 0x1a90  [ DDA8E5AD97231AB50B81FED04C28F64C, 5C9E8F7CC45A9AE7FF12A02641562E271D84894DFA7C50218AC2AAA298251B60 ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
21:27:30.0025 0x1a90  Intel(R) Capability Licensing Service Interface - ok
21:27:30.0055 0x1a90  [ 86FE509640D77FB0998FC8B1FF5523C6, 13E895DEB9B84379251699D7E52C5E3FD888994425DE01B6C4634F9E959D5584 ] Intel(R) Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
21:27:30.0072 0x1a90  Intel(R) Capability Licensing Service TCP IP Interface - ok
21:27:30.0077 0x1a90  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
21:27:30.0078 0x1a90  intelide - ok
21:27:30.0099 0x1a90  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
21:27:30.0101 0x1a90  intelppm - ok
21:27:30.0112 0x1a90  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
21:27:30.0115 0x1a90  IPBusEnum - ok
21:27:30.0119 0x1a90  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:27:30.0121 0x1a90  IpFilterDriver - ok
21:27:30.0146 0x1a90  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
21:27:30.0158 0x1a90  iphlpsvc - ok
21:27:30.0163 0x1a90  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
21:27:30.0165 0x1a90  IPMIDRV - ok
21:27:30.0171 0x1a90  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
21:27:30.0173 0x1a90  IPNAT - ok
21:27:30.0177 0x1a90  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
21:27:30.0178 0x1a90  IRENUM - ok
21:27:30.0181 0x1a90  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
21:27:30.0182 0x1a90  isapnp - ok
21:27:30.0208 0x1a90  [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
21:27:30.0215 0x1a90  iScsiPrt - ok
21:27:30.0232 0x1a90  [ 72B203A1F805C07E920E537414A0EA5F, 7EFB2A397034FF3D451D1763865E8AA330D8D4656E7C6F8CDA6489868023C36E ] iusb3hcs        C:\Windows\system32\DRIVERS\iusb3hcs.sys
21:27:30.0235 0x1a90  iusb3hcs - ok
21:27:30.0253 0x1a90  [ 474BFFCF3214208C5FD440217D34FE6E, 181E4A091B24E8FBB9C1072E1FD2BABB1B0AD68D1112563A70A791FA3546D4CE ] iusb3hub        C:\Windows\system32\DRIVERS\iusb3hub.sys
21:27:30.0261 0x1a90  iusb3hub - ok
21:27:30.0303 0x1a90  [ 842A11F2020CD94A0120E61F902E3664, 464EDED37258A22AC38C007524E34ED1A795E5607FF8BD322455A8F76CB4BDCE ] iusb3xhc        C:\Windows\system32\DRIVERS\iusb3xhc.sys
21:27:30.0320 0x1a90  iusb3xhc - ok
21:27:30.0333 0x1a90  [ 4487AD9C070D3973FE28AB4406555FC6, 77D8DE3036613618D44D7E5E47C9C754B8F0FF294D9DD778C92A7AFDA8F778FC ] iwdbus          C:\Windows\system32\DRIVERS\iwdbus.sys
21:27:30.0334 0x1a90  iwdbus - ok
21:27:30.0390 0x1a90  [ 9BFDEFD51800A2D47D43919653F4BEF4, C7221D9F82F7F04343EDA6FE41A4EC4C97F6DC4170780AA3983C8735369A5026 ] jhi_service     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
21:27:30.0397 0x1a90  jhi_service - ok
21:27:30.0404 0x1a90  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
21:27:30.0407 0x1a90  kbdclass - ok
21:27:30.0414 0x1a90  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
21:27:30.0415 0x1a90  kbdhid - ok
21:27:30.0432 0x1a90  [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] KeyIso          C:\Windows\system32\lsass.exe
21:27:30.0433 0x1a90  KeyIso - ok
21:27:30.0449 0x1a90  [ BCC83F22805F560C8A487F2F296A78FE, B6729B9D85CC3B9377E3143FEF920EFAA82D152845A43074417E9266C9F5C1A8 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
21:27:30.0451 0x1a90  KSecDD - ok
21:27:30.0464 0x1a90  [ 33D52A96BEEE8AFCE9E07EEC9FE0C9DB, 5367B46A43296792A0E6294906D40511079D5CAA23F08D5A7EDE02C06AD34484 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
21:27:30.0469 0x1a90  KSecPkg - ok
21:27:30.0480 0x1a90  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
21:27:30.0481 0x1a90  ksthunk - ok
21:27:30.0505 0x1a90  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
21:27:30.0514 0x1a90  KtmRm - ok
21:27:30.0533 0x1a90  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
21:27:30.0539 0x1a90  LanmanServer - ok
21:27:30.0556 0x1a90  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:27:30.0559 0x1a90  LanmanWorkstation - ok
21:27:30.0590 0x1a90  [ D253E6009F05776F505F96866CCF460F, 8A39E77B4FC780BB9C6C8A892603248D87ED70255BF9BED0218BE2420B5E8C53 ] Lenovo.VIRTSCRLSVC C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
21:27:30.0592 0x1a90  Lenovo.VIRTSCRLSVC - ok
21:27:30.0596 0x1a90  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
21:27:30.0598 0x1a90  lltdio - ok
21:27:30.0616 0x1a90  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
21:27:30.0623 0x1a90  lltdsvc - ok
21:27:30.0632 0x1a90  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
21:27:30.0633 0x1a90  lmhosts - ok
21:27:30.0664 0x1a90  [ 9FE032AD8751C5DDCF01DE26C1EE84BC, FAE072D7FCAED0987EA7D822238521A7CF96662F8EFD154515EA2A6C5B4E64F5 ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
21:27:30.0671 0x1a90  LMS - ok
21:27:30.0750 0x1a90  [ CE87E8E09273791172F7A1C60B225648, 03AB8A69C5A58FD3BCFF9E36FF83338B6866D82E4E550CD7CED686C4CC096DC1 ] LSCWinService   C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe
21:27:30.0763 0x1a90  LSCWinService - ok
21:27:30.0769 0x1a90  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
21:27:30.0774 0x1a90  LSI_FC - ok
21:27:30.0780 0x1a90  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
21:27:30.0783 0x1a90  LSI_SAS - ok
21:27:30.0788 0x1a90  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
21:27:30.0790 0x1a90  LSI_SAS2 - ok
21:27:30.0796 0x1a90  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
21:27:30.0799 0x1a90  LSI_SCSI - ok
21:27:30.0813 0x1a90  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
21:27:30.0818 0x1a90  luafv - ok
21:27:30.0845 0x1a90  [ CFBC6C6D8A492697CABD1D353EE64933, DDAA844908324740C891EB8F08E2A8BB00457063B31C4A762745C1C2415FC12D ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
21:27:30.0847 0x1a90  MBAMProtector - ok
21:27:30.0912 0x1a90  [ AB176B9E59C0435499D83047D84EDD59, 85B826A3972CE9AD885313B69B9C60328B850257667D0EB65DDE890D0BB06361 ] MBAMScheduler   C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
21:27:30.0953 0x1a90  MBAMScheduler - ok
21:27:31.0005 0x1a90  [ 40C126CB15FAB7D6C66490DCA9C1AED2, B32CEE2D2409232C245427D5E9647FDF59AF1D8AB5E8A98EE2D1F1314599FD14 ] MBAMService     C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
21:27:31.0038 0x1a90  MBAMService - ok
21:27:31.0064 0x1a90  [ 78488AF2AB2111D67B3C4044707A519B, 7AA71B9C4C7949A1A21F60EF7CCEDE0079794990696B60557B5DC86F4D47223A ] MBAMSwissArmy   C:\Windows\system32\drivers\MBAMSwissArmy.sys
21:27:31.0068 0x1a90  MBAMSwissArmy - ok
21:27:31.0084 0x1a90  [ D61070CFAD43038DC56AEAD9BFE9CE2A, BD77AEF60E7FD2015CB14A464799304359547146C14A47F8D25274ACFA2E42D5 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
21:27:31.0085 0x1a90  MBAMWebAccessControl - ok
21:27:31.0140 0x1a90  [ 1704A8189EE5580AB147CFD25C5C8770, DFA076FD36B5CC844D4BE3B865E9A1F809E14CCB1D78D82A2D8D8EE38210E6EB ] McComponentHostService C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe
21:27:31.0154 0x1a90  McComponentHostService - ok
21:27:31.0177 0x1a90  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
21:27:31.0181 0x1a90  Mcx2Svc - ok
21:27:31.0185 0x1a90  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
21:27:31.0187 0x1a90  megasas - ok
21:27:31.0205 0x1a90  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
21:27:31.0214 0x1a90  MegaSR - ok
21:27:31.0237 0x1a90  [ 2BB3EAE2EA641515D4B205CAB29E1624, D3F18EE393EB1B0F919484281269A3C55A092D023E62C59D74CB63A55612024B ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
21:27:31.0239 0x1a90  MEIx64 - ok
21:27:31.0250 0x1a90  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
21:27:31.0253 0x1a90  MMCSS - ok
21:27:31.0261 0x1a90  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
21:27:31.0262 0x1a90  Modem - ok
21:27:31.0282 0x1a90  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
21:27:31.0283 0x1a90  monitor - ok
21:27:31.0288 0x1a90  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
21:27:31.0289 0x1a90  mouclass - ok
21:27:31.0293 0x1a90  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
21:27:31.0294 0x1a90  mouhid - ok
21:27:31.0312 0x1a90  [ 67050452C0118BAF2883928E6FCCFE47, 335FC0AEB7B47DCC7CE0CF3F424EB60ACB1327D2FF6515F04D9AC03A10FF1E31 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
21:27:31.0314 0x1a90  mountmgr - ok
21:27:31.0320 0x1a90  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
21:27:31.0323 0x1a90  mpio - ok
21:27:31.0330 0x1a90  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
21:27:31.0332 0x1a90  mpsdrv - ok
21:27:31.0361 0x1a90  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
21:27:31.0377 0x1a90  MpsSvc - ok
21:27:31.0398 0x1a90  [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
21:27:31.0402 0x1a90  MRxDAV - ok
21:27:31.0424 0x1a90  [ 73ADDCC406B86E7DA4416691E8E74BDA, 4EC970B9095E6DAA79BF7EFB92DF3F2C0AB0C46739AA36C171A262E05B63CBB5 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
21:27:31.0428 0x1a90  mrxsmb - ok
21:27:31.0454 0x1a90  [ 7C81098FBAF2EAF5B54B939F832B0F61, 999435DF4638ECB136D5BF1B84305A84B215BAB542E4D5301E57D28D507E11B3 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:27:31.0461 0x1a90  mrxsmb10 - ok
21:27:31.0484 0x1a90  [ ACB763673BCCE6C7B3B8F858C9FE4F1F, CCD49558F8A01A225AEAE60BF299BCA6E9399E39F4F553FABC36CADB164BBBC0 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:27:31.0487 0x1a90  mrxsmb20 - ok
21:27:31.0491 0x1a90  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
21:27:31.0492 0x1a90  msahci - ok
21:27:31.0506 0x1a90  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
21:27:31.0510 0x1a90  msdsm - ok
21:27:31.0529 0x1a90  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
21:27:31.0534 0x1a90  MSDTC - ok
21:27:31.0540 0x1a90  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
21:27:31.0541 0x1a90  Msfs - ok
21:27:31.0544 0x1a90  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
21:27:31.0545 0x1a90  mshidkmdf - ok
21:27:31.0550 0x1a90  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
21:27:31.0551 0x1a90  msisadrv - ok
21:27:31.0563 0x1a90  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
21:27:31.0568 0x1a90  MSiSCSI - ok
21:27:31.0570 0x1a90  msiserver - ok
21:27:31.0575 0x1a90  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
21:27:31.0576 0x1a90  MSKSSRV - ok
21:27:31.0579 0x1a90  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
21:27:31.0580 0x1a90  MSPCLOCK - ok
21:27:31.0583 0x1a90  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
21:27:31.0584 0x1a90  MSPQM - ok
21:27:31.0602 0x1a90  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
21:27:31.0610 0x1a90  MsRPC - ok
21:27:31.0615 0x1a90  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
21:27:31.0616 0x1a90  mssmbios - ok
21:27:31.0620 0x1a90  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
21:27:31.0621 0x1a90  MSTEE - ok
21:27:31.0624 0x1a90  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
21:27:31.0625 0x1a90  MTConfig - ok
21:27:31.0630 0x1a90  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
21:27:31.0632 0x1a90  Mup - ok
21:27:31.0658 0x1a90  [ 35739E6A0C67147A9B75226946CDC903, C9DE77D6812C778F601F52E87ECDD228E52EA691AB9CEAD388998A7B5AFC3B89 ] MyWiFiDHCPDNS   C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
21:27:31.0665 0x1a90  MyWiFiDHCPDNS - ok
21:27:31.0691 0x1a90  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
21:27:31.0699 0x1a90  napagent - ok
21:27:31.0714 0x1a90  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
21:27:31.0722 0x1a90  NativeWifiP - ok
21:27:31.0763 0x1a90  [ F7309F42555F8AAB7144A51A1F2585B0, 065277A8AFAEE3888C997A76D2F751070F92DF4C3354D16B194860B4BDAFF937 ] NDIS            C:\Windows\system32\drivers\ndis.sys
21:27:31.0782 0x1a90  NDIS - ok
21:27:31.0796 0x1a90  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
21:27:31.0798 0x1a90  NdisCap - ok
21:27:31.0801 0x1a90  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
21:27:31.0802 0x1a90  NdisTapi - ok
21:27:31.0806 0x1a90  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
21:27:31.0808 0x1a90  Ndisuio - ok
21:27:31.0817 0x1a90  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
21:27:31.0821 0x1a90  NdisWan - ok
21:27:31.0827 0x1a90  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
21:27:31.0829 0x1a90  NDProxy - ok
21:27:31.0835 0x1a90  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
21:27:31.0837 0x1a90  NetBIOS - ok
21:27:31.0845 0x1a90  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
21:27:31.0850 0x1a90  NetBT - ok
21:27:31.0861 0x1a90  [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] Netlogon        C:\Windows\system32\lsass.exe
21:27:31.0863 0x1a90  Netlogon - ok
21:27:31.0879 0x1a90  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
21:27:31.0887 0x1a90  Netman - ok
21:27:31.0931 0x1a90  [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:27:31.0934 0x1a90  NetMsmqActivator - ok
21:27:31.0940 0x1a90  [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:27:31.0943 0x1a90  NetPipeActivator - ok
21:27:31.0964 0x1a90  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
21:27:31.0973 0x1a90  netprofm - ok
21:27:31.0979 0x1a90  [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:27:31.0981 0x1a90  NetTcpActivator - ok
21:27:31.0987 0x1a90  [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:27:31.0990 0x1a90  NetTcpPortSharing - ok
21:27:32.0094 0x1a90  [ C873B801A7D628474313B2887D051607, 894877BAB599F52FB606B240D53FEB84CC4A6BAD8A45CB1983231CD2AE0C7A79 ] NETwNs64        C:\Windows\system32\DRIVERS\Netwsw02.sys
21:27:32.0188 0x1a90  NETwNs64 - ok
21:27:32.0200 0x1a90  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
21:27:32.0201 0x1a90  nfrd960 - ok
21:27:32.0225 0x1a90  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
21:27:32.0232 0x1a90  NlaSvc - ok
21:27:32.0236 0x1a90  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
21:27:32.0237 0x1a90  Npfs - ok
21:27:32.0245 0x1a90  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
21:27:32.0247 0x1a90  nsi - ok
21:27:32.0251 0x1a90  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
21:27:32.0251 0x1a90  nsiproxy - ok
21:27:32.0299 0x1a90  [ B98F8C6E31CD07B2E6F71F7F648E38C0, 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
21:27:32.0342 0x1a90  Ntfs - ok
21:27:32.0347 0x1a90  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
21:27:32.0348 0x1a90  Null - ok
21:27:32.0354 0x1a90  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
21:27:32.0358 0x1a90  nvraid - ok
21:27:32.0364 0x1a90  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
21:27:32.0368 0x1a90  nvstor - ok
21:27:32.0373 0x1a90  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
21:27:32.0376 0x1a90  nv_agp - ok
21:27:32.0382 0x1a90  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
21:27:32.0385 0x1a90  ohci1394 - ok
21:27:32.0441 0x1a90  [ 1B9E7338761DAE4839ED87D7A248F817, 03AF40570DD8F8326EAF2A18227280DF0CEFFF1E12966E2829839C4B1E7F700E ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:27:32.0446 0x1a90  ose - ok
21:27:32.0636 0x1a90  [ FE9C0029E1AF26350D9985D00520E5C8, 967079CCF7B2CBD4B48C9F076675C26AF93A1CEC26C96811F279414E34004EE6 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:27:32.0721 0x1a90  osppsvc - ok
21:27:32.0756 0x1a90  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
21:27:32.0762 0x1a90  p2pimsvc - ok
21:27:32.0782 0x1a90  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
21:27:32.0790 0x1a90  p2psvc - ok
21:27:32.0795 0x1a90  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
21:27:32.0797 0x1a90  Parport - ok
21:27:32.0801 0x1a90  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
21:27:32.0803 0x1a90  partmgr - ok
21:27:32.0835 0x1a90  [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc          C:\Windows\System32\pcasvc.dll
21:27:32.0839 0x1a90  PcaSvc - ok
21:27:32.0845 0x1a90  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
21:27:32.0850 0x1a90  pci - ok
21:27:32.0853 0x1a90  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
21:27:32.0854 0x1a90  pciide - ok
21:27:32.0871 0x1a90  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
21:27:32.0876 0x1a90  pcmcia - ok
21:27:32.0880 0x1a90  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
21:27:32.0882 0x1a90  pcw - ok
21:27:32.0907 0x1a90  [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
21:27:32.0923 0x1a90  PEAUTH - ok
21:27:32.0983 0x1a90  [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
21:27:33.0007 0x1a90  PeerDistSvc - ok
21:27:33.0052 0x1a90  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
21:27:33.0055 0x1a90  PerfHost - ok
21:27:33.0107 0x1a90  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
21:27:33.0143 0x1a90  pla - ok
21:27:33.0176 0x1a90  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
21:27:33.0183 0x1a90  PlugPlay - ok
21:27:33.0194 0x1a90  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
21:27:33.0196 0x1a90  PNRPAutoReg - ok
21:27:33.0205 0x1a90  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
21:27:33.0212 0x1a90  PNRPsvc - ok
21:27:33.0279 0x1a90  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
21:27:33.0294 0x1a90  PolicyAgent - ok
21:27:33.0315 0x1a90  [ A2CCA4FB273E6050F17A0A416CFF2FCD, C42BA18DF0C8E3F7358669A784E51E4DC7A4112096345EA699EDC95F561E0255 ] Power           C:\Windows\system32\umpo.dll
21:27:33.0320 0x1a90  Power - ok
21:27:33.0393 0x1a90  [ 552F3539C70D010F97001E9B7228210B, 9CB45B7D67E0B99C78D0091173C983AB272FA8A18E1CB5AC3B1519B37964A11E ] Power Manager DBC Service C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
21:27:33.0422 0x1a90  Power Manager DBC Service - ok
21:27:33.0466 0x1a90  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
21:27:33.0472 0x1a90  PptpMiniport - ok
21:27:33.0485 0x1a90  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
21:27:33.0489 0x1a90  Processor - ok
21:27:33.0517 0x1a90  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\Windows\system32\profsvc.dll
21:27:33.0523 0x1a90  ProfSvc - ok
21:27:33.0540 0x1a90  [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:27:33.0542 0x1a90  ProtectedStorage - ok
21:27:33.0555 0x1a90  [ 05A4779E4994B21473EDBE85AABE8030, AFD597461B036FDE42013648A4D542B02AE1D7E128BF0B193BA4B478432F0C72 ] psadd           C:\Windows\system32\DRIVERS\psadd.sys
21:27:33.0557 0x1a90  psadd - ok
21:27:33.0567 0x1a90  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
21:27:33.0571 0x1a90  Psched - ok
21:27:33.0626 0x1a90  [ FB3D6070413925193EA32D1652B921F0, 5D0EEDC966BD5A042A761411E69B376BC16339032BCC460CD4F2965DF05C1033 ] PwmEWSvc        C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE
21:27:33.0671 0x1a90  PwmEWSvc - ok
21:27:33.0718 0x1a90  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
21:27:33.0761 0x1a90  ql2300 - ok
21:27:33.0767 0x1a90  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
21:27:33.0771 0x1a90  ql40xx - ok
21:27:33.0786 0x1a90  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
21:27:33.0794 0x1a90  QWAVE - ok
21:27:33.0799 0x1a90  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
21:27:33.0801 0x1a90  QWAVEdrv - ok
21:27:33.0804 0x1a90  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
21:27:33.0805 0x1a90  RasAcd - ok
21:27:33.0831 0x1a90  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
21:27:33.0833 0x1a90  RasAgileVpn - ok
21:27:33.0847 0x1a90  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
21:27:33.0851 0x1a90  RasAuto - ok
21:27:33.0856 0x1a90  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
21:27:33.0859 0x1a90  Rasl2tp - ok
21:27:33.0880 0x1a90  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
21:27:33.0888 0x1a90  RasMan - ok
21:27:33.0893 0x1a90  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
21:27:33.0895 0x1a90  RasPppoe - ok
21:27:33.0900 0x1a90  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
21:27:33.0902 0x1a90  RasSstp - ok
21:27:33.0912 0x1a90  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
21:27:33.0919 0x1a90  rdbss - ok
21:27:33.0922 0x1a90  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
21:27:33.0923 0x1a90  rdpbus - ok
21:27:33.0926 0x1a90  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
21:27:33.0928 0x1a90  RDPCDD - ok
21:27:33.0954 0x1a90  [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
21:27:33.0959 0x1a90  RDPDR - ok
21:27:33.0961 0x1a90  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
21:27:33.0962 0x1a90  RDPENCDD - ok
21:27:33.0974 0x1a90  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
21:27:33.0975 0x1a90  RDPREFMP - ok
21:27:34.0000 0x1a90  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
21:27:34.0005 0x1a90  RDPWD - ok
21:27:34.0013 0x1a90  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
21:27:34.0018 0x1a90  rdyboost - ok
21:27:34.0067 0x1a90  [ BC49E8BDBC6C1B161FDDB350CE423366, D98C7948EE36808164766DD9934C204599275BE9FCD83515F9C0153202D38C34 ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
21:27:34.0075 0x1a90  RegSrvc - ok
21:27:34.0093 0x1a90  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
21:27:34.0097 0x1a90  RemoteAccess - ok
21:27:34.0117 0x1a90  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
21:27:34.0124 0x1a90  RemoteRegistry - ok
21:27:34.0161 0x1a90  [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
21:27:34.0168 0x1a90  RFCOMM - ok
21:27:34.0177 0x1a90  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
21:27:34.0181 0x1a90  RpcEptMapper - ok
21:27:34.0190 0x1a90  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
21:27:34.0192 0x1a90  RpcLocator - ok
21:27:34.0212 0x1a90  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
21:27:34.0221 0x1a90  RpcSs - ok
21:27:34.0229 0x1a90  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
21:27:34.0231 0x1a90  rspndr - ok
21:27:34.0267 0x1a90  [ 1BE36AB59242A109697870F16A8E0EF8, CAC949D97EEFA0CE5E89084D0950B6E331145870355367803530D0DED4962F2E ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
21:27:34.0285 0x1a90  RTL8167 - ok
21:27:34.0307 0x1a90  [ 61EF084BB097FFAB50D05EE5115F7F98, 334E691C45A473977301DB8E8D03747388D2A2D940D3BC15493476404D801645 ] RTSPER          C:\Windows\system32\DRIVERS\RtsPer.sys
21:27:34.0316 0x1a90  RTSPER - ok
21:27:34.0334 0x1a90  [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
21:27:34.0335 0x1a90  s3cap - ok
21:27:34.0340 0x1a90  [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] SamSs           C:\Windows\system32\lsass.exe
21:27:34.0342 0x1a90  SamSs - ok
21:27:34.0345 0x1a90  SAService - ok
21:27:34.0356 0x1a90  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
21:27:34.0358 0x1a90  sbp2port - ok
21:27:34.0376 0x1a90  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
21:27:34.0381 0x1a90  SCardSvr - ok
21:27:34.0384 0x1a90  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
21:27:34.0386 0x1a90  scfilter - ok
21:27:34.0459 0x1a90  [ 40686B59C127F0C93B4234E4A1E3472A, B2DD61CB796C6AA8AFD285D43472B94646CA6D331D282818E0FDC9DE28DDE9CF ] Schedule        C:\Windows\system32\schedsvc.dll
21:27:34.0480 0x1a90  Schedule - ok
21:27:34.0501 0x1a90  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
21:27:34.0503 0x1a90  SCPolicySvc - ok
21:27:34.0519 0x1a90  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
21:27:34.0524 0x1a90  SDRSVC - ok
21:27:34.0529 0x1a90  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
21:27:34.0530 0x1a90  secdrv - ok
21:27:34.0540 0x1a90  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
21:27:34.0542 0x1a90  seclogon - ok
21:27:34.0553 0x1a90  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
21:27:34.0555 0x1a90  SENS - ok
21:27:34.0559 0x1a90  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
21:27:34.0561 0x1a90  SensrSvc - ok
21:27:34.0564 0x1a90  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\drivers\serenum.sys
21:27:34.0565 0x1a90  Serenum - ok
21:27:34.0571 0x1a90  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\drivers\serial.sys
21:27:34.0573 0x1a90  Serial - ok
21:27:34.0577 0x1a90  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
21:27:34.0578 0x1a90  sermouse - ok
21:27:34.0596 0x1a90  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
21:27:34.0599 0x1a90  SessionEnv - ok
21:27:34.0603 0x1a90  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
21:27:34.0604 0x1a90  sffdisk - ok
21:27:34.0609 0x1a90  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
21:27:34.0609 0x1a90  sffp_mmc - ok
21:27:34.0612 0x1a90  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
21:27:34.0614 0x1a90  sffp_sd - ok
21:27:34.0617 0x1a90  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
21:27:34.0619 0x1a90  sfloppy - ok
21:27:34.0648 0x1a90  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
21:27:34.0657 0x1a90  SharedAccess - ok
21:27:34.0676 0x1a90  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:27:34.0683 0x1a90  ShellHWDetection - ok
21:27:34.0702 0x1a90  [ 07514491857759A5D02A741C9DB6ECA2, D3EB21D90DB68F8BE695961BFA1256E4FA1274D59B3AA465A5485215ABBAA8C5 ] Shockprf        C:\Windows\system32\DRIVERS\Apsx64.sys
21:27:34.0706 0x1a90  Shockprf - ok
21:27:34.0711 0x1a90  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
21:27:34.0712 0x1a90  SiSRaid2 - ok
21:27:34.0729 0x1a90  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
21:27:34.0732 0x1a90  SiSRaid4 - ok
21:27:34.0736 0x1a90  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
21:27:34.0739 0x1a90  Smb - ok
21:27:34.0761 0x1a90  [ 7C5B431BB6CD52C46295D9752C1C5A45, CBC2A342F019359629B7141ADD1A5AE3E97785D39ADD398EC60F897FABDD5554 ] SmbDrvI         C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys
21:27:34.0763 0x1a90  SmbDrvI - ok
21:27:34.0780 0x1a90  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
21:27:34.0783 0x1a90  SNMPTRAP - ok
21:27:34.0841 0x1a90  [ 3A4F2C0BB87A0895ABEBA341AA1E341B, 4DADEEF3C5D181502D6F4A00FBBF3B001FA626E49569FB330D7AE2955CC7DE08 ] Sony PC Companion C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
21:27:34.0850 0x1a90  Sony PC Companion - ok
21:27:34.0859 0x1a90  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
21:27:34.0861 0x1a90  spldr - ok
21:27:34.0893 0x1a90  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
21:27:34.0909 0x1a90  Spooler - ok
21:27:35.0017 0x1a90  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
21:27:35.0101 0x1a90  sppsvc - ok
21:27:35.0110 0x1a90  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
21:27:35.0113 0x1a90  sppuinotify - ok
21:27:35.0136 0x1a90  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
21:27:35.0146 0x1a90  srv - ok
21:27:35.0158 0x1a90  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
21:27:35.0167 0x1a90  srv2 - ok
21:27:35.0174 0x1a90  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
21:27:35.0178 0x1a90  srvnet - ok
21:27:35.0197 0x1a90  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
21:27:35.0202 0x1a90  SSDPSRV - ok
21:27:35.0208 0x1a90  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
21:27:35.0212 0x1a90  SstpSvc - ok
21:27:35.0216 0x1a90  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
21:27:35.0217 0x1a90  stexstor - ok
21:27:35.0244 0x1a90  [ DECACB6921DED1A38642642685D77DAC, 1633711CE973F818EBCCCA28538772431167C33ECDD44D1E846A9436598B52DC ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
21:27:35.0246 0x1a90  StillCam - ok
21:27:35.0275 0x1a90  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
21:27:35.0288 0x1a90  stisvc - ok
21:27:35.0300 0x1a90  [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
21:27:35.0303 0x1a90  storflt - ok
21:27:35.0328 0x1a90  [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc         C:\Windows\system32\storsvc.dll
21:27:35.0330 0x1a90  StorSvc - ok
21:27:35.0344 0x1a90  [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc         C:\Windows\system32\drivers\storvsc.sys
21:27:35.0346 0x1a90  storvsc - ok
21:27:35.0435 0x1a90  [ 4219A2A1C9049CC35ADC65C1E2AC8842, 7B52107880251C7BA75E5A083A80B25FDC6C6AB34ACE7CDDAA990A04D76FB98E ] SUService       C:\Program Files (x86)\Lenovo\System Update\SUService.exe
21:27:35.0437 0x1a90  SUService - ok
21:27:35.0443 0x1a90  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
21:27:35.0444 0x1a90  swenum - ok
21:27:35.0485 0x1a90  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
21:27:35.0501 0x1a90  swprv - ok
21:27:35.0526 0x1a90  [ 16021E640CFA11BFA5F4D789322CFC39, E7249AFD865607502A36A6EC931AA9D04185A255B568F9401D45608305DFBF83 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
21:27:35.0538 0x1a90  SynTP - ok
21:27:35.0596 0x1a90  [ 2E730941CC5BF6200A4F56D1E9C24AAD, 758836D55DC84F3EBE9917DC6FAB8E6170A5B238FEDBCFDB6D7C5C6EA98E08B2 ] SysMain         C:\Windows\system32\sysmain.dll
21:27:35.0626 0x1a90  SysMain - ok
21:27:35.0658 0x1a90  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:27:35.0662 0x1a90  TabletInputService - ok
21:27:35.0674 0x1a90  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
21:27:35.0682 0x1a90  TapiSrv - ok
21:27:35.0690 0x1a90  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
21:27:35.0692 0x1a90  TBS - ok
21:27:35.0750 0x1a90  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
21:27:35.0781 0x1a90  Tcpip - ok
21:27:35.0841 0x1a90  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
21:27:35.0873 0x1a90  TCPIP6 - ok
21:27:35.0887 0x1a90  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
21:27:35.0889 0x1a90  tcpipreg - ok
21:27:35.0894 0x1a90  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
21:27:35.0896 0x1a90  TDPIPE - ok
21:27:35.0913 0x1a90  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
21:27:35.0915 0x1a90  TDTCP - ok
21:27:35.0939 0x1a90  [ AA77EB517D2F07A947294F260E3ACA83, B7A5DF3066830C0C2302B059778A67419792058A0D300C471DE40AB245EA7E58 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
21:27:35.0942 0x1a90  tdx - ok
21:27:35.0946 0x1a90  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
21:27:35.0949 0x1a90  TermDD - ok
21:27:35.0983 0x1a90  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
21:27:35.0997 0x1a90  TermService - ok
21:27:36.0011 0x1a90  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
21:27:36.0013 0x1a90  Themes - ok
21:27:36.0034 0x1a90  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
21:27:36.0036 0x1a90  THREADORDER - ok
21:27:36.0051 0x1a90  [ D34181414FB3060A968DF24C4BA98764, EDD1AC4D41C8F9B32E47FF03A391AAC6BDB26D00A8C43898D35610EB08EEA25C ] TPDIGIMN        C:\Windows\system32\DRIVERS\ApsHM64.sys
21:27:36.0052 0x1a90  TPDIGIMN - ok
21:27:36.0067 0x1a90  [ F3B696FD7CFBB5D73FF59E1018D8043D, 20B96C409FCB67AA24D417CACBA516756EAE5D4574FDA7951BDB1FA1DF67209B ] TPHDEXLGSVC     C:\Windows\system32\TPHDEXLG64.exe
21:27:36.0069 0x1a90  TPHDEXLGSVC - ok
21:27:36.0073 0x1a90  [ DBCC20C02E8A3E43B03C304A4E40A84F, BF5F3ACCB0342304A6870E94D2576644B08DBF307C853C7DBA4B82B0C7309DA4 ] TPM             C:\Windows\system32\drivers\tpm.sys
21:27:36.0074 0x1a90  TPM - ok
21:27:36.0081 0x1a90  [ A9EF6C7E62DC3B01C51CFB92C1596C62, 432335FDA5DF9FF8C9B86767980A07C720E7158D5362E40D3A745817D4275A07 ] TPPWRIF         C:\Windows\system32\drivers\Tppwr64v.sys
21:27:36.0082 0x1a90  TPPWRIF - ok
21:27:36.0095 0x1a90  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
21:27:36.0099 0x1a90  TrkWks - ok
21:27:36.0137 0x1a90  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:27:36.0140 0x1a90  TrustedInstaller - ok
21:27:36.0163 0x1a90  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
21:27:36.0164 0x1a90  tssecsrv - ok
21:27:36.0170 0x1a90  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
21:27:36.0171 0x1a90  TsUsbFlt - ok
21:27:36.0175 0x1a90  [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
21:27:36.0176 0x1a90  TsUsbGD - ok
21:27:36.0181 0x1a90  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
21:27:36.0183 0x1a90  tunnel - ok
21:27:36.0202 0x1a90  [ 760B34088C2AD8D634CC3784EF3A2CA2, 20D23EDBDE7EBBA495C032097E7C5B1C6F94037971D9B2D6B98ABE11E7FF3643 ] tvtvcamd        C:\Windows\system32\DRIVERS\tvtvcamd.sys
21:27:36.0202 0x1a90  tvtvcamd - ok
21:27:36.0219 0x1a90  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
21:27:36.0221 0x1a90  uagp35 - ok
21:27:36.0230 0x1a90  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
21:27:36.0235 0x1a90  udfs - ok
21:27:36.0251 0x1a90  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
21:27:36.0253 0x1a90  UI0Detect - ok
21:27:36.0257 0x1a90  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
21:27:36.0258 0x1a90  uliagpkx - ok
21:27:36.0262 0x1a90  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
21:27:36.0263 0x1a90  umbus - ok
21:27:36.0268 0x1a90  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
21:27:36.0269 0x1a90  UmPass - ok
21:27:36.0286 0x1a90  [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService    C:\Windows\System32\umrdp.dll
21:27:36.0291 0x1a90  UmRdpService - ok
21:27:36.0314 0x1a90  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
21:27:36.0321 0x1a90  upnphost - ok
21:27:36.0345 0x1a90  [ 524BFB402B1AB1007ED91E94D6AB6F72, 5A970292D2E7A580FAD86615BC6E66C2A5C74044EFF6C1543E928773E5B9C0F8 ] usb3Hub         C:\Windows\system32\DRIVERS\usb3Hub.sys
21:27:36.0349 0x1a90  usb3Hub - ok
21:27:36.0367 0x1a90  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
21:27:36.0369 0x1a90  usbccgp - ok
21:27:36.0385 0x1a90  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
21:27:36.0387 0x1a90  usbcir - ok
21:27:36.0400 0x1a90  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
21:27:36.0402 0x1a90  usbehci - ok
21:27:36.0418 0x1a90  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
21:27:36.0424 0x1a90  usbhub - ok
21:27:36.0436 0x1a90  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\drivers\usbohci.sys
21:27:36.0436 0x1a90  usbohci - ok
21:27:36.0449 0x1a90  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\drivers\usbprint.sys
21:27:36.0450 0x1a90  usbprint - ok
21:27:36.0454 0x1a90  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:27:36.0456 0x1a90  USBSTOR - ok
21:27:36.0468 0x1a90  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
21:27:36.0469 0x1a90  usbuhci - ok
21:27:36.0475 0x1a90  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
21:27:36.0479 0x1a90  usbvideo - ok
21:27:36.0492 0x1a90  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
21:27:36.0494 0x1a90  UxSms - ok
21:27:36.0514 0x1a90  [ 19B5A2B908BF97E81BA195B2321A9D8B, 08B0BBB5D0348D6C201137725FE0D5232C15889F6CB907DBA823F36036D89BAD ] ValBioService   C:\Program Files\Lenovo Fingerprint Reader\ValBioService.exe
21:27:36.0515 0x1a90  ValBioService - ok
21:27:36.0534 0x1a90  [ BF7FFCD223323F80E4DDB9ADB5DDF1AE, 4BC7EE65C577D93DBF25EC253526F2FE642F32017C1DA52CFEA83AC8BF3E18CA ] valWBFPolicyService C:\Windows\system32\valWBFPolicyService.exe
21:27:36.0536 0x1a90  valWBFPolicyService - ok
21:27:36.0547 0x1a90  [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] VaultSvc        C:\Windows\system32\lsass.exe
21:27:36.0548 0x1a90  VaultSvc - ok
21:27:36.0552 0x1a90  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
21:27:36.0553 0x1a90  vdrvroot - ok
21:27:36.0583 0x1a90  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
21:27:36.0593 0x1a90  vds - ok
21:27:36.0597 0x1a90  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
21:27:36.0598 0x1a90  vga - ok
21:27:36.0601 0x1a90  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
21:27:36.0602 0x1a90  VgaSave - ok
21:27:36.0619 0x1a90  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
21:27:36.0622 0x1a90  vhdmp - ok
21:27:36.0628 0x1a90  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
21:27:36.0629 0x1a90  viaide - ok
21:27:36.0685 0x1a90  [ D339DF97110C5E2C01FA191787E60CA0, 0798E9CB36BFC439CF536870E9B7594491D6027DC3FA89779B322761C1B8372D ] vm331avs        C:\Windows\system32\Drivers\vm331avs.sys
21:27:36.0717 0x1a90  vm331avs - ok
21:27:36.0738 0x1a90  [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
21:27:36.0741 0x1a90  vmbus - ok
21:27:36.0745 0x1a90  [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
21:27:36.0745 0x1a90  VMBusHID - ok
21:27:36.0751 0x1a90  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
21:27:36.0753 0x1a90  volmgr - ok
21:27:36.0771 0x1a90  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
21:27:36.0777 0x1a90  volmgrx - ok
21:27:36.0787 0x1a90  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
21:27:36.0792 0x1a90  volsnap - ok
21:27:36.0798 0x1a90  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
21:27:36.0801 0x1a90  vsmraid - ok
21:27:36.0849 0x1a90  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
21:27:36.0886 0x1a90  VSS - ok
21:27:36.0891 0x1a90  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
21:27:36.0892 0x1a90  vwifibus - ok
21:27:36.0896 0x1a90  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
21:27:36.0898 0x1a90  vwififlt - ok
21:27:36.0901 0x1a90  [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
21:27:36.0902 0x1a90  vwifimp - ok
21:27:36.0914 0x1a90  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
21:27:36.0921 0x1a90  W32Time - ok
21:27:36.0929 0x1a90  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
21:27:36.0930 0x1a90  WacomPen - ok
21:27:36.0934 0x1a90  [ 356AFD78A6ED4457169241AC3965230C,
         


Alt 29.11.2015, 20:52   #6
Marie Schauk
 
Windows7: Trojaner, registy befallen, HKU, HKCU - Standard

Windows7: Trojaner, registy befallen, HKU, HKCU



logfile, TDSS, Teil 3
Code:
ATTFilter
CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
21:27:36.0936 0x1a90  WANARP - ok
21:27:36.0940 0x1a90  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
21:27:36.0942 0x1a90  Wanarpv6 - ok
21:27:36.0987 0x1a90  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
21:27:37.0027 0x1a90  wbengine - ok
21:27:37.0037 0x1a90  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
21:27:37.0042 0x1a90  WbioSrvc - ok
21:27:37.0052 0x1a90  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
21:27:37.0059 0x1a90  wcncsvc - ok
21:27:37.0076 0x1a90  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:27:37.0078 0x1a90  WcsPlugInService - ok
21:27:37.0081 0x1a90  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
21:27:37.0082 0x1a90  Wd - ok
21:27:37.0108 0x1a90  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
21:27:37.0121 0x1a90  Wdf01000 - ok
21:27:37.0131 0x1a90  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
21:27:37.0134 0x1a90  WdiServiceHost - ok
21:27:37.0137 0x1a90  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
21:27:37.0140 0x1a90  WdiSystemHost - ok
21:27:37.0160 0x1a90  [ 4E89FC53493704BF835F0300DC201C34, FB3080725E144D93512DED81047D21C0582BC3412250EFF37E039108D7351F53 ] WebClient       C:\Windows\System32\webclnt.dll
21:27:37.0165 0x1a90  WebClient - ok
21:27:37.0182 0x1a90  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
21:27:37.0188 0x1a90  Wecsvc - ok
21:27:37.0197 0x1a90  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
21:27:37.0200 0x1a90  wercplsupport - ok
21:27:37.0205 0x1a90  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
21:27:37.0208 0x1a90  WerSvc - ok
21:27:37.0211 0x1a90  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
21:27:37.0212 0x1a90  WfpLwf - ok
21:27:37.0215 0x1a90  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
21:27:37.0216 0x1a90  WIMMount - ok
21:27:37.0242 0x1a90  WinDefend - ok
21:27:37.0248 0x1a90  WinHttpAutoProxySvc - ok
21:27:37.0318 0x1a90  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
21:27:37.0332 0x1a90  Winmgmt - ok
21:27:37.0420 0x1a90  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
21:27:37.0455 0x1a90  WinRM - ok
21:27:37.0472 0x1a90  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUSB.sys
21:27:37.0473 0x1a90  WinUsb - ok
21:27:37.0509 0x1a90  [ 4FADA86E62F18A1B2F42BA18AE24E6AA,
CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
21:27:37.0524 0x1a90  Wlansvc - ok
21:27:37.0529 0x1a90  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
21:27:37.0530 0x1a90  WmiAcpi - ok
21:27:37.0547 0x1a90  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
21:27:37.0551 0x1a90  wmiApSrv - ok
21:27:37.0565 0x1a90  WMPNetworkSvc - ok
21:27:37.0575 0x1a90  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
21:27:37.0577 0x1a90  WPCSvc - ok
21:27:37.0592 0x1a90  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
21:27:37.0596 0x1a90  WPDBusEnum - ok
21:27:37.0599 0x1a90  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
21:27:37.0600 0x1a90  ws2ifsl - ok
21:27:37.0614 0x1a90  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
21:27:37.0616 0x1a90  wscsvc - ok
21:27:37.0619 0x1a90  WSearch - ok
21:27:37.0745 0x1a90  [ 361845875ED8ED13086E7F37265C45DA, A0931DC1E35712036E93BBC3600530C0DA12E94E0D898787C818C526DFF240C2 ] wuauserv        C:\Windows\system32\wuaueng.dll
21:27:37.0790 0x1a90  wuauserv - ok
21:27:37.0824 0x1a90  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
21:27:37.0826 0x1a90  WudfPf - ok
21:27:37.0842 0x1a90  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
21:27:37.0846 0x1a90  WUDFRd - ok
21:27:37.0851 0x1a90  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
21:27:37.0854 0x1a90  wudfsvc - ok
21:27:37.0880 0x1a90  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
21:27:37.0885 0x1a90  WwanSvc - ok
21:27:38.0074 0x1a90  [ C3FFB098C24A82B61E1818C3BB978B48, C7BC57A8D549B7478052F05FD0B4C623F1B70187358FD3CB5A7E9B5092FBD75F ] ZeroConfigService C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
21:27:38.0141 0x1a90  ZeroConfigService - ok
21:27:38.0155 0x1a90  ================ Scan global ===============================
21:27:38.0190 0x1a90  [ 168EA9CD9BD6056BB6F60B57D5304BBE, 5A2F98754F042A7D80E7483842967EB362F01D57CE9720B24C7EDAA047F24C6F ] C:\Windows\system32\basesrv.dll
21:27:38.0218 0x1a90  [ FF41063E45C6238CAF48CBE6D0D6FC4B, 9B755EA23E7D2554E3AC3ADFFC4AFF7EB4F4A0F5CD3E6F2300BC98B21474CBC6 ] C:\Windows\system32\winsrv.dll
21:27:38.0229 0x1a90  [ FF41063E45C6238CAF48CBE6D0D6FC4B, 9B755EA23E7D2554E3AC3ADFFC4AFF7EB4F4A0F5CD3E6F2300BC98B21474CBC6 ] C:\Windows\system32\winsrv.dll
21:27:38.0257 0x1a90  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
21:27:38.0285 0x1a90  [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
21:27:38.0291 0x1a90  [ Global ] - ok
21:27:38.0292 0x1a90  ================ Scan MBR ==================================
21:27:38.0307 0x1a90  [ 3C10CC64408FD361AA392029816603BE ] \Device\Harddisk0\DR0
21:27:38.0573 0x1a90  \Device\Harddisk0\DR0 - ok
21:27:38.0575 0x1a90  ================ Scan VBR ==================================
21:27:38.0577 0x1a90  [ A268329E47236A1427D06FE623E25EDF ] \Device\Harddisk0\DR0\Partition1
21:27:38.0589 0x1a90  \Device\Harddisk0\DR0\Partition1 - ok
21:27:38.0593 0x1a90  [ 1BCC9905345EA33A52D3456ED16A5665 ] \Device\Harddisk0\DR0\Partition2
21:27:38.0607 0x1a90  \Device\Harddisk0\DR0\Partition2 - ok
21:27:38.0630 0x1a90  [ B54B30046ACAA40F06DB991EADCAD0E4 ] \Device\Harddisk0\DR0\Partition3
21:27:38.0633 0x1a90  \Device\Harddisk0\DR0\Partition3 - ok
21:27:38.0638 0x1a90  [ DFCA5FC290B016A3096325987A5D7C65 ] \Device\Harddisk0\DR0\Partition4
21:27:38.0660 0x1a90  \Device\Harddisk0\DR0\Partition4 - ok
21:27:38.0661 0x1a90  ================ Scan generic autorun ======================
21:27:38.0711 0x1a90  [ 18CE3B3E42FBDF53883AE982152A0B45, E9E0DBA4CBE3B6CA7CE76591D65878ADB65DD4F3AF2CEAD0BD63559AE646AEB6 ] C:\Windows\system32\igfxtray.exe
21:27:38.0719 0x1a90  IgfxTray - ok
21:27:38.0742 0x1a90  [ FF71518046D79001513377100B79E2A3, 668057BF2B23212DA0C83849339D74949AE24E7F7866A2B9DE1D973E52F1BC3A ] C:\Windows\system32\hkcmd.exe
21:27:38.0750 0x1a90  HotKeysCmds - ok
21:27:38.0767 0x1a90  [ 763F57136C09C4A9E5B7C155400239CC, B661C8137322562E9014D946C7B58FAA15BC3948A1509A1B5A6DAEDCBF9FCA8C ] C:\Windows\system32\igfxpers.exe
21:27:38.0775 0x1a90  Persistence - ok
21:27:38.0816 0x1a90  [ 9E1738D18C61E6935AD0E8EE19D100D8, C2864677359A977CB67F16664DF44C4001CF4C04AD29401450D1BC3CDD9421AD ] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
21:27:38.0831 0x1a90  cAudioFilterAgent - ok
21:27:38.0844 0x1a90  [ 42361B4BD80768E82B80285851037665, A555A6BF8016645B838FEA993AD273D1F472586F3600619DC243B1C33438FA07 ] C:\Program Files\Conexant\ForteConfig\fmapp.exe
21:27:38.0845 0x1a90  ForteConfig - ok
21:27:38.0914 0x1a90  [ 8970A59A838FF1CDC3D62D85823AA61E, 5842DAFD20C1A024CF8984652A08D12DBA1DE15788794D01FF6070D4E24D2479 ] C:\Program Files\CONEXANT\SAII\SACpl.exe
21:27:38.0941 0x1a90  SmartAudio - ok
21:27:38.0961 0x1a90  [ 78C0F0EA63438D2441E7F9CAC9619889, DA121F5637D8BA09EE9BFAD58757775B4775EFCCC06DC1DEF68F26C90C0F985F ] C:\Windows\system32\TpShocks.exe
21:27:38.0967 0x1a90  TpShocks - ok
21:27:39.0016 0x1a90  [ 4420BBAC770EB87AB74E4B9146E18924, 6DB78DB9FD72F1E8C7651D2B3FF090CB4A8C90BA0D11F69D533960CE67170CFC ] C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
21:27:39.0024 0x1a90  BLEServicesCtrl - ok
21:27:39.0028 0x1a90  BTMTrayAgent - ok
21:27:39.0030 0x1a90  SynTPEnh - ok
21:27:39.0080 0x1a90  [ 2438CD7EFF8399E41B29A3D0DB0873D9, 5EA16FBF213E81013DE3FC83319C6A75214513A2AEE6A5403742348F739031D4 ] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe
21:27:39.0087 0x1a90  IMSS - ok
21:27:39.0133 0x1a90  [ E0E7C48CAF25943DB1B034364501134A, 6F3D325F82448668EBEBEE1DEA7CC686DE6ED37E903F28FE3521B4018F427B62 ] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
21:27:39.0139 0x1a90  USB3MON - ok
21:27:39.0175 0x1a90  [ FA6220C7FDF2D94CFF82D45B72E5C929, C3E414388F8818EC4B3BEABC8ED16DE6CBF965A6603328A45AD6D9A1808F3E55 ] C:\Program Files (x86)\USB Camera\VM331STI.EXE
21:27:39.0184 0x1a90  331BigDog - ok
21:27:39.0189 0x1a90  PWMTRV - ok
21:27:39.0286 0x1a90  [ C1A86A6D6847DEFF009EAE85BA0C1F20, 7DC2A823FA281117B335B74876469C788A5C81534251179BE86F3FB35F1B6D67 ] C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
21:27:39.0317 0x1a90  avgnt - ok
21:27:39.0364 0x1a90  [ CE5C9977DA751DDC30952AC4DCBCA788, 295172C4681E9AC27121122CDD2BA6F2A62435917A083CC8490D584CA0164BE6 ] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
21:27:39.0364 0x1a90  HP Software Update - ok
21:27:39.0442 0x1a90  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
21:27:39.0489 0x1a90  Sidebar - ok
21:27:39.0505 0x1a90  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
21:27:39.0505 0x1a90  mctadmin - ok
21:27:39.0551 0x1a90  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
21:27:39.0567 0x1a90  Sidebar - ok
21:27:39.0567 0x1a90  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
21:27:39.0567 0x1a90  mctadmin - ok
21:27:39.0692 0x1a90  [ 22F7B9670AD770C7ED7F4738204C8E5C, 7B793AC094CB1B073419B5DAE09DFBB8EBED03D29301F490AA76EA0667613438 ] C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe
21:27:39.0723 0x1a90  HP Officejet 6700 (NET) - ok
21:27:39.0723 0x1a90  Web Companion - ok
21:27:40.0300 0x1a90  [ 1FA9AC9760AA04253B4D5D7DD8BF1073, 8514D8C242495A2214321A501C04455428471A884C558B4983CEBC6FD71B11F7 ] C:\Users\Marie-Luise\AppData\Local\Screenleap\Screenleap.exe
21:27:40.0347 0x1a90  Screenleap - ok
21:27:40.0378 0x1a90  [ 5746BD7E255DD6A8AFA06F7C42C1BA41, DB06C3534964E3FC79D2763144BA53742D7FA250CA336F4A0FE724B75AAFF386 ] C:\Windows\system32\cmd.exe
21:27:40.0378 0x1a90  Uninstall C:\Users\Marie-Luise\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\amd64 - ok
21:27:40.0394 0x1a90  AV detected via SS2: Avira Antivirus, C:\Program Files (x86)\Avira\Antivirus\wsctool.exe ( 15.0.13.202 ), 0x41000 ( enabled : updated )
21:27:40.0394 0x1a90  Win FW state via NFP2: enabled ( trusted )
21:27:53.0857 0x1a90  ============================================================
21:27:53.0857 0x1a90  Scan finished
21:27:53.0857 0x1a90  ============================================================
21:27:53.0857 0x0ddc  Detected object count: 0
21:27:53.0857 0x0ddc  Actual detected object count: 0
21:29:56.0590 0x17a0  ============================================================
21:29:56.0590 0x17a0  Scan started
21:29:56.0590 0x17a0  Mode: Manual; SigCheck; TDLFS; 
21:29:56.0590 0x17a0  ============================================================
21:29:56.0590 0x17a0  KSN ping started
21:30:11.0250 0x17a0  KSN ping finished: true
21:30:11.0930 0x17a0  ================ Scan system memory ========================
21:30:11.0931 0x17a0  System memory - ok
21:30:11.0931 0x17a0  ================ Scan services =============================
21:30:12.0039 0x17a0  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
21:30:12.0086 0x17a0  1394ohci - ok
21:30:12.0096 0x17a0  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
21:30:12.0112 0x17a0  ACPI - ok
21:30:12.0116 0x17a0  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
21:30:12.0126 0x17a0  AcpiPmi - ok
21:30:12.0189 0x17a0  [ 5DB2C6B908C50767E2EDAA294A7566B5, 13AE4879D679BB0C6B2A5A5B13910359815A9D2E569BC1DE740B5A387A78CF33 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:30:12.0211 0x17a0  AdobeARMservice - ok
21:30:12.0297 0x17a0  [ 280A526E8111AC6A5BCC1A059E1E0340, FB92DDAE29A097D148AB23D8A0BD2B9E662EC1DBF0DA8B716374D6919B4C646F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:30:12.0308 0x17a0  AdobeFlashPlayerUpdateSvc - ok
21:30:12.0323 0x17a0  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
21:30:12.0340 0x17a0  adp94xx - ok
21:30:12.0360 0x17a0  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
21:30:12.0374 0x17a0  adpahci - ok
21:30:12.0381 0x17a0  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
21:30:12.0392 0x17a0  adpu320 - ok
21:30:12.0411 0x17a0  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
21:30:12.0439 0x17a0  AeLookupSvc - ok
21:30:12.0473 0x17a0  [ 9A4A1EEE802BF2F878EE8EAB407B21B7, 177EB7DF4B35FE4C0E45E775A0FD5D48D39B410052E3EE18BDEEC809E152D9D8 ] AFD             C:\Windows\system32\drivers\afd.sys
21:30:12.0502 0x17a0  AFD - ok
21:30:12.0516 0x17a0  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
21:30:12.0524 0x17a0  agp440 - ok
21:30:12.0528 0x17a0  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
21:30:12.0540 0x17a0  ALG - ok
21:30:12.0545 0x17a0  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
21:30:12.0553 0x17a0  aliide - ok
21:30:12.0556 0x17a0  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
21:30:12.0564 0x17a0  amdide - ok
21:30:12.0568 0x17a0  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
21:30:12.0579 0x17a0  AmdK8 - ok
21:30:12.0583 0x17a0  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
21:30:12.0592 0x17a0  AmdPPM - ok
21:30:12.0597 0x17a0  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
21:30:12.0606 0x17a0  amdsata - ok
21:30:12.0615 0x17a0  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
21:30:12.0626 0x17a0  amdsbs - ok
21:30:12.0632 0x17a0  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
21:30:12.0639 0x17a0  amdxata - ok
21:30:12.0739 0x17a0  [ 6B31C215750CD41567E962D22839EE44, FF0B92807296B88DE37F9F2EB27FF7B73AA998B98074AA54A949A2B79690AFE5 ] AntiVirMailService C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe
21:30:12.0823 0x17a0  AntiVirMailService - ok
21:30:12.0905 0x17a0  [ 18B0643B3B504E0FDCFCE0C8743B29C7, 1D4C004AD5066F52A4AA039F5364814F8F6B04EC1F704A5A3110172AD465661C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\Antivirus\sched.exe
21:30:12.0939 0x17a0  AntiVirSchedulerService - ok
21:30:12.0984 0x17a0  [ 18B0643B3B504E0FDCFCE0C8743B29C7, 1D4C004AD5066F52A4AA039F5364814F8F6B04EC1F704A5A3110172AD465661C ] AntiVirService  C:\Program Files (x86)\Avira\Antivirus\avguard.exe
21:30:13.0009 0x17a0  AntiVirService - ok
21:30:13.0060 0x17a0  [ D84E576299C73B0B1DC477D2B99958C4, D6703C2B63B9FA87C2DA009CC7B6DF76C3603C6A9874B152D685A1B92EE2DF28 ] AntiVirWebService C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe
21:30:13.0097 0x17a0  AntiVirWebService - ok
21:30:13.0127 0x17a0  [ 27DABFB4A6B0140C34DBEC713469592B, A355170D353AFBF0DE4EF53282F8404788FBBD0E2A1B7282B1B2925923E83141 ] AppID           C:\Windows\system32\drivers\appid.sys
21:30:13.0138 0x17a0  AppID - ok
21:30:13.0153 0x17a0  [ ABC373B9C6275D45F17DB559408FFD1B, 12B355393BEBE2D1D24D7A9DA5E69E03E334899407503BC1CADCF7BE39828223 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
21:30:13.0162 0x17a0  AppIDSvc - ok
21:30:13.0184 0x17a0  [ 978DC0A1FBE9CC91B21B40AF66CB396A, 90BAFF81D98F5AFD743D8BD65F716666A7A7BD2DA612492E03C79B29E9A0F8C2 ] Appinfo         C:\Windows\System32\appinfo.dll
21:30:13.0195 0x17a0  Appinfo - ok
21:30:13.0224 0x17a0  [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt         C:\Windows\System32\appmgmts.dll
21:30:13.0238 0x17a0  AppMgmt - ok
21:30:13.0243 0x17a0  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
21:30:13.0253 0x17a0  arc - ok
21:30:13.0279 0x17a0  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
21:30:13.0290 0x17a0  arcsas - ok
21:30:13.0356 0x17a0  [ 108FB6DDB69E537A2EA53F425363FAE5, B12A9F5338D39805E08A44A335FF7AA77F2266F535A2F5C8412CC746C75E5B1D ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
21:30:13.0379 0x17a0  aspnet_state - ok
21:30:13.0385 0x17a0  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
21:30:13.0418 0x17a0  AsyncMac - ok
21:30:13.0421 0x17a0  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
21:30:13.0429 0x17a0  atapi - ok
21:30:13.0472 0x17a0  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:30:13.0494 0x17a0  AudioEndpointBuilder - ok
21:30:13.0511 0x17a0  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv        C:\Windows\System32\Audiosrv.dll
21:30:13.0533 0x17a0  AudioSrv - ok
21:30:13.0560 0x17a0  [ 03C6DEB5C74C8140C2167677DBE2F79A, D5C727B007C5B486DECE1A1B83D8155299DD7CB46DC8208CE9185C5BAE5CC33A ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
21:30:13.0571 0x17a0  avgntflt - ok
21:30:13.0601 0x17a0  [ 043E5F34C3878C844568658B79B3E55C, D13D8FC5205562E02F252C0EE1AB2236C9212445D6EC3715041EBDF993CB467F ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
21:30:13.0612 0x17a0  avipbb - ok
21:30:13.0697 0x17a0  [ 6C4B9A2FF6924405E9ABFB558049D4DD, 9AB314B9ECF41832589726556A93CEAAE2AE774B1738A46A027E833B73A72118 ] Avira.ServiceHost C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
21:30:13.0788 0x17a0  Avira.ServiceHost - ok
21:30:13.0788 0x17a0  Object required for P2P: [ 6C4B9A2FF6924405E9ABFB558049D4DD ] Avira.ServiceHost
21:30:16.0287 0x17a0  Object send P2P result: true
21:30:16.0349 0x17a0  [ 390184FAD8FCC1B6DA25AEBAE928C3B6, 537B0E0FAE080B55D70E990BBA0F7F22903CA340F6A42039BAD617A8ECF59119 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
21:30:16.0365 0x17a0  avkmgr - ok
21:30:16.0380 0x17a0  [ 080860E03F0219AF0A0377A02292741F, F0A151509BFEBFE639CC15388847EB2EDA298CFAE0AC4A1358A1472F42320249 ] avnetflt        C:\Windows\system32\DRIVERS\avnetflt.sys
21:30:16.0396 0x17a0  avnetflt - ok
21:30:16.0427 0x17a0  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
21:30:16.0443 0x17a0  AxInstSV - ok
21:30:16.0458 0x17a0  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
21:30:16.0490 0x17a0  b06bdrv - ok
21:30:16.0521 0x17a0  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
21:30:16.0536 0x17a0  b57nd60a - ok
21:30:16.0583 0x17a0  [ 4BEFF67C1775D353A16A62347E727874, 62363C5E5F4BF049A3E49FADA8CB17269945056ACADB319FDC4F05B74E2553C8 ] BBSvc           C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BBSvc.exe
21:30:16.0614 0x17a0  BBSvc - ok
21:30:16.0646 0x17a0  [ A6DAAD3EA93DBDBD07FA821BCED133F6, 8F33D4E4B82091D09E62FD5487C88F3DF0DAC31FCBB846183CC4020533A131DE ] BBUpdate        C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.exe
21:30:16.0661 0x17a0  BBUpdate - ok
21:30:16.0677 0x17a0  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
21:30:16.0692 0x17a0  BDESVC - ok
21:30:16.0692 0x17a0  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
21:30:16.0739 0x17a0  Beep - ok
21:30:16.0755 0x17a0  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
21:30:16.0786 0x17a0  BFE - ok
21:30:16.0817 0x17a0  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
21:30:16.0864 0x17a0  BITS - ok
21:30:16.0864 0x17a0  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
21:30:16.0880 0x17a0  blbdrive - ok
21:30:16.0942 0x17a0  [ E7429ECD0C47CC065EEACF7E9D0E6341, 10D8231E14C908A0949108EB5F84E17BA10ABFC370D0C5F65945B23879AB12BF ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
21:30:16.0973 0x17a0  Bluetooth Device Monitor - ok
21:30:17.0020 0x17a0  [ 0F432B34D80351EFC5E35F14D9798CFD, 591D913E069C1C69212A7742D7182E24E669FE7B50680D8D337F32CF9F72B163 ] Bluetooth Media Service C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
21:30:17.0051 0x17a0  Bluetooth Media Service - ok
21:30:17.0098 0x17a0  [ 96924B1D3060B0C0FFD77D01CB234D9F, 2A02EEC4092646A0BD26B8E8BA8B75F82EB6F46003C56C9A838E412006457DD2 ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
21:30:17.0129 0x17a0  Bluetooth OBEX Service - ok
21:30:17.0160 0x17a0  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
21:30:17.0192 0x17a0  bowser - ok
21:30:17.0192 0x17a0  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
21:30:17.0207 0x17a0  BrFiltLo - ok
21:30:17.0207 0x17a0  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
21:30:17.0223 0x17a0  BrFiltUp - ok
21:30:17.0238 0x17a0  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
21:30:17.0254 0x17a0  Browser - ok
21:30:17.0270 0x17a0  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
21:30:17.0285 0x17a0  Brserid - ok
21:30:17.0285 0x17a0  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
21:30:17.0301 0x17a0  BrSerWdm - ok
21:30:17.0301 0x17a0  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
21:30:17.0316 0x17a0  BrUsbMdm - ok
21:30:17.0316 0x17a0  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
21:30:17.0316 0x17a0  BrUsbSer - ok
21:30:17.0348 0x17a0  [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum         C:\Windows\system32\DRIVERS\BthEnum.sys
21:30:17.0363 0x17a0  BthEnum - ok
21:30:17.0363 0x17a0  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
21:30:17.0379 0x17a0  BTHMODEM - ok
21:30:17.0394 0x17a0  [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
21:30:17.0410 0x17a0  BthPan - ok
21:30:17.0441 0x17a0  [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
21:30:17.0457 0x17a0  BTHPORT - ok
21:30:17.0457 0x17a0  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
21:30:17.0488 0x17a0  bthserv - ok
21:30:17.0504 0x17a0  [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
21:30:17.0519 0x17a0  BTHUSB - ok
21:30:17.0535 0x17a0  [ 5B8D71504FA8BFA308F6E1169B89D322, 1DC0CF47C5F655EA0F0992020C17A86D05637F55ACBB17380283EBB883A4D14D ] btmaux          C:\Windows\system32\DRIVERS\btmaux.sys
21:30:17.0550 0x17a0  btmaux - ok
21:30:17.0582 0x17a0  [ D66F3A4F11E42142722DCF9DC5A451D6, 6576421E24ABB4F0A7B5EFB5CF6F9C6F510AFDD0087415D57A5ABBB0866B3E39 ] btmhsf          C:\Windows\system32\DRIVERS\btmhsf.sys
21:30:17.0628 0x17a0  btmhsf - ok
21:30:17.0628 0x17a0  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
21:30:17.0660 0x17a0  cdfs - ok
21:30:17.0660 0x17a0  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
21:30:17.0675 0x17a0  cdrom - ok
21:30:17.0691 0x17a0  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
21:30:17.0722 0x17a0  CertPropSvc - ok
21:30:17.0722 0x17a0  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
21:30:17.0738 0x17a0  circlass - ok
21:30:17.0769 0x17a0  [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS            C:\Windows\system32\CLFS.sys
21:30:17.0784 0x17a0  CLFS - ok
21:30:18.0018 0x17a0  [ 2CE5D5AEE7EC90FE0CF8A8FBBB1B1A6C, E93E8362FB1D173D8F15C753190CF41474C183A667AF90378389563A70D93864 ] ClickToRunSvc   C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
21:30:18.0081 0x17a0  ClickToRunSvc - ok
21:30:18.0143 0x17a0  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:30:18.0159 0x17a0  clr_optimization_v2.0.50727_32 - ok
21:30:18.0190 0x17a0  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:30:18.0206 0x17a0  clr_optimization_v2.0.50727_64 - ok
21:30:18.0252 0x17a0  [ 6D7C8A951AF6AD6835C029B3CB88D333, 66F3D79887B2449B4C6912D1A258D1A96056888F51A8AA24FEDF37942AD5BDBB ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:30:18.0284 0x17a0  clr_optimization_v4.0.30319_32 - ok
21:30:18.0299 0x17a0  [ 86329C35FF23CFEF0FB6C0023BA06BCE, D915CE7AD564F97A1C3B047D5248B7EF67ADDC59687FBC90F1776C21DAA0D3FD ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:30:18.0330 0x17a0  clr_optimization_v4.0.30319_64 - ok
21:30:18.0330 0x17a0  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
21:30:18.0346 0x17a0  CmBatt - ok
21:30:18.0346 0x17a0  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
21:30:18.0362 0x17a0  cmdide - ok
21:30:18.0377 0x17a0  [ EC0511BB85BAA42A9734011685A6732C, 10B52F0860CCB3AA0FC34DDA5C5538BFCF7B6D40738B7756297237FD2D9E01C1 ] CNG             C:\Windows\system32\Drivers\cng.sys
21:30:18.0408 0x17a0  CNG - ok
21:30:18.0455 0x17a0  [ CE6D6C023F23F968ABF03892972A9DCF, EBF415F15A30ED76C1D416D3D7E2D0558273DF08A134BFEF108BBE2410803ECC ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
21:30:18.0502 0x17a0  CnxtHdAudService - ok
21:30:18.0502 0x17a0  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
21:30:18.0518 0x17a0  Compbatt - ok
21:30:18.0533 0x17a0  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
21:30:18.0533 0x17a0  CompositeBus - ok
21:30:18.0549 0x17a0  COMSysApp - ok
21:30:18.0596 0x17a0  [ 76FE8C1490B70250921EC88D833742D0, 19625C894E457300641456F5BE0AEB8A7AE96661B5DE49EE772E2621FAAB92AA ] cphs            C:\Windows\SysWow64\IntelCpHeciSvc.exe
21:30:18.0611 0x17a0  cphs - ok
21:30:18.0611 0x17a0  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
21:30:18.0627 0x17a0  crcdisk - ok
21:30:18.0642 0x17a0  [ 1CD76A83B9E8E9A5A3519B39E28354D9, F9931743B99820FFBFB13136DFFD92F86802D543F9D8478648CDC554FB38899D ] CryptSvc        C:\Windows\system32\cryptsvc.dll
21:30:18.0658 0x17a0  CryptSvc - ok
21:30:18.0689 0x17a0  [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC             C:\Windows\system32\drivers\csc.sys
21:30:18.0720 0x17a0  CSC - ok
21:30:18.0736 0x17a0  [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService      C:\Windows\System32\cscsvc.dll
21:30:18.0752 0x17a0  CscService - ok
21:30:18.0783 0x17a0  [ 426B2624A1669D233BAB6C4AC5E9432E, C03746D04094FAEA0650032447667055E7C7D1094581D4C1EB414D22A164CA99 ] CxAudMsg        C:\Windows\system32\CxAudMsg64.exe
21:30:18.0798 0x17a0  CxAudMsg - ok
21:30:18.0830 0x17a0  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
21:30:18.0861 0x17a0  DcomLaunch - ok
21:30:19.0001 0x17a0  [ CC8B5C964B777F4EC3E89F13B4B5FF0F, 75E161265CCFFCB61FCE855C9790E2E06531E6B1C3DCCB1E3018466D03AD3919 ] DCService.exe   C:\ProgramData\DatacardService\DCService.exe
21:30:19.0017 0x17a0  DCService.exe - detected UnsignedFile.Multi.Generic ( 1 )
21:30:19.0017 0x17a0  Detect skipped due to KSN trusted
21:30:19.0017 0x17a0  DCService.exe - ok
21:30:19.0048 0x17a0  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
21:30:19.0095 0x17a0  defragsvc - ok
21:30:19.0095 0x17a0  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
21:30:19.0126 0x17a0  DfsC - ok
21:30:19.0142 0x17a0  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
21:30:19.0173 0x17a0  Dhcp - ok
21:30:19.0173 0x17a0  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
21:30:19.0204 0x17a0  discache - ok
21:30:19.0204 0x17a0  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
21:30:19.0220 0x17a0  Disk - ok
21:30:19.0516 0x17a0  [ 260169AFE0247D3817DDD7EC6C6AD0BC, 2C0FB869A23AC18B7874899C5599691464C158E1881AD5EEEE95D6D0B182C9CF ] DisplayLinkService C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
21:30:19.0734 0x17a0  DisplayLinkService - ok
21:30:19.0812 0x17a0  [ 5DB085A8A6600BE6401F2B24EECB5415, 5FC5C7C1B4DB7BF6EFD0992E91DB41FD047E90D1ABA0B8F868CB72557F88FB13 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
21:30:19.0844 0x17a0  dmvsc - ok
21:30:19.0859 0x17a0  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
21:30:19.0875 0x17a0  Dnscache - ok
21:30:19.0875 0x17a0  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
21:30:19.0906 0x17a0  dot3svc - ok
21:30:19.0922 0x17a0  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
21:30:19.0953 0x17a0  DPS - ok
21:30:19.0953 0x17a0  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
21:30:19.0968 0x17a0  drmkaud - ok
21:30:20.0015 0x17a0  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
21:30:20.0031 0x17a0  DXGKrnl - ok
21:30:20.0046 0x17a0  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
21:30:20.0078 0x17a0  EapHost - ok
21:30:20.0187 0x17a0  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
21:30:20.0265 0x17a0  ebdrv - ok
21:30:20.0280 0x17a0  [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] EFS             C:\Windows\System32\lsass.exe
21:30:20.0296 0x17a0  EFS - ok
21:30:20.0358 0x17a0  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
21:30:20.0374 0x17a0  ehRecvr - ok
21:30:20.0374 0x17a0  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
21:30:20.0390 0x17a0  ehSched - ok
21:30:20.0421 0x17a0  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
21:30:20.0436 0x17a0  elxstor - ok
21:30:20.0436 0x17a0  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
21:30:20.0452 0x17a0  ErrDev - ok
21:30:20.0468 0x17a0  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
21:30:20.0499 0x17a0  EventSystem - ok
21:30:20.0608 0x17a0  [ 7876CB89775B67347797E04775B2FAF9, F62D2778F7399B04E3A0DDE2E87428AB92D9FA63FBDF943709BC38A94F0015E6 ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
21:30:20.0639 0x17a0  EvtEng - ok
21:30:20.0670 0x17a0  [ 23B79B19F49A037EBA4A9A3BB03ED91D, 2E0918B20188CBFAC0E64A5B36739DF4638A343553908888DFDD708743370F3F ] ewusbnet        C:\Windows\system32\DRIVERS\ewusbnet.sys
21:30:20.0702 0x17a0  ewusbnet - ok
21:30:20.0717 0x17a0  [ E2CBB821C7CAE0EF8B56DE28ED85C740, 4AB358FEBC7B57774B2DD54705FAD3F5E0308F1E1FECBED73231DCEF11CF7D3B ] ew_hwusbdev     C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
21:30:20.0733 0x17a0  ew_hwusbdev - ok
21:30:20.0748 0x17a0  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
21:30:20.0780 0x17a0  exfat - ok
21:30:20.0795 0x17a0  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
21:30:20.0826 0x17a0  fastfat - ok
21:30:20.0858 0x17a0  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
21:30:20.0889 0x17a0  Fax - ok
21:30:20.0889 0x17a0  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
21:30:20.0904 0x17a0  fdc - ok
21:30:20.0920 0x17a0  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
21:30:20.0951 0x17a0  fdPHost - ok
21:30:20.0951 0x17a0  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
21:30:20.0982 0x17a0  FDResPub - ok
21:30:20.0982 0x17a0  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
21:30:20.0998 0x17a0  FileInfo - ok
21:30:20.0998 0x17a0  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
21:30:21.0029 0x17a0  Filetrace - ok
21:30:21.0029 0x17a0  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
21:30:21.0045 0x17a0  flpydisk - ok
21:30:21.0045 0x17a0  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
21:30:21.0060 0x17a0  FltMgr - ok
21:30:21.0138 0x17a0  [ D5A775990A7C202A037378FDBCDB6141, 27AD242914FAFB7A27B3045C0F0F6AFE6873FE331A51D8BB29A63B5D84C72EFB ] FontCache       C:\Windows\system32\FntCache.dll
21:30:21.0170 0x17a0  FontCache - ok
21:30:21.0201 0x17a0  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:30:21.0201 0x17a0  FontCache3.0.0.0 - ok
21:30:21.0216 0x17a0  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
21:30:21.0216 0x17a0  FsDepends - ok
21:30:21.0216 0x17a0  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
21:30:21.0232 0x17a0  Fs_Rec - ok
21:30:21.0248 0x17a0  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
21:30:21.0248 0x17a0  fvevol - ok
21:30:21.0263 0x17a0  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
21:30:21.0263 0x17a0  gagp30kx - ok
21:30:21.0294 0x17a0  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
21:30:21.0341 0x17a0  gpsvc - ok
21:30:21.0357 0x17a0  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
21:30:21.0357 0x17a0  hcw85cir - ok
21:30:21.0372 0x17a0  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:30:21.0388 0x17a0  HdAudAddService - ok
21:30:21.0419 0x17a0  [ 12DED0995AE2BA68EBBE70E14A76EE02, 54A658F4E8D6D98594BE43289083AD4267EB6B3F99D789A75719DBCA5188E87F ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
21:30:21.0435 0x17a0  HDAudBus - ok
21:30:21.0435 0x17a0  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
21:30:21.0450 0x17a0  HidBatt - ok
21:30:21.0450 0x17a0  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
21:30:21.0466 0x17a0  HidBth - ok
21:30:21.0482 0x17a0  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
21:30:21.0482 0x17a0  HidIr - ok
21:30:21.0497 0x17a0  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
21:30:21.0528 0x17a0  hidserv - ok
21:30:21.0544 0x17a0  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
21:30:21.0560 0x17a0  HidUsb - ok
21:30:21.0560 0x17a0  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
21:30:21.0591 0x17a0  hkmsvc - ok
21:30:21.0606 0x17a0  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:30:21.0622 0x17a0  HomeGroupListener - ok
21:30:21.0653 0x17a0  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:30:21.0669 0x17a0  HomeGroupProvider - ok
21:30:21.0669 0x17a0  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
21:30:21.0684 0x17a0  HpSAMD - ok
21:30:21.0716 0x17a0  [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
21:30:21.0747 0x17a0  HTTP - ok
21:30:21.0762 0x17a0  [ 08B1A06A55F068A17A51BA26618CF50F, 8ADFC9D3003208A9B3BE12DCD1418A13C4D19E13E00EFEE556EF87B70F49B2E6 ] huawei_enumerator C:\Windows\system32\DRIVERS\ew_jubusenum.sys
21:30:21.0778 0x17a0  huawei_enumerator - ok
21:30:21.0809 0x17a0  [ 6E5CD3984742A922D0C183C7E82C3C94, EE350C8736F0AC6751E18694E1F1142477112C8C2D83347C1EE9483BEC0DA117 ] hwdatacard      C:\Windows\system32\DRIVERS\ewusbmdm.sys
21:30:21.0825 0x17a0  hwdatacard - ok
21:30:21.0825 0x17a0  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
21:30:21.0840 0x17a0  hwpolicy - ok
21:30:21.0840 0x17a0  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
21:30:21.0856 0x17a0  i8042prt - ok
21:30:21.0903 0x17a0  [ 57CD95DEB3529181BCC931DD2DFB2341, 03ACF906E4C3CF954F503900F42C7A60FCD5624772B90A956F032484146E42B7 ] iaStorA         C:\Windows\system32\DRIVERS\iaStorA.sys
21:30:21.0918 0x17a0  iaStorA - ok
21:30:21.0934 0x17a0  [ CE5CD8CBE940965867D507AB8EA2795A, 1CC2C23A1436E4C911DD3B942D8F6DABB7249AB04426F9AB6B6045034226DD25 ] iaStorF         C:\Windows\system32\DRIVERS\iaStorF.sys
21:30:21.0950 0x17a0  iaStorF - ok
21:30:21.0965 0x17a0  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
21:30:21.0981 0x17a0  iaStorV - ok
21:30:21.0996 0x17a0  [ B005844661028E11480D724A709CC298, DC738AA0246581814915160BA824C2DB9009E6CFCCDB6A268F08C8D13F52BEB0 ] IBMPMDRV        C:\Windows\system32\DRIVERS\ibmpmdrv.sys
21:30:21.0996 0x17a0  IBMPMDRV - ok
21:30:22.0012 0x17a0  [ ED802CE6B36E280401197F593634C1DD, 620F2D5F40B8E61DE606FC1B1B1DCDD12BE7431E065F9CB776FDCFF915B1D243 ] IBMPMSVC        C:\Windows\system32\ibmpmsvc.exe
21:30:22.0028 0x17a0  IBMPMSVC - ok
21:30:22.0043 0x17a0  [ 617EEDD27FB557C9D95D68096564C930, 59AA6F9884C9B504D5B524B6EFF8148669251085FAF12AE3634F0C753850CDC3 ] ibtusb          C:\Windows\system32\DRIVERS\ibtusb.sys
21:30:22.0059 0x17a0  ibtusb - ok
21:30:22.0106 0x17a0  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:30:22.0137 0x17a0  idsvc - ok
21:30:22.0137 0x17a0  IEEtwCollectorService - ok
21:30:22.0324 0x17a0  [ AEF200DC087141A5F66A6B006D2F0FD4, A38A0684637D9FE58271D91B93184A72414948E35145D19246BF6FBC60E28B3C ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
21:30:22.0433 0x17a0  igfx - ok
21:30:22.0449 0x17a0  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
21:30:22.0464 0x17a0  iirsp - ok
21:30:22.0496 0x17a0  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
21:30:22.0527 0x17a0  IKEEXT - ok
21:30:22.0542 0x17a0  [ 314285071F7117263BD246E35C17FD82, 12E135DAB9D717D697026800C97FB58A64C0C37ACE715C2805A411A5384CB55A ] intaud_WaveExtensible C:\Windows\system32\drivers\intelaud.sys
21:30:22.0558 0x17a0  intaud_WaveExtensible - ok
21:30:22.0589 0x17a0  [ EEE7376243CD8A4B49B885EF122D25E5, A3B89E7B513C95558C4DA41D3C136D464381263BA43E00EC136FC776DAA0BA94 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
21:30:22.0605 0x17a0  IntcDAud - ok
21:30:22.0667 0x17a0  [ DDA8E5AD97231AB50B81FED04C28F64C, 5C9E8F7CC45A9AE7FF12A02641562E271D84894DFA7C50218AC2AAA298251B60 ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
21:30:22.0683 0x17a0  Intel(R) Capability Licensing Service Interface - detected UnsignedFile.Multi.Generic ( 1 )
21:30:22.0683 0x17a0  Detect skipped due to KSN trusted
21:30:22.0683 0x17a0  Intel(R) Capability Licensing Service Interface - ok
21:30:22.0698 0x17a0  [ 86FE509640D77FB0998FC8B1FF5523C6, 13E895DEB9B84379251699D7E52C5E3FD888994425DE01B6C4634F9E959D5584 ] Intel(R) Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
21:30:22.0730 0x17a0  Intel(R) Capability Licensing Service TCP IP Interface - ok
21:30:22.0730 0x17a0  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
21:30:22.0745 0x17a0  intelide - ok
21:30:22.0745 0x17a0  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
21:30:22.0761 0x17a0  intelppm - ok
21:30:22.0776 0x17a0  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
21:30:22.0808 0x17a0  IPBusEnum - ok
21:30:22.0823 0x17a0  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:30:22.0839 0x17a0  IpFilterDriver - ok
21:30:22.0870 0x17a0  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
21:30:22.0886 0x17a0  iphlpsvc - ok
21:30:22.0901 0x17a0  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
21:30:22.0901 0x17a0  IPMIDRV - ok
21:30:22.0917 0x17a0  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
21:30:22.0948 0x17a0  IPNAT - ok
21:30:22.0948 0x17a0  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
21:30:22.0964 0x17a0  IRENUM - ok
21:30:22.0964 0x17a0  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
21:30:22.0964 0x17a0  isapnp - ok
21:30:22.0995 0x17a0  [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
21:30:23.0010 0x17a0  iScsiPrt - ok
21:30:23.0026 0x17a0  [ 72B203A1F805C07E920E537414A0EA5F, 7EFB2A397034FF3D451D1763865E8AA330D8D4656E7C6F8CDA6489868023C36E ] iusb3hcs        C:\Windows\system32\DRIVERS\iusb3hcs.sys
21:30:23.0042 0x17a0  iusb3hcs - ok
21:30:23.0057 0x17a0  [ 474BFFCF3214208C5FD440217D34FE6E, 181E4A091B24E8FBB9C1072E1FD2BABB1B0AD68D1112563A70A791FA3546D4CE ] iusb3hub        C:\Windows\system32\DRIVERS\iusb3hub.sys
21:30:23.0073 0x17a0  iusb3hub - ok
21:30:23.0120 0x17a0  [ 842A11F2020CD94A0120E61F902E3664, 464EDED37258A22AC38C007524E34ED1A795E5607FF8BD322455A8F76CB4BDCE ] iusb3xhc        C:\Windows\system32\DRIVERS\iusb3xhc.sys
21:30:23.0135 0x17a0  iusb3xhc - ok
21:30:23.0151 0x17a0  [ 4487AD9C070D3973FE28AB4406555FC6, 77D8DE3036613618D44D7E5E47C9C754B8F0FF294D9DD778C92A7AFDA8F778FC ] iwdbus          C:\Windows\system32\DRIVERS\iwdbus.sys
21:30:23.0166 0x17a0  iwdbus - ok
21:30:23.0229 0x17a0  [ 9BFDEFD51800A2D47D43919653F4BEF4, C7221D9F82F7F04343EDA6FE41A4EC4C97F6DC4170780AA3983C8735369A5026 ] jhi_service     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
21:30:23.0244 0x17a0  jhi_service - ok
21:30:23.0260 0x17a0  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
21:30:23.0276 0x17a0  kbdclass - ok
21:30:23.0276 0x17a0  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
21:30:23.0291 0x17a0  kbdhid - ok
21:30:23.0291 0x17a0  [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] KeyIso          C:\Windows\system32\lsass.exe
21:30:23.0307 0x17a0  KeyIso - ok
21:30:23.0338 0x17a0  [ BCC83F22805F560C8A487F2F296A78FE, B6729B9D85CC3B9377E3143FEF920EFAA82D152845A43074417E9266C9F5C1A8 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
21:30:23.0338 0x17a0  KSecDD - ok
21:30:23.0354 0x17a0  [ 33D52A96BEEE8AFCE9E07EEC9FE0C9DB, 5367B46A43296792A0E6294906D40511079D5CAA23F08D5A7EDE02C06AD34484 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
21:30:23.0369 0x17a0  KSecPkg - ok
21:30:23.0369 0x17a0  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
21:30:23.0400 0x17a0  ksthunk - ok
21:30:23.0432 0x17a0  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
21:30:23.0463 0x17a0  KtmRm - ok
21:30:23.0494 0x17a0  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
21:30:23.0525 0x17a0  LanmanServer - ok
21:30:23.0541 0x17a0  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:30:23.0572 0x17a0  LanmanWorkstation - ok
21:30:23.0603 0x17a0  [ D253E6009F05776F505F96866CCF460F, 8A39E77B4FC780BB9C6C8A892603248D87ED70255BF9BED0218BE2420B5E8C53 ] Lenovo.VIRTSCRLSVC C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
21:30:23.0603 0x17a0  Lenovo.VIRTSCRLSVC - ok
21:30:23.0619 0x17a0  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
21:30:23.0650 0x17a0  lltdio - ok
21:30:23.0666 0x17a0  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
21:30:23.0712 0x17a0  lltdsvc - ok
21:30:23.0712 0x17a0  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
21:30:23.0744 0x17a0  lmhosts - ok
21:30:23.0775 0x17a0  [ 9FE032AD8751C5DDCF01DE26C1EE84BC, FAE072D7FCAED0987EA7D822238521A7CF96662F8EFD154515EA2A6C5B4E64F5 ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
21:30:23.0806 0x17a0  LMS - ok
21:30:23.0884 0x17a0  [ CE87E8E09273791172F7A1C60B225648, 03AB8A69C5A58FD3BCFF9E36FF83338B6866D82E4E550CD7CED686C4CC096DC1 ] LSCWinService   C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe
21:30:23.0931 0x17a0  LSCWinService - ok
21:30:23.0931 0x17a0  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
21:30:23.0946 0x17a0  LSI_FC - ok
21:30:23.0962 0x17a0  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
21:30:23.0962 0x17a0  LSI_SAS - ok
21:30:23.0978 0x17a0  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
21:30:23.0978 0x17a0  LSI_SAS2 - ok
21:30:23.0993 0x17a0  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
21:30:23.0993 0x17a0  LSI_SCSI - ok
21:30:24.0024 0x17a0  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
21:30:24.0056 0x17a0  luafv - ok
21:30:24.0134 0x17a0  [ CFBC6C6D8A492697CABD1D353EE64933, DDAA844908324740C891EB8F08E2A8BB00457063B31C4A762745C1C2415FC12D ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
21:30:24.0149 0x17a0  MBAMProtector - ok
21:30:24.0258 0x17a0  [ AB176B9E59C0435499D83047D84EDD59, 85B826A3972CE9AD885313B69B9C60328B850257667D0EB65DDE890D0BB06361 ] MBAMScheduler   C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
21:30:24.0290 0x17a0  MBAMScheduler - ok
21:30:24.0336 0x17a0  [ 40C126CB15FAB7D6C66490DCA9C1AED2, B32CEE2D2409232C245427D5E9647FDF59AF1D8AB5E8A98EE2D1F1314599FD14 ] MBAMService     C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
21:30:24.0368 0x17a0  MBAMService - ok
21:30:24.0383 0x17a0  [ 78488AF2AB2111D67B3C4044707A519B, 7AA71B9C4C7949A1A21F60EF7CCEDE0079794990696B60557B5DC86F4D47223A ] MBAMSwissArmy   C:\Windows\system32\drivers\MBAMSwissArmy.sys
21:30:24.0399 0x17a0  MBAMSwissArmy - ok
21:30:24.0414 0x17a0  [ D61070CFAD43038DC56AEAD9BFE9CE2A, BD77AEF60E7FD2015CB14A464799304359547146C14A47F8D25274ACFA2E42D5 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
21:30:24.0430 0x17a0  MBAMWebAccessControl - ok
21:30:24.0461 0x17a0  [ 1704A8189EE5580AB147CFD25C5C8770, DFA076FD36B5CC844D4BE3B865E9A1F809E14CCB1D78D82A2D8D8EE38210E6EB ] McComponentHostService C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe
21:30:24.0477 0x17a0  McComponentHostService - ok
21:30:24.0492 0x17a0  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
21:30:24.0508 0x17a0  Mcx2Svc - ok
21:30:24.0508 0x17a0  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
21:30:24.0508 0x17a0  megasas - ok
21:30:24.0524 0x17a0  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
21:30:24.0539 0x17a0  MegaSR - ok
21:30:24.0555 0x17a0  [ 2BB3EAE2EA641515D4B205CAB29E1624, D3F18EE393EB1B0F919484281269A3C55A092D023E62C59D74CB63A55612024B ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
21:30:24.0570 0x17a0  MEIx64 - ok
21:30:24.0586 0x17a0  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
21:30:24.0617 0x17a0  MMCSS - ok
21:30:24.0617 0x17a0  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
21:30:24.0648 0x17a0  Modem - ok
21:30:24.0664 0x17a0  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
21:30:24.0680 0x17a0  monitor - ok
21:30:24.0695 0x17a0  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
21:30:24.0695 0x17a0  mouclass - ok
21:30:24.0711 0x17a0  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
21:30:24.0711 0x17a0  mouhid - ok
21:30:24.0742 0x17a0  [ 67050452C0118BAF2883928E6FCCFE47, 335FC0AEB7B47DCC7CE0CF3F424EB60ACB1327D2FF6515F04D9AC03A10FF1E31 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
21:30:24.0742 0x17a0  mountmgr - ok
21:30:24.0758 0x17a0  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
21:30:24.0773 0x17a0  mpio - ok
21:30:24.0773 0x17a0  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
21:30:24.0804 0x17a0  mpsdrv - ok
21:30:24.0851 0x17a0  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
21:30:24.0898 0x17a0  MpsSvc - ok
21:30:24.0914 0x17a0  [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
21:30:24.0945 0x17a0  MRxDAV - ok
21:30:24.0976 0x17a0  [ 73ADDCC406B86E7DA4416691E8E74BDA, 4EC970B9095E6DAA79BF7EFB92DF3F2C0AB0C46739AA36C171A262E05B63CBB5 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
21:30:24.0992 0x17a0  mrxsmb - ok
21:30:25.0023 0x17a0  [ 7C81098FBAF2EAF5B54B939F832B0F61, 999435DF4638ECB136D5BF1B84305A84B215BAB542E4D5301E57D28D507E11B3 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:30:25.0038 0x17a0  mrxsmb10 - ok
21:30:25.0054 0x17a0  [ ACB763673BCCE6C7B3B8F858C9FE4F1F, CCD49558F8A01A225AEAE60BF299BCA6E9399E39F4F553FABC36CADB164BBBC0 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:30:25.0070 0x17a0  mrxsmb20 - ok
21:30:25.0070 0x17a0  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
21:30:25.0085 0x17a0  msahci - ok
21:30:25.0101 0x17a0  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
21:30:25.0101 0x17a0  msdsm - ok
21:30:25.0116 0x17a0  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
21:30:25.0132 0x17a0  MSDTC - ok
21:30:25.0132 0x17a0  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
21:30:25.0179 0x17a0  Msfs - ok
21:30:25.0179 0x17a0  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
21:30:25.0210 0x17a0  mshidkmdf - ok
21:30:25.0210 0x17a0  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
21:30:25.0226 0x17a0  msisadrv - ok
21:30:25.0257 0x17a0  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
21:30:25.0288 0x17a0  MSiSCSI - ok
21:30:25.0288 0x17a0  msiserver - ok
21:30:25.0288 0x17a0  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
21:30:25.0319 0x17a0  MSKSSRV - ok
21:30:25.0335 0x17a0  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
21:30:25.0350 0x17a0  MSPCLOCK - ok
21:30:25.0366 0x17a0  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
21:30:25.0382 0x17a0  MSPQM - ok
21:30:25.0397 0x17a0  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
21:30:25.0413 0x17a0  MsRPC - ok
21:30:25.0413 0x17a0  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
21:30:25.0428 0x17a0  mssmbios - ok
21:30:25.0428 0x17a0  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
21:30:25.0460 0x17a0  MSTEE - ok
21:30:25.0460 0x17a0  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
21:30:25.0475 0x17a0  MTConfig - ok
21:30:25.0475 0x17a0  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
21:30:25.0491 0x17a0  Mup - ok
21:30:25.0506 0x17a0  [ 35739E6A0C67147A9B75226946CDC903, C9DE77D6812C778F601F52E87ECDD228E52EA691AB9CEAD388998A7B5AFC3B89 ] MyWiFiDHCPDNS   C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
21:30:25.0522 0x17a0  MyWiFiDHCPDNS - ok
21:30:25.0538 0x17a0  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
21:30:25.0584 0x17a0  napagent - ok
21:30:25.0600 0x17a0  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
21:30:25.0616 0x17a0  NativeWifiP - ok
21:30:25.0662 0x17a0  [ F7309F42555F8AAB7144A51A1F2585B0, 065277A8AFAEE3888C997A76D2F751070F92DF4C3354D16B194860B4BDAFF937 ] NDIS            C:\Windows\system32\drivers\ndis.sys
21:30:25.0694 0x17a0  NDIS - ok
21:30:25.0694 0x17a0  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
21:30:25.0725 0x17a0  NdisCap - ok
21:30:25.0725 0x17a0  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
21:30:25.0756 0x17a0  NdisTapi - ok
21:30:25.0772 0x17a0  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
21:30:25.0787 0x17a0  Ndisuio - ok
21:30:25.0803 0x17a0  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
21:30:25.0834 0x17a0  NdisWan - ok
21:30:25.0834 0x17a0  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
21:30:25.0865 0x17a0  NDProxy - ok
21:30:25.0865 0x17a0  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
21:30:25.0896 0x17a0  NetBIOS - ok
21:30:25.0912 0x17a0  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
21:30:25.0943 0x17a0  NetBT - ok
21:30:25.0943 0x17a0  [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] Netlogon        C:\Windows\system32\lsass.exe
21:30:25.0959 0x17a0  Netlogon - ok
21:30:25.0974 0x17a0  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
21:30:26.0006 0x17a0  Netman - ok
21:30:26.0052 0x17a0  [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:30:26.0084 0x17a0  NetMsmqActivator - ok
21:30:26.0099 0x17a0  [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:30:26.0130 0x17a0  NetPipeActivator - ok
21:30:26.0162 0x17a0  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
21:30:26.0208 0x17a0  netprofm - ok
21:30:26.0208 0x17a0  [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:30:26.0224 0x17a0  NetTcpActivator - ok
21:30:26.0224 0x17a0  [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:30:26.0240 0x17a0  NetTcpPortSharing - ok
21:30:26.0333 0x17a0  [ C873B801A7D628474313B2887D051607, 894877BAB599F52FB606B240D53FEB84CC4A6BAD8A45CB1983231CD2AE0C7A79 ] NETwNs64        C:\Windows\system32\DRIVERS\Netwsw02.sys
21:30:26.0411 0x17a0  NETwNs64 - ok
21:30:26.0411 0x17a0  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
21:30:26.0427 0x17a0  nfrd960 - ok
21:30:26.0458 0x17a0  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
21:30:26.0489 0x17a0  NlaSvc - ok
21:30:26.0489 0x17a0  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
21:30:26.0536 0x17a0  Npfs - ok
21:30:26.0536 0x17a0  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
21:30:26.0567 0x17a0  nsi - ok
21:30:26.0583 0x17a0  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
21:30:26.0614 0x17a0  nsiproxy - ok
21:30:26.0661 0x17a0  [ B98F8C6E31CD07B2E6F71F7F648E38C0, 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
21:30:26.0708 0x17a0  Ntfs - ok
21:30:26.0708 0x17a0  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
21:30:26.0754 0x17a0  Null - ok
21:30:26.0754 0x17a0  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
21:30:26.0770 0x17a0  nvraid - ok
21:30:26.0770 0x17a0  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
21:30:26.0786 0x17a0  nvstor - ok
21:30:26.0801 0x17a0  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
21:30:26.0801 0x17a0  nv_agp - ok
21:30:26.0817 0x17a0  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
21:30:26.0817 0x17a0  ohci1394 - ok
21:30:26.0879 0x17a0  [ 1B9E7338761DAE4839ED87D7A248F817, 03AF40570DD8F8326EAF2A18227280DF0CEFFF1E12966E2829839C4B1E7F700E ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:30:26.0926 0x17a0  ose - ok
21:30:27.0129 0x17a0  [ FE9C0029E1AF26350D9985D00520E5C8, 967079CCF7B2CBD4B48C9F076675C26AF93A1CEC26C96811F279414E34004EE6 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:30:27.0238 0x17a0  osppsvc - ok
21:30:27.0285 0x17a0  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
21:30:27.0316 0x17a0  p2pimsvc - ok
21:30:27.0347 0x17a0  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
21:30:27.0363 0x17a0  p2psvc - ok
21:30:27.0378 0x17a0  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
21:30:27.0394 0x17a0  Parport - ok
21:30:27.0394 0x17a0  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
21:30:27.0394 0x17a0  partmgr - ok
21:30:27.0472 0x17a0  [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc          C:\Windows\System32\pcasvc.dll
21:30:27.0503 0x17a0  PcaSvc - ok
21:30:27.0519 0x17a0  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
21:30:27.0534 0x17a0  pci - ok
21:30:27.0534 0x17a0  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
21:30:27.0534 0x17a0  pciide - ok
21:30:27.0550 0x17a0  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
21:30:27.0566 0x17a0  pcmcia - ok
21:30:27.0566 0x17a0  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
21:30:27.0581 0x17a0  pcw - ok
21:30:27.0612 0x17a0  [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
21:30:27.0628 0x17a0  PEAUTH - ok
21:30:27.0737 0x17a0  [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
21:30:27.0800 0x17a0  PeerDistSvc - ok
21:30:27.0846 0x17a0  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
21:30:27.0862 0x17a0  PerfHost - ok
21:30:27.0924 0x17a0  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
21:30:27.0987 0x17a0  pla - ok
21:30:28.0018 0x17a0  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
21:30:28.0049 0x17a0  PlugPlay - ok
21:30:28.0049 0x17a0  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
21:30:28.0065 0x17a0  PNRPAutoReg - ok
21:30:28.0080 0x17a0  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
21:30:28.0096 0x17a0  PNRPsvc - ok
21:30:28.0127 0x17a0  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
21:30:28.0158 0x17a0  PolicyAgent - ok
21:30:28.0190 0x17a0  [ A2CCA4FB273E6050F17A0A416CFF2FCD, C42BA18DF0C8E3F7358669A784E51E4DC7A4112096345EA699EDC95F561E0255 ] Power           C:\Windows\system32\umpo.dll
21:30:28.0205 0x17a0  Power - ok
21:30:28.0268 0x17a0  [ 552F3539C70D010F97001E9B7228210B, 9CB45B7D67E0B99C78D0091173C983AB272FA8A18E1CB5AC3B1519B37964A11E ] Power Manager DBC Service C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
21:30:28.0299 0x17a0  Power Manager DBC Service - ok
21:30:28.0314 0x17a0  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
21:30:28.0346 0x17a0  PptpMiniport - ok
21:30:28.0346 0x17a0  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
21:30:28.0361 0x17a0  Processor - ok
21:30:28.0377 0x17a0  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\Windows\system32\profsvc.dll
21:30:28.0408 0x17a0  ProfSvc - ok
21:30:28.0408 0x17a0  [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:30:28.0424 0x17a0  ProtectedStorage - ok
21:30:28.0439 0x17a0  [ 05A4779E4994B21473EDBE85AABE8030, AFD597461B036FDE42013648A4D542B02AE1D7E128BF0B193BA4B478432F0C72 ] psadd           C:\Windows\system32\DRIVERS\psadd.sys
21:30:28.0439 0x17a0  psadd - ok
21:30:28.0455 0x17a0  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
21:30:28.0486 0x17a0  Psched - ok
21:30:28.0533 0x17a0  [ FB3D6070413925193EA32D1652B921F0, 5D0EEDC966BD5A042A761411E69B376BC16339032BCC460CD4F2965DF05C1033 ] PwmEWSvc        C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE
21:30:28.0580 0x17a0  PwmEWSvc - ok
21:30:28.0626 0x17a0  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
21:30:28.0673 0x17a0  ql2300 - ok
21:30:28.0673 0x17a0  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
21:30:28.0689 0x17a0  ql40xx - ok
21:30:28.0704 0x17a0  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
21:30:28.0720 0x17a0  QWAVE - ok
21:30:28.0720 0x17a0  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
21:30:28.0736 0x17a0  QWAVEdrv - ok
21:30:28.0751 0x17a0  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
21:30:28.0767 0x17a0  RasAcd - ok
21:30:28.0782 0x17a0  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
21:30:28.0814 0x17a0  RasAgileVpn - ok
21:30:28.0829 0x17a0  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
21:30:28.0860 0x17a0  RasAuto - ok
21:30:28.0860 0x17a0  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
21:30:28.0892 0x17a0  Rasl2tp - ok
21:30:28.0907 0x17a0  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
21:30:28.0954 0x17a0  RasMan - ok
21:30:28.0954 0x17a0  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
21:30:28.0985 0x17a0  RasPppoe - ok
21:30:28.0985 0x17a0  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
21:30:29.0016 0x17a0  RasSstp - ok
21:30:29.0032 0x17a0  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
21:30:29.0063 0x17a0  rdbss - ok
21:30:29.0063 0x17a0  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
21:30:29.0079 0x17a0  rdpbus - ok
21:30:29.0079 0x17a0  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
21:30:29.0110 0x17a0  RDPCDD - ok
21:30:29.0141 0x17a0  [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
21:30:29.0141 0x17a0  RDPDR - ok
21:30:29.0157 0x17a0  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
21:30:29.0188 0x17a0  RDPENCDD - ok
21:30:29.0188 0x17a0  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
21:30:29.0219 0x17a0  RDPREFMP - ok
21:30:29.0235 0x17a0  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
21:30:29.0266 0x17a0  RDPWD - ok
21:30:29.0266 0x17a0  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
21:30:29.0282 0x17a0  rdyboost - ok
21:30:29.0328 0x17a0  [ BC49E8BDBC6C1B161FDDB350CE423366, D98C7948EE36808164766DD9934C204599275BE9FCD83515F9C0153202D38C34 ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
21:30:29.0344 0x17a0  RegSrvc - ok
21:30:29.0360 0x17a0  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
21:30:29.0406 0x17a0  RemoteAccess - ok
21:30:29.0406 0x17a0  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
21:30:29.0438 0x17a0  RemoteRegistry - ok
21:30:29.0469 0x17a0  [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
21:30:29.0484 0x17a0  RFCOMM - ok
21:30:29.0500 0x17a0  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
21:30:29.0516 0x17a0  RpcEptMapper - ok
21:30:29.0531 0x17a0  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
21:30:29.0547 0x17a0  RpcLocator - ok
21:30:29.0562 0x17a0  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
21:30:29.0594 0x17a0  RpcSs - ok
21:30:29.0609 0x17a0  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
21:30:29.0625 0x17a0  rspndr - ok
21:30:29.0672 0x17a0  [ 1BE36AB59242A109697870F16A8E0EF8, CAC949D97EEFA0CE5E89084D0950B6E331145870355367803530D0DED4962F2E ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
21:30:29.0687 0x17a0  RTL8167 - ok
21:30:29.0718 0x17a0  [ 61EF084BB097FFAB50D05EE5115F7F98, 334E691C45A473977301DB8E8D03747388D2A2D940D3BC15493476404D801645 ] RTSPER          C:\Windows\system32\DRIVERS\RtsPer.sys
21:30:29.0734 0x17a0  RTSPER - ok
21:30:29.0750 0x17a0  [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
21:30:29.0765 0x17a0  s3cap - ok
21:30:29.0765 0x17a0  [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] SamSs           C:\Windows\system32\lsass.exe
21:30:29.0781 0x17a0  SamSs - ok
21:30:29.0781 0x17a0  SAService - ok
21:30:29.0796 0x17a0  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
21:30:29.0796 0x17a0  sbp2port - ok
21:30:29.0828 0x17a0  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
21:30:29.0859 0x17a0  SCardSvr - ok
21:30:29.0874 0x17a0  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
21:30:29.0906 0x17a0  scfilter - ok
21:30:29.0952 0x17a0  [ 40686B59C127F0C93B4234E4A1E3472A, B2DD61CB796C6AA8AFD285D43472B94646CA6D331D282818E0FDC9DE28DDE9CF ] Schedule        C:\Windows\system32\schedsvc.dll
21:30:29.0999 0x17a0  Schedule - ok
21:30:30.0015 0x17a0  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
21:30:30.0046 0x17a0  SCPolicySvc - ok
21:30:30.0077 0x17a0  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
21:30:30.0093 0x17a0  SDRSVC - ok
21:30:30.0093 0x17a0  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
21:30:30.0108 0x17a0  secdrv - ok
21:30:30.0124 0x17a0  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
21:30:30.0155 0x17a0  seclogon - ok
21:30:30.0171 0x17a0  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
21:30:30.0202 0x17a0  SENS - ok
21:30:30.0202 0x17a0  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
21:30:30.0218 0x17a0  SensrSvc - ok
21:30:30.0218 0x17a0  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\drivers\serenum.sys
21:30:30.0233 0x17a0  Serenum - ok
21:30:30.0233 0x17a0  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\drivers\serial.sys
21:30:30.0249 0x17a0  Serial - ok
21:30:30.0249 0x17a0  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
21:30:30.0249 0x17a0  sermouse - ok
21:30:30.0280 0x17a0  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
21:30:30.0311 0x17a0  SessionEnv - ok
21:30:30.0311 0x17a0  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
21:30:30.0327 0x17a0  sffdisk - ok
21:30:30.0327 0x17a0  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
21:30:30.0342 0x17a0  sffp_mmc - ok
21:30:30.0342 0x17a0  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
21:30:30.0358 0x17a0  sffp_sd - ok
21:30:30.0358 0x17a0  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
21:30:30.0374 0x17a0  sfloppy - ok
21:30:30.0389 0x17a0  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
21:30:30.0420 0x17a0  SharedAccess - ok
21:30:30.0436 0x17a0  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:30:30.0483 0x17a0  ShellHWDetection - ok
21:30:30.0498 0x17a0  [ 07514491857759A5D02A741C9DB6ECA2, D3EB21D90DB68F8BE695961BFA1256E4FA1274D59B3AA465A5485215ABBAA8C5 ] Shockprf        C:\Windows\system32\DRIVERS\Apsx64.sys
21:30:30.0498 0x17a0  Shockprf - ok
21:30:30.0498 0x17a0  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
21:30:30.0514 0x17a0  SiSRaid2 - ok
21:30:30.0514 0x17a0  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
21:30:30.0530 0x17a0  SiSRaid4 - ok
21:30:30.0530 0x17a0  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
21:30:30.0561 0x17a0  Smb - ok
21:30:30.0592 0x17a0  [ 7C5B431BB6CD52C46295D9752C1C5A45, CBC2A342F019359629B7141ADD1A5AE3E97785D39ADD398EC60F897FABDD5554 ] SmbDrvI         C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys
21:30:30.0592 0x17a0  SmbDrvI - ok
21:30:30.0608 0x17a0  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
21:30:30.0608 0x17a0  SNMPTRAP - ok
21:30:30.0670 0x17a0  [ 3A4F2C0BB87A0895ABEBA341AA1E341B,
         

Alt 29.11.2015, 20:52   #7
M-K-D-B
/// TB-Ausbilder
 
Windows7: Trojaner, registy befallen, HKU, HKCU - Standard

Windows7: Trojaner, registy befallen, HKU, HKCU



Servus,


die IP 150.206.1.3 in den Interneteinstellungen zeigt nach Neuseeland, ist das ok?



Zitat:
2015-11-29 19:51 - 2015-11-29 21:13 - 00000064 _____ C:\Users\Marie-Luise\.screenleap
2015-11-29 19:51 - 2015-11-29 20:29 - 00000000 ____D C:\Users\Marie-Luise\AppData\Local\Screenleap
2015-11-29 19:51 - 2015-11-29 19:51 - 00002000 _____ C:\Users\Marie-Luise\Desktop\Screenleap.lnk
2015-11-25 21:59 - 2015-11-25 21:59 - 00000000 ____D C:\Users\Marie-Luise\AppData\Roaming\pendulum-28
2015-11-25 21:57 - 2015-11-25 21:57 - 00000000 ____D C:\ProgramData\molecule-26
2015-11-25 21:54 - 2015-11-28 21:07 - 00000000 ____D C:\Users\Marie-Luise\AppData\Roaming\doublers-6
2015-11-25 21:52 - 2015-11-25 23:02 - 00000000 ____D C:\ProgramData\powercap-44
2015-11-18 19:00 - 2015-11-18 21:40 - 00000000 ____D C:\Users\Marie-Luise\AppData\Roaming\glonass-89
Diese Programme hast du alle bewusst installiert und weißt, was das ist?
Wenn ja, klär mich bitte kurz auf.
__________________
offline: 16.09. bis 20.09.
____________________________________

Das Trojaner-Board unterstützen

Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?

Alt 29.11.2015, 20:52   #8
Marie Schauk
 
Windows7: Trojaner, registy befallen, HKU, HKCU - Standard

Windows7: Trojaner, registy befallen, HKU, HKCU



logfile TDSS, 4 und letzte Teil.

Code:
ATTFilter
4DADEEF3C5D181502D6F4A00FBBF3B001FA626E49569FB330D7AE2955CC7DE08 ] Sony PC Companion C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
21:30:30.0686 0x17a0  Sony PC Companion - detected UnsignedFile.Multi.Generic ( 1 )
21:30:30.0686 0x17a0  Detect skipped due to KSN trusted
21:30:30.0686 0x17a0  Sony PC Companion - ok
21:30:30.0701 0x17a0  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
21:30:30.0717 0x17a0  spldr - ok
21:30:30.0748 0x17a0  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
21:30:30.0779 0x17a0  Spooler - ok
21:30:30.0873 0x17a0  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
21:30:30.0966 0x17a0  sppsvc - ok
21:30:30.0982 0x17a0  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
21:30:30.0998 0x17a0  sppuinotify - ok
21:30:31.0029 0x17a0  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
21:30:31.0060 0x17a0  srv - ok
21:30:31.0060 0x17a0  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
21:30:31.0091 0x17a0  srv2 - ok
21:30:31.0091 0x17a0  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
21:30:31.0107 0x17a0  srvnet - ok
21:30:31.0122 0x17a0  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
21:30:31.0154 0x17a0  SSDPSRV - ok
21:30:31.0154 0x17a0  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
21:30:31.0185 0x17a0  SstpSvc - ok
21:30:31.0185 0x17a0  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
21:30:31.0200 0x17a0  stexstor - ok
21:30:31.0232 0x17a0  [ DECACB6921DED1A38642642685D77DAC, 1633711CE973F818EBCCCA28538772431167C33ECDD44D1E846A9436598B52DC ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
21:30:31.0263 0x17a0  StillCam - ok
21:30:31.0294 0x17a0  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
21:30:31.0325 0x17a0  stisvc - ok
21:30:31.0325 0x17a0  [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
21:30:31.0341 0x17a0  storflt - ok
21:30:31.0356 0x17a0  [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc         C:\Windows\system32\storsvc.dll
21:30:31.0372 0x17a0  StorSvc - ok
21:30:31.0372 0x17a0  [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc         C:\Windows\system32\drivers\storvsc.sys
21:30:31.0388 0x17a0  storvsc - ok
21:30:31.0481 0x17a0  [ 4219A2A1C9049CC35ADC65C1E2AC8842, 7B52107880251C7BA75E5A083A80B25FDC6C6AB34ACE7CDDAA990A04D76FB98E ] SUService       C:\Program Files (x86)\Lenovo\System Update\SUService.exe
21:30:31.0497 0x17a0  SUService - ok
21:30:31.0497 0x17a0  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
21:30:31.0512 0x17a0  swenum - ok
21:30:31.0544 0x17a0  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
21:30:31.0590 0x17a0  swprv - ok
21:30:31.0622 0x17a0  [ 16021E640CFA11BFA5F4D789322CFC39, E7249AFD865607502A36A6EC931AA9D04185A255B568F9401D45608305DFBF83 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
21:30:31.0637 0x17a0  SynTP - ok
21:30:31.0700 0x17a0  [ 2E730941CC5BF6200A4F56D1E9C24AAD, 758836D55DC84F3EBE9917DC6FAB8E6170A5B238FEDBCFDB6D7C5C6EA98E08B2 ] SysMain         C:\Windows\system32\sysmain.dll
21:30:31.0746 0x17a0  SysMain - ok
21:30:31.0762 0x17a0  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:30:31.0778 0x17a0  TabletInputService - ok
21:30:31.0793 0x17a0  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
21:30:31.0824 0x17a0  TapiSrv - ok
21:30:31.0840 0x17a0  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
21:30:31.0871 0x17a0  TBS - ok
21:30:31.0934 0x17a0  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
21:30:31.0980 0x17a0  Tcpip - ok
21:30:32.0043 0x17a0  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
21:30:32.0090 0x17a0  TCPIP6 - ok
21:30:32.0105 0x17a0  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
21:30:32.0105 0x17a0  tcpipreg - ok
21:30:32.0121 0x17a0  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
21:30:32.0136 0x17a0  TDPIPE - ok
21:30:32.0152 0x17a0  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
21:30:32.0168 0x17a0  TDTCP - ok
21:30:32.0183 0x17a0  [ AA77EB517D2F07A947294F260E3ACA83, B7A5DF3066830C0C2302B059778A67419792058A0D300C471DE40AB245EA7E58 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
21:30:32.0199 0x17a0  tdx - ok
21:30:32.0199 0x17a0  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
21:30:32.0214 0x17a0  TermDD - ok
21:30:32.0246 0x17a0  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
21:30:32.0261 0x17a0  TermService - ok
21:30:32.0277 0x17a0  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
21:30:32.0292 0x17a0  Themes - ok
21:30:32.0308 0x17a0  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
21:30:32.0339 0x17a0  THREADORDER - ok
21:30:32.0355 0x17a0  [ D34181414FB3060A968DF24C4BA98764, EDD1AC4D41C8F9B32E47FF03A391AAC6BDB26D00A8C43898D35610EB08EEA25C ] TPDIGIMN        C:\Windows\system32\DRIVERS\ApsHM64.sys
21:30:32.0355 0x17a0  TPDIGIMN - ok
21:30:32.0370 0x17a0  [ F3B696FD7CFBB5D73FF59E1018D8043D, 20B96C409FCB67AA24D417CACBA516756EAE5D4574FDA7951BDB1FA1DF67209B ] TPHDEXLGSVC     C:\Windows\system32\TPHDEXLG64.exe
21:30:32.0370 0x17a0  TPHDEXLGSVC - ok
21:30:32.0386 0x17a0  [ DBCC20C02E8A3E43B03C304A4E40A84F, BF5F3ACCB0342304A6870E94D2576644B08DBF307C853C7DBA4B82B0C7309DA4 ] TPM             C:\Windows\system32\drivers\tpm.sys
21:30:32.0402 0x17a0  TPM - ok
21:30:32.0417 0x17a0  [ A9EF6C7E62DC3B01C51CFB92C1596C62, 432335FDA5DF9FF8C9B86767980A07C720E7158D5362E40D3A745817D4275A07 ] TPPWRIF         C:\Windows\system32\drivers\Tppwr64v.sys
21:30:32.0417 0x17a0  TPPWRIF - ok
21:30:32.0433 0x17a0  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
21:30:32.0464 0x17a0  TrkWks - ok
21:30:32.0495 0x17a0  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:30:32.0526 0x17a0  TrustedInstaller - ok
21:30:32.0558 0x17a0  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
21:30:32.0558 0x17a0  tssecsrv - ok
21:30:32.0558 0x17a0  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
21:30:32.0573 0x17a0  TsUsbFlt - ok
21:30:32.0573 0x17a0  [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
21:30:32.0589 0x17a0  TsUsbGD - ok
21:30:32.0589 0x17a0  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
21:30:32.0620 0x17a0  tunnel - ok
21:30:32.0636 0x17a0  [ 760B34088C2AD8D634CC3784EF3A2CA2, 20D23EDBDE7EBBA495C032097E7C5B1C6F94037971D9B2D6B98ABE11E7FF3643 ] tvtvcamd        C:\Windows\system32\DRIVERS\tvtvcamd.sys
21:30:32.0636 0x17a0  tvtvcamd - ok
21:30:32.0651 0x17a0  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
21:30:32.0667 0x17a0  uagp35 - ok
21:30:32.0682 0x17a0  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
21:30:32.0714 0x17a0  udfs - ok
21:30:32.0729 0x17a0  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
21:30:32.0729 0x17a0  UI0Detect - ok
21:30:32.0729 0x17a0  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
21:30:32.0745 0x17a0  uliagpkx - ok
21:30:32.0745 0x17a0  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
21:30:32.0760 0x17a0  umbus - ok
21:30:32.0760 0x17a0  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
21:30:32.0776 0x17a0  UmPass - ok
21:30:32.0792 0x17a0  [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService    C:\Windows\System32\umrdp.dll
21:30:32.0807 0x17a0  UmRdpService - ok
21:30:32.0823 0x17a0  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
21:30:32.0854 0x17a0  upnphost - ok
21:30:32.0870 0x17a0  [ 524BFB402B1AB1007ED91E94D6AB6F72, 5A970292D2E7A580FAD86615BC6E66C2A5C74044EFF6C1543E928773E5B9C0F8 ] usb3Hub         C:\Windows\system32\DRIVERS\usb3Hub.sys
21:30:32.0885 0x17a0  usb3Hub - ok
21:30:32.0901 0x17a0  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
21:30:32.0932 0x17a0  usbccgp - ok
21:30:32.0932 0x17a0  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
21:30:32.0948 0x17a0  usbcir - ok
21:30:32.0979 0x17a0  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
21:30:32.0979 0x17a0  usbehci - ok
21:30:32.0994 0x17a0  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
21:30:33.0010 0x17a0  usbhub - ok
21:30:33.0026 0x17a0  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\drivers\usbohci.sys
21:30:33.0026 0x17a0  usbohci - ok
21:30:33.0041 0x17a0  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\drivers\usbprint.sys
21:30:33.0057 0x17a0  usbprint - ok
21:30:33.0057 0x17a0  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:30:33.0072 0x17a0  USBSTOR - ok
21:30:33.0088 0x17a0  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
21:30:33.0104 0x17a0  usbuhci - ok
21:30:33.0104 0x17a0  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
21:30:33.0119 0x17a0  usbvideo - ok
21:30:33.0135 0x17a0  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
21:30:33.0166 0x17a0  UxSms - ok
21:30:33.0197 0x17a0  [ 19B5A2B908BF97E81BA195B2321A9D8B, 08B0BBB5D0348D6C201137725FE0D5232C15889F6CB907DBA823F36036D89BAD ] ValBioService   C:\Program Files\Lenovo Fingerprint Reader\ValBioService.exe
21:30:33.0197 0x17a0  ValBioService - ok
21:30:33.0228 0x17a0  [ BF7FFCD223323F80E4DDB9ADB5DDF1AE, 4BC7EE65C577D93DBF25EC253526F2FE642F32017C1DA52CFEA83AC8BF3E18CA ] valWBFPolicyService C:\Windows\system32\valWBFPolicyService.exe
21:30:33.0228 0x17a0  valWBFPolicyService - ok
21:30:33.0244 0x17a0  [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] VaultSvc        C:\Windows\system32\lsass.exe
21:30:33.0260 0x17a0  VaultSvc - ok
21:30:33.0260 0x17a0  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
21:30:33.0260 0x17a0  vdrvroot - ok
21:30:33.0291 0x17a0  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
21:30:33.0338 0x17a0  vds - ok
21:30:33.0338 0x17a0  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
21:30:33.0353 0x17a0  vga - ok
21:30:33.0353 0x17a0  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
21:30:33.0384 0x17a0  VgaSave - ok
21:30:33.0384 0x17a0  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
21:30:33.0400 0x17a0  vhdmp - ok
21:30:33.0400 0x17a0  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
21:30:33.0416 0x17a0  viaide - ok
21:30:33.0447 0x17a0  [ D339DF97110C5E2C01FA191787E60CA0, 0798E9CB36BFC439CF536870E9B7594491D6027DC3FA89779B322761C1B8372D ] vm331avs        C:\Windows\system32\Drivers\vm331avs.sys
21:30:33.0494 0x17a0  vm331avs - ok
21:30:33.0509 0x17a0  [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
21:30:33.0525 0x17a0  vmbus - ok
21:30:33.0525 0x17a0  [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
21:30:33.0540 0x17a0  VMBusHID - ok
21:30:33.0540 0x17a0  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
21:30:33.0556 0x17a0  volmgr - ok
21:30:33.0572 0x17a0  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
21:30:33.0587 0x17a0  volmgrx - ok
21:30:33.0587 0x17a0  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
21:30:33.0603 0x17a0  volsnap - ok
21:30:33.0618 0x17a0  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
21:30:33.0634 0x17a0  vsmraid - ok
21:30:33.0681 0x17a0  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
21:30:33.0743 0x17a0  VSS - ok
21:30:33.0743 0x17a0  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
21:30:33.0759 0x17a0  vwifibus - ok
21:30:33.0759 0x17a0  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
21:30:33.0774 0x17a0  vwififlt - ok
21:30:33.0774 0x17a0  [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
21:30:33.0790 0x17a0  vwifimp - ok
21:30:33.0806 0x17a0  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
21:30:33.0837 0x17a0  W32Time - ok
21:30:33.0837 0x17a0  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
21:30:33.0852 0x17a0  WacomPen - ok
21:30:33.0852 0x17a0  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
21:30:33.0884 0x17a0  WANARP - ok
21:30:33.0884 0x17a0  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
21:30:33.0915 0x17a0  Wanarpv6 - ok
21:30:33.0962 0x17a0  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
21:30:34.0008 0x17a0  wbengine - ok
21:30:34.0008 0x17a0  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
21:30:34.0024 0x17a0  WbioSrvc - ok
21:30:34.0040 0x17a0  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
21:30:34.0055 0x17a0  wcncsvc - ok
21:30:34.0071 0x17a0  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:30:34.0086 0x17a0  WcsPlugInService - ok
21:30:34.0086 0x17a0  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
21:30:34.0102 0x17a0  Wd - ok
21:30:34.0118 0x17a0  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
21:30:34.0133 0x17a0  Wdf01000 - ok
21:30:34.0149 0x17a0  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
21:30:34.0164 0x17a0  WdiServiceHost - ok
21:30:34.0164 0x17a0  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
21:30:34.0196 0x17a0  WdiSystemHost - ok
21:30:34.0211 0x17a0  [ 4E89FC53493704BF835F0300DC201C34, FB3080725E144D93512DED81047D21C0582BC3412250EFF37E039108D7351F53 ] WebClient       C:\Windows\System32\webclnt.dll
21:30:34.0258 0x17a0  WebClient - ok
21:30:34.0274 0x17a0  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
21:30:34.0305 0x17a0  Wecsvc - ok
21:30:34.0320 0x17a0  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
21:30:34.0352 0x17a0  wercplsupport - ok
21:30:34.0367 0x17a0  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
21:30:34.0398 0x17a0  WerSvc - ok
21:30:34.0398 0x17a0  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
21:30:34.0430 0x17a0  WfpLwf - ok
21:30:34.0430 0x17a0  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
21:30:34.0445 0x17a0  WIMMount - ok
21:30:34.0476 0x17a0  WinDefend - ok
21:30:34.0476 0x17a0  WinHttpAutoProxySvc - ok
21:30:34.0508 0x17a0  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
21:30:34.0554 0x17a0  Winmgmt - ok
21:30:34.0617 0x17a0  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
21:30:34.0695 0x17a0  WinRM - ok
21:30:34.0710 0x17a0  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUSB.sys
21:30:34.0710 0x17a0  WinUsb - ok
21:30:34.0742 0x17a0  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
21:30:34.0773 0x17a0  Wlansvc - ok
21:30:34.0773 0x17a0  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
21:30:34.0788 0x17a0  WmiAcpi - ok
21:30:34.0804 0x17a0  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
21:30:34.0820 0x17a0  wmiApSrv - ok
21:30:34.0835 0x17a0  WMPNetworkSvc - ok
21:30:34.0851 0x17a0  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
21:30:34.0866 0x17a0  WPCSvc - ok
21:30:34.0866 0x17a0  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
21:30:34.0882 0x17a0  WPDBusEnum - ok
21:30:34.0882 0x17a0  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
21:30:34.0913 0x17a0  ws2ifsl - ok
21:30:34.0929 0x17a0  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
21:30:34.0944 0x17a0  wscsvc - ok
21:30:34.0944 0x17a0  WSearch - ok
21:30:35.0085 0x17a0  [ 361845875ED8ED13086E7F37265C45DA, A0931DC1E35712036E93BBC3600530C0DA12E94E0D898787C818C526DFF240C2 ] wuauserv        C:\Windows\system32\wuaueng.dll
21:30:35.0147 0x17a0  wuauserv - ok
21:30:35.0178 0x17a0  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
21:30:35.0194 0x17a0  WudfPf - ok
21:30:35.0210 0x17a0  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
21:30:35.0210 0x17a0  WUDFRd - ok
21:30:35.0225 0x17a0  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
21:30:35.0225 0x17a0  wudfsvc - ok
21:30:35.0241 0x17a0  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
21:30:35.0272 0x17a0  WwanSvc - ok
21:30:35.0428 0x17a0  [ C3FFB098C24A82B61E1818C3BB978B48, C7BC57A8D549B7478052F05FD0B4C623F1B70187358FD3CB5A7E9B5092FBD75F ] ZeroConfigService C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
21:30:35.0522 0x17a0  ZeroConfigService - ok
21:30:35.0553 0x17a0  ================ Scan global ===============================
21:30:35.0568 0x17a0  [ 168EA9CD9BD6056BB6F60B57D5304BBE, 5A2F98754F042A7D80E7483842967EB362F01D57CE9720B24C7EDAA047F24C6F ] C:\Windows\system32\basesrv.dll
21:30:35.0600 0x17a0  [ FF41063E45C6238CAF48CBE6D0D6FC4B, 9B755EA23E7D2554E3AC3ADFFC4AFF7EB4F4A0F5CD3E6F2300BC98B21474CBC6 ] C:\Windows\system32\winsrv.dll
21:30:35.0615 0x17a0  [ FF41063E45C6238CAF48CBE6D0D6FC4B, 9B755EA23E7D2554E3AC3ADFFC4AFF7EB4F4A0F5CD3E6F2300BC98B21474CBC6 ] C:\Windows\system32\winsrv.dll
21:30:35.0646 0x17a0  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
21:30:35.0678 0x17a0  [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
21:30:35.0678 0x17a0  [ Global ] - ok
21:30:35.0678 0x17a0  ================ Scan MBR ==================================
21:30:35.0693 0x17a0  [ 3C10CC64408FD361AA392029816603BE ] \Device\Harddisk0\DR0
21:30:36.0052 0x17a0  \Device\Harddisk0\DR0 - ok
21:30:36.0052 0x17a0  ================ Scan VBR ==================================
21:30:36.0052 0x17a0  [ A268329E47236A1427D06FE623E25EDF ] \Device\Harddisk0\DR0\Partition1
21:30:36.0083 0x17a0  \Device\Harddisk0\DR0\Partition1 - ok
21:30:36.0083 0x17a0  [ 1BCC9905345EA33A52D3456ED16A5665 ] \Device\Harddisk0\DR0\Partition2
21:30:36.0099 0x17a0  \Device\Harddisk0\DR0\Partition2 - ok
21:30:36.0146 0x17a0  [ B54B30046ACAA40F06DB991EADCAD0E4 ] \Device\Harddisk0\DR0\Partition3
21:30:36.0146 0x17a0  \Device\Harddisk0\DR0\Partition3 - ok
21:30:36.0146 0x17a0  [ DFCA5FC290B016A3096325987A5D7C65 ] \Device\Harddisk0\DR0\Partition4
21:30:36.0177 0x17a0  \Device\Harddisk0\DR0\Partition4 - ok
21:30:36.0177 0x17a0  ================ Scan generic autorun ======================
21:30:36.0224 0x17a0  [ 18CE3B3E42FBDF53883AE982152A0B45, E9E0DBA4CBE3B6CA7CE76591D65878ADB65DD4F3AF2CEAD0BD63559AE646AEB6 ] C:\Windows\system32\igfxtray.exe
21:30:36.0224 0x17a0  IgfxTray - ok
21:30:36.0239 0x17a0  [ FF71518046D79001513377100B79E2A3, 668057BF2B23212DA0C83849339D74949AE24E7F7866A2B9DE1D973E52F1BC3A ] C:\Windows\system32\hkcmd.exe
21:30:36.0255 0x17a0  HotKeysCmds - ok
21:30:36.0270 0x17a0  [ 763F57136C09C4A9E5B7C155400239CC, B661C8137322562E9014D946C7B58FAA15BC3948A1509A1B5A6DAEDCBF9FCA8C ] C:\Windows\system32\igfxpers.exe
21:30:36.0286 0x17a0  Persistence - ok
21:30:36.0333 0x17a0  [ 9E1738D18C61E6935AD0E8EE19D100D8, C2864677359A977CB67F16664DF44C4001CF4C04AD29401450D1BC3CDD9421AD ] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
21:30:36.0364 0x17a0  cAudioFilterAgent - ok
21:30:36.0380 0x17a0  [ 42361B4BD80768E82B80285851037665, A555A6BF8016645B838FEA993AD273D1F472586F3600619DC243B1C33438FA07 ] C:\Program Files\Conexant\ForteConfig\fmapp.exe
21:30:36.0380 0x17a0  ForteConfig - ok
21:30:36.0473 0x17a0  [ 8970A59A838FF1CDC3D62D85823AA61E, 5842DAFD20C1A024CF8984652A08D12DBA1DE15788794D01FF6070D4E24D2479 ] C:\Program Files\CONEXANT\SAII\SACpl.exe
21:30:36.0504 0x17a0  SmartAudio - detected UnsignedFile.Multi.Generic ( 1 )
21:30:36.0504 0x17a0  Detect skipped due to KSN trusted
21:30:36.0504 0x17a0  SmartAudio - ok
21:30:36.0536 0x17a0  [ 78C0F0EA63438D2441E7F9CAC9619889, DA121F5637D8BA09EE9BFAD58757775B4775EFCCC06DC1DEF68F26C90C0F985F ] C:\Windows\system32\TpShocks.exe
21:30:36.0551 0x17a0  TpShocks - ok
21:30:36.0582 0x17a0  [ 4420BBAC770EB87AB74E4B9146E18924, 6DB78DB9FD72F1E8C7651D2B3FF090CB4A8C90BA0D11F69D533960CE67170CFC ] C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
21:30:36.0598 0x17a0  BLEServicesCtrl - ok
21:30:36.0598 0x17a0  BTMTrayAgent - ok
21:30:36.0598 0x17a0  SynTPEnh - ok
21:30:36.0660 0x17a0  [ 2438CD7EFF8399E41B29A3D0DB0873D9, 5EA16FBF213E81013DE3FC83319C6A75214513A2AEE6A5403742348F739031D4 ] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe
21:30:36.0660 0x17a0  IMSS - ok
21:30:36.0707 0x17a0  [ E0E7C48CAF25943DB1B034364501134A, 6F3D325F82448668EBEBEE1DEA7CC686DE6ED37E903F28FE3521B4018F427B62 ] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
21:30:36.0723 0x17a0  USB3MON - ok
21:30:36.0754 0x17a0  [ FA6220C7FDF2D94CFF82D45B72E5C929, C3E414388F8818EC4B3BEABC8ED16DE6CBF965A6603328A45AD6D9A1808F3E55 ] C:\Program Files (x86)\USB Camera\VM331STI.EXE
21:30:36.0785 0x17a0  331BigDog - ok
21:30:36.0785 0x17a0  PWMTRV - ok
21:30:36.0879 0x17a0  [ C1A86A6D6847DEFF009EAE85BA0C1F20, 7DC2A823FA281117B335B74876469C788A5C81534251179BE86F3FB35F1B6D67 ] C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
21:30:36.0910 0x17a0  avgnt - ok
21:30:36.0941 0x17a0  [ CE5C9977DA751DDC30952AC4DCBCA788, 295172C4681E9AC27121122CDD2BA6F2A62435917A083CC8490D584CA0164BE6 ] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
21:30:36.0957 0x17a0  HP Software Update - ok
21:30:37.0004 0x17a0  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
21:30:37.0035 0x17a0  Sidebar - ok
21:30:37.0066 0x17a0  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
21:30:37.0082 0x17a0  mctadmin - ok
21:30:37.0113 0x17a0  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
21:30:37.0144 0x17a0  Sidebar - ok
21:30:37.0160 0x17a0  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
21:30:37.0175 0x17a0  mctadmin - ok
21:30:37.0316 0x17a0  [ 22F7B9670AD770C7ED7F4738204C8E5C, 7B793AC094CB1B073419B5DAE09DFBB8EBED03D29301F490AA76EA0667613438 ] C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe
21:30:37.0362 0x17a0  HP Officejet 6700 (NET) - ok
21:30:37.0378 0x17a0  Web Companion - ok
21:30:37.0971 0x17a0  [ 1FA9AC9760AA04253B4D5D7DD8BF1073, 8514D8C242495A2214321A501C04455428471A884C558B4983CEBC6FD71B11F7 ] C:\Users\Marie-Luise\AppData\Local\Screenleap\Screenleap.exe
21:30:38.0049 0x17a0  Screenleap - ok
21:30:38.0080 0x17a0  [ 5746BD7E255DD6A8AFA06F7C42C1BA41, DB06C3534964E3FC79D2763144BA53742D7FA250CA336F4A0FE724B75AAFF386 ] C:\Windows\system32\cmd.exe
21:30:38.0111 0x17a0  Uninstall C:\Users\Marie-Luise\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\amd64 - ok
21:30:38.0127 0x17a0  AV detected via SS2: Avira Antivirus, C:\Program Files (x86)\Avira\Antivirus\wsctool.exe ( 15.0.13.202 ), 0x41000 ( enabled : updated )
21:30:38.0127 0x17a0  Win FW state via NFP2: enabled ( trusted )
21:30:40.0545 0x17a0  ============================================================
21:30:40.0545 0x17a0  Scan finished
21:30:40.0545 0x17a0  ============================================================
21:30:40.0560 0x0a40  Detected object count: 0
21:30:40.0560 0x0a40  Actual detected object count: 0
         

Alt 29.11.2015, 20:55   #9
M-K-D-B
/// TB-Ausbilder
 
Windows7: Trojaner, registy befallen, HKU, HKCU - Standard

Windows7: Trojaner, registy befallen, HKU, HKCU



Servus,



bitte meinen letzten Post lesen und darauf antworten.


Danke!
__________________
offline: 16.09. bis 20.09.
____________________________________

Das Trojaner-Board unterstützen

Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?

Alt 29.11.2015, 21:00   #10
Marie Schauk
 
Windows7: Trojaner, registy befallen, HKU, HKCU - Standard

Windows7: Trojaner, registy befallen, HKU, HKCU



Die ersten drei Dateien habe ich heute installiert, gebraucht, um den Screenshot zu teilen über das Internet.
Code:
ATTFilter
2015-11-25 21:59 - 2015-11-25 21:59 - 00000000 ____D C:\Users\Marie-Luise\AppData\Roaming\pendulum-28
2015-11-25 21:57 - 2015-11-25 21:57 - 00000000 ____D C:\ProgramData\molecule-26
2015-11-25 21:54 - 2015-11-28 21:07 - 00000000 ____D C:\Users\Marie-Luise\AppData\Roaming\doublers-6
2015-11-25 21:52 - 2015-11-25 23:02 - 00000000 ____D C:\ProgramData\powercap-44
2015-11-18 19:00 - 2015-11-18 21:40 - 00000000 ____D C:\Users\Marie-Luise\AppData\Roaming\glonass-89
         
Die anderen wüsste ich nicht als bewusst installiert.
Mit der Interneteinstellung nach Neuseeland war mir nicht bewusst.

Viele Grüße
Marie

Alt 29.11.2015, 21:06   #11
M-K-D-B
/// TB-Ausbilder
 
Windows7: Trojaner, registy befallen, HKU, HKCU - Standard

Windows7: Trojaner, registy befallen, HKU, HKCU



Servus,


wir beginnen erst mal so:



Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
ATTFilter
start
CloseProcesses:
Tcpip\..\Interfaces\{FC018661-EF6C-4533-B835-3D2AC0E19221}: [DhcpNameServer] 150.206.1.3 
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:
end
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.







Schritt 2

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.







Schritt 3
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
  • FRST erstellt nun zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.






Gibt es aktuell noch Probleme oder Funde? Wenn ja, welche?








Bitte poste mit deiner nächsten Antwort
  • die Logdatei des FRST-Fix,
  • die Logdatei von JRT,
  • die beiden neuen Logdateien von FRST.
__________________
offline: 16.09. bis 20.09.
____________________________________

Das Trojaner-Board unterstützen

Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?

Alt 30.11.2015, 19:47   #12
Marie Schauk
 
Windows7: Trojaner, registy befallen, HKU, HKCU - Standard

Windows7: Trojaner, registy befallen, HKU, HKCU



Danke!
Anbei die Logdatei des FRST-Fix

Code:
ATTFilter
Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:29-11-2015
durchgeführt von Marie-Luise (2015-11-30 19:38:04) Run:1
Gestartet von C:\Users\Marie-Luise\Desktop
Geladene Profile: Marie-Luise &  (Verfügbare Profile: Marie-Luise)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
start
CloseProcesses:
Tcpip\..\Interfaces\{FC018661-EF6C-4533-B835-3D2AC0E19221}: [DhcpNameServer] 150.206.1.3 
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:
end
*****************

Prozess erfolgreich geschlossen.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{FC018661-EF6C-4533-B835-3D2AC0E19221}\\DhcpNameServer => Wert erfolgreich entfernt

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt
HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt
HKU\S-1-5-21-1401465016-1591747146-3379758321-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\S-1-5-21-1401465016-1591747146-3379758321-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt


========= Ende von RemoveProxy: =========


=========  ipconfig /flushdns =========


Windows-IP-Konfiguration

Der DNS-Aufl�sungscache wurde geleert.

========= Ende von CMD: =========


=========  netsh winsock reset =========


Der Winsock-Katalog wurde zur�ckgesetzt.
Sie m�ssen den Computer neu starten, um den Vorgang abzuschlie�en.


========= Ende von CMD: =========

EmptyTemp: => 1.5 GB temporäre Dateien entfernt.


Das System musste neu gestartet werden.

==== Ende von Fixlog 19:40:13 ====
         
Und hier die JRT.txt

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 7 Professional x64 
Ran by Marie-Luise (Administrator) on 30.11.2015 at 20:41:04,17
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 2 

Successfully deleted: C:\Users\Marie-Luise\AppData\Local\crashrpt (Folder) 
Successfully deleted: C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\extensions\mailcheck@gmx.net\searchplugins\mailcom-search.xml (File) 

Deleted the following from C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\prefs.js
user_pref(extensions.unitedinternet.email.runonceNewUsersShown, true);



Registry: 0 





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 30.11.2015 at 20:42:10,96
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Und schließlich die FRST.txt und Addition.txt.
"Scan" gab es nicht, ich habe auf "Untersuchen" geklickt.

FRST.txt

FRST Logfile:
Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:29-11-2015
durchgeführt von Marie-Luise (Administrator) auf MARIE-NOTEBOOK (30-11-2015 20:44:47)
Gestartet von C:\Users\Marie-Luise\Desktop
Geladene Profile: Marie-Luise (Verfügbare Profile: Marie-Luise)
Platform: Windows 7 Professional Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
() C:\ProgramData\DatacardService\DCService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Validity Sensors, Inc.) C:\Program Files\Lenovo Fingerprint Reader\ValBioService.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [900704 2013-03-15] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [384344 2013-11-29] (Lenovo.)
HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [184112 2012-09-17] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2810608 2014-04-07] (Synaptics Incorporated)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-05-16] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-10-21] (Intel Corporation)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [552960 2013-05-14] (Vimicro)
HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [782520 2015-10-11] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66320 2015-10-14] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\...\Run: [HP Officejet 6700 (NET)] => C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\...\Run: [Screenleap] => C:\Users\Marie-Luise\AppData\Local\Screenleap\Screenleap.exe [2856992 2015-11-29] (Screenleap, Inc.)
HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\...\Run: [jedec-22] => C:\ProgramData\jedec-08\jedec-8.exe [439624 2015-11-30] (Enterprise Fighter)
HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\...\RunOnce: [Uninstall C:\Users\Marie-Luise\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Marie-Luise\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\amd64"
HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\...\RunOnce: [isotope-53] => C:\Users\Marie-Luise\AppData\Roaming\isotope-4\isotope-66.exe [619520 2015-11-30] (American Megatrends, Inc)
HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\...\MountPoints2: {8225d693-4841-11e5-9626-f8165465672d} - E:\AutoRun.exe
HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\...\MountPoints2: {de3f79ed-2748-11e4-b820-806e6f6e6963} - Q:\LenovoQDrive.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\igpxtskmgn.lnk [2014-08-19]
ShortcutTarget: igpxtskmgn.lnk -> C:\Program Files (x86)\Lenovo\USB3.0 DVI Adapter\igpxtskmgn64win7.exe (Docking Station)
Startup: C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2015-10-02]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\blvds-12.lnk [2015-11-30]
ShortcutTarget: blvds-12.lnk -> C:\Users\Marie-Luise\AppData\Roaming\blvds-47\blvds-56.exe (Intel(R) Corporation)
Startup: C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 6700 (Netzwerk).lnk [2015-11-30]
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet 6700 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet 6700\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{B3636DED-3BAF-45B6-A1E8-E155B3A14D72}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13-comm.msn.com/?pc=LNJB
HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad
HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
SearchScopes: HKU\S-1-5-21-1401465016-1591747146-3379758321-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2015-11-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2015-11-01] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2015-11-01] (Microsoft Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2015-11-01] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-11-01] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-11-01] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-11-01] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-11-01] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012
FF Homepage: hxxp://www.jugendlosungen.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-15] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-15] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-05-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-05-16] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2015-11-01] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Extension: GMX MailCheck - C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\extensions\mailcheck@gmx.net [2015-11-18]
FF Extension: Adblock Plus - C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-11-29]
FF HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] [ist nicht signiert]

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - hxxp://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [932912 2015-10-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [461672 2015-10-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [461672 2015-10-11] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1147720 2015-10-14] (Avira Operations GmbH & Co. KG)
S2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [243968 2015-10-14] (Avira Operations GmbH & Co. KG)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2869432 2015-11-01] (Microsoft Corporation)
R2 DCService.exe; C:\ProgramData\DatacardService\DCService.exe [229376 2010-05-08] () [Datei ist nicht signiert]
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [9281840 2013-10-11] (DisplayLink Corp.)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [Datei ist nicht signiert]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-05-16] (Intel Corporation)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [136288 2012-08-10] (Lenovo Group Limited)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272424 2015-08-17] (Lenovo)
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-17] ()
S3 Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software) [Datei ist nicht signiert]
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [21536 2015-09-29] ()
R2 ValBioService; C:\Program Files\Lenovo Fingerprint Reader\ValBioService.exe [22776 2015-03-03] (Validity Sensors, Inc.)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [49968 2015-03-03] (Synaptics Incorporated)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-01-17] (Intel® Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [163544 2015-10-11] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [141416 2015-09-01] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-04-16] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [74952 2015-10-11] (Avira Operations GmbH & Co. KG)
R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [132920 2013-04-23] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1385272 2013-08-08] (Motorola Solutions, Inc.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [250368 2010-04-07] (Huawei Technologies Co., Ltd.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-02] (Intel Corporation)
R3 ibtusb; C:\Windows\System32\DRIVERS\ibtusb.sys [113096 2013-08-20] (Intel Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw02.sys [3429344 2014-02-18] (Intel Corporation)
R3 RTSPER; C:\Windows\System32\DRIVERS\RtsPer.sys [418008 2013-06-24] (Realsil Semiconductor Corporation)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [31472 2014-04-07] (Synaptics Incorporated)
S3 tvtvcamd; C:\Windows\System32\DRIVERS\tvtvcamd.sys [27432 2013-09-26] (ThinkVantage Communications Utility)
R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [206744 2013-06-20] (Windows (R) Win 7 DDK provider)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [1065344 2013-09-11] (Vimicro Corporation)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-11-30 20:42 - 2015-11-30 20:42 - 00001027 _____ C:\Users\Marie-Luise\Desktop\JRT.txt
2015-11-30 20:41 - 2015-11-30 20:41 - 00000000 ____D C:\Users\Marie-Luise\AppData\Roaming\blvds-47
2015-11-30 20:40 - 2015-11-30 20:40 - 00000000 ____D C:\ProgramData\diode-06
2015-11-30 20:39 - 2015-11-30 20:39 - 01599336 _____ (Malwarebytes) C:\Users\Marie-Luise\Desktop\JRT.exe
2015-11-30 19:38 - 2015-11-30 19:40 - 00002401 _____ C:\Users\Marie-Luise\Desktop\Fixlog.txt
2015-11-30 19:01 - 2015-11-30 19:01 - 00000000 ____D C:\Users\Marie-Luise\AppData\Roaming\isotope-4
2015-11-30 18:58 - 2015-11-30 18:58 - 00000000 ____D C:\ProgramData\jedec-08
2015-11-29 21:24 - 2015-11-29 21:58 - 00671528 _____ C:\TDSSKiller.3.1.0.6_29.11.2015_21.24.07_log.txt
2015-11-29 21:19 - 2015-11-29 21:23 - 00025671 _____ C:\Users\Marie-Luise\Desktop\Addition.txt
2015-11-29 21:19 - 2015-11-29 21:19 - 04397752 _____ (Kaspersky Lab ZAO) C:\Users\Marie-Luise\Desktop\tdsskiller.exe
2015-11-29 21:18 - 2015-11-30 20:45 - 00018646 _____ C:\Users\Marie-Luise\Desktop\FRST.txt
2015-11-29 21:18 - 2015-11-30 20:44 - 00000000 ____D C:\FRST
2015-11-29 21:17 - 2015-11-29 21:17 - 02350080 _____ (Farbar) C:\Users\Marie-Luise\Desktop\FRST64.exe
2015-11-29 20:47 - 2015-11-29 20:47 - 00001025 _____ C:\Users\Marie-Luise\Desktop\AdwCleaner[C1].txt
2015-11-29 20:13 - 2015-11-29 20:19 - 00000000 ____D C:\AdwCleaner
2015-11-29 20:08 - 2015-11-29 20:08 - 01733632 _____ C:\Users\Marie-Luise\Desktop\adwcleaner_5.022.exe
2015-11-29 20:00 - 2015-11-30 19:43 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-29 20:00 - 2015-11-29 20:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-11-29 19:59 - 2015-11-29 20:00 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-11-29 19:59 - 2015-11-29 19:59 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-11-29 19:59 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-11-29 19:59 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-11-29 19:59 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-11-29 19:57 - 2015-11-29 19:59 - 22908888 _____ (Malwarebytes ) C:\Users\Marie-Luise\Desktop\mbam-setup-2.2.0.1024.exe.part
2015-11-29 19:57 - 2015-11-29 19:58 - 22908888 _____ (Malwarebytes ) C:\Users\Marie-Luise\Desktop\mbam-setup-2.2.0.1024.exe
2015-11-29 19:51 - 2015-11-29 21:28 - 00000064 _____ C:\Users\Marie-Luise\.screenleap
2015-11-29 19:51 - 2015-11-29 20:29 - 00000000 ____D C:\Users\Marie-Luise\AppData\Local\Screenleap
2015-11-29 19:51 - 2015-11-29 19:51 - 00002000 _____ C:\Users\Marie-Luise\Desktop\Screenleap.lnk
2015-11-25 21:59 - 2015-11-30 19:05 - 00000000 ____D C:\Users\Marie-Luise\AppData\Roaming\pendulum-28
2015-11-18 19:00 - 2015-11-18 21:40 - 00000000 ____D C:\Users\Marie-Luise\AppData\Roaming\glonass-89
2015-11-15 17:20 - 2015-11-03 18:55 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-11-13 08:38 - 2015-10-20 19:42 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-11-13 08:38 - 2015-10-20 19:42 - 02608128 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-11-13 08:38 - 2015-10-20 19:42 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-11-13 08:38 - 2015-10-20 19:42 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-11-13 08:38 - 2015-10-20 19:42 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-11-13 08:38 - 2015-10-20 19:42 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-11-13 08:38 - 2015-10-20 19:42 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-11-13 08:38 - 2015-10-20 19:41 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-11-13 08:38 - 2015-10-20 19:41 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-11-13 08:38 - 2015-10-20 19:41 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-11-13 08:38 - 2015-10-20 19:41 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-11-13 08:38 - 2015-10-20 18:46 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-11-13 08:38 - 2015-10-20 18:46 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-11-13 08:38 - 2015-10-20 18:46 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-11-13 08:38 - 2015-10-20 18:46 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-11-13 08:38 - 2015-10-20 18:45 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-11-13 08:35 - 2015-11-03 23:10 - 00390344 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-11-13 08:35 - 2015-11-03 22:51 - 00342728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-11-13 08:35 - 2015-10-31 00:46 - 25818624 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-11-13 08:35 - 2015-10-31 00:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-11-13 08:35 - 2015-10-31 00:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-11-13 08:35 - 2015-10-31 00:25 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-11-13 08:35 - 2015-10-31 00:25 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-11-13 08:35 - 2015-10-31 00:25 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-11-13 08:35 - 2015-10-31 00:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-11-13 08:35 - 2015-10-31 00:24 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-11-13 08:35 - 2015-10-31 00:24 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-11-13 08:35 - 2015-10-31 00:17 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-11-13 08:35 - 2015-10-31 00:16 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-11-13 08:35 - 2015-10-31 00:13 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-11-13 08:35 - 2015-10-31 00:12 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-11-13 08:35 - 2015-10-31 00:12 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-11-13 08:35 - 2015-10-31 00:11 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-11-13 08:35 - 2015-10-31 00:11 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-11-13 08:35 - 2015-10-31 00:11 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-11-13 08:35 - 2015-10-31 00:04 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-11-13 08:35 - 2015-10-31 00:01 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-11-13 08:35 - 2015-10-30 23:58 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-11-13 08:35 - 2015-10-30 23:53 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-11-13 08:35 - 2015-10-30 23:52 - 20331520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-11-13 08:35 - 2015-10-30 23:49 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-11-13 08:35 - 2015-10-30 23:49 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-11-13 08:35 - 2015-10-30 23:47 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-11-13 08:35 - 2015-10-30 23:46 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-11-13 08:35 - 2015-10-30 23:46 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-11-13 08:35 - 2015-10-30 23:45 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-11-13 08:35 - 2015-10-30 23:45 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-11-13 08:35 - 2015-10-30 23:44 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-11-13 08:35 - 2015-10-30 23:44 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-11-13 08:35 - 2015-10-30 23:42 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-11-13 08:35 - 2015-10-30 23:39 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-11-13 08:35 - 2015-10-30 23:39 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-11-13 08:35 - 2015-10-30 23:37 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-11-13 08:35 - 2015-10-30 23:36 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-11-13 08:35 - 2015-10-30 23:36 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-11-13 08:35 - 2015-10-30 23:36 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-11-13 08:35 - 2015-10-30 23:34 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-11-13 08:35 - 2015-10-30 23:32 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-11-13 08:35 - 2015-10-30 23:31 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-11-13 08:35 - 2015-10-30 23:29 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-11-13 08:35 - 2015-10-30 23:29 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-11-13 08:35 - 2015-10-30 23:28 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-11-13 08:35 - 2015-10-30 23:23 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-11-13 08:35 - 2015-10-30 23:22 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-11-13 08:35 - 2015-10-30 23:21 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-11-13 08:35 - 2015-10-30 23:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-11-13 08:35 - 2015-10-30 23:18 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-11-13 08:35 - 2015-10-30 23:17 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-11-13 08:35 - 2015-10-30 23:17 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-11-13 08:35 - 2015-10-30 23:16 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-11-13 08:35 - 2015-10-30 23:11 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-11-13 08:35 - 2015-10-30 23:10 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-11-13 08:35 - 2015-10-30 23:09 - 12854272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-11-13 08:35 - 2015-10-30 23:09 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-11-13 08:35 - 2015-10-30 23:09 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-11-13 08:35 - 2015-10-30 23:04 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-11-13 08:35 - 2015-10-30 22:53 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-11-13 08:35 - 2015-10-30 22:51 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-11-13 08:35 - 2015-10-30 22:48 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-11-13 08:35 - 2015-10-30 22:46 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-11-13 08:33 - 2015-10-20 02:12 - 05570496 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-11-13 08:32 - 2015-10-20 02:12 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-11-13 08:32 - 2015-10-20 02:12 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-11-13 08:32 - 2015-10-20 02:09 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-11-13 08:32 - 2015-10-20 02:06 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-11-13 08:32 - 2015-10-20 02:06 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-11-13 08:32 - 2015-10-20 02:06 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-11-13 08:32 - 2015-10-20 02:06 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-11-13 08:32 - 2015-10-20 02:05 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-11-13 08:32 - 2015-10-20 02:05 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-11-13 08:32 - 2015-10-20 02:05 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-11-13 08:32 - 2015-10-20 02:05 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-11-13 08:32 - 2015-10-20 02:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-11-13 08:32 - 2015-10-20 02:05 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-11-13 08:32 - 2015-10-20 02:05 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-11-13 08:32 - 2015-10-20 02:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-11-13 08:32 - 2015-10-20 02:05 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-11-13 08:32 - 2015-10-20 02:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-11-13 08:32 - 2015-10-20 02:05 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-11-13 08:32 - 2015-10-20 02:05 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-11-13 08:32 - 2015-10-20 02:05 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-11-13 08:32 - 2015-10-20 02:05 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-11-13 08:32 - 2015-10-20 02:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-11-13 08:32 - 2015-10-20 02:05 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-11-13 08:32 - 2015-10-20 02:05 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-11-13 08:32 - 2015-10-20 02:05 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-11-13 08:32 - 2015-10-20 02:05 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-11-13 08:32 - 2015-10-20 02:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-11-13 08:32 - 2015-10-20 02:05 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-11-13 08:32 - 2015-10-20 02:04 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-11-13 08:32 - 2015-10-20 02:04 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-11-13 08:32 - 2015-10-20 02:04 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-11-13 08:32 - 2015-10-20 02:00 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-11-13 08:32 - 2015-10-20 01:59 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:52 - 03991488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-11-13 08:32 - 2015-10-20 01:52 - 03935680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-11-13 08:32 - 2015-10-20 01:48 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-11-13 08:32 - 2015-10-20 01:45 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-11-13 08:32 - 2015-10-20 01:45 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-11-13 08:32 - 2015-10-20 01:45 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-11-13 08:32 - 2015-10-20 01:45 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-11-13 08:32 - 2015-10-20 01:45 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-11-13 08:32 - 2015-10-20 01:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-11-13 08:32 - 2015-10-20 01:45 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-11-13 08:32 - 2015-10-20 01:45 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-11-13 08:32 - 2015-10-20 01:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-11-13 08:32 - 2015-10-20 01:45 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-11-13 08:32 - 2015-10-20 01:45 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-11-13 08:32 - 2015-10-20 01:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-11-13 08:32 - 2015-10-20 01:44 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-11-13 08:32 - 2015-10-20 01:44 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-11-13 08:32 - 2015-10-20 01:44 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-11-13 08:32 - 2015-10-20 01:44 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-11-13 08:32 - 2015-10-20 01:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-11-13 08:32 - 2015-10-20 01:44 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-11-13 08:32 - 2015-10-20 01:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-11-13 08:32 - 2015-10-20 01:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-11-13 08:32 - 2015-10-20 01:35 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-11-13 08:32 - 2015-10-20 01:35 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-11-13 08:32 - 2015-10-20 01:35 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:35 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 00:41 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-11-13 08:32 - 2015-10-20 00:40 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-11-13 08:32 - 2015-10-20 00:40 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-11-13 08:32 - 2015-10-20 00:29 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-11-13 08:32 - 2015-10-20 00:29 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-11-13 08:32 - 2015-10-20 00:27 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 00:27 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 00:27 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 00:27 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-11-13 08:32 - 2015-10-13 17:41 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-11-13 08:32 - 2015-10-13 17:40 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-11-13 08:32 - 2015-10-13 05:57 - 00950720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-11-13 08:32 - 2015-09-23 14:15 - 00460776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-11-13 08:32 - 2015-09-23 14:15 - 00299632 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2015-11-13 08:32 - 2015-09-23 14:09 - 00251000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2015-11-13 08:31 - 2015-10-01 19:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-11-13 08:31 - 2015-10-01 19:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-11-13 08:31 - 2015-10-01 18:50 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-11-11 21:39 - 2015-11-14 17:48 - 00000000 ____D C:\ProgramData\en

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-11-30 20:12 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2015-11-30 20:08 - 2015-08-18 19:53 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-11-30 19:50 - 2009-07-14 05:45 - 00031904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-30 19:50 - 2009-07-14 05:45 - 00031904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-30 19:47 - 2014-08-19 13:14 - 00699342 _____ C:\Windows\system32\perfh007.dat
2015-11-30 19:47 - 2014-08-19 13:14 - 00149450 _____ C:\Windows\system32\perfc007.dat
2015-11-30 19:47 - 2009-07-14 06:13 - 01619284 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-30 19:47 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2015-11-30 19:41 - 2014-08-19 03:53 - 00000000 ____D C:\ProgramData\Validity
2015-11-30 19:41 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-30 19:05 - 2015-10-25 21:10 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-11-30 18:58 - 2015-05-05 19:39 - 00000000 ____D C:\Users\Marie-Luise\AppData\Local\VirtualStore
2015-11-29 21:19 - 2009-07-14 04:20 - 00000000 ____D C:\Windows
2015-11-29 19:51 - 2015-05-05 19:38 - 00000000 ____D C:\Users\Marie-Luise
2015-11-18 21:52 - 2014-08-19 04:04 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2015-11-18 21:50 - 2014-08-19 04:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-11-17 18:25 - 2014-01-30 22:17 - 00000000 __SHD C:\Users\Marie-Luise\AppData\Roaming\aghubwrh
2015-11-16 18:49 - 2009-07-14 05:45 - 00353816 _____ C:\Windows\system32\FNTCACHE.DAT
2015-11-15 20:49 - 2014-08-18 20:55 - 00000000 ____D C:\ProgramData\Lenovo
2015-11-15 20:48 - 2014-08-19 03:55 - 00000000 ____D C:\Windows\System32\Tasks\TVT
2015-11-15 20:48 - 2014-08-19 03:51 - 00000000 ___HD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools
2015-11-15 20:48 - 2014-08-19 03:41 - 00000000 ____D C:\Program Files (x86)\Lenovo
2015-11-15 17:08 - 2015-08-18 19:53 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-11-15 17:08 - 2015-05-23 19:20 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-11-15 17:08 - 2015-05-23 19:20 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-13 08:37 - 2014-01-30 22:46 - 01593564 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-11-13 08:35 - 2014-02-03 15:34 - 00000000 ____D C:\Program Files\Windows Journal
2015-11-10 18:33 - 2015-05-16 12:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-11-10 18:33 - 2014-08-19 03:44 - 00000000 ____D C:\ProgramData\Package Cache
2015-11-09 18:32 - 2015-05-16 12:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-11-01 20:08 - 2015-07-05 19:31 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2015-05-25 17:00 - 2015-05-25 17:00 - 16342352 _____ (Geek Software GmbH                                          ) C:\Program Files (x86)\pdf24-creator-6.9.2.exe
2015-05-21 06:48 - 2015-05-21 06:48 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-08-19 03:53 - 2014-08-19 03:53 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-08-19 03:58 - 2014-08-19 03:59 - 0000107 _____ () C:\ProgramData\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}.log
2014-08-19 03:56 - 2014-08-19 03:57 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2014-08-19 03:57 - 2014-08-19 03:58 - 0000110 _____ () C:\ProgramData\{B7A0CE06-068E-11D6-97FD-0050BACBF861}.log
2014-08-19 03:58 - 2014-08-19 03:58 - 0000115 _____ () C:\ProgramData\{D6E853EC-8960-4D44-AF03-7361BB93227C}.log

Einige Dateien in TEMP:
====================
C:\Users\Marie-Luise\AppData\Local\Temp\avgnt.exe


Einige mit null Byte Größe Dateien/Ordner:
==========================
C:\Windows\SysWOW64\dlumd10.dll
C:\Windows\SysWOW64\dlumd11.dll
C:\Windows\SysWOW64\dlumd9.dll
C:\Windows\System32\dlumd10.dll
C:\Windows\System32\dlumd11.dll
C:\Windows\System32\dlumd9.dll

==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-11-30 20:04

==================== Ende von FRST.txt ============================
         
--- --- ---


Addition
Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:29-11-2015
durchgeführt von Marie-Luise (2015-11-30 20:45:23)
Gestartet von C:\Users\Marie-Luise\Desktop
Windows 7 Professional Service Pack 1 (X64) (2015-05-05 18:38:17)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-1401465016-1591747146-3379758321-500 - Administrator - Disabled)
Gast (S-1-5-21-1401465016-1591747146-3379758321-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1401465016-1591747146-3379758321-1002 - Limited - Enabled)
Marie-Luise (S-1-5-21-1401465016-1591747146-3379758321-1001 - Administrator - Enabled) => C:\Users\Marie-Luise

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.180 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.13.210 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{59c4462d-a177-4d44-a95b-deda1be79844}) (Version: 1.1.49.18939 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.49.18939 - Avira Operations GmbH & Co. KG) Hidden
Bing Bar (HKLM-x32\...\{3611CA6C-5FCA-4900-A329-6A118123CCFC}) (Version: 7.1.355.0 - Microsoft Corporation)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.64.62.50 - Conexant)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
DisplayLink Core Software (HKLM\...\{BB07E020-7224-4EC3-864E-2AA0BF42A7DD}) (Version: 7.4.51572.0 - DisplayLink Corp.)
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 16.1.20150424 - Landesfinanzdirektion Thüringen)
Energie-Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.64.1 - Lenovo Group Limited)
HP Officejet 6700 - Grundlegende Software für das Gerät (HKLM\...\{9086D601-50B7-491D-A143-28193DADE36B}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 6700 Hilfe (HKLM-x32\...\{E1AE0CB7-1333-4728-8520-CB3F88A252B4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Integrated Camera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 5.13.911.3 - Vimicro)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.10.1372 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3272 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 3.0.1332.1) (HKLM\...\{302600C1-6BDF-4FD1-1307-148929CC1385}) (Version: 3.1.1307.0366 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Intel(R) Update Manager (x32 Version: 1.6.3.70 - Intel Corporation) Hidden
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.2.32 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{F949AE30-83D1-41B2-92D2-F44478DD058A}) (Version: 4.2.24.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{7e493493-a430-4b7b-b8a2-48d61599e220}) (Version: 17.0.0 - Intel Corporation)
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 2.10 - )
Lenovo Fingerprint Manager (HKLM\...\{D6006D3A-B3F5-48DC-8CC0-D353912379F3}) (Version: 4.5.289.0 - Synaptics)
Lenovo Fingerprint Manager (HKLM\...\{F7AB2C19-6A27-4C75-A92A-8CC7C59E5FA2}) (Version: 4.5.289.0 - )
Lenovo Patch Utility (x32 Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.04 - )
Lenovo Solution Center (HKLM\...\{E92E1FF1-B188-43FE-BECA-2248E227E67D}) (Version: 2.8.005.00 - Lenovo Group Limited)
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.07.0013 - Lenovo)
Lenovo USB Graphics (HKLM\...\{7257526E-B74A-488E-BA2E-56327482B06B}) (Version: 7.4.51587.0 - Lenovo)
Lenovo USB3.0 to DVI VGA Monitor Adapter (HKLM-x32\...\{454D32AD-C149-49BE-9F2E-8C089C3D6620}) (Version: 1.07.15 - Lenovo)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0009.00 - Lenovo Group Limited)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0011.00 - Lenovo)
Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office Home and Student 2016 - de-de (HKLM\...\HomeStudentRetail - de-de) (Version: 16.0.6001.1038 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\...\OneDriveSetup.exe) (Version: 17.3.5951.0827 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{e6e75766-da0f-4ba2-9788-6ea593ce702d}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 11.302.09.04.382 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 42.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 de)) (Version: 42.0 - Mozilla)
Mozilla Thunderbird 31.7.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.7.0 (x86 de)) (Version: 31.7.0 - Mozilla)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6001.1038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6001.1038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6001.1038 - Microsoft Corporation) Hidden
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
PDF24 Creator 6.9.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.21234 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.73.618.2013 - Realtek)
Sony PC Companion 2.10.259 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.259 - Sony)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 18.0.7.40 - Synaptics Incorporated)
Thinkpad USB 3.0 Ethernet Adapter Driver (HKLM-x32\...\{D8102684-7BA1-4948-88B9-535F84E6E588}) (Version: 7.4.911.2013 - Lenovo)
ThinkVantage System für aktiven Festplattenschutz (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.78.0.11 - Lenovo)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows-Treiberpaket - Intel Corporation (iaStorA) HDC  (08/01/2013 12.8.0.1016) (HKLM\...\C8A921233C0C441A4E4EAABC2AB08C872FD77A6E) (Version: 08/01/2013 12.8.0.1016 - Intel Corporation)
Windows-Treiberpaket - Lenovo 1.67.04.04 (11/07/2013 1.67.04.04) (HKLM\...\70FB73D983446AEE2932B0ED51A770D1BD1348DA) (Version: 11/07/2013 1.67.04.04 - Lenovo)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Wiederherstellungspunkte =========================

15-11-2015 21:57:56 Windows Update
17-11-2015 18:31:47 Free Antivirus - 17.11.2015 18:31
30-11-2015 20:12:03 Geplanter Prüfpunkt
30-11-2015 20:41:04 JRT Pre-Junkware Removal

==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {16A98A40-6353-410F-BD28-5345C3E2DBFE} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2015-08-17] ()
Task: {170F753F-2D86-4F1F-9CE1-4AA1A116B757} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2015-08-17] (Lenovo)
Task: {2EFA6B85-313D-4DD0-B0EC-F2F364F27095} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {474F4629-0DE0-49C2-9D0C-EBF7918BE7D0} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2015-09-29] ()
Task: {4E62F553-C70D-4BC3-B8D2-453C72CBEFF9} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\Bootstrap.exe [2013-07-18] (Intel Corporation)
Task: {5F6F5F29-C047-400D-BD94-3D79F9F6CB0E} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PwmIdTsv.exe [2013-10-21] (Lenovo Group Limited)
Task: {7B3C18C9-06C4-485E-AEE2-91B94C98115F} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\Bootstrap.exe [2013-07-18] (Intel Corporation)
Task: {B2853026-549C-413A-AA6D-1DAF46B17F70} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2015-11-01] (Microsoft Corporation)
Task: {B9E972D3-A324-4B34-9048-0E6C4FC35A6E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2015-11-01] (Microsoft Corporation)
Task: {BDB79BDC-99DF-47C8-9513-0EFF6CD0C369} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2015-08-17] (Lenovo)
Task: {C3D0177B-A8A2-4DEE-B8BD-BDC9EAFD18DC} - System32\Tasks\StartPowerDVDService => C:\PROGRAM FILES (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe
Task: {CD821E1D-24FE-4AC5-AE1D-F3A372670DF9} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2015-08-17] ()
Task: {D29C9B0D-7B4F-442B-996D-3F2C93DED596} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2015-08-17] (Lenovo)
Task: {D5E0EB99-D92E-4F82-8685-FC48AC7298EE} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {E9CB273F-6CEF-4BA3-87EC-C20EE48E7600} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-15] (Adobe Systems Incorporated)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2014-08-19 03:51 - 2013-10-21 23:04 - 00117248 ____N () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL
2015-10-02 18:45 - 2015-11-01 02:11 - 00161448 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2010-05-08 12:48 - 2010-05-08 12:48 - 00229376 _____ () C:\ProgramData\DatacardService\DCService.exe
2014-08-19 03:39 - 2013-05-16 09:05 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\Windows:nlsPreferences

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)


==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{19CCF886-E8AC-4BE6-8588-095562D3E5F8}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{E6EE83DD-7E36-419E-9EAD-11E70FF5AC53}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{78EE11AE-7BAF-4D29-9A6B-D2DC562442FD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F8B03271-CC30-4390-B53F-321E951E6ECB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A3A91B0D-E7FA-477D-AC4E-3E9B2CCAE2B6}] => (Allow) C:\Program Files\HP\HP Officejet 6700\bin\FaxApplications.exe
FirewallRules: [{584F2355-8676-46E0-9165-282BAFE01DDC}] => (Allow) C:\Program Files\HP\HP Officejet 6700\bin\DigitalWizards.exe
FirewallRules: [{17525D02-32D4-4C7B-8D25-7D7E990BAECB}] => (Allow) C:\Program Files\HP\HP Officejet 6700\bin\SendAFax.exe
FirewallRules: [{C5EAB0C6-B0D9-4803-92E6-E3338DFEDD26}] => (Allow) C:\Program Files\HP\HP Officejet 6700\Bin\DeviceSetup.exe
FirewallRules: [{E3B484FE-6055-466D-B607-E6B57FF8676B}] => (Allow) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe
FirewallRules: [{0048073E-4041-42F9-94E3-F25516F9143D}] => (Allow) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{3D2F336D-7117-49FD-B8A2-FC194C9598F5}] => (Allow) C:\Users\Marie-Luise\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [{9D60C568-89F2-42DB-9DEC-7D1704875119}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E921CD51-E941-4B81-A1A6-C79D2F14FDCA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3C7F4936-989A-4354-81B0-7FA153E46F75}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{F808B78E-F593-47C1-B7ED-C600D8D5916B}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (11/30/2015 07:42:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/30/2015 07:05:34 PM) (Source: MsiInstaller) (EventID: 1024) (User: Marie-Notebook)
Description: Produkt: Adobe Acrobat Reader DC - Deutsch - Update "{AC76BA86-7AD7-0000-2550-AC0F094E6F00}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127

Error: (11/30/2015 06:52:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/29/2015 08:21:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/29/2015 07:32:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/28/2015 08:47:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/27/2015 06:52:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/25/2015 10:54:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/25/2015 09:51:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/24/2015 06:30:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


Systemfehler:
=============
Error: (11/30/2015 08:14:18 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "Windows7_OS" den Befehl "chkdsk" aus.

Error: (11/30/2015 08:14:17 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "Windows7_OS" den Befehl "chkdsk" aus.

Error: (11/30/2015 08:14:17 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "Windows7_OS" den Befehl "chkdsk" aus.

Error: (11/30/2015 08:14:16 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "Windows7_OS" den Befehl "chkdsk" aus.

Error: (11/30/2015 08:14:15 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "Windows7_OS" den Befehl "chkdsk" aus.

Error: (11/30/2015 08:14:14 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "Windows7_OS" den Befehl "chkdsk" aus.

Error: (11/30/2015 08:14:13 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "Windows7_OS" den Befehl "chkdsk" aus.

Error: (11/30/2015 08:14:12 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "Windows7_OS" den Befehl "chkdsk" aus.

Error: (11/30/2015 08:14:12 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "Windows7_OS" den Befehl "chkdsk" aus.

Error: (11/30/2015 08:14:11 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "Windows7_OS" den Befehl "chkdsk" aus.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i3-4100M CPU @ 2.50GHz
Prozentuale Nutzung des RAM: 46%
Installierter physikalischer RAM: 3810.46 MB
Verfügbarer physikalischer RAM: 2039.02 MB
Summe virtueller Speicher: 7619.12 MB
Verfügbarer virtueller Speicher: 5468.86 MB

==================== Laufwerke ================================

Drive c: (Windows7_OS) (Fixed) (Total:301.89 GB) (Free:252.77 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive d: (Volume) (Fixed) (Total:146.48 GB) (Free:120.8 GB) NTFS
Drive q: (Lenovo_Recovery) (Fixed) (Total:15.92 GB) (Free:4.03 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 49FC2C21)
Partition 1: (Active) - (Size=1.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=301.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=146.5 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=15.9 GB) - (Type=07 NTFS)

==================== Ende von Addition.txt ============================
         

Alt 30.11.2015, 19:52   #13
M-K-D-B
/// TB-Ausbilder
 
Windows7: Trojaner, registy befallen, HKU, HKCU - Standard

Windows7: Trojaner, registy befallen, HKU, HKCU



Servus,




Hinweis: Der Suchlauf mit ESET kann länger dauern.







Schritt 1
Downloade dir die passende Version von HitmanPro auf deinen Desktop: HitmanPro - 32 Bit | HitmanPro - 64 Bit.
  • Starte die HitmanPro.exe
  • Klicke auf
  • Entferne den Haken bei
  • Klicke auf
    und
  • Akzeptiere die Lizenzbedingungen und klicke auf
  • Klicke auf

    und auf
  • Wenn der Scan beendet wurde, nichts löschen lassen etc. sondern wähle unten links auf der Button-Leiste
    und speichere die Logdatei auf Deinem Desktop.
  • Schließe HitmanPro und poste mir das Log.

 







Schritt 2

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset








Schritt 3
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Untersuchen.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei von HitmanPro,
  • die Logdatei von ESET,
  • die beiden neuen Logdateien von FRST.
__________________
offline: 16.09. bis 20.09.
____________________________________

Das Trojaner-Board unterstützen

Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?

Alt 30.11.2015, 21:16   #14
Marie Schauk
 
Windows7: Trojaner, registy befallen, HKU, HKCU - Standard

Windows7: Trojaner, registy befallen, HKU, HKCU



Hallo,
hier die Logdatei HitmanPro

Code:
ATTFilter
HitmanPro 3.7.10.251
www.hitmanpro.com

   Computer name . . . . : MARIE-NOTEBOOK
   Windows . . . . . . . : 6.1.1.7601.X64/4
   User name . . . . . . : Marie-Notebook\Marie-Luise
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2015-11-30 21:01:33
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 3m 47s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 3

   Objects scanned . . . : 1.594.400
   Files scanned . . . . : 12.456
   Remnants scanned  . . : 201.452 files / 1.380.492 keys

Suspicious files ____________________________________________________________

   C:\ProgramData\jedec-08\jedec-8.exe
      Size . . . . . . . : 439.624 bytes
      Age  . . . . . . . : 0.1 days (2015-11-30 18:58:32)
      Entropy  . . . . . : 7.8
      SHA-256  . . . . . : 9C9B997A01907D797A4ED4D80CF0994E86FF94FB225970913A25AA0928FD1418
      Product  . . . . . : Symantec Shared Components
      Publisher  . . . . : Enterprise Fighter
      Description  . . . : Symantec Shared Component
      Version  . . . . . : 3.7.6.3
      Copyright  . . . . : Copyright (c) 2010 Symantec Corporation. All rights reserved.
      RSA Key Size . . . : 2048
      LanguageID . . . . : 1033
      Authenticode . . . : Invalid
      Fuzzy  . . . . . . : 32.0
         Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Program starts automatically without user intervention.
         Uses the Windows Registry to run each time the user logs on.
         Time indicates that the file appeared recently on this computer.
         The file appears to be part of an installation package or setup program. This is typical for most programs.
      Startup
         HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jedec-22
      Forensic Cluster
          0.0s C:\ProgramData\jedec-08\
          0.0s C:\ProgramData\jedec-08\jedec-8.exe
          0.4s C:\Users\Marie-Luise\AppData\Local\VirtualStore\Windows\SysWOW64\
          0.4s C:\Users\Marie-Luise\AppData\Local\VirtualStore\Windows\
          0.4s C:\Users\Marie-Luise\AppData\Local\VirtualStore\Windows\SysWOW64\쑧ཡ\

   C:\Users\Marie-Luise\Desktop\FRST64.exe
      Size . . . . . . . : 2.350.080 bytes
      Age  . . . . . . . : 1.0 days (2015-11-29 21:17:42)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 30CA3A4AACEF0010BC8EFDCCD96E0D319D3F64E70058EB3D45D9B8F11455F773
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
         
Log file ESET
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=0319899dd0f94649832c7c76301c9987
# end=init
# utc_time=2015-11-30 08:09:44
# local_time=2015-11-30 09:09:44 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 26978
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=0319899dd0f94649832c7c76301c9987
# end=updated
# utc_time=2015-11-30 08:14:54
# local_time=2015-11-30 09:14:54 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=0319899dd0f94649832c7c76301c9987
# engine=26978
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-11-30 09:02:59
# local_time=2015-11-30 10:02:59 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 15641512 200547229 0 0
# scanned=164836
# found=8
# cleaned=0
# scan_time=2885
sh=60919026F989953B9B75A2B53ED81B666862D550 ft=1 fh=a0eb4d35b0d10d8c vn="Win32/TrojanDownloader.Nymaim.BA Trojaner" ac=I fn="C:\ProgramData\jedec-08\jedec-8.exe"
sh=60919026F989953B9B75A2B53ED81B666862D550 ft=1 fh=a0eb4d35b0d10d8c vn="Win32/TrojanDownloader.Nymaim.BA Trojaner" ac=I fn="C:\Users\All Users\jedec-08\jedec-8.exe"
sh=709919F2DF08E8E228223DCE26E5086DE4B13252 ft=1 fh=f9249cec26af20c4 vn="Variante von Win32/Kryptik.EGPY Trojaner" ac=I fn="C:\Users\Marie-Luise\AppData\Roaming\isotope-4\isotope-66.exe"
sh=2DFE16FF0E5EAEC4DD1BCA5528D101275B2306CE ft=1 fh=7f251695af4b4876 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Marie-Luise\Downloads\OpenOffice - CHIP-Installer.exe"
sh=813F3597C58FAA3BEA33996CBEDACBF10BEE6465 ft=1 fh=36bbe7146b0b791c vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Marie-Luise\Downloads\PDF24 Creator - CHIP-Installer.exe"
sh=FA76B7BE6E6C95BB40B51032DFFADC02C420E7BD ft=1 fh=246ca42c6e945b5a vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Marie-Luise\Downloads\Skype - CHIP-Installer.exe"
sh=3499B0B236DF2BAAD00B0F13A59AEB081F866BA5 ft=1 fh=e6f6e1ebb4631a06 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Marie-Luise\Downloads\Sony PC Companion - CHIP-Installer.exe"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Variante von Win32/PSW.Papras.EH Trojaner" ac=I fn="${Memory}"
         
Vielen Dank für die bisherige Hilfe!!!
Anbei die beiden Dateien.
FRST.txt
Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:29-11-2015
durchgeführt von Marie-Luise (Administrator) auf MARIE-NOTEBOOK (30-11-2015 22:14:01)
Gestartet von C:\Users\Marie-Luise\Desktop
Geladene Profile: Marie-Luise (Verfügbare Profile: Marie-Luise)
Platform: Windows 7 Professional Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
() C:\ProgramData\DatacardService\DCService.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe
(Screenleap, Inc.) C:\Users\Marie-Luise\AppData\Local\Screenleap\Screenleap.exe
(Docking Station) C:\Program Files (x86)\Lenovo\USB3.0 DVI Adapter\igpxtskmgn64win7.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicatorCom.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Validity Sensors, Inc.) C:\Program Files\Lenovo Fingerprint Reader\ValBioService.exe
(Validity Sensors, Inc.) C:\Program Files\Lenovo Fingerprint Reader\SwipeMonitor.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.EXE


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [900704 2013-03-15] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [384344 2013-11-29] (Lenovo.)
HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [184112 2012-09-17] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2810608 2014-04-07] (Synaptics Incorporated)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-05-16] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-10-21] (Intel Corporation)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [552960 2013-05-14] (Vimicro)
HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [782520 2015-10-11] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66320 2015-10-14] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\...\Run: [HP Officejet 6700 (NET)] => C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\...\Run: [Screenleap] => C:\Users\Marie-Luise\AppData\Local\Screenleap\Screenleap.exe [2856992 2015-11-29] (Screenleap, Inc.)
HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\...\Run: [jedec-22] => C:\ProgramData\jedec-08\jedec-8.exe [439624 2015-11-30] (Enterprise Fighter)
HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\...\RunOnce: [Uninstall C:\Users\Marie-Luise\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Marie-Luise\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\amd64"
HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\...\RunOnce: [isotope-53] => C:\Users\Marie-Luise\AppData\Roaming\isotope-4\isotope-66.exe [619520 2015-11-30] (American Megatrends, Inc)
HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\...\MountPoints2: {8225d693-4841-11e5-9626-f8165465672d} - E:\AutoRun.exe
HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\...\MountPoints2: {de3f79ed-2748-11e4-b820-806e6f6e6963} - Q:\LenovoQDrive.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\igpxtskmgn.lnk [2014-08-19]
ShortcutTarget: igpxtskmgn.lnk -> C:\Program Files (x86)\Lenovo\USB3.0 DVI Adapter\igpxtskmgn64win7.exe (Docking Station)
Startup: C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2015-10-02]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\blvds-12.lnk [2015-11-30]
ShortcutTarget: blvds-12.lnk -> C:\Users\Marie-Luise\AppData\Roaming\blvds-47\blvds-56.exe (Intel(R) Corporation)
Startup: C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 6700 (Netzwerk).lnk [2015-11-30]
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet 6700 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet 6700\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{B3636DED-3BAF-45B6-A1E8-E155B3A14D72}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13-comm.msn.com/?pc=LNJB
HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad
HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
SearchScopes: HKU\S-1-5-21-1401465016-1591747146-3379758321-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2015-11-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2015-11-01] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2015-11-01] (Microsoft Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2015-11-01] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-11-01] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-11-01] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-11-01] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-11-01] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012
FF Homepage: hxxp://www.jugendlosungen.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-15] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-15] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-05-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-05-16] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2015-11-01] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Extension: GMX MailCheck - C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\extensions\mailcheck@gmx.net [2015-11-18]
FF Extension: Adblock Plus - C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-11-29]
FF HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] [ist nicht signiert]

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - hxxp://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [932912 2015-10-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [461672 2015-10-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [461672 2015-10-11] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1147720 2015-10-14] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [243968 2015-10-14] (Avira Operations GmbH & Co. KG)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2869432 2015-11-01] (Microsoft Corporation)
R2 DCService.exe; C:\ProgramData\DatacardService\DCService.exe [229376 2010-05-08] () [Datei ist nicht signiert]
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [9281840 2013-10-11] (DisplayLink Corp.)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [Datei ist nicht signiert]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-05-16] (Intel Corporation)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [136288 2012-08-10] (Lenovo Group Limited)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272424 2015-08-17] (Lenovo)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-17] ()
S3 Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software) [Datei ist nicht signiert]
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [21536 2015-09-29] ()
R2 ValBioService; C:\Program Files\Lenovo Fingerprint Reader\ValBioService.exe [22776 2015-03-03] (Validity Sensors, Inc.)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [49968 2015-03-03] (Synaptics Incorporated)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-01-17] (Intel® Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [163544 2015-10-11] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [141416 2015-09-01] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-04-16] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [74952 2015-10-11] (Avira Operations GmbH & Co. KG)
R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [132920 2013-04-23] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1385272 2013-08-08] (Motorola Solutions, Inc.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [250368 2010-04-07] (Huawei Technologies Co., Ltd.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-02] (Intel Corporation)
R3 ibtusb; C:\Windows\System32\DRIVERS\ibtusb.sys [113096 2013-08-20] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-11-30] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw02.sys [3429344 2014-02-18] (Intel Corporation)
R3 RTSPER; C:\Windows\System32\DRIVERS\RtsPer.sys [418008 2013-06-24] (Realsil Semiconductor Corporation)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [31472 2014-04-07] (Synaptics Incorporated)
S3 tvtvcamd; C:\Windows\System32\DRIVERS\tvtvcamd.sys [27432 2013-09-26] (ThinkVantage Communications Utility)
R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [206744 2013-06-20] (Windows (R) Win 7 DDK provider)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [1065344 2013-09-11] (Vimicro Corporation)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-11-30 21:04 - 2015-11-30 21:04 - 02870984 _____ (ESET) C:\Users\Marie-Luise\Desktop\esetsmartinstaller_deu.exe
2015-11-30 21:00 - 2015-11-30 21:07 - 00000000 ____D C:\ProgramData\HitmanPro
2015-11-30 20:59 - 2015-11-30 20:59 - 11337112 _____ (SurfRight B.V.) C:\Users\Marie-Luise\Desktop\HitmanPro_x64.exe
2015-11-30 20:54 - 2015-11-30 20:54 - 00000000 ____D C:\Users\Marie-Luise\AppData\Local\CrashRpt
2015-11-30 20:42 - 2015-11-30 20:42 - 00001027 _____ C:\Users\Marie-Luise\Desktop\JRT.txt
2015-11-30 20:41 - 2015-11-30 20:41 - 00000000 ____D C:\Users\Marie-Luise\AppData\Roaming\blvds-47
2015-11-30 20:40 - 2015-11-30 20:40 - 00000000 ____D C:\ProgramData\diode-06
2015-11-30 20:39 - 2015-11-30 20:39 - 01599336 _____ (Malwarebytes) C:\Users\Marie-Luise\Desktop\JRT.exe
2015-11-30 19:38 - 2015-11-30 19:40 - 00002401 _____ C:\Users\Marie-Luise\Desktop\Fixlog.txt
2015-11-30 19:01 - 2015-11-30 19:01 - 00000000 ____D C:\Users\Marie-Luise\AppData\Roaming\isotope-4
2015-11-30 18:58 - 2015-11-30 18:58 - 00000000 ____D C:\ProgramData\jedec-08
2015-11-29 21:24 - 2015-11-29 21:58 - 00671528 _____ C:\TDSSKiller.3.1.0.6_29.11.2015_21.24.07_log.txt
2015-11-29 21:19 - 2015-11-30 20:45 - 00025194 _____ C:\Users\Marie-Luise\Desktop\Addition.txt
2015-11-29 21:19 - 2015-11-29 21:19 - 04397752 _____ (Kaspersky Lab ZAO) C:\Users\Marie-Luise\Desktop\tdsskiller.exe
2015-11-29 21:18 - 2015-11-30 22:14 - 00021302 _____ C:\Users\Marie-Luise\Desktop\FRST.txt
2015-11-29 21:18 - 2015-11-30 22:14 - 00000000 ____D C:\FRST
2015-11-29 21:17 - 2015-11-29 21:17 - 02350080 _____ (Farbar) C:\Users\Marie-Luise\Desktop\FRST64.exe
2015-11-29 20:47 - 2015-11-29 20:47 - 00001025 _____ C:\Users\Marie-Luise\Desktop\AdwCleaner[C1].txt
2015-11-29 20:13 - 2015-11-29 20:19 - 00000000 ____D C:\AdwCleaner
2015-11-29 20:08 - 2015-11-29 20:08 - 01733632 _____ C:\Users\Marie-Luise\Desktop\adwcleaner_5.022.exe
2015-11-29 20:00 - 2015-11-30 21:31 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-29 20:00 - 2015-11-29 20:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-11-29 19:59 - 2015-11-29 20:00 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-11-29 19:59 - 2015-11-29 19:59 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-11-29 19:59 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-11-29 19:59 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-11-29 19:59 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-11-29 19:57 - 2015-11-29 19:59 - 22908888 _____ (Malwarebytes ) C:\Users\Marie-Luise\Desktop\mbam-setup-2.2.0.1024.exe.part
2015-11-29 19:57 - 2015-11-29 19:58 - 22908888 _____ (Malwarebytes ) C:\Users\Marie-Luise\Desktop\mbam-setup-2.2.0.1024.exe
2015-11-29 19:51 - 2015-11-29 21:28 - 00000064 _____ C:\Users\Marie-Luise\.screenleap
2015-11-29 19:51 - 2015-11-29 20:29 - 00000000 ____D C:\Users\Marie-Luise\AppData\Local\Screenleap
2015-11-29 19:51 - 2015-11-29 19:51 - 00002000 _____ C:\Users\Marie-Luise\Desktop\Screenleap.lnk
2015-11-25 21:59 - 2015-11-30 19:05 - 00000000 ____D C:\Users\Marie-Luise\AppData\Roaming\pendulum-28
2015-11-18 19:00 - 2015-11-18 21:40 - 00000000 ____D C:\Users\Marie-Luise\AppData\Roaming\glonass-89
2015-11-15 17:20 - 2015-11-03 18:55 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-11-13 08:38 - 2015-10-20 19:42 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-11-13 08:38 - 2015-10-20 19:42 - 02608128 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-11-13 08:38 - 2015-10-20 19:42 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-11-13 08:38 - 2015-10-20 19:42 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-11-13 08:38 - 2015-10-20 19:42 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-11-13 08:38 - 2015-10-20 19:42 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-11-13 08:38 - 2015-10-20 19:42 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-11-13 08:38 - 2015-10-20 19:41 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-11-13 08:38 - 2015-10-20 19:41 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-11-13 08:38 - 2015-10-20 19:41 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-11-13 08:38 - 2015-10-20 19:41 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-11-13 08:38 - 2015-10-20 18:46 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-11-13 08:38 - 2015-10-20 18:46 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-11-13 08:38 - 2015-10-20 18:46 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-11-13 08:38 - 2015-10-20 18:46 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-11-13 08:38 - 2015-10-20 18:45 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-11-13 08:35 - 2015-11-03 23:10 - 00390344 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-11-13 08:35 - 2015-11-03 22:51 - 00342728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-11-13 08:35 - 2015-10-31 00:46 - 25818624 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-11-13 08:35 - 2015-10-31 00:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-11-13 08:35 - 2015-10-31 00:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-11-13 08:35 - 2015-10-31 00:25 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-11-13 08:35 - 2015-10-31 00:25 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-11-13 08:35 - 2015-10-31 00:25 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-11-13 08:35 - 2015-10-31 00:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-11-13 08:35 - 2015-10-31 00:24 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-11-13 08:35 - 2015-10-31 00:24 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-11-13 08:35 - 2015-10-31 00:17 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-11-13 08:35 - 2015-10-31 00:16 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-11-13 08:35 - 2015-10-31 00:13 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-11-13 08:35 - 2015-10-31 00:12 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-11-13 08:35 - 2015-10-31 00:12 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-11-13 08:35 - 2015-10-31 00:11 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-11-13 08:35 - 2015-10-31 00:11 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-11-13 08:35 - 2015-10-31 00:11 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-11-13 08:35 - 2015-10-31 00:04 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-11-13 08:35 - 2015-10-31 00:01 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-11-13 08:35 - 2015-10-30 23:58 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-11-13 08:35 - 2015-10-30 23:53 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-11-13 08:35 - 2015-10-30 23:52 - 20331520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-11-13 08:35 - 2015-10-30 23:49 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-11-13 08:35 - 2015-10-30 23:49 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-11-13 08:35 - 2015-10-30 23:47 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-11-13 08:35 - 2015-10-30 23:46 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-11-13 08:35 - 2015-10-30 23:46 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-11-13 08:35 - 2015-10-30 23:45 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-11-13 08:35 - 2015-10-30 23:45 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-11-13 08:35 - 2015-10-30 23:44 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-11-13 08:35 - 2015-10-30 23:44 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-11-13 08:35 - 2015-10-30 23:42 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-11-13 08:35 - 2015-10-30 23:39 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-11-13 08:35 - 2015-10-30 23:39 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-11-13 08:35 - 2015-10-30 23:37 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-11-13 08:35 - 2015-10-30 23:36 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-11-13 08:35 - 2015-10-30 23:36 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-11-13 08:35 - 2015-10-30 23:36 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-11-13 08:35 - 2015-10-30 23:34 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-11-13 08:35 - 2015-10-30 23:32 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-11-13 08:35 - 2015-10-30 23:31 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-11-13 08:35 - 2015-10-30 23:29 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-11-13 08:35 - 2015-10-30 23:29 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-11-13 08:35 - 2015-10-30 23:28 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-11-13 08:35 - 2015-10-30 23:23 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-11-13 08:35 - 2015-10-30 23:22 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-11-13 08:35 - 2015-10-30 23:21 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-11-13 08:35 - 2015-10-30 23:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-11-13 08:35 - 2015-10-30 23:18 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-11-13 08:35 - 2015-10-30 23:17 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-11-13 08:35 - 2015-10-30 23:17 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-11-13 08:35 - 2015-10-30 23:16 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-11-13 08:35 - 2015-10-30 23:11 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-11-13 08:35 - 2015-10-30 23:10 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-11-13 08:35 - 2015-10-30 23:09 - 12854272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-11-13 08:35 - 2015-10-30 23:09 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-11-13 08:35 - 2015-10-30 23:09 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-11-13 08:35 - 2015-10-30 23:04 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-11-13 08:35 - 2015-10-30 22:53 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-11-13 08:35 - 2015-10-30 22:51 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-11-13 08:35 - 2015-10-30 22:48 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-11-13 08:35 - 2015-10-30 22:46 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-11-13 08:33 - 2015-10-20 02:12 - 05570496 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-11-13 08:32 - 2015-10-20 02:12 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-11-13 08:32 - 2015-10-20 02:12 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-11-13 08:32 - 2015-10-20 02:09 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-11-13 08:32 - 2015-10-20 02:06 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-11-13 08:32 - 2015-10-20 02:06 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-11-13 08:32 - 2015-10-20 02:06 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-11-13 08:32 - 2015-10-20 02:06 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-11-13 08:32 - 2015-10-20 02:05 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-11-13 08:32 - 2015-10-20 02:05 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-11-13 08:32 - 2015-10-20 02:05 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-11-13 08:32 - 2015-10-20 02:05 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-11-13 08:32 - 2015-10-20 02:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-11-13 08:32 - 2015-10-20 02:05 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-11-13 08:32 - 2015-10-20 02:05 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-11-13 08:32 - 2015-10-20 02:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-11-13 08:32 - 2015-10-20 02:05 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-11-13 08:32 - 2015-10-20 02:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-11-13 08:32 - 2015-10-20 02:05 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-11-13 08:32 - 2015-10-20 02:05 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-11-13 08:32 - 2015-10-20 02:05 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-11-13 08:32 - 2015-10-20 02:05 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-11-13 08:32 - 2015-10-20 02:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-11-13 08:32 - 2015-10-20 02:05 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-11-13 08:32 - 2015-10-20 02:05 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-11-13 08:32 - 2015-10-20 02:05 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-11-13 08:32 - 2015-10-20 02:05 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-11-13 08:32 - 2015-10-20 02:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-11-13 08:32 - 2015-10-20 02:05 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-11-13 08:32 - 2015-10-20 02:04 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-11-13 08:32 - 2015-10-20 02:04 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-11-13 08:32 - 2015-10-20 02:04 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-11-13 08:32 - 2015-10-20 02:00 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-11-13 08:32 - 2015-10-20 01:59 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:52 - 03991488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-11-13 08:32 - 2015-10-20 01:52 - 03935680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-11-13 08:32 - 2015-10-20 01:48 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-11-13 08:32 - 2015-10-20 01:45 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-11-13 08:32 - 2015-10-20 01:45 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-11-13 08:32 - 2015-10-20 01:45 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-11-13 08:32 - 2015-10-20 01:45 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-11-13 08:32 - 2015-10-20 01:45 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-11-13 08:32 - 2015-10-20 01:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-11-13 08:32 - 2015-10-20 01:45 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-11-13 08:32 - 2015-10-20 01:45 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-11-13 08:32 - 2015-10-20 01:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-11-13 08:32 - 2015-10-20 01:45 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-11-13 08:32 - 2015-10-20 01:45 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-11-13 08:32 - 2015-10-20 01:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-11-13 08:32 - 2015-10-20 01:44 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-11-13 08:32 - 2015-10-20 01:44 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-11-13 08:32 - 2015-10-20 01:44 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-11-13 08:32 - 2015-10-20 01:44 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-11-13 08:32 - 2015-10-20 01:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-11-13 08:32 - 2015-10-20 01:44 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-11-13 08:32 - 2015-10-20 01:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-11-13 08:32 - 2015-10-20 01:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-11-13 08:32 - 2015-10-20 01:35 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-11-13 08:32 - 2015-10-20 01:35 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-11-13 08:32 - 2015-10-20 01:35 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:35 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 00:41 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-11-13 08:32 - 2015-10-20 00:40 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-11-13 08:32 - 2015-10-20 00:40 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-11-13 08:32 - 2015-10-20 00:29 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-11-13 08:32 - 2015-10-20 00:29 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-11-13 08:32 - 2015-10-20 00:27 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 00:27 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 00:27 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 00:27 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-11-13 08:32 - 2015-10-13 17:41 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-11-13 08:32 - 2015-10-13 17:40 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-11-13 08:32 - 2015-10-13 05:57 - 00950720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-11-13 08:32 - 2015-09-23 14:15 - 00460776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-11-13 08:32 - 2015-09-23 14:15 - 00299632 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2015-11-13 08:32 - 2015-09-23 14:09 - 00251000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2015-11-13 08:31 - 2015-10-01 19:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-11-13 08:31 - 2015-10-01 19:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-11-13 08:31 - 2015-10-01 18:50 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-11-11 21:39 - 2015-11-14 17:48 - 00000000 ____D C:\ProgramData\en

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-11-30 22:08 - 2015-08-18 19:53 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-11-30 21:01 - 2009-07-14 05:45 - 00031904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-30 21:01 - 2009-07-14 05:45 - 00031904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-30 21:00 - 2014-08-19 13:14 - 00699342 _____ C:\Windows\system32\perfh007.dat
2015-11-30 21:00 - 2014-08-19 13:14 - 00149450 _____ C:\Windows\system32\perfc007.dat
2015-11-30 21:00 - 2009-07-14 06:13 - 01619284 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-30 21:00 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2015-11-30 20:53 - 2014-08-19 03:53 - 00000000 ____D C:\ProgramData\Validity
2015-11-30 20:53 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-30 20:45 - 2009-07-14 04:20 - 00000000 ____D C:\Windows
2015-11-30 20:12 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2015-11-30 19:05 - 2015-10-25 21:10 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-11-30 18:58 - 2015-05-05 19:39 - 00000000 ____D C:\Users\Marie-Luise\AppData\Local\VirtualStore
2015-11-29 19:51 - 2015-05-05 19:38 - 00000000 ____D C:\Users\Marie-Luise
2015-11-18 21:52 - 2014-08-19 04:04 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2015-11-18 21:50 - 2014-08-19 04:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-11-17 18:25 - 2014-01-30 22:17 - 00000000 __SHD C:\Users\Marie-Luise\AppData\Roaming\aghubwrh
2015-11-16 18:49 - 2009-07-14 05:45 - 00353816 _____ C:\Windows\system32\FNTCACHE.DAT
2015-11-15 20:49 - 2014-08-18 20:55 - 00000000 ____D C:\ProgramData\Lenovo
2015-11-15 20:48 - 2014-08-19 03:55 - 00000000 ____D C:\Windows\System32\Tasks\TVT
2015-11-15 20:48 - 2014-08-19 03:51 - 00000000 ___HD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools
2015-11-15 20:48 - 2014-08-19 03:41 - 00000000 ____D C:\Program Files (x86)\Lenovo
2015-11-15 17:08 - 2015-08-18 19:53 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-11-15 17:08 - 2015-05-23 19:20 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-11-15 17:08 - 2015-05-23 19:20 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-13 08:37 - 2014-01-30 22:46 - 01593564 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-11-13 08:35 - 2014-02-03 15:34 - 00000000 ____D C:\Program Files\Windows Journal
2015-11-10 18:33 - 2015-05-16 12:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-11-10 18:33 - 2014-08-19 03:44 - 00000000 ____D C:\ProgramData\Package Cache
2015-11-09 18:32 - 2015-05-16 12:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-11-01 20:08 - 2015-07-05 19:31 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2015-05-25 17:00 - 2015-05-25 17:00 - 16342352 _____ (Geek Software GmbH                                          ) C:\Program Files (x86)\pdf24-creator-6.9.2.exe
2015-05-21 06:48 - 2015-05-21 06:48 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-08-19 03:53 - 2014-08-19 03:53 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-08-19 03:58 - 2014-08-19 03:59 - 0000107 _____ () C:\ProgramData\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}.log
2014-08-19 03:56 - 2014-08-19 03:57 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2014-08-19 03:57 - 2014-08-19 03:58 - 0000110 _____ () C:\ProgramData\{B7A0CE06-068E-11D6-97FD-0050BACBF861}.log
2014-08-19 03:58 - 2014-08-19 03:58 - 0000115 _____ () C:\ProgramData\{D6E853EC-8960-4D44-AF03-7361BB93227C}.log

Einige Dateien in TEMP:
====================
C:\Users\Marie-Luise\AppData\Local\Temp\avgnt.exe


Einige mit null Byte Größe Dateien/Ordner:
==========================
C:\Windows\SysWOW64\dlumd10.dll
C:\Windows\SysWOW64\dlumd11.dll
C:\Windows\SysWOW64\dlumd9.dll
C:\Windows\System32\dlumd10.dll
C:\Windows\System32\dlumd11.dll
C:\Windows\System32\dlumd9.dll

==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-11-30 20:04

==================== Ende von FRST.txt ============================
         
und Addition.txt

Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:29-11-2015
durchgeführt von Marie-Luise (2015-11-30 22:14:42)
Gestartet von C:\Users\Marie-Luise\Desktop
Windows 7 Professional Service Pack 1 (X64) (2015-05-05 18:38:17)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-1401465016-1591747146-3379758321-500 - Administrator - Disabled)
Gast (S-1-5-21-1401465016-1591747146-3379758321-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1401465016-1591747146-3379758321-1002 - Limited - Enabled)
Marie-Luise (S-1-5-21-1401465016-1591747146-3379758321-1001 - Administrator - Enabled) => C:\Users\Marie-Luise

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.180 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.13.210 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{59c4462d-a177-4d44-a95b-deda1be79844}) (Version: 1.1.49.18939 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.49.18939 - Avira Operations GmbH & Co. KG) Hidden
Bing Bar (HKLM-x32\...\{3611CA6C-5FCA-4900-A329-6A118123CCFC}) (Version: 7.1.355.0 - Microsoft Corporation)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.64.62.50 - Conexant)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
DisplayLink Core Software (HKLM\...\{BB07E020-7224-4EC3-864E-2AA0BF42A7DD}) (Version: 7.4.51572.0 - DisplayLink Corp.)
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 16.1.20150424 - Landesfinanzdirektion Thüringen)
Energie-Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.64.1 - Lenovo Group Limited)
HP Officejet 6700 - Grundlegende Software für das Gerät (HKLM\...\{9086D601-50B7-491D-A143-28193DADE36B}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 6700 Hilfe (HKLM-x32\...\{E1AE0CB7-1333-4728-8520-CB3F88A252B4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Integrated Camera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 5.13.911.3 - Vimicro)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.10.1372 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3272 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 3.0.1332.1) (HKLM\...\{302600C1-6BDF-4FD1-1307-148929CC1385}) (Version: 3.1.1307.0366 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Intel(R) Update Manager (x32 Version: 1.6.3.70 - Intel Corporation) Hidden
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.2.32 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{F949AE30-83D1-41B2-92D2-F44478DD058A}) (Version: 4.2.24.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{7e493493-a430-4b7b-b8a2-48d61599e220}) (Version: 17.0.0 - Intel Corporation)
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 2.10 - )
Lenovo Fingerprint Manager (HKLM\...\{D6006D3A-B3F5-48DC-8CC0-D353912379F3}) (Version: 4.5.289.0 - Synaptics)
Lenovo Fingerprint Manager (HKLM\...\{F7AB2C19-6A27-4C75-A92A-8CC7C59E5FA2}) (Version: 4.5.289.0 - )
Lenovo Patch Utility (x32 Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.04 - )
Lenovo Solution Center (HKLM\...\{E92E1FF1-B188-43FE-BECA-2248E227E67D}) (Version: 2.8.005.00 - Lenovo Group Limited)
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.07.0013 - Lenovo)
Lenovo USB Graphics (HKLM\...\{7257526E-B74A-488E-BA2E-56327482B06B}) (Version: 7.4.51587.0 - Lenovo)
Lenovo USB3.0 to DVI VGA Monitor Adapter (HKLM-x32\...\{454D32AD-C149-49BE-9F2E-8C089C3D6620}) (Version: 1.07.15 - Lenovo)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0009.00 - Lenovo Group Limited)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0011.00 - Lenovo)
Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office Home and Student 2016 - de-de (HKLM\...\HomeStudentRetail - de-de) (Version: 16.0.6001.1038 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\...\OneDriveSetup.exe) (Version: 17.3.5951.0827 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{e6e75766-da0f-4ba2-9788-6ea593ce702d}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 11.302.09.04.382 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 42.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 de)) (Version: 42.0 - Mozilla)
Mozilla Thunderbird 31.7.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.7.0 (x86 de)) (Version: 31.7.0 - Mozilla)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6001.1038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6001.1038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6001.1038 - Microsoft Corporation) Hidden
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
PDF24 Creator 6.9.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.21234 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.73.618.2013 - Realtek)
Sony PC Companion 2.10.259 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.259 - Sony)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 18.0.7.40 - Synaptics Incorporated)
Thinkpad USB 3.0 Ethernet Adapter Driver (HKLM-x32\...\{D8102684-7BA1-4948-88B9-535F84E6E588}) (Version: 7.4.911.2013 - Lenovo)
ThinkVantage System für aktiven Festplattenschutz (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.78.0.11 - Lenovo)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows-Treiberpaket - Intel Corporation (iaStorA) HDC  (08/01/2013 12.8.0.1016) (HKLM\...\C8A921233C0C441A4E4EAABC2AB08C872FD77A6E) (Version: 08/01/2013 12.8.0.1016 - Intel Corporation)
Windows-Treiberpaket - Lenovo 1.67.04.04 (11/07/2013 1.67.04.04) (HKLM\...\70FB73D983446AEE2932B0ED51A770D1BD1348DA) (Version: 11/07/2013 1.67.04.04 - Lenovo)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Wiederherstellungspunkte =========================

15-11-2015 21:57:56 Windows Update
17-11-2015 18:31:47 Free Antivirus - 17.11.2015 18:31
30-11-2015 20:12:03 Geplanter Prüfpunkt
30-11-2015 20:41:04 JRT Pre-Junkware Removal

==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {16A98A40-6353-410F-BD28-5345C3E2DBFE} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2015-08-17] ()
Task: {170F753F-2D86-4F1F-9CE1-4AA1A116B757} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2015-08-17] (Lenovo)
Task: {2EFA6B85-313D-4DD0-B0EC-F2F364F27095} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {474F4629-0DE0-49C2-9D0C-EBF7918BE7D0} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2015-09-29] ()
Task: {4E62F553-C70D-4BC3-B8D2-453C72CBEFF9} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\Bootstrap.exe [2013-07-18] (Intel Corporation)
Task: {5F6F5F29-C047-400D-BD94-3D79F9F6CB0E} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PwmIdTsv.exe [2013-10-21] (Lenovo Group Limited)
Task: {7B3C18C9-06C4-485E-AEE2-91B94C98115F} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\Bootstrap.exe [2013-07-18] (Intel Corporation)
Task: {B2853026-549C-413A-AA6D-1DAF46B17F70} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2015-11-01] (Microsoft Corporation)
Task: {B9E972D3-A324-4B34-9048-0E6C4FC35A6E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2015-11-01] (Microsoft Corporation)
Task: {BDB79BDC-99DF-47C8-9513-0EFF6CD0C369} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2015-08-17] (Lenovo)
Task: {C3D0177B-A8A2-4DEE-B8BD-BDC9EAFD18DC} - System32\Tasks\StartPowerDVDService => C:\PROGRAM FILES (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe
Task: {CD821E1D-24FE-4AC5-AE1D-F3A372670DF9} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2015-08-17] ()
Task: {D29C9B0D-7B4F-442B-996D-3F2C93DED596} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2015-08-17] (Lenovo)
Task: {D5E0EB99-D92E-4F82-8685-FC48AC7298EE} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {E9CB273F-6CEF-4BA3-87EC-C20EE48E7600} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-15] (Adobe Systems Incorporated)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2014-08-19 03:51 - 2013-10-21 23:04 - 00117248 ____N () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL
2015-10-02 18:45 - 2015-11-01 02:11 - 00161448 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2010-05-08 12:48 - 2010-05-08 12:48 - 00229376 _____ () C:\ProgramData\DatacardService\DCService.exe
2014-08-19 03:45 - 2010-10-26 05:40 - 00049056 _____ () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
2014-08-19 03:39 - 2013-05-16 09:05 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-05-16 22:15 - 2015-05-07 21:20 - 03350640 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2015-05-16 22:15 - 2015-05-07 21:20 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2015-05-16 22:15 - 2015-05-07 21:20 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\Windows:nlsPreferences

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)


==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{19CCF886-E8AC-4BE6-8588-095562D3E5F8}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{E6EE83DD-7E36-419E-9EAD-11E70FF5AC53}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{78EE11AE-7BAF-4D29-9A6B-D2DC562442FD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F8B03271-CC30-4390-B53F-321E951E6ECB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A3A91B0D-E7FA-477D-AC4E-3E9B2CCAE2B6}] => (Allow) C:\Program Files\HP\HP Officejet 6700\bin\FaxApplications.exe
FirewallRules: [{584F2355-8676-46E0-9165-282BAFE01DDC}] => (Allow) C:\Program Files\HP\HP Officejet 6700\bin\DigitalWizards.exe
FirewallRules: [{17525D02-32D4-4C7B-8D25-7D7E990BAECB}] => (Allow) C:\Program Files\HP\HP Officejet 6700\bin\SendAFax.exe
FirewallRules: [{C5EAB0C6-B0D9-4803-92E6-E3338DFEDD26}] => (Allow) C:\Program Files\HP\HP Officejet 6700\Bin\DeviceSetup.exe
FirewallRules: [{E3B484FE-6055-466D-B607-E6B57FF8676B}] => (Allow) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe
FirewallRules: [{0048073E-4041-42F9-94E3-F25516F9143D}] => (Allow) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{3D2F336D-7117-49FD-B8A2-FC194C9598F5}] => (Allow) C:\Users\Marie-Luise\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [{9D60C568-89F2-42DB-9DEC-7D1704875119}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E921CD51-E941-4B81-A1A6-C79D2F14FDCA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3C7F4936-989A-4354-81B0-7FA153E46F75}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{F808B78E-F593-47C1-B7ED-C600D8D5916B}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (11/30/2015 10:07:30 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (11/30/2015 09:09:21 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (11/30/2015 09:09:10 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (11/30/2015 09:04:58 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (11/30/2015 08:54:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/30/2015 07:42:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/30/2015 07:05:34 PM) (Source: MsiInstaller) (EventID: 1024) (User: Marie-Notebook)
Description: Produkt: Adobe Acrobat Reader DC - Deutsch - Update "{AC76BA86-7AD7-0000-2550-AC0F094E6F00}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127

Error: (11/30/2015 06:52:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/29/2015 08:21:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/29/2015 07:32:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


Systemfehler:
=============
Error: (11/30/2015 09:14:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275

Error: (11/30/2015 09:14:51 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\MARIE-~1\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (11/30/2015 09:14:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275

Error: (11/30/2015 09:14:50 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\MARIE-~1\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (11/30/2015 09:14:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275

Error: (11/30/2015 09:14:50 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\MARIE-~1\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (11/30/2015 09:10:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275

Error: (11/30/2015 09:10:57 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\MARIE-~1\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (11/30/2015 09:10:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275

Error: (11/30/2015 09:10:56 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\MARIE-~1\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i3-4100M CPU @ 2.50GHz
Prozentuale Nutzung des RAM: 62%
Installierter physikalischer RAM: 3810.46 MB
Verfügbarer physikalischer RAM: 1443.87 MB
Summe virtueller Speicher: 7619.12 MB
Verfügbarer virtueller Speicher: 4518.07 MB

==================== Laufwerke ================================

Drive c: (Windows7_OS) (Fixed) (Total:301.89 GB) (Free:252.38 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive d: (Volume) (Fixed) (Total:146.48 GB) (Free:120.8 GB) NTFS
Drive q: (Lenovo_Recovery) (Fixed) (Total:15.92 GB) (Free:4.03 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 49FC2C21)
Partition 1: (Active) - (Size=1.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=301.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=146.5 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=15.9 GB) - (Type=07 NTFS)

==================== Ende von Addition.txt ============================
         

Alt 01.12.2015, 12:58   #15
M-K-D-B
/// TB-Ausbilder
 
Windows7: Trojaner, registy befallen, HKU, HKCU - Standard

Windows7: Trojaner, registy befallen, HKU, HKCU



Servus,



Auf ins Gefecht...




Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
ATTFilter
start
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\...\Run: [jedec-22] => C:\ProgramData\jedec-08\jedec-8.exe [439624 2015-11-30] (Enterprise Fighter)
C:\ProgramData\jedec-08
HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\...\RunOnce: [isotope-53] => C:\Users\Marie-Luise\AppData\Roaming\isotope-4\isotope-66.exe [619520 2015-11-30] (American Megatrends, Inc)
C:\Users\Marie-Luise\AppData\Roaming\isotope-4
Startup: C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\blvds-12.lnk [2015-11-30]
C:\Users\Marie-Luise\AppData\Roaming\blvds-47
C:\ProgramData\diode-06
C:\ProgramData\jedec-08
C:\Users\Marie-Luise\AppData\Roaming\pendulum-28
C:\Users\Marie-Luise\AppData\Roaming\glonass-89
C:\Users\Marie-Luise\AppData\Roaming\aghubwrh
C:\Users\Marie-Luise\Downloads\*CHIP-Installer.exe
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
Folder: C:\Users\Marie-Luise\AppData\Roaming
Folder: C:\ProgramData
EmptyTemp:
end
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.







Schritt 2
Lade dir die passende Version von SystemLook vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop:
SystemLook (32 bit) | SystemLook (64 bit)
  • Doppelklicke auf die SystemLook.exe, um das Tool zu starten.
  • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

    Code:
    ATTFilter
    :filefind
    *isotope-4*
    *blvds-47*
    *diode-06*
    *jedec-08*
    *pendulum-28*
    *glonass-89*
    
    :folderfind
    *isotope-4*
    *blvds-47*
    *diode-06*
    *jedec-08*
    *pendulum-28*
    *glonass-89*
    
    :regfind
    isotope-4
    blvds-47
    diode-06
    jedec-08
    pendulum-28
    glonass-89
             
  • Klicke nun auf den Button Look, um den Scan zu starten.
  • Der Suchlauf kann einige Zeit dauern.
  • Wenn der Suchlauf beendet ist, wird sich dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
  • Die Ergebnisse werden auch auf dem Desktop als SystemLook.txt gespeichert.







Schritt 3
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.




Bitte poste mit deiner nächsten Antwort
  • die Logdatei des FRST-Fix,
  • die Logdatei von SystemLook,
  • die beiden neuen Logdateien von FRST.
__________________
offline: 16.09. bis 20.09.
____________________________________

Das Trojaner-Board unterstützen

Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?

Antwort

Themen zu Windows7: Trojaner, registy befallen, HKU, HKCU
avira, bericht, betriebssystem, browser, bytes, code, dateien, desktop, einstellungen, entfernen, erstellt, gelöscht, internetbrowser, log, malware, ordner, quarantäne, server, service, software, suche, trojaner, windows, windows 7, winsock



Ähnliche Themen: Windows7: Trojaner, registy befallen, HKU, HKCU


  1. GVU Trojaner Windows7
    Log-Analyse und Auswertung - 12.02.2014 (17)
  2. Malware in Hkcu/Microsoft/Windows/CurrentVersion/Run/BackgroundContainer
    Plagegeister aller Art und deren Bekämpfung - 14.12.2013 (18)
  3. GVU Trojaner Windows7
    Log-Analyse und Auswertung - 06.08.2013 (4)
  4. GVU-Trojaner Windows7
    Plagegeister aller Art und deren Bekämpfung - 25.07.2013 (25)
  5. GVU Trojaner, Windows7
    Plagegeister aller Art und deren Bekämpfung - 29.05.2013 (9)
  6. 2 Trojaner gefunden HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Ytnaopy
    Log-Analyse und Auswertung - 24.05.2013 (56)
  7. HKCU\Software\APN PIP gefunden mit awd
    Plagegeister aller Art und deren Bekämpfung - 26.04.2013 (12)
  8. Trojaner in HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run nicht dauerhaft löschbar
    Plagegeister aller Art und deren Bekämpfung - 27.02.2013 (32)
  9. Trojaner Trojan.Agent.Gen in HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Run¦1
    Log-Analyse und Auswertung - 02.02.2013 (24)
  10. 59 Funde mit Malwarebyts (Registy)
    Plagegeister aller Art und deren Bekämpfung - 07.01.2013 (23)
  11. (2x) HKCU Virus entfernen?
    Mülltonne - 29.12.2012 (2)
  12. PUP.crossfire.SA in HKCU/Software/InstalledBrowserExtensions
    Log-Analyse und Auswertung - 29.10.2012 (15)
  13. HKCU/HKLM programme nicht löschbar
    Log-Analyse und Auswertung - 19.01.2011 (1)
  14. cc löschte teile der Registy
    Alles rund um Windows - 20.03.2010 (10)
  15. HKCU/HKLM - C:\dir\install\server.exe
    Log-Analyse und Auswertung - 10.03.2010 (7)
  16. HijackThis Logfile O4 - HKCU\..\Run: [AV] C:\Program Files\AV\Antivir.exe
    Log-Analyse und Auswertung - 18.01.2010 (1)
  17. 50 mal TR/Click.AdClicer.c, Registy gesperrt , System Ordner weg..
    Log-Analyse und Auswertung - 12.12.2009 (6)

Zum Thema Windows7: Trojaner, registy befallen, HKU, HKCU - AVIRA hat einen Virus/ Trojaner gefunden. Habe die betreffenden Dateien in Quarantäne geschickt. In den Tagen danach kamen erneut zwei Virusmeldungen. Habe Malware heruntergeladen, Suche ergab keine Treffer. Systemprüfung mit - Windows7: Trojaner, registy befallen, HKU, HKCU...
Archiv
Du betrachtest: Windows7: Trojaner, registy befallen, HKU, HKCU auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.