| |
| |||||||
Log-Analyse und Auswertung: Windows7: Trojaner, registy befallen, HKU, HKCUWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
| |
29.11.2015, 20:52
| #1 |
 |  Windows7: Trojaner, registy befallen, HKU, HKCU AVIRA hat einen Virus/ Trojaner gefunden. Habe die betreffenden Dateien in Quarantäne geschickt. In den Tagen danach kamen erneut zwei Virusmeldungen. Habe Malware heruntergeladen, Suche ergab keine Treffer. Systemprüfung mit AdwCleaner: 2 Funde in der Registy. Kann mir jemand helfen, den Virus/ Trojaner komplett zu entfernen? Untenstehend die LOG vom AdwCleaner und die letzte logfile von Avira Vielen, herzlichen Dank, Marie AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v5.022 - Bericht erstellt am 29/11/2015 um 20:19:08
# Aktualisiert am 22/11/2015 von Xplode
# Datenbank : 2015-11-29.2 [Server]
# Betriebssystem : Windows 7 Professional Service Pack 1 (x64)
# Benutzername : Marie-Luise - MARIE-NOTEBOOK
# Gestartet von : C:\Users\Marie-Luise\Desktop\adwcleaner_5.022.exe
# Option : Löschen
# Unterstützung : hxxp://toolslib.net/forum
***** [ Dienste ] *****
***** [ Ordner ] *****
***** [ Dateien ] *****
***** [ DLLs ] *****
***** [ Verknüpfungen ] *****
***** [ Aufgabenplanung ] *****
***** [ Registrierungsdatenbank ] *****
[-] Schlüssel Gelöscht : HKCU\Software\OCS
[-] Schlüssel Gelöscht : HKU\S-1-5-21-1401465016-1591747146-3379758321-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\OCS
***** [ Internetbrowser ] *****
*************************
:: "Tracing" Schlüssel gelöscht
:: Winsock Einstellungen zurückgesetzt
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [944 Bytes] ##########
Letzte logfile von Antivira: Code:
ATTFilter Free Antivirus
Erstellungsdatum der Reportdatei: Samstag, 28. November 2015 21:06
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Free
Seriennummer : 0000149996-AVHOE-0000001
Plattform : Windows 7 Professional
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : MARIE-NOTEBOOK
Versionsinformationen:
BUILD.DAT : 15.0.13.210 92152 Bytes 05.10.2015 15:51:00
AVSCAN.EXE : 15.0.13.202 1183208 Bytes 11.10.2015 18:10:03
AVSCANRC.DLL : 15.0.13.158 67688 Bytes 11.10.2015 18:10:03
LUKE.DLL : 15.0.13.190 69248 Bytes 11.10.2015 18:10:13
AVSCPLR.DLL : 15.0.13.202 106352 Bytes 11.10.2015 18:10:03
REPAIR.DLL : 15.0.13.193 517328 Bytes 11.10.2015 18:10:02
REPAIR.RDF : 1.0.12.48 1359646 Bytes 27.11.2015 18:03:05
AVREG.DLL : 15.0.13.193 339632 Bytes 11.10.2015 18:10:02
AVLODE.DLL : 15.0.13.193 633688 Bytes 11.10.2015 18:10:01
AVLODE.RDF : 14.0.5.6 84211 Bytes 31.08.2015 19:47:03
XBV00029.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:23:57
XBV00030.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:23:57
XBV00031.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:23:57
XBV00032.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:23:57
XBV00033.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:23:57
XBV00034.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:23:57
XBV00035.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:23:57
XBV00036.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:23:57
XBV00037.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:23:57
XBV00038.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:23:57
XBV00039.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:23:57
XBV00040.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:23:57
XBV00041.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:23:57
XBV00154.VDF : 8.12.28.114 2048 Bytes 17.11.2015 18:02:59
XBV00155.VDF : 8.12.28.114 2048 Bytes 17.11.2015 18:02:59
XBV00156.VDF : 8.12.28.114 2048 Bytes 17.11.2015 18:02:59
XBV00157.VDF : 8.12.28.114 2048 Bytes 17.11.2015 18:02:59
XBV00158.VDF : 8.12.28.114 2048 Bytes 17.11.2015 18:03:00
XBV00159.VDF : 8.12.28.114 2048 Bytes 17.11.2015 18:03:00
XBV00160.VDF : 8.12.28.114 2048 Bytes 17.11.2015 18:03:00
XBV00161.VDF : 8.12.28.114 2048 Bytes 17.11.2015 18:03:00
XBV00162.VDF : 8.12.28.114 2048 Bytes 17.11.2015 18:03:00
XBV00163.VDF : 8.12.28.114 2048 Bytes 17.11.2015 18:03:00
XBV00164.VDF : 8.12.28.114 2048 Bytes 17.11.2015 18:03:00
XBV00165.VDF : 8.12.28.114 2048 Bytes 17.11.2015 18:03:00
XBV00166.VDF : 8.12.28.114 2048 Bytes 17.11.2015 18:03:00
XBV00167.VDF : 8.12.28.114 2048 Bytes 17.11.2015 18:03:00
XBV00168.VDF : 8.12.28.114 2048 Bytes 17.11.2015 18:03:00
XBV00169.VDF : 8.12.28.114 2048 Bytes 17.11.2015 18:03:00
XBV00170.VDF : 8.12.28.114 2048 Bytes 17.11.2015 18:03:00
XBV00171.VDF : 8.12.28.114 2048 Bytes 17.11.2015 18:03:00
XBV00172.VDF : 8.12.28.114 2048 Bytes 17.11.2015 18:03:00
XBV00173.VDF : 8.12.28.114 2048 Bytes 17.11.2015 18:03:00
XBV00174.VDF : 8.12.28.114 2048 Bytes 17.11.2015 18:03:00
XBV00175.VDF : 8.12.28.114 2048 Bytes 17.11.2015 18:03:00
XBV00176.VDF : 8.12.28.114 2048 Bytes 17.11.2015 18:03:00
XBV00177.VDF : 8.12.28.114 2048 Bytes 17.11.2015 18:03:00
XBV00178.VDF : 8.12.28.114 2048 Bytes 17.11.2015 18:03:00
XBV00179.VDF : 8.12.28.114 2048 Bytes 17.11.2015 18:03:00
XBV00180.VDF : 8.12.28.114 2048 Bytes 17.11.2015 18:03:00
XBV00181.VDF : 8.12.28.114 2048 Bytes 17.11.2015 18:03:00
XBV00182.VDF : 8.12.28.114 2048 Bytes 17.11.2015 18:03:00
XBV00183.VDF : 8.12.28.114 2048 Bytes 17.11.2015 18:03:00
XBV00184.VDF : 8.12.28.114 2048 Bytes 17.11.2015 18:03:00
XBV00185.VDF : 8.12.28.114 2048 Bytes 17.11.2015 18:03:00
XBV00186.VDF : 8.12.28.114 2048 Bytes 17.11.2015 18:03:00
XBV00187.VDF : 8.12.28.114 2048 Bytes 17.11.2015 18:03:00
XBV00188.VDF : 8.12.28.114 2048 Bytes 17.11.2015 18:03:00
XBV00189.VDF : 8.12.28.114 2048 Bytes 17.11.2015 18:03:00
XBV00190.VDF : 8.12.28.114 2048 Bytes 17.11.2015 18:03:00
XBV00191.VDF : 8.12.28.114 2048 Bytes 17.11.2015 18:03:01
XBV00192.VDF : 8.12.28.114 2048 Bytes 17.11.2015 18:03:01
XBV00193.VDF : 8.12.28.114 2048 Bytes 17.11.2015 18:03:01
XBV00194.VDF : 8.12.28.114 2048 Bytes 17.11.2015 18:03:01
XBV00195.VDF : 8.12.28.114 2048 Bytes 17.11.2015 18:03:01
XBV00196.VDF : 8.12.28.114 2048 Bytes 17.11.2015 18:03:01
XBV00197.VDF : 8.12.28.114 2048 Bytes 17.11.2015 18:03:01
XBV00198.VDF : 8.12.28.114 2048 Bytes 17.11.2015 18:03:01
XBV00199.VDF : 8.12.28.114 2048 Bytes 17.11.2015 18:03:01
XBV00200.VDF : 8.12.28.114 2048 Bytes 17.11.2015 18:03:01
XBV00201.VDF : 8.12.28.114 2048 Bytes 17.11.2015 18:03:01
XBV00202.VDF : 8.12.28.114 2048 Bytes 17.11.2015 18:03:01
XBV00203.VDF : 8.12.28.114 2048 Bytes 17.11.2015 18:03:01
XBV00204.VDF : 8.12.28.114 2048 Bytes 17.11.2015 18:03:01
XBV00205.VDF : 8.12.28.114 2048 Bytes 17.11.2015 18:03:01
XBV00206.VDF : 8.12.28.114 2048 Bytes 17.11.2015 18:03:01
XBV00207.VDF : 8.12.28.114 2048 Bytes 17.11.2015 18:03:01
XBV00208.VDF : 8.12.28.114 2048 Bytes 17.11.2015 18:03:01
XBV00209.VDF : 8.12.28.114 2048 Bytes 17.11.2015 18:03:01
XBV00210.VDF : 8.12.28.114 2048 Bytes 17.11.2015 18:03:01
XBV00211.VDF : 8.12.28.114 2048 Bytes 17.11.2015 18:03:01
XBV00212.VDF : 8.12.28.114 2048 Bytes 17.11.2015 18:03:01
XBV00213.VDF : 8.12.28.114 2048 Bytes 17.11.2015 18:03:01
XBV00214.VDF : 8.12.28.114 2048 Bytes 17.11.2015 18:03:01
XBV00215.VDF : 8.12.28.114 2048 Bytes 17.11.2015 18:03:01
XBV00216.VDF : 8.12.28.114 2048 Bytes 17.11.2015 18:03:01
XBV00217.VDF : 8.12.28.114 2048 Bytes 17.11.2015 18:03:01
XBV00218.VDF : 8.12.28.114 2048 Bytes 17.11.2015 18:03:01
XBV00219.VDF : 8.12.28.114 2048 Bytes 17.11.2015 18:03:01
XBV00220.VDF : 8.12.28.114 2048 Bytes 17.11.2015 18:03:01
XBV00221.VDF : 8.12.28.114 2048 Bytes 17.11.2015 18:03:01
XBV00222.VDF : 8.12.28.114 2048 Bytes 17.11.2015 18:03:02
XBV00223.VDF : 8.12.28.114 2048 Bytes 17.11.2015 18:03:02
XBV00224.VDF : 8.12.28.114 2048 Bytes 17.11.2015 18:03:02
XBV00225.VDF : 8.12.28.114 2048 Bytes 17.11.2015 18:03:02
XBV00226.VDF : 8.12.28.114 2048 Bytes 17.11.2015 18:03:02
XBV00227.VDF : 8.12.28.114 2048 Bytes 17.11.2015 18:03:02
XBV00228.VDF : 8.12.28.114 2048 Bytes 17.11.2015 18:03:02
XBV00229.VDF : 8.12.28.114 2048 Bytes 17.11.2015 18:03:02
XBV00230.VDF : 8.12.28.114 2048 Bytes 17.11.2015 18:03:02
XBV00231.VDF : 8.12.28.114 2048 Bytes 17.11.2015 18:03:02
XBV00232.VDF : 8.12.28.114 2048 Bytes 17.11.2015 18:03:02
XBV00233.VDF : 8.12.28.114 2048 Bytes 17.11.2015 18:03:02
XBV00234.VDF : 8.12.28.114 2048 Bytes 17.11.2015 18:03:02
XBV00235.VDF : 8.12.28.114 2048 Bytes 17.11.2015 18:03:02
XBV00236.VDF : 8.12.28.114 2048 Bytes 17.11.2015 18:03:02
XBV00237.VDF : 8.12.28.114 2048 Bytes 17.11.2015 18:03:02
XBV00238.VDF : 8.12.28.114 2048 Bytes 17.11.2015 18:03:02
XBV00239.VDF : 8.12.28.114 2048 Bytes 17.11.2015 18:03:02
XBV00240.VDF : 8.12.28.114 2048 Bytes 17.11.2015 18:03:02
XBV00241.VDF : 8.12.28.114 2048 Bytes 17.11.2015 18:03:02
XBV00242.VDF : 8.12.28.114 2048 Bytes 17.11.2015 18:03:02
XBV00243.VDF : 8.12.28.114 2048 Bytes 17.11.2015 18:03:02
XBV00244.VDF : 8.12.28.114 2048 Bytes 17.11.2015 18:03:02
XBV00245.VDF : 8.12.28.114 2048 Bytes 17.11.2015 18:03:02
XBV00246.VDF : 8.12.28.114 2048 Bytes 17.11.2015 18:03:02
XBV00247.VDF : 8.12.28.114 2048 Bytes 17.11.2015 18:03:02
XBV00248.VDF : 8.12.28.114 2048 Bytes 17.11.2015 18:03:02
XBV00249.VDF : 8.12.28.114 2048 Bytes 17.11.2015 18:03:02
XBV00250.VDF : 8.12.28.114 2048 Bytes 17.11.2015 18:03:02
XBV00251.VDF : 8.12.28.114 2048 Bytes 17.11.2015 18:03:02
XBV00252.VDF : 8.12.28.114 2048 Bytes 17.11.2015 18:03:02
XBV00253.VDF : 8.12.28.114 2048 Bytes 17.11.2015 18:03:02
XBV00254.VDF : 8.12.28.114 2048 Bytes 17.11.2015 18:03:03
XBV00255.VDF : 8.12.28.114 2048 Bytes 17.11.2015 18:03:03
XBV00000.VDF : 7.11.70.0 66736640 Bytes 04.04.2013 13:23:57
XBV00001.VDF : 7.11.74.226 2201600 Bytes 30.04.2013 13:23:57
XBV00002.VDF : 7.11.80.60 2751488 Bytes 28.05.2013 13:23:57
XBV00003.VDF : 7.11.85.214 2162688 Bytes 21.06.2013 13:23:57
XBV00004.VDF : 7.11.91.176 3903488 Bytes 23.07.2013 13:23:57
XBV00005.VDF : 7.11.98.186 6822912 Bytes 29.08.2013 13:23:57
XBV00006.VDF : 7.11.139.38 15708672 Bytes 27.03.2014 13:23:57
XBV00007.VDF : 7.11.152.100 4193792 Bytes 02.06.2014 13:23:57
XBV00008.VDF : 8.11.165.192 4251136 Bytes 07.08.2014 13:23:57
XBV00009.VDF : 8.11.172.30 2094080 Bytes 15.09.2014 13:23:57
XBV00010.VDF : 8.11.178.32 1581056 Bytes 14.10.2014 13:23:57
XBV00011.VDF : 8.11.184.50 2178560 Bytes 11.11.2014 13:23:57
XBV00012.VDF : 8.11.190.32 1876992 Bytes 03.12.2014 13:23:57
XBV00013.VDF : 8.11.201.28 2973696 Bytes 14.01.2015 13:23:57
XBV00014.VDF : 8.11.206.252 2695680 Bytes 04.02.2015 13:23:57
XBV00015.VDF : 8.11.213.84 3175936 Bytes 03.03.2015 13:23:57
XBV00016.VDF : 8.11.213.176 212480 Bytes 05.03.2015 13:23:57
XBV00017.VDF : 8.11.219.166 2033664 Bytes 25.03.2015 13:23:57
XBV00018.VDF : 8.11.225.88 2367488 Bytes 22.04.2015 11:48:07
XBV00019.VDF : 8.11.230.186 1674752 Bytes 13.05.2015 11:48:08
XBV00020.VDF : 8.11.237.30 4711936 Bytes 02.06.2015 18:55:50
XBV00021.VDF : 8.11.243.12 2747904 Bytes 26.06.2015 18:27:16
XBV00022.VDF : 8.11.248.172 2350592 Bytes 17.07.2015 09:25:53
XBV00023.VDF : 8.11.254.112 2570752 Bytes 07.08.2015 07:06:21
XBV00024.VDF : 8.12.3.6 2196480 Bytes 27.08.2015 18:04:01
XBV00025.VDF : 8.12.8.238 1951232 Bytes 16.09.2015 12:28:20
XBV00026.VDF : 8.12.16.180 2211328 Bytes 07.10.2015 09:54:27
XBV00027.VDF : 8.12.21.126 2252288 Bytes 27.10.2015 21:45:21
XBV00028.VDF : 8.12.28.114 2935296 Bytes 17.11.2015 18:02:56
XBV00042.VDF : 8.12.28.118 33792 Bytes 17.11.2015 18:02:56
XBV00043.VDF : 8.12.28.122 39424 Bytes 17.11.2015 18:02:56
XBV00044.VDF : 8.12.28.124 2048 Bytes 18.11.2015 18:02:56
XBV00045.VDF : 8.12.28.128 51712 Bytes 18.11.2015 18:02:56
XBV00046.VDF : 8.12.28.130 2048 Bytes 18.11.2015 18:02:56
XBV00047.VDF : 8.12.28.132 14336 Bytes 18.11.2015 18:02:56
XBV00048.VDF : 8.12.28.158 10752 Bytes 18.11.2015 18:02:56
XBV00049.VDF : 8.12.28.184 5632 Bytes 18.11.2015 18:02:56
XBV00050.VDF : 8.12.28.210 3584 Bytes 18.11.2015 18:02:56
XBV00051.VDF : 8.12.28.236 10240 Bytes 18.11.2015 18:02:56
XBV00052.VDF : 8.12.29.6 27136 Bytes 18.11.2015 18:02:56
XBV00053.VDF : 8.12.29.8 3072 Bytes 18.11.2015 18:02:56
XBV00054.VDF : 8.12.29.10 15360 Bytes 18.11.2015 18:02:56
XBV00055.VDF : 8.12.29.12 2048 Bytes 18.11.2015 18:02:56
XBV00056.VDF : 8.12.29.14 2048 Bytes 18.11.2015 18:02:56
XBV00057.VDF : 8.12.29.16 13312 Bytes 18.11.2015 17:55:12
XBV00058.VDF : 8.12.29.18 2048 Bytes 18.11.2015 17:55:13
XBV00059.VDF : 8.12.29.20 15360 Bytes 18.11.2015 17:55:13
XBV00060.VDF : 8.12.29.22 6144 Bytes 18.11.2015 17:55:13
XBV00061.VDF : 8.12.29.24 6144 Bytes 18.11.2015 17:55:13
XBV00062.VDF : 8.12.29.26 13312 Bytes 18.11.2015 17:55:13
XBV00063.VDF : 8.12.29.28 15872 Bytes 18.11.2015 17:55:13
XBV00064.VDF : 8.12.29.52 39424 Bytes 19.11.2015 17:55:13
XBV00065.VDF : 8.12.29.72 8192 Bytes 19.11.2015 17:55:13
XBV00066.VDF : 8.12.29.92 13824 Bytes 19.11.2015 17:55:13
XBV00067.VDF : 8.12.29.112 2048 Bytes 19.11.2015 17:55:13
XBV00068.VDF : 8.12.29.156 62464 Bytes 19.11.2015 17:41:21
XBV00069.VDF : 8.12.29.176 2048 Bytes 19.11.2015 17:41:21
XBV00070.VDF : 8.12.29.196 17408 Bytes 19.11.2015 17:41:21
XBV00071.VDF : 8.12.29.198 2048 Bytes 19.11.2015 17:41:21
XBV00072.VDF : 8.12.29.200 2048 Bytes 19.11.2015 17:41:21
XBV00073.VDF : 8.12.29.202 2048 Bytes 19.11.2015 17:41:21
XBV00074.VDF : 8.12.29.204 2048 Bytes 19.11.2015 17:41:21
XBV00075.VDF : 8.12.29.206 13312 Bytes 19.11.2015 17:41:21
XBV00076.VDF : 8.12.29.210 37888 Bytes 20.11.2015 17:41:21
XBV00077.VDF : 8.12.29.212 2048 Bytes 20.11.2015 17:41:21
XBV00078.VDF : 8.12.29.252 2048 Bytes 20.11.2015 17:41:21
XBV00079.VDF : 8.12.30.16 27136 Bytes 20.11.2015 17:41:21
XBV00080.VDF : 8.12.30.56 11776 Bytes 20.11.2015 17:41:21
XBV00081.VDF : 8.12.30.76 39936 Bytes 20.11.2015 17:41:21
XBV00082.VDF : 8.12.30.78 17920 Bytes 20.11.2015 17:41:22
XBV00083.VDF : 8.12.30.80 9728 Bytes 20.11.2015 17:41:22
XBV00084.VDF : 8.12.30.82 10240 Bytes 20.11.2015 17:41:22
XBV00085.VDF : 8.12.30.84 8704 Bytes 20.11.2015 17:41:22
XBV00086.VDF : 8.12.30.86 8192 Bytes 20.11.2015 17:41:22
XBV00087.VDF : 8.12.30.90 33792 Bytes 21.11.2015 17:41:22
XBV00088.VDF : 8.12.30.92 2048 Bytes 21.11.2015 17:41:22
XBV00089.VDF : 8.12.30.94 12288 Bytes 21.11.2015 17:41:22
XBV00090.VDF : 8.12.30.96 31744 Bytes 21.11.2015 17:41:22
XBV00091.VDF : 8.12.30.116 89600 Bytes 22.11.2015 17:41:22
XBV00092.VDF : 8.12.30.178 81920 Bytes 23.11.2015 17:41:22
XBV00093.VDF : 8.12.30.198 5120 Bytes 23.11.2015 17:41:22
XBV00094.VDF : 8.12.30.216 7168 Bytes 23.11.2015 17:41:22
XBV00095.VDF : 8.12.30.218 4096 Bytes 23.11.2015 17:41:22
XBV00096.VDF : 8.12.30.220 8704 Bytes 23.11.2015 17:41:22
XBV00097.VDF : 8.12.30.222 12288 Bytes 23.11.2015 17:41:22
XBV00098.VDF : 8.12.30.224 7168 Bytes 23.11.2015 17:41:22
XBV00099.VDF : 8.12.30.226 7168 Bytes 23.11.2015 17:41:22
XBV00100.VDF : 8.12.30.228 10752 Bytes 23.11.2015 17:41:22
XBV00101.VDF : 8.12.30.246 13824 Bytes 23.11.2015 17:41:22
XBV00102.VDF : 8.12.31.8 6144 Bytes 23.11.2015 17:41:22
XBV00103.VDF : 8.12.31.26 5120 Bytes 23.11.2015 17:41:23
XBV00104.VDF : 8.12.31.44 16384 Bytes 23.11.2015 17:41:23
XBV00105.VDF : 8.12.31.62 4096 Bytes 23.11.2015 17:41:23
XBV00106.VDF : 8.12.31.80 10752 Bytes 23.11.2015 17:41:23
XBV00107.VDF : 8.12.31.82 2048 Bytes 23.11.2015 17:41:23
XBV00108.VDF : 8.12.31.84 4608 Bytes 23.11.2015 17:41:23
XBV00109.VDF : 8.12.31.86 8192 Bytes 23.11.2015 17:41:23
XBV00110.VDF : 8.12.31.90 26624 Bytes 24.11.2015 17:41:23
XBV00111.VDF : 8.12.31.92 3072 Bytes 24.11.2015 17:41:23
XBV00112.VDF : 8.12.31.94 2048 Bytes 24.11.2015 17:41:23
XBV00113.VDF : 8.12.31.96 14336 Bytes 24.11.2015 17:41:23
XBV00114.VDF : 8.12.31.98 9216 Bytes 24.11.2015 17:41:23
XBV00115.VDF : 8.12.31.100 6656 Bytes 24.11.2015 17:41:23
XBV00116.VDF : 8.12.31.102 7168 Bytes 24.11.2015 17:41:23
XBV00117.VDF : 8.12.31.104 3072 Bytes 24.11.2015 17:41:23
XBV00118.VDF : 8.12.31.106 8704 Bytes 24.11.2015 17:41:23
XBV00119.VDF : 8.12.31.108 2048 Bytes 24.11.2015 17:41:23
XBV00120.VDF : 8.12.31.110 9728 Bytes 24.11.2015 21:01:36
XBV00121.VDF : 8.12.31.128 10752 Bytes 24.11.2015 21:01:36
XBV00122.VDF : 8.12.31.130 21504 Bytes 24.11.2015 21:01:36
XBV00123.VDF : 8.12.31.132 9216 Bytes 24.11.2015 21:01:36
XBV00124.VDF : 8.12.31.134 15872 Bytes 24.11.2015 21:01:36
XBV00125.VDF : 8.12.31.140 13824 Bytes 25.11.2015 21:01:36
XBV00126.VDF : 8.12.31.142 4608 Bytes 25.11.2015 21:01:36
XBV00127.VDF : 8.12.31.144 23552 Bytes 25.11.2015 21:01:37
XBV00128.VDF : 8.12.31.146 34816 Bytes 25.11.2015 21:01:37
XBV00129.VDF : 8.12.31.154 60416 Bytes 25.11.2015 21:01:37
XBV00130.VDF : 8.12.31.172 7680 Bytes 25.11.2015 18:03:04
XBV00131.VDF : 8.12.31.188 8192 Bytes 25.11.2015 18:03:04
XBV00132.VDF : 8.12.31.204 2048 Bytes 25.11.2015 18:03:04
XBV00133.VDF : 8.12.31.220 12288 Bytes 25.11.2015 18:03:04
XBV00134.VDF : 8.12.31.224 2048 Bytes 26.11.2015 18:03:04
XBV00135.VDF : 8.12.31.242 18944 Bytes 26.11.2015 18:03:04
XBV00136.VDF : 8.12.31.244 2048 Bytes 26.11.2015 18:03:04
XBV00137.VDF : 8.12.31.246 2048 Bytes 26.11.2015 18:03:04
XBV00138.VDF : 8.12.31.248 37888 Bytes 26.11.2015 18:03:04
XBV00139.VDF : 8.12.31.250 11264 Bytes 26.11.2015 18:03:04
XBV00140.VDF : 8.12.31.252 2048 Bytes 26.11.2015 18:03:04
XBV00141.VDF : 8.12.31.254 6144 Bytes 26.11.2015 18:03:04
XBV00142.VDF : 8.12.32.2 12800 Bytes 26.11.2015 18:03:04
XBV00143.VDF : 8.12.32.4 2560 Bytes 26.11.2015 18:03:04
XBV00144.VDF : 8.12.32.6 11776 Bytes 26.11.2015 18:03:04
XBV00145.VDF : 8.12.32.8 17920 Bytes 26.11.2015 18:03:04
XBV00146.VDF : 8.12.32.10 2048 Bytes 26.11.2015 18:03:04
XBV00147.VDF : 8.12.32.12 3584 Bytes 27.11.2015 18:03:04
XBV00148.VDF : 8.12.32.14 69632 Bytes 27.11.2015 18:03:05
XBV00149.VDF : 8.12.32.30 2048 Bytes 27.11.2015 18:03:05
XBV00150.VDF : 8.12.32.46 8192 Bytes 27.11.2015 18:03:05
XBV00151.VDF : 8.12.32.62 12800 Bytes 27.11.2015 18:03:05
XBV00152.VDF : 8.12.32.78 2048 Bytes 27.11.2015 18:03:05
XBV00153.VDF : 8.12.32.94 16896 Bytes 27.11.2015 18:03:05
LOCAL000.VDF : 8.12.32.94 146060288 Bytes 27.11.2015 18:03:27
Engineversion : 8.3.34.82
AEBB.DLL : 8.1.3.0 59296 Bytes 19.11.2015 17:55:10
AECORE.DLL : 8.3.9.0 249920 Bytes 13.11.2015 07:36:43
AEDROID.DLL : 8.4.3.348 1800104 Bytes 06.11.2015 18:09:10
AEEMU.DLL : 8.1.3.6 404328 Bytes 19.11.2015 17:55:10
AEEXP.DLL : 8.4.2.134 277360 Bytes 13.11.2015 07:36:46
AEGEN.DLL : 8.1.8.8 487480 Bytes 27.11.2015 18:03:01
AEHELP.DLL : 8.3.2.6 284584 Bytes 19.11.2015 17:55:10
AEHEUR.DLL : 8.1.4.2064 9923440 Bytes 27.11.2015 18:03:04
AEMOBILE.DLL : 8.1.8.10 301936 Bytes 27.11.2015 18:03:04
AEOFFICE.DLL : 8.3.1.56 408432 Bytes 25.10.2015 20:08:09
AEPACK.DLL : 8.4.1.18 802880 Bytes 27.10.2015 14:35:40
AERDL.DLL : 8.2.1.38 813928 Bytes 06.11.2015 18:09:08
AESBX.DLL : 8.2.21.2 1629032 Bytes 06.11.2015 18:09:09
AESCN.DLL : 8.3.4.0 141216 Bytes 13.11.2015 07:36:46
AESCRIPT.DLL : 8.3.0.4 542632 Bytes 19.11.2015 17:55:12
AEVDF.DLL : 8.3.2.4 141216 Bytes 19.11.2015 17:55:12
AVWINLL.DLL : 15.0.13.158 29600 Bytes 11.10.2015 18:09:57
AVPREF.DLL : 15.0.13.158 55864 Bytes 11.10.2015 18:10:02
AVREP.DLL : 15.0.13.158 225320 Bytes 11.10.2015 18:10:02
AVARKT.DLL : 15.0.13.158 232000 Bytes 11.10.2015 18:09:59
AVEVTLOG.DLL : 15.0.13.190 202112 Bytes 11.10.2015 18:10:00
SQLITE3.DLL : 15.0.13.158 461672 Bytes 11.10.2015 18:10:15
AVSMTP.DLL : 15.0.13.158 82120 Bytes 11.10.2015 18:10:03
NETNT.DLL : 15.0.13.158 18792 Bytes 11.10.2015 18:10:14
CommonImageRc.dll: 15.0.13.190 4308216 Bytes 11.10.2015 18:09:58
CommonTextRc.dll: 15.0.13.158 70784 Bytes 11.10.2015 18:09:58
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: AVGuardAsyncScan
Konfigurationsdatei...................: C:\ProgramData\Avira\Antivirus\TEMP\AVGUARD_565a04c0\guard_slideup.avp
Protokollierung.......................: standard
Primäre Aktion........................: Reparieren
Sekundäre Aktion......................: Quarantäne
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: aus
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Prüfe alle Dateien....................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: Vollständig
Beginn des Suchlaufs: Samstag, 28. November 2015 21:06
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'ibmpmsvc.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '109' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '150' Modul(e) wurden durchsucht
Durchsuche Prozess 'DisplayLinkManager.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'DisplayLinkUserAgent.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'WUDFHost.exe' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '72' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLANExt.exe' - '80' Modul(e) wurden durchsucht
Durchsuche Prozess 'conhost.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '95' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '79' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '112' Modul(e) wurden durchsucht
Durchsuche Prozess 'BBSvc.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'OfficeClickToRun.exe' - '102' Modul(e) wurden durchsucht
Durchsuche Prozess 'CxAudMsg64.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'DCService.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'EvtEng.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'PresentationFontCache.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'HeciServer.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'lvvsst.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'RegSrvc.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'SAsrv.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'valWBFPolicyService.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'ZeroConfigService.exe' - '91' Modul(e) wurden durchsucht
Durchsuche Prozess 'Avira.ServiceHost.exe' - '129' Modul(e) wurden durchsucht
Durchsuche Prozess 'unsecapp.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'TrustedInstaller.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'devmonsrv.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'mediasrv.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'obexsrv.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'jhi_service.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMS.exe' - '95' Modul(e) wurden durchsucht
Durchsuche Prozess 'ValBioService.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '117' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'SeaPort.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'virtscrl.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'SwipeMonitor.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'conhost.exe' - '15' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '221' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxsrvc.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'hkcmd.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxpers.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'CAudioFilterAgent64.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'fmapp.exe' - '13' Modul(e) wurden durchsucht
Durchsuche Prozess 'TpShocks.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'BleServicesCtrl.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '75' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPEnh.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'ScanToPCActivationApp.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'igpxtskmgn64win7.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'ONENOTEM.EXE' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'iusb3mon.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'RunDll32.exe' - '80' Modul(e) wurden durchsucht
Durchsuche Prozess 'VM331STI.EXE' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '112' Modul(e) wurden durchsucht
Durchsuche Prozess 'DCSHelper.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpwuschd2.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '86' Modul(e) wurden durchsucht
Durchsuche Prozess 'pdf24.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPLpr.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'SYNTPHELPER.EXE' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'HPNetworkCommunicatorCom.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'Avira.Systray.exe' - '122' Modul(e) wurden durchsucht
Durchsuche Prozess 'BTPlayerCtrl.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'SCHTASK.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'LSCNotify.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'PWMDBSVC.EXE' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '117' Modul(e) wurden durchsucht
Durchsuche Prozess 'HPNetworkCommunicator.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '31' Modul(e) wurden durchsucht
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\Users\Marie-Luise\AppData\Roaming\doublers-6\doublers-3.exe'
C:\Users\Marie-Luise\AppData\Roaming\doublers-6\doublers-3.exe
[FUND] Ist das Trojanische Pferd TR/Crypt.ZPACK.217569
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '53489cce.qua' verschoben!
Ende des Suchlaufs: Samstag, 28. November 2015 21:07
Benötigte Zeit: 00:20 Minute(n)
Der Suchlauf wurde vollständig durchgeführt.
0 Verzeichnisse wurden überprüft
995 Dateien wurden geprüft
1 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
994 Dateien ohne Befall
0 Archive wurden durchsucht
0 Warnungen
1 Hinweise
Geändert von Marie Schauk (29.11.2015 um 21:00 Uhr) |
|
29.11.2015, 21:04
| #2 |
| /// TB-Ausbilder   | Windows7: Trojaner, registy befallen, HKU, HKCU Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Danke für deine Mitarbeit! Zur ersten Analyse bitte FRST und TDSS-Killer ausführen: Schritt 1 Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
Schritt 2 Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
Bitte poste mit deiner nächsten Antwort
|
|
29.11.2015, 21:43
| #3 |
| | Windows7: Trojaner, registy befallen, HKU, HKCU Hallo,
__________________danke für deine schnelle Hilfe. Anbei die FRST logfile und danach die Addition Ich hoffe, das hilft weiter, um mich weiter zu beraten. Vielen Dank, Marie FRST logfile Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:29-11-2015 durchgeführt von Marie-Luise (Administrator) auf MARIE-NOTEBOOK (29-11-2015 21:18:35) Gestartet von C:\Users\Marie-Luise\Desktop Geladene Profile: Marie-Luise (Verfügbare Profile: Marie-Luise) Platform: Windows 7 Professional Service Pack 1 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: FF) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (Lenovo.) C:\Windows\System32\ibmpmsvc.exe (DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe (DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe (Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe () C:\ProgramData\DatacardService\DCService.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe (Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe (Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe (Lenovo.) C:\Windows\System32\TpShocks.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe (Screenleap, Inc.) C:\Users\Marie-Luise\AppData\Local\Screenleap\Screenleap.exe (Docking Station) C:\Program Files (x86)\Lenovo\USB3.0 DVI Adapter\igpxtskmgn64win7.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicatorCom.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe (Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Validity Sensors, Inc.) C:\Program Files\Lenovo Fingerprint Reader\ValBioService.exe (Validity Sensors, Inc.) C:\Program Files\Lenovo Fingerprint Reader\SwipeMonitor.exe (Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.EXE (Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [900704 2013-03-15] (Conexant Systems, Inc.) HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] () HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.) HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [384344 2013-11-29] (Lenovo.) HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [184112 2012-09-17] (Intel Corporation) HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2810608 2014-04-07] (Synaptics Incorporated) HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-05-16] (Intel Corporation) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-10-21] (Intel Corporation) HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [552960 2013-05-14] (Vimicro) HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [782520 2015-10-11] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH) HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66320 2015-10-14] (Avira Operations GmbH & Co. KG) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\...\Run: [HP Officejet 6700 (NET)] => C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.) HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\...\Run: [Screenleap] => C:\Users\Marie-Luise\AppData\Local\Screenleap\Screenleap.exe [2856992 2015-11-29] (Screenleap, Inc.) HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\...\RunOnce: [Uninstall C:\Users\Marie-Luise\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Marie-Luise\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\amd64" HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\...\MountPoints2: {8225d693-4841-11e5-9626-f8165465672d} - E:\AutoRun.exe HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\...\MountPoints2: {de3f79ed-2748-11e4-b820-806e6f6e6963} - Q:\LenovoQDrive.exe Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\igpxtskmgn.lnk [2014-08-19] ShortcutTarget: igpxtskmgn.lnk -> C:\Program Files (x86)\Lenovo\USB3.0 DVI Adapter\igpxtskmgn64win7.exe (Docking Station) Startup: C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2015-10-02] ShortcutTarget: An OneNote senden.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pendulum-3.lnk [2015-11-25] ShortcutTarget: pendulum-3.lnk -> C:\Users\Marie-Luise\AppData\Roaming\pendulum-28\pendulum-7.exe (Intel(R) Corporation) Startup: C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 6700 (Netzwerk).lnk [2015-11-29] ShortcutTarget: Tintenwarnungen überwachen - HP Officejet 6700 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet 6700\Bin\HPStatusBL.dll (Hewlett-Packard Co.) ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{B3636DED-3BAF-45B6-A1E8-E155B3A14D72}: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{FC018661-EF6C-4533-B835-3D2AC0E19221}: [DhcpNameServer] 150.206.1.3 Internet Explorer: ================== HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13-comm.msn.com/?pc=LNJB HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad SearchScopes: HKU\S-1-5-21-1401465016-1591747146-3379758321-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2015-11-01] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2015-11-01] (Microsoft Corporation) BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2015-11-01] (Microsoft Corporation) BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2015-11-01] (Microsoft Corporation) BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation.) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation.) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-11-01] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-11-01] (Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-11-01] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-11-01] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012 FF Homepage: hxxp://www.jugendlosungen.de/ FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-15] () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-15] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-05-16] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-05-16] (Intel Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2015-11-01] (Microsoft Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.) FF Extension: GMX MailCheck - C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\extensions\mailcheck@gmx.net [2015-11-18] FF Extension: Adblock Plus - C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-11-29] FF HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] [ist nicht signiert] Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - hxxp://clients2.google.com/service/update2/crx ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [932912 2015-10-11] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [461672 2015-10-11] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [461672 2015-10-11] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1147720 2015-10-14] (Avira Operations GmbH & Co. KG) R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [243968 2015-10-14] (Avira Operations GmbH & Co. KG) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2869432 2015-11-01] (Microsoft Corporation) R2 DCService.exe; C:\ProgramData\DatacardService\DCService.exe [229376 2010-05-08] () [Datei ist nicht signiert] R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [9281840 2013-10-11] (DisplayLink Corp.) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [Datei ist nicht signiert] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-05-16] (Intel Corporation) R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [136288 2012-08-10] (Lenovo Group Limited) S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272424 2015-08-17] (Lenovo) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-17] () S3 Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software) [Datei ist nicht signiert] S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [21536 2015-09-29] () R2 ValBioService; C:\Program Files\Lenovo Fingerprint Reader\ValBioService.exe [22776 2015-03-03] (Validity Sensors, Inc.) R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [49968 2015-03-03] (Synaptics Incorporated) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-01-17] (Intel® Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [163544 2015-10-11] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [141416 2015-09-01] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-04-16] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [74952 2015-10-11] (Avira Operations GmbH & Co. KG) R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [132920 2013-04-23] (Motorola Solutions, Inc.) R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1385272 2013-08-08] (Motorola Solutions, Inc.) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [250368 2010-04-07] (Huawei Technologies Co., Ltd.) R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-02] (Intel Corporation) R3 ibtusb; C:\Windows\System32\DRIVERS\ibtusb.sys [113096 2013-08-20] (Intel Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-11-29] (Malwarebytes) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation) R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw02.sys [3429344 2014-02-18] (Intel Corporation) R3 RTSPER; C:\Windows\System32\DRIVERS\RtsPer.sys [418008 2013-06-24] (Realsil Semiconductor Corporation) R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [31472 2014-04-07] (Synaptics Incorporated) S3 tvtvcamd; C:\Windows\System32\DRIVERS\tvtvcamd.sys [27432 2013-09-26] (ThinkVantage Communications Utility) R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [206744 2013-06-20] (Windows (R) Win 7 DDK provider) R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [1065344 2013-09-11] (Vimicro Corporation) ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-11-29 21:19 - 2015-11-29 21:19 - 02740687 _____ C:\Users\Marie-Luise\Desktop\tdsskiller.exe.part 2015-11-29 21:19 - 2015-11-29 21:19 - 00000000 _____ C:\Users\Marie-Luise\Desktop\tdsskiller.exe 2015-11-29 21:18 - 2015-11-29 21:19 - 00021198 _____ C:\Users\Marie-Luise\Desktop\FRST.txt 2015-11-29 21:18 - 2015-11-29 21:18 - 00000000 ____D C:\FRST 2015-11-29 21:17 - 2015-11-29 21:17 - 02350080 _____ (Farbar) C:\Users\Marie-Luise\Desktop\FRST64.exe 2015-11-29 20:47 - 2015-11-29 20:47 - 00001025 _____ C:\Users\Marie-Luise\Desktop\AdwCleaner[C1].txt 2015-11-29 20:13 - 2015-11-29 20:19 - 00000000 ____D C:\AdwCleaner 2015-11-29 20:08 - 2015-11-29 20:08 - 01733632 _____ C:\Users\Marie-Luise\Desktop\adwcleaner_5.022.exe 2015-11-29 20:00 - 2015-11-29 20:21 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-11-29 20:00 - 2015-11-29 20:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-11-29 19:59 - 2015-11-29 20:00 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-11-29 19:59 - 2015-11-29 19:59 - 00000000 ____D C:\ProgramData\Malwarebytes 2015-11-29 19:59 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-11-29 19:59 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-11-29 19:59 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2015-11-29 19:57 - 2015-11-29 19:59 - 22908888 _____ (Malwarebytes ) C:\Users\Marie-Luise\Desktop\mbam-setup-2.2.0.1024.exe.part 2015-11-29 19:57 - 2015-11-29 19:58 - 22908888 _____ (Malwarebytes ) C:\Users\Marie-Luise\Desktop\mbam-setup-2.2.0.1024.exe 2015-11-29 19:51 - 2015-11-29 21:13 - 00000064 _____ C:\Users\Marie-Luise\.screenleap 2015-11-29 19:51 - 2015-11-29 20:29 - 00000000 ____D C:\Users\Marie-Luise\AppData\Local\Screenleap 2015-11-29 19:51 - 2015-11-29 19:51 - 00002000 _____ C:\Users\Marie-Luise\Desktop\Screenleap.lnk 2015-11-25 21:59 - 2015-11-25 21:59 - 00000000 ____D C:\Users\Marie-Luise\AppData\Roaming\pendulum-28 2015-11-25 21:57 - 2015-11-25 21:57 - 00000000 ____D C:\ProgramData\molecule-26 2015-11-25 21:54 - 2015-11-28 21:07 - 00000000 ____D C:\Users\Marie-Luise\AppData\Roaming\doublers-6 2015-11-25 21:52 - 2015-11-25 23:02 - 00000000 ____D C:\ProgramData\powercap-44 2015-11-18 19:00 - 2015-11-18 21:40 - 00000000 ____D C:\Users\Marie-Luise\AppData\Roaming\glonass-89 2015-11-15 17:20 - 2015-11-03 18:55 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-11-13 08:38 - 2015-10-20 19:42 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-11-13 08:38 - 2015-10-20 19:42 - 02608128 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-11-13 08:38 - 2015-10-20 19:42 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-11-13 08:38 - 2015-10-20 19:42 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-11-13 08:38 - 2015-10-20 19:42 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-11-13 08:38 - 2015-10-20 19:42 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2015-11-13 08:38 - 2015-10-20 19:42 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2015-11-13 08:38 - 2015-10-20 19:41 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-11-13 08:38 - 2015-10-20 19:41 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll 2015-11-13 08:38 - 2015-10-20 19:41 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-11-13 08:38 - 2015-10-20 19:41 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll 2015-11-13 08:38 - 2015-10-20 18:46 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2015-11-13 08:38 - 2015-10-20 18:46 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2015-11-13 08:38 - 2015-10-20 18:46 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2015-11-13 08:38 - 2015-10-20 18:46 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2015-11-13 08:38 - 2015-10-20 18:45 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2015-11-13 08:35 - 2015-11-03 23:10 - 00390344 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-11-13 08:35 - 2015-11-03 22:51 - 00342728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-11-13 08:35 - 2015-10-31 00:46 - 25818624 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-11-13 08:35 - 2015-10-31 00:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-11-13 08:35 - 2015-10-31 00:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-11-13 08:35 - 2015-10-31 00:25 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-11-13 08:35 - 2015-10-31 00:25 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-11-13 08:35 - 2015-10-31 00:25 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-11-13 08:35 - 2015-10-31 00:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-11-13 08:35 - 2015-10-31 00:24 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-11-13 08:35 - 2015-10-31 00:24 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-11-13 08:35 - 2015-10-31 00:17 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-11-13 08:35 - 2015-10-31 00:16 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-11-13 08:35 - 2015-10-31 00:13 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-11-13 08:35 - 2015-10-31 00:12 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-11-13 08:35 - 2015-10-31 00:12 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-11-13 08:35 - 2015-10-31 00:11 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-11-13 08:35 - 2015-10-31 00:11 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-11-13 08:35 - 2015-10-31 00:11 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-11-13 08:35 - 2015-10-31 00:04 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-11-13 08:35 - 2015-10-31 00:01 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-11-13 08:35 - 2015-10-30 23:58 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-11-13 08:35 - 2015-10-30 23:53 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-11-13 08:35 - 2015-10-30 23:52 - 20331520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-11-13 08:35 - 2015-10-30 23:49 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-11-13 08:35 - 2015-10-30 23:49 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-11-13 08:35 - 2015-10-30 23:47 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-11-13 08:35 - 2015-10-30 23:46 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-11-13 08:35 - 2015-10-30 23:46 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-11-13 08:35 - 2015-10-30 23:45 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2015-11-13 08:35 - 2015-10-30 23:45 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-11-13 08:35 - 2015-10-30 23:44 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2015-11-13 08:35 - 2015-10-30 23:44 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-11-13 08:35 - 2015-10-30 23:42 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-11-13 08:35 - 2015-10-30 23:39 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-11-13 08:35 - 2015-10-30 23:39 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-11-13 08:35 - 2015-10-30 23:37 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-11-13 08:35 - 2015-10-30 23:36 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-11-13 08:35 - 2015-10-30 23:36 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-11-13 08:35 - 2015-10-30 23:36 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-11-13 08:35 - 2015-10-30 23:34 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2015-11-13 08:35 - 2015-10-30 23:32 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-11-13 08:35 - 2015-10-30 23:31 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-11-13 08:35 - 2015-10-30 23:29 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-11-13 08:35 - 2015-10-30 23:29 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-11-13 08:35 - 2015-10-30 23:28 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-11-13 08:35 - 2015-10-30 23:23 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-11-13 08:35 - 2015-10-30 23:22 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-11-13 08:35 - 2015-10-30 23:21 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-11-13 08:35 - 2015-10-30 23:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-11-13 08:35 - 2015-10-30 23:18 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-11-13 08:35 - 2015-10-30 23:17 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-11-13 08:35 - 2015-10-30 23:17 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2015-11-13 08:35 - 2015-10-30 23:16 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-11-13 08:35 - 2015-10-30 23:11 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2015-11-13 08:35 - 2015-10-30 23:10 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-11-13 08:35 - 2015-10-30 23:09 - 12854272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-11-13 08:35 - 2015-10-30 23:09 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-11-13 08:35 - 2015-10-30 23:09 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-11-13 08:35 - 2015-10-30 23:04 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-11-13 08:35 - 2015-10-30 22:53 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-11-13 08:35 - 2015-10-30 22:51 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-11-13 08:35 - 2015-10-30 22:48 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-11-13 08:35 - 2015-10-30 22:46 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-11-13 08:33 - 2015-10-20 02:12 - 05570496 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-11-13 08:32 - 2015-10-20 02:12 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-11-13 08:32 - 2015-10-20 02:12 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-11-13 08:32 - 2015-10-20 02:09 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-11-13 08:32 - 2015-10-20 02:06 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2015-11-13 08:32 - 2015-10-20 02:06 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2015-11-13 08:32 - 2015-10-20 02:06 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2015-11-13 08:32 - 2015-10-20 02:06 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2015-11-13 08:32 - 2015-10-20 02:05 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-11-13 08:32 - 2015-10-20 02:05 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2015-11-13 08:32 - 2015-10-20 02:05 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2015-11-13 08:32 - 2015-10-20 02:05 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-11-13 08:32 - 2015-10-20 02:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-11-13 08:32 - 2015-10-20 02:05 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2015-11-13 08:32 - 2015-10-20 02:05 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-11-13 08:32 - 2015-10-20 02:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-11-13 08:32 - 2015-10-20 02:05 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-11-13 08:32 - 2015-10-20 02:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-11-13 08:32 - 2015-10-20 02:05 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-11-13 08:32 - 2015-10-20 02:05 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-11-13 08:32 - 2015-10-20 02:05 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-11-13 08:32 - 2015-10-20 02:05 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-11-13 08:32 - 2015-10-20 02:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-11-13 08:32 - 2015-10-20 02:05 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2015-11-13 08:32 - 2015-10-20 02:05 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-11-13 08:32 - 2015-10-20 02:05 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-11-13 08:32 - 2015-10-20 02:05 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-11-13 08:32 - 2015-10-20 02:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-11-13 08:32 - 2015-10-20 02:05 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2015-11-13 08:32 - 2015-10-20 02:04 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2015-11-13 08:32 - 2015-10-20 02:04 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-11-13 08:32 - 2015-10-20 02:04 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-11-13 08:32 - 2015-10-20 02:00 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-11-13 08:32 - 2015-10-20 01:59 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-11-13 08:32 - 2015-10-20 01:53 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-11-13 08:32 - 2015-10-20 01:53 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-11-13 08:32 - 2015-10-20 01:53 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:53 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:52 - 03991488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-11-13 08:32 - 2015-10-20 01:52 - 03935680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-11-13 08:32 - 2015-10-20 01:48 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-11-13 08:32 - 2015-10-20 01:45 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-11-13 08:32 - 2015-10-20 01:45 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-11-13 08:32 - 2015-10-20 01:45 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-11-13 08:32 - 2015-10-20 01:45 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-11-13 08:32 - 2015-10-20 01:45 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-11-13 08:32 - 2015-10-20 01:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-11-13 08:32 - 2015-10-20 01:45 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-11-13 08:32 - 2015-10-20 01:45 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2015-11-13 08:32 - 2015-10-20 01:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2015-11-13 08:32 - 2015-10-20 01:45 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-11-13 08:32 - 2015-10-20 01:45 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-11-13 08:32 - 2015-10-20 01:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2015-11-13 08:32 - 2015-10-20 01:44 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2015-11-13 08:32 - 2015-10-20 01:44 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2015-11-13 08:32 - 2015-10-20 01:44 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2015-11-13 08:32 - 2015-10-20 01:44 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-11-13 08:32 - 2015-10-20 01:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-11-13 08:32 - 2015-10-20 01:44 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2015-11-13 08:32 - 2015-10-20 01:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-11-13 08:32 - 2015-10-20 01:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-11-13 08:32 - 2015-10-20 01:35 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-11-13 08:32 - 2015-10-20 01:35 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2015-11-13 08:32 - 2015-10-20 01:35 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:35 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 00:41 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2015-11-13 08:32 - 2015-10-20 00:40 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2015-11-13 08:32 - 2015-10-20 00:40 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2015-11-13 08:32 - 2015-10-20 00:29 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2015-11-13 08:32 - 2015-10-20 00:29 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2015-11-13 08:32 - 2015-10-20 00:27 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 00:27 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 00:27 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 00:27 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2015-11-13 08:32 - 2015-10-13 17:41 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2015-11-13 08:32 - 2015-10-13 17:40 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys 2015-11-13 08:32 - 2015-10-13 05:57 - 00950720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys 2015-11-13 08:32 - 2015-09-23 14:15 - 00460776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2015-11-13 08:32 - 2015-09-23 14:15 - 00299632 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll 2015-11-13 08:32 - 2015-09-23 14:09 - 00251000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll 2015-11-13 08:31 - 2015-10-01 19:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll 2015-11-13 08:31 - 2015-10-01 19:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll 2015-11-13 08:31 - 2015-10-01 18:50 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll 2015-11-11 21:39 - 2015-11-14 17:48 - 00000000 ____D C:\ProgramData\en ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-11-29 21:18 - 2009-07-14 04:20 - 00000000 ____D C:\Windows 2015-11-29 21:08 - 2015-08-18 19:53 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-11-29 20:28 - 2009-07-14 05:45 - 00031904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-11-29 20:28 - 2009-07-14 05:45 - 00031904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-11-29 20:26 - 2014-08-19 13:14 - 00699342 _____ C:\Windows\system32\perfh007.dat 2015-11-29 20:26 - 2014-08-19 13:14 - 00149450 _____ C:\Windows\system32\perfc007.dat 2015-11-29 20:26 - 2009-07-14 06:13 - 01619284 _____ C:\Windows\system32\PerfStringBackup.INI 2015-11-29 20:26 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf 2015-11-29 20:20 - 2014-08-19 03:53 - 00000000 ____D C:\ProgramData\Validity 2015-11-29 20:20 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-11-29 19:51 - 2015-05-05 19:38 - 00000000 ____D C:\Users\Marie-Luise 2015-11-18 21:52 - 2014-08-19 04:04 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2015-11-18 21:50 - 2014-08-19 04:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Office 2015-11-17 18:25 - 2014-01-30 22:17 - 00000000 __SHD C:\Users\Marie-Luise\AppData\Roaming\aghubwrh 2015-11-16 18:49 - 2009-07-14 05:45 - 00353816 _____ C:\Windows\system32\FNTCACHE.DAT 2015-11-15 20:49 - 2014-08-18 20:55 - 00000000 ____D C:\ProgramData\Lenovo 2015-11-15 20:48 - 2014-08-19 03:55 - 00000000 ____D C:\Windows\System32\Tasks\TVT 2015-11-15 20:48 - 2014-08-19 03:51 - 00000000 ___HD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools 2015-11-15 20:48 - 2014-08-19 03:41 - 00000000 ____D C:\Program Files (x86)\Lenovo 2015-11-15 17:08 - 2015-08-18 19:53 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-11-15 17:08 - 2015-05-23 19:20 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-11-15 17:08 - 2015-05-23 19:20 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-11-13 08:37 - 2014-01-30 22:46 - 01593564 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2015-11-13 08:35 - 2014-02-03 15:34 - 00000000 ____D C:\Program Files\Windows Journal 2015-11-10 18:33 - 2015-05-16 12:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-11-10 18:33 - 2014-08-19 03:44 - 00000000 ____D C:\ProgramData\Package Cache 2015-11-09 18:32 - 2015-05-16 12:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-11-01 20:08 - 2015-10-25 21:10 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2015-11-01 20:08 - 2015-07-05 19:31 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2015-05-25 17:00 - 2015-05-25 17:00 - 16342352 _____ (Geek Software GmbH ) C:\Program Files (x86)\pdf24-creator-6.9.2.exe 2015-05-21 06:48 - 2015-05-21 06:48 - 0000057 _____ () C:\ProgramData\Ament.ini 2014-08-19 03:53 - 2014-08-19 03:53 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2014-08-19 03:58 - 2014-08-19 03:59 - 0000107 _____ () C:\ProgramData\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}.log 2014-08-19 03:56 - 2014-08-19 03:57 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log 2014-08-19 03:57 - 2014-08-19 03:58 - 0000110 _____ () C:\ProgramData\{B7A0CE06-068E-11D6-97FD-0050BACBF861}.log 2014-08-19 03:58 - 2014-08-19 03:58 - 0000115 _____ () C:\ProgramData\{D6E853EC-8960-4D44-AF03-7361BB93227C}.log Einige Dateien in TEMP: ==================== C:\Users\Marie-Luise\AppData\Local\Temp\avgnt.exe C:\Users\Marie-Luise\AppData\Local\Temp\sqlite3.dll Einige mit null Byte Größe Dateien/Ordner: ========================== C:\Windows\SysWOW64\dlumd10.dll C:\Windows\SysWOW64\dlumd11.dll C:\Windows\SysWOW64\dlumd9.dll C:\Windows\System32\dlumd10.dll C:\Windows\System32\dlumd11.dll C:\Windows\System32\dlumd9.dll ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\Windows\system32\winlogon.exe => Datei ist digital signiert C:\Windows\system32\wininit.exe => Datei ist digital signiert C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert C:\Windows\explorer.exe => Datei ist digital signiert C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert C:\Windows\system32\svchost.exe => Datei ist digital signiert C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert C:\Windows\system32\services.exe => Datei ist digital signiert C:\Windows\system32\User32.dll => Datei ist digital signiert C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert C:\Windows\system32\userinit.exe => Datei ist digital signiert C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert C:\Windows\system32\rpcss.dll => Datei ist digital signiert C:\Windows\system32\dnsapi.dll => Datei ist digital signiert C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2015-09-25 15:01 ==================== Ende von FRST.txt ============================ Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:29-11-2015
durchgeführt von Marie-Luise (2015-11-29 21:19:32)
Gestartet von C:\Users\Marie-Luise\Desktop
Windows 7 Professional Service Pack 1 (X64) (2015-05-05 18:38:17)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-1401465016-1591747146-3379758321-500 - Administrator - Disabled)
Gast (S-1-5-21-1401465016-1591747146-3379758321-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1401465016-1591747146-3379758321-1002 - Limited - Enabled)
Marie-Luise (S-1-5-21-1401465016-1591747146-3379758321-1001 - Administrator - Enabled) => C:\Users\Marie-Luise
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.009.20077 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.180 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.13.210 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{59c4462d-a177-4d44-a95b-deda1be79844}) (Version: 1.1.49.18939 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.49.18939 - Avira Operations GmbH & Co. KG) Hidden
Bing Bar (HKLM-x32\...\{3611CA6C-5FCA-4900-A329-6A118123CCFC}) (Version: 7.1.355.0 - Microsoft Corporation)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.64.62.50 - Conexant)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
DisplayLink Core Software (HKLM\...\{BB07E020-7224-4EC3-864E-2AA0BF42A7DD}) (Version: 7.4.51572.0 - DisplayLink Corp.)
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 16.1.20150424 - Landesfinanzdirektion Thüringen)
Energie-Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.64.1 - Lenovo Group Limited)
HP Officejet 6700 - Grundlegende Software für das Gerät (HKLM\...\{9086D601-50B7-491D-A143-28193DADE36B}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 6700 Hilfe (HKLM-x32\...\{E1AE0CB7-1333-4728-8520-CB3F88A252B4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Integrated Camera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 5.13.911.3 - Vimicro)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.10.1372 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3272 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 3.0.1332.1) (HKLM\...\{302600C1-6BDF-4FD1-1307-148929CC1385}) (Version: 3.1.1307.0366 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Intel(R) Update Manager (x32 Version: 1.6.3.70 - Intel Corporation) Hidden
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.2.32 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{F949AE30-83D1-41B2-92D2-F44478DD058A}) (Version: 4.2.24.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{7e493493-a430-4b7b-b8a2-48d61599e220}) (Version: 17.0.0 - Intel Corporation)
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 2.10 - )
Lenovo Fingerprint Manager (HKLM\...\{D6006D3A-B3F5-48DC-8CC0-D353912379F3}) (Version: 4.5.289.0 - Synaptics)
Lenovo Fingerprint Manager (HKLM\...\{F7AB2C19-6A27-4C75-A92A-8CC7C59E5FA2}) (Version: 4.5.289.0 - )
Lenovo Patch Utility (x32 Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.04 - )
Lenovo Solution Center (HKLM\...\{E92E1FF1-B188-43FE-BECA-2248E227E67D}) (Version: 2.8.005.00 - Lenovo Group Limited)
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.07.0013 - Lenovo)
Lenovo USB Graphics (HKLM\...\{7257526E-B74A-488E-BA2E-56327482B06B}) (Version: 7.4.51587.0 - Lenovo)
Lenovo USB3.0 to DVI VGA Monitor Adapter (HKLM-x32\...\{454D32AD-C149-49BE-9F2E-8C089C3D6620}) (Version: 1.07.15 - Lenovo)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0009.00 - Lenovo Group Limited)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0011.00 - Lenovo)
Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office Home and Student 2016 - de-de (HKLM\...\HomeStudentRetail - de-de) (Version: 16.0.6001.1038 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\...\OneDriveSetup.exe) (Version: 17.3.5951.0827 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{e6e75766-da0f-4ba2-9788-6ea593ce702d}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 11.302.09.04.382 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 42.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 de)) (Version: 42.0 - Mozilla)
Mozilla Thunderbird 31.7.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.7.0 (x86 de)) (Version: 31.7.0 - Mozilla)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6001.1038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6001.1038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6001.1038 - Microsoft Corporation) Hidden
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
PDF24 Creator 6.9.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.21234 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.73.618.2013 - Realtek)
Sony PC Companion 2.10.259 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.259 - Sony)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 18.0.7.40 - Synaptics Incorporated)
Thinkpad USB 3.0 Ethernet Adapter Driver (HKLM-x32\...\{D8102684-7BA1-4948-88B9-535F84E6E588}) (Version: 7.4.911.2013 - Lenovo)
ThinkVantage System für aktiven Festplattenschutz (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.78.0.11 - Lenovo)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows-Treiberpaket - Intel Corporation (iaStorA) HDC (08/01/2013 12.8.0.1016) (HKLM\...\C8A921233C0C441A4E4EAABC2AB08C872FD77A6E) (Version: 08/01/2013 12.8.0.1016 - Intel Corporation)
Windows-Treiberpaket - Lenovo 1.67.04.04 (11/07/2013 1.67.04.04) (HKLM\...\70FB73D983446AEE2932B0ED51A770D1BD1348DA) (Version: 11/07/2013 1.67.04.04 - Lenovo)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Wiederherstellungspunkte =========================
13-10-2015 19:55:45 Windows Update
11-11-2015 21:42:10 Windows Update
13-11-2015 08:29:39 Windows Update
13-11-2015 08:34:45 Windows Update
14-11-2015 17:47:36 Windows Update
15-11-2015 21:57:56 Windows Update
17-11-2015 18:31:47 Free Antivirus - 17.11.2015 18:31
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {16A98A40-6353-410F-BD28-5345C3E2DBFE} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2015-08-17] ()
Task: {170F753F-2D86-4F1F-9CE1-4AA1A116B757} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2015-08-17] (Lenovo)
Task: {2EFA6B85-313D-4DD0-B0EC-F2F364F27095} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {474F4629-0DE0-49C2-9D0C-EBF7918BE7D0} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2015-09-29] ()
Task: {4E62F553-C70D-4BC3-B8D2-453C72CBEFF9} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\Bootstrap.exe [2013-07-18] (Intel Corporation)
Task: {5F6F5F29-C047-400D-BD94-3D79F9F6CB0E} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PwmIdTsv.exe [2013-10-21] (Lenovo Group Limited)
Task: {7B3C18C9-06C4-485E-AEE2-91B94C98115F} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\Bootstrap.exe [2013-07-18] (Intel Corporation)
Task: {B2853026-549C-413A-AA6D-1DAF46B17F70} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2015-11-01] (Microsoft Corporation)
Task: {B9E972D3-A324-4B34-9048-0E6C4FC35A6E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2015-11-01] (Microsoft Corporation)
Task: {BDB79BDC-99DF-47C8-9513-0EFF6CD0C369} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2015-08-17] (Lenovo)
Task: {C3D0177B-A8A2-4DEE-B8BD-BDC9EAFD18DC} - System32\Tasks\StartPowerDVDService => C:\PROGRAM FILES (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe
Task: {CD821E1D-24FE-4AC5-AE1D-F3A372670DF9} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2015-08-17] ()
Task: {D29C9B0D-7B4F-442B-996D-3F2C93DED596} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2015-08-17] (Lenovo)
Task: {D5E0EB99-D92E-4F82-8685-FC48AC7298EE} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {E9CB273F-6CEF-4BA3-87EC-C20EE48E7600} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-15] (Adobe Systems Incorporated)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2015-10-02 18:45 - 2015-11-01 02:11 - 00161448 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2010-05-08 12:48 - 2010-05-08 12:48 - 00229376 _____ () C:\ProgramData\DatacardService\DCService.exe
2014-08-19 03:51 - 2013-10-21 23:04 - 00117248 ____N () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL
2014-08-19 03:45 - 2010-10-26 05:40 - 00049056 _____ () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
2014-08-19 03:39 - 2013-05-16 09:05 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-05-16 22:15 - 2015-05-07 21:20 - 03350640 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2015-05-16 22:15 - 2015-05-07 21:20 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2015-05-16 22:15 - 2015-05-07 21:20 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\Windows:nlsPreferences
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{19CCF886-E8AC-4BE6-8588-095562D3E5F8}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{E6EE83DD-7E36-419E-9EAD-11E70FF5AC53}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{78EE11AE-7BAF-4D29-9A6B-D2DC562442FD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F8B03271-CC30-4390-B53F-321E951E6ECB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A3A91B0D-E7FA-477D-AC4E-3E9B2CCAE2B6}] => (Allow) C:\Program Files\HP\HP Officejet 6700\bin\FaxApplications.exe
FirewallRules: [{584F2355-8676-46E0-9165-282BAFE01DDC}] => (Allow) C:\Program Files\HP\HP Officejet 6700\bin\DigitalWizards.exe
FirewallRules: [{17525D02-32D4-4C7B-8D25-7D7E990BAECB}] => (Allow) C:\Program Files\HP\HP Officejet 6700\bin\SendAFax.exe
FirewallRules: [{C5EAB0C6-B0D9-4803-92E6-E3338DFEDD26}] => (Allow) C:\Program Files\HP\HP Officejet 6700\Bin\DeviceSetup.exe
FirewallRules: [{E3B484FE-6055-466D-B607-E6B57FF8676B}] => (Allow) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe
FirewallRules: [{0048073E-4041-42F9-94E3-F25516F9143D}] => (Allow) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{3D2F336D-7117-49FD-B8A2-FC194C9598F5}] => (Allow) C:\Users\Marie-Luise\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [{9D60C568-89F2-42DB-9DEC-7D1704875119}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E921CD51-E941-4B81-A1A6-C79D2F14FDCA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3C7F4936-989A-4354-81B0-7FA153E46F75}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{F808B78E-F593-47C1-B7ED-C600D8D5916B}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (11/29/2015 08:21:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/29/2015 07:32:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/28/2015 08:47:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/27/2015 06:52:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/25/2015 10:54:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/25/2015 09:51:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/24/2015 06:30:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/22/2015 01:21:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/19/2015 09:06:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/19/2015 06:44:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Systemfehler:
=============
Error: (11/29/2015 08:20:33 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 29.11.2015 um 20:19:30 unerwartet heruntergefahren.
Error: (11/29/2015 08:19:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Druckwarteschlange" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (11/29/2015 08:19:59 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "Spooler" konnte sich nicht als "NT AUTHORITY\SYSTEM" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%50
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (11/29/2015 08:19:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (11/29/2015 08:19:59 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "WSearch" konnte sich nicht als "NT AUTHORITY\SYSTEM" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%50
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (11/29/2015 08:19:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (11/29/2015 08:19:59 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "WMPNetworkSvc" konnte sich nicht als "NT AUTHORITY\NetworkService" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%50
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (11/29/2015 08:19:58 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Lenovo PM Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (11/29/2015 08:19:57 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.
Modulpfad: C:\Windows\System32\IWMSSvc.dll
Error: (11/29/2015 08:19:29 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "MBAMScheduler" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i3-4100M CPU @ 2.50GHz
Prozentuale Nutzung des RAM: 61%
Installierter physikalischer RAM: 3810.46 MB
Verfügbarer physikalischer RAM: 1459.78 MB
Summe virtueller Speicher: 7619.12 MB
Verfügbarer virtueller Speicher: 4434.14 MB
==================== Laufwerke ================================
Drive c: (Windows7_OS) (Fixed) (Total:301.89 GB) (Free:248.94 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive d: (Volume) (Fixed) (Total:146.48 GB) (Free:120.8 GB) NTFS
Drive q: (Lenovo_Recovery) (Fixed) (Total:15.92 GB) (Free:4.03 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 49FC2C21)
Partition 1: (Active) - (Size=1.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=301.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=146.5 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=15.9 GB) - (Type=07 NTFS)
==================== Ende von Addition.txt ============================
|
|
29.11.2015, 21:48
| #4 |
| | Windows7: Trojaner, registy befallen, HKU, HKCU Und hier die logfile von TDSS Code:
ATTFilter 21:24:07.0173 0x13e8 TDSS rootkit removing tool 3.1.0.6 Nov 16 2015 12:17:23
21:24:13.0210 0x13e8 ============================================================
21:24:13.0210 0x13e8 Current date / time: 2015/11/29 21:24:13.0210
21:24:13.0210 0x13e8 SystemInfo:
21:24:13.0210 0x13e8
21:24:13.0210 0x13e8 OS Version: 6.1.7601 ServicePack: 1.0
21:24:13.0210 0x13e8 Product type: Workstation
21:24:13.0210 0x13e8 ComputerName: MARIE-NOTEBOOK
21:24:13.0210 0x13e8 UserName: Marie-Luise
21:24:13.0210 0x13e8 Windows directory: C:\Windows
21:24:13.0210 0x13e8 System windows directory: C:\Windows
21:24:13.0210 0x13e8 Running under WOW64
21:24:13.0210 0x13e8 Processor architecture: Intel x64
21:24:13.0210 0x13e8 Number of processors: 4
21:24:13.0210 0x13e8 Page size: 0x1000
21:24:13.0210 0x13e8 Boot type: Normal boot
21:24:13.0210 0x13e8 ============================================================
21:24:13.0398 0x13e8 KLMD registered as C:\Windows\system32\drivers\09129714.sys
21:24:14.0006 0x13e8 System UUID: {4A4C0AD2-3B98-8D29-1106-303787C730DD}
21:24:14.0927 0x13e8 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:24:14.0942 0x13e8 ============================================================
21:24:14.0942 0x13e8 \Device\Harddisk0\DR0:
21:24:14.0942 0x13e8 MBR partitions:
21:24:14.0942 0x13e8 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2EE000
21:24:14.0942 0x13e8 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x25BC8800
21:24:14.0958 0x13e8 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x25EB7800, BlocksNum 0x124F8000
21:24:14.0958 0x13e8 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x383AF800, BlocksNum 0x1FD6000
21:24:14.0958 0x13e8 ============================================================
21:24:15.0005 0x13e8 C: <-> \Device\Harddisk0\DR0\Partition2
21:24:15.0051 0x13e8 Q: <-> \Device\Harddisk0\DR0\Partition4
21:24:15.0098 0x13e8 D: <-> \Device\Harddisk0\DR0\Partition3
21:24:15.0098 0x13e8 ============================================================
21:24:15.0098 0x13e8 Initialize success
21:24:15.0098 0x13e8 ============================================================
21:24:21.0869 0x0204 ============================================================
21:24:21.0869 0x0204 Scan started
21:24:21.0869 0x0204 Mode: Manual;
21:24:21.0869 0x0204 ============================================================
21:24:21.0869 0x0204 KSN ping started
21:24:35.0367 0x0204 KSN ping finished: true
21:24:37.0459 0x0204 ================ Scan system memory ========================
21:24:37.0459 0x0204 System memory - ok
21:24:37.0460 0x0204 ================ Scan services =============================
21:24:37.0592 0x0204 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
21:24:37.0596 0x0204 1394ohci - ok
21:24:37.0629 0x0204 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
21:24:37.0634 0x0204 ACPI - ok
21:24:37.0638 0x0204 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
21:24:37.0639 0x0204 AcpiPmi - ok
21:24:37.0739 0x0204 [ 5DB2C6B908C50767E2EDAA294A7566B5, 13AE4879D679BB0C6B2A5A5B13910359815A9D2E569BC1DE740B5A387A78CF33 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:24:37.0743 0x0204 AdobeARMservice - ok
21:24:37.0864 0x0204 [ 280A526E8111AC6A5BCC1A059E1E0340, FB92DDAE29A097D148AB23D8A0BD2B9E662EC1DBF0DA8B716374D6919B4C646F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:24:37.0876 0x0204 AdobeFlashPlayerUpdateSvc - ok
21:24:37.0901 0x0204 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
21:24:37.0910 0x0204 adp94xx - ok
21:24:37.0943 0x0204 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\drivers\adpahci.sys
21:24:37.0950 0x0204 adpahci - ok
21:24:37.0960 0x0204 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
21:24:37.0965 0x0204 adpu320 - ok
21:24:37.0994 0x0204 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:24:37.0995 0x0204 AeLookupSvc - ok
21:24:38.0050 0x0204 [ 9A4A1EEE802BF2F878EE8EAB407B21B7, 177EB7DF4B35FE4C0E45E775A0FD5D48D39B410052E3EE18BDEEC809E152D9D8 ] AFD C:\Windows\system32\drivers\afd.sys
21:24:38.0058 0x0204 AFD - ok
21:24:38.0074 0x0204 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
21:24:38.0075 0x0204 agp440 - ok
21:24:38.0080 0x0204 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
21:24:38.0081 0x0204 ALG - ok
21:24:38.0086 0x0204 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
21:24:38.0087 0x0204 aliide - ok
21:24:38.0091 0x0204 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
21:24:38.0091 0x0204 amdide - ok
21:24:38.0095 0x0204 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
21:24:38.0097 0x0204 AmdK8 - ok
21:24:38.0103 0x0204 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
21:24:38.0105 0x0204 AmdPPM - ok
21:24:38.0111 0x0204 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
21:24:38.0113 0x0204 amdsata - ok
21:24:38.0120 0x0204 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
21:24:38.0123 0x0204 amdsbs - ok
21:24:38.0128 0x0204 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
21:24:38.0129 0x0204 amdxata - ok
21:24:38.0236 0x0204 [ 6B31C215750CD41567E962D22839EE44, FF0B92807296B88DE37F9F2EB27FF7B73AA998B98074AA54A949A2B79690AFE5 ] AntiVirMailService C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe
21:24:38.0262 0x0204 AntiVirMailService - ok
21:24:38.0349 0x0204 [ 18B0643B3B504E0FDCFCE0C8743B29C7, 1D4C004AD5066F52A4AA039F5364814F8F6B04EC1F704A5A3110172AD465661C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\Antivirus\sched.exe
21:24:38.0366 0x0204 AntiVirSchedulerService - ok
21:24:38.0420 0x0204 [ 18B0643B3B504E0FDCFCE0C8743B29C7, 1D4C004AD5066F52A4AA039F5364814F8F6B04EC1F704A5A3110172AD465661C ] AntiVirService C:\Program Files (x86)\Avira\Antivirus\avguard.exe
21:24:38.0429 0x0204 AntiVirService - ok
21:24:38.0490 0x0204 [ D84E576299C73B0B1DC477D2B99958C4, D6703C2B63B9FA87C2DA009CC7B6DF76C3603C6A9874B152D685A1B92EE2DF28 ] AntiVirWebService C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe
21:24:38.0510 0x0204 AntiVirWebService - ok
21:24:38.0560 0x0204 [ 27DABFB4A6B0140C34DBEC713469592B, A355170D353AFBF0DE4EF53282F8404788FBBD0E2A1B7282B1B2925923E83141 ] AppID C:\Windows\system32\drivers\appid.sys
21:24:38.0562 0x0204 AppID - ok
21:24:38.0654 0x0204 [ ABC373B9C6275D45F17DB559408FFD1B, 12B355393BEBE2D1D24D7A9DA5E69E03E334899407503BC1CADCF7BE39828223 ] AppIDSvc C:\Windows\System32\appidsvc.dll
21:24:38.0657 0x0204 AppIDSvc - ok
21:24:38.0704 0x0204 [ 978DC0A1FBE9CC91B21B40AF66CB396A, 90BAFF81D98F5AFD743D8BD65F716666A7A7BD2DA612492E03C79B29E9A0F8C2 ] Appinfo C:\Windows\System32\appinfo.dll
21:24:38.0709 0x0204 Appinfo - ok
21:24:38.0735 0x0204 [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt C:\Windows\System32\appmgmts.dll
21:24:38.0742 0x0204 AppMgmt - ok
21:24:38.0751 0x0204 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\drivers\arc.sys
21:24:38.0754 0x0204 arc - ok
21:24:38.0762 0x0204 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\drivers\arcsas.sys
21:24:38.0767 0x0204 arcsas - ok
21:24:38.0838 0x0204 [ 108FB6DDB69E537A2EA53F425363FAE5, B12A9F5338D39805E08A44A335FF7AA77F2266F535A2F5C8412CC746C75E5B1D ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
21:24:38.0859 0x0204 aspnet_state - ok
21:24:38.0871 0x0204 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:24:38.0873 0x0204 AsyncMac - ok
21:24:38.0879 0x0204 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
21:24:38.0881 0x0204 atapi - ok
21:24:38.0927 0x0204 [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:24:38.0946 0x0204 AudioEndpointBuilder - ok
21:24:38.0964 0x0204 [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv C:\Windows\System32\Audiosrv.dll
21:24:38.0977 0x0204 AudioSrv - ok
21:24:39.0002 0x0204 [ 03C6DEB5C74C8140C2167677DBE2F79A, D5C727B007C5B486DECE1A1B83D8155299DD7CB46DC8208CE9185C5BAE5CC33A ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
21:24:39.0005 0x0204 avgntflt - ok
21:24:39.0035 0x0204 [ 043E5F34C3878C844568658B79B3E55C, D13D8FC5205562E02F252C0EE1AB2236C9212445D6EC3715041EBDF993CB467F ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
21:24:39.0037 0x0204 avipbb - ok
21:24:39.0147 0x0204 [ 6C4B9A2FF6924405E9ABFB558049D4DD, 9AB314B9ECF41832589726556A93CEAAE2AE774B1738A46A027E833B73A72118 ] Avira.ServiceHost C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
21:24:39.0160 0x0204 Avira.ServiceHost - ok
21:24:39.0175 0x0204 [ 390184FAD8FCC1B6DA25AEBAE928C3B6, 537B0E0FAE080B55D70E990BBA0F7F22903CA340F6A42039BAD617A8ECF59119 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
21:24:39.0177 0x0204 avkmgr - ok
21:24:39.0204 0x0204 [ 080860E03F0219AF0A0377A02292741F, F0A151509BFEBFE639CC15388847EB2EDA298CFAE0AC4A1358A1472F42320249 ] avnetflt C:\Windows\system32\DRIVERS\avnetflt.sys
21:24:39.0208 0x0204 avnetflt - ok
21:24:39.0237 0x0204 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
21:24:39.0241 0x0204 AxInstSV - ok
21:24:39.0300 0x0204 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
21:24:39.0320 0x0204 b06bdrv - ok
21:24:39.0331 0x0204 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
21:24:39.0338 0x0204 b57nd60a - ok
21:24:39.0400 0x0204 [ 4BEFF67C1775D353A16A62347E727874, 62363C5E5F4BF049A3E49FADA8CB17269945056ACADB319FDC4F05B74E2553C8 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BBSvc.exe
21:24:39.0405 0x0204 BBSvc - ok
21:24:39.0465 0x0204 [ A6DAAD3EA93DBDBD07FA821BCED133F6, 8F33D4E4B82091D09E62FD5487C88F3DF0DAC31FCBB846183CC4020533A131DE ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.exe
21:24:39.0471 0x0204 BBUpdate - ok
21:24:39.0484 0x0204 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
21:24:39.0487 0x0204 BDESVC - ok
21:24:39.0492 0x0204 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
21:24:39.0493 0x0204 Beep - ok
21:24:39.0538 0x0204 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
21:24:39.0553 0x0204 BFE - ok
21:24:39.0603 0x0204 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll
21:24:39.0621 0x0204 BITS - ok
21:24:39.0626 0x0204 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
21:24:39.0627 0x0204 blbdrive - ok
21:24:39.0736 0x0204 [ E7429ECD0C47CC065EEACF7E9D0E6341, 10D8231E14C908A0949108EB5F84E17BA10ABFC370D0C5F65945B23879AB12BF ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
21:24:39.0789 0x0204 Bluetooth Device Monitor - ok
21:24:39.0849 0x0204 [ 0F432B34D80351EFC5E35F14D9798CFD, 591D913E069C1C69212A7742D7182E24E669FE7B50680D8D337F32CF9F72B163 ] Bluetooth Media Service C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
21:24:39.0886 0x0204 Bluetooth Media Service - ok
21:24:39.0934 0x0204 [ 96924B1D3060B0C0FFD77D01CB234D9F, 2A02EEC4092646A0BD26B8E8BA8B75F82EB6F46003C56C9A838E412006457DD2 ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
21:24:39.0968 0x0204 Bluetooth OBEX Service - ok
21:24:39.0999 0x0204 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:24:40.0002 0x0204 bowser - ok
21:24:40.0007 0x0204 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
21:24:40.0008 0x0204 BrFiltLo - ok
21:24:40.0014 0x0204 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
21:24:40.0015 0x0204 BrFiltUp - ok
21:24:40.0033 0x0204 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
21:24:40.0037 0x0204 Browser - ok
21:24:40.0053 0x0204 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
21:24:40.0061 0x0204 Brserid - ok
21:24:40.0071 0x0204 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
21:24:40.0073 0x0204 BrSerWdm - ok
21:24:40.0081 0x0204 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
21:24:40.0082 0x0204 BrUsbMdm - ok
21:24:40.0092 0x0204 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
21:24:40.0092 0x0204 BrUsbSer - ok
21:24:40.0139 0x0204 [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
21:24:40.0141 0x0204 BthEnum - ok
21:24:40.0146 0x0204 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
21:24:40.0149 0x0204 BTHMODEM - ok
21:24:40.0163 0x0204 [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
21:24:40.0167 0x0204 BthPan - ok
21:24:40.0201 0x0204 [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
21:24:40.0213 0x0204 BTHPORT - ok
21:24:40.0218 0x0204 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
21:24:40.0221 0x0204 bthserv - ok
21:24:40.0234 0x0204 [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
21:24:40.0236 0x0204 BTHUSB - ok
21:24:40.0253 0x0204 [ 5B8D71504FA8BFA308F6E1169B89D322, 1DC0CF47C5F655EA0F0992020C17A86D05637F55ACBB17380283EBB883A4D14D ] btmaux C:\Windows\system32\DRIVERS\btmaux.sys
21:24:40.0257 0x0204 btmaux - ok
21:24:40.0305 0x0204 [ D66F3A4F11E42142722DCF9DC5A451D6, 6576421E24ABB4F0A7B5EFB5CF6F9C6F510AFDD0087415D57A5ABBB0866B3E39 ] btmhsf C:\Windows\system32\DRIVERS\btmhsf.sys
21:24:40.0346 0x0204 btmhsf - ok
21:24:40.0355 0x0204 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:24:40.0358 0x0204 cdfs - ok
21:24:40.0365 0x0204 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
21:24:40.0369 0x0204 cdrom - ok
21:24:40.0414 0x0204 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
21:24:40.0417 0x0204 CertPropSvc - ok
21:24:40.0421 0x0204 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\drivers\circlass.sys
21:24:40.0422 0x0204 circlass - ok
21:24:40.0442 0x0204 [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS C:\Windows\system32\CLFS.sys
21:24:40.0452 0x0204 CLFS - ok
21:24:40.0692 0x0204 [ 2CE5D5AEE7EC90FE0CF8A8FBBB1B1A6C, E93E8362FB1D173D8F15C753190CF41474C183A667AF90378389563A70D93864 ] ClickToRunSvc C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
21:24:40.0759 0x0204 ClickToRunSvc - ok
21:24:40.0820 0x0204 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:24:40.0822 0x0204 clr_optimization_v2.0.50727_32 - ok
21:24:40.0852 0x0204 [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:24:40.0856 0x0204 clr_optimization_v2.0.50727_64 - ok
21:24:40.0897 0x0204 [ 6D7C8A951AF6AD6835C029B3CB88D333, 66F3D79887B2449B4C6912D1A258D1A96056888F51A8AA24FEDF37942AD5BDBB ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:24:40.0926 0x0204 clr_optimization_v4.0.30319_32 - ok
21:24:40.0942 0x0204 [ 86329C35FF23CFEF0FB6C0023BA06BCE, D915CE7AD564F97A1C3B047D5248B7EF67ADDC59687FBC90F1776C21DAA0D3FD ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:24:40.0948 0x0204 clr_optimization_v4.0.30319_64 - ok
21:24:40.0953 0x0204 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
21:24:40.0954 0x0204 CmBatt - ok
21:24:40.0958 0x0204 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:24:40.0959 0x0204 cmdide - ok
21:24:40.0997 0x0204 [ EC0511BB85BAA42A9734011685A6732C, 10B52F0860CCB3AA0FC34DDA5C5538BFCF7B6D40738B7756297237FD2D9E01C1 ] CNG C:\Windows\system32\Drivers\cng.sys
21:24:41.0010 0x0204 CNG - ok
21:24:41.0119 0x0204 [ CE6D6C023F23F968ABF03892972A9DCF, EBF415F15A30ED76C1D416D3D7E2D0558273DF08A134BFEF108BBE2410803ECC ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
21:24:41.0173 0x0204 CnxtHdAudService - ok
21:24:41.0179 0x0204 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
21:24:41.0180 0x0204 Compbatt - ok
21:24:41.0199 0x0204 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
21:24:41.0201 0x0204 CompositeBus - ok
21:24:41.0212 0x0204 COMSysApp - ok
21:24:41.0278 0x0204 [ 76FE8C1490B70250921EC88D833742D0, 19625C894E457300641456F5BE0AEB8A7AE96661B5DE49EE772E2621FAAB92AA ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe
21:24:41.0285 0x0204 cphs - ok
21:24:41.0293 0x0204 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
21:24:41.0295 0x0204 crcdisk - ok
21:24:41.0317 0x0204 [ 1CD76A83B9E8E9A5A3519B39E28354D9, F9931743B99820FFBFB13136DFFD92F86802D543F9D8478648CDC554FB38899D ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:24:41.0320 0x0204 CryptSvc - ok
21:24:41.0353 0x0204 [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC C:\Windows\system32\drivers\csc.sys
21:24:41.0364 0x0204 CSC - ok
21:24:41.0383 0x0204 [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService C:\Windows\System32\cscsvc.dll
21:24:41.0396 0x0204 CscService - ok
21:24:41.0573 0x0204 [ 426B2624A1669D233BAB6C4AC5E9432E, C03746D04094FAEA0650032447667055E7C7D1094581D4C1EB414D22A164CA99 ] CxAudMsg C:\Windows\system32\CxAudMsg64.exe
21:24:41.0580 0x0204 CxAudMsg - ok
21:24:41.0636 0x0204 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
21:24:41.0649 0x0204 DcomLaunch - ok
21:24:41.0779 0x0204 [ CC8B5C964B777F4EC3E89F13B4B5FF0F, 75E161265CCFFCB61FCE855C9790E2E06531E6B1C3DCCB1E3018466D03AD3919 ] DCService.exe C:\ProgramData\DatacardService\DCService.exe
21:24:41.0792 0x0204 DCService.exe - ok
21:24:41.0834 0x0204 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
21:24:41.0846 0x0204 defragsvc - ok
21:24:41.0854 0x0204 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:24:41.0858 0x0204 DfsC - ok
21:24:41.0886 0x0204 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
21:24:41.0893 0x0204 Dhcp - ok
21:24:41.0900 0x0204 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
21:24:41.0901 0x0204 discache - ok
21:24:41.0916 0x0204 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\drivers\disk.sys
21:24:41.0918 0x0204 Disk - ok
21:24:42.0196 0x0204 [ 260169AFE0247D3817DDD7EC6C6AD0BC, 2C0FB869A23AC18B7874899C5599691464C158E1881AD5EEEE95D6D0B182C9CF ] DisplayLinkService C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
21:24:42.0441 0x1844 Object required for P2P: [ 6C4B9A2FF6924405E9ABFB558049D4DD ] Avira.ServiceHost
21:24:42.0468 0x0204 DisplayLinkService - ok
21:24:42.0516 0x0204 [ 5DB085A8A6600BE6401F2B24EECB5415, 5FC5C7C1B4DB7BF6EFD0992E91DB41FD047E90D1ABA0B8F868CB72557F88FB13 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
21:24:42.0518 0x0204 dmvsc - ok
21:24:42.0535 0x0204 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:24:42.0541 0x0204 Dnscache - ok
21:24:42.0551 0x0204 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
21:24:42.0557 0x0204 dot3svc - ok
21:24:42.0569 0x0204 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
21:24:42.0573 0x0204 DPS - ok
21:24:42.0590 0x0204 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:24:42.0591 0x0204 drmkaud - ok
21:24:42.0751 0x0204 [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:24:42.0779 0x0204 DXGKrnl - ok
21:24:42.0793 0x0204 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
21:24:42.0796 0x0204 EapHost - ok
21:24:42.0896 0x0204 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\drivers\evbda.sys
21:24:42.0987 0x0204 ebdrv - ok
21:24:43.0015 0x0204 [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] EFS C:\Windows\System32\lsass.exe
21:24:43.0018 0x0204 EFS - ok
21:24:43.0076 0x0204 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:24:43.0094 0x0204 ehRecvr - ok
21:24:43.0099 0x0204 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
21:24:43.0103 0x0204 ehSched - ok
21:24:43.0127 0x0204 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\drivers\elxstor.sys
21:24:43.0138 0x0204 elxstor - ok
21:24:43.0143 0x0204 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:24:43.0144 0x0204 ErrDev - ok
21:24:43.0177 0x0204 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
21:24:43.0186 0x0204 EventSystem - ok
21:24:43.0286 0x0204 [ 7876CB89775B67347797E04775B2FAF9, F62D2778F7399B04E3A0DDE2E87428AB92D9FA63FBDF943709BC38A94F0015E6 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
21:24:43.0299 0x0204 EvtEng - ok
21:24:43.0349 0x0204 [ 23B79B19F49A037EBA4A9A3BB03ED91D, 2E0918B20188CBFAC0E64A5B36739DF4638A343553908888DFDD708743370F3F ] ewusbnet C:\Windows\system32\DRIVERS\ewusbnet.sys
21:24:43.0356 0x0204 ewusbnet - ok
21:24:43.0382 0x0204 [ E2CBB821C7CAE0EF8B56DE28ED85C740, 4AB358FEBC7B57774B2DD54705FAD3F5E0308F1E1FECBED73231DCEF11CF7D3B ] ew_hwusbdev C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
21:24:43.0386 0x0204 ew_hwusbdev - ok
21:24:43.0393 0x0204 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
21:24:43.0399 0x0204 exfat - ok
21:24:43.0407 0x0204 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:24:43.0411 0x0204 fastfat - ok
21:24:43.0451 0x0204 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
21:24:43.0469 0x0204 Fax - ok
21:24:43.0474 0x0204 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\drivers\fdc.sys
21:24:43.0475 0x0204 fdc - ok
21:24:43.0489 0x0204 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
21:24:43.0491 0x0204 fdPHost - ok
21:24:43.0497 0x0204 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
21:24:43.0499 0x0204 FDResPub - ok
21:24:43.0504 0x0204 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:24:43.0507 0x0204 FileInfo - ok
21:24:43.0511 0x0204 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:24:43.0512 0x0204 Filetrace - ok
21:24:43.0515 0x0204 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
21:24:43.0516 0x0204 flpydisk - ok
21:24:43.0537 0x0204 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:24:43.0544 0x0204 FltMgr - ok
21:24:43.0597 0x0204 [ D5A775990A7C202A037378FDBCDB6141, 27AD242914FAFB7A27B3045C0F0F6AFE6873FE331A51D8BB29A63B5D84C72EFB ] FontCache C:\Windows\system32\FntCache.dll
21:24:43.0629 0x0204 FontCache - ok
21:24:43.0655 0x0204 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:24:43.0657 0x0204 FontCache3.0.0.0 - ok
21:24:43.0661 0x0204 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
21:24:43.0663 0x0204 FsDepends - ok
21:24:43.0668 0x0204 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:24:43.0669 0x0204 Fs_Rec - ok
21:24:43.0678 0x0204 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
21:24:43.0683 0x0204 fvevol - ok
21:24:43.0700 0x0204 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
21:24:43.0701 0x0204 gagp30kx - ok
21:24:43.0735 0x0204 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
21:24:43.0751 0x0204 gpsvc - ok
21:24:43.0772 0x0204 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
21:24:43.0774 0x0204 hcw85cir - ok
21:24:43.0791 0x0204 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:24:43.0799 0x0204 HdAudAddService - ok
21:24:43.0833 0x0204 [ 12DED0995AE2BA68EBBE70E14A76EE02, 54A658F4E8D6D98594BE43289083AD4267EB6B3F99D789A75719DBCA5188E87F ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
21:24:43.0837 0x0204 HDAudBus - ok
21:24:43.0840 0x0204 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
21:24:43.0841 0x0204 HidBatt - ok
21:24:43.0848 0x0204 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\drivers\hidbth.sys
21:24:43.0850 0x0204 HidBth - ok
21:24:43.0854 0x0204 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\drivers\hidir.sys
21:24:43.0856 0x0204 HidIr - ok
21:24:43.0872 0x0204 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
21:24:43.0873 0x0204 hidserv - ok
21:24:43.0878 0x0204 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
21:24:43.0879 0x0204 HidUsb - ok
21:24:43.0889 0x0204 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:24:43.0893 0x0204 hkmsvc - ok
21:24:43.0910 0x0204 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:24:43.0916 0x0204 HomeGroupListener - ok
21:24:43.0933 0x0204 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:24:43.0938 0x0204 HomeGroupProvider - ok
21:24:43.0943 0x0204 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
21:24:43.0945 0x0204 HpSAMD - ok
21:24:43.0987 0x0204 [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:24:44.0004 0x0204 HTTP - ok
21:24:44.0024 0x0204 [ 08B1A06A55F068A17A51BA26618CF50F, 8ADFC9D3003208A9B3BE12DCD1418A13C4D19E13E00EFEE556EF87B70F49B2E6 ] huawei_enumerator C:\Windows\system32\DRIVERS\ew_jubusenum.sys
21:24:44.0027 0x0204 huawei_enumerator - ok
21:24:44.0050 0x0204 [ 6E5CD3984742A922D0C183C7E82C3C94, EE350C8736F0AC6751E18694E1F1142477112C8C2D83347C1EE9483BEC0DA117 ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
21:24:44.0054 0x0204 hwdatacard - ok
21:24:44.0062 0x0204 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
21:24:44.0063 0x0204 hwpolicy - ok
21:24:44.0076 0x0204 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
21:24:44.0079 0x0204 i8042prt - ok
21:24:44.0117 0x0204 [ 57CD95DEB3529181BCC931DD2DFB2341, 03ACF906E4C3CF954F503900F42C7A60FCD5624772B90A956F032484146E42B7 ] iaStorA C:\Windows\system32\DRIVERS\iaStorA.sys
21:24:44.0127 0x0204 iaStorA - ok
21:24:44.0145 0x0204 [ CE5CD8CBE940965867D507AB8EA2795A, 1CC2C23A1436E4C911DD3B942D8F6DABB7249AB04426F9AB6B6045034226DD25 ] iaStorF C:\Windows\system32\DRIVERS\iaStorF.sys
21:24:44.0147 0x0204 iaStorF - ok
21:24:44.0160 0x0204 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
21:24:44.0169 0x0204 iaStorV - ok
21:24:44.0203 0x0204 [ B005844661028E11480D724A709CC298, DC738AA0246581814915160BA824C2DB9009E6CFCCDB6A268F08C8D13F52BEB0 ] IBMPMDRV C:\Windows\system32\DRIVERS\ibmpmdrv.sys
21:24:44.0206 0x0204 IBMPMDRV - ok
21:24:44.0215 0x0204 [ ED802CE6B36E280401197F593634C1DD, 620F2D5F40B8E61DE606FC1B1B1DCDD12BE7431E065F9CB776FDCFF915B1D243 ] IBMPMSVC C:\Windows\system32\ibmpmsvc.exe
21:24:44.0216 0x0204 IBMPMSVC - ok
21:24:44.0257 0x0204 [ 617EEDD27FB557C9D95D68096564C930, 59AA6F9884C9B504D5B524B6EFF8148669251085FAF12AE3634F0C753850CDC3 ] ibtusb C:\Windows\system32\DRIVERS\ibtusb.sys
21:24:44.0260 0x0204 ibtusb - ok
21:24:44.0324 0x0204 [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:24:44.0342 0x0204 idsvc - ok
21:24:44.0347 0x0204 IEEtwCollectorService - ok
21:24:44.0521 0x0204 [ AEF200DC087141A5F66A6B006D2F0FD4, A38A0684637D9FE58271D91B93184A72414948E35145D19246BF6FBC60E28B3C ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
21:24:44.0687 0x0204 igfx - ok
21:24:44.0697 0x0204 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\drivers\iirsp.sys
21:24:44.0698 0x0204 iirsp - ok
21:24:44.0738 0x0204 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
21:24:44.0757 0x0204 IKEEXT - ok
21:24:44.0783 0x0204 [ 314285071F7117263BD246E35C17FD82, 12E135DAB9D717D697026800C97FB58A64C0C37ACE715C2805A411A5384CB55A ] intaud_WaveExtensible C:\Windows\system32\drivers\intelaud.sys
21:24:44.0786 0x0204 intaud_WaveExtensible - ok
21:24:44.0824 0x0204 [ EEE7376243CD8A4B49B885EF122D25E5, A3B89E7B513C95558C4DA41D3C136D464381263BA43E00EC136FC776DAA0BA94 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
21:24:44.0834 0x0204 IntcDAud - ok
21:24:44.0904 0x0204 [ DDA8E5AD97231AB50B81FED04C28F64C, 5C9E8F7CC45A9AE7FF12A02641562E271D84894DFA7C50218AC2AAA298251B60 ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
21:24:44.0921 0x0204 Intel(R) Capability Licensing Service Interface - ok
21:24:44.0923 0x1844 Object send P2P result: true
21:24:44.0948 0x0204 [ 86FE509640D77FB0998FC8B1FF5523C6, 13E895DEB9B84379251699D7E52C5E3FD888994425DE01B6C4634F9E959D5584 ] Intel(R) Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
21:24:44.0966 0x0204 Intel(R) Capability Licensing Service TCP IP Interface - ok
21:24:44.0971 0x0204 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
21:24:44.0972 0x0204 intelide - ok
21:24:44.0976 0x0204 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:24:44.0977 0x0204 intelppm - ok
21:24:44.0988 0x0204 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:24:44.0991 0x0204 IPBusEnum - ok
21:24:45.0001 0x0204 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:24:45.0004 0x0204 IpFilterDriver - ok
21:24:45.0033 0x0204 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:24:45.0047 0x0204 iphlpsvc - ok
21:24:45.0052 0x0204 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
21:24:45.0054 0x0204 IPMIDRV - ok
21:24:45.0058 0x0204 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
21:24:45.0061 0x0204 IPNAT - ok
21:24:45.0067 0x0204 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:24:45.0068 0x0204 IRENUM - ok
21:24:45.0071 0x0204 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:24:45.0072 0x0204 isapnp - ok
21:24:45.0093 0x0204 [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
21:24:45.0099 0x0204 iScsiPrt - ok
21:24:45.0117 0x0204 [ 72B203A1F805C07E920E537414A0EA5F, 7EFB2A397034FF3D451D1763865E8AA330D8D4656E7C6F8CDA6489868023C36E ] iusb3hcs C:\Windows\system32\DRIVERS\iusb3hcs.sys
21:24:45.0119 0x0204 iusb3hcs - ok
21:24:45.0138 0x0204 [ 474BFFCF3214208C5FD440217D34FE6E, 181E4A091B24E8FBB9C1072E1FD2BABB1B0AD68D1112563A70A791FA3546D4CE ] iusb3hub C:\Windows\system32\DRIVERS\iusb3hub.sys
21:24:45.0147 0x0204 iusb3hub - ok
21:24:45.0188 0x0204 [ 842A11F2020CD94A0120E61F902E3664, 464EDED37258A22AC38C007524E34ED1A795E5607FF8BD322455A8F76CB4BDCE ] iusb3xhc C:\Windows\system32\DRIVERS\iusb3xhc.sys
21:24:45.0205 0x0204 iusb3xhc - ok
21:24:45.0217 0x0204 [ 4487AD9C070D3973FE28AB4406555FC6, 77D8DE3036613618D44D7E5E47C9C754B8F0FF294D9DD778C92A7AFDA8F778FC ] iwdbus C:\Windows\system32\DRIVERS\iwdbus.sys
21:24:45.0219 0x0204 iwdbus - ok
21:24:45.0275 0x0204 [ 9BFDEFD51800A2D47D43919653F4BEF4, C7221D9F82F7F04343EDA6FE41A4EC4C97F6DC4170780AA3983C8735369A5026 ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
21:24:45.0284 0x0204 jhi_service - ok
21:24:45.0290 0x0204 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
21:24:45.0292 0x0204 kbdclass - ok
21:24:45.0297 0x0204 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
21:24:45.0299 0x0204 kbdhid - ok
21:24:45.0342 0x0204 [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] KeyIso C:\Windows\system32\lsass.exe
21:24:45.0345 0x0204 KeyIso - ok
21:24:45.0375 0x0204 [ BCC83F22805F560C8A487F2F296A78FE, B6729B9D85CC3B9377E3143FEF920EFAA82D152845A43074417E9266C9F5C1A8 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:24:45.0377 0x0204 KSecDD - ok
21:24:45.0391 0x0204 [ 33D52A96BEEE8AFCE9E07EEC9FE0C9DB, 5367B46A43296792A0E6294906D40511079D5CAA23F08D5A7EDE02C06AD34484 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
21:24:45.0396 0x0204 KSecPkg - ok
21:24:45.0414 0x0204 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
21:24:45.0416 0x0204 ksthunk - ok
21:24:45.0449 0x0204 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
21:24:45.0457 0x0204 KtmRm - ok
21:24:45.0484 0x0204 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll
21:24:45.0491 0x0204 LanmanServer - ok
21:24:45.0507 0x0204 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:24:45.0512 0x0204 LanmanWorkstation - ok
21:24:45.0549 0x0204 [ D253E6009F05776F505F96866CCF460F, 8A39E77B4FC780BB9C6C8A892603248D87ED70255BF9BED0218BE2420B5E8C53 ] Lenovo.VIRTSCRLSVC C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
21:24:45.0555 0x0204 Lenovo.VIRTSCRLSVC - ok
21:24:45.0573 0x0204 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:24:45.0578 0x0204 lltdio - ok
21:24:45.0614 0x0204 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:24:45.0624 0x0204 lltdsvc - ok
21:24:45.0640 0x0204 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
21:24:45.0643 0x0204 lmhosts - ok
21:24:45.0683 0x0204 [ 9FE032AD8751C5DDCF01DE26C1EE84BC, FAE072D7FCAED0987EA7D822238521A7CF96662F8EFD154515EA2A6C5B4E64F5 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
21:24:45.0694 0x0204 LMS - ok
21:24:45.0784 0x0204 [ CE87E8E09273791172F7A1C60B225648, 03AB8A69C5A58FD3BCFF9E36FF83338B6866D82E4E550CD7CED686C4CC096DC1 ] LSCWinService C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe
21:24:45.0790 0x0204 LSCWinService - ok
21:24:45.0824 0x0204 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
21:24:45.0829 0x0204 LSI_FC - ok
21:24:45.0834 0x0204 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
21:24:45.0836 0x0204 LSI_SAS - ok
21:24:45.0842 0x0204 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
21:24:45.0844 0x0204 LSI_SAS2 - ok
21:24:45.0861 0x0204 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
21:24:45.0865 0x0204 LSI_SCSI - ok
21:24:45.0870 0x0204 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
21:24:45.0873 0x0204 luafv - ok
21:24:45.0903 0x0204 [ CFBC6C6D8A492697CABD1D353EE64933, DDAA844908324740C891EB8F08E2A8BB00457063B31C4A762745C1C2415FC12D ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
21:24:45.0905 0x0204 MBAMProtector - ok
21:24:46.0018 0x0204 [ AB176B9E59C0435499D83047D84EDD59, 85B826A3972CE9AD885313B69B9C60328B850257667D0EB65DDE890D0BB06361 ] MBAMScheduler C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
21:24:46.0072 0x0204 MBAMScheduler - ok
21:24:46.0138 0x0204 [ 40C126CB15FAB7D6C66490DCA9C1AED2, B32CEE2D2409232C245427D5E9647FDF59AF1D8AB5E8A98EE2D1F1314599FD14 ] MBAMService C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
21:24:46.0172 0x0204 MBAMService - ok
21:24:46.0213 0x0204 [ 78488AF2AB2111D67B3C4044707A519B, 7AA71B9C4C7949A1A21F60EF7CCEDE0079794990696B60557B5DC86F4D47223A ] MBAMSwissArmy C:\Windows\system32\drivers\MBAMSwissArmy.sys
21:24:46.0229 0x0204 MBAMSwissArmy - ok
21:24:46.0250 0x0204 [ D61070CFAD43038DC56AEAD9BFE9CE2A, BD77AEF60E7FD2015CB14A464799304359547146C14A47F8D25274ACFA2E42D5 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
21:24:46.0252 0x0204 MBAMWebAccessControl - ok
21:24:46.0322 0x0204 [ 1704A8189EE5580AB147CFD25C5C8770, DFA076FD36B5CC844D4BE3B865E9A1F809E14CCB1D78D82A2D8D8EE38210E6EB ] McComponentHostService C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe
21:24:46.0330 0x0204 McComponentHostService - ok
21:24:46.0359 0x0204 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:24:46.0362 0x0204 Mcx2Svc - ok
21:24:46.0372 0x0204 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\drivers\megasas.sys
21:24:46.0373 0x0204 megasas - ok
21:24:46.0381 0x0204 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
21:24:46.0389 0x0204 MegaSR - ok
21:24:46.0420 0x0204 [ 2BB3EAE2EA641515D4B205CAB29E1624, D3F18EE393EB1B0F919484281269A3C55A092D023E62C59D74CB63A55612024B ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
21:24:46.0422 0x0204 MEIx64 - ok
21:24:46.0440 0x0204 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
21:24:46.0443 0x0204 MMCSS - ok
21:24:46.0452 0x0204 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
21:24:46.0453 0x0204 Modem - ok
21:24:46.0474 0x0204 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:24:46.0475 0x0204 monitor - ok
21:24:46.0483 0x0204 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
21:24:46.0486 0x0204 mouclass - ok
21:24:46.0492 0x0204 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:24:46.0493 0x0204 mouhid - ok
21:24:46.0511 0x0204 [ 67050452C0118BAF2883928E6FCCFE47, 335FC0AEB7B47DCC7CE0CF3F424EB60ACB1327D2FF6515F04D9AC03A10FF1E31 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
21:24:46.0514 0x0204 mountmgr - ok
21:24:46.0520 0x0204 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
21:24:46.0525 0x0204 mpio - ok
21:24:46.0532 0x0204 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:24:46.0534 0x0204 mpsdrv - ok
21:24:46.0570 0x0204 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
21:24:46.0589 0x0204 MpsSvc - ok
21:24:46.0614 0x0204 [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:24:46.0619 0x0204 MRxDAV - ok
21:24:46.0649 0x0204 [ 73ADDCC406B86E7DA4416691E8E74BDA, 4EC970B9095E6DAA79BF7EFB92DF3F2C0AB0C46739AA36C171A262E05B63CBB5 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:24:46.0653 0x0204 mrxsmb - ok
21:24:46.0670 0x0204 [ 7C81098FBAF2EAF5B54B939F832B0F61, 999435DF4638ECB136D5BF1B84305A84B215BAB542E4D5301E57D28D507E11B3 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:24:46.0677 0x0204 mrxsmb10 - ok
21:24:46.0708 0x0204 [ ACB763673BCCE6C7B3B8F858C9FE4F1F, CCD49558F8A01A225AEAE60BF299BCA6E9399E39F4F553FABC36CADB164BBBC0 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:24:46.0712 0x0204 mrxsmb20 - ok
21:24:46.0727 0x0204 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
21:24:46.0730 0x0204 msahci - ok
21:24:46.0735 0x0204 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:24:46.0739 0x0204 msdsm - ok
21:24:46.0753 0x0204 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
21:24:46.0758 0x0204 MSDTC - ok
21:24:46.0778 0x0204 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:24:46.0780 0x0204 Msfs - ok
21:24:46.0790 0x0204 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
21:24:46.0791 0x0204 mshidkmdf - ok
21:24:46.0797 0x0204 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:24:46.0798 0x0204 msisadrv - ok
21:24:46.0820 0x0204 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:24:46.0828 0x0204 MSiSCSI - ok
21:24:46.0832 0x0204 msiserver - ok
21:24:46.0841 0x0204 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:24:46.0843 0x0204 MSKSSRV - ok
21:24:46.0850 0x0204 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:24:46.0852 0x0204 MSPCLOCK - ok
21:24:46.0855 0x0204 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:24:46.0856 0x0204 MSPQM - ok
21:24:46.0871 0x0204 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:24:46.0879 0x0204 MsRPC - ok
21:24:46.0890 0x0204 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
21:24:46.0891 0x0204 mssmbios - ok
21:24:46.0894 0x0204 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:24:46.0896 0x0204 MSTEE - ok
21:24:46.0899 0x0204 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
21:24:46.0900 0x0204 MTConfig - ok
21:24:46.0908 0x0204 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
21:24:46.0911 0x0204 Mup - ok
21:24:46.0966 0x0204 [ 35739E6A0C67147A9B75226946CDC903, C9DE77D6812C778F601F52E87ECDD228E52EA691AB9CEAD388998A7B5AFC3B89 ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
21:24:46.0975 0x0204 MyWiFiDHCPDNS - ok
21:24:47.0017 0x0204 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
21:24:47.0026 0x0204 napagent - ok
21:24:47.0046 0x0204 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:24:47.0054 0x0204 NativeWifiP - ok
21:24:47.0112 0x0204 [ F7309F42555F8AAB7144A51A1F2585B0, 065277A8AFAEE3888C997A76D2F751070F92DF4C3354D16B194860B4BDAFF937 ] NDIS C:\Windows\system32\drivers\ndis.sys
21:24:47.0132 0x0204 NDIS - ok
21:24:47.0144 0x0204 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
21:24:47.0147 0x0204 NdisCap - ok
21:24:47.0157 0x0204 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:24:47.0158 0x0204 NdisTapi - ok
21:24:47.0165 0x0204 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:24:47.0167 0x0204 Ndisuio - ok
21:24:47.0183 0x0204 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:24:47.0188 0x0204 NdisWan - ok
21:24:47.0202 0x0204 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:24:47.0204 0x0204 NDProxy - ok
21:24:47.0209 0x0204 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:24:47.0210 0x0204 NetBIOS - ok
21:24:47.0218 0x0204 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
21:24:47.0225 0x0204 NetBT - ok
21:24:47.0252 0x0204 [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] Netlogon C:\Windows\system32\lsass.exe
21:24:47.0254 0x0204 Netlogon - ok
21:24:47.0278 0x0204 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
21:24:47.0287 0x0204 Netman - ok
21:24:47.0338 0x0204 [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:24:47.0343 0x0204 NetMsmqActivator - ok
21:24:47.0349 0x0204 [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:24:47.0351 0x0204 NetPipeActivator - ok
21:24:47.0372 0x0204 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
21:24:47.0383 0x0204 netprofm - ok
21:24:47.0390 0x0204 [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:24:47.0393 0x0204 NetTcpActivator - ok
21:24:47.0398 0x0204 [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:24:47.0401 0x0204 NetTcpPortSharing - ok
21:24:47.0512 0x0204 [ C873B801A7D628474313B2887D051607, 894877BAB599F52FB606B240D53FEB84CC4A6BAD8A45CB1983231CD2AE0C7A79 ] NETwNs64 C:\Windows\system32\DRIVERS\Netwsw02.sys
21:24:47.0597 0x0204 NETwNs64 - ok
21:24:47.0608 0x0204 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
21:24:47.0610 0x0204 nfrd960 - ok
21:24:47.0641 0x0204 [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc C:\Windows\System32\nlasvc.dll
21:24:47.0648 0x0204 NlaSvc - ok
21:24:47.0652 0x0204 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:24:47.0653 0x0204 Npfs - ok
21:24:47.0669 0x0204 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
21:24:47.0670 0x0204 nsi - ok
21:24:47.0673 0x0204 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:24:47.0674 0x0204 nsiproxy - ok
21:24:47.0723 0x0204 [ B98F8C6E31CD07B2E6F71F7F648E38C0, 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:24:47.0765 0x0204 Ntfs - ok
21:24:47.0772 0x0204 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
21:24:47.0773 0x0204 Null - ok
21:24:47.0779 0x0204 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:24:47.0783 0x0204 nvraid - ok
21:24:47.0791 0x0204 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:24:47.0797 0x0204 nvstor - ok
21:24:47.0802 0x0204 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:24:47.0805 0x0204 nv_agp - ok
21:24:47.0810 0x0204 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
21:24:47.0812 0x0204 ohci1394 - ok
21:24:47.0881 0x0204 [ 1B9E7338761DAE4839ED87D7A248F817, 03AF40570DD8F8326EAF2A18227280DF0CEFFF1E12966E2829839C4B1E7F700E ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:24:47.0886 0x0204 ose - ok
21:24:48.0097 0x0204 [ FE9C0029E1AF26350D9985D00520E5C8, 967079CCF7B2CBD4B48C9F076675C26AF93A1CEC26C96811F279414E34004EE6 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:24:48.0286 0x0204 osppsvc - ok
21:24:48.0320 0x0204 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
21:24:48.0327 0x0204 p2pimsvc - ok
21:24:48.0347 0x0204 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
21:24:48.0355 0x0204 p2psvc - ok
21:24:48.0360 0x0204 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\drivers\parport.sys
21:24:48.0363 0x0204 Parport - ok
21:24:48.0369 0x0204 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:24:48.0371 0x0204 partmgr - ok
21:24:48.0399 0x0204 [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc C:\Windows\System32\pcasvc.dll
21:24:48.0405 0x0204 PcaSvc - ok
21:24:48.0423 0x0204 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
21:24:48.0428 0x0204 pci - ok
21:24:48.0432 0x0204 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
21:24:48.0433 0x0204 pciide - ok
21:24:48.0440 0x0204 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
21:24:48.0446 0x0204 pcmcia - ok
21:24:48.0450 0x0204 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
21:24:48.0452 0x0204 pcw - ok
21:24:48.0481 0x0204 [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:24:48.0498 0x0204 PEAUTH - ok
21:24:48.0556 0x0204 [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
21:24:48.0580 0x0204 PeerDistSvc - ok
21:24:48.0625 0x0204 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
21:24:48.0628 0x0204 PerfHost - ok
21:24:48.0680 0x0204 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
21:24:48.0722 0x0204 pla - ok
21:24:48.0757 0x0204 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:24:48.0765 0x0204 PlugPlay - ok
21:24:48.0775 0x0204 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
21:24:48.0777 0x0204 PNRPAutoReg - ok
21:24:48.0787 0x0204 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
21:24:48.0793 0x0204 PNRPsvc - ok
21:24:48.0820 0x0204 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:24:48.0832 0x0204 PolicyAgent - ok
21:24:48.0855 0x0204 [ A2CCA4FB273E6050F17A0A416CFF2FCD, C42BA18DF0C8E3F7358669A784E51E4DC7A4112096345EA699EDC95F561E0255 ] Power C:\Windows\system32\umpo.dll
21:24:48.0860 0x0204 Power - ok
21:24:48.0918 0x0204 [ 552F3539C70D010F97001E9B7228210B, 9CB45B7D67E0B99C78D0091173C983AB272FA8A18E1CB5AC3B1519B37964A11E ] Power Manager DBC Service C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
21:24:48.0945 0x0204 Power Manager DBC Service - ok
21:24:48.0961 0x0204 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:24:48.0967 0x0204 PptpMiniport - ok
21:24:48.0987 0x0204 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\drivers\processr.sys
21:24:48.0990 0x0204 Processor - ok
21:24:49.0013 0x0204 [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc C:\Windows\system32\profsvc.dll
21:24:49.0019 0x0204 ProfSvc - ok
21:24:49.0030 0x0204 [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:24:49.0031 0x0204 ProtectedStorage - ok
21:24:49.0053 0x0204 [ 05A4779E4994B21473EDBE85AABE8030, AFD597461B036FDE42013648A4D542B02AE1D7E128BF0B193BA4B478432F0C72 ] psadd C:\Windows\system32\DRIVERS\psadd.sys
21:24:49.0054 0x0204 psadd - ok
21:24:49.0065 0x0204 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
21:24:49.0069 0x0204 Psched - ok
21:24:49.0119 0x0204 [ FB3D6070413925193EA32D1652B921F0, 5D0EEDC966BD5A042A761411E69B376BC16339032BCC460CD4F2965DF05C1033 ] PwmEWSvc C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE
21:24:49.0170 0x0204 PwmEWSvc - ok
21:24:49.0226 0x0204 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
21:24:49.0267 0x0204 ql2300 - ok
21:24:49.0275 0x0204 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
21:24:49.0278 0x0204 ql40xx - ok
21:24:49.0293 0x0204 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
21:24:49.0300 0x0204 QWAVE - ok
21:24:49.0304 0x0204 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:24:49.0306 0x0204 QWAVEdrv - ok
21:24:49.0309 0x0204 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:24:49.0311 0x0204 RasAcd - ok
21:24:49.0321 0x0204 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
21:24:49.0323 0x0204 RasAgileVpn - ok
21:24:49.0338 0x0204 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
21:24:49.0344 0x0204 RasAuto - ok
21:24:49.0351 0x0204 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:24:49.0354 0x0204 Rasl2tp - ok
21:24:49.0370 0x0204 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
21:24:49.0379 0x0204 RasMan - ok
21:24:49.0384 0x0204 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:24:49.0387 0x0204 RasPppoe - ok
21:24:49.0392 0x0204 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:24:49.0394 0x0204 RasSstp - ok
21:24:49.0403 0x0204 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:24:49.0410 0x0204 rdbss - ok
21:24:49.0414 0x0204 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
21:24:49.0415 0x0204 rdpbus - ok
21:24:49.0418 0x0204 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:24:49.0419 0x0204 RDPCDD - ok
21:24:49.0477 0x0204 [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
21:24:49.0482 0x0204 RDPDR - ok
21:24:49.0489 0x0204 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:24:49.0489 0x0204 RDPENCDD - ok
21:24:49.0494 0x0204 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
21:24:49.0495 0x0204 RDPREFMP - ok
21:24:49.0523 0x0204 [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:24:49.0531 0x0204 RDPWD - ok
21:24:49.0549 0x0204 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
21:24:49.0556 0x0204 rdyboost - ok
21:24:49.0632 0x0204 [ BC49E8BDBC6C1B161FDDB350CE423366, D98C7948EE36808164766DD9934C204599275BE9FCD83515F9C0153202D38C34 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
21:24:49.0639 0x0204 RegSrvc - ok
21:24:49.0666 0x0204 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
21:24:49.0672 0x0204 RemoteAccess - ok
21:24:49.0696 0x0204 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:24:49.0701 0x0204 RemoteRegistry - ok
21:24:49.0733 0x0204 [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
21:24:49.0737 0x0204 RFCOMM - ok
21:24:49.0750 0x0204 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
21:24:49.0752 0x0204 RpcEptMapper - ok
21:24:49.0771 0x0204 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
21:24:49.0773 0x0204 RpcLocator - ok
21:24:49.0793 0x0204 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
21:24:49.0803 0x0204 RpcSs - ok
21:24:49.0815 0x0204 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:24:49.0817 0x0204 rspndr - ok
21:24:49.0857 0x0204 [ 1BE36AB59242A109697870F16A8E0EF8, CAC949D97EEFA0CE5E89084D0950B6E331145870355367803530D0DED4962F2E ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
21:24:49.0875 0x0204 RTL8167 - ok
21:24:49.0914 0x0204 [ 61EF084BB097FFAB50D05EE5115F7F98, 334E691C45A473977301DB8E8D03747388D2A2D940D3BC15493476404D801645 ] RTSPER C:\Windows\system32\DRIVERS\RtsPer.sys
21:24:49.0925 0x0204 RTSPER - ok
21:24:49.0940 0x0204 [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap C:\Windows\system32\drivers\vms3cap.sys
21:24:49.0942 0x0204 s3cap - ok
21:24:49.0947 0x0204 [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] SamSs C:\Windows\system32\lsass.exe
21:24:49.0949 0x0204 SamSs - ok
21:24:49.0952 0x0204 SAService - ok
21:24:49.0957 0x0204 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:24:49.0960 0x0204 sbp2port - ok
21:24:49.0974 0x0204 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:24:49.0979 0x0204 SCardSvr - ok
21:24:49.0984 0x0204 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
21:24:49.0986 0x0204 scfilter - ok
21:24:50.0037 0x0204 [ 40686B59C127F0C93B4234E4A1E3472A, B2DD61CB796C6AA8AFD285D43472B94646CA6D331D282818E0FDC9DE28DDE9CF ] Schedule C:\Windows\system32\schedsvc.dll
21:24:50.0060 0x0204 Schedule - ok
21:24:50.0083 0x0204 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
21:24:50.0086 0x0204 SCPolicySvc - ok
21:24:50.0100 0x0204 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:24:50.0106 0x0204 SDRSVC - ok
21:24:50.0109 0x0204 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:24:50.0110 0x0204 secdrv - ok
21:24:50.0121 0x0204 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
21:24:50.0124 0x0204 seclogon - ok
21:24:50.0134 0x0204 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll
21:24:50.0137 0x0204 SENS - ok
21:24:50.0159 0x0204 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
21:24:50.0161 0x0204 SensrSvc - ok
21:24:50.0166 0x0204 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\drivers\serenum.sys
21:24:50.0167 0x0204 Serenum - ok
21:24:50.0172 0x0204 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\drivers\serial.sys
21:24:50.0174 0x0204 Serial - ok
21:24:50.0189 0x0204 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\drivers\sermouse.sys
21:24:50.0190 0x0204 sermouse - ok
21:24:50.0221 0x0204 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
21:24:50.0225 0x0204 SessionEnv - ok
21:24:50.0229 0x0204 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
21:24:50.0230 0x0204 sffdisk - ok
21:24:50.0233 0x0204 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:24:50.0234 0x0204 sffp_mmc - ok
21:24:50.0237 0x0204 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
21:24:50.0238 0x0204 sffp_sd - ok
21:24:50.0241 0x0204 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
21:24:50.0243 0x0204 sfloppy - ok
21:24:50.0288 0x0204 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:24:50.0296 0x0204 SharedAccess - ok
21:24:50.0317 0x0204 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:24:50.0328 0x0204 ShellHWDetection - ok
21:24:50.0349 0x0204 [ 07514491857759A5D02A741C9DB6ECA2, D3EB21D90DB68F8BE695961BFA1256E4FA1274D59B3AA465A5485215ABBAA8C5 ] Shockprf C:\Windows\system32\DRIVERS\Apsx64.sys
21:24:50.0354 0x0204 Shockprf - ok
21:24:50.0365 0x0204 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
21:24:50.0367 0x0204 SiSRaid2 - ok
21:24:50.0385 0x0204 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
21:24:50.0388 0x0204 SiSRaid4 - ok
21:24:50.0392 0x0204 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:24:50.0395 0x0204 Smb - ok
21:24:50.0434 0x0204 [ 7C5B431BB6CD52C46295D9752C1C5A45, CBC2A342F019359629B7141ADD1A5AE3E97785D39ADD398EC60F897FABDD5554 ] SmbDrvI C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys
21:24:50.0435 0x0204 SmbDrvI - ok
21:24:50.0445 0x0204 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:24:50.0447 0x0204 SNMPTRAP - ok
21:24:50.0506 0x0204 [ 3A4F2C0BB87A0895ABEBA341AA1E341B, 4DADEEF3C5D181502D6F4A00FBBF3B001FA626E49569FB330D7AE2955CC7DE08 ] Sony PC Companion C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
21:24:50.0510 0x0204 Sony PC Companion - ok
21:24:50.0514 0x0204 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
21:24:50.0515 0x0204 spldr - ok
21:24:50.0538 0x0204 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe
21:24:50.0551 0x0204 Spooler - ok
21:24:50.0648 0x0204 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
21:24:50.0781 0x0204 sppsvc - ok
21:24:50.0790 0x0204 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
21:24:50.0793 0x0204 sppuinotify - ok
21:24:50.0818 0x0204 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
21:24:50.0828 0x0204 srv - ok
21:24:50.0840 0x0204 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:24:50.0849 0x0204 srv2 - ok
21:24:50.0856 0x0204 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:24:50.0860 0x0204 srvnet - ok
21:24:50.0878 0x0204 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:24:50.0884 0x0204 SSDPSRV - ok
21:24:50.0890 0x0204 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:24:50.0893 0x0204 SstpSvc - ok
21:24:50.0897 0x0204 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\drivers\stexstor.sys
21:24:50.0898 0x0204 stexstor - ok
21:24:50.0925 0x0204 [ DECACB6921DED1A38642642685D77DAC, 1633711CE973F818EBCCCA28538772431167C33ECDD44D1E846A9436598B52DC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
21:24:50.0927 0x0204 StillCam - ok
21:24:50.0948 0x0204 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
21:24:50.0961 0x0204 stisvc - ok
21:24:50.0973 0x0204 [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt C:\Windows\system32\drivers\vmstorfl.sys
21:24:50.0975 0x0204 storflt - ok
21:24:51.0001 0x0204 [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc C:\Windows\system32\storsvc.dll
21:24:51.0003 0x0204 StorSvc - ok
21:24:51.0008 0x0204 [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc C:\Windows\system32\drivers\storvsc.sys
21:24:51.0010 0x0204 storvsc - ok
21:24:51.0099 0x0204 [ 4219A2A1C9049CC35ADC65C1E2AC8842, 7B52107880251C7BA75E5A083A80B25FDC6C6AB34ACE7CDDAA990A04D76FB98E ] SUService C:\Program Files (x86)\Lenovo\System Update\SUService.exe
21:24:51.0102 0x0204 SUService - ok
21:24:51.0109 0x0204 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
21:24:51.0111 0x0204 swenum - ok
21:24:51.0151 0x0204 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
21:24:51.0170 0x0204 swprv - ok
21:24:51.0205 0x0204 [ 16021E640CFA11BFA5F4D789322CFC39, E7249AFD865607502A36A6EC931AA9D04185A255B568F9401D45608305DFBF83 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
21:24:51.0223 0x0204 SynTP - ok
21:24:51.0337 0x0204 [ 2E730941CC5BF6200A4F56D1E9C24AAD, 758836D55DC84F3EBE9917DC6FAB8E6170A5B238FEDBCFDB6D7C5C6EA98E08B2 ] SysMain C:\Windows\system32\sysmain.dll
21:24:51.0370 0x0204 SysMain - ok
21:24:51.0389 0x0204 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:24:51.0393 0x0204 TabletInputService - ok
21:24:51.0405 0x0204 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
21:24:51.0413 0x0204 TapiSrv - ok
21:24:51.0421 0x0204 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
21:24:51.0423 0x0204 TBS - ok
21:24:51.0517 0x0204 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:24:51.0589 0x0204 Tcpip - ok
21:24:51.0659 0x0204 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
21:24:51.0708 0x0204 TCPIP6 - ok
21:24:51.0742 0x0204 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:24:51.0745 0x0204 tcpipreg - ok
21:24:51.0750 0x0204 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:24:51.0751 0x0204 TDPIPE - ok
21:24:51.0768 0x0204 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:24:51.0770 0x0204 TDTCP - ok
21:24:51.0786 0x0204 [ AA77EB517D2F07A947294F260E3ACA83, B7A5DF3066830C0C2302B059778A67419792058A0D300C471DE40AB245EA7E58 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:24:51.0790 0x0204 tdx - ok
21:24:51.0794 0x0204 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
21:24:51.0796 0x0204 TermDD - ok
21:24:51.0839 0x0204 [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService C:\Windows\System32\termsrv.dll
21:24:51.0854 0x0204 TermService - ok
21:24:51.0866 0x0204 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
21:24:51.0868 0x0204 Themes - ok
21:24:51.0890 0x0204 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
21:24:51.0892 0x0204 THREADORDER - ok
21:24:51.0907 0x0204 [ D34181414FB3060A968DF24C4BA98764, EDD1AC4D41C8F9B32E47FF03A391AAC6BDB26D00A8C43898D35610EB08EEA25C ] TPDIGIMN C:\Windows\system32\DRIVERS\ApsHM64.sys
21:24:51.0908 0x0204 TPDIGIMN - ok
21:24:51.0922 0x0204 [ F3B696FD7CFBB5D73FF59E1018D8043D, 20B96C409FCB67AA24D417CACBA516756EAE5D4574FDA7951BDB1FA1DF67209B ] TPHDEXLGSVC C:\Windows\system32\TPHDEXLG64.exe
21:24:51.0926 0x0204 TPHDEXLGSVC - ok
21:24:51.0940 0x0204 [ DBCC20C02E8A3E43B03C304A4E40A84F, BF5F3ACCB0342304A6870E94D2576644B08DBF307C853C7DBA4B82B0C7309DA4 ] TPM C:\Windows\system32\drivers\tpm.sys
21:24:51.0941 0x0204 TPM - ok
21:24:51.0954 0x0204 [ A9EF6C7E62DC3B01C51CFB92C1596C62, 432335FDA5DF9FF8C9B86767980A07C720E7158D5362E40D3A745817D4275A07 ] TPPWRIF C:\Windows\system32\drivers\Tppwr64v.sys
21:24:51.0955 0x0204 TPPWRIF - ok
21:24:51.0968 0x0204 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
21:24:51.0972 0x0204 TrkWks - ok
21:24:52.0009 0x0204 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:24:52.0014 0x0204 TrustedInstaller - ok
21:24:52.0043 0x0204 [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:24:52.0046 0x0204 tssecsrv - ok
21:24:52.0050 0x0204 [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
21:24:52.0052 0x0204 TsUsbFlt - ok
21:24:52.0057 0x0204 [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
21:24:52.0058 0x0204 TsUsbGD - ok
21:24:52.0064 0x0204 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:24:52.0067 0x0204 tunnel - ok
21:24:52.0082 0x0204 [ 760B34088C2AD8D634CC3784EF3A2CA2, 20D23EDBDE7EBBA495C032097E7C5B1C6F94037971D9B2D6B98ABE11E7FF3643 ] tvtvcamd C:\Windows\system32\DRIVERS\tvtvcamd.sys
21:24:52.0084 0x0204 tvtvcamd - ok
21:24:52.0100 0x0204 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
21:24:52.0102 0x0204 uagp35 - ok
21:24:52.0116 0x0204 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:24:52.0125 0x0204 udfs - ok
21:24:52.0140 0x0204 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
|
|
29.11.2015, 21:50
| #5 |
| | Windows7: Trojaner, registy befallen, HKU, HKCU Logfile von TDSS, Teil 2: Code:
ATTFilter 21:24:52.0143 0x0204 UI0Detect - ok 21:24:52.0150 0x0204 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 21:24:52.0152 0x0204 uliagpkx - ok 21:24:52.0166 0x0204 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys 21:24:52.0168 0x0204 umbus - ok 21:24:52.0172 0x0204 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\drivers\umpass.sys 21:24:52.0173 0x0204 UmPass - ok 21:24:52.0191 0x0204 [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService C:\Windows\System32\umrdp.dll 21:24:52.0197 0x0204 UmRdpService - ok 21:24:52.0219 0x0204 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll 21:24:52.0228 0x0204 upnphost - ok 21:24:52.0268 0x0204 [ 524BFB402B1AB1007ED91E94D6AB6F72, 5A970292D2E7A580FAD86615BC6E66C2A5C74044EFF6C1543E928773E5B9C0F8 ] usb3Hub C:\Windows\system32\DRIVERS\usb3Hub.sys 21:24:52.0273 0x0204 usb3Hub - ok 21:24:52.0289 0x0204 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 21:24:52.0292 0x0204 usbccgp - ok 21:24:52.0298 0x0204 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys 21:24:52.0301 0x0204 usbcir - ok 21:24:52.0314 0x0204 [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 21:24:52.0316 0x0204 usbehci - ok 21:24:52.0331 0x0204 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 21:24:52.0339 0x0204 usbhub - ok 21:24:52.0349 0x0204 [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\drivers\usbohci.sys 21:24:52.0351 0x0204 usbohci - ok 21:24:52.0362 0x0204 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\drivers\usbprint.sys 21:24:52.0365 0x0204 usbprint - ok 21:24:52.0373 0x0204 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 21:24:52.0376 0x0204 USBSTOR - ok 21:24:52.0389 0x0204 [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 21:24:52.0391 0x0204 usbuhci - ok 21:24:52.0411 0x0204 [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys 21:24:52.0416 0x0204 usbvideo - ok 21:24:52.0430 0x0204 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll 21:24:52.0433 0x0204 UxSms - ok 21:24:52.0461 0x0204 [ 19B5A2B908BF97E81BA195B2321A9D8B, 08B0BBB5D0348D6C201137725FE0D5232C15889F6CB907DBA823F36036D89BAD ] ValBioService C:\Program Files\Lenovo Fingerprint Reader\ValBioService.exe 21:24:52.0462 0x0204 ValBioService - ok 21:24:52.0489 0x0204 [ BF7FFCD223323F80E4DDB9ADB5DDF1AE, 4BC7EE65C577D93DBF25EC253526F2FE642F32017C1DA52CFEA83AC8BF3E18CA ] valWBFPolicyService C:\Windows\system32\valWBFPolicyService.exe 21:24:52.0493 0x0204 valWBFPolicyService - ok 21:24:52.0502 0x0204 [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] VaultSvc C:\Windows\system32\lsass.exe 21:24:52.0504 0x0204 VaultSvc - ok 21:24:52.0509 0x0204 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 21:24:52.0511 0x0204 vdrvroot - ok 21:24:52.0538 0x0204 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe 21:24:52.0550 0x0204 vds - ok 21:24:52.0556 0x0204 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 21:24:52.0557 0x0204 vga - ok 21:24:52.0560 0x0204 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys 21:24:52.0562 0x0204 VgaSave - ok 21:24:52.0573 0x0204 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 21:24:52.0579 0x0204 vhdmp - ok 21:24:52.0584 0x0204 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys 21:24:52.0586 0x0204 viaide - ok 21:24:52.0656 0x0204 [ D339DF97110C5E2C01FA191787E60CA0, 0798E9CB36BFC439CF536870E9B7594491D6027DC3FA89779B322761C1B8372D ] vm331avs C:\Windows\system32\Drivers\vm331avs.sys 21:24:52.0691 0x0204 vm331avs - ok 21:24:52.0726 0x0204 [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus C:\Windows\system32\drivers\vmbus.sys 21:24:52.0731 0x0204 vmbus - ok 21:24:52.0735 0x0204 [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys 21:24:52.0736 0x0204 VMBusHID - ok 21:24:52.0749 0x0204 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys 21:24:52.0751 0x0204 volmgr - ok 21:24:52.0768 0x0204 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 21:24:52.0776 0x0204 volmgrx - ok 21:24:52.0786 0x0204 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys 21:24:52.0792 0x0204 volsnap - ok 21:24:52.0811 0x0204 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 21:24:52.0815 0x0204 vsmraid - ok 21:24:52.0864 0x0204 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe 21:24:52.0900 0x0204 VSS - ok 21:24:52.0906 0x0204 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 21:24:52.0907 0x0204 vwifibus - ok 21:24:52.0913 0x0204 [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 21:24:52.0916 0x0204 vwififlt - ok 21:24:52.0999 0x0204 [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys 21:24:53.0001 0x0204 vwifimp - ok 21:24:53.0025 0x0204 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll 21:24:53.0038 0x0204 W32Time - ok 21:24:53.0044 0x0204 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\drivers\wacompen.sys 21:24:53.0048 0x0204 WacomPen - ok 21:24:53.0054 0x0204 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 21:24:53.0057 0x0204 WANARP - ok 21:24:53.0062 0x0204 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 21:24:53.0065 0x0204 Wanarpv6 - ok 21:24:53.0111 0x0204 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe 21:24:53.0151 0x0204 wbengine - ok 21:24:53.0160 0x0204 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 21:24:53.0166 0x0204 WbioSrvc - ok 21:24:53.0176 0x0204 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll 21:24:53.0186 0x0204 wcncsvc - ok 21:24:53.0195 0x0204 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 21:24:53.0198 0x0204 WcsPlugInService - ok 21:24:53.0202 0x0204 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\drivers\wd.sys 21:24:53.0203 0x0204 Wd - ok 21:24:53.0229 0x0204 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 21:24:53.0246 0x0204 Wdf01000 - ok 21:24:53.0262 0x0204 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll 21:24:53.0282 0x0204 WdiServiceHost - ok 21:24:53.0286 0x0204 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll 21:24:53.0289 0x0204 WdiSystemHost - ok 21:24:53.0325 0x0204 [ 4E89FC53493704BF835F0300DC201C34, FB3080725E144D93512DED81047D21C0582BC3412250EFF37E039108D7351F53 ] WebClient C:\Windows\System32\webclnt.dll 21:24:53.0333 0x0204 WebClient - ok 21:24:53.0347 0x0204 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll 21:24:53.0354 0x0204 Wecsvc - ok 21:24:53.0361 0x0204 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll 21:24:53.0365 0x0204 wercplsupport - ok 21:24:53.0370 0x0204 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll 21:24:53.0374 0x0204 WerSvc - ok 21:24:53.0378 0x0204 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 21:24:53.0379 0x0204 WfpLwf - ok 21:24:53.0392 0x0204 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys 21:24:53.0393 0x0204 WIMMount - ok 21:24:53.0439 0x0204 WinDefend - ok 21:24:53.0445 0x0204 WinHttpAutoProxySvc - ok 21:24:53.0482 0x0204 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 21:24:53.0489 0x0204 Winmgmt - ok 21:24:53.0559 0x0204 [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM C:\Windows\system32\WsmSvc.dll 21:24:53.0651 0x0204 WinRM - ok 21:24:53.0683 0x0204 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys 21:24:53.0686 0x0204 WinUsb - ok 21:24:53.0714 0x0204 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll 21:24:53.0735 0x0204 Wlansvc - ok 21:24:53.0742 0x0204 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys 21:24:53.0744 0x0204 WmiAcpi - ok 21:24:53.0786 0x0204 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 21:24:53.0791 0x0204 wmiApSrv - ok 21:24:53.0804 0x0204 WMPNetworkSvc - ok 21:24:53.0822 0x0204 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll 21:24:53.0824 0x0204 WPCSvc - ok 21:24:53.0839 0x0204 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 21:24:53.0844 0x0204 WPDBusEnum - ok 21:24:53.0852 0x0204 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 21:24:53.0853 0x0204 ws2ifsl - ok 21:24:53.0877 0x0204 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll 21:24:53.0880 0x0204 wscsvc - ok 21:24:53.0885 0x0204 WSearch - ok 21:24:53.0986 0x0204 [ 361845875ED8ED13086E7F37265C45DA, A0931DC1E35712036E93BBC3600530C0DA12E94E0D898787C818C526DFF240C2 ] wuauserv C:\Windows\system32\wuaueng.dll 21:24:54.0059 0x0204 wuauserv - ok 21:24:54.0182 0x0204 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 21:24:54.0189 0x0204 WudfPf - ok 21:24:54.0222 0x0204 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 21:24:54.0230 0x0204 WUDFRd - ok 21:24:54.0238 0x0204 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 21:24:54.0244 0x0204 wudfsvc - ok 21:24:54.0302 0x0204 [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll 21:24:54.0316 0x0204 WwanSvc - ok 21:24:54.0514 0x0204 [ C3FFB098C24A82B61E1818C3BB978B48, C7BC57A8D549B7478052F05FD0B4C623F1B70187358FD3CB5A7E9B5092FBD75F ] ZeroConfigService C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe 21:24:54.0668 0x0204 ZeroConfigService - ok 21:24:54.0700 0x0204 ================ Scan global =============================== 21:24:54.0728 0x0204 [ 168EA9CD9BD6056BB6F60B57D5304BBE, 5A2F98754F042A7D80E7483842967EB362F01D57CE9720B24C7EDAA047F24C6F ] C:\Windows\system32\basesrv.dll 21:24:54.0756 0x0204 [ FF41063E45C6238CAF48CBE6D0D6FC4B, 9B755EA23E7D2554E3AC3ADFFC4AFF7EB4F4A0F5CD3E6F2300BC98B21474CBC6 ] C:\Windows\system32\winsrv.dll 21:24:54.0769 0x0204 [ FF41063E45C6238CAF48CBE6D0D6FC4B, 9B755EA23E7D2554E3AC3ADFFC4AFF7EB4F4A0F5CD3E6F2300BC98B21474CBC6 ] C:\Windows\system32\winsrv.dll 21:24:54.0786 0x0204 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll 21:24:54.0814 0x0204 [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe 21:24:54.0822 0x0204 [ Global ] - ok 21:24:54.0822 0x0204 ================ Scan MBR ================================== 21:24:54.0836 0x0204 [ 3C10CC64408FD361AA392029816603BE ] \Device\Harddisk0\DR0 21:24:55.0091 0x0204 \Device\Harddisk0\DR0 - ok 21:24:55.0092 0x0204 ================ Scan VBR ================================== 21:24:55.0095 0x0204 [ A268329E47236A1427D06FE623E25EDF ] \Device\Harddisk0\DR0\Partition1 21:24:55.0109 0x0204 \Device\Harddisk0\DR0\Partition1 - ok 21:24:55.0113 0x0204 [ 1BCC9905345EA33A52D3456ED16A5665 ] \Device\Harddisk0\DR0\Partition2 21:24:55.0120 0x0204 \Device\Harddisk0\DR0\Partition2 - ok 21:24:55.0142 0x0204 [ B54B30046ACAA40F06DB991EADCAD0E4 ] \Device\Harddisk0\DR0\Partition3 21:24:55.0145 0x0204 \Device\Harddisk0\DR0\Partition3 - ok 21:24:55.0150 0x0204 [ DFCA5FC290B016A3096325987A5D7C65 ] \Device\Harddisk0\DR0\Partition4 21:24:55.0173 0x0204 \Device\Harddisk0\DR0\Partition4 - ok 21:24:55.0173 0x0204 ================ Scan generic autorun ====================== 21:24:55.0310 0x0204 [ 18CE3B3E42FBDF53883AE982152A0B45, E9E0DBA4CBE3B6CA7CE76591D65878ADB65DD4F3AF2CEAD0BD63559AE646AEB6 ] C:\Windows\system32\igfxtray.exe 21:24:55.0315 0x0204 IgfxTray - ok 21:24:55.0329 0x0204 [ FF71518046D79001513377100B79E2A3, 668057BF2B23212DA0C83849339D74949AE24E7F7866A2B9DE1D973E52F1BC3A ] C:\Windows\system32\hkcmd.exe 21:24:55.0340 0x0204 HotKeysCmds - ok 21:24:55.0374 0x0204 [ 763F57136C09C4A9E5B7C155400239CC, B661C8137322562E9014D946C7B58FAA15BC3948A1509A1B5A6DAEDCBF9FCA8C ] C:\Windows\system32\igfxpers.exe 21:24:55.0385 0x0204 Persistence - ok 21:24:55.0429 0x0204 [ 9E1738D18C61E6935AD0E8EE19D100D8, C2864677359A977CB67F16664DF44C4001CF4C04AD29401450D1BC3CDD9421AD ] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe 21:24:55.0448 0x0204 cAudioFilterAgent - ok 21:24:55.0473 0x0204 [ 42361B4BD80768E82B80285851037665, A555A6BF8016645B838FEA993AD273D1F472586F3600619DC243B1C33438FA07 ] C:\Program Files\Conexant\ForteConfig\fmapp.exe 21:24:55.0475 0x0204 ForteConfig - ok 21:24:55.0540 0x0204 [ 8970A59A838FF1CDC3D62D85823AA61E, 5842DAFD20C1A024CF8984652A08D12DBA1DE15788794D01FF6070D4E24D2479 ] C:\Program Files\CONEXANT\SAII\SACpl.exe 21:24:55.0590 0x0204 SmartAudio - ok 21:24:55.0615 0x0204 [ 78C0F0EA63438D2441E7F9CAC9619889, DA121F5637D8BA09EE9BFAD58757775B4775EFCCC06DC1DEF68F26C90C0F985F ] C:\Windows\system32\TpShocks.exe 21:24:55.0624 0x0204 TpShocks - ok 21:24:55.0667 0x0204 [ 4420BBAC770EB87AB74E4B9146E18924, 6DB78DB9FD72F1E8C7651D2B3FF090CB4A8C90BA0D11F69D533960CE67170CFC ] C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe 21:24:55.0672 0x0204 BLEServicesCtrl - ok 21:24:55.0674 0x0204 BTMTrayAgent - ok 21:24:55.0674 0x0204 SynTPEnh - ok 21:24:55.0713 0x0204 [ 2438CD7EFF8399E41B29A3D0DB0873D9, 5EA16FBF213E81013DE3FC83319C6A75214513A2AEE6A5403742348F739031D4 ] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe 21:24:55.0717 0x0204 IMSS - ok 21:24:55.0803 0x0204 [ E0E7C48CAF25943DB1B034364501134A, 6F3D325F82448668EBEBEE1DEA7CC686DE6ED37E903F28FE3521B4018F427B62 ] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe 21:24:55.0818 0x0204 USB3MON - ok 21:24:55.0862 0x0204 [ FA6220C7FDF2D94CFF82D45B72E5C929, C3E414388F8818EC4B3BEABC8ED16DE6CBF965A6603328A45AD6D9A1808F3E55 ] C:\Program Files (x86)\USB Camera\VM331STI.EXE 21:24:55.0874 0x0204 331BigDog - ok 21:24:55.0876 0x0204 PWMTRV - ok 21:24:55.0976 0x0204 [ C1A86A6D6847DEFF009EAE85BA0C1F20, 7DC2A823FA281117B335B74876469C788A5C81534251179BE86F3FB35F1B6D67 ] C:\Program Files (x86)\Avira\Antivirus\avgnt.exe 21:24:56.0009 0x0204 avgnt - ok 21:24:56.0080 0x0204 [ CE5C9977DA751DDC30952AC4DCBCA788, 295172C4681E9AC27121122CDD2BA6F2A62435917A083CC8490D584CA0164BE6 ] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe 21:24:56.0085 0x0204 HP Software Update - ok 21:24:56.0214 0x0204 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe 21:24:56.0259 0x0204 Sidebar - ok 21:24:56.0287 0x0204 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe 21:24:56.0289 0x0204 mctadmin - ok 21:24:56.0336 0x0204 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe 21:24:56.0355 0x0204 Sidebar - ok 21:24:56.0363 0x0204 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe 21:24:56.0365 0x0204 mctadmin - ok 21:24:56.0601 0x0204 [ 22F7B9670AD770C7ED7F4738204C8E5C, 7B793AC094CB1B073419B5DAE09DFBB8EBED03D29301F490AA76EA0667613438 ] C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe 21:24:56.0672 0x0204 HP Officejet 6700 (NET) - ok 21:24:56.0675 0x0204 Web Companion - ok 21:24:57.0508 0x0204 [ 1FA9AC9760AA04253B4D5D7DD8BF1073, 8514D8C242495A2214321A501C04455428471A884C558B4983CEBC6FD71B11F7 ] C:\Users\Marie-Luise\AppData\Local\Screenleap\Screenleap.exe 21:24:57.0564 0x0204 Screenleap - ok 21:24:57.0602 0x0204 [ 5746BD7E255DD6A8AFA06F7C42C1BA41, DB06C3534964E3FC79D2763144BA53742D7FA250CA336F4A0FE724B75AAFF386 ] C:\Windows\system32\cmd.exe 21:24:57.0608 0x0204 Uninstall C:\Users\Marie-Luise\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\amd64 - ok 21:24:57.0609 0x0204 Waiting for KSN requests completion. In queue: 123 21:24:58.0609 0x0204 Waiting for KSN requests completion. In queue: 123 21:24:59.0609 0x0204 Waiting for KSN requests completion. In queue: 123 21:25:00.0609 0x0204 Waiting for KSN requests completion. In queue: 123 21:25:01.0642 0x0204 AV detected via SS2: Avira Antivirus, C:\Program Files (x86)\Avira\Antivirus\wsctool.exe ( 15.0.13.202 ), 0x41000 ( enabled : updated ) 21:25:01.0699 0x0204 Win FW state via NFP2: enabled ( trusted ) 21:25:04.0101 0x0204 ============================================================ 21:25:04.0101 0x0204 Scan finished 21:25:04.0101 0x0204 ============================================================ 21:25:04.0109 0x1d00 Detected object count: 0 21:25:04.0109 0x1d00 Actual detected object count: 0 21:27:18.0622 0x1a90 ============================================================ 21:27:18.0622 0x1a90 Scan started 21:27:18.0622 0x1a90 Mode: Manual; 21:27:18.0623 0x1a90 ============================================================ 21:27:18.0623 0x1a90 KSN ping started 21:27:20.0969 0x1a90 KSN ping finished: true 21:27:21.0457 0x1a90 ================ Scan system memory ======================== 21:27:21.0457 0x1a90 System memory - ok 21:27:21.0457 0x1a90 ================ Scan services ============================= 21:27:21.0569 0x1a90 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 21:27:21.0581 0x1a90 1394ohci - ok 21:27:21.0598 0x1a90 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys 21:27:21.0608 0x1a90 ACPI - ok 21:27:21.0616 0x1a90 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 21:27:21.0616 0x1a90 AcpiPmi - ok 21:27:21.0674 0x1a90 [ 5DB2C6B908C50767E2EDAA294A7566B5, 13AE4879D679BB0C6B2A5A5B13910359815A9D2E569BC1DE740B5A387A78CF33 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 21:27:21.0678 0x1a90 AdobeARMservice - ok 21:27:21.0783 0x1a90 [ 280A526E8111AC6A5BCC1A059E1E0340, FB92DDAE29A097D148AB23D8A0BD2B9E662EC1DBF0DA8B716374D6919B4C646F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 21:27:21.0797 0x1a90 AdobeFlashPlayerUpdateSvc - ok 21:27:21.0828 0x1a90 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 21:27:21.0841 0x1a90 adp94xx - ok 21:27:21.0862 0x1a90 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\drivers\adpahci.sys 21:27:21.0868 0x1a90 adpahci - ok 21:27:21.0876 0x1a90 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 21:27:21.0879 0x1a90 adpu320 - ok 21:27:21.0905 0x1a90 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 21:27:21.0907 0x1a90 AeLookupSvc - ok 21:27:21.0943 0x1a90 [ 9A4A1EEE802BF2F878EE8EAB407B21B7, 177EB7DF4B35FE4C0E45E775A0FD5D48D39B410052E3EE18BDEEC809E152D9D8 ] AFD C:\Windows\system32\drivers\afd.sys 21:27:21.0951 0x1a90 AFD - ok 21:27:21.0968 0x1a90 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys 21:27:21.0969 0x1a90 agp440 - ok 21:27:21.0976 0x1a90 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe 21:27:21.0978 0x1a90 ALG - ok 21:27:21.0981 0x1a90 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys 21:27:21.0982 0x1a90 aliide - ok 21:27:21.0985 0x1a90 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys 21:27:21.0986 0x1a90 amdide - ok 21:27:21.0993 0x1a90 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 21:27:21.0994 0x1a90 AmdK8 - ok 21:27:21.0999 0x1a90 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys 21:27:22.0000 0x1a90 AmdPPM - ok 21:27:22.0005 0x1a90 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys 21:27:22.0007 0x1a90 amdsata - ok 21:27:22.0019 0x1a90 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys 21:27:22.0022 0x1a90 amdsbs - ok 21:27:22.0025 0x1a90 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys 21:27:22.0027 0x1a90 amdxata - ok 21:27:22.0132 0x1a90 [ 6B31C215750CD41567E962D22839EE44, FF0B92807296B88DE37F9F2EB27FF7B73AA998B98074AA54A949A2B79690AFE5 ] AntiVirMailService C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe 21:27:22.0155 0x1a90 AntiVirMailService - ok 21:27:22.0247 0x1a90 [ 18B0643B3B504E0FDCFCE0C8743B29C7, 1D4C004AD5066F52A4AA039F5364814F8F6B04EC1F704A5A3110172AD465661C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\Antivirus\sched.exe 21:27:22.0261 0x1a90 AntiVirSchedulerService - ok 21:27:22.0314 0x1a90 [ 18B0643B3B504E0FDCFCE0C8743B29C7, 1D4C004AD5066F52A4AA039F5364814F8F6B04EC1F704A5A3110172AD465661C ] AntiVirService C:\Program Files (x86)\Avira\Antivirus\avguard.exe 21:27:22.0333 0x1a90 AntiVirService - ok 21:27:22.0385 0x1a90 [ D84E576299C73B0B1DC477D2B99958C4, D6703C2B63B9FA87C2DA009CC7B6DF76C3603C6A9874B152D685A1B92EE2DF28 ] AntiVirWebService C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe 21:27:22.0405 0x1a90 AntiVirWebService - ok 21:27:22.0438 0x1a90 [ 27DABFB4A6B0140C34DBEC713469592B, A355170D353AFBF0DE4EF53282F8404788FBBD0E2A1B7282B1B2925923E83141 ] AppID C:\Windows\system32\drivers\appid.sys 21:27:22.0439 0x1a90 AppID - ok 21:27:22.0448 0x1a90 [ ABC373B9C6275D45F17DB559408FFD1B, 12B355393BEBE2D1D24D7A9DA5E69E03E334899407503BC1CADCF7BE39828223 ] AppIDSvc C:\Windows\System32\appidsvc.dll 21:27:22.0449 0x1a90 AppIDSvc - ok 21:27:22.0471 0x1a90 [ 978DC0A1FBE9CC91B21B40AF66CB396A, 90BAFF81D98F5AFD743D8BD65F716666A7A7BD2DA612492E03C79B29E9A0F8C2 ] Appinfo C:\Windows\System32\appinfo.dll 21:27:22.0473 0x1a90 Appinfo - ok 21:27:22.0502 0x1a90 [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt C:\Windows\System32\appmgmts.dll 21:27:22.0506 0x1a90 AppMgmt - ok 21:27:22.0511 0x1a90 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\drivers\arc.sys 21:27:22.0513 0x1a90 arc - ok 21:27:22.0518 0x1a90 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\drivers\arcsas.sys 21:27:22.0520 0x1a90 arcsas - ok 21:27:22.0584 0x1a90 [ 108FB6DDB69E537A2EA53F425363FAE5, B12A9F5338D39805E08A44A335FF7AA77F2266F535A2F5C8412CC746C75E5B1D ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 21:27:22.0587 0x1a90 aspnet_state - ok 21:27:22.0594 0x1a90 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 21:27:22.0595 0x1a90 AsyncMac - ok 21:27:22.0602 0x1a90 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys 21:27:22.0604 0x1a90 atapi - ok 21:27:22.0667 0x1a90 [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 21:27:22.0680 0x1a90 AudioEndpointBuilder - ok 21:27:22.0698 0x1a90 [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv C:\Windows\System32\Audiosrv.dll 21:27:22.0710 0x1a90 AudioSrv - ok 21:27:22.0738 0x1a90 [ 03C6DEB5C74C8140C2167677DBE2F79A, D5C727B007C5B486DECE1A1B83D8155299DD7CB46DC8208CE9185C5BAE5CC33A ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys 21:27:22.0741 0x1a90 avgntflt - ok 21:27:22.0771 0x1a90 [ 043E5F34C3878C844568658B79B3E55C, D13D8FC5205562E02F252C0EE1AB2236C9212445D6EC3715041EBDF993CB467F ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys 21:27:22.0774 0x1a90 avipbb - ok 21:27:22.0858 0x1a90 [ 6C4B9A2FF6924405E9ABFB558049D4DD, 9AB314B9ECF41832589726556A93CEAAE2AE774B1738A46A027E833B73A72118 ] Avira.ServiceHost C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe 21:27:22.0871 0x1a90 Avira.ServiceHost - ok 21:27:22.0872 0x1a90 Object required for P2P: [ 6C4B9A2FF6924405E9ABFB558049D4DD ] Avira.ServiceHost 21:27:25.0312 0x1a90 Object send P2P result: true 21:27:25.0379 0x1a90 [ 390184FAD8FCC1B6DA25AEBAE928C3B6, 537B0E0FAE080B55D70E990BBA0F7F22903CA340F6A42039BAD617A8ECF59119 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys 21:27:25.0381 0x1a90 avkmgr - ok 21:27:25.0418 0x1a90 [ 080860E03F0219AF0A0377A02292741F, F0A151509BFEBFE639CC15388847EB2EDA298CFAE0AC4A1358A1472F42320249 ] avnetflt C:\Windows\system32\DRIVERS\avnetflt.sys 21:27:25.0422 0x1a90 avnetflt - ok 21:27:25.0452 0x1a90 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll 21:27:25.0456 0x1a90 AxInstSV - ok 21:27:25.0483 0x1a90 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys 21:27:25.0493 0x1a90 b06bdrv - ok 21:27:25.0502 0x1a90 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 21:27:25.0508 0x1a90 b57nd60a - ok 21:27:25.0570 0x1a90 [ 4BEFF67C1775D353A16A62347E727874, 62363C5E5F4BF049A3E49FADA8CB17269945056ACADB319FDC4F05B74E2553C8 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BBSvc.exe 21:27:25.0573 0x1a90 BBSvc - ok 21:27:25.0617 0x1a90 [ A6DAAD3EA93DBDBD07FA821BCED133F6, 8F33D4E4B82091D09E62FD5487C88F3DF0DAC31FCBB846183CC4020533A131DE ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.exe 21:27:25.0621 0x1a90 BBUpdate - ok 21:27:25.0646 0x1a90 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll 21:27:25.0649 0x1a90 BDESVC - ok 21:27:25.0652 0x1a90 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys 21:27:25.0654 0x1a90 Beep - ok 21:27:25.0675 0x1a90 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll 21:27:25.0689 0x1a90 BFE - ok 21:27:25.0731 0x1a90 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll 21:27:25.0749 0x1a90 BITS - ok 21:27:25.0755 0x1a90 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 21:27:25.0756 0x1a90 blbdrive - ok 21:27:25.0825 0x1a90 [ E7429ECD0C47CC065EEACF7E9D0E6341, 10D8231E14C908A0949108EB5F84E17BA10ABFC370D0C5F65945B23879AB12BF ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe 21:27:25.0844 0x1a90 Bluetooth Device Monitor - ok 21:27:25.0895 0x1a90 [ 0F432B34D80351EFC5E35F14D9798CFD, 591D913E069C1C69212A7742D7182E24E669FE7B50680D8D337F32CF9F72B163 ] Bluetooth Media Service C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe 21:27:25.0918 0x1a90 Bluetooth Media Service - ok 21:27:25.0955 0x1a90 [ 96924B1D3060B0C0FFD77D01CB234D9F, 2A02EEC4092646A0BD26B8E8BA8B75F82EB6F46003C56C9A838E412006457DD2 ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe 21:27:25.0974 0x1a90 Bluetooth OBEX Service - ok 21:27:26.0003 0x1a90 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 21:27:26.0006 0x1a90 bowser - ok 21:27:26.0010 0x1a90 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys 21:27:26.0010 0x1a90 BrFiltLo - ok 21:27:26.0014 0x1a90 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys 21:27:26.0014 0x1a90 BrFiltUp - ok 21:27:26.0029 0x1a90 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll 21:27:26.0032 0x1a90 Browser - ok 21:27:26.0041 0x1a90 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys 21:27:26.0047 0x1a90 Brserid - ok 21:27:26.0051 0x1a90 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 21:27:26.0052 0x1a90 BrSerWdm - ok 21:27:26.0057 0x1a90 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 21:27:26.0058 0x1a90 BrUsbMdm - ok 21:27:26.0061 0x1a90 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 21:27:26.0062 0x1a90 BrUsbSer - ok 21:27:26.0085 0x1a90 [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys 21:27:26.0087 0x1a90 BthEnum - ok 21:27:26.0091 0x1a90 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 21:27:26.0093 0x1a90 BTHMODEM - ok 21:27:26.0109 0x1a90 [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys 21:27:26.0112 0x1a90 BthPan - ok 21:27:26.0130 0x1a90 [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys 21:27:26.0142 0x1a90 BTHPORT - ok 21:27:26.0150 0x1a90 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll 21:27:26.0152 0x1a90 bthserv - ok 21:27:26.0163 0x1a90 [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys 21:27:26.0165 0x1a90 BTHUSB - ok 21:27:26.0182 0x1a90 [ 5B8D71504FA8BFA308F6E1169B89D322, 1DC0CF47C5F655EA0F0992020C17A86D05637F55ACBB17380283EBB883A4D14D ] btmaux C:\Windows\system32\DRIVERS\btmaux.sys 21:27:26.0186 0x1a90 btmaux - ok 21:27:26.0232 0x1a90 [ D66F3A4F11E42142722DCF9DC5A451D6, 6576421E24ABB4F0A7B5EFB5CF6F9C6F510AFDD0087415D57A5ABBB0866B3E39 ] btmhsf C:\Windows\system32\DRIVERS\btmhsf.sys 21:27:26.0257 0x1a90 btmhsf - ok 21:27:26.0267 0x1a90 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 21:27:26.0270 0x1a90 cdfs - ok 21:27:26.0276 0x1a90 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 21:27:26.0279 0x1a90 cdrom - ok 21:27:26.0293 0x1a90 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll 21:27:26.0295 0x1a90 CertPropSvc - ok 21:27:26.0298 0x1a90 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\drivers\circlass.sys 21:27:26.0300 0x1a90 circlass - ok 21:27:26.0322 0x1a90 [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS C:\Windows\system32\CLFS.sys 21:27:26.0328 0x1a90 CLFS - ok 21:27:26.0578 0x1a90 [ 2CE5D5AEE7EC90FE0CF8A8FBBB1B1A6C, E93E8362FB1D173D8F15C753190CF41474C183A667AF90378389563A70D93864 ] ClickToRunSvc C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 21:27:26.0629 0x1a90 ClickToRunSvc - ok 21:27:26.0691 0x1a90 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 21:27:26.0694 0x1a90 clr_optimization_v2.0.50727_32 - ok 21:27:26.0726 0x1a90 [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 21:27:26.0732 0x1a90 clr_optimization_v2.0.50727_64 - ok 21:27:26.0771 0x1a90 [ 6D7C8A951AF6AD6835C029B3CB88D333, 66F3D79887B2449B4C6912D1A258D1A96056888F51A8AA24FEDF37942AD5BDBB ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 21:27:26.0774 0x1a90 clr_optimization_v4.0.30319_32 - ok 21:27:26.0799 0x1a90 [ 86329C35FF23CFEF0FB6C0023BA06BCE, D915CE7AD564F97A1C3B047D5248B7EF67ADDC59687FBC90F1776C21DAA0D3FD ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 21:27:26.0803 0x1a90 clr_optimization_v4.0.30319_64 - ok 21:27:26.0808 0x1a90 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 21:27:26.0810 0x1a90 CmBatt - ok 21:27:26.0815 0x1a90 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys 21:27:26.0816 0x1a90 cmdide - ok 21:27:26.0849 0x1a90 [ EC0511BB85BAA42A9734011685A6732C, 10B52F0860CCB3AA0FC34DDA5C5538BFCF7B6D40738B7756297237FD2D9E01C1 ] CNG C:\Windows\system32\Drivers\cng.sys 21:27:26.0863 0x1a90 CNG - ok 21:27:26.0925 0x1a90 [ CE6D6C023F23F968ABF03892972A9DCF, EBF415F15A30ED76C1D416D3D7E2D0558273DF08A134BFEF108BBE2410803ECC ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys 21:27:26.0991 0x1a90 CnxtHdAudService - ok 21:27:27.0006 0x1a90 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\drivers\compbatt.sys 21:27:27.0008 0x1a90 Compbatt - ok 21:27:27.0011 0x1a90 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys 21:27:27.0013 0x1a90 CompositeBus - ok 21:27:27.0016 0x1a90 COMSysApp - ok 21:27:27.0066 0x1a90 [ 76FE8C1490B70250921EC88D833742D0, 19625C894E457300641456F5BE0AEB8A7AE96661B5DE49EE772E2621FAAB92AA ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe 21:27:27.0072 0x1a90 cphs - ok 21:27:27.0076 0x1a90 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 21:27:27.0077 0x1a90 crcdisk - ok 21:27:27.0105 0x1a90 [ 1CD76A83B9E8E9A5A3519B39E28354D9, F9931743B99820FFBFB13136DFFD92F86802D543F9D8478648CDC554FB38899D ] CryptSvc C:\Windows\system32\cryptsvc.dll 21:27:27.0109 0x1a90 CryptSvc - ok 21:27:27.0140 0x1a90 [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC C:\Windows\system32\drivers\csc.sys 21:27:27.0151 0x1a90 CSC - ok 21:27:27.0170 0x1a90 [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService C:\Windows\System32\cscsvc.dll 21:27:27.0182 0x1a90 CscService - ok 21:27:27.0204 0x1a90 [ 426B2624A1669D233BAB6C4AC5E9432E, C03746D04094FAEA0650032447667055E7C7D1094581D4C1EB414D22A164CA99 ] CxAudMsg C:\Windows\system32\CxAudMsg64.exe 21:27:27.0208 0x1a90 CxAudMsg - ok 21:27:27.0241 0x1a90 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll 21:27:27.0250 0x1a90 DcomLaunch - ok 21:27:27.0375 0x1a90 [ CC8B5C964B777F4EC3E89F13B4B5FF0F, 75E161265CCFFCB61FCE855C9790E2E06531E6B1C3DCCB1E3018466D03AD3919 ] DCService.exe C:\ProgramData\DatacardService\DCService.exe 21:27:27.0387 0x1a90 DCService.exe - ok 21:27:27.0427 0x1a90 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll 21:27:27.0436 0x1a90 defragsvc - ok 21:27:27.0443 0x1a90 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys 21:27:27.0447 0x1a90 DfsC - ok 21:27:27.0481 0x1a90 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll 21:27:27.0487 0x1a90 Dhcp - ok 21:27:27.0492 0x1a90 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys 21:27:27.0493 0x1a90 discache - ok 21:27:27.0497 0x1a90 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\drivers\disk.sys 21:27:27.0499 0x1a90 Disk - ok 21:27:27.0766 0x1a90 [ 260169AFE0247D3817DDD7EC6C6AD0BC, 2C0FB869A23AC18B7874899C5599691464C158E1881AD5EEEE95D6D0B182C9CF ] DisplayLinkService C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe 21:27:28.0017 0x1a90 DisplayLinkService - ok 21:27:28.0046 0x1a90 [ 5DB085A8A6600BE6401F2B24EECB5415, 5FC5C7C1B4DB7BF6EFD0992E91DB41FD047E90D1ABA0B8F868CB72557F88FB13 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys 21:27:28.0049 0x1a90 dmvsc - ok 21:27:28.0066 0x1a90 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll 21:27:28.0070 0x1a90 Dnscache - ok 21:27:28.0078 0x1a90 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll 21:27:28.0084 0x1a90 dot3svc - ok 21:27:28.0099 0x1a90 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll 21:27:28.0103 0x1a90 DPS - ok 21:27:28.0108 0x1a90 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 21:27:28.0109 0x1a90 drmkaud - ok 21:27:28.0150 0x1a90 [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 21:27:28.0171 0x1a90 DXGKrnl - ok 21:27:28.0182 0x1a90 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll 21:27:28.0185 0x1a90 EapHost - ok 21:27:28.0275 0x1a90 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\drivers\evbda.sys 21:27:28.0359 0x1a90 ebdrv - ok 21:27:28.0372 0x1a90 [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] EFS C:\Windows\System32\lsass.exe 21:27:28.0373 0x1a90 EFS - ok 21:27:28.0452 0x1a90 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 21:27:28.0475 0x1a90 ehRecvr - ok 21:27:28.0482 0x1a90 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe 21:27:28.0485 0x1a90 ehSched - ok 21:27:28.0508 0x1a90 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\drivers\elxstor.sys 21:27:28.0519 0x1a90 elxstor - ok 21:27:28.0523 0x1a90 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys 21:27:28.0524 0x1a90 ErrDev - ok 21:27:28.0550 0x1a90 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll 21:27:28.0557 0x1a90 EventSystem - ok 21:27:28.0662 0x1a90 [ 7876CB89775B67347797E04775B2FAF9, F62D2778F7399B04E3A0DDE2E87428AB92D9FA63FBDF943709BC38A94F0015E6 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe 21:27:28.0676 0x1a90 EvtEng - ok 21:27:28.0713 0x1a90 [ 23B79B19F49A037EBA4A9A3BB03ED91D, 2E0918B20188CBFAC0E64A5B36739DF4638A343553908888DFDD708743370F3F ] ewusbnet C:\Windows\system32\DRIVERS\ewusbnet.sys 21:27:28.0719 0x1a90 ewusbnet - ok 21:27:28.0746 0x1a90 [ E2CBB821C7CAE0EF8B56DE28ED85C740, 4AB358FEBC7B57774B2DD54705FAD3F5E0308F1E1FECBED73231DCEF11CF7D3B ] ew_hwusbdev C:\Windows\system32\DRIVERS\ew_hwusbdev.sys 21:27:28.0750 0x1a90 ew_hwusbdev - ok 21:27:28.0757 0x1a90 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys 21:27:28.0761 0x1a90 exfat - ok 21:27:28.0768 0x1a90 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys 21:27:28.0773 0x1a90 fastfat - ok 21:27:28.0799 0x1a90 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe 21:27:28.0813 0x1a90 Fax - ok 21:27:28.0818 0x1a90 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\drivers\fdc.sys 21:27:28.0819 0x1a90 fdc - ok 21:27:28.0829 0x1a90 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll 21:27:28.0830 0x1a90 fdPHost - ok 21:27:28.0837 0x1a90 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll 21:27:28.0838 0x1a90 FDResPub - ok 21:27:28.0842 0x1a90 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 21:27:28.0844 0x1a90 FileInfo - ok 21:27:28.0848 0x1a90 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 21:27:28.0850 0x1a90 Filetrace - ok 21:27:28.0853 0x1a90 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys 21:27:28.0854 0x1a90 flpydisk - ok 21:27:28.0869 0x1a90 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 21:27:28.0874 0x1a90 FltMgr - ok 21:27:28.0927 0x1a90 [ D5A775990A7C202A037378FDBCDB6141, 27AD242914FAFB7A27B3045C0F0F6AFE6873FE331A51D8BB29A63B5D84C72EFB ] FontCache C:\Windows\system32\FntCache.dll 21:27:28.0961 0x1a90 FontCache - ok 21:27:28.0987 0x1a90 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 21:27:28.0989 0x1a90 FontCache3.0.0.0 - ok 21:27:28.0993 0x1a90 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 21:27:28.0994 0x1a90 FsDepends - ok 21:27:28.0998 0x1a90 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 21:27:28.0999 0x1a90 Fs_Rec - ok 21:27:29.0006 0x1a90 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 21:27:29.0010 0x1a90 fvevol - ok 21:27:29.0023 0x1a90 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 21:27:29.0025 0x1a90 gagp30kx - ok 21:27:29.0057 0x1a90 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll 21:27:29.0073 0x1a90 gpsvc - ok 21:27:29.0087 0x1a90 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 21:27:29.0088 0x1a90 hcw85cir - ok 21:27:29.0106 0x1a90 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 21:27:29.0114 0x1a90 HdAudAddService - ok 21:27:29.0140 0x1a90 [ 12DED0995AE2BA68EBBE70E14A76EE02, 54A658F4E8D6D98594BE43289083AD4267EB6B3F99D789A75719DBCA5188E87F ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 21:27:29.0143 0x1a90 HDAudBus - ok 21:27:29.0148 0x1a90 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys 21:27:29.0150 0x1a90 HidBatt - ok 21:27:29.0154 0x1a90 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\drivers\hidbth.sys 21:27:29.0157 0x1a90 HidBth - ok 21:27:29.0161 0x1a90 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\drivers\hidir.sys 21:27:29.0162 0x1a90 HidIr - ok 21:27:29.0178 0x1a90 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll 21:27:29.0179 0x1a90 hidserv - ok 21:27:29.0184 0x1a90 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 21:27:29.0185 0x1a90 HidUsb - ok 21:27:29.0196 0x1a90 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll 21:27:29.0198 0x1a90 hkmsvc - ok 21:27:29.0216 0x1a90 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll 21:27:29.0222 0x1a90 HomeGroupListener - ok 21:27:29.0239 0x1a90 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 21:27:29.0243 0x1a90 HomeGroupProvider - ok 21:27:29.0251 0x1a90 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 21:27:29.0254 0x1a90 HpSAMD - ok 21:27:29.0293 0x1a90 [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP C:\Windows\system32\drivers\HTTP.sys 21:27:29.0306 0x1a90 HTTP - ok 21:27:29.0329 0x1a90 [ 08B1A06A55F068A17A51BA26618CF50F, 8ADFC9D3003208A9B3BE12DCD1418A13C4D19E13E00EFEE556EF87B70F49B2E6 ] huawei_enumerator C:\Windows\system32\DRIVERS\ew_jubusenum.sys 21:27:29.0331 0x1a90 huawei_enumerator - ok 21:27:29.0348 0x1a90 [ 6E5CD3984742A922D0C183C7E82C3C94, EE350C8736F0AC6751E18694E1F1142477112C8C2D83347C1EE9483BEC0DA117 ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys 21:27:29.0352 0x1a90 hwdatacard - ok 21:27:29.0361 0x1a90 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 21:27:29.0361 0x1a90 hwpolicy - ok 21:27:29.0369 0x1a90 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 21:27:29.0371 0x1a90 i8042prt - ok 21:27:29.0407 0x1a90 [ 57CD95DEB3529181BCC931DD2DFB2341, 03ACF906E4C3CF954F503900F42C7A60FCD5624772B90A956F032484146E42B7 ] iaStorA C:\Windows\system32\DRIVERS\iaStorA.sys 21:27:29.0421 0x1a90 iaStorA - ok 21:27:29.0435 0x1a90 [ CE5CD8CBE940965867D507AB8EA2795A, 1CC2C23A1436E4C911DD3B942D8F6DABB7249AB04426F9AB6B6045034226DD25 ] iaStorF C:\Windows\system32\DRIVERS\iaStorF.sys 21:27:29.0436 0x1a90 iaStorF - ok 21:27:29.0447 0x1a90 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 21:27:29.0455 0x1a90 iaStorV - ok 21:27:29.0468 0x1a90 [ B005844661028E11480D724A709CC298, DC738AA0246581814915160BA824C2DB9009E6CFCCDB6A268F08C8D13F52BEB0 ] IBMPMDRV C:\Windows\system32\DRIVERS\ibmpmdrv.sys 21:27:29.0470 0x1a90 IBMPMDRV - ok 21:27:29.0480 0x1a90 [ ED802CE6B36E280401197F593634C1DD, 620F2D5F40B8E61DE606FC1B1B1DCDD12BE7431E065F9CB776FDCFF915B1D243 ] IBMPMSVC C:\Windows\system32\ibmpmsvc.exe 21:27:29.0481 0x1a90 IBMPMSVC - ok 21:27:29.0506 0x1a90 [ 617EEDD27FB557C9D95D68096564C930, 59AA6F9884C9B504D5B524B6EFF8148669251085FAF12AE3634F0C753850CDC3 ] ibtusb C:\Windows\system32\DRIVERS\ibtusb.sys 21:27:29.0509 0x1a90 ibtusb - ok 21:27:29.0553 0x1a90 [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 21:27:29.0572 0x1a90 idsvc - ok 21:27:29.0576 0x1a90 IEEtwCollectorService - ok 21:27:29.0714 0x1a90 [ AEF200DC087141A5F66A6B006D2F0FD4, A38A0684637D9FE58271D91B93184A72414948E35145D19246BF6FBC60E28B3C ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys 21:27:29.0832 0x1a90 igfx - ok 21:27:29.0844 0x1a90 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\drivers\iirsp.sys 21:27:29.0845 0x1a90 iirsp - ok 21:27:29.0877 0x1a90 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll 21:27:29.0894 0x1a90 IKEEXT - ok 21:27:29.0915 0x1a90 [ 314285071F7117263BD246E35C17FD82, 12E135DAB9D717D697026800C97FB58A64C0C37ACE715C2805A411A5384CB55A ] intaud_WaveExtensible C:\Windows\system32\drivers\intelaud.sys 21:27:29.0917 0x1a90 intaud_WaveExtensible - ok 21:27:29.0947 0x1a90 [ EEE7376243CD8A4B49B885EF122D25E5, A3B89E7B513C95558C4DA41D3C136D464381263BA43E00EC136FC776DAA0BA94 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys 21:27:29.0957 0x1a90 IntcDAud - ok 21:27:30.0010 0x1a90 [ DDA8E5AD97231AB50B81FED04C28F64C, 5C9E8F7CC45A9AE7FF12A02641562E271D84894DFA7C50218AC2AAA298251B60 ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe 21:27:30.0025 0x1a90 Intel(R) Capability Licensing Service Interface - ok 21:27:30.0055 0x1a90 [ 86FE509640D77FB0998FC8B1FF5523C6, 13E895DEB9B84379251699D7E52C5E3FD888994425DE01B6C4634F9E959D5584 ] Intel(R) Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe 21:27:30.0072 0x1a90 Intel(R) Capability Licensing Service TCP IP Interface - ok 21:27:30.0077 0x1a90 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys 21:27:30.0078 0x1a90 intelide - ok 21:27:30.0099 0x1a90 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 21:27:30.0101 0x1a90 intelppm - ok 21:27:30.0112 0x1a90 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll 21:27:30.0115 0x1a90 IPBusEnum - ok 21:27:30.0119 0x1a90 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 21:27:30.0121 0x1a90 IpFilterDriver - ok 21:27:30.0146 0x1a90 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 21:27:30.0158 0x1a90 iphlpsvc - ok 21:27:30.0163 0x1a90 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 21:27:30.0165 0x1a90 IPMIDRV - ok 21:27:30.0171 0x1a90 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys 21:27:30.0173 0x1a90 IPNAT - ok 21:27:30.0177 0x1a90 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys 21:27:30.0178 0x1a90 IRENUM - ok 21:27:30.0181 0x1a90 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys 21:27:30.0182 0x1a90 isapnp - ok 21:27:30.0208 0x1a90 [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 21:27:30.0215 0x1a90 iScsiPrt - ok 21:27:30.0232 0x1a90 [ 72B203A1F805C07E920E537414A0EA5F, 7EFB2A397034FF3D451D1763865E8AA330D8D4656E7C6F8CDA6489868023C36E ] iusb3hcs C:\Windows\system32\DRIVERS\iusb3hcs.sys 21:27:30.0235 0x1a90 iusb3hcs - ok 21:27:30.0253 0x1a90 [ 474BFFCF3214208C5FD440217D34FE6E, 181E4A091B24E8FBB9C1072E1FD2BABB1B0AD68D1112563A70A791FA3546D4CE ] iusb3hub C:\Windows\system32\DRIVERS\iusb3hub.sys 21:27:30.0261 0x1a90 iusb3hub - ok 21:27:30.0303 0x1a90 [ 842A11F2020CD94A0120E61F902E3664, 464EDED37258A22AC38C007524E34ED1A795E5607FF8BD322455A8F76CB4BDCE ] iusb3xhc C:\Windows\system32\DRIVERS\iusb3xhc.sys 21:27:30.0320 0x1a90 iusb3xhc - ok 21:27:30.0333 0x1a90 [ 4487AD9C070D3973FE28AB4406555FC6, 77D8DE3036613618D44D7E5E47C9C754B8F0FF294D9DD778C92A7AFDA8F778FC ] iwdbus C:\Windows\system32\DRIVERS\iwdbus.sys 21:27:30.0334 0x1a90 iwdbus - ok 21:27:30.0390 0x1a90 [ 9BFDEFD51800A2D47D43919653F4BEF4, C7221D9F82F7F04343EDA6FE41A4EC4C97F6DC4170780AA3983C8735369A5026 ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe 21:27:30.0397 0x1a90 jhi_service - ok 21:27:30.0404 0x1a90 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 21:27:30.0407 0x1a90 kbdclass - ok 21:27:30.0414 0x1a90 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys 21:27:30.0415 0x1a90 kbdhid - ok 21:27:30.0432 0x1a90 [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] KeyIso C:\Windows\system32\lsass.exe 21:27:30.0433 0x1a90 KeyIso - ok 21:27:30.0449 0x1a90 [ BCC83F22805F560C8A487F2F296A78FE, B6729B9D85CC3B9377E3143FEF920EFAA82D152845A43074417E9266C9F5C1A8 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 21:27:30.0451 0x1a90 KSecDD - ok 21:27:30.0464 0x1a90 [ 33D52A96BEEE8AFCE9E07EEC9FE0C9DB, 5367B46A43296792A0E6294906D40511079D5CAA23F08D5A7EDE02C06AD34484 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 21:27:30.0469 0x1a90 KSecPkg - ok 21:27:30.0480 0x1a90 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 21:27:30.0481 0x1a90 ksthunk - ok 21:27:30.0505 0x1a90 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll 21:27:30.0514 0x1a90 KtmRm - ok 21:27:30.0533 0x1a90 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll 21:27:30.0539 0x1a90 LanmanServer - ok 21:27:30.0556 0x1a90 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 21:27:30.0559 0x1a90 LanmanWorkstation - ok 21:27:30.0590 0x1a90 [ D253E6009F05776F505F96866CCF460F, 8A39E77B4FC780BB9C6C8A892603248D87ED70255BF9BED0218BE2420B5E8C53 ] Lenovo.VIRTSCRLSVC C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe 21:27:30.0592 0x1a90 Lenovo.VIRTSCRLSVC - ok 21:27:30.0596 0x1a90 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 21:27:30.0598 0x1a90 lltdio - ok 21:27:30.0616 0x1a90 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll 21:27:30.0623 0x1a90 lltdsvc - ok 21:27:30.0632 0x1a90 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll 21:27:30.0633 0x1a90 lmhosts - ok 21:27:30.0664 0x1a90 [ 9FE032AD8751C5DDCF01DE26C1EE84BC, FAE072D7FCAED0987EA7D822238521A7CF96662F8EFD154515EA2A6C5B4E64F5 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe 21:27:30.0671 0x1a90 LMS - ok 21:27:30.0750 0x1a90 [ CE87E8E09273791172F7A1C60B225648, 03AB8A69C5A58FD3BCFF9E36FF83338B6866D82E4E550CD7CED686C4CC096DC1 ] LSCWinService C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe 21:27:30.0763 0x1a90 LSCWinService - ok 21:27:30.0769 0x1a90 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 21:27:30.0774 0x1a90 LSI_FC - ok 21:27:30.0780 0x1a90 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 21:27:30.0783 0x1a90 LSI_SAS - ok 21:27:30.0788 0x1a90 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys 21:27:30.0790 0x1a90 LSI_SAS2 - ok 21:27:30.0796 0x1a90 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 21:27:30.0799 0x1a90 LSI_SCSI - ok 21:27:30.0813 0x1a90 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys 21:27:30.0818 0x1a90 luafv - ok 21:27:30.0845 0x1a90 [ CFBC6C6D8A492697CABD1D353EE64933, DDAA844908324740C891EB8F08E2A8BB00457063B31C4A762745C1C2415FC12D ] MBAMProtector C:\Windows\system32\drivers\mbam.sys 21:27:30.0847 0x1a90 MBAMProtector - ok 21:27:30.0912 0x1a90 [ AB176B9E59C0435499D83047D84EDD59, 85B826A3972CE9AD885313B69B9C60328B850257667D0EB65DDE890D0BB06361 ] MBAMScheduler C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe 21:27:30.0953 0x1a90 MBAMScheduler - ok 21:27:31.0005 0x1a90 [ 40C126CB15FAB7D6C66490DCA9C1AED2, B32CEE2D2409232C245427D5E9647FDF59AF1D8AB5E8A98EE2D1F1314599FD14 ] MBAMService C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe 21:27:31.0038 0x1a90 MBAMService - ok 21:27:31.0064 0x1a90 [ 78488AF2AB2111D67B3C4044707A519B, 7AA71B9C4C7949A1A21F60EF7CCEDE0079794990696B60557B5DC86F4D47223A ] MBAMSwissArmy C:\Windows\system32\drivers\MBAMSwissArmy.sys 21:27:31.0068 0x1a90 MBAMSwissArmy - ok 21:27:31.0084 0x1a90 [ D61070CFAD43038DC56AEAD9BFE9CE2A, BD77AEF60E7FD2015CB14A464799304359547146C14A47F8D25274ACFA2E42D5 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys 21:27:31.0085 0x1a90 MBAMWebAccessControl - ok 21:27:31.0140 0x1a90 [ 1704A8189EE5580AB147CFD25C5C8770, DFA076FD36B5CC844D4BE3B865E9A1F809E14CCB1D78D82A2D8D8EE38210E6EB ] McComponentHostService C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe 21:27:31.0154 0x1a90 McComponentHostService - ok 21:27:31.0177 0x1a90 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 21:27:31.0181 0x1a90 Mcx2Svc - ok 21:27:31.0185 0x1a90 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\drivers\megasas.sys 21:27:31.0187 0x1a90 megasas - ok 21:27:31.0205 0x1a90 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys 21:27:31.0214 0x1a90 MegaSR - ok 21:27:31.0237 0x1a90 [ 2BB3EAE2EA641515D4B205CAB29E1624, D3F18EE393EB1B0F919484281269A3C55A092D023E62C59D74CB63A55612024B ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys 21:27:31.0239 0x1a90 MEIx64 - ok 21:27:31.0250 0x1a90 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll 21:27:31.0253 0x1a90 MMCSS - ok 21:27:31.0261 0x1a90 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys 21:27:31.0262 0x1a90 Modem - ok 21:27:31.0282 0x1a90 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 21:27:31.0283 0x1a90 monitor - ok 21:27:31.0288 0x1a90 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 21:27:31.0289 0x1a90 mouclass - ok 21:27:31.0293 0x1a90 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 21:27:31.0294 0x1a90 mouhid - ok 21:27:31.0312 0x1a90 [ 67050452C0118BAF2883928E6FCCFE47, 335FC0AEB7B47DCC7CE0CF3F424EB60ACB1327D2FF6515F04D9AC03A10FF1E31 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 21:27:31.0314 0x1a90 mountmgr - ok 21:27:31.0320 0x1a90 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys 21:27:31.0323 0x1a90 mpio - ok 21:27:31.0330 0x1a90 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 21:27:31.0332 0x1a90 mpsdrv - ok 21:27:31.0361 0x1a90 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll 21:27:31.0377 0x1a90 MpsSvc - ok 21:27:31.0398 0x1a90 [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 21:27:31.0402 0x1a90 MRxDAV - ok 21:27:31.0424 0x1a90 [ 73ADDCC406B86E7DA4416691E8E74BDA, 4EC970B9095E6DAA79BF7EFB92DF3F2C0AB0C46739AA36C171A262E05B63CBB5 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 21:27:31.0428 0x1a90 mrxsmb - ok 21:27:31.0454 0x1a90 [ 7C81098FBAF2EAF5B54B939F832B0F61, 999435DF4638ECB136D5BF1B84305A84B215BAB542E4D5301E57D28D507E11B3 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 21:27:31.0461 0x1a90 mrxsmb10 - ok 21:27:31.0484 0x1a90 [ ACB763673BCCE6C7B3B8F858C9FE4F1F, CCD49558F8A01A225AEAE60BF299BCA6E9399E39F4F553FABC36CADB164BBBC0 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 21:27:31.0487 0x1a90 mrxsmb20 - ok 21:27:31.0491 0x1a90 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys 21:27:31.0492 0x1a90 msahci - ok 21:27:31.0506 0x1a90 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys 21:27:31.0510 0x1a90 msdsm - ok 21:27:31.0529 0x1a90 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe 21:27:31.0534 0x1a90 MSDTC - ok 21:27:31.0540 0x1a90 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys 21:27:31.0541 0x1a90 Msfs - ok 21:27:31.0544 0x1a90 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 21:27:31.0545 0x1a90 mshidkmdf - ok 21:27:31.0550 0x1a90 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 21:27:31.0551 0x1a90 msisadrv - ok 21:27:31.0563 0x1a90 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 21:27:31.0568 0x1a90 MSiSCSI - ok 21:27:31.0570 0x1a90 msiserver - ok 21:27:31.0575 0x1a90 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 21:27:31.0576 0x1a90 MSKSSRV - ok 21:27:31.0579 0x1a90 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 21:27:31.0580 0x1a90 MSPCLOCK - ok 21:27:31.0583 0x1a90 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 21:27:31.0584 0x1a90 MSPQM - ok 21:27:31.0602 0x1a90 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 21:27:31.0610 0x1a90 MsRPC - ok 21:27:31.0615 0x1a90 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 21:27:31.0616 0x1a90 mssmbios - ok 21:27:31.0620 0x1a90 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 21:27:31.0621 0x1a90 MSTEE - ok 21:27:31.0624 0x1a90 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys 21:27:31.0625 0x1a90 MTConfig - ok 21:27:31.0630 0x1a90 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys 21:27:31.0632 0x1a90 Mup - ok 21:27:31.0658 0x1a90 [ 35739E6A0C67147A9B75226946CDC903, C9DE77D6812C778F601F52E87ECDD228E52EA691AB9CEAD388998A7B5AFC3B89 ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe 21:27:31.0665 0x1a90 MyWiFiDHCPDNS - ok 21:27:31.0691 0x1a90 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll 21:27:31.0699 0x1a90 napagent - ok 21:27:31.0714 0x1a90 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 21:27:31.0722 0x1a90 NativeWifiP - ok 21:27:31.0763 0x1a90 [ F7309F42555F8AAB7144A51A1F2585B0, 065277A8AFAEE3888C997A76D2F751070F92DF4C3354D16B194860B4BDAFF937 ] NDIS C:\Windows\system32\drivers\ndis.sys 21:27:31.0782 0x1a90 NDIS - ok 21:27:31.0796 0x1a90 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 21:27:31.0798 0x1a90 NdisCap - ok 21:27:31.0801 0x1a90 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 21:27:31.0802 0x1a90 NdisTapi - ok 21:27:31.0806 0x1a90 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 21:27:31.0808 0x1a90 Ndisuio - ok 21:27:31.0817 0x1a90 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 21:27:31.0821 0x1a90 NdisWan - ok 21:27:31.0827 0x1a90 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 21:27:31.0829 0x1a90 NDProxy - ok 21:27:31.0835 0x1a90 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 21:27:31.0837 0x1a90 NetBIOS - ok 21:27:31.0845 0x1a90 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 21:27:31.0850 0x1a90 NetBT - ok 21:27:31.0861 0x1a90 [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] Netlogon C:\Windows\system32\lsass.exe 21:27:31.0863 0x1a90 Netlogon - ok 21:27:31.0879 0x1a90 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll 21:27:31.0887 0x1a90 Netman - ok 21:27:31.0931 0x1a90 [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 21:27:31.0934 0x1a90 NetMsmqActivator - ok 21:27:31.0940 0x1a90 [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 21:27:31.0943 0x1a90 NetPipeActivator - ok 21:27:31.0964 0x1a90 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll 21:27:31.0973 0x1a90 netprofm - ok 21:27:31.0979 0x1a90 [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 21:27:31.0981 0x1a90 NetTcpActivator - ok 21:27:31.0987 0x1a90 [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 21:27:31.0990 0x1a90 NetTcpPortSharing - ok 21:27:32.0094 0x1a90 [ C873B801A7D628474313B2887D051607, 894877BAB599F52FB606B240D53FEB84CC4A6BAD8A45CB1983231CD2AE0C7A79 ] NETwNs64 C:\Windows\system32\DRIVERS\Netwsw02.sys 21:27:32.0188 0x1a90 NETwNs64 - ok 21:27:32.0200 0x1a90 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 21:27:32.0201 0x1a90 nfrd960 - ok 21:27:32.0225 0x1a90 [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc C:\Windows\System32\nlasvc.dll 21:27:32.0232 0x1a90 NlaSvc - ok 21:27:32.0236 0x1a90 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys 21:27:32.0237 0x1a90 Npfs - ok 21:27:32.0245 0x1a90 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll 21:27:32.0247 0x1a90 nsi - ok 21:27:32.0251 0x1a90 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 21:27:32.0251 0x1a90 nsiproxy - ok 21:27:32.0299 0x1a90 [ B98F8C6E31CD07B2E6F71F7F648E38C0, 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 21:27:32.0342 0x1a90 Ntfs - ok 21:27:32.0347 0x1a90 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys 21:27:32.0348 0x1a90 Null - ok 21:27:32.0354 0x1a90 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys 21:27:32.0358 0x1a90 nvraid - ok 21:27:32.0364 0x1a90 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys 21:27:32.0368 0x1a90 nvstor - ok 21:27:32.0373 0x1a90 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 21:27:32.0376 0x1a90 nv_agp - ok 21:27:32.0382 0x1a90 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 21:27:32.0385 0x1a90 ohci1394 - ok 21:27:32.0441 0x1a90 [ 1B9E7338761DAE4839ED87D7A248F817, 03AF40570DD8F8326EAF2A18227280DF0CEFFF1E12966E2829839C4B1E7F700E ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 21:27:32.0446 0x1a90 ose - ok 21:27:32.0636 0x1a90 [ FE9C0029E1AF26350D9985D00520E5C8, 967079CCF7B2CBD4B48C9F076675C26AF93A1CEC26C96811F279414E34004EE6 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 21:27:32.0721 0x1a90 osppsvc - ok 21:27:32.0756 0x1a90 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 21:27:32.0762 0x1a90 p2pimsvc - ok 21:27:32.0782 0x1a90 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll 21:27:32.0790 0x1a90 p2psvc - ok 21:27:32.0795 0x1a90 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\drivers\parport.sys 21:27:32.0797 0x1a90 Parport - ok 21:27:32.0801 0x1a90 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys 21:27:32.0803 0x1a90 partmgr - ok 21:27:32.0835 0x1a90 [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc C:\Windows\System32\pcasvc.dll 21:27:32.0839 0x1a90 PcaSvc - ok 21:27:32.0845 0x1a90 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys 21:27:32.0850 0x1a90 pci - ok 21:27:32.0853 0x1a90 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys 21:27:32.0854 0x1a90 pciide - ok 21:27:32.0871 0x1a90 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 21:27:32.0876 0x1a90 pcmcia - ok 21:27:32.0880 0x1a90 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys 21:27:32.0882 0x1a90 pcw - ok 21:27:32.0907 0x1a90 [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH C:\Windows\system32\drivers\peauth.sys 21:27:32.0923 0x1a90 PEAUTH - ok 21:27:32.0983 0x1a90 [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll 21:27:33.0007 0x1a90 PeerDistSvc - ok 21:27:33.0052 0x1a90 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe 21:27:33.0055 0x1a90 PerfHost - ok 21:27:33.0107 0x1a90 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll 21:27:33.0143 0x1a90 pla - ok 21:27:33.0176 0x1a90 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 21:27:33.0183 0x1a90 PlugPlay - ok 21:27:33.0194 0x1a90 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 21:27:33.0196 0x1a90 PNRPAutoReg - ok 21:27:33.0205 0x1a90 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 21:27:33.0212 0x1a90 PNRPsvc - ok 21:27:33.0279 0x1a90 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 21:27:33.0294 0x1a90 PolicyAgent - ok 21:27:33.0315 0x1a90 [ A2CCA4FB273E6050F17A0A416CFF2FCD, C42BA18DF0C8E3F7358669A784E51E4DC7A4112096345EA699EDC95F561E0255 ] Power C:\Windows\system32\umpo.dll 21:27:33.0320 0x1a90 Power - ok 21:27:33.0393 0x1a90 [ 552F3539C70D010F97001E9B7228210B, 9CB45B7D67E0B99C78D0091173C983AB272FA8A18E1CB5AC3B1519B37964A11E ] Power Manager DBC Service C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE 21:27:33.0422 0x1a90 Power Manager DBC Service - ok 21:27:33.0466 0x1a90 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 21:27:33.0472 0x1a90 PptpMiniport - ok 21:27:33.0485 0x1a90 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\drivers\processr.sys 21:27:33.0489 0x1a90 Processor - ok 21:27:33.0517 0x1a90 [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc C:\Windows\system32\profsvc.dll 21:27:33.0523 0x1a90 ProfSvc - ok 21:27:33.0540 0x1a90 [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] ProtectedStorage C:\Windows\system32\lsass.exe 21:27:33.0542 0x1a90 ProtectedStorage - ok 21:27:33.0555 0x1a90 [ 05A4779E4994B21473EDBE85AABE8030, AFD597461B036FDE42013648A4D542B02AE1D7E128BF0B193BA4B478432F0C72 ] psadd C:\Windows\system32\DRIVERS\psadd.sys 21:27:33.0557 0x1a90 psadd - ok 21:27:33.0567 0x1a90 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys 21:27:33.0571 0x1a90 Psched - ok 21:27:33.0626 0x1a90 [ FB3D6070413925193EA32D1652B921F0, 5D0EEDC966BD5A042A761411E69B376BC16339032BCC460CD4F2965DF05C1033 ] PwmEWSvc C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE 21:27:33.0671 0x1a90 PwmEWSvc - ok 21:27:33.0718 0x1a90 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 21:27:33.0761 0x1a90 ql2300 - ok 21:27:33.0767 0x1a90 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 21:27:33.0771 0x1a90 ql40xx - ok 21:27:33.0786 0x1a90 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll 21:27:33.0794 0x1a90 QWAVE - ok 21:27:33.0799 0x1a90 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 21:27:33.0801 0x1a90 QWAVEdrv - ok 21:27:33.0804 0x1a90 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 21:27:33.0805 0x1a90 RasAcd - ok 21:27:33.0831 0x1a90 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 21:27:33.0833 0x1a90 RasAgileVpn - ok 21:27:33.0847 0x1a90 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll 21:27:33.0851 0x1a90 RasAuto - ok 21:27:33.0856 0x1a90 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 21:27:33.0859 0x1a90 Rasl2tp - ok 21:27:33.0880 0x1a90 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll 21:27:33.0888 0x1a90 RasMan - ok 21:27:33.0893 0x1a90 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 21:27:33.0895 0x1a90 RasPppoe - ok 21:27:33.0900 0x1a90 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 21:27:33.0902 0x1a90 RasSstp - ok 21:27:33.0912 0x1a90 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 21:27:33.0919 0x1a90 rdbss - ok 21:27:33.0922 0x1a90 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 21:27:33.0923 0x1a90 rdpbus - ok 21:27:33.0926 0x1a90 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 21:27:33.0928 0x1a90 RDPCDD - ok 21:27:33.0954 0x1a90 [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR C:\Windows\system32\drivers\rdpdr.sys 21:27:33.0959 0x1a90 RDPDR - ok 21:27:33.0961 0x1a90 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 21:27:33.0962 0x1a90 RDPENCDD - ok 21:27:33.0974 0x1a90 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 21:27:33.0975 0x1a90 RDPREFMP - ok 21:27:34.0000 0x1a90 [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 21:27:34.0005 0x1a90 RDPWD - ok 21:27:34.0013 0x1a90 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 21:27:34.0018 0x1a90 rdyboost - ok 21:27:34.0067 0x1a90 [ BC49E8BDBC6C1B161FDDB350CE423366, D98C7948EE36808164766DD9934C204599275BE9FCD83515F9C0153202D38C34 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe 21:27:34.0075 0x1a90 RegSrvc - ok 21:27:34.0093 0x1a90 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll 21:27:34.0097 0x1a90 RemoteAccess - ok 21:27:34.0117 0x1a90 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll 21:27:34.0124 0x1a90 RemoteRegistry - ok 21:27:34.0161 0x1a90 [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys 21:27:34.0168 0x1a90 RFCOMM - ok 21:27:34.0177 0x1a90 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 21:27:34.0181 0x1a90 RpcEptMapper - ok 21:27:34.0190 0x1a90 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe 21:27:34.0192 0x1a90 RpcLocator - ok 21:27:34.0212 0x1a90 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll 21:27:34.0221 0x1a90 RpcSs - ok 21:27:34.0229 0x1a90 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 21:27:34.0231 0x1a90 rspndr - ok 21:27:34.0267 0x1a90 [ 1BE36AB59242A109697870F16A8E0EF8, CAC949D97EEFA0CE5E89084D0950B6E331145870355367803530D0DED4962F2E ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys 21:27:34.0285 0x1a90 RTL8167 - ok 21:27:34.0307 0x1a90 [ 61EF084BB097FFAB50D05EE5115F7F98, 334E691C45A473977301DB8E8D03747388D2A2D940D3BC15493476404D801645 ] RTSPER C:\Windows\system32\DRIVERS\RtsPer.sys 21:27:34.0316 0x1a90 RTSPER - ok 21:27:34.0334 0x1a90 [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap C:\Windows\system32\drivers\vms3cap.sys 21:27:34.0335 0x1a90 s3cap - ok 21:27:34.0340 0x1a90 [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] SamSs C:\Windows\system32\lsass.exe 21:27:34.0342 0x1a90 SamSs - ok 21:27:34.0345 0x1a90 SAService - ok 21:27:34.0356 0x1a90 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 21:27:34.0358 0x1a90 sbp2port - ok 21:27:34.0376 0x1a90 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll 21:27:34.0381 0x1a90 SCardSvr - ok 21:27:34.0384 0x1a90 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 21:27:34.0386 0x1a90 scfilter - ok 21:27:34.0459 0x1a90 [ 40686B59C127F0C93B4234E4A1E3472A, B2DD61CB796C6AA8AFD285D43472B94646CA6D331D282818E0FDC9DE28DDE9CF ] Schedule C:\Windows\system32\schedsvc.dll 21:27:34.0480 0x1a90 Schedule - ok 21:27:34.0501 0x1a90 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll 21:27:34.0503 0x1a90 SCPolicySvc - ok 21:27:34.0519 0x1a90 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll 21:27:34.0524 0x1a90 SDRSVC - ok 21:27:34.0529 0x1a90 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys 21:27:34.0530 0x1a90 secdrv - ok 21:27:34.0540 0x1a90 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll 21:27:34.0542 0x1a90 seclogon - ok 21:27:34.0553 0x1a90 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll 21:27:34.0555 0x1a90 SENS - ok 21:27:34.0559 0x1a90 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll 21:27:34.0561 0x1a90 SensrSvc - ok 21:27:34.0564 0x1a90 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\drivers\serenum.sys 21:27:34.0565 0x1a90 Serenum - ok 21:27:34.0571 0x1a90 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\drivers\serial.sys 21:27:34.0573 0x1a90 Serial - ok 21:27:34.0577 0x1a90 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\drivers\sermouse.sys 21:27:34.0578 0x1a90 sermouse - ok 21:27:34.0596 0x1a90 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll 21:27:34.0599 0x1a90 SessionEnv - ok 21:27:34.0603 0x1a90 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 21:27:34.0604 0x1a90 sffdisk - ok 21:27:34.0609 0x1a90 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 21:27:34.0609 0x1a90 sffp_mmc - ok 21:27:34.0612 0x1a90 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 21:27:34.0614 0x1a90 sffp_sd - ok 21:27:34.0617 0x1a90 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 21:27:34.0619 0x1a90 sfloppy - ok 21:27:34.0648 0x1a90 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll 21:27:34.0657 0x1a90 SharedAccess - ok 21:27:34.0676 0x1a90 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 21:27:34.0683 0x1a90 ShellHWDetection - ok 21:27:34.0702 0x1a90 [ 07514491857759A5D02A741C9DB6ECA2, D3EB21D90DB68F8BE695961BFA1256E4FA1274D59B3AA465A5485215ABBAA8C5 ] Shockprf C:\Windows\system32\DRIVERS\Apsx64.sys 21:27:34.0706 0x1a90 Shockprf - ok 21:27:34.0711 0x1a90 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys 21:27:34.0712 0x1a90 SiSRaid2 - ok 21:27:34.0729 0x1a90 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 21:27:34.0732 0x1a90 SiSRaid4 - ok 21:27:34.0736 0x1a90 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys 21:27:34.0739 0x1a90 Smb - ok 21:27:34.0761 0x1a90 [ 7C5B431BB6CD52C46295D9752C1C5A45, CBC2A342F019359629B7141ADD1A5AE3E97785D39ADD398EC60F897FABDD5554 ] SmbDrvI C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys 21:27:34.0763 0x1a90 SmbDrvI - ok 21:27:34.0780 0x1a90 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe 21:27:34.0783 0x1a90 SNMPTRAP - ok 21:27:34.0841 0x1a90 [ 3A4F2C0BB87A0895ABEBA341AA1E341B, 4DADEEF3C5D181502D6F4A00FBBF3B001FA626E49569FB330D7AE2955CC7DE08 ] Sony PC Companion C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe 21:27:34.0850 0x1a90 Sony PC Companion - ok 21:27:34.0859 0x1a90 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys 21:27:34.0861 0x1a90 spldr - ok 21:27:34.0893 0x1a90 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe 21:27:34.0909 0x1a90 Spooler - ok 21:27:35.0017 0x1a90 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe 21:27:35.0101 0x1a90 sppsvc - ok 21:27:35.0110 0x1a90 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll 21:27:35.0113 0x1a90 sppuinotify - ok 21:27:35.0136 0x1a90 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys 21:27:35.0146 0x1a90 srv - ok 21:27:35.0158 0x1a90 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 21:27:35.0167 0x1a90 srv2 - ok 21:27:35.0174 0x1a90 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 21:27:35.0178 0x1a90 srvnet - ok 21:27:35.0197 0x1a90 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 21:27:35.0202 0x1a90 SSDPSRV - ok 21:27:35.0208 0x1a90 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll 21:27:35.0212 0x1a90 SstpSvc - ok 21:27:35.0216 0x1a90 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\drivers\stexstor.sys 21:27:35.0217 0x1a90 stexstor - ok 21:27:35.0244 0x1a90 [ DECACB6921DED1A38642642685D77DAC, 1633711CE973F818EBCCCA28538772431167C33ECDD44D1E846A9436598B52DC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys 21:27:35.0246 0x1a90 StillCam - ok 21:27:35.0275 0x1a90 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll 21:27:35.0288 0x1a90 stisvc - ok 21:27:35.0300 0x1a90 [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt C:\Windows\system32\drivers\vmstorfl.sys 21:27:35.0303 0x1a90 storflt - ok 21:27:35.0328 0x1a90 [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc C:\Windows\system32\storsvc.dll 21:27:35.0330 0x1a90 StorSvc - ok 21:27:35.0344 0x1a90 [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc C:\Windows\system32\drivers\storvsc.sys 21:27:35.0346 0x1a90 storvsc - ok 21:27:35.0435 0x1a90 [ 4219A2A1C9049CC35ADC65C1E2AC8842, 7B52107880251C7BA75E5A083A80B25FDC6C6AB34ACE7CDDAA990A04D76FB98E ] SUService C:\Program Files (x86)\Lenovo\System Update\SUService.exe 21:27:35.0437 0x1a90 SUService - ok 21:27:35.0443 0x1a90 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\DRIVERS\swenum.sys 21:27:35.0444 0x1a90 swenum - ok 21:27:35.0485 0x1a90 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll 21:27:35.0501 0x1a90 swprv - ok 21:27:35.0526 0x1a90 [ 16021E640CFA11BFA5F4D789322CFC39, E7249AFD865607502A36A6EC931AA9D04185A255B568F9401D45608305DFBF83 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys 21:27:35.0538 0x1a90 SynTP - ok 21:27:35.0596 0x1a90 [ 2E730941CC5BF6200A4F56D1E9C24AAD, 758836D55DC84F3EBE9917DC6FAB8E6170A5B238FEDBCFDB6D7C5C6EA98E08B2 ] SysMain C:\Windows\system32\sysmain.dll 21:27:35.0626 0x1a90 SysMain - ok 21:27:35.0658 0x1a90 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll 21:27:35.0662 0x1a90 TabletInputService - ok 21:27:35.0674 0x1a90 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll 21:27:35.0682 0x1a90 TapiSrv - ok 21:27:35.0690 0x1a90 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll 21:27:35.0692 0x1a90 TBS - ok 21:27:35.0750 0x1a90 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 21:27:35.0781 0x1a90 Tcpip - ok 21:27:35.0841 0x1a90 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 21:27:35.0873 0x1a90 TCPIP6 - ok 21:27:35.0887 0x1a90 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 21:27:35.0889 0x1a90 tcpipreg - ok 21:27:35.0894 0x1a90 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 21:27:35.0896 0x1a90 TDPIPE - ok 21:27:35.0913 0x1a90 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 21:27:35.0915 0x1a90 TDTCP - ok 21:27:35.0939 0x1a90 [ AA77EB517D2F07A947294F260E3ACA83, B7A5DF3066830C0C2302B059778A67419792058A0D300C471DE40AB245EA7E58 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 21:27:35.0942 0x1a90 tdx - ok 21:27:35.0946 0x1a90 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 21:27:35.0949 0x1a90 TermDD - ok 21:27:35.0983 0x1a90 [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService C:\Windows\System32\termsrv.dll 21:27:35.0997 0x1a90 TermService - ok 21:27:36.0011 0x1a90 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll 21:27:36.0013 0x1a90 Themes - ok 21:27:36.0034 0x1a90 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll 21:27:36.0036 0x1a90 THREADORDER - ok 21:27:36.0051 0x1a90 [ D34181414FB3060A968DF24C4BA98764, EDD1AC4D41C8F9B32E47FF03A391AAC6BDB26D00A8C43898D35610EB08EEA25C ] TPDIGIMN C:\Windows\system32\DRIVERS\ApsHM64.sys 21:27:36.0052 0x1a90 TPDIGIMN - ok 21:27:36.0067 0x1a90 [ F3B696FD7CFBB5D73FF59E1018D8043D, 20B96C409FCB67AA24D417CACBA516756EAE5D4574FDA7951BDB1FA1DF67209B ] TPHDEXLGSVC C:\Windows\system32\TPHDEXLG64.exe 21:27:36.0069 0x1a90 TPHDEXLGSVC - ok 21:27:36.0073 0x1a90 [ DBCC20C02E8A3E43B03C304A4E40A84F, BF5F3ACCB0342304A6870E94D2576644B08DBF307C853C7DBA4B82B0C7309DA4 ] TPM C:\Windows\system32\drivers\tpm.sys 21:27:36.0074 0x1a90 TPM - ok 21:27:36.0081 0x1a90 [ A9EF6C7E62DC3B01C51CFB92C1596C62, 432335FDA5DF9FF8C9B86767980A07C720E7158D5362E40D3A745817D4275A07 ] TPPWRIF C:\Windows\system32\drivers\Tppwr64v.sys 21:27:36.0082 0x1a90 TPPWRIF - ok 21:27:36.0095 0x1a90 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll 21:27:36.0099 0x1a90 TrkWks - ok 21:27:36.0137 0x1a90 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 21:27:36.0140 0x1a90 TrustedInstaller - ok 21:27:36.0163 0x1a90 [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 21:27:36.0164 0x1a90 tssecsrv - ok 21:27:36.0170 0x1a90 [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 21:27:36.0171 0x1a90 TsUsbFlt - ok 21:27:36.0175 0x1a90 [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys 21:27:36.0176 0x1a90 TsUsbGD - ok 21:27:36.0181 0x1a90 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 21:27:36.0183 0x1a90 tunnel - ok 21:27:36.0202 0x1a90 [ 760B34088C2AD8D634CC3784EF3A2CA2, 20D23EDBDE7EBBA495C032097E7C5B1C6F94037971D9B2D6B98ABE11E7FF3643 ] tvtvcamd C:\Windows\system32\DRIVERS\tvtvcamd.sys 21:27:36.0202 0x1a90 tvtvcamd - ok 21:27:36.0219 0x1a90 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\drivers\uagp35.sys 21:27:36.0221 0x1a90 uagp35 - ok 21:27:36.0230 0x1a90 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 21:27:36.0235 0x1a90 udfs - ok 21:27:36.0251 0x1a90 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe 21:27:36.0253 0x1a90 UI0Detect - ok 21:27:36.0257 0x1a90 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 21:27:36.0258 0x1a90 uliagpkx - ok 21:27:36.0262 0x1a90 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys 21:27:36.0263 0x1a90 umbus - ok 21:27:36.0268 0x1a90 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\drivers\umpass.sys 21:27:36.0269 0x1a90 UmPass - ok 21:27:36.0286 0x1a90 [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService C:\Windows\System32\umrdp.dll 21:27:36.0291 0x1a90 UmRdpService - ok 21:27:36.0314 0x1a90 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll 21:27:36.0321 0x1a90 upnphost - ok 21:27:36.0345 0x1a90 [ 524BFB402B1AB1007ED91E94D6AB6F72, 5A970292D2E7A580FAD86615BC6E66C2A5C74044EFF6C1543E928773E5B9C0F8 ] usb3Hub C:\Windows\system32\DRIVERS\usb3Hub.sys 21:27:36.0349 0x1a90 usb3Hub - ok 21:27:36.0367 0x1a90 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 21:27:36.0369 0x1a90 usbccgp - ok 21:27:36.0385 0x1a90 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys 21:27:36.0387 0x1a90 usbcir - ok 21:27:36.0400 0x1a90 [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 21:27:36.0402 0x1a90 usbehci - ok 21:27:36.0418 0x1a90 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 21:27:36.0424 0x1a90 usbhub - ok 21:27:36.0436 0x1a90 [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\drivers\usbohci.sys 21:27:36.0436 0x1a90 usbohci - ok 21:27:36.0449 0x1a90 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\drivers\usbprint.sys 21:27:36.0450 0x1a90 usbprint - ok 21:27:36.0454 0x1a90 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 21:27:36.0456 0x1a90 USBSTOR - ok 21:27:36.0468 0x1a90 [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 21:27:36.0469 0x1a90 usbuhci - ok 21:27:36.0475 0x1a90 [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys 21:27:36.0479 0x1a90 usbvideo - ok 21:27:36.0492 0x1a90 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll 21:27:36.0494 0x1a90 UxSms - ok 21:27:36.0514 0x1a90 [ 19B5A2B908BF97E81BA195B2321A9D8B, 08B0BBB5D0348D6C201137725FE0D5232C15889F6CB907DBA823F36036D89BAD ] ValBioService C:\Program Files\Lenovo Fingerprint Reader\ValBioService.exe 21:27:36.0515 0x1a90 ValBioService - ok 21:27:36.0534 0x1a90 [ BF7FFCD223323F80E4DDB9ADB5DDF1AE, 4BC7EE65C577D93DBF25EC253526F2FE642F32017C1DA52CFEA83AC8BF3E18CA ] valWBFPolicyService C:\Windows\system32\valWBFPolicyService.exe 21:27:36.0536 0x1a90 valWBFPolicyService - ok 21:27:36.0547 0x1a90 [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] VaultSvc C:\Windows\system32\lsass.exe 21:27:36.0548 0x1a90 VaultSvc - ok 21:27:36.0552 0x1a90 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 21:27:36.0553 0x1a90 vdrvroot - ok 21:27:36.0583 0x1a90 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe 21:27:36.0593 0x1a90 vds - ok 21:27:36.0597 0x1a90 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 21:27:36.0598 0x1a90 vga - ok 21:27:36.0601 0x1a90 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys 21:27:36.0602 0x1a90 VgaSave - ok 21:27:36.0619 0x1a90 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 21:27:36.0622 0x1a90 vhdmp - ok 21:27:36.0628 0x1a90 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys 21:27:36.0629 0x1a90 viaide - ok 21:27:36.0685 0x1a90 [ D339DF97110C5E2C01FA191787E60CA0, 0798E9CB36BFC439CF536870E9B7594491D6027DC3FA89779B322761C1B8372D ] vm331avs C:\Windows\system32\Drivers\vm331avs.sys 21:27:36.0717 0x1a90 vm331avs - ok 21:27:36.0738 0x1a90 [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus C:\Windows\system32\drivers\vmbus.sys 21:27:36.0741 0x1a90 vmbus - ok 21:27:36.0745 0x1a90 [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys 21:27:36.0745 0x1a90 VMBusHID - ok 21:27:36.0751 0x1a90 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys 21:27:36.0753 0x1a90 volmgr - ok 21:27:36.0771 0x1a90 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 21:27:36.0777 0x1a90 volmgrx - ok 21:27:36.0787 0x1a90 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys 21:27:36.0792 0x1a90 volsnap - ok 21:27:36.0798 0x1a90 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 21:27:36.0801 0x1a90 vsmraid - ok 21:27:36.0849 0x1a90 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe 21:27:36.0886 0x1a90 VSS - ok 21:27:36.0891 0x1a90 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 21:27:36.0892 0x1a90 vwifibus - ok 21:27:36.0896 0x1a90 [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 21:27:36.0898 0x1a90 vwififlt - ok 21:27:36.0901 0x1a90 [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys 21:27:36.0902 0x1a90 vwifimp - ok 21:27:36.0914 0x1a90 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll 21:27:36.0921 0x1a90 W32Time - ok 21:27:36.0929 0x1a90 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\drivers\wacompen.sys 21:27:36.0930 0x1a90 WacomPen - ok 21:27:36.0934 0x1a90 [ 356AFD78A6ED4457169241AC3965230C, |
|
29.11.2015, 21:52
| #6 |
| | Windows7: Trojaner, registy befallen, HKU, HKCU logfile, TDSS, Teil 3 Code:
ATTFilter CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 21:27:36.0936 0x1a90 WANARP - ok 21:27:36.0940 0x1a90 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 21:27:36.0942 0x1a90 Wanarpv6 - ok 21:27:36.0987 0x1a90 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe 21:27:37.0027 0x1a90 wbengine - ok 21:27:37.0037 0x1a90 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 21:27:37.0042 0x1a90 WbioSrvc - ok 21:27:37.0052 0x1a90 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll 21:27:37.0059 0x1a90 wcncsvc - ok 21:27:37.0076 0x1a90 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 21:27:37.0078 0x1a90 WcsPlugInService - ok 21:27:37.0081 0x1a90 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\drivers\wd.sys 21:27:37.0082 0x1a90 Wd - ok 21:27:37.0108 0x1a90 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 21:27:37.0121 0x1a90 Wdf01000 - ok 21:27:37.0131 0x1a90 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll 21:27:37.0134 0x1a90 WdiServiceHost - ok 21:27:37.0137 0x1a90 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll 21:27:37.0140 0x1a90 WdiSystemHost - ok 21:27:37.0160 0x1a90 [ 4E89FC53493704BF835F0300DC201C34, FB3080725E144D93512DED81047D21C0582BC3412250EFF37E039108D7351F53 ] WebClient C:\Windows\System32\webclnt.dll 21:27:37.0165 0x1a90 WebClient - ok 21:27:37.0182 0x1a90 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll 21:27:37.0188 0x1a90 Wecsvc - ok 21:27:37.0197 0x1a90 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll 21:27:37.0200 0x1a90 wercplsupport - ok 21:27:37.0205 0x1a90 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll 21:27:37.0208 0x1a90 WerSvc - ok 21:27:37.0211 0x1a90 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 21:27:37.0212 0x1a90 WfpLwf - ok 21:27:37.0215 0x1a90 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys 21:27:37.0216 0x1a90 WIMMount - ok 21:27:37.0242 0x1a90 WinDefend - ok 21:27:37.0248 0x1a90 WinHttpAutoProxySvc - ok 21:27:37.0318 0x1a90 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 21:27:37.0332 0x1a90 Winmgmt - ok 21:27:37.0420 0x1a90 [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM C:\Windows\system32\WsmSvc.dll 21:27:37.0455 0x1a90 WinRM - ok 21:27:37.0472 0x1a90 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys 21:27:37.0473 0x1a90 WinUsb - ok 21:27:37.0509 0x1a90 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll 21:27:37.0524 0x1a90 Wlansvc - ok 21:27:37.0529 0x1a90 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys 21:27:37.0530 0x1a90 WmiAcpi - ok 21:27:37.0547 0x1a90 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 21:27:37.0551 0x1a90 wmiApSrv - ok 21:27:37.0565 0x1a90 WMPNetworkSvc - ok 21:27:37.0575 0x1a90 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll 21:27:37.0577 0x1a90 WPCSvc - ok 21:27:37.0592 0x1a90 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 21:27:37.0596 0x1a90 WPDBusEnum - ok 21:27:37.0599 0x1a90 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 21:27:37.0600 0x1a90 ws2ifsl - ok 21:27:37.0614 0x1a90 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll 21:27:37.0616 0x1a90 wscsvc - ok 21:27:37.0619 0x1a90 WSearch - ok 21:27:37.0745 0x1a90 [ 361845875ED8ED13086E7F37265C45DA, A0931DC1E35712036E93BBC3600530C0DA12E94E0D898787C818C526DFF240C2 ] wuauserv C:\Windows\system32\wuaueng.dll 21:27:37.0790 0x1a90 wuauserv - ok 21:27:37.0824 0x1a90 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 21:27:37.0826 0x1a90 WudfPf - ok 21:27:37.0842 0x1a90 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 21:27:37.0846 0x1a90 WUDFRd - ok 21:27:37.0851 0x1a90 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 21:27:37.0854 0x1a90 wudfsvc - ok 21:27:37.0880 0x1a90 [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll 21:27:37.0885 0x1a90 WwanSvc - ok 21:27:38.0074 0x1a90 [ C3FFB098C24A82B61E1818C3BB978B48, C7BC57A8D549B7478052F05FD0B4C623F1B70187358FD3CB5A7E9B5092FBD75F ] ZeroConfigService C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe 21:27:38.0141 0x1a90 ZeroConfigService - ok 21:27:38.0155 0x1a90 ================ Scan global =============================== 21:27:38.0190 0x1a90 [ 168EA9CD9BD6056BB6F60B57D5304BBE, 5A2F98754F042A7D80E7483842967EB362F01D57CE9720B24C7EDAA047F24C6F ] C:\Windows\system32\basesrv.dll 21:27:38.0218 0x1a90 [ FF41063E45C6238CAF48CBE6D0D6FC4B, 9B755EA23E7D2554E3AC3ADFFC4AFF7EB4F4A0F5CD3E6F2300BC98B21474CBC6 ] C:\Windows\system32\winsrv.dll 21:27:38.0229 0x1a90 [ FF41063E45C6238CAF48CBE6D0D6FC4B, 9B755EA23E7D2554E3AC3ADFFC4AFF7EB4F4A0F5CD3E6F2300BC98B21474CBC6 ] C:\Windows\system32\winsrv.dll 21:27:38.0257 0x1a90 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll 21:27:38.0285 0x1a90 [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe 21:27:38.0291 0x1a90 [ Global ] - ok 21:27:38.0292 0x1a90 ================ Scan MBR ================================== 21:27:38.0307 0x1a90 [ 3C10CC64408FD361AA392029816603BE ] \Device\Harddisk0\DR0 21:27:38.0573 0x1a90 \Device\Harddisk0\DR0 - ok 21:27:38.0575 0x1a90 ================ Scan VBR ================================== 21:27:38.0577 0x1a90 [ A268329E47236A1427D06FE623E25EDF ] \Device\Harddisk0\DR0\Partition1 21:27:38.0589 0x1a90 \Device\Harddisk0\DR0\Partition1 - ok 21:27:38.0593 0x1a90 [ 1BCC9905345EA33A52D3456ED16A5665 ] \Device\Harddisk0\DR0\Partition2 21:27:38.0607 0x1a90 \Device\Harddisk0\DR0\Partition2 - ok 21:27:38.0630 0x1a90 [ B54B30046ACAA40F06DB991EADCAD0E4 ] \Device\Harddisk0\DR0\Partition3 21:27:38.0633 0x1a90 \Device\Harddisk0\DR0\Partition3 - ok 21:27:38.0638 0x1a90 [ DFCA5FC290B016A3096325987A5D7C65 ] \Device\Harddisk0\DR0\Partition4 21:27:38.0660 0x1a90 \Device\Harddisk0\DR0\Partition4 - ok 21:27:38.0661 0x1a90 ================ Scan generic autorun ====================== 21:27:38.0711 0x1a90 [ 18CE3B3E42FBDF53883AE982152A0B45, E9E0DBA4CBE3B6CA7CE76591D65878ADB65DD4F3AF2CEAD0BD63559AE646AEB6 ] C:\Windows\system32\igfxtray.exe 21:27:38.0719 0x1a90 IgfxTray - ok 21:27:38.0742 0x1a90 [ FF71518046D79001513377100B79E2A3, 668057BF2B23212DA0C83849339D74949AE24E7F7866A2B9DE1D973E52F1BC3A ] C:\Windows\system32\hkcmd.exe 21:27:38.0750 0x1a90 HotKeysCmds - ok 21:27:38.0767 0x1a90 [ 763F57136C09C4A9E5B7C155400239CC, B661C8137322562E9014D946C7B58FAA15BC3948A1509A1B5A6DAEDCBF9FCA8C ] C:\Windows\system32\igfxpers.exe 21:27:38.0775 0x1a90 Persistence - ok 21:27:38.0816 0x1a90 [ 9E1738D18C61E6935AD0E8EE19D100D8, C2864677359A977CB67F16664DF44C4001CF4C04AD29401450D1BC3CDD9421AD ] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe 21:27:38.0831 0x1a90 cAudioFilterAgent - ok 21:27:38.0844 0x1a90 [ 42361B4BD80768E82B80285851037665, A555A6BF8016645B838FEA993AD273D1F472586F3600619DC243B1C33438FA07 ] C:\Program Files\Conexant\ForteConfig\fmapp.exe 21:27:38.0845 0x1a90 ForteConfig - ok 21:27:38.0914 0x1a90 [ 8970A59A838FF1CDC3D62D85823AA61E, 5842DAFD20C1A024CF8984652A08D12DBA1DE15788794D01FF6070D4E24D2479 ] C:\Program Files\CONEXANT\SAII\SACpl.exe 21:27:38.0941 0x1a90 SmartAudio - ok 21:27:38.0961 0x1a90 [ 78C0F0EA63438D2441E7F9CAC9619889, DA121F5637D8BA09EE9BFAD58757775B4775EFCCC06DC1DEF68F26C90C0F985F ] C:\Windows\system32\TpShocks.exe 21:27:38.0967 0x1a90 TpShocks - ok 21:27:39.0016 0x1a90 [ 4420BBAC770EB87AB74E4B9146E18924, 6DB78DB9FD72F1E8C7651D2B3FF090CB4A8C90BA0D11F69D533960CE67170CFC ] C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe 21:27:39.0024 0x1a90 BLEServicesCtrl - ok 21:27:39.0028 0x1a90 BTMTrayAgent - ok 21:27:39.0030 0x1a90 SynTPEnh - ok 21:27:39.0080 0x1a90 [ 2438CD7EFF8399E41B29A3D0DB0873D9, 5EA16FBF213E81013DE3FC83319C6A75214513A2AEE6A5403742348F739031D4 ] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe 21:27:39.0087 0x1a90 IMSS - ok 21:27:39.0133 0x1a90 [ E0E7C48CAF25943DB1B034364501134A, 6F3D325F82448668EBEBEE1DEA7CC686DE6ED37E903F28FE3521B4018F427B62 ] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe 21:27:39.0139 0x1a90 USB3MON - ok 21:27:39.0175 0x1a90 [ FA6220C7FDF2D94CFF82D45B72E5C929, C3E414388F8818EC4B3BEABC8ED16DE6CBF965A6603328A45AD6D9A1808F3E55 ] C:\Program Files (x86)\USB Camera\VM331STI.EXE 21:27:39.0184 0x1a90 331BigDog - ok 21:27:39.0189 0x1a90 PWMTRV - ok 21:27:39.0286 0x1a90 [ C1A86A6D6847DEFF009EAE85BA0C1F20, 7DC2A823FA281117B335B74876469C788A5C81534251179BE86F3FB35F1B6D67 ] C:\Program Files (x86)\Avira\Antivirus\avgnt.exe 21:27:39.0317 0x1a90 avgnt - ok 21:27:39.0364 0x1a90 [ CE5C9977DA751DDC30952AC4DCBCA788, 295172C4681E9AC27121122CDD2BA6F2A62435917A083CC8490D584CA0164BE6 ] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe 21:27:39.0364 0x1a90 HP Software Update - ok 21:27:39.0442 0x1a90 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe 21:27:39.0489 0x1a90 Sidebar - ok 21:27:39.0505 0x1a90 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe 21:27:39.0505 0x1a90 mctadmin - ok 21:27:39.0551 0x1a90 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe 21:27:39.0567 0x1a90 Sidebar - ok 21:27:39.0567 0x1a90 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe 21:27:39.0567 0x1a90 mctadmin - ok 21:27:39.0692 0x1a90 [ 22F7B9670AD770C7ED7F4738204C8E5C, 7B793AC094CB1B073419B5DAE09DFBB8EBED03D29301F490AA76EA0667613438 ] C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe 21:27:39.0723 0x1a90 HP Officejet 6700 (NET) - ok 21:27:39.0723 0x1a90 Web Companion - ok 21:27:40.0300 0x1a90 [ 1FA9AC9760AA04253B4D5D7DD8BF1073, 8514D8C242495A2214321A501C04455428471A884C558B4983CEBC6FD71B11F7 ] C:\Users\Marie-Luise\AppData\Local\Screenleap\Screenleap.exe 21:27:40.0347 0x1a90 Screenleap - ok 21:27:40.0378 0x1a90 [ 5746BD7E255DD6A8AFA06F7C42C1BA41, DB06C3534964E3FC79D2763144BA53742D7FA250CA336F4A0FE724B75AAFF386 ] C:\Windows\system32\cmd.exe 21:27:40.0378 0x1a90 Uninstall C:\Users\Marie-Luise\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\amd64 - ok 21:27:40.0394 0x1a90 AV detected via SS2: Avira Antivirus, C:\Program Files (x86)\Avira\Antivirus\wsctool.exe ( 15.0.13.202 ), 0x41000 ( enabled : updated ) 21:27:40.0394 0x1a90 Win FW state via NFP2: enabled ( trusted ) 21:27:53.0857 0x1a90 ============================================================ 21:27:53.0857 0x1a90 Scan finished 21:27:53.0857 0x1a90 ============================================================ 21:27:53.0857 0x0ddc Detected object count: 0 21:27:53.0857 0x0ddc Actual detected object count: 0 21:29:56.0590 0x17a0 ============================================================ 21:29:56.0590 0x17a0 Scan started 21:29:56.0590 0x17a0 Mode: Manual; SigCheck; TDLFS; 21:29:56.0590 0x17a0 ============================================================ 21:29:56.0590 0x17a0 KSN ping started 21:30:11.0250 0x17a0 KSN ping finished: true 21:30:11.0930 0x17a0 ================ Scan system memory ======================== 21:30:11.0931 0x17a0 System memory - ok 21:30:11.0931 0x17a0 ================ Scan services ============================= 21:30:12.0039 0x17a0 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 21:30:12.0086 0x17a0 1394ohci - ok 21:30:12.0096 0x17a0 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys 21:30:12.0112 0x17a0 ACPI - ok 21:30:12.0116 0x17a0 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 21:30:12.0126 0x17a0 AcpiPmi - ok 21:30:12.0189 0x17a0 [ 5DB2C6B908C50767E2EDAA294A7566B5, 13AE4879D679BB0C6B2A5A5B13910359815A9D2E569BC1DE740B5A387A78CF33 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 21:30:12.0211 0x17a0 AdobeARMservice - ok 21:30:12.0297 0x17a0 [ 280A526E8111AC6A5BCC1A059E1E0340, FB92DDAE29A097D148AB23D8A0BD2B9E662EC1DBF0DA8B716374D6919B4C646F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 21:30:12.0308 0x17a0 AdobeFlashPlayerUpdateSvc - ok 21:30:12.0323 0x17a0 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 21:30:12.0340 0x17a0 adp94xx - ok 21:30:12.0360 0x17a0 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\drivers\adpahci.sys 21:30:12.0374 0x17a0 adpahci - ok 21:30:12.0381 0x17a0 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 21:30:12.0392 0x17a0 adpu320 - ok 21:30:12.0411 0x17a0 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 21:30:12.0439 0x17a0 AeLookupSvc - ok 21:30:12.0473 0x17a0 [ 9A4A1EEE802BF2F878EE8EAB407B21B7, 177EB7DF4B35FE4C0E45E775A0FD5D48D39B410052E3EE18BDEEC809E152D9D8 ] AFD C:\Windows\system32\drivers\afd.sys 21:30:12.0502 0x17a0 AFD - ok 21:30:12.0516 0x17a0 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys 21:30:12.0524 0x17a0 agp440 - ok 21:30:12.0528 0x17a0 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe 21:30:12.0540 0x17a0 ALG - ok 21:30:12.0545 0x17a0 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys 21:30:12.0553 0x17a0 aliide - ok 21:30:12.0556 0x17a0 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys 21:30:12.0564 0x17a0 amdide - ok 21:30:12.0568 0x17a0 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 21:30:12.0579 0x17a0 AmdK8 - ok 21:30:12.0583 0x17a0 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys 21:30:12.0592 0x17a0 AmdPPM - ok 21:30:12.0597 0x17a0 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys 21:30:12.0606 0x17a0 amdsata - ok 21:30:12.0615 0x17a0 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys 21:30:12.0626 0x17a0 amdsbs - ok 21:30:12.0632 0x17a0 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys 21:30:12.0639 0x17a0 amdxata - ok 21:30:12.0739 0x17a0 [ 6B31C215750CD41567E962D22839EE44, FF0B92807296B88DE37F9F2EB27FF7B73AA998B98074AA54A949A2B79690AFE5 ] AntiVirMailService C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe 21:30:12.0823 0x17a0 AntiVirMailService - ok 21:30:12.0905 0x17a0 [ 18B0643B3B504E0FDCFCE0C8743B29C7, 1D4C004AD5066F52A4AA039F5364814F8F6B04EC1F704A5A3110172AD465661C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\Antivirus\sched.exe 21:30:12.0939 0x17a0 AntiVirSchedulerService - ok 21:30:12.0984 0x17a0 [ 18B0643B3B504E0FDCFCE0C8743B29C7, 1D4C004AD5066F52A4AA039F5364814F8F6B04EC1F704A5A3110172AD465661C ] AntiVirService C:\Program Files (x86)\Avira\Antivirus\avguard.exe 21:30:13.0009 0x17a0 AntiVirService - ok 21:30:13.0060 0x17a0 [ D84E576299C73B0B1DC477D2B99958C4, D6703C2B63B9FA87C2DA009CC7B6DF76C3603C6A9874B152D685A1B92EE2DF28 ] AntiVirWebService C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe 21:30:13.0097 0x17a0 AntiVirWebService - ok 21:30:13.0127 0x17a0 [ 27DABFB4A6B0140C34DBEC713469592B, A355170D353AFBF0DE4EF53282F8404788FBBD0E2A1B7282B1B2925923E83141 ] AppID C:\Windows\system32\drivers\appid.sys 21:30:13.0138 0x17a0 AppID - ok 21:30:13.0153 0x17a0 [ ABC373B9C6275D45F17DB559408FFD1B, 12B355393BEBE2D1D24D7A9DA5E69E03E334899407503BC1CADCF7BE39828223 ] AppIDSvc C:\Windows\System32\appidsvc.dll 21:30:13.0162 0x17a0 AppIDSvc - ok 21:30:13.0184 0x17a0 [ 978DC0A1FBE9CC91B21B40AF66CB396A, 90BAFF81D98F5AFD743D8BD65F716666A7A7BD2DA612492E03C79B29E9A0F8C2 ] Appinfo C:\Windows\System32\appinfo.dll 21:30:13.0195 0x17a0 Appinfo - ok 21:30:13.0224 0x17a0 [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt C:\Windows\System32\appmgmts.dll 21:30:13.0238 0x17a0 AppMgmt - ok 21:30:13.0243 0x17a0 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\drivers\arc.sys 21:30:13.0253 0x17a0 arc - ok 21:30:13.0279 0x17a0 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\drivers\arcsas.sys 21:30:13.0290 0x17a0 arcsas - ok 21:30:13.0356 0x17a0 [ 108FB6DDB69E537A2EA53F425363FAE5, B12A9F5338D39805E08A44A335FF7AA77F2266F535A2F5C8412CC746C75E5B1D ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 21:30:13.0379 0x17a0 aspnet_state - ok 21:30:13.0385 0x17a0 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 21:30:13.0418 0x17a0 AsyncMac - ok 21:30:13.0421 0x17a0 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys 21:30:13.0429 0x17a0 atapi - ok 21:30:13.0472 0x17a0 [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 21:30:13.0494 0x17a0 AudioEndpointBuilder - ok 21:30:13.0511 0x17a0 [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv C:\Windows\System32\Audiosrv.dll 21:30:13.0533 0x17a0 AudioSrv - ok 21:30:13.0560 0x17a0 [ 03C6DEB5C74C8140C2167677DBE2F79A, D5C727B007C5B486DECE1A1B83D8155299DD7CB46DC8208CE9185C5BAE5CC33A ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys 21:30:13.0571 0x17a0 avgntflt - ok 21:30:13.0601 0x17a0 [ 043E5F34C3878C844568658B79B3E55C, D13D8FC5205562E02F252C0EE1AB2236C9212445D6EC3715041EBDF993CB467F ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys 21:30:13.0612 0x17a0 avipbb - ok 21:30:13.0697 0x17a0 [ 6C4B9A2FF6924405E9ABFB558049D4DD, 9AB314B9ECF41832589726556A93CEAAE2AE774B1738A46A027E833B73A72118 ] Avira.ServiceHost C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe 21:30:13.0788 0x17a0 Avira.ServiceHost - ok 21:30:13.0788 0x17a0 Object required for P2P: [ 6C4B9A2FF6924405E9ABFB558049D4DD ] Avira.ServiceHost 21:30:16.0287 0x17a0 Object send P2P result: true 21:30:16.0349 0x17a0 [ 390184FAD8FCC1B6DA25AEBAE928C3B6, 537B0E0FAE080B55D70E990BBA0F7F22903CA340F6A42039BAD617A8ECF59119 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys 21:30:16.0365 0x17a0 avkmgr - ok 21:30:16.0380 0x17a0 [ 080860E03F0219AF0A0377A02292741F, F0A151509BFEBFE639CC15388847EB2EDA298CFAE0AC4A1358A1472F42320249 ] avnetflt C:\Windows\system32\DRIVERS\avnetflt.sys 21:30:16.0396 0x17a0 avnetflt - ok 21:30:16.0427 0x17a0 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll 21:30:16.0443 0x17a0 AxInstSV - ok 21:30:16.0458 0x17a0 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys 21:30:16.0490 0x17a0 b06bdrv - ok 21:30:16.0521 0x17a0 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 21:30:16.0536 0x17a0 b57nd60a - ok 21:30:16.0583 0x17a0 [ 4BEFF67C1775D353A16A62347E727874, 62363C5E5F4BF049A3E49FADA8CB17269945056ACADB319FDC4F05B74E2553C8 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BBSvc.exe 21:30:16.0614 0x17a0 BBSvc - ok 21:30:16.0646 0x17a0 [ A6DAAD3EA93DBDBD07FA821BCED133F6, 8F33D4E4B82091D09E62FD5487C88F3DF0DAC31FCBB846183CC4020533A131DE ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.exe 21:30:16.0661 0x17a0 BBUpdate - ok 21:30:16.0677 0x17a0 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll 21:30:16.0692 0x17a0 BDESVC - ok 21:30:16.0692 0x17a0 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys 21:30:16.0739 0x17a0 Beep - ok 21:30:16.0755 0x17a0 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll 21:30:16.0786 0x17a0 BFE - ok 21:30:16.0817 0x17a0 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll 21:30:16.0864 0x17a0 BITS - ok 21:30:16.0864 0x17a0 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 21:30:16.0880 0x17a0 blbdrive - ok 21:30:16.0942 0x17a0 [ E7429ECD0C47CC065EEACF7E9D0E6341, 10D8231E14C908A0949108EB5F84E17BA10ABFC370D0C5F65945B23879AB12BF ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe 21:30:16.0973 0x17a0 Bluetooth Device Monitor - ok 21:30:17.0020 0x17a0 [ 0F432B34D80351EFC5E35F14D9798CFD, 591D913E069C1C69212A7742D7182E24E669FE7B50680D8D337F32CF9F72B163 ] Bluetooth Media Service C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe 21:30:17.0051 0x17a0 Bluetooth Media Service - ok 21:30:17.0098 0x17a0 [ 96924B1D3060B0C0FFD77D01CB234D9F, 2A02EEC4092646A0BD26B8E8BA8B75F82EB6F46003C56C9A838E412006457DD2 ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe 21:30:17.0129 0x17a0 Bluetooth OBEX Service - ok 21:30:17.0160 0x17a0 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 21:30:17.0192 0x17a0 bowser - ok 21:30:17.0192 0x17a0 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys 21:30:17.0207 0x17a0 BrFiltLo - ok 21:30:17.0207 0x17a0 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys 21:30:17.0223 0x17a0 BrFiltUp - ok 21:30:17.0238 0x17a0 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll 21:30:17.0254 0x17a0 Browser - ok 21:30:17.0270 0x17a0 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys 21:30:17.0285 0x17a0 Brserid - ok 21:30:17.0285 0x17a0 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 21:30:17.0301 0x17a0 BrSerWdm - ok 21:30:17.0301 0x17a0 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 21:30:17.0316 0x17a0 BrUsbMdm - ok 21:30:17.0316 0x17a0 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 21:30:17.0316 0x17a0 BrUsbSer - ok 21:30:17.0348 0x17a0 [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys 21:30:17.0363 0x17a0 BthEnum - ok 21:30:17.0363 0x17a0 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 21:30:17.0379 0x17a0 BTHMODEM - ok 21:30:17.0394 0x17a0 [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys 21:30:17.0410 0x17a0 BthPan - ok 21:30:17.0441 0x17a0 [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys 21:30:17.0457 0x17a0 BTHPORT - ok 21:30:17.0457 0x17a0 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll 21:30:17.0488 0x17a0 bthserv - ok 21:30:17.0504 0x17a0 [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys 21:30:17.0519 0x17a0 BTHUSB - ok 21:30:17.0535 0x17a0 [ 5B8D71504FA8BFA308F6E1169B89D322, 1DC0CF47C5F655EA0F0992020C17A86D05637F55ACBB17380283EBB883A4D14D ] btmaux C:\Windows\system32\DRIVERS\btmaux.sys 21:30:17.0550 0x17a0 btmaux - ok 21:30:17.0582 0x17a0 [ D66F3A4F11E42142722DCF9DC5A451D6, 6576421E24ABB4F0A7B5EFB5CF6F9C6F510AFDD0087415D57A5ABBB0866B3E39 ] btmhsf C:\Windows\system32\DRIVERS\btmhsf.sys 21:30:17.0628 0x17a0 btmhsf - ok 21:30:17.0628 0x17a0 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 21:30:17.0660 0x17a0 cdfs - ok 21:30:17.0660 0x17a0 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 21:30:17.0675 0x17a0 cdrom - ok 21:30:17.0691 0x17a0 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll 21:30:17.0722 0x17a0 CertPropSvc - ok 21:30:17.0722 0x17a0 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\drivers\circlass.sys 21:30:17.0738 0x17a0 circlass - ok 21:30:17.0769 0x17a0 [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS C:\Windows\system32\CLFS.sys 21:30:17.0784 0x17a0 CLFS - ok 21:30:18.0018 0x17a0 [ 2CE5D5AEE7EC90FE0CF8A8FBBB1B1A6C, E93E8362FB1D173D8F15C753190CF41474C183A667AF90378389563A70D93864 ] ClickToRunSvc C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 21:30:18.0081 0x17a0 ClickToRunSvc - ok 21:30:18.0143 0x17a0 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 21:30:18.0159 0x17a0 clr_optimization_v2.0.50727_32 - ok 21:30:18.0190 0x17a0 [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 21:30:18.0206 0x17a0 clr_optimization_v2.0.50727_64 - ok 21:30:18.0252 0x17a0 [ 6D7C8A951AF6AD6835C029B3CB88D333, 66F3D79887B2449B4C6912D1A258D1A96056888F51A8AA24FEDF37942AD5BDBB ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 21:30:18.0284 0x17a0 clr_optimization_v4.0.30319_32 - ok 21:30:18.0299 0x17a0 [ 86329C35FF23CFEF0FB6C0023BA06BCE, D915CE7AD564F97A1C3B047D5248B7EF67ADDC59687FBC90F1776C21DAA0D3FD ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 21:30:18.0330 0x17a0 clr_optimization_v4.0.30319_64 - ok 21:30:18.0330 0x17a0 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 21:30:18.0346 0x17a0 CmBatt - ok 21:30:18.0346 0x17a0 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys 21:30:18.0362 0x17a0 cmdide - ok 21:30:18.0377 0x17a0 [ EC0511BB85BAA42A9734011685A6732C, 10B52F0860CCB3AA0FC34DDA5C5538BFCF7B6D40738B7756297237FD2D9E01C1 ] CNG C:\Windows\system32\Drivers\cng.sys 21:30:18.0408 0x17a0 CNG - ok 21:30:18.0455 0x17a0 [ CE6D6C023F23F968ABF03892972A9DCF, EBF415F15A30ED76C1D416D3D7E2D0558273DF08A134BFEF108BBE2410803ECC ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys 21:30:18.0502 0x17a0 CnxtHdAudService - ok 21:30:18.0502 0x17a0 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\drivers\compbatt.sys 21:30:18.0518 0x17a0 Compbatt - ok 21:30:18.0533 0x17a0 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys 21:30:18.0533 0x17a0 CompositeBus - ok 21:30:18.0549 0x17a0 COMSysApp - ok 21:30:18.0596 0x17a0 [ 76FE8C1490B70250921EC88D833742D0, 19625C894E457300641456F5BE0AEB8A7AE96661B5DE49EE772E2621FAAB92AA ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe 21:30:18.0611 0x17a0 cphs - ok 21:30:18.0611 0x17a0 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 21:30:18.0627 0x17a0 crcdisk - ok 21:30:18.0642 0x17a0 [ 1CD76A83B9E8E9A5A3519B39E28354D9, F9931743B99820FFBFB13136DFFD92F86802D543F9D8478648CDC554FB38899D ] CryptSvc C:\Windows\system32\cryptsvc.dll 21:30:18.0658 0x17a0 CryptSvc - ok 21:30:18.0689 0x17a0 [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC C:\Windows\system32\drivers\csc.sys 21:30:18.0720 0x17a0 CSC - ok 21:30:18.0736 0x17a0 [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService C:\Windows\System32\cscsvc.dll 21:30:18.0752 0x17a0 CscService - ok 21:30:18.0783 0x17a0 [ 426B2624A1669D233BAB6C4AC5E9432E, C03746D04094FAEA0650032447667055E7C7D1094581D4C1EB414D22A164CA99 ] CxAudMsg C:\Windows\system32\CxAudMsg64.exe 21:30:18.0798 0x17a0 CxAudMsg - ok 21:30:18.0830 0x17a0 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll 21:30:18.0861 0x17a0 DcomLaunch - ok 21:30:19.0001 0x17a0 [ CC8B5C964B777F4EC3E89F13B4B5FF0F, 75E161265CCFFCB61FCE855C9790E2E06531E6B1C3DCCB1E3018466D03AD3919 ] DCService.exe C:\ProgramData\DatacardService\DCService.exe 21:30:19.0017 0x17a0 DCService.exe - detected UnsignedFile.Multi.Generic ( 1 ) 21:30:19.0017 0x17a0 Detect skipped due to KSN trusted 21:30:19.0017 0x17a0 DCService.exe - ok 21:30:19.0048 0x17a0 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll 21:30:19.0095 0x17a0 defragsvc - ok 21:30:19.0095 0x17a0 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys 21:30:19.0126 0x17a0 DfsC - ok 21:30:19.0142 0x17a0 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll 21:30:19.0173 0x17a0 Dhcp - ok 21:30:19.0173 0x17a0 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys 21:30:19.0204 0x17a0 discache - ok 21:30:19.0204 0x17a0 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\drivers\disk.sys 21:30:19.0220 0x17a0 Disk - ok 21:30:19.0516 0x17a0 [ 260169AFE0247D3817DDD7EC6C6AD0BC, 2C0FB869A23AC18B7874899C5599691464C158E1881AD5EEEE95D6D0B182C9CF ] DisplayLinkService C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe 21:30:19.0734 0x17a0 DisplayLinkService - ok 21:30:19.0812 0x17a0 [ 5DB085A8A6600BE6401F2B24EECB5415, 5FC5C7C1B4DB7BF6EFD0992E91DB41FD047E90D1ABA0B8F868CB72557F88FB13 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys 21:30:19.0844 0x17a0 dmvsc - ok 21:30:19.0859 0x17a0 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll 21:30:19.0875 0x17a0 Dnscache - ok 21:30:19.0875 0x17a0 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll 21:30:19.0906 0x17a0 dot3svc - ok 21:30:19.0922 0x17a0 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll 21:30:19.0953 0x17a0 DPS - ok 21:30:19.0953 0x17a0 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 21:30:19.0968 0x17a0 drmkaud - ok 21:30:20.0015 0x17a0 [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 21:30:20.0031 0x17a0 DXGKrnl - ok 21:30:20.0046 0x17a0 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll 21:30:20.0078 0x17a0 EapHost - ok 21:30:20.0187 0x17a0 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\drivers\evbda.sys 21:30:20.0265 0x17a0 ebdrv - ok 21:30:20.0280 0x17a0 [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] EFS C:\Windows\System32\lsass.exe 21:30:20.0296 0x17a0 EFS - ok 21:30:20.0358 0x17a0 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 21:30:20.0374 0x17a0 ehRecvr - ok 21:30:20.0374 0x17a0 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe 21:30:20.0390 0x17a0 ehSched - ok 21:30:20.0421 0x17a0 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\drivers\elxstor.sys 21:30:20.0436 0x17a0 elxstor - ok 21:30:20.0436 0x17a0 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys 21:30:20.0452 0x17a0 ErrDev - ok 21:30:20.0468 0x17a0 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll 21:30:20.0499 0x17a0 EventSystem - ok 21:30:20.0608 0x17a0 [ 7876CB89775B67347797E04775B2FAF9, F62D2778F7399B04E3A0DDE2E87428AB92D9FA63FBDF943709BC38A94F0015E6 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe 21:30:20.0639 0x17a0 EvtEng - ok 21:30:20.0670 0x17a0 [ 23B79B19F49A037EBA4A9A3BB03ED91D, 2E0918B20188CBFAC0E64A5B36739DF4638A343553908888DFDD708743370F3F ] ewusbnet C:\Windows\system32\DRIVERS\ewusbnet.sys 21:30:20.0702 0x17a0 ewusbnet - ok 21:30:20.0717 0x17a0 [ E2CBB821C7CAE0EF8B56DE28ED85C740, 4AB358FEBC7B57774B2DD54705FAD3F5E0308F1E1FECBED73231DCEF11CF7D3B ] ew_hwusbdev C:\Windows\system32\DRIVERS\ew_hwusbdev.sys 21:30:20.0733 0x17a0 ew_hwusbdev - ok 21:30:20.0748 0x17a0 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys 21:30:20.0780 0x17a0 exfat - ok 21:30:20.0795 0x17a0 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys 21:30:20.0826 0x17a0 fastfat - ok 21:30:20.0858 0x17a0 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe 21:30:20.0889 0x17a0 Fax - ok 21:30:20.0889 0x17a0 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\drivers\fdc.sys 21:30:20.0904 0x17a0 fdc - ok 21:30:20.0920 0x17a0 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll 21:30:20.0951 0x17a0 fdPHost - ok 21:30:20.0951 0x17a0 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll 21:30:20.0982 0x17a0 FDResPub - ok 21:30:20.0982 0x17a0 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 21:30:20.0998 0x17a0 FileInfo - ok 21:30:20.0998 0x17a0 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 21:30:21.0029 0x17a0 Filetrace - ok 21:30:21.0029 0x17a0 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys 21:30:21.0045 0x17a0 flpydisk - ok 21:30:21.0045 0x17a0 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 21:30:21.0060 0x17a0 FltMgr - ok 21:30:21.0138 0x17a0 [ D5A775990A7C202A037378FDBCDB6141, 27AD242914FAFB7A27B3045C0F0F6AFE6873FE331A51D8BB29A63B5D84C72EFB ] FontCache C:\Windows\system32\FntCache.dll 21:30:21.0170 0x17a0 FontCache - ok 21:30:21.0201 0x17a0 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 21:30:21.0201 0x17a0 FontCache3.0.0.0 - ok 21:30:21.0216 0x17a0 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 21:30:21.0216 0x17a0 FsDepends - ok 21:30:21.0216 0x17a0 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 21:30:21.0232 0x17a0 Fs_Rec - ok 21:30:21.0248 0x17a0 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 21:30:21.0248 0x17a0 fvevol - ok 21:30:21.0263 0x17a0 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 21:30:21.0263 0x17a0 gagp30kx - ok 21:30:21.0294 0x17a0 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll 21:30:21.0341 0x17a0 gpsvc - ok 21:30:21.0357 0x17a0 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 21:30:21.0357 0x17a0 hcw85cir - ok 21:30:21.0372 0x17a0 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 21:30:21.0388 0x17a0 HdAudAddService - ok 21:30:21.0419 0x17a0 [ 12DED0995AE2BA68EBBE70E14A76EE02, 54A658F4E8D6D98594BE43289083AD4267EB6B3F99D789A75719DBCA5188E87F ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 21:30:21.0435 0x17a0 HDAudBus - ok 21:30:21.0435 0x17a0 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys 21:30:21.0450 0x17a0 HidBatt - ok 21:30:21.0450 0x17a0 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\drivers\hidbth.sys 21:30:21.0466 0x17a0 HidBth - ok 21:30:21.0482 0x17a0 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\drivers\hidir.sys 21:30:21.0482 0x17a0 HidIr - ok 21:30:21.0497 0x17a0 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll 21:30:21.0528 0x17a0 hidserv - ok 21:30:21.0544 0x17a0 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 21:30:21.0560 0x17a0 HidUsb - ok 21:30:21.0560 0x17a0 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll 21:30:21.0591 0x17a0 hkmsvc - ok 21:30:21.0606 0x17a0 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll 21:30:21.0622 0x17a0 HomeGroupListener - ok 21:30:21.0653 0x17a0 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 21:30:21.0669 0x17a0 HomeGroupProvider - ok 21:30:21.0669 0x17a0 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 21:30:21.0684 0x17a0 HpSAMD - ok 21:30:21.0716 0x17a0 [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP C:\Windows\system32\drivers\HTTP.sys 21:30:21.0747 0x17a0 HTTP - ok 21:30:21.0762 0x17a0 [ 08B1A06A55F068A17A51BA26618CF50F, 8ADFC9D3003208A9B3BE12DCD1418A13C4D19E13E00EFEE556EF87B70F49B2E6 ] huawei_enumerator C:\Windows\system32\DRIVERS\ew_jubusenum.sys 21:30:21.0778 0x17a0 huawei_enumerator - ok 21:30:21.0809 0x17a0 [ 6E5CD3984742A922D0C183C7E82C3C94, EE350C8736F0AC6751E18694E1F1142477112C8C2D83347C1EE9483BEC0DA117 ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys 21:30:21.0825 0x17a0 hwdatacard - ok 21:30:21.0825 0x17a0 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 21:30:21.0840 0x17a0 hwpolicy - ok 21:30:21.0840 0x17a0 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 21:30:21.0856 0x17a0 i8042prt - ok 21:30:21.0903 0x17a0 [ 57CD95DEB3529181BCC931DD2DFB2341, 03ACF906E4C3CF954F503900F42C7A60FCD5624772B90A956F032484146E42B7 ] iaStorA C:\Windows\system32\DRIVERS\iaStorA.sys 21:30:21.0918 0x17a0 iaStorA - ok 21:30:21.0934 0x17a0 [ CE5CD8CBE940965867D507AB8EA2795A, 1CC2C23A1436E4C911DD3B942D8F6DABB7249AB04426F9AB6B6045034226DD25 ] iaStorF C:\Windows\system32\DRIVERS\iaStorF.sys 21:30:21.0950 0x17a0 iaStorF - ok 21:30:21.0965 0x17a0 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 21:30:21.0981 0x17a0 iaStorV - ok 21:30:21.0996 0x17a0 [ B005844661028E11480D724A709CC298, DC738AA0246581814915160BA824C2DB9009E6CFCCDB6A268F08C8D13F52BEB0 ] IBMPMDRV C:\Windows\system32\DRIVERS\ibmpmdrv.sys 21:30:21.0996 0x17a0 IBMPMDRV - ok 21:30:22.0012 0x17a0 [ ED802CE6B36E280401197F593634C1DD, 620F2D5F40B8E61DE606FC1B1B1DCDD12BE7431E065F9CB776FDCFF915B1D243 ] IBMPMSVC C:\Windows\system32\ibmpmsvc.exe 21:30:22.0028 0x17a0 IBMPMSVC - ok 21:30:22.0043 0x17a0 [ 617EEDD27FB557C9D95D68096564C930, 59AA6F9884C9B504D5B524B6EFF8148669251085FAF12AE3634F0C753850CDC3 ] ibtusb C:\Windows\system32\DRIVERS\ibtusb.sys 21:30:22.0059 0x17a0 ibtusb - ok 21:30:22.0106 0x17a0 [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 21:30:22.0137 0x17a0 idsvc - ok 21:30:22.0137 0x17a0 IEEtwCollectorService - ok 21:30:22.0324 0x17a0 [ AEF200DC087141A5F66A6B006D2F0FD4, A38A0684637D9FE58271D91B93184A72414948E35145D19246BF6FBC60E28B3C ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys 21:30:22.0433 0x17a0 igfx - ok 21:30:22.0449 0x17a0 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\drivers\iirsp.sys 21:30:22.0464 0x17a0 iirsp - ok 21:30:22.0496 0x17a0 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll 21:30:22.0527 0x17a0 IKEEXT - ok 21:30:22.0542 0x17a0 [ 314285071F7117263BD246E35C17FD82, 12E135DAB9D717D697026800C97FB58A64C0C37ACE715C2805A411A5384CB55A ] intaud_WaveExtensible C:\Windows\system32\drivers\intelaud.sys 21:30:22.0558 0x17a0 intaud_WaveExtensible - ok 21:30:22.0589 0x17a0 [ EEE7376243CD8A4B49B885EF122D25E5, A3B89E7B513C95558C4DA41D3C136D464381263BA43E00EC136FC776DAA0BA94 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys 21:30:22.0605 0x17a0 IntcDAud - ok 21:30:22.0667 0x17a0 [ DDA8E5AD97231AB50B81FED04C28F64C, 5C9E8F7CC45A9AE7FF12A02641562E271D84894DFA7C50218AC2AAA298251B60 ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe 21:30:22.0683 0x17a0 Intel(R) Capability Licensing Service Interface - detected UnsignedFile.Multi.Generic ( 1 ) 21:30:22.0683 0x17a0 Detect skipped due to KSN trusted 21:30:22.0683 0x17a0 Intel(R) Capability Licensing Service Interface - ok 21:30:22.0698 0x17a0 [ 86FE509640D77FB0998FC8B1FF5523C6, 13E895DEB9B84379251699D7E52C5E3FD888994425DE01B6C4634F9E959D5584 ] Intel(R) Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe 21:30:22.0730 0x17a0 Intel(R) Capability Licensing Service TCP IP Interface - ok 21:30:22.0730 0x17a0 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys 21:30:22.0745 0x17a0 intelide - ok 21:30:22.0745 0x17a0 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 21:30:22.0761 0x17a0 intelppm - ok 21:30:22.0776 0x17a0 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll 21:30:22.0808 0x17a0 IPBusEnum - ok 21:30:22.0823 0x17a0 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 21:30:22.0839 0x17a0 IpFilterDriver - ok 21:30:22.0870 0x17a0 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 21:30:22.0886 0x17a0 iphlpsvc - ok 21:30:22.0901 0x17a0 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 21:30:22.0901 0x17a0 IPMIDRV - ok 21:30:22.0917 0x17a0 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys 21:30:22.0948 0x17a0 IPNAT - ok 21:30:22.0948 0x17a0 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys 21:30:22.0964 0x17a0 IRENUM - ok 21:30:22.0964 0x17a0 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys 21:30:22.0964 0x17a0 isapnp - ok 21:30:22.0995 0x17a0 [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 21:30:23.0010 0x17a0 iScsiPrt - ok 21:30:23.0026 0x17a0 [ 72B203A1F805C07E920E537414A0EA5F, 7EFB2A397034FF3D451D1763865E8AA330D8D4656E7C6F8CDA6489868023C36E ] iusb3hcs C:\Windows\system32\DRIVERS\iusb3hcs.sys 21:30:23.0042 0x17a0 iusb3hcs - ok 21:30:23.0057 0x17a0 [ 474BFFCF3214208C5FD440217D34FE6E, 181E4A091B24E8FBB9C1072E1FD2BABB1B0AD68D1112563A70A791FA3546D4CE ] iusb3hub C:\Windows\system32\DRIVERS\iusb3hub.sys 21:30:23.0073 0x17a0 iusb3hub - ok 21:30:23.0120 0x17a0 [ 842A11F2020CD94A0120E61F902E3664, 464EDED37258A22AC38C007524E34ED1A795E5607FF8BD322455A8F76CB4BDCE ] iusb3xhc C:\Windows\system32\DRIVERS\iusb3xhc.sys 21:30:23.0135 0x17a0 iusb3xhc - ok 21:30:23.0151 0x17a0 [ 4487AD9C070D3973FE28AB4406555FC6, 77D8DE3036613618D44D7E5E47C9C754B8F0FF294D9DD778C92A7AFDA8F778FC ] iwdbus C:\Windows\system32\DRIVERS\iwdbus.sys 21:30:23.0166 0x17a0 iwdbus - ok 21:30:23.0229 0x17a0 [ 9BFDEFD51800A2D47D43919653F4BEF4, C7221D9F82F7F04343EDA6FE41A4EC4C97F6DC4170780AA3983C8735369A5026 ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe 21:30:23.0244 0x17a0 jhi_service - ok 21:30:23.0260 0x17a0 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 21:30:23.0276 0x17a0 kbdclass - ok 21:30:23.0276 0x17a0 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys 21:30:23.0291 0x17a0 kbdhid - ok 21:30:23.0291 0x17a0 [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] KeyIso C:\Windows\system32\lsass.exe 21:30:23.0307 0x17a0 KeyIso - ok 21:30:23.0338 0x17a0 [ BCC83F22805F560C8A487F2F296A78FE, B6729B9D85CC3B9377E3143FEF920EFAA82D152845A43074417E9266C9F5C1A8 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 21:30:23.0338 0x17a0 KSecDD - ok 21:30:23.0354 0x17a0 [ 33D52A96BEEE8AFCE9E07EEC9FE0C9DB, 5367B46A43296792A0E6294906D40511079D5CAA23F08D5A7EDE02C06AD34484 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 21:30:23.0369 0x17a0 KSecPkg - ok 21:30:23.0369 0x17a0 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 21:30:23.0400 0x17a0 ksthunk - ok 21:30:23.0432 0x17a0 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll 21:30:23.0463 0x17a0 KtmRm - ok 21:30:23.0494 0x17a0 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll 21:30:23.0525 0x17a0 LanmanServer - ok 21:30:23.0541 0x17a0 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 21:30:23.0572 0x17a0 LanmanWorkstation - ok 21:30:23.0603 0x17a0 [ D253E6009F05776F505F96866CCF460F, 8A39E77B4FC780BB9C6C8A892603248D87ED70255BF9BED0218BE2420B5E8C53 ] Lenovo.VIRTSCRLSVC C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe 21:30:23.0603 0x17a0 Lenovo.VIRTSCRLSVC - ok 21:30:23.0619 0x17a0 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 21:30:23.0650 0x17a0 lltdio - ok 21:30:23.0666 0x17a0 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll 21:30:23.0712 0x17a0 lltdsvc - ok 21:30:23.0712 0x17a0 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll 21:30:23.0744 0x17a0 lmhosts - ok 21:30:23.0775 0x17a0 [ 9FE032AD8751C5DDCF01DE26C1EE84BC, FAE072D7FCAED0987EA7D822238521A7CF96662F8EFD154515EA2A6C5B4E64F5 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe 21:30:23.0806 0x17a0 LMS - ok 21:30:23.0884 0x17a0 [ CE87E8E09273791172F7A1C60B225648, 03AB8A69C5A58FD3BCFF9E36FF83338B6866D82E4E550CD7CED686C4CC096DC1 ] LSCWinService C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe 21:30:23.0931 0x17a0 LSCWinService - ok 21:30:23.0931 0x17a0 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 21:30:23.0946 0x17a0 LSI_FC - ok 21:30:23.0962 0x17a0 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 21:30:23.0962 0x17a0 LSI_SAS - ok 21:30:23.0978 0x17a0 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys 21:30:23.0978 0x17a0 LSI_SAS2 - ok 21:30:23.0993 0x17a0 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 21:30:23.0993 0x17a0 LSI_SCSI - ok 21:30:24.0024 0x17a0 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys 21:30:24.0056 0x17a0 luafv - ok 21:30:24.0134 0x17a0 [ CFBC6C6D8A492697CABD1D353EE64933, DDAA844908324740C891EB8F08E2A8BB00457063B31C4A762745C1C2415FC12D ] MBAMProtector C:\Windows\system32\drivers\mbam.sys 21:30:24.0149 0x17a0 MBAMProtector - ok 21:30:24.0258 0x17a0 [ AB176B9E59C0435499D83047D84EDD59, 85B826A3972CE9AD885313B69B9C60328B850257667D0EB65DDE890D0BB06361 ] MBAMScheduler C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe 21:30:24.0290 0x17a0 MBAMScheduler - ok 21:30:24.0336 0x17a0 [ 40C126CB15FAB7D6C66490DCA9C1AED2, B32CEE2D2409232C245427D5E9647FDF59AF1D8AB5E8A98EE2D1F1314599FD14 ] MBAMService C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe 21:30:24.0368 0x17a0 MBAMService - ok 21:30:24.0383 0x17a0 [ 78488AF2AB2111D67B3C4044707A519B, 7AA71B9C4C7949A1A21F60EF7CCEDE0079794990696B60557B5DC86F4D47223A ] MBAMSwissArmy C:\Windows\system32\drivers\MBAMSwissArmy.sys 21:30:24.0399 0x17a0 MBAMSwissArmy - ok 21:30:24.0414 0x17a0 [ D61070CFAD43038DC56AEAD9BFE9CE2A, BD77AEF60E7FD2015CB14A464799304359547146C14A47F8D25274ACFA2E42D5 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys 21:30:24.0430 0x17a0 MBAMWebAccessControl - ok 21:30:24.0461 0x17a0 [ 1704A8189EE5580AB147CFD25C5C8770, DFA076FD36B5CC844D4BE3B865E9A1F809E14CCB1D78D82A2D8D8EE38210E6EB ] McComponentHostService C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe 21:30:24.0477 0x17a0 McComponentHostService - ok 21:30:24.0492 0x17a0 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 21:30:24.0508 0x17a0 Mcx2Svc - ok 21:30:24.0508 0x17a0 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\drivers\megasas.sys 21:30:24.0508 0x17a0 megasas - ok 21:30:24.0524 0x17a0 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys 21:30:24.0539 0x17a0 MegaSR - ok 21:30:24.0555 0x17a0 [ 2BB3EAE2EA641515D4B205CAB29E1624, D3F18EE393EB1B0F919484281269A3C55A092D023E62C59D74CB63A55612024B ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys 21:30:24.0570 0x17a0 MEIx64 - ok 21:30:24.0586 0x17a0 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll 21:30:24.0617 0x17a0 MMCSS - ok 21:30:24.0617 0x17a0 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys 21:30:24.0648 0x17a0 Modem - ok 21:30:24.0664 0x17a0 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 21:30:24.0680 0x17a0 monitor - ok 21:30:24.0695 0x17a0 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 21:30:24.0695 0x17a0 mouclass - ok 21:30:24.0711 0x17a0 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 21:30:24.0711 0x17a0 mouhid - ok 21:30:24.0742 0x17a0 [ 67050452C0118BAF2883928E6FCCFE47, 335FC0AEB7B47DCC7CE0CF3F424EB60ACB1327D2FF6515F04D9AC03A10FF1E31 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 21:30:24.0742 0x17a0 mountmgr - ok 21:30:24.0758 0x17a0 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys 21:30:24.0773 0x17a0 mpio - ok 21:30:24.0773 0x17a0 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 21:30:24.0804 0x17a0 mpsdrv - ok 21:30:24.0851 0x17a0 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll 21:30:24.0898 0x17a0 MpsSvc - ok 21:30:24.0914 0x17a0 [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 21:30:24.0945 0x17a0 MRxDAV - ok 21:30:24.0976 0x17a0 [ 73ADDCC406B86E7DA4416691E8E74BDA, 4EC970B9095E6DAA79BF7EFB92DF3F2C0AB0C46739AA36C171A262E05B63CBB5 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 21:30:24.0992 0x17a0 mrxsmb - ok 21:30:25.0023 0x17a0 [ 7C81098FBAF2EAF5B54B939F832B0F61, 999435DF4638ECB136D5BF1B84305A84B215BAB542E4D5301E57D28D507E11B3 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 21:30:25.0038 0x17a0 mrxsmb10 - ok 21:30:25.0054 0x17a0 [ ACB763673BCCE6C7B3B8F858C9FE4F1F, CCD49558F8A01A225AEAE60BF299BCA6E9399E39F4F553FABC36CADB164BBBC0 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 21:30:25.0070 0x17a0 mrxsmb20 - ok 21:30:25.0070 0x17a0 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys 21:30:25.0085 0x17a0 msahci - ok 21:30:25.0101 0x17a0 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys 21:30:25.0101 0x17a0 msdsm - ok 21:30:25.0116 0x17a0 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe 21:30:25.0132 0x17a0 MSDTC - ok 21:30:25.0132 0x17a0 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys 21:30:25.0179 0x17a0 Msfs - ok 21:30:25.0179 0x17a0 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 21:30:25.0210 0x17a0 mshidkmdf - ok 21:30:25.0210 0x17a0 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 21:30:25.0226 0x17a0 msisadrv - ok 21:30:25.0257 0x17a0 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 21:30:25.0288 0x17a0 MSiSCSI - ok 21:30:25.0288 0x17a0 msiserver - ok 21:30:25.0288 0x17a0 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 21:30:25.0319 0x17a0 MSKSSRV - ok 21:30:25.0335 0x17a0 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 21:30:25.0350 0x17a0 MSPCLOCK - ok 21:30:25.0366 0x17a0 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 21:30:25.0382 0x17a0 MSPQM - ok 21:30:25.0397 0x17a0 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 21:30:25.0413 0x17a0 MsRPC - ok 21:30:25.0413 0x17a0 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 21:30:25.0428 0x17a0 mssmbios - ok 21:30:25.0428 0x17a0 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 21:30:25.0460 0x17a0 MSTEE - ok 21:30:25.0460 0x17a0 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys 21:30:25.0475 0x17a0 MTConfig - ok 21:30:25.0475 0x17a0 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys 21:30:25.0491 0x17a0 Mup - ok 21:30:25.0506 0x17a0 [ 35739E6A0C67147A9B75226946CDC903, C9DE77D6812C778F601F52E87ECDD228E52EA691AB9CEAD388998A7B5AFC3B89 ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe 21:30:25.0522 0x17a0 MyWiFiDHCPDNS - ok 21:30:25.0538 0x17a0 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll 21:30:25.0584 0x17a0 napagent - ok 21:30:25.0600 0x17a0 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 21:30:25.0616 0x17a0 NativeWifiP - ok 21:30:25.0662 0x17a0 [ F7309F42555F8AAB7144A51A1F2585B0, 065277A8AFAEE3888C997A76D2F751070F92DF4C3354D16B194860B4BDAFF937 ] NDIS C:\Windows\system32\drivers\ndis.sys 21:30:25.0694 0x17a0 NDIS - ok 21:30:25.0694 0x17a0 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 21:30:25.0725 0x17a0 NdisCap - ok 21:30:25.0725 0x17a0 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 21:30:25.0756 0x17a0 NdisTapi - ok 21:30:25.0772 0x17a0 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 21:30:25.0787 0x17a0 Ndisuio - ok 21:30:25.0803 0x17a0 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 21:30:25.0834 0x17a0 NdisWan - ok 21:30:25.0834 0x17a0 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 21:30:25.0865 0x17a0 NDProxy - ok 21:30:25.0865 0x17a0 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 21:30:25.0896 0x17a0 NetBIOS - ok 21:30:25.0912 0x17a0 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 21:30:25.0943 0x17a0 NetBT - ok 21:30:25.0943 0x17a0 [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] Netlogon C:\Windows\system32\lsass.exe 21:30:25.0959 0x17a0 Netlogon - ok 21:30:25.0974 0x17a0 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll 21:30:26.0006 0x17a0 Netman - ok 21:30:26.0052 0x17a0 [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 21:30:26.0084 0x17a0 NetMsmqActivator - ok 21:30:26.0099 0x17a0 [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 21:30:26.0130 0x17a0 NetPipeActivator - ok 21:30:26.0162 0x17a0 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll 21:30:26.0208 0x17a0 netprofm - ok 21:30:26.0208 0x17a0 [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 21:30:26.0224 0x17a0 NetTcpActivator - ok 21:30:26.0224 0x17a0 [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 21:30:26.0240 0x17a0 NetTcpPortSharing - ok 21:30:26.0333 0x17a0 [ C873B801A7D628474313B2887D051607, 894877BAB599F52FB606B240D53FEB84CC4A6BAD8A45CB1983231CD2AE0C7A79 ] NETwNs64 C:\Windows\system32\DRIVERS\Netwsw02.sys 21:30:26.0411 0x17a0 NETwNs64 - ok 21:30:26.0411 0x17a0 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 21:30:26.0427 0x17a0 nfrd960 - ok 21:30:26.0458 0x17a0 [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc C:\Windows\System32\nlasvc.dll 21:30:26.0489 0x17a0 NlaSvc - ok 21:30:26.0489 0x17a0 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys 21:30:26.0536 0x17a0 Npfs - ok 21:30:26.0536 0x17a0 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll 21:30:26.0567 0x17a0 nsi - ok 21:30:26.0583 0x17a0 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 21:30:26.0614 0x17a0 nsiproxy - ok 21:30:26.0661 0x17a0 [ B98F8C6E31CD07B2E6F71F7F648E38C0, 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 21:30:26.0708 0x17a0 Ntfs - ok 21:30:26.0708 0x17a0 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys 21:30:26.0754 0x17a0 Null - ok 21:30:26.0754 0x17a0 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys 21:30:26.0770 0x17a0 nvraid - ok 21:30:26.0770 0x17a0 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys 21:30:26.0786 0x17a0 nvstor - ok 21:30:26.0801 0x17a0 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 21:30:26.0801 0x17a0 nv_agp - ok 21:30:26.0817 0x17a0 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 21:30:26.0817 0x17a0 ohci1394 - ok 21:30:26.0879 0x17a0 [ 1B9E7338761DAE4839ED87D7A248F817, 03AF40570DD8F8326EAF2A18227280DF0CEFFF1E12966E2829839C4B1E7F700E ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 21:30:26.0926 0x17a0 ose - ok 21:30:27.0129 0x17a0 [ FE9C0029E1AF26350D9985D00520E5C8, 967079CCF7B2CBD4B48C9F076675C26AF93A1CEC26C96811F279414E34004EE6 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 21:30:27.0238 0x17a0 osppsvc - ok 21:30:27.0285 0x17a0 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 21:30:27.0316 0x17a0 p2pimsvc - ok 21:30:27.0347 0x17a0 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll 21:30:27.0363 0x17a0 p2psvc - ok 21:30:27.0378 0x17a0 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\drivers\parport.sys 21:30:27.0394 0x17a0 Parport - ok 21:30:27.0394 0x17a0 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys 21:30:27.0394 0x17a0 partmgr - ok 21:30:27.0472 0x17a0 [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc C:\Windows\System32\pcasvc.dll 21:30:27.0503 0x17a0 PcaSvc - ok 21:30:27.0519 0x17a0 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys 21:30:27.0534 0x17a0 pci - ok 21:30:27.0534 0x17a0 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys 21:30:27.0534 0x17a0 pciide - ok 21:30:27.0550 0x17a0 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 21:30:27.0566 0x17a0 pcmcia - ok 21:30:27.0566 0x17a0 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys 21:30:27.0581 0x17a0 pcw - ok 21:30:27.0612 0x17a0 [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH C:\Windows\system32\drivers\peauth.sys 21:30:27.0628 0x17a0 PEAUTH - ok 21:30:27.0737 0x17a0 [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll 21:30:27.0800 0x17a0 PeerDistSvc - ok 21:30:27.0846 0x17a0 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe 21:30:27.0862 0x17a0 PerfHost - ok 21:30:27.0924 0x17a0 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll 21:30:27.0987 0x17a0 pla - ok 21:30:28.0018 0x17a0 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 21:30:28.0049 0x17a0 PlugPlay - ok 21:30:28.0049 0x17a0 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 21:30:28.0065 0x17a0 PNRPAutoReg - ok 21:30:28.0080 0x17a0 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 21:30:28.0096 0x17a0 PNRPsvc - ok 21:30:28.0127 0x17a0 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 21:30:28.0158 0x17a0 PolicyAgent - ok 21:30:28.0190 0x17a0 [ A2CCA4FB273E6050F17A0A416CFF2FCD, C42BA18DF0C8E3F7358669A784E51E4DC7A4112096345EA699EDC95F561E0255 ] Power C:\Windows\system32\umpo.dll 21:30:28.0205 0x17a0 Power - ok 21:30:28.0268 0x17a0 [ 552F3539C70D010F97001E9B7228210B, 9CB45B7D67E0B99C78D0091173C983AB272FA8A18E1CB5AC3B1519B37964A11E ] Power Manager DBC Service C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE 21:30:28.0299 0x17a0 Power Manager DBC Service - ok 21:30:28.0314 0x17a0 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 21:30:28.0346 0x17a0 PptpMiniport - ok 21:30:28.0346 0x17a0 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\drivers\processr.sys 21:30:28.0361 0x17a0 Processor - ok 21:30:28.0377 0x17a0 [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc C:\Windows\system32\profsvc.dll 21:30:28.0408 0x17a0 ProfSvc - ok 21:30:28.0408 0x17a0 [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] ProtectedStorage C:\Windows\system32\lsass.exe 21:30:28.0424 0x17a0 ProtectedStorage - ok 21:30:28.0439 0x17a0 [ 05A4779E4994B21473EDBE85AABE8030, AFD597461B036FDE42013648A4D542B02AE1D7E128BF0B193BA4B478432F0C72 ] psadd C:\Windows\system32\DRIVERS\psadd.sys 21:30:28.0439 0x17a0 psadd - ok 21:30:28.0455 0x17a0 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys 21:30:28.0486 0x17a0 Psched - ok 21:30:28.0533 0x17a0 [ FB3D6070413925193EA32D1652B921F0, 5D0EEDC966BD5A042A761411E69B376BC16339032BCC460CD4F2965DF05C1033 ] PwmEWSvc C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE 21:30:28.0580 0x17a0 PwmEWSvc - ok 21:30:28.0626 0x17a0 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 21:30:28.0673 0x17a0 ql2300 - ok 21:30:28.0673 0x17a0 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 21:30:28.0689 0x17a0 ql40xx - ok 21:30:28.0704 0x17a0 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll 21:30:28.0720 0x17a0 QWAVE - ok 21:30:28.0720 0x17a0 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 21:30:28.0736 0x17a0 QWAVEdrv - ok 21:30:28.0751 0x17a0 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 21:30:28.0767 0x17a0 RasAcd - ok 21:30:28.0782 0x17a0 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 21:30:28.0814 0x17a0 RasAgileVpn - ok 21:30:28.0829 0x17a0 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll 21:30:28.0860 0x17a0 RasAuto - ok 21:30:28.0860 0x17a0 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 21:30:28.0892 0x17a0 Rasl2tp - ok 21:30:28.0907 0x17a0 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll 21:30:28.0954 0x17a0 RasMan - ok 21:30:28.0954 0x17a0 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 21:30:28.0985 0x17a0 RasPppoe - ok 21:30:28.0985 0x17a0 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 21:30:29.0016 0x17a0 RasSstp - ok 21:30:29.0032 0x17a0 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 21:30:29.0063 0x17a0 rdbss - ok 21:30:29.0063 0x17a0 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 21:30:29.0079 0x17a0 rdpbus - ok 21:30:29.0079 0x17a0 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 21:30:29.0110 0x17a0 RDPCDD - ok 21:30:29.0141 0x17a0 [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR C:\Windows\system32\drivers\rdpdr.sys 21:30:29.0141 0x17a0 RDPDR - ok 21:30:29.0157 0x17a0 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 21:30:29.0188 0x17a0 RDPENCDD - ok 21:30:29.0188 0x17a0 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 21:30:29.0219 0x17a0 RDPREFMP - ok 21:30:29.0235 0x17a0 [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 21:30:29.0266 0x17a0 RDPWD - ok 21:30:29.0266 0x17a0 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 21:30:29.0282 0x17a0 rdyboost - ok 21:30:29.0328 0x17a0 [ BC49E8BDBC6C1B161FDDB350CE423366, D98C7948EE36808164766DD9934C204599275BE9FCD83515F9C0153202D38C34 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe 21:30:29.0344 0x17a0 RegSrvc - ok 21:30:29.0360 0x17a0 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll 21:30:29.0406 0x17a0 RemoteAccess - ok 21:30:29.0406 0x17a0 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll 21:30:29.0438 0x17a0 RemoteRegistry - ok 21:30:29.0469 0x17a0 [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys 21:30:29.0484 0x17a0 RFCOMM - ok 21:30:29.0500 0x17a0 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 21:30:29.0516 0x17a0 RpcEptMapper - ok 21:30:29.0531 0x17a0 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe 21:30:29.0547 0x17a0 RpcLocator - ok 21:30:29.0562 0x17a0 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll 21:30:29.0594 0x17a0 RpcSs - ok 21:30:29.0609 0x17a0 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 21:30:29.0625 0x17a0 rspndr - ok 21:30:29.0672 0x17a0 [ 1BE36AB59242A109697870F16A8E0EF8, CAC949D97EEFA0CE5E89084D0950B6E331145870355367803530D0DED4962F2E ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys 21:30:29.0687 0x17a0 RTL8167 - ok 21:30:29.0718 0x17a0 [ 61EF084BB097FFAB50D05EE5115F7F98, 334E691C45A473977301DB8E8D03747388D2A2D940D3BC15493476404D801645 ] RTSPER C:\Windows\system32\DRIVERS\RtsPer.sys 21:30:29.0734 0x17a0 RTSPER - ok 21:30:29.0750 0x17a0 [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap C:\Windows\system32\drivers\vms3cap.sys 21:30:29.0765 0x17a0 s3cap - ok 21:30:29.0765 0x17a0 [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] SamSs C:\Windows\system32\lsass.exe 21:30:29.0781 0x17a0 SamSs - ok 21:30:29.0781 0x17a0 SAService - ok 21:30:29.0796 0x17a0 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 21:30:29.0796 0x17a0 sbp2port - ok 21:30:29.0828 0x17a0 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll 21:30:29.0859 0x17a0 SCardSvr - ok 21:30:29.0874 0x17a0 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 21:30:29.0906 0x17a0 scfilter - ok 21:30:29.0952 0x17a0 [ 40686B59C127F0C93B4234E4A1E3472A, B2DD61CB796C6AA8AFD285D43472B94646CA6D331D282818E0FDC9DE28DDE9CF ] Schedule C:\Windows\system32\schedsvc.dll 21:30:29.0999 0x17a0 Schedule - ok 21:30:30.0015 0x17a0 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll 21:30:30.0046 0x17a0 SCPolicySvc - ok 21:30:30.0077 0x17a0 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll 21:30:30.0093 0x17a0 SDRSVC - ok 21:30:30.0093 0x17a0 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys 21:30:30.0108 0x17a0 secdrv - ok 21:30:30.0124 0x17a0 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll 21:30:30.0155 0x17a0 seclogon - ok 21:30:30.0171 0x17a0 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll 21:30:30.0202 0x17a0 SENS - ok 21:30:30.0202 0x17a0 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll 21:30:30.0218 0x17a0 SensrSvc - ok 21:30:30.0218 0x17a0 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\drivers\serenum.sys 21:30:30.0233 0x17a0 Serenum - ok 21:30:30.0233 0x17a0 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\drivers\serial.sys 21:30:30.0249 0x17a0 Serial - ok 21:30:30.0249 0x17a0 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\drivers\sermouse.sys 21:30:30.0249 0x17a0 sermouse - ok 21:30:30.0280 0x17a0 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll 21:30:30.0311 0x17a0 SessionEnv - ok 21:30:30.0311 0x17a0 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 21:30:30.0327 0x17a0 sffdisk - ok 21:30:30.0327 0x17a0 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 21:30:30.0342 0x17a0 sffp_mmc - ok 21:30:30.0342 0x17a0 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 21:30:30.0358 0x17a0 sffp_sd - ok 21:30:30.0358 0x17a0 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 21:30:30.0374 0x17a0 sfloppy - ok 21:30:30.0389 0x17a0 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll 21:30:30.0420 0x17a0 SharedAccess - ok 21:30:30.0436 0x17a0 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 21:30:30.0483 0x17a0 ShellHWDetection - ok 21:30:30.0498 0x17a0 [ 07514491857759A5D02A741C9DB6ECA2, D3EB21D90DB68F8BE695961BFA1256E4FA1274D59B3AA465A5485215ABBAA8C5 ] Shockprf C:\Windows\system32\DRIVERS\Apsx64.sys 21:30:30.0498 0x17a0 Shockprf - ok 21:30:30.0498 0x17a0 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys 21:30:30.0514 0x17a0 SiSRaid2 - ok 21:30:30.0514 0x17a0 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 21:30:30.0530 0x17a0 SiSRaid4 - ok 21:30:30.0530 0x17a0 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys 21:30:30.0561 0x17a0 Smb - ok 21:30:30.0592 0x17a0 [ 7C5B431BB6CD52C46295D9752C1C5A45, CBC2A342F019359629B7141ADD1A5AE3E97785D39ADD398EC60F897FABDD5554 ] SmbDrvI C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys 21:30:30.0592 0x17a0 SmbDrvI - ok 21:30:30.0608 0x17a0 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe 21:30:30.0608 0x17a0 SNMPTRAP - ok 21:30:30.0670 0x17a0 [ 3A4F2C0BB87A0895ABEBA341AA1E341B, |
|
29.11.2015, 21:52
| #7 | |
| /// TB-Ausbilder | Windows7: Trojaner, registy befallen, HKU, HKCU Servus, die IP 150.206.1.3 in den Interneteinstellungen zeigt nach Neuseeland, ist das ok? Zitat:
Wenn ja, klär mich bitte kurz auf. |
|
30.11.2015, 20:47
| #8 |
| | Windows7: Trojaner, registy befallen, HKU, HKCU Danke! Anbei die Logdatei des FRST-Fix Code:
ATTFilter Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:29-11-2015
durchgeführt von Marie-Luise (2015-11-30 19:38:04) Run:1
Gestartet von C:\Users\Marie-Luise\Desktop
Geladene Profile: Marie-Luise & (Verfügbare Profile: Marie-Luise)
Start-Modus: Normal
==============================================
fixlist Inhalt:
*****************
start
CloseProcesses:
Tcpip\..\Interfaces\{FC018661-EF6C-4533-B835-3D2AC0E19221}: [DhcpNameServer] 150.206.1.3
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:
end
*****************
Prozess erfolgreich geschlossen.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{FC018661-EF6C-4533-B835-3D2AC0E19221}\\DhcpNameServer => Wert erfolgreich entfernt
========= RemoveProxy: =========
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt
HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt
HKU\S-1-5-21-1401465016-1591747146-3379758321-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\S-1-5-21-1401465016-1591747146-3379758321-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt
========= Ende von RemoveProxy: =========
========= ipconfig /flushdns =========
Windows-IP-Konfiguration
Der DNS-Aufl�sungscache wurde geleert.
========= Ende von CMD: =========
========= netsh winsock reset =========
Der Winsock-Katalog wurde zur�ckgesetzt.
Sie m�ssen den Computer neu starten, um den Vorgang abzuschlie�en.
========= Ende von CMD: =========
EmptyTemp: => 1.5 GB temporäre Dateien entfernt.
Das System musste neu gestartet werden.
==== Ende von Fixlog 19:40:13 ====
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 7 Professional x64
Ran by Marie-Luise (Administrator) on 30.11.2015 at 20:41:04,17
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 2
Successfully deleted: C:\Users\Marie-Luise\AppData\Local\crashrpt (Folder)
Successfully deleted: C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\extensions\mailcheck@gmx.net\searchplugins\mailcom-search.xml (File)
Deleted the following from C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\prefs.js
user_pref(extensions.unitedinternet.email.runonceNewUsersShown, true);
Registry: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 30.11.2015 at 20:42:10,96
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Scan" gab es nicht, ich habe auf "Untersuchen" geklickt. FRST.txt FRST Logfile: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:29-11-2015
durchgeführt von Marie-Luise (Administrator) auf MARIE-NOTEBOOK (30-11-2015 20:44:47)
Gestartet von C:\Users\Marie-Luise\Desktop
Geladene Profile: Marie-Luise (Verfügbare Profile: Marie-Luise)
Platform: Windows 7 Professional Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
() C:\ProgramData\DatacardService\DCService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Validity Sensors, Inc.) C:\Program Files\Lenovo Fingerprint Reader\ValBioService.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [900704 2013-03-15] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [384344 2013-11-29] (Lenovo.)
HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [184112 2012-09-17] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2810608 2014-04-07] (Synaptics Incorporated)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-05-16] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-10-21] (Intel Corporation)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [552960 2013-05-14] (Vimicro)
HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [782520 2015-10-11] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66320 2015-10-14] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\...\Run: [HP Officejet 6700 (NET)] => C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\...\Run: [Screenleap] => C:\Users\Marie-Luise\AppData\Local\Screenleap\Screenleap.exe [2856992 2015-11-29] (Screenleap, Inc.)
HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\...\Run: [jedec-22] => C:\ProgramData\jedec-08\jedec-8.exe [439624 2015-11-30] (Enterprise Fighter)
HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\...\RunOnce: [Uninstall C:\Users\Marie-Luise\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Marie-Luise\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\amd64"
HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\...\RunOnce: [isotope-53] => C:\Users\Marie-Luise\AppData\Roaming\isotope-4\isotope-66.exe [619520 2015-11-30] (American Megatrends, Inc)
HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\...\MountPoints2: {8225d693-4841-11e5-9626-f8165465672d} - E:\AutoRun.exe
HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\...\MountPoints2: {de3f79ed-2748-11e4-b820-806e6f6e6963} - Q:\LenovoQDrive.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\igpxtskmgn.lnk [2014-08-19]
ShortcutTarget: igpxtskmgn.lnk -> C:\Program Files (x86)\Lenovo\USB3.0 DVI Adapter\igpxtskmgn64win7.exe (Docking Station)
Startup: C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2015-10-02]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\blvds-12.lnk [2015-11-30]
ShortcutTarget: blvds-12.lnk -> C:\Users\Marie-Luise\AppData\Roaming\blvds-47\blvds-56.exe (Intel(R) Corporation)
Startup: C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 6700 (Netzwerk).lnk [2015-11-30]
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet 6700 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet 6700\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{B3636DED-3BAF-45B6-A1E8-E155B3A14D72}: [DhcpNameServer] 192.168.178.1
Internet Explorer:
==================
HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13-comm.msn.com/?pc=LNJB
HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad
HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
SearchScopes: HKU\S-1-5-21-1401465016-1591747146-3379758321-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2015-11-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2015-11-01] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2015-11-01] (Microsoft Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2015-11-01] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-11-01] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-11-01] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-11-01] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-11-01] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012
FF Homepage: hxxp://www.jugendlosungen.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-15] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-15] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-05-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-05-16] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2015-11-01] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Extension: GMX MailCheck - C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\extensions\mailcheck@gmx.net [2015-11-18]
FF Extension: Adblock Plus - C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-11-29]
FF HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] [ist nicht signiert]
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - hxxp://clients2.google.com/service/update2/crx
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [932912 2015-10-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [461672 2015-10-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [461672 2015-10-11] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1147720 2015-10-14] (Avira Operations GmbH & Co. KG)
S2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [243968 2015-10-14] (Avira Operations GmbH & Co. KG)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2869432 2015-11-01] (Microsoft Corporation)
R2 DCService.exe; C:\ProgramData\DatacardService\DCService.exe [229376 2010-05-08] () [Datei ist nicht signiert]
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [9281840 2013-10-11] (DisplayLink Corp.)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [Datei ist nicht signiert]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-05-16] (Intel Corporation)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [136288 2012-08-10] (Lenovo Group Limited)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272424 2015-08-17] (Lenovo)
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-17] ()
S3 Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software) [Datei ist nicht signiert]
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [21536 2015-09-29] ()
R2 ValBioService; C:\Program Files\Lenovo Fingerprint Reader\ValBioService.exe [22776 2015-03-03] (Validity Sensors, Inc.)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [49968 2015-03-03] (Synaptics Incorporated)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-01-17] (Intel® Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [163544 2015-10-11] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [141416 2015-09-01] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-04-16] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [74952 2015-10-11] (Avira Operations GmbH & Co. KG)
R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [132920 2013-04-23] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1385272 2013-08-08] (Motorola Solutions, Inc.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [250368 2010-04-07] (Huawei Technologies Co., Ltd.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-02] (Intel Corporation)
R3 ibtusb; C:\Windows\System32\DRIVERS\ibtusb.sys [113096 2013-08-20] (Intel Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw02.sys [3429344 2014-02-18] (Intel Corporation)
R3 RTSPER; C:\Windows\System32\DRIVERS\RtsPer.sys [418008 2013-06-24] (Realsil Semiconductor Corporation)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [31472 2014-04-07] (Synaptics Incorporated)
S3 tvtvcamd; C:\Windows\System32\DRIVERS\tvtvcamd.sys [27432 2013-09-26] (ThinkVantage Communications Utility)
R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [206744 2013-06-20] (Windows (R) Win 7 DDK provider)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [1065344 2013-09-11] (Vimicro Corporation)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-11-30 20:42 - 2015-11-30 20:42 - 00001027 _____ C:\Users\Marie-Luise\Desktop\JRT.txt
2015-11-30 20:41 - 2015-11-30 20:41 - 00000000 ____D C:\Users\Marie-Luise\AppData\Roaming\blvds-47
2015-11-30 20:40 - 2015-11-30 20:40 - 00000000 ____D C:\ProgramData\diode-06
2015-11-30 20:39 - 2015-11-30 20:39 - 01599336 _____ (Malwarebytes) C:\Users\Marie-Luise\Desktop\JRT.exe
2015-11-30 19:38 - 2015-11-30 19:40 - 00002401 _____ C:\Users\Marie-Luise\Desktop\Fixlog.txt
2015-11-30 19:01 - 2015-11-30 19:01 - 00000000 ____D C:\Users\Marie-Luise\AppData\Roaming\isotope-4
2015-11-30 18:58 - 2015-11-30 18:58 - 00000000 ____D C:\ProgramData\jedec-08
2015-11-29 21:24 - 2015-11-29 21:58 - 00671528 _____ C:\TDSSKiller.3.1.0.6_29.11.2015_21.24.07_log.txt
2015-11-29 21:19 - 2015-11-29 21:23 - 00025671 _____ C:\Users\Marie-Luise\Desktop\Addition.txt
2015-11-29 21:19 - 2015-11-29 21:19 - 04397752 _____ (Kaspersky Lab ZAO) C:\Users\Marie-Luise\Desktop\tdsskiller.exe
2015-11-29 21:18 - 2015-11-30 20:45 - 00018646 _____ C:\Users\Marie-Luise\Desktop\FRST.txt
2015-11-29 21:18 - 2015-11-30 20:44 - 00000000 ____D C:\FRST
2015-11-29 21:17 - 2015-11-29 21:17 - 02350080 _____ (Farbar) C:\Users\Marie-Luise\Desktop\FRST64.exe
2015-11-29 20:47 - 2015-11-29 20:47 - 00001025 _____ C:\Users\Marie-Luise\Desktop\AdwCleaner[C1].txt
2015-11-29 20:13 - 2015-11-29 20:19 - 00000000 ____D C:\AdwCleaner
2015-11-29 20:08 - 2015-11-29 20:08 - 01733632 _____ C:\Users\Marie-Luise\Desktop\adwcleaner_5.022.exe
2015-11-29 20:00 - 2015-11-30 19:43 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-29 20:00 - 2015-11-29 20:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-11-29 19:59 - 2015-11-29 20:00 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-11-29 19:59 - 2015-11-29 19:59 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-11-29 19:59 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-11-29 19:59 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-11-29 19:59 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-11-29 19:57 - 2015-11-29 19:59 - 22908888 _____ (Malwarebytes ) C:\Users\Marie-Luise\Desktop\mbam-setup-2.2.0.1024.exe.part
2015-11-29 19:57 - 2015-11-29 19:58 - 22908888 _____ (Malwarebytes ) C:\Users\Marie-Luise\Desktop\mbam-setup-2.2.0.1024.exe
2015-11-29 19:51 - 2015-11-29 21:28 - 00000064 _____ C:\Users\Marie-Luise\.screenleap
2015-11-29 19:51 - 2015-11-29 20:29 - 00000000 ____D C:\Users\Marie-Luise\AppData\Local\Screenleap
2015-11-29 19:51 - 2015-11-29 19:51 - 00002000 _____ C:\Users\Marie-Luise\Desktop\Screenleap.lnk
2015-11-25 21:59 - 2015-11-30 19:05 - 00000000 ____D C:\Users\Marie-Luise\AppData\Roaming\pendulum-28
2015-11-18 19:00 - 2015-11-18 21:40 - 00000000 ____D C:\Users\Marie-Luise\AppData\Roaming\glonass-89
2015-11-15 17:20 - 2015-11-03 18:55 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-11-13 08:38 - 2015-10-20 19:42 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-11-13 08:38 - 2015-10-20 19:42 - 02608128 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-11-13 08:38 - 2015-10-20 19:42 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-11-13 08:38 - 2015-10-20 19:42 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-11-13 08:38 - 2015-10-20 19:42 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-11-13 08:38 - 2015-10-20 19:42 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-11-13 08:38 - 2015-10-20 19:42 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-11-13 08:38 - 2015-10-20 19:41 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-11-13 08:38 - 2015-10-20 19:41 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-11-13 08:38 - 2015-10-20 19:41 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-11-13 08:38 - 2015-10-20 19:41 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-11-13 08:38 - 2015-10-20 18:46 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-11-13 08:38 - 2015-10-20 18:46 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-11-13 08:38 - 2015-10-20 18:46 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-11-13 08:38 - 2015-10-20 18:46 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-11-13 08:38 - 2015-10-20 18:45 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-11-13 08:35 - 2015-11-03 23:10 - 00390344 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-11-13 08:35 - 2015-11-03 22:51 - 00342728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-11-13 08:35 - 2015-10-31 00:46 - 25818624 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-11-13 08:35 - 2015-10-31 00:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-11-13 08:35 - 2015-10-31 00:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-11-13 08:35 - 2015-10-31 00:25 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-11-13 08:35 - 2015-10-31 00:25 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-11-13 08:35 - 2015-10-31 00:25 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-11-13 08:35 - 2015-10-31 00:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-11-13 08:35 - 2015-10-31 00:24 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-11-13 08:35 - 2015-10-31 00:24 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-11-13 08:35 - 2015-10-31 00:17 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-11-13 08:35 - 2015-10-31 00:16 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-11-13 08:35 - 2015-10-31 00:13 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-11-13 08:35 - 2015-10-31 00:12 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-11-13 08:35 - 2015-10-31 00:12 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-11-13 08:35 - 2015-10-31 00:11 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-11-13 08:35 - 2015-10-31 00:11 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-11-13 08:35 - 2015-10-31 00:11 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-11-13 08:35 - 2015-10-31 00:04 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-11-13 08:35 - 2015-10-31 00:01 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-11-13 08:35 - 2015-10-30 23:58 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-11-13 08:35 - 2015-10-30 23:53 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-11-13 08:35 - 2015-10-30 23:52 - 20331520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-11-13 08:35 - 2015-10-30 23:49 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-11-13 08:35 - 2015-10-30 23:49 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-11-13 08:35 - 2015-10-30 23:47 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-11-13 08:35 - 2015-10-30 23:46 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-11-13 08:35 - 2015-10-30 23:46 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-11-13 08:35 - 2015-10-30 23:45 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-11-13 08:35 - 2015-10-30 23:45 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-11-13 08:35 - 2015-10-30 23:44 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-11-13 08:35 - 2015-10-30 23:44 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-11-13 08:35 - 2015-10-30 23:42 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-11-13 08:35 - 2015-10-30 23:39 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-11-13 08:35 - 2015-10-30 23:39 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-11-13 08:35 - 2015-10-30 23:37 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-11-13 08:35 - 2015-10-30 23:36 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-11-13 08:35 - 2015-10-30 23:36 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-11-13 08:35 - 2015-10-30 23:36 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-11-13 08:35 - 2015-10-30 23:34 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-11-13 08:35 - 2015-10-30 23:32 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-11-13 08:35 - 2015-10-30 23:31 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-11-13 08:35 - 2015-10-30 23:29 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-11-13 08:35 - 2015-10-30 23:29 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-11-13 08:35 - 2015-10-30 23:28 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-11-13 08:35 - 2015-10-30 23:23 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-11-13 08:35 - 2015-10-30 23:22 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-11-13 08:35 - 2015-10-30 23:21 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-11-13 08:35 - 2015-10-30 23:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-11-13 08:35 - 2015-10-30 23:18 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-11-13 08:35 - 2015-10-30 23:17 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-11-13 08:35 - 2015-10-30 23:17 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-11-13 08:35 - 2015-10-30 23:16 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-11-13 08:35 - 2015-10-30 23:11 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-11-13 08:35 - 2015-10-30 23:10 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-11-13 08:35 - 2015-10-30 23:09 - 12854272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-11-13 08:35 - 2015-10-30 23:09 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-11-13 08:35 - 2015-10-30 23:09 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-11-13 08:35 - 2015-10-30 23:04 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-11-13 08:35 - 2015-10-30 22:53 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-11-13 08:35 - 2015-10-30 22:51 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-11-13 08:35 - 2015-10-30 22:48 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-11-13 08:35 - 2015-10-30 22:46 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-11-13 08:33 - 2015-10-20 02:12 - 05570496 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-11-13 08:32 - 2015-10-20 02:12 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-11-13 08:32 - 2015-10-20 02:12 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-11-13 08:32 - 2015-10-20 02:09 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-11-13 08:32 - 2015-10-20 02:06 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-11-13 08:32 - 2015-10-20 02:06 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-11-13 08:32 - 2015-10-20 02:06 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-11-13 08:32 - 2015-10-20 02:06 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-11-13 08:32 - 2015-10-20 02:05 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-11-13 08:32 - 2015-10-20 02:05 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-11-13 08:32 - 2015-10-20 02:05 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-11-13 08:32 - 2015-10-20 02:05 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-11-13 08:32 - 2015-10-20 02:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-11-13 08:32 - 2015-10-20 02:05 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-11-13 08:32 - 2015-10-20 02:05 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-11-13 08:32 - 2015-10-20 02:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-11-13 08:32 - 2015-10-20 02:05 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-11-13 08:32 - 2015-10-20 02:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-11-13 08:32 - 2015-10-20 02:05 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-11-13 08:32 - 2015-10-20 02:05 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-11-13 08:32 - 2015-10-20 02:05 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-11-13 08:32 - 2015-10-20 02:05 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-11-13 08:32 - 2015-10-20 02:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-11-13 08:32 - 2015-10-20 02:05 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-11-13 08:32 - 2015-10-20 02:05 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-11-13 08:32 - 2015-10-20 02:05 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-11-13 08:32 - 2015-10-20 02:05 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-11-13 08:32 - 2015-10-20 02:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-11-13 08:32 - 2015-10-20 02:05 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-11-13 08:32 - 2015-10-20 02:04 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-11-13 08:32 - 2015-10-20 02:04 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-11-13 08:32 - 2015-10-20 02:04 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-11-13 08:32 - 2015-10-20 02:00 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-11-13 08:32 - 2015-10-20 01:59 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:52 - 03991488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-11-13 08:32 - 2015-10-20 01:52 - 03935680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-11-13 08:32 - 2015-10-20 01:48 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-11-13 08:32 - 2015-10-20 01:45 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-11-13 08:32 - 2015-10-20 01:45 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-11-13 08:32 - 2015-10-20 01:45 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-11-13 08:32 - 2015-10-20 01:45 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-11-13 08:32 - 2015-10-20 01:45 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-11-13 08:32 - 2015-10-20 01:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-11-13 08:32 - 2015-10-20 01:45 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-11-13 08:32 - 2015-10-20 01:45 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-11-13 08:32 - 2015-10-20 01:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-11-13 08:32 - 2015-10-20 01:45 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-11-13 08:32 - 2015-10-20 01:45 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-11-13 08:32 - 2015-10-20 01:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-11-13 08:32 - 2015-10-20 01:44 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-11-13 08:32 - 2015-10-20 01:44 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-11-13 08:32 - 2015-10-20 01:44 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-11-13 08:32 - 2015-10-20 01:44 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-11-13 08:32 - 2015-10-20 01:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-11-13 08:32 - 2015-10-20 01:44 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-11-13 08:32 - 2015-10-20 01:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-11-13 08:32 - 2015-10-20 01:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-11-13 08:32 - 2015-10-20 01:35 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-11-13 08:32 - 2015-10-20 01:35 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-11-13 08:32 - 2015-10-20 01:35 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:35 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 00:41 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-11-13 08:32 - 2015-10-20 00:40 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-11-13 08:32 - 2015-10-20 00:40 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-11-13 08:32 - 2015-10-20 00:29 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-11-13 08:32 - 2015-10-20 00:29 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-11-13 08:32 - 2015-10-20 00:27 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 00:27 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 00:27 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-11-13 08:32 - 2015-10-20 00:27 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-11-13 08:32 - 2015-10-13 17:41 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-11-13 08:32 - 2015-10-13 17:40 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-11-13 08:32 - 2015-10-13 05:57 - 00950720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-11-13 08:32 - 2015-09-23 14:15 - 00460776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-11-13 08:32 - 2015-09-23 14:15 - 00299632 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2015-11-13 08:32 - 2015-09-23 14:09 - 00251000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2015-11-13 08:31 - 2015-10-01 19:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-11-13 08:31 - 2015-10-01 19:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-11-13 08:31 - 2015-10-01 18:50 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-11-11 21:39 - 2015-11-14 17:48 - 00000000 ____D C:\ProgramData\en
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-11-30 20:12 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2015-11-30 20:08 - 2015-08-18 19:53 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-11-30 19:50 - 2009-07-14 05:45 - 00031904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-30 19:50 - 2009-07-14 05:45 - 00031904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-30 19:47 - 2014-08-19 13:14 - 00699342 _____ C:\Windows\system32\perfh007.dat
2015-11-30 19:47 - 2014-08-19 13:14 - 00149450 _____ C:\Windows\system32\perfc007.dat
2015-11-30 19:47 - 2009-07-14 06:13 - 01619284 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-30 19:47 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2015-11-30 19:41 - 2014-08-19 03:53 - 00000000 ____D C:\ProgramData\Validity
2015-11-30 19:41 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-30 19:05 - 2015-10-25 21:10 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-11-30 18:58 - 2015-05-05 19:39 - 00000000 ____D C:\Users\Marie-Luise\AppData\Local\VirtualStore
2015-11-29 21:19 - 2009-07-14 04:20 - 00000000 ____D C:\Windows
2015-11-29 19:51 - 2015-05-05 19:38 - 00000000 ____D C:\Users\Marie-Luise
2015-11-18 21:52 - 2014-08-19 04:04 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2015-11-18 21:50 - 2014-08-19 04:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-11-17 18:25 - 2014-01-30 22:17 - 00000000 __SHD C:\Users\Marie-Luise\AppData\Roaming\aghubwrh
2015-11-16 18:49 - 2009-07-14 05:45 - 00353816 _____ C:\Windows\system32\FNTCACHE.DAT
2015-11-15 20:49 - 2014-08-18 20:55 - 00000000 ____D C:\ProgramData\Lenovo
2015-11-15 20:48 - 2014-08-19 03:55 - 00000000 ____D C:\Windows\System32\Tasks\TVT
2015-11-15 20:48 - 2014-08-19 03:51 - 00000000 ___HD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools
2015-11-15 20:48 - 2014-08-19 03:41 - 00000000 ____D C:\Program Files (x86)\Lenovo
2015-11-15 17:08 - 2015-08-18 19:53 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-11-15 17:08 - 2015-05-23 19:20 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-11-15 17:08 - 2015-05-23 19:20 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-13 08:37 - 2014-01-30 22:46 - 01593564 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-11-13 08:35 - 2014-02-03 15:34 - 00000000 ____D C:\Program Files\Windows Journal
2015-11-10 18:33 - 2015-05-16 12:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-11-10 18:33 - 2014-08-19 03:44 - 00000000 ____D C:\ProgramData\Package Cache
2015-11-09 18:32 - 2015-05-16 12:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-11-01 20:08 - 2015-07-05 19:31 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2015-05-25 17:00 - 2015-05-25 17:00 - 16342352 _____ (Geek Software GmbH ) C:\Program Files (x86)\pdf24-creator-6.9.2.exe
2015-05-21 06:48 - 2015-05-21 06:48 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-08-19 03:53 - 2014-08-19 03:53 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-08-19 03:58 - 2014-08-19 03:59 - 0000107 _____ () C:\ProgramData\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}.log
2014-08-19 03:56 - 2014-08-19 03:57 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2014-08-19 03:57 - 2014-08-19 03:58 - 0000110 _____ () C:\ProgramData\{B7A0CE06-068E-11D6-97FD-0050BACBF861}.log
2014-08-19 03:58 - 2014-08-19 03:58 - 0000115 _____ () C:\ProgramData\{D6E853EC-8960-4D44-AF03-7361BB93227C}.log
Einige Dateien in TEMP:
====================
C:\Users\Marie-Luise\AppData\Local\Temp\avgnt.exe
Einige mit null Byte Größe Dateien/Ordner:
==========================
C:\Windows\SysWOW64\dlumd10.dll
C:\Windows\SysWOW64\dlumd11.dll
C:\Windows\SysWOW64\dlumd9.dll
C:\Windows\System32\dlumd10.dll
C:\Windows\System32\dlumd11.dll
C:\Windows\System32\dlumd9.dll
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2015-11-30 20:04
==================== Ende von FRST.txt ============================
Addition Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:29-11-2015
durchgeführt von Marie-Luise (2015-11-30 20:45:23)
Gestartet von C:\Users\Marie-Luise\Desktop
Windows 7 Professional Service Pack 1 (X64) (2015-05-05 18:38:17)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-1401465016-1591747146-3379758321-500 - Administrator - Disabled)
Gast (S-1-5-21-1401465016-1591747146-3379758321-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1401465016-1591747146-3379758321-1002 - Limited - Enabled)
Marie-Luise (S-1-5-21-1401465016-1591747146-3379758321-1001 - Administrator - Enabled) => C:\Users\Marie-Luise
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.180 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.13.210 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{59c4462d-a177-4d44-a95b-deda1be79844}) (Version: 1.1.49.18939 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.49.18939 - Avira Operations GmbH & Co. KG) Hidden
Bing Bar (HKLM-x32\...\{3611CA6C-5FCA-4900-A329-6A118123CCFC}) (Version: 7.1.355.0 - Microsoft Corporation)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.64.62.50 - Conexant)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
DisplayLink Core Software (HKLM\...\{BB07E020-7224-4EC3-864E-2AA0BF42A7DD}) (Version: 7.4.51572.0 - DisplayLink Corp.)
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 16.1.20150424 - Landesfinanzdirektion Thüringen)
Energie-Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.64.1 - Lenovo Group Limited)
HP Officejet 6700 - Grundlegende Software für das Gerät (HKLM\...\{9086D601-50B7-491D-A143-28193DADE36B}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 6700 Hilfe (HKLM-x32\...\{E1AE0CB7-1333-4728-8520-CB3F88A252B4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Integrated Camera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 5.13.911.3 - Vimicro)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.10.1372 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3272 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 3.0.1332.1) (HKLM\...\{302600C1-6BDF-4FD1-1307-148929CC1385}) (Version: 3.1.1307.0366 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Intel(R) Update Manager (x32 Version: 1.6.3.70 - Intel Corporation) Hidden
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.2.32 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{F949AE30-83D1-41B2-92D2-F44478DD058A}) (Version: 4.2.24.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{7e493493-a430-4b7b-b8a2-48d61599e220}) (Version: 17.0.0 - Intel Corporation)
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 2.10 - )
Lenovo Fingerprint Manager (HKLM\...\{D6006D3A-B3F5-48DC-8CC0-D353912379F3}) (Version: 4.5.289.0 - Synaptics)
Lenovo Fingerprint Manager (HKLM\...\{F7AB2C19-6A27-4C75-A92A-8CC7C59E5FA2}) (Version: 4.5.289.0 - )
Lenovo Patch Utility (x32 Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.04 - )
Lenovo Solution Center (HKLM\...\{E92E1FF1-B188-43FE-BECA-2248E227E67D}) (Version: 2.8.005.00 - Lenovo Group Limited)
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.07.0013 - Lenovo)
Lenovo USB Graphics (HKLM\...\{7257526E-B74A-488E-BA2E-56327482B06B}) (Version: 7.4.51587.0 - Lenovo)
Lenovo USB3.0 to DVI VGA Monitor Adapter (HKLM-x32\...\{454D32AD-C149-49BE-9F2E-8C089C3D6620}) (Version: 1.07.15 - Lenovo)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0009.00 - Lenovo Group Limited)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0011.00 - Lenovo)
Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office Home and Student 2016 - de-de (HKLM\...\HomeStudentRetail - de-de) (Version: 16.0.6001.1038 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\...\OneDriveSetup.exe) (Version: 17.3.5951.0827 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{e6e75766-da0f-4ba2-9788-6ea593ce702d}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 11.302.09.04.382 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 42.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 de)) (Version: 42.0 - Mozilla)
Mozilla Thunderbird 31.7.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.7.0 (x86 de)) (Version: 31.7.0 - Mozilla)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6001.1038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6001.1038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6001.1038 - Microsoft Corporation) Hidden
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
PDF24 Creator 6.9.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.21234 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.73.618.2013 - Realtek)
Sony PC Companion 2.10.259 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.259 - Sony)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 18.0.7.40 - Synaptics Incorporated)
Thinkpad USB 3.0 Ethernet Adapter Driver (HKLM-x32\...\{D8102684-7BA1-4948-88B9-535F84E6E588}) (Version: 7.4.911.2013 - Lenovo)
ThinkVantage System für aktiven Festplattenschutz (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.78.0.11 - Lenovo)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows-Treiberpaket - Intel Corporation (iaStorA) HDC (08/01/2013 12.8.0.1016) (HKLM\...\C8A921233C0C441A4E4EAABC2AB08C872FD77A6E) (Version: 08/01/2013 12.8.0.1016 - Intel Corporation)
Windows-Treiberpaket - Lenovo 1.67.04.04 (11/07/2013 1.67.04.04) (HKLM\...\70FB73D983446AEE2932B0ED51A770D1BD1348DA) (Version: 11/07/2013 1.67.04.04 - Lenovo)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Wiederherstellungspunkte =========================
15-11-2015 21:57:56 Windows Update
17-11-2015 18:31:47 Free Antivirus - 17.11.2015 18:31
30-11-2015 20:12:03 Geplanter Prüfpunkt
30-11-2015 20:41:04 JRT Pre-Junkware Removal
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {16A98A40-6353-410F-BD28-5345C3E2DBFE} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2015-08-17] ()
Task: {170F753F-2D86-4F1F-9CE1-4AA1A116B757} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2015-08-17] (Lenovo)
Task: {2EFA6B85-313D-4DD0-B0EC-F2F364F27095} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {474F4629-0DE0-49C2-9D0C-EBF7918BE7D0} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2015-09-29] ()
Task: {4E62F553-C70D-4BC3-B8D2-453C72CBEFF9} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\Bootstrap.exe [2013-07-18] (Intel Corporation)
Task: {5F6F5F29-C047-400D-BD94-3D79F9F6CB0E} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PwmIdTsv.exe [2013-10-21] (Lenovo Group Limited)
Task: {7B3C18C9-06C4-485E-AEE2-91B94C98115F} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\Bootstrap.exe [2013-07-18] (Intel Corporation)
Task: {B2853026-549C-413A-AA6D-1DAF46B17F70} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2015-11-01] (Microsoft Corporation)
Task: {B9E972D3-A324-4B34-9048-0E6C4FC35A6E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2015-11-01] (Microsoft Corporation)
Task: {BDB79BDC-99DF-47C8-9513-0EFF6CD0C369} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2015-08-17] (Lenovo)
Task: {C3D0177B-A8A2-4DEE-B8BD-BDC9EAFD18DC} - System32\Tasks\StartPowerDVDService => C:\PROGRAM FILES (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe
Task: {CD821E1D-24FE-4AC5-AE1D-F3A372670DF9} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2015-08-17] ()
Task: {D29C9B0D-7B4F-442B-996D-3F2C93DED596} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2015-08-17] (Lenovo)
Task: {D5E0EB99-D92E-4F82-8685-FC48AC7298EE} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {E9CB273F-6CEF-4BA3-87EC-C20EE48E7600} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-15] (Adobe Systems Incorporated)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2014-08-19 03:51 - 2013-10-21 23:04 - 00117248 ____N () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL
2015-10-02 18:45 - 2015-11-01 02:11 - 00161448 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2010-05-08 12:48 - 2010-05-08 12:48 - 00229376 _____ () C:\ProgramData\DatacardService\DCService.exe
2014-08-19 03:39 - 2013-05-16 09:05 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\Windows:nlsPreferences
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{19CCF886-E8AC-4BE6-8588-095562D3E5F8}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{E6EE83DD-7E36-419E-9EAD-11E70FF5AC53}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{78EE11AE-7BAF-4D29-9A6B-D2DC562442FD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F8B03271-CC30-4390-B53F-321E951E6ECB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A3A91B0D-E7FA-477D-AC4E-3E9B2CCAE2B6}] => (Allow) C:\Program Files\HP\HP Officejet 6700\bin\FaxApplications.exe
FirewallRules: [{584F2355-8676-46E0-9165-282BAFE01DDC}] => (Allow) C:\Program Files\HP\HP Officejet 6700\bin\DigitalWizards.exe
FirewallRules: [{17525D02-32D4-4C7B-8D25-7D7E990BAECB}] => (Allow) C:\Program Files\HP\HP Officejet 6700\bin\SendAFax.exe
FirewallRules: [{C5EAB0C6-B0D9-4803-92E6-E3338DFEDD26}] => (Allow) C:\Program Files\HP\HP Officejet 6700\Bin\DeviceSetup.exe
FirewallRules: [{E3B484FE-6055-466D-B607-E6B57FF8676B}] => (Allow) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe
FirewallRules: [{0048073E-4041-42F9-94E3-F25516F9143D}] => (Allow) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{3D2F336D-7117-49FD-B8A2-FC194C9598F5}] => (Allow) C:\Users\Marie-Luise\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [{9D60C568-89F2-42DB-9DEC-7D1704875119}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E921CD51-E941-4B81-A1A6-C79D2F14FDCA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3C7F4936-989A-4354-81B0-7FA153E46F75}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{F808B78E-F593-47C1-B7ED-C600D8D5916B}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (11/30/2015 07:42:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/30/2015 07:05:34 PM) (Source: MsiInstaller) (EventID: 1024) (User: Marie-Notebook)
Description: Produkt: Adobe Acrobat Reader DC - Deutsch - Update "{AC76BA86-7AD7-0000-2550-AC0F094E6F00}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127
Error: (11/30/2015 06:52:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/29/2015 08:21:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/29/2015 07:32:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/28/2015 08:47:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/27/2015 06:52:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/25/2015 10:54:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/25/2015 09:51:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/24/2015 06:30:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Systemfehler:
=============
Error: (11/30/2015 08:14:18 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "Windows7_OS" den Befehl "chkdsk" aus.
Error: (11/30/2015 08:14:17 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "Windows7_OS" den Befehl "chkdsk" aus.
Error: (11/30/2015 08:14:17 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "Windows7_OS" den Befehl "chkdsk" aus.
Error: (11/30/2015 08:14:16 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "Windows7_OS" den Befehl "chkdsk" aus.
Error: (11/30/2015 08:14:15 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "Windows7_OS" den Befehl "chkdsk" aus.
Error: (11/30/2015 08:14:14 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "Windows7_OS" den Befehl "chkdsk" aus.
Error: (11/30/2015 08:14:13 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "Windows7_OS" den Befehl "chkdsk" aus.
Error: (11/30/2015 08:14:12 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "Windows7_OS" den Befehl "chkdsk" aus.
Error: (11/30/2015 08:14:12 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "Windows7_OS" den Befehl "chkdsk" aus.
Error: (11/30/2015 08:14:11 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "Windows7_OS" den Befehl "chkdsk" aus.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i3-4100M CPU @ 2.50GHz
Prozentuale Nutzung des RAM: 46%
Installierter physikalischer RAM: 3810.46 MB
Verfügbarer physikalischer RAM: 2039.02 MB
Summe virtueller Speicher: 7619.12 MB
Verfügbarer virtueller Speicher: 5468.86 MB
==================== Laufwerke ================================
Drive c: (Windows7_OS) (Fixed) (Total:301.89 GB) (Free:252.77 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive d: (Volume) (Fixed) (Total:146.48 GB) (Free:120.8 GB) NTFS
Drive q: (Lenovo_Recovery) (Fixed) (Total:15.92 GB) (Free:4.03 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 49FC2C21)
Partition 1: (Active) - (Size=1.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=301.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=146.5 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=15.9 GB) - (Type=07 NTFS)
==================== Ende von Addition.txt ============================
|
|
30.11.2015, 20:52
| #9 |
| /// TB-Ausbilder | Windows7: Trojaner, registy befallen, HKU, HKCU Servus, Hinweis: Der Suchlauf mit ESET kann länger dauern. Schritt 1 Downloade dir die passende Version von HitmanPro auf deinen Desktop: HitmanPro - 32 Bit | HitmanPro - 64 Bit.
Schritt 2 ESET Online Scanner
Schritt 3
Bitte poste mit deiner nächsten Antwort
|
|
30.11.2015, 22:16
| #10 |
| | Windows7: Trojaner, registy befallen, HKU, HKCU Hallo, hier die Logdatei HitmanPro Code:
ATTFilter HitmanPro 3.7.10.251
www.hitmanpro.com
Computer name . . . . : MARIE-NOTEBOOK
Windows . . . . . . . : 6.1.1.7601.X64/4
User name . . . . . . : Marie-Notebook\Marie-Luise
UAC . . . . . . . . . : Enabled
License . . . . . . . : Free
Scan date . . . . . . : 2015-11-30 21:01:33
Scan mode . . . . . . : Normal
Scan duration . . . . : 3m 47s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No
Threats . . . . . . . : 0
Traces . . . . . . . : 3
Objects scanned . . . : 1.594.400
Files scanned . . . . : 12.456
Remnants scanned . . : 201.452 files / 1.380.492 keys
Suspicious files ____________________________________________________________
C:\ProgramData\jedec-08\jedec-8.exe
Size . . . . . . . : 439.624 bytes
Age . . . . . . . : 0.1 days (2015-11-30 18:58:32)
Entropy . . . . . : 7.8
SHA-256 . . . . . : 9C9B997A01907D797A4ED4D80CF0994E86FF94FB225970913A25AA0928FD1418
Product . . . . . : Symantec Shared Components
Publisher . . . . : Enterprise Fighter
Description . . . : Symantec Shared Component
Version . . . . . : 3.7.6.3
Copyright . . . . : Copyright (c) 2010 Symantec Corporation. All rights reserved.
RSA Key Size . . . : 2048
LanguageID . . . . : 1033
Authenticode . . . : Invalid
Fuzzy . . . . . . : 32.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Program starts automatically without user intervention.
Uses the Windows Registry to run each time the user logs on.
Time indicates that the file appeared recently on this computer.
The file appears to be part of an installation package or setup program. This is typical for most programs.
Startup
HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jedec-22
Forensic Cluster
0.0s C:\ProgramData\jedec-08\
0.0s C:\ProgramData\jedec-08\jedec-8.exe
0.4s C:\Users\Marie-Luise\AppData\Local\VirtualStore\Windows\SysWOW64\
0.4s C:\Users\Marie-Luise\AppData\Local\VirtualStore\Windows\
0.4s C:\Users\Marie-Luise\AppData\Local\VirtualStore\Windows\SysWOW64\쑧ཡ\
C:\Users\Marie-Luise\Desktop\FRST64.exe
Size . . . . . . . : 2.350.080 bytes
Age . . . . . . . : 1.0 days (2015-11-29 21:17:42)
Entropy . . . . . : 7.6
SHA-256 . . . . . : 30CA3A4AACEF0010BC8EFDCCD96E0D319D3F64E70058EB3D45D9B8F11455F773
Needs elevation . : Yes
Fuzzy . . . . . . : 24.0
Program has no publisher information but prompts the user for permission elevation.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Time indicates that the file appeared recently on this computer.
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=0319899dd0f94649832c7c76301c9987
# end=init
# utc_time=2015-11-30 08:09:44
# local_time=2015-11-30 09:09:44 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 26978
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=0319899dd0f94649832c7c76301c9987
# end=updated
# utc_time=2015-11-30 08:14:54
# local_time=2015-11-30 09:14:54 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=0319899dd0f94649832c7c76301c9987
# engine=26978
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-11-30 09:02:59
# local_time=2015-11-30 10:02:59 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 15641512 200547229 0 0
# scanned=164836
# found=8
# cleaned=0
# scan_time=2885
sh=60919026F989953B9B75A2B53ED81B666862D550 ft=1 fh=a0eb4d35b0d10d8c vn="Win32/TrojanDownloader.Nymaim.BA Trojaner" ac=I fn="C:\ProgramData\jedec-08\jedec-8.exe"
sh=60919026F989953B9B75A2B53ED81B666862D550 ft=1 fh=a0eb4d35b0d10d8c vn="Win32/TrojanDownloader.Nymaim.BA Trojaner" ac=I fn="C:\Users\All Users\jedec-08\jedec-8.exe"
sh=709919F2DF08E8E228223DCE26E5086DE4B13252 ft=1 fh=f9249cec26af20c4 vn="Variante von Win32/Kryptik.EGPY Trojaner" ac=I fn="C:\Users\Marie-Luise\AppData\Roaming\isotope-4\isotope-66.exe"
sh=2DFE16FF0E5EAEC4DD1BCA5528D101275B2306CE ft=1 fh=7f251695af4b4876 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Marie-Luise\Downloads\OpenOffice - CHIP-Installer.exe"
sh=813F3597C58FAA3BEA33996CBEDACBF10BEE6465 ft=1 fh=36bbe7146b0b791c vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Marie-Luise\Downloads\PDF24 Creator - CHIP-Installer.exe"
sh=FA76B7BE6E6C95BB40B51032DFFADC02C420E7BD ft=1 fh=246ca42c6e945b5a vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Marie-Luise\Downloads\Skype - CHIP-Installer.exe"
sh=3499B0B236DF2BAAD00B0F13A59AEB081F866BA5 ft=1 fh=e6f6e1ebb4631a06 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Marie-Luise\Downloads\Sony PC Companion - CHIP-Installer.exe"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Variante von Win32/PSW.Papras.EH Trojaner" ac=I fn="${Memory}"
Anbei die beiden Dateien. FRST.txt Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:29-11-2015 durchgeführt von Marie-Luise (Administrator) auf MARIE-NOTEBOOK (30-11-2015 22:14:01) Gestartet von C:\Users\Marie-Luise\Desktop Geladene Profile: Marie-Luise (Verfügbare Profile: Marie-Luise) Platform: Windows 7 Professional Service Pack 1 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: FF) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (Lenovo.) C:\Windows\System32\ibmpmsvc.exe (DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe (DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe (Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe () C:\ProgramData\DatacardService\DCService.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe (Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe (Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe (Lenovo.) C:\Windows\System32\TpShocks.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe (Screenleap, Inc.) C:\Users\Marie-Luise\AppData\Local\Screenleap\Screenleap.exe (Docking Station) C:\Program Files (x86)\Lenovo\USB3.0 DVI Adapter\igpxtskmgn64win7.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicatorCom.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe (Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Validity Sensors, Inc.) C:\Program Files\Lenovo Fingerprint Reader\ValBioService.exe (Validity Sensors, Inc.) C:\Program Files\Lenovo Fingerprint Reader\SwipeMonitor.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.EXE ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [900704 2013-03-15] (Conexant Systems, Inc.) HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] () HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.) HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [384344 2013-11-29] (Lenovo.) HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [184112 2012-09-17] (Intel Corporation) HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2810608 2014-04-07] (Synaptics Incorporated) HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-05-16] (Intel Corporation) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-10-21] (Intel Corporation) HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [552960 2013-05-14] (Vimicro) HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [782520 2015-10-11] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH) HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66320 2015-10-14] (Avira Operations GmbH & Co. KG) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\...\Run: [HP Officejet 6700 (NET)] => C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.) HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\...\Run: [Screenleap] => C:\Users\Marie-Luise\AppData\Local\Screenleap\Screenleap.exe [2856992 2015-11-29] (Screenleap, Inc.) HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\...\Run: [jedec-22] => C:\ProgramData\jedec-08\jedec-8.exe [439624 2015-11-30] (Enterprise Fighter) HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\...\RunOnce: [Uninstall C:\Users\Marie-Luise\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Marie-Luise\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\amd64" HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\...\RunOnce: [isotope-53] => C:\Users\Marie-Luise\AppData\Roaming\isotope-4\isotope-66.exe [619520 2015-11-30] (American Megatrends, Inc) HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\...\MountPoints2: {8225d693-4841-11e5-9626-f8165465672d} - E:\AutoRun.exe HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\...\MountPoints2: {de3f79ed-2748-11e4-b820-806e6f6e6963} - Q:\LenovoQDrive.exe Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\igpxtskmgn.lnk [2014-08-19] ShortcutTarget: igpxtskmgn.lnk -> C:\Program Files (x86)\Lenovo\USB3.0 DVI Adapter\igpxtskmgn64win7.exe (Docking Station) Startup: C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2015-10-02] ShortcutTarget: An OneNote senden.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\blvds-12.lnk [2015-11-30] ShortcutTarget: blvds-12.lnk -> C:\Users\Marie-Luise\AppData\Roaming\blvds-47\blvds-56.exe (Intel(R) Corporation) Startup: C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 6700 (Netzwerk).lnk [2015-11-30] ShortcutTarget: Tintenwarnungen überwachen - HP Officejet 6700 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet 6700\Bin\HPStatusBL.dll (Hewlett-Packard Co.) ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{B3636DED-3BAF-45B6-A1E8-E155B3A14D72}: [DhcpNameServer] 192.168.178.1 Internet Explorer: ================== HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13-comm.msn.com/?pc=LNJB HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad SearchScopes: HKU\S-1-5-21-1401465016-1591747146-3379758321-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2015-11-01] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2015-11-01] (Microsoft Corporation) BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2015-11-01] (Microsoft Corporation) BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2015-11-01] (Microsoft Corporation) BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation.) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation.) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-11-01] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-11-01] (Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-11-01] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-11-01] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012 FF Homepage: hxxp://www.jugendlosungen.de/ FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-15] () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-15] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-05-16] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-05-16] (Intel Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2015-11-01] (Microsoft Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.) FF Extension: GMX MailCheck - C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\extensions\mailcheck@gmx.net [2015-11-18] FF Extension: Adblock Plus - C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-11-29] FF HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] [ist nicht signiert] Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - hxxp://clients2.google.com/service/update2/crx ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [932912 2015-10-11] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [461672 2015-10-11] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [461672 2015-10-11] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1147720 2015-10-14] (Avira Operations GmbH & Co. KG) R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [243968 2015-10-14] (Avira Operations GmbH & Co. KG) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2869432 2015-11-01] (Microsoft Corporation) R2 DCService.exe; C:\ProgramData\DatacardService\DCService.exe [229376 2010-05-08] () [Datei ist nicht signiert] R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [9281840 2013-10-11] (DisplayLink Corp.) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [Datei ist nicht signiert] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-05-16] (Intel Corporation) R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [136288 2012-08-10] (Lenovo Group Limited) S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272424 2015-08-17] (Lenovo) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-17] () S3 Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software) [Datei ist nicht signiert] S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [21536 2015-09-29] () R2 ValBioService; C:\Program Files\Lenovo Fingerprint Reader\ValBioService.exe [22776 2015-03-03] (Validity Sensors, Inc.) R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [49968 2015-03-03] (Synaptics Incorporated) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-01-17] (Intel® Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [163544 2015-10-11] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [141416 2015-09-01] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-04-16] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [74952 2015-10-11] (Avira Operations GmbH & Co. KG) R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [132920 2013-04-23] (Motorola Solutions, Inc.) R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1385272 2013-08-08] (Motorola Solutions, Inc.) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [250368 2010-04-07] (Huawei Technologies Co., Ltd.) R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-02] (Intel Corporation) R3 ibtusb; C:\Windows\System32\DRIVERS\ibtusb.sys [113096 2013-08-20] (Intel Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-11-30] (Malwarebytes) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation) R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw02.sys [3429344 2014-02-18] (Intel Corporation) R3 RTSPER; C:\Windows\System32\DRIVERS\RtsPer.sys [418008 2013-06-24] (Realsil Semiconductor Corporation) R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [31472 2014-04-07] (Synaptics Incorporated) S3 tvtvcamd; C:\Windows\System32\DRIVERS\tvtvcamd.sys [27432 2013-09-26] (ThinkVantage Communications Utility) R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [206744 2013-06-20] (Windows (R) Win 7 DDK provider) R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [1065344 2013-09-11] (Vimicro Corporation) ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-11-30 21:04 - 2015-11-30 21:04 - 02870984 _____ (ESET) C:\Users\Marie-Luise\Desktop\esetsmartinstaller_deu.exe 2015-11-30 21:00 - 2015-11-30 21:07 - 00000000 ____D C:\ProgramData\HitmanPro 2015-11-30 20:59 - 2015-11-30 20:59 - 11337112 _____ (SurfRight B.V.) C:\Users\Marie-Luise\Desktop\HitmanPro_x64.exe 2015-11-30 20:54 - 2015-11-30 20:54 - 00000000 ____D C:\Users\Marie-Luise\AppData\Local\CrashRpt 2015-11-30 20:42 - 2015-11-30 20:42 - 00001027 _____ C:\Users\Marie-Luise\Desktop\JRT.txt 2015-11-30 20:41 - 2015-11-30 20:41 - 00000000 ____D C:\Users\Marie-Luise\AppData\Roaming\blvds-47 2015-11-30 20:40 - 2015-11-30 20:40 - 00000000 ____D C:\ProgramData\diode-06 2015-11-30 20:39 - 2015-11-30 20:39 - 01599336 _____ (Malwarebytes) C:\Users\Marie-Luise\Desktop\JRT.exe 2015-11-30 19:38 - 2015-11-30 19:40 - 00002401 _____ C:\Users\Marie-Luise\Desktop\Fixlog.txt 2015-11-30 19:01 - 2015-11-30 19:01 - 00000000 ____D C:\Users\Marie-Luise\AppData\Roaming\isotope-4 2015-11-30 18:58 - 2015-11-30 18:58 - 00000000 ____D C:\ProgramData\jedec-08 2015-11-29 21:24 - 2015-11-29 21:58 - 00671528 _____ C:\TDSSKiller.3.1.0.6_29.11.2015_21.24.07_log.txt 2015-11-29 21:19 - 2015-11-30 20:45 - 00025194 _____ C:\Users\Marie-Luise\Desktop\Addition.txt 2015-11-29 21:19 - 2015-11-29 21:19 - 04397752 _____ (Kaspersky Lab ZAO) C:\Users\Marie-Luise\Desktop\tdsskiller.exe 2015-11-29 21:18 - 2015-11-30 22:14 - 00021302 _____ C:\Users\Marie-Luise\Desktop\FRST.txt 2015-11-29 21:18 - 2015-11-30 22:14 - 00000000 ____D C:\FRST 2015-11-29 21:17 - 2015-11-29 21:17 - 02350080 _____ (Farbar) C:\Users\Marie-Luise\Desktop\FRST64.exe 2015-11-29 20:47 - 2015-11-29 20:47 - 00001025 _____ C:\Users\Marie-Luise\Desktop\AdwCleaner[C1].txt 2015-11-29 20:13 - 2015-11-29 20:19 - 00000000 ____D C:\AdwCleaner 2015-11-29 20:08 - 2015-11-29 20:08 - 01733632 _____ C:\Users\Marie-Luise\Desktop\adwcleaner_5.022.exe 2015-11-29 20:00 - 2015-11-30 21:31 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-11-29 20:00 - 2015-11-29 20:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-11-29 19:59 - 2015-11-29 20:00 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-11-29 19:59 - 2015-11-29 19:59 - 00000000 ____D C:\ProgramData\Malwarebytes 2015-11-29 19:59 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-11-29 19:59 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-11-29 19:59 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2015-11-29 19:57 - 2015-11-29 19:59 - 22908888 _____ (Malwarebytes ) C:\Users\Marie-Luise\Desktop\mbam-setup-2.2.0.1024.exe.part 2015-11-29 19:57 - 2015-11-29 19:58 - 22908888 _____ (Malwarebytes ) C:\Users\Marie-Luise\Desktop\mbam-setup-2.2.0.1024.exe 2015-11-29 19:51 - 2015-11-29 21:28 - 00000064 _____ C:\Users\Marie-Luise\.screenleap 2015-11-29 19:51 - 2015-11-29 20:29 - 00000000 ____D C:\Users\Marie-Luise\AppData\Local\Screenleap 2015-11-29 19:51 - 2015-11-29 19:51 - 00002000 _____ C:\Users\Marie-Luise\Desktop\Screenleap.lnk 2015-11-25 21:59 - 2015-11-30 19:05 - 00000000 ____D C:\Users\Marie-Luise\AppData\Roaming\pendulum-28 2015-11-18 19:00 - 2015-11-18 21:40 - 00000000 ____D C:\Users\Marie-Luise\AppData\Roaming\glonass-89 2015-11-15 17:20 - 2015-11-03 18:55 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-11-13 08:38 - 2015-10-20 19:42 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-11-13 08:38 - 2015-10-20 19:42 - 02608128 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-11-13 08:38 - 2015-10-20 19:42 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-11-13 08:38 - 2015-10-20 19:42 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-11-13 08:38 - 2015-10-20 19:42 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-11-13 08:38 - 2015-10-20 19:42 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2015-11-13 08:38 - 2015-10-20 19:42 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2015-11-13 08:38 - 2015-10-20 19:41 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-11-13 08:38 - 2015-10-20 19:41 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll 2015-11-13 08:38 - 2015-10-20 19:41 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-11-13 08:38 - 2015-10-20 19:41 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll 2015-11-13 08:38 - 2015-10-20 18:46 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2015-11-13 08:38 - 2015-10-20 18:46 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2015-11-13 08:38 - 2015-10-20 18:46 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2015-11-13 08:38 - 2015-10-20 18:46 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2015-11-13 08:38 - 2015-10-20 18:45 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2015-11-13 08:35 - 2015-11-03 23:10 - 00390344 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-11-13 08:35 - 2015-11-03 22:51 - 00342728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-11-13 08:35 - 2015-10-31 00:46 - 25818624 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-11-13 08:35 - 2015-10-31 00:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-11-13 08:35 - 2015-10-31 00:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-11-13 08:35 - 2015-10-31 00:25 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-11-13 08:35 - 2015-10-31 00:25 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-11-13 08:35 - 2015-10-31 00:25 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-11-13 08:35 - 2015-10-31 00:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-11-13 08:35 - 2015-10-31 00:24 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-11-13 08:35 - 2015-10-31 00:24 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-11-13 08:35 - 2015-10-31 00:17 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-11-13 08:35 - 2015-10-31 00:16 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-11-13 08:35 - 2015-10-31 00:13 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-11-13 08:35 - 2015-10-31 00:12 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-11-13 08:35 - 2015-10-31 00:12 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-11-13 08:35 - 2015-10-31 00:11 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-11-13 08:35 - 2015-10-31 00:11 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-11-13 08:35 - 2015-10-31 00:11 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-11-13 08:35 - 2015-10-31 00:04 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-11-13 08:35 - 2015-10-31 00:01 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-11-13 08:35 - 2015-10-30 23:58 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-11-13 08:35 - 2015-10-30 23:53 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-11-13 08:35 - 2015-10-30 23:52 - 20331520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-11-13 08:35 - 2015-10-30 23:49 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-11-13 08:35 - 2015-10-30 23:49 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-11-13 08:35 - 2015-10-30 23:47 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-11-13 08:35 - 2015-10-30 23:46 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-11-13 08:35 - 2015-10-30 23:46 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-11-13 08:35 - 2015-10-30 23:45 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2015-11-13 08:35 - 2015-10-30 23:45 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-11-13 08:35 - 2015-10-30 23:44 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2015-11-13 08:35 - 2015-10-30 23:44 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-11-13 08:35 - 2015-10-30 23:42 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-11-13 08:35 - 2015-10-30 23:39 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-11-13 08:35 - 2015-10-30 23:39 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-11-13 08:35 - 2015-10-30 23:37 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-11-13 08:35 - 2015-10-30 23:36 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-11-13 08:35 - 2015-10-30 23:36 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-11-13 08:35 - 2015-10-30 23:36 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-11-13 08:35 - 2015-10-30 23:34 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2015-11-13 08:35 - 2015-10-30 23:32 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-11-13 08:35 - 2015-10-30 23:31 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-11-13 08:35 - 2015-10-30 23:29 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-11-13 08:35 - 2015-10-30 23:29 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-11-13 08:35 - 2015-10-30 23:28 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-11-13 08:35 - 2015-10-30 23:23 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-11-13 08:35 - 2015-10-30 23:22 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-11-13 08:35 - 2015-10-30 23:21 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-11-13 08:35 - 2015-10-30 23:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-11-13 08:35 - 2015-10-30 23:18 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-11-13 08:35 - 2015-10-30 23:17 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-11-13 08:35 - 2015-10-30 23:17 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2015-11-13 08:35 - 2015-10-30 23:16 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-11-13 08:35 - 2015-10-30 23:11 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2015-11-13 08:35 - 2015-10-30 23:10 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-11-13 08:35 - 2015-10-30 23:09 - 12854272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-11-13 08:35 - 2015-10-30 23:09 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-11-13 08:35 - 2015-10-30 23:09 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-11-13 08:35 - 2015-10-30 23:04 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-11-13 08:35 - 2015-10-30 22:53 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-11-13 08:35 - 2015-10-30 22:51 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-11-13 08:35 - 2015-10-30 22:48 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-11-13 08:35 - 2015-10-30 22:46 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-11-13 08:33 - 2015-10-20 02:12 - 05570496 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-11-13 08:32 - 2015-10-20 02:12 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-11-13 08:32 - 2015-10-20 02:12 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-11-13 08:32 - 2015-10-20 02:09 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-11-13 08:32 - 2015-10-20 02:06 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2015-11-13 08:32 - 2015-10-20 02:06 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2015-11-13 08:32 - 2015-10-20 02:06 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2015-11-13 08:32 - 2015-10-20 02:06 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2015-11-13 08:32 - 2015-10-20 02:05 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-11-13 08:32 - 2015-10-20 02:05 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2015-11-13 08:32 - 2015-10-20 02:05 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2015-11-13 08:32 - 2015-10-20 02:05 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-11-13 08:32 - 2015-10-20 02:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-11-13 08:32 - 2015-10-20 02:05 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2015-11-13 08:32 - 2015-10-20 02:05 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-11-13 08:32 - 2015-10-20 02:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-11-13 08:32 - 2015-10-20 02:05 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-11-13 08:32 - 2015-10-20 02:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-11-13 08:32 - 2015-10-20 02:05 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-11-13 08:32 - 2015-10-20 02:05 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-11-13 08:32 - 2015-10-20 02:05 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-11-13 08:32 - 2015-10-20 02:05 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-11-13 08:32 - 2015-10-20 02:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-11-13 08:32 - 2015-10-20 02:05 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2015-11-13 08:32 - 2015-10-20 02:05 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-11-13 08:32 - 2015-10-20 02:05 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-11-13 08:32 - 2015-10-20 02:05 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-11-13 08:32 - 2015-10-20 02:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-11-13 08:32 - 2015-10-20 02:05 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2015-11-13 08:32 - 2015-10-20 02:04 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2015-11-13 08:32 - 2015-10-20 02:04 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-11-13 08:32 - 2015-10-20 02:04 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-11-13 08:32 - 2015-10-20 02:00 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-11-13 08:32 - 2015-10-20 01:59 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-11-13 08:32 - 2015-10-20 01:53 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-11-13 08:32 - 2015-10-20 01:53 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-11-13 08:32 - 2015-10-20 01:53 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:53 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:52 - 03991488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-11-13 08:32 - 2015-10-20 01:52 - 03935680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-11-13 08:32 - 2015-10-20 01:48 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-11-13 08:32 - 2015-10-20 01:45 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-11-13 08:32 - 2015-10-20 01:45 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-11-13 08:32 - 2015-10-20 01:45 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-11-13 08:32 - 2015-10-20 01:45 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-11-13 08:32 - 2015-10-20 01:45 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-11-13 08:32 - 2015-10-20 01:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-11-13 08:32 - 2015-10-20 01:45 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-11-13 08:32 - 2015-10-20 01:45 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2015-11-13 08:32 - 2015-10-20 01:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2015-11-13 08:32 - 2015-10-20 01:45 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-11-13 08:32 - 2015-10-20 01:45 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-11-13 08:32 - 2015-10-20 01:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2015-11-13 08:32 - 2015-10-20 01:44 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2015-11-13 08:32 - 2015-10-20 01:44 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2015-11-13 08:32 - 2015-10-20 01:44 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2015-11-13 08:32 - 2015-10-20 01:44 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-11-13 08:32 - 2015-10-20 01:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-11-13 08:32 - 2015-10-20 01:44 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2015-11-13 08:32 - 2015-10-20 01:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-11-13 08:32 - 2015-10-20 01:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-11-13 08:32 - 2015-10-20 01:35 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-11-13 08:32 - 2015-10-20 01:35 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2015-11-13 08:32 - 2015-10-20 01:35 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:35 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 00:41 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2015-11-13 08:32 - 2015-10-20 00:40 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2015-11-13 08:32 - 2015-10-20 00:40 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2015-11-13 08:32 - 2015-10-20 00:29 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2015-11-13 08:32 - 2015-10-20 00:29 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2015-11-13 08:32 - 2015-10-20 00:27 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 00:27 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 00:27 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 00:27 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2015-11-13 08:32 - 2015-10-13 17:41 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2015-11-13 08:32 - 2015-10-13 17:40 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys 2015-11-13 08:32 - 2015-10-13 05:57 - 00950720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys 2015-11-13 08:32 - 2015-09-23 14:15 - 00460776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2015-11-13 08:32 - 2015-09-23 14:15 - 00299632 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll 2015-11-13 08:32 - 2015-09-23 14:09 - 00251000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll 2015-11-13 08:31 - 2015-10-01 19:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll 2015-11-13 08:31 - 2015-10-01 19:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll 2015-11-13 08:31 - 2015-10-01 18:50 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll 2015-11-11 21:39 - 2015-11-14 17:48 - 00000000 ____D C:\ProgramData\en ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-11-30 22:08 - 2015-08-18 19:53 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-11-30 21:01 - 2009-07-14 05:45 - 00031904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-11-30 21:01 - 2009-07-14 05:45 - 00031904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-11-30 21:00 - 2014-08-19 13:14 - 00699342 _____ C:\Windows\system32\perfh007.dat 2015-11-30 21:00 - 2014-08-19 13:14 - 00149450 _____ C:\Windows\system32\perfc007.dat 2015-11-30 21:00 - 2009-07-14 06:13 - 01619284 _____ C:\Windows\system32\PerfStringBackup.INI 2015-11-30 21:00 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf 2015-11-30 20:53 - 2014-08-19 03:53 - 00000000 ____D C:\ProgramData\Validity 2015-11-30 20:53 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-11-30 20:45 - 2009-07-14 04:20 - 00000000 ____D C:\Windows 2015-11-30 20:12 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache 2015-11-30 19:05 - 2015-10-25 21:10 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2015-11-30 18:58 - 2015-05-05 19:39 - 00000000 ____D C:\Users\Marie-Luise\AppData\Local\VirtualStore 2015-11-29 19:51 - 2015-05-05 19:38 - 00000000 ____D C:\Users\Marie-Luise 2015-11-18 21:52 - 2014-08-19 04:04 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2015-11-18 21:50 - 2014-08-19 04:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Office 2015-11-17 18:25 - 2014-01-30 22:17 - 00000000 __SHD C:\Users\Marie-Luise\AppData\Roaming\aghubwrh 2015-11-16 18:49 - 2009-07-14 05:45 - 00353816 _____ C:\Windows\system32\FNTCACHE.DAT 2015-11-15 20:49 - 2014-08-18 20:55 - 00000000 ____D C:\ProgramData\Lenovo 2015-11-15 20:48 - 2014-08-19 03:55 - 00000000 ____D C:\Windows\System32\Tasks\TVT 2015-11-15 20:48 - 2014-08-19 03:51 - 00000000 ___HD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools 2015-11-15 20:48 - 2014-08-19 03:41 - 00000000 ____D C:\Program Files (x86)\Lenovo 2015-11-15 17:08 - 2015-08-18 19:53 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-11-15 17:08 - 2015-05-23 19:20 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-11-15 17:08 - 2015-05-23 19:20 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-11-13 08:37 - 2014-01-30 22:46 - 01593564 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2015-11-13 08:35 - 2014-02-03 15:34 - 00000000 ____D C:\Program Files\Windows Journal 2015-11-10 18:33 - 2015-05-16 12:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-11-10 18:33 - 2014-08-19 03:44 - 00000000 ____D C:\ProgramData\Package Cache 2015-11-09 18:32 - 2015-05-16 12:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-11-01 20:08 - 2015-07-05 19:31 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2015-05-25 17:00 - 2015-05-25 17:00 - 16342352 _____ (Geek Software GmbH ) C:\Program Files (x86)\pdf24-creator-6.9.2.exe 2015-05-21 06:48 - 2015-05-21 06:48 - 0000057 _____ () C:\ProgramData\Ament.ini 2014-08-19 03:53 - 2014-08-19 03:53 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2014-08-19 03:58 - 2014-08-19 03:59 - 0000107 _____ () C:\ProgramData\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}.log 2014-08-19 03:56 - 2014-08-19 03:57 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log 2014-08-19 03:57 - 2014-08-19 03:58 - 0000110 _____ () C:\ProgramData\{B7A0CE06-068E-11D6-97FD-0050BACBF861}.log 2014-08-19 03:58 - 2014-08-19 03:58 - 0000115 _____ () C:\ProgramData\{D6E853EC-8960-4D44-AF03-7361BB93227C}.log Einige Dateien in TEMP: ==================== C:\Users\Marie-Luise\AppData\Local\Temp\avgnt.exe Einige mit null Byte Größe Dateien/Ordner: ========================== C:\Windows\SysWOW64\dlumd10.dll C:\Windows\SysWOW64\dlumd11.dll C:\Windows\SysWOW64\dlumd9.dll C:\Windows\System32\dlumd10.dll C:\Windows\System32\dlumd11.dll C:\Windows\System32\dlumd9.dll ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\Windows\system32\winlogon.exe => Datei ist digital signiert C:\Windows\system32\wininit.exe => Datei ist digital signiert C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert C:\Windows\explorer.exe => Datei ist digital signiert C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert C:\Windows\system32\svchost.exe => Datei ist digital signiert C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert C:\Windows\system32\services.exe => Datei ist digital signiert C:\Windows\system32\User32.dll => Datei ist digital signiert C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert C:\Windows\system32\userinit.exe => Datei ist digital signiert C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert C:\Windows\system32\rpcss.dll => Datei ist digital signiert C:\Windows\system32\dnsapi.dll => Datei ist digital signiert C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2015-11-30 20:04 ==================== Ende von FRST.txt ============================ Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:29-11-2015
durchgeführt von Marie-Luise (2015-11-30 22:14:42)
Gestartet von C:\Users\Marie-Luise\Desktop
Windows 7 Professional Service Pack 1 (X64) (2015-05-05 18:38:17)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-1401465016-1591747146-3379758321-500 - Administrator - Disabled)
Gast (S-1-5-21-1401465016-1591747146-3379758321-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1401465016-1591747146-3379758321-1002 - Limited - Enabled)
Marie-Luise (S-1-5-21-1401465016-1591747146-3379758321-1001 - Administrator - Enabled) => C:\Users\Marie-Luise
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.180 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.13.210 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{59c4462d-a177-4d44-a95b-deda1be79844}) (Version: 1.1.49.18939 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.49.18939 - Avira Operations GmbH & Co. KG) Hidden
Bing Bar (HKLM-x32\...\{3611CA6C-5FCA-4900-A329-6A118123CCFC}) (Version: 7.1.355.0 - Microsoft Corporation)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.64.62.50 - Conexant)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
DisplayLink Core Software (HKLM\...\{BB07E020-7224-4EC3-864E-2AA0BF42A7DD}) (Version: 7.4.51572.0 - DisplayLink Corp.)
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 16.1.20150424 - Landesfinanzdirektion Thüringen)
Energie-Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.64.1 - Lenovo Group Limited)
HP Officejet 6700 - Grundlegende Software für das Gerät (HKLM\...\{9086D601-50B7-491D-A143-28193DADE36B}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 6700 Hilfe (HKLM-x32\...\{E1AE0CB7-1333-4728-8520-CB3F88A252B4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Integrated Camera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 5.13.911.3 - Vimicro)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.10.1372 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3272 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 3.0.1332.1) (HKLM\...\{302600C1-6BDF-4FD1-1307-148929CC1385}) (Version: 3.1.1307.0366 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Intel(R) Update Manager (x32 Version: 1.6.3.70 - Intel Corporation) Hidden
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.2.32 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{F949AE30-83D1-41B2-92D2-F44478DD058A}) (Version: 4.2.24.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{7e493493-a430-4b7b-b8a2-48d61599e220}) (Version: 17.0.0 - Intel Corporation)
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 2.10 - )
Lenovo Fingerprint Manager (HKLM\...\{D6006D3A-B3F5-48DC-8CC0-D353912379F3}) (Version: 4.5.289.0 - Synaptics)
Lenovo Fingerprint Manager (HKLM\...\{F7AB2C19-6A27-4C75-A92A-8CC7C59E5FA2}) (Version: 4.5.289.0 - )
Lenovo Patch Utility (x32 Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.04 - )
Lenovo Solution Center (HKLM\...\{E92E1FF1-B188-43FE-BECA-2248E227E67D}) (Version: 2.8.005.00 - Lenovo Group Limited)
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.07.0013 - Lenovo)
Lenovo USB Graphics (HKLM\...\{7257526E-B74A-488E-BA2E-56327482B06B}) (Version: 7.4.51587.0 - Lenovo)
Lenovo USB3.0 to DVI VGA Monitor Adapter (HKLM-x32\...\{454D32AD-C149-49BE-9F2E-8C089C3D6620}) (Version: 1.07.15 - Lenovo)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0009.00 - Lenovo Group Limited)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0011.00 - Lenovo)
Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office Home and Student 2016 - de-de (HKLM\...\HomeStudentRetail - de-de) (Version: 16.0.6001.1038 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\...\OneDriveSetup.exe) (Version: 17.3.5951.0827 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{e6e75766-da0f-4ba2-9788-6ea593ce702d}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 11.302.09.04.382 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 42.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 de)) (Version: 42.0 - Mozilla)
Mozilla Thunderbird 31.7.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.7.0 (x86 de)) (Version: 31.7.0 - Mozilla)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6001.1038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6001.1038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6001.1038 - Microsoft Corporation) Hidden
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
PDF24 Creator 6.9.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.21234 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.73.618.2013 - Realtek)
Sony PC Companion 2.10.259 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.259 - Sony)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 18.0.7.40 - Synaptics Incorporated)
Thinkpad USB 3.0 Ethernet Adapter Driver (HKLM-x32\...\{D8102684-7BA1-4948-88B9-535F84E6E588}) (Version: 7.4.911.2013 - Lenovo)
ThinkVantage System für aktiven Festplattenschutz (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.78.0.11 - Lenovo)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows-Treiberpaket - Intel Corporation (iaStorA) HDC (08/01/2013 12.8.0.1016) (HKLM\...\C8A921233C0C441A4E4EAABC2AB08C872FD77A6E) (Version: 08/01/2013 12.8.0.1016 - Intel Corporation)
Windows-Treiberpaket - Lenovo 1.67.04.04 (11/07/2013 1.67.04.04) (HKLM\...\70FB73D983446AEE2932B0ED51A770D1BD1348DA) (Version: 11/07/2013 1.67.04.04 - Lenovo)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Wiederherstellungspunkte =========================
15-11-2015 21:57:56 Windows Update
17-11-2015 18:31:47 Free Antivirus - 17.11.2015 18:31
30-11-2015 20:12:03 Geplanter Prüfpunkt
30-11-2015 20:41:04 JRT Pre-Junkware Removal
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {16A98A40-6353-410F-BD28-5345C3E2DBFE} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2015-08-17] ()
Task: {170F753F-2D86-4F1F-9CE1-4AA1A116B757} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2015-08-17] (Lenovo)
Task: {2EFA6B85-313D-4DD0-B0EC-F2F364F27095} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {474F4629-0DE0-49C2-9D0C-EBF7918BE7D0} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2015-09-29] ()
Task: {4E62F553-C70D-4BC3-B8D2-453C72CBEFF9} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\Bootstrap.exe [2013-07-18] (Intel Corporation)
Task: {5F6F5F29-C047-400D-BD94-3D79F9F6CB0E} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PwmIdTsv.exe [2013-10-21] (Lenovo Group Limited)
Task: {7B3C18C9-06C4-485E-AEE2-91B94C98115F} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\Bootstrap.exe [2013-07-18] (Intel Corporation)
Task: {B2853026-549C-413A-AA6D-1DAF46B17F70} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2015-11-01] (Microsoft Corporation)
Task: {B9E972D3-A324-4B34-9048-0E6C4FC35A6E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2015-11-01] (Microsoft Corporation)
Task: {BDB79BDC-99DF-47C8-9513-0EFF6CD0C369} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2015-08-17] (Lenovo)
Task: {C3D0177B-A8A2-4DEE-B8BD-BDC9EAFD18DC} - System32\Tasks\StartPowerDVDService => C:\PROGRAM FILES (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe
Task: {CD821E1D-24FE-4AC5-AE1D-F3A372670DF9} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2015-08-17] ()
Task: {D29C9B0D-7B4F-442B-996D-3F2C93DED596} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2015-08-17] (Lenovo)
Task: {D5E0EB99-D92E-4F82-8685-FC48AC7298EE} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {E9CB273F-6CEF-4BA3-87EC-C20EE48E7600} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-15] (Adobe Systems Incorporated)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2014-08-19 03:51 - 2013-10-21 23:04 - 00117248 ____N () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL
2015-10-02 18:45 - 2015-11-01 02:11 - 00161448 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2010-05-08 12:48 - 2010-05-08 12:48 - 00229376 _____ () C:\ProgramData\DatacardService\DCService.exe
2014-08-19 03:45 - 2010-10-26 05:40 - 00049056 _____ () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
2014-08-19 03:39 - 2013-05-16 09:05 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-05-16 22:15 - 2015-05-07 21:20 - 03350640 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2015-05-16 22:15 - 2015-05-07 21:20 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2015-05-16 22:15 - 2015-05-07 21:20 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\Windows:nlsPreferences
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{19CCF886-E8AC-4BE6-8588-095562D3E5F8}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{E6EE83DD-7E36-419E-9EAD-11E70FF5AC53}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{78EE11AE-7BAF-4D29-9A6B-D2DC562442FD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F8B03271-CC30-4390-B53F-321E951E6ECB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A3A91B0D-E7FA-477D-AC4E-3E9B2CCAE2B6}] => (Allow) C:\Program Files\HP\HP Officejet 6700\bin\FaxApplications.exe
FirewallRules: [{584F2355-8676-46E0-9165-282BAFE01DDC}] => (Allow) C:\Program Files\HP\HP Officejet 6700\bin\DigitalWizards.exe
FirewallRules: [{17525D02-32D4-4C7B-8D25-7D7E990BAECB}] => (Allow) C:\Program Files\HP\HP Officejet 6700\bin\SendAFax.exe
FirewallRules: [{C5EAB0C6-B0D9-4803-92E6-E3338DFEDD26}] => (Allow) C:\Program Files\HP\HP Officejet 6700\Bin\DeviceSetup.exe
FirewallRules: [{E3B484FE-6055-466D-B607-E6B57FF8676B}] => (Allow) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe
FirewallRules: [{0048073E-4041-42F9-94E3-F25516F9143D}] => (Allow) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{3D2F336D-7117-49FD-B8A2-FC194C9598F5}] => (Allow) C:\Users\Marie-Luise\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [{9D60C568-89F2-42DB-9DEC-7D1704875119}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E921CD51-E941-4B81-A1A6-C79D2F14FDCA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3C7F4936-989A-4354-81B0-7FA153E46F75}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{F808B78E-F593-47C1-B7ED-C600D8D5916B}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (11/30/2015 10:07:30 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Error: (11/30/2015 09:09:21 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Error: (11/30/2015 09:09:10 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Error: (11/30/2015 09:04:58 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Error: (11/30/2015 08:54:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/30/2015 07:42:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/30/2015 07:05:34 PM) (Source: MsiInstaller) (EventID: 1024) (User: Marie-Notebook)
Description: Produkt: Adobe Acrobat Reader DC - Deutsch - Update "{AC76BA86-7AD7-0000-2550-AC0F094E6F00}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127
Error: (11/30/2015 06:52:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/29/2015 08:21:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/29/2015 07:32:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Systemfehler:
=============
Error: (11/30/2015 09:14:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error: (11/30/2015 09:14:51 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\MARIE-~1\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (11/30/2015 09:14:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error: (11/30/2015 09:14:50 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\MARIE-~1\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (11/30/2015 09:14:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error: (11/30/2015 09:14:50 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\MARIE-~1\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (11/30/2015 09:10:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error: (11/30/2015 09:10:57 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\MARIE-~1\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (11/30/2015 09:10:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error: (11/30/2015 09:10:56 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\MARIE-~1\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i3-4100M CPU @ 2.50GHz
Prozentuale Nutzung des RAM: 62%
Installierter physikalischer RAM: 3810.46 MB
Verfügbarer physikalischer RAM: 1443.87 MB
Summe virtueller Speicher: 7619.12 MB
Verfügbarer virtueller Speicher: 4518.07 MB
==================== Laufwerke ================================
Drive c: (Windows7_OS) (Fixed) (Total:301.89 GB) (Free:252.38 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive d: (Volume) (Fixed) (Total:146.48 GB) (Free:120.8 GB) NTFS
Drive q: (Lenovo_Recovery) (Fixed) (Total:15.92 GB) (Free:4.03 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 49FC2C21)
Partition 1: (Active) - (Size=1.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=301.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=146.5 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=15.9 GB) - (Type=07 NTFS)
==================== Ende von Addition.txt ============================
|
|
01.12.2015, 13:58
| #11 |
| /// TB-Ausbilder | Windows7: Trojaner, registy befallen, HKU, HKCU Servus, Auf ins Gefecht...  Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter start
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\...\Run: [jedec-22] => C:\ProgramData\jedec-08\jedec-8.exe [439624 2015-11-30] (Enterprise Fighter)
C:\ProgramData\jedec-08
HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\...\RunOnce: [isotope-53] => C:\Users\Marie-Luise\AppData\Roaming\isotope-4\isotope-66.exe [619520 2015-11-30] (American Megatrends, Inc)
C:\Users\Marie-Luise\AppData\Roaming\isotope-4
Startup: C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\blvds-12.lnk [2015-11-30]
C:\Users\Marie-Luise\AppData\Roaming\blvds-47
C:\ProgramData\diode-06
C:\ProgramData\jedec-08
C:\Users\Marie-Luise\AppData\Roaming\pendulum-28
C:\Users\Marie-Luise\AppData\Roaming\glonass-89
C:\Users\Marie-Luise\AppData\Roaming\aghubwrh
C:\Users\Marie-Luise\Downloads\*CHIP-Installer.exe
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
Folder: C:\Users\Marie-Luise\AppData\Roaming
Folder: C:\ProgramData
EmptyTemp:
end
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 Lade dir die passende Version von SystemLook vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop: SystemLook (32 bit) | SystemLook (64 bit)
Schritt 3
Bitte poste mit deiner nächsten Antwort
|
|
01.12.2015, 19:27
| #12 |
| | Windows7: Trojaner, registy befallen, HKU, HKCU Guten Abend, unten stehend der Fixlog.txt. Sie ist ziemlich lang, ca 7 Codeboxes lang. Bitte sag kurz bescheid, wenn ich sie nicht komplett posten muss. Ich habe noch eine Frage: Während ich am PC hier arbeite, bekomme ich von AVIRA Virusmeldungen. Wie soll ich da vorgehen? AVIRA ganz schließen, Virus entfernen oder auf abbrechen klicken? Code:
ATTFilter Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:29-11-2015
durchgeführt von Marie-Luise (2015-12-01 19:13:05) Run:2
Gestartet von C:\Users\Marie-Luise\Desktop
Geladene Profile: Marie-Luise (Verfügbare Profile: Marie-Luise)
Start-Modus: Normal
==============================================
fixlist Inhalt:
*****************
start
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\...\Run: [jedec-22] => C:\ProgramData\jedec-08\jedec-8.exe [439624 2015-11-30] (Enterprise Fighter)
C:\ProgramData\jedec-08
HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\...\RunOnce: [isotope-53] => C:\Users\Marie-Luise\AppData\Roaming\isotope-4\isotope-66.exe [619520 2015-11-30] (American Megatrends, Inc)
C:\Users\Marie-Luise\AppData\Roaming\isotope-4
Startup: C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\blvds-12.lnk [2015-11-30]
C:\Users\Marie-Luise\AppData\Roaming\blvds-47
C:\ProgramData\diode-06
C:\ProgramData\jedec-08
C:\Users\Marie-Luise\AppData\Roaming\pendulum-28
C:\Users\Marie-Luise\AppData\Roaming\glonass-89
C:\Users\Marie-Luise\AppData\Roaming\aghubwrh
C:\Users\Marie-Luise\Downloads\*CHIP-Installer.exe
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
Folder: C:\Users\Marie-Luise\AppData\Roaming
Folder: C:\ProgramData
EmptyTemp:
end
*****************
Prozess erfolgreich geschlossen.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Wert erfolgreich entfernt
HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\Software\Microsoft\Windows\CurrentVersion\Run\\jedec-22 => Wert nicht gefunden.
"C:\ProgramData\jedec-08" => nicht gefunden.
HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\isotope-53 => Wert nicht gefunden.
"C:\Users\Marie-Luise\AppData\Roaming\isotope-4" => nicht gefunden.
C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\blvds-12.lnk => nicht gefunden.
"C:\Users\Marie-Luise\AppData\Roaming\blvds-47" => nicht gefunden.
"C:\ProgramData\diode-06" => nicht gefunden.
"C:\ProgramData\jedec-08" => nicht gefunden.
C:\Users\Marie-Luise\AppData\Roaming\pendulum-28 => erfolgreich verschoben
C:\Users\Marie-Luise\AppData\Roaming\glonass-89 => erfolgreich verschoben
C:\Users\Marie-Luise\AppData\Roaming\aghubwrh => erfolgreich verschoben
=========== "C:\Users\Marie-Luise\Downloads\*CHIP-Installer.exe" ==========
C:\Users\Marie-Luise\Downloads\OpenOffice - CHIP-Installer.exe => erfolgreich verschoben
C:\Users\Marie-Luise\Downloads\PDF24 Creator - CHIP-Installer.exe => erfolgreich verschoben
C:\Users\Marie-Luise\Downloads\Skype - CHIP-Installer.exe => erfolgreich verschoben
C:\Users\Marie-Luise\Downloads\Sony PC Companion - CHIP-Installer.exe => erfolgreich verschoben
========= Ende -> "C:\Users\Marie-Luise\Downloads\*CHIP-Installer.exe" ========
========= RemoveProxy: =========
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt
HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt
========= Ende von RemoveProxy: =========
========= ipconfig /flushdns =========
Windows-IP-Konfiguration
Der DNS-Aufl�sungscache wurde geleert.
========= Ende von CMD: =========
========= netsh winsock reset =========
Der Winsock-Katalog wurde zur�ckgesetzt.
Sie m�ssen den Computer neu starten, um den Vorgang abzuschlie�en.
========= Ende von CMD: =========
========================= Folder: C:\Users\Marie-Luise\AppData\Roaming ========================
2015-05-05 19:39 - 2015-09-14 17:55 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Adobe
2015-05-16 22:33 - 2015-07-06 18:42 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Adobe\Acrobat
2015-05-16 22:33 - 2015-05-16 22:43 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Adobe\Acrobat\10.0
2015-05-16 22:43 - 2015-06-01 06:02 - 0000036 _____ () C:\Users\Marie-Luise\AppData\Roaming\Adobe\Acrobat\10.0\TMDocs.sav
2015-05-16 22:43 - 2015-06-01 06:02 - 0000054 _____ () C:\Users\Marie-Luise\AppData\Roaming\Adobe\Acrobat\10.0\TMGrpPrm.sav
2015-05-16 22:34 - 2015-05-16 22:34 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Adobe\Acrobat\10.0\Collab
2015-05-16 22:34 - 2015-05-16 22:34 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Adobe\Acrobat\10.0\Forms
2015-05-16 22:34 - 2015-05-25 12:45 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Adobe\Acrobat\10.0\JSCache
2015-05-16 22:43 - 2015-05-16 22:43 - 0000022 _____ () C:\Users\Marie-Luise\AppData\Roaming\Adobe\Acrobat\10.0\JSCache\GlobData
2015-05-25 12:45 - 2015-05-25 12:45 - 0000024 _____ () C:\Users\Marie-Luise\AppData\Roaming\Adobe\Acrobat\10.0\JSCache\GlobSettings
2015-05-16 22:34 - 2015-06-03 20:38 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Adobe\Acrobat\10.0\Security
2015-05-16 22:34 - 2015-05-17 19:27 - 0005486 _____ () C:\Users\Marie-Luise\AppData\Roaming\Adobe\Acrobat\10.0\Security\addressbook.acrodata
2015-05-16 22:34 - 2015-06-03 20:39 - 0010240 _____ () C:\Users\Marie-Luise\AppData\Roaming\Adobe\Acrobat\10.0\Security\services_rdr.dat
2015-05-16 22:34 - 2015-06-03 20:39 - 0024152 _____ () C:\Users\Marie-Luise\AppData\Roaming\Adobe\Acrobat\10.0\Security\services_rdri.dat
2015-05-26 18:49 - 2015-06-03 20:38 - 0000264 _____ () C:\Users\Marie-Luise\AppData\Roaming\Adobe\Acrobat\10.0\Security\services_rdrk.dat
2015-05-16 22:34 - 2015-05-16 22:34 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Adobe\Acrobat\10.0\Security\CRLCache
2015-05-16 22:34 - 2015-05-25 12:44 - 0000933 _____ () C:\Users\Marie-Luise\AppData\Roaming\Adobe\Acrobat\10.0\Security\CRLCache\48B76449F3D5FEFA1133AA805E420F0FCA643651.crl
2015-05-16 22:34 - 2015-05-25 12:44 - 0037493 _____ () C:\Users\Marie-Luise\AppData\Roaming\Adobe\Acrobat\10.0\Security\CRLCache\A9B8213768ADC68AF64FCC6409E8BE414726687F.crl
2015-07-06 18:42 - 2015-11-11 21:39 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Adobe\Acrobat\DC
2015-09-05 22:16 - 2015-11-11 21:39 - 0000036 _____ () C:\Users\Marie-Luise\AppData\Roaming\Adobe\Acrobat\DC\TMDocs.sav
2015-09-05 22:16 - 2015-11-11 21:39 - 0000054 _____ () C:\Users\Marie-Luise\AppData\Roaming\Adobe\Acrobat\DC\TMGrpPrm.sav
2015-07-06 18:43 - 2015-07-06 18:43 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Adobe\Acrobat\DC\Collab
2015-07-06 18:43 - 2015-07-06 18:43 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Adobe\Acrobat\DC\Forms
2015-07-06 18:43 - 2015-11-11 21:39 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Adobe\Acrobat\DC\JSCache
2015-07-06 18:48 - 2015-07-06 18:48 - 0000022 _____ () C:\Users\Marie-Luise\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobData
2015-11-11 21:39 - 2015-11-11 21:39 - 0000024 _____ () C:\Users\Marie-Luise\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobSettings
2015-07-06 18:43 - 2015-07-23 20:36 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Adobe\Acrobat\DC\Security
2015-07-06 18:43 - 2015-07-06 18:43 - 0007870 _____ () C:\Users\Marie-Luise\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata
2015-07-23 20:36 - 2015-07-23 20:41 - 0069240 _____ () C:\Users\Marie-Luise\AppData\Roaming\Adobe\Acrobat\DC\Security\reader_fss_signature_initials
2015-07-23 20:36 - 2015-07-23 20:41 - 0024152 _____ () C:\Users\Marie-Luise\AppData\Roaming\Adobe\Acrobat\DC\Security\reader_fss_signature_initialsi
2015-07-23 20:36 - 2015-07-23 20:36 - 0000264 _____ () C:\Users\Marie-Luise\AppData\Roaming\Adobe\Acrobat\DC\Security\reader_fss_signature_initialsk
2015-07-06 18:43 - 2015-07-06 18:43 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache
2015-07-06 18:43 - 2015-11-01 20:07 - 0000637 _____ () C:\Users\Marie-Luise\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\0FDED5CEB68C302B1CDB2BDDD9D0000E76539CB0.crl
2015-07-06 18:43 - 2015-11-01 20:07 - 0000425 _____ () C:\Users\Marie-Luise\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\CE338828149963DCEA4CD26BB86F0363B4CA0BA5.crl
2015-09-14 17:55 - 2015-09-18 15:48 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Adobe\AIR
2015-09-18 15:48 - 2015-09-18 15:48 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Adobe\AIR\CRLCache
2015-09-18 15:48 - 2015-11-15 17:16 - 0000341 _____ () C:\Users\Marie-Luise\AppData\Roaming\Adobe\AIR\CRLCache\712E60D39B486D4A8F1CCC122850D47988E43E4E.crl
2015-09-18 15:48 - 2015-09-18 15:48 - 0000637 _____ () C:\Users\Marie-Luise\AppData\Roaming\Adobe\AIR\CRLCache\83105A47296D2BD7C6E7D7D99A5B3CC1705E7147.crl
2015-09-18 15:48 - 2015-11-15 17:16 - 0000477 _____ () C:\Users\Marie-Luise\AppData\Roaming\Adobe\AIR\CRLCache\DB2419F2AC9BFF1AE2970C6CC4EA0CE3B23662ED.crl
2015-09-14 17:55 - 2015-11-15 20:47 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Adobe\AIR\Updater
2015-09-18 15:48 - 2015-11-15 17:16 - 0000035 _____ () C:\Users\Marie-Luise\AppData\Roaming\Adobe\AIR\Updater\lastUpdateCheck
2015-11-15 17:16 - 2015-11-15 20:47 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Adobe\AIR\Updater\Background
2015-11-15 17:16 - 2015-11-15 17:16 - 0000041 _____ () C:\Users\Marie-Luise\AppData\Roaming\Adobe\AIR\Updater\Background\mimetype
2015-11-15 20:47 - 2015-11-15 20:47 - 0000000 _____ () C:\Users\Marie-Luise\AppData\Roaming\Adobe\AIR\Updater\Background\updateAttempted
2015-11-15 17:16 - 2015-11-15 17:16 - 18220192 _____ (Adobe Systems Inc.) C:\Users\Marie-Luise\AppData\Roaming\Adobe\AIR\Updater\Background\updater
2015-11-15 17:16 - 2015-11-15 17:16 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Adobe\AIR\Updater\Background\META-INF
2015-11-15 17:16 - 2015-11-15 17:16 - 0018878 _____ () C:\Users\Marie-Luise\AppData\Roaming\Adobe\AIR\Updater\Background\META-INF\signatures.xml
2015-05-05 19:39 - 2015-05-23 19:38 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Adobe\Flash Player
2015-05-23 19:38 - 2015-05-23 19:38 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Adobe\Flash Player\AFCache
2015-05-23 19:38 - 2015-05-23 19:38 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Adobe\Flash Player\APSPrivateData2
2015-05-16 10:54 - 2015-05-16 10:54 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Adobe\Flash Player\AssetCache
2015-05-16 10:54 - 2015-05-26 19:48 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Adobe\Flash Player\AssetCache\NVMKW9WT
2015-05-26 19:48 - 2015-05-26 19:48 - 0000148 _____ () C:\Users\Marie-Luise\AppData\Roaming\Adobe\Flash Player\AssetCache\NVMKW9WT\1C04C61346A1FA3139A37D860ED92632AA13DECF.heu
2015-05-26 19:48 - 2015-05-26 19:48 - 0565987 _____ () C:\Users\Marie-Luise\AppData\Roaming\Adobe\Flash Player\AssetCache\NVMKW9WT\1C04C61346A1FA3139A37D860ED92632AA13DECF.swz
2015-05-26 19:48 - 2015-05-26 19:48 - 0000007 _____ () C:\Users\Marie-Luise\AppData\Roaming\Adobe\Flash Player\AssetCache\NVMKW9WT\cacheSize.txt
2015-05-26 19:48 - 2015-05-26 19:48 - 0000148 _____ () C:\Users\Marie-Luise\AppData\Roaming\Adobe\Flash Player\AssetCache\NVMKW9WT\F7536EF0D78A77B889EEBE98BF96BA5321A1FDE0.heu
2015-05-26 19:48 - 2015-05-26 19:48 - 0127284 _____ () C:\Users\Marie-Luise\AppData\Roaming\Adobe\Flash Player\AssetCache\NVMKW9WT\F7536EF0D78A77B889EEBE98BF96BA5321A1FDE0.swz
2015-05-23 19:38 - 2015-05-23 19:38 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Adobe\Flash Player\Icon Cache
2015-05-05 19:39 - 2015-07-05 19:31 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Adobe\Flash Player\NativeCache
2015-07-05 19:31 - 2015-11-30 19:21 - 0000000 _____ () C:\Users\Marie-Luise\AppData\Roaming\Adobe\Flash Player\NativeCache\NativeCache.directory
2015-05-16 22:33 - 2015-05-16 22:33 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Adobe\Headlights
2015-05-16 22:33 - 2015-05-16 22:33 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Adobe\Linguistics
2015-05-16 22:33 - 2015-05-16 22:33 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Adobe\Linguistics\Dictionaries
2015-05-16 22:33 - 2015-07-06 18:43 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Adobe\LogTransport2
2015-07-06 18:43 - 2015-07-17 21:07 - 0004087 _____ () C:\Users\Marie-Luise\AppData\Roaming\Adobe\LogTransport2\LogTransport2.cfg
2015-07-06 18:43 - 2015-07-17 21:07 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Adobe\LogTransport2\Logs
2015-07-06 18:48 - 2015-07-06 18:48 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Adobe\Sonar
2015-07-06 18:48 - 2015-07-06 18:48 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Adobe\Sonar\Sonar1.0
2015-07-06 18:48 - 2015-07-17 21:07 - 0016790 _____ () C:\Users\Marie-Luise\AppData\Roaming\Adobe\Sonar\Sonar1.0\sonar_policy.xml
2015-12-01 18:25 - 2015-12-01 18:25 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\anode-75
2015-12-01 18:25 - 2015-12-01 18:25 - 0619520 ____N (American Megatrends, Inc) C:\Users\Marie-Luise\AppData\Roaming\anode-75\anode-82.exe
2015-05-16 12:27 - 2015-05-16 12:27 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Avira
2015-05-16 12:27 - 2015-05-16 12:27 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Avira\Antivirus
2015-05-16 12:27 - 2015-05-16 12:27 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Avira\Antivirus\JOBS
2015-05-16 12:33 - 2015-05-16 12:33 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Chip Digital GmbH
2015-05-16 12:33 - 2015-05-16 12:33 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Chip Digital GmbH\CHIP Secured Installer
2015-05-16 12:33 - 2015-05-16 12:33 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Chip Digital GmbH\CHIP Secured Installer\1.0.7.2
2015-05-16 12:33 - 2015-05-16 22:13 - 0000161 _____ () C:\Users\Marie-Luise\AppData\Roaming\Chip Digital GmbH\CHIP Secured Installer\1.0.7.2\dmr_72.log
2015-05-07 19:16 - 2015-05-07 19:16 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\CyberLink
2015-05-07 19:16 - 2015-05-07 19:16 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\CyberLink\PowerCinema
2015-05-07 19:16 - 2015-05-07 19:16 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\CyberLink\PowerDVD
2015-05-07 19:16 - 2015-05-07 19:16 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\CyberLink\PowerDVD10
2015-05-07 19:16 - 2015-05-07 19:16 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\CyberLink\PowerDVD10\Remix
2015-05-07 19:16 - 2015-05-08 19:58 - 0000424 _____ () C:\Users\Marie-Luise\AppData\Roaming\CyberLink\PowerDVD10\Remix\Circle.png
2015-05-07 19:16 - 2015-05-08 19:58 - 0000144 _____ () C:\Users\Marie-Luise\AppData\Roaming\CyberLink\PowerDVD10\Remix\LineGreen.png
2015-05-07 19:16 - 2015-05-08 19:58 - 0001754 _____ () C:\Users\Marie-Luise\AppData\Roaming\CyberLink\PowerDVD10\Remix\TextAnimation.png
2015-09-11 19:26 - 2015-09-11 19:26 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\dvdcss
2015-09-11 19:26 - 2015-09-11 19:26 - 0000203 _____ () C:\Users\Marie-Luise\AppData\Roaming\dvdcss\CACHEDIR.TAG
2015-09-11 19:26 - 2015-09-11 19:26 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\dvdcss\S_WORTMANN_ALLEIN_UNTER_FRAUEN-2009101415110600-
2015-05-21 07:44 - 2015-05-21 07:44 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\elsterformular
2015-05-21 07:44 - 2015-05-21 07:44 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\elsterformular\eric
2015-05-21 07:44 - 2015-07-13 19:57 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\elsterformular\eric\data
2015-05-21 07:44 - 2015-11-29 20:23 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\elsterformular\eric\ini
2015-05-21 07:44 - 2015-11-29 20:23 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\elsterformular\eric\log
2015-05-21 07:44 - 2015-11-29 20:23 - 0255003 _____ () C:\Users\Marie-Luise\AppData\Roaming\elsterformular\eric\log\eric.log
2015-05-21 07:44 - 2015-05-31 20:25 - 1000069 _____ () C:\Users\Marie-Luise\AppData\Roaming\elsterformular\eric\log\eric.log.1
2015-05-31 18:12 - 2015-07-13 19:09 - 0007366 _____ () C:\Users\Marie-Luise\AppData\Roaming\elsterformular\eric\log\eva.log
2015-05-21 07:44 - 2015-05-21 07:44 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\elsterformular\eric\tmp
2015-05-21 07:44 - 2015-11-29 20:23 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\elsterformular\pica
2015-05-21 07:44 - 2015-07-13 19:05 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\elsterformular\pica\ini
2015-07-13 19:05 - 2015-11-29 20:23 - 0009920 _____ () C:\Users\Marie-Luise\AppData\Roaming\elsterformular\pica\ini\pica.ini
2015-05-21 07:44 - 2015-07-13 19:04 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\elsterformular\pica\log
2015-05-21 07:44 - 2015-11-29 20:23 - 0084477 _____ () C:\Users\Marie-Luise\AppData\Roaming\elsterformular\pica\log\ericprozess.exe.log
2015-05-21 07:44 - 2015-05-31 20:29 - 0579568 _____ () C:\Users\Marie-Luise\AppData\Roaming\elsterformular\pica\log\ericprozess.exe.log.1
2015-05-21 07:44 - 2015-11-29 20:23 - 0096649 _____ () C:\Users\Marie-Luise\AppData\Roaming\elsterformular\pica\log\installationsverwaltung.log
2015-05-21 07:44 - 2015-11-29 20:23 - 0167213 _____ () C:\Users\Marie-Luise\AppData\Roaming\elsterformular\pica\log\pica.log
2015-05-21 07:44 - 2015-05-30 17:26 - 0225648 _____ () C:\Users\Marie-Luise\AppData\Roaming\elsterformular\pica\log\pica.log.1
2015-05-21 07:44 - 2015-05-21 07:44 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\elsterformular\pluginmanager
2015-05-21 07:44 - 2015-07-13 19:05 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\elsterformular\pluginmanager\data
2015-05-21 07:44 - 2015-07-13 19:05 - 0011869 _____ () C:\Users\Marie-Luise\AppData\Roaming\elsterformular\pluginmanager\data\inhalt_downloadverzeichnis.zip
2015-05-21 07:44 - 2015-07-13 19:05 - 0011869 _____ () C:\Users\Marie-Luise\AppData\Roaming\elsterformular\pluginmanager\data\inhalt_downloadverzeichnis_cpy.zip
2015-05-21 07:44 - 2015-07-13 19:04 - 0000423 _____ () C:\Users\Marie-Luise\AppData\Roaming\elsterformular\pluginmanager\data\inhalt_techplugin.zip
2015-05-21 07:44 - 2015-07-13 19:05 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\elsterformular\pluginmanager\tmp
2015-07-13 19:05 - 2015-07-13 19:05 - 29620960 _____ (Landesfinanzdirektion Thüringen) C:\Users\Marie-Luise\AppData\Roaming\elsterformular\pluginmanager\tmp\install_instv.exe
2015-07-13 19:04 - 2015-07-13 19:05 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\elsterformular\pluginmanager\tmp\ElsterFormular
2015-07-13 19:05 - 2015-07-13 19:05 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\elsterformular\pluginmanager\tmp\ElsterFormular\bin
2015-07-13 19:05 - 2015-06-29 15:57 - 0892416 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Users\Marie-Luise\AppData\Roaming\elsterformular\pluginmanager\tmp\ElsterFormular\bin\hilfepica.exe
2015-07-13 19:05 - 2015-06-29 15:57 - 21529088 _____ (The ICU Project) C:\Users\Marie-Luise\AppData\Roaming\elsterformular\pluginmanager\tmp\ElsterFormular\bin\icudt53.dll
2015-07-13 19:05 - 2015-06-29 15:57 - 1982976 _____ (The ICU Project) C:\Users\Marie-Luise\AppData\Roaming\elsterformular\pluginmanager\tmp\ElsterFormular\bin\icuin53.dll
2015-07-13 19:05 - 2015-06-29 15:57 - 1355264 _____ (The ICU Project) C:\Users\Marie-Luise\AppData\Roaming\elsterformular\pluginmanager\tmp\ElsterFormular\bin\icuuc53.dll
2015-07-13 19:05 - 2015-06-29 15:57 - 10304902 _____ (Landesfinanzdirektion Thüringen) C:\Users\Marie-Luise\AppData\Roaming\elsterformular\pluginmanager\tmp\ElsterFormular\bin\install_runtime.exe
2015-07-13 19:05 - 2015-06-29 15:57 - 2151424 _____ () C:\Users\Marie-Luise\AppData\Roaming\elsterformular\pluginmanager\tmp\ElsterFormular\bin\installationsverwaltung.exe
2015-07-13 19:05 - 2015-06-29 15:57 - 1149440 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Users\Marie-Luise\AppData\Roaming\elsterformular\pluginmanager\tmp\ElsterFormular\bin\libeay32.dll
2015-07-13 19:05 - 2015-06-29 15:57 - 0055296 _____ () C:\Users\Marie-Luise\AppData\Roaming\elsterformular\pluginmanager\tmp\ElsterFormular\bin\libEGL.dll
2015-07-13 19:05 - 2015-06-29 15:57 - 1405952 _____ () C:\Users\Marie-Luise\AppData\Roaming\elsterformular\pluginmanager\tmp\ElsterFormular\bin\libGLESv2.dll
2015-07-13 19:05 - 2015-06-29 15:57 - 0719360 _____ () C:\Users\Marie-Luise\AppData\Roaming\elsterformular\pluginmanager\tmp\ElsterFormular\bin\qca.dll
2015-07-13 19:05 - 2015-06-29 15:57 - 0917504 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Users\Marie-Luise\AppData\Roaming\elsterformular\pluginmanager\tmp\ElsterFormular\bin\Qt5CLucene.dll
2015-07-13 19:05 - 2015-06-29 15:57 - 4058112 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Users\Marie-Luise\AppData\Roaming\elsterformular\pluginmanager\tmp\ElsterFormular\bin\Qt5Core.dll
2015-07-13 19:05 - 2015-06-29 15:57 - 4535808 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Users\Marie-Luise\AppData\Roaming\elsterformular\pluginmanager\tmp\ElsterFormular\bin\Qt5Gui.dll
2015-07-13 19:05 - 2015-06-29 15:57 - 0413696 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Users\Marie-Luise\AppData\Roaming\elsterformular\pluginmanager\tmp\ElsterFormular\bin\Qt5Help.dll
2015-07-13 19:05 - 2015-06-29 15:57 - 0824832 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Users\Marie-Luise\AppData\Roaming\elsterformular\pluginmanager\tmp\ElsterFormular\bin\Qt5Network.dll
2015-07-13 19:05 - 2015-06-29 15:57 - 0264704 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Users\Marie-Luise\AppData\Roaming\elsterformular\pluginmanager\tmp\ElsterFormular\bin\Qt5PrintSupport.dll
2015-07-13 19:05 - 2015-06-29 15:57 - 0154624 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Users\Marie-Luise\AppData\Roaming\elsterformular\pluginmanager\tmp\ElsterFormular\bin\Qt5Sql.dll
2015-07-13 19:05 - 2015-06-29 15:57 - 4415488 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Users\Marie-Luise\AppData\Roaming\elsterformular\pluginmanager\tmp\ElsterFormular\bin\Qt5Widgets.dll
2015-07-13 19:05 - 2015-06-29 15:57 - 0150528 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Users\Marie-Luise\AppData\Roaming\elsterformular\pluginmanager\tmp\ElsterFormular\bin\Qt5Xml.dll
2015-07-13 19:05 - 2015-06-29 15:57 - 0268288 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Users\Marie-Luise\AppData\Roaming\elsterformular\pluginmanager\tmp\ElsterFormular\bin\ssleay32.dll
2015-07-13 19:05 - 2015-07-13 19:05 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\elsterformular\pluginmanager\tmp\ElsterFormular\bin\platforms
2015-07-13 19:05 - 2015-06-29 15:57 - 0934400 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Users\Marie-Luise\AppData\Roaming\elsterformular\pluginmanager\tmp\ElsterFormular\bin\platforms\qwindows.dll
2015-07-13 19:05 - 2015-07-13 19:05 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\elsterformular\pluginmanager\tmp\ElsterFormular\bin\pluginsqt
2015-07-13 19:05 - 2015-07-13 19:05 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\elsterformular\pluginmanager\tmp\ElsterFormular\bin\pluginsqt\crypto
2015-07-13 19:05 - 2015-06-29 15:57 - 0198144 _____ () C:\Users\Marie-Luise\AppData\Roaming\elsterformular\pluginmanager\tmp\ElsterFormular\bin\pluginsqt\crypto\qca-ossl.dll
2015-07-13 19:05 - 2015-07-13 19:05 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\elsterformular\pluginmanager\tmp\ElsterFormular\bin\pluginsqt\sqldrivers
2015-07-13 19:05 - 2015-06-29 15:57 - 0658432 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Users\Marie-Luise\AppData\Roaming\elsterformular\pluginmanager\tmp\ElsterFormular\bin\pluginsqt\sqldrivers\qsqlite.dll
2015-07-13 19:05 - 2015-07-13 19:05 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\elsterformular\pluginmanager\tmp\ElsterFormular\dict
2015-07-13 19:05 - 2015-06-29 15:58 - 0001892 _____ () C:\Users\Marie-Luise\AppData\Roaming\elsterformular\pluginmanager\tmp\ElsterFormular\dict\instv_0.vdict
2015-07-13 19:05 - 2015-06-29 15:58 - 0000512 _____ () C:\Users\Marie-Luise\AppData\Roaming\elsterformular\pluginmanager\tmp\ElsterFormular\dict\instv_0.vdict.sig
2015-07-13 19:05 - 2015-07-13 19:05 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\elsterformular\pluginmanager\tmp\ElsterFormular\hilfe
2015-07-13 19:05 - 2015-06-29 15:57 - 1252352 _____ () C:\Users\Marie-Luise\AppData\Roaming\elsterformular\pluginmanager\tmp\ElsterFormular\hilfe\elfo.bedienung.qch
2015-07-13 19:05 - 2015-06-29 15:57 - 0024576 _____ () C:\Users\Marie-Luise\AppData\Roaming\elsterformular\pluginmanager\tmp\ElsterFormular\hilfe\elfo.bedienung.qhc
2015-05-21 06:53 - 2015-05-28 20:11 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\HpUpdate
2015-05-28 20:11 - 2015-05-28 20:11 - 0000082 _____ () C:\Users\Marie-Luise\AppData\Roaming\HpUpdate\HpUpdate.Cache
2015-05-28 20:11 - 2015-10-10 19:50 - 0002421 _____ () C:\Users\Marie-Luise\AppData\Roaming\HpUpdate\HpUpdate.log
2015-05-05 19:39 - 2015-05-05 19:39 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Identities
2015-05-05 19:39 - 2015-05-05 19:39 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Identities\{0F0BFEBE-63FC-4FEB-8B13-1CC97CB1585C}
2015-05-05 19:38 - 2015-05-05 19:38 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Intel
2015-05-05 19:38 - 2015-05-05 19:38 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Intel\Wireless
2015-05-05 19:38 - 2015-05-05 19:38 - 0000000 ___HD () C:\Users\Marie-Luise\AppData\Roaming\Intel\Wireless\Settings
2015-05-05 19:38 - 2014-08-19 03:44 - 0001176 _____ () C:\Users\Marie-Luise\AppData\Roaming\Intel\Wireless\Settings\Settings.ini
2015-05-05 19:38 - 2015-05-05 19:38 - 0000000 ___HD () C:\Users\Marie-Luise\AppData\Roaming\Intel\Wireless\WLANProfiles
2015-05-05 19:38 - 2015-12-01 18:21 - 0000048 _____ () C:\Users\Marie-Luise\AppData\Roaming\Intel\Wireless\WLANProfiles\Profiles.enc
2015-05-05 19:39 - 2015-05-05 19:39 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Leadertech
2015-05-05 19:39 - 2015-05-05 19:39 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Leadertech\PowerRegister
2015-05-05 19:39 - 2015-05-16 11:05 - 0000386 _____ () C:\Users\Marie-Luise\AppData\Roaming\Leadertech\PowerRegister\PowerReg.dat
2015-09-15 18:44 - 2015-09-18 15:47 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\LSC
2015-09-18 15:47 - 2015-09-18 15:47 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\LSC\#airversion
2015-09-18 15:47 - 2015-09-18 15:47 - 0000000 _____ () C:\Users\Marie-Luise\AppData\Roaming\LSC\#airversion\18.0.0.180
2015-09-15 18:44 - 2015-09-18 15:47 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\LSC\Local Store
2015-09-18 15:47 - 2015-09-18 15:48 - 0000206 _____ () C:\Users\Marie-Luise\AppData\Roaming\LSC\Local Store\profile.xml
2015-09-15 18:44 - 2015-09-15 18:44 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\LSC\Local Store\Snapshot
2015-09-15 18:44 - 2015-09-15 18:44 - 0047904 _____ () C:\Users\Marie-Luise\AppData\Roaming\LSC\Local Store\Snapshot\baseline.json
2015-05-05 19:38 - 2014-08-19 03:53 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Macromedia
2015-05-05 19:38 - 2015-05-16 10:54 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Macromedia\Flash Player
2015-05-16 10:54 - 2015-11-30 19:38 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Macromedia\Flash Player\#SharedObjects
2015-05-16 10:54 - 2015-05-16 10:54 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Macromedia\Flash Player\macromedia.com
2015-05-16 10:54 - 2015-05-16 10:54 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support
2015-05-16 10:54 - 2015-05-16 10:54 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer
2015-05-16 10:54 - 2015-11-30 19:38 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys
2015-05-05 19:38 - 2014-08-19 03:53 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com
2015-05-05 19:38 - 2015-09-18 15:47 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin
2015-09-18 15:47 - 2015-09-18 15:47 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller
2015-09-18 15:47 - 2015-09-14 17:55 - 0310432 _____ (Adobe Systems Inc.) C:\Users\Marie-Luise\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2015-09-18 15:47 - 2015-09-14 17:55 - 0002880 _____ () C:\Users\Marie-Luise\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\digest.s
2015-05-05 19:38 - 2014-02-03 15:33 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Media Center Programs
2015-05-05 19:38 - 2015-10-02 19:10 - 0000000 ___SD () C:\Users\Marie-Luise\AppData\Roaming\Microsoft
2015-10-02 19:02 - 2015-10-02 19:02 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\AddIns
2015-10-02 19:02 - 2015-10-02 19:02 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Bibliography
2015-10-02 19:02 - 2015-10-02 19:02 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Bibliography\Style
2015-10-02 19:02 - 2015-10-02 18:47 - 0333602 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Bibliography\Style\APASixthEditionOfficeOnline.xsl
2015-10-02 19:02 - 2015-10-02 18:47 - 0297017 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Bibliography\Style\CHICAGO.XSL
2015-10-02 19:02 - 2015-10-02 18:47 - 0268670 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Bibliography\Style\GB.XSL
2015-10-02 19:02 - 2015-10-02 18:47 - 0256358 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Bibliography\Style\GostName.XSL
2015-10-02 19:02 - 2015-10-02 18:47 - 0251449 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Bibliography\Style\GostTitle.XSL
2015-10-02 19:02 - 2015-10-02 18:47 - 0284802 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Bibliography\Style\HarvardAnglia2008OfficeOnline.xsl
2015-10-02 19:02 - 2015-10-02 18:47 - 0294525 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Bibliography\Style\IEEE2006OfficeOnline.xsl
2015-10-02 19:02 - 2015-10-02 18:47 - 0270642 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Bibliography\Style\ISO690.XSL
2015-10-02 19:02 - 2015-10-02 18:47 - 0217578 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Bibliography\Style\ISO690Nmerical.XSL
2015-10-02 19:02 - 2015-10-02 18:47 - 0255219 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Bibliography\Style\MLASeventhEditionOfficeOnline.xsl
2015-10-02 19:02 - 2015-10-02 18:47 - 0251336 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Bibliography\Style\SIST02.XSL
2015-10-02 19:02 - 2015-10-02 18:47 - 0344662 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Bibliography\Style\TURABIAN.XSL
2015-05-05 19:45 - 2015-05-05 19:45 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\CLR Security Config
2015-05-05 19:45 - 2015-09-15 19:56 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312
2015-05-05 19:46 - 2015-05-25 16:54 - 0001370 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
2015-09-15 19:56 - 2015-09-15 19:56 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\64bit
2015-05-05 19:38 - 2015-05-05 19:38 - 0000000 ___SD () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Credentials
2015-05-05 19:38 - 2015-05-05 19:38 - 0000000 ___SD () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Crypto
2015-05-05 19:38 - 2015-05-05 19:38 - 0000000 ___SD () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Crypto\RSA
2015-05-05 19:38 - 2015-06-06 21:03 - 0000000 ___SD () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1401465016-1591747146-3379758321-1001
2015-05-05 19:38 - 2015-05-05 19:38 - 0000077 ____S () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1401465016-1591747146-3379758321-1001\3a679951e6f2eb81b341c95e9ffe4a25_c09dece1-a462-4083-9e07-07a38060f384
2015-05-16 12:36 - 2015-05-16 12:36 - 0000052 ____S () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1401465016-1591747146-3379758321-1001\49db08e8c34e2e822c55367f0ae7b73f_c09dece1-a462-4083-9e07-07a38060f384
2015-05-05 19:44 - 2015-05-05 19:44 - 0000045 ____S () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1401465016-1591747146-3379758321-1001\62a45886e06c7d046ea8b819bec0598a_c09dece1-a462-4083-9e07-07a38060f384
2015-06-06 21:03 - 2015-06-06 21:03 - 0000059 ____S () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1401465016-1591747146-3379758321-1001\8f96978fc46d9f00d8780351026924d7_c09dece1-a462-4083-9e07-07a38060f384
2015-10-02 19:02 - 2015-10-02 19:02 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Document Building Blocks
2015-10-02 19:02 - 2015-10-02 19:02 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Document Building Blocks\1031
2015-10-02 19:02 - 2015-10-10 22:08 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Document Building Blocks\1031\16
2015-10-02 21:36 - 2015-10-02 21:36 - 0000000 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Document Building Blocks\1031\16\Building Blocks.dotx
2015-10-02 19:02 - 2015-10-10 11:03 - 3003823 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Document Building Blocks\1031\16\Built-In Building Blocks.dotx
2015-06-06 21:03 - 2015-06-06 21:03 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\eHome
2015-10-02 19:08 - 2015-11-29 21:44 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Excel
2015-10-02 19:09 - 2015-11-18 21:40 - 0010466 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Excel\Excel15.xlb
2015-05-21 07:00 - 2015-05-21 07:00 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\HTML Help
2015-05-21 07:00 - 2015-05-21 07:00 - 0008590 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\HTML Help\hh.dat
2015-05-16 22:33 - 2015-05-16 22:33 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\IME12
2015-05-16 22:33 - 2015-05-16 22:33 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\IMJP12
2015-05-16 22:33 - 2015-05-16 22:33 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\IMJP8_1
2015-05-16 22:33 - 2015-05-16 22:33 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\IMJP9_0
2015-05-05 19:38 - 2015-05-05 19:39 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Internet Explorer
2015-05-05 19:38 - 2015-05-16 22:28 - 0000000 ___RD () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch
2015-05-05 19:38 - 2015-05-08 20:15 - 0000221 ___SH () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
2015-05-08 20:15 - 2015-05-08 20:15 - 0001430 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
2015-05-16 22:15 - 2015-05-16 22:28 - 0002125 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
2015-05-05 19:38 - 2009-07-14 05:49 - 0000290 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
2015-05-05 19:38 - 2009-07-14 05:49 - 0000272 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
2015-05-05 19:39 - 2015-05-05 19:39 - 0000000 ___HD () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned
2015-05-05 19:39 - 2015-10-02 21:33 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts
2015-10-02 21:33 - 2015-10-02 21:33 - 0000000 ___RD () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3
2015-10-02 21:33 - 2015-10-02 21:33 - 0000073 ___SH () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\desktop.ini
2015-10-02 21:33 - 2015-10-02 21:33 - 0002686 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk
2015-05-05 19:39 - 2015-11-09 18:32 - 0000000 ___RD () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar
2015-05-05 19:39 - 2015-05-16 12:15 - 0000086 ___SH () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini
2015-05-16 12:36 - 2015-11-09 18:32 - 0001174 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk
2015-05-16 23:07 - 2015-05-16 22:15 - 0002113 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Thunderbird.lnk
2015-05-05 19:39 - 2009-07-14 05:49 - 0001228 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk
2015-05-05 19:39 - 2014-01-30 23:06 - 0001547 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk
2015-05-05 19:39 - 2015-05-05 19:39 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Internet Explorer\UserData
2015-05-05 19:39 - 2015-05-05 19:39 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low
2015-05-14 08:54 - 2015-05-14 08:54 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\MMC
2015-05-05 19:39 - 2015-05-05 19:39 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Network
2015-05-05 19:39 - 2015-05-05 19:39 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Network\Connections
2015-05-05 19:39 - 2015-05-05 19:39 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Network\Connections\Pbk
2015-05-05 19:39 - 2015-05-05 19:39 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk
2015-05-05 19:39 - 2015-05-05 19:39 - 0000000 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk
2015-10-02 19:02 - 2015-10-10 21:28 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Office
2015-10-10 21:28 - 2015-10-10 21:28 - 0032116 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Office\fbcC767.tmp
2015-10-02 19:02 - 2015-10-02 19:02 - 0015196 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Office\MSO1031.acl
2015-10-04 17:57 - 2015-10-04 17:57 - 0037730 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Office\MSO1033.acl
2015-10-02 19:05 - 2015-11-18 21:40 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Office\Recent
2015-10-26 12:38 - 2015-10-26 12:38 - 0000571 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Office\Recent\Ägypten.LNK
2015-11-09 19:25 - 2015-11-09 19:25 - 0000359 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Office\Recent\CiBT.LNK
2015-11-08 21:49 - 2015-11-08 21:49 - 0000570 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Office\Recent\EMMAUS-Glaubenskurs-1.Abend-2015 (2).LNK
2015-11-08 19:55 - 2015-11-08 21:49 - 0000570 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Office\Recent\EMMAUS-Glaubenskurs-1.Abend-2015.LNK
2015-11-08 19:55 - 2015-11-08 19:55 - 0000384 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Office\Recent\Emmaus-Kurs.LNK
2015-11-01 21:56 - 2015-11-01 21:56 - 0000558 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Office\Recent\Ernährung.LNK
2015-10-02 19:05 - 2015-11-18 21:40 - 0001709 ____H () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Office\Recent\index.dat
2015-10-26 12:24 - 2015-10-26 12:24 - 0000595 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Office\Recent\Küdnigung Nidda.LNK
2015-10-13 19:03 - 2015-10-17 12:07 - 0000757 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Office\Recent\Lehrergesundheit, 13.10..LNK
2015-10-14 21:33 - 2015-10-17 12:12 - 0000778 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Office\Recent\Lehrergesundheit, 13.10._fertig.LNK
2015-10-15 20:44 - 2015-10-15 20:56 - 0000376 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Office\Recent\Lehrergesundheit, 13.10._fertig_II.LNK
2015-11-07 12:24 - 2015-11-07 12:24 - 0000597 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Office\Recent\monatl. Kosten_alter pc.LNK
2015-11-07 12:08 - 2015-11-18 21:40 - 0000576 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Office\Recent\monatliche Kosten.LNK
2015-11-17 18:36 - 2015-11-17 18:36 - 0000548 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Office\Recent\PW.LNK
2015-11-09 20:19 - 2015-11-13 08:33 - 0000485 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Office\Recent\Resümee CiBT.LNK
2015-10-26 12:43 - 2015-10-26 12:43 - 0000531 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Office\Recent\Unterschr_Kesting_sw.LNK
2015-10-02 19:10 - 2015-10-02 19:10 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\OneNote
2015-10-02 19:10 - 2015-10-02 19:10 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\OneNote\16.0
2015-10-02 19:10 - 2015-10-02 19:10 - 0025280 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\OneNote\16.0\Preferences.dat
2015-10-02 19:08 - 2015-10-13 19:37 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\PowerPoint
2015-10-02 19:08 - 2015-10-17 12:13 - 0000130 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\PowerPoint\PPT16.pcb
2015-10-10 20:08 - 2015-10-10 20:08 - 0000000 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\PowerPoint\ppt2842.tmp
2015-10-10 18:15 - 2015-10-10 19:28 - 1333357 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\PowerPoint\ppt9051.tmp
2015-10-02 19:02 - 2015-10-02 19:02 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Proof
2015-05-05 19:38 - 2015-05-05 19:38 - 0000000 ___SD () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Protect
2015-05-05 19:38 - 2015-05-05 19:38 - 0000024 ___SH () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Protect\CREDHIST
2015-05-05 19:38 - 2015-11-08 19:59 - 0000000 ___SD () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Protect\S-1-5-21-1401465016-1591747146-3379758321-1001
2015-05-05 19:38 - 2015-05-05 19:38 - 0000468 ___SH () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Protect\S-1-5-21-1401465016-1591747146-3379758321-1001\6f6532e8-3801-47e1-bbd1-5a6d4f2467d9
2015-08-08 07:58 - 2015-08-08 07:58 - 0000468 ___SH () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Protect\S-1-5-21-1401465016-1591747146-3379758321-1001\b7f07e19-a3d9-4a3a-b529-bbfe75e1aa78
2015-11-08 19:59 - 2015-11-08 19:59 - 0000468 ___SH () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Protect\S-1-5-21-1401465016-1591747146-3379758321-1001\fd536eeb-af11-490c-99c7-a789b810ac39
2015-05-05 19:38 - 2015-11-08 19:59 - 0000024 ___SH () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Protect\S-1-5-21-1401465016-1591747146-3379758321-1001\Preferred
2015-10-02 19:05 - 2015-10-02 19:05 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\QuickStyles
2015-05-05 19:54 - 2015-05-05 19:54 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Speech
2015-05-05 19:54 - 2015-05-05 19:54 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Speech\Files
2015-05-05 19:54 - 2015-05-05 19:54 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Speech\Files\UserLexicons
2015-05-05 19:54 - 2015-05-05 19:54 - 0000940 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Speech\Files\UserLexicons\SP_33D40F455EB2415BBF745BF559DEB65D.dat
2015-05-05 19:38 - 2015-05-05 19:38 - 0000000 ___SD () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\SystemCertificates
2015-05-05 19:38 - 2015-05-05 19:38 - 0000000 ___SD () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\SystemCertificates\My
2015-05-05 19:38 - 2015-05-05 19:38 - 0000000 ___SD () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
2015-05-05 19:38 - 2015-05-05 19:38 - 0000000 ___SD () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
2015-05-05 19:38 - 2015-05-05 19:38 - 0000000 ___SD () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
2015-10-02 19:02 - 2015-11-29 21:58 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Templates
2015-10-10 18:01 - 2015-10-10 18:01 - 3687100 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Templates\Geschäftliche Präsentation Rote Linie (Breitbild).potx
2015-10-02 19:06 - 2015-11-29 21:58 - 0019633 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Templates\Normal.dotm
2015-10-02 19:09 - 2015-09-10 15:20 - 0251166 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Templates\Willkommen bei Excel.xltx
2015-10-02 21:42 - 2015-09-10 14:09 - 1355663 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Templates\Willkommen bei PowerPoint.potx
2015-10-02 19:04 - 2015-09-10 14:08 - 1670075 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Templates\Willkommen bei Word.dotx
2015-10-02 21:42 - 2015-10-02 21:42 - 2617124 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Templates\Wissenschaftliche Präsentation für einen Hochschulkurs (Design Lehrbuch).potx
2015-10-02 21:46 - 2015-10-02 21:46 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Templates\Document Themes
2015-10-02 21:46 - 2015-10-02 21:46 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Templates\Document Themes\Theme Colors
2015-10-02 21:46 - 2015-10-02 21:46 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Templates\Document Themes\Theme Effects
2015-10-02 21:46 - 2015-10-02 21:46 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Templates\Document Themes\Theme Fonts
2015-10-02 19:02 - 2015-10-02 19:02 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Templates\LiveContent
2015-10-02 19:02 - 2015-10-02 19:02 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Templates\LiveContent\16
2015-10-02 19:02 - 2015-10-02 19:02 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed
2015-10-02 19:02 - 2015-10-02 19:02 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes
2015-10-02 19:02 - 2015-11-25 21:57 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1031
2015-10-10 21:47 - 2015-10-10 21:47 - 0016689 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1031\TM02807606[[fn=Faxdeckblatt (Punkte-Design)]].dotx
2015-10-02 19:02 - 2015-10-02 19:02 - 0562113 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1031\TM03090430[[fn=Verbund]].thmx
2015-10-02 19:02 - 2015-10-02 19:03 - 1649585 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1031\TM03090434[[fn=Holzart]].thmx
2015-10-02 19:02 - 2015-10-02 19:02 - 0558035 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1031\TM03457444[[fn=Fundament]].thmx
2015-10-02 19:03 - 2015-10-02 19:03 - 3296405 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1031\TM03457452[[fn=Himmel]].thmx
2015-10-02 19:02 - 2015-10-02 19:02 - 0570901 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1031\TM03457464[[fn=Dividende]].thmx
2015-10-02 19:02 - 2015-10-02 19:02 - 0523048 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1031\TM03457475[[fn=Rahmen]].thmx
2015-10-02 19:03 - 2015-10-02 19:03 - 3078052 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1031\TM03457485[[fn=Netz]].thmx
2015-10-02 19:02 - 2015-10-02 19:03 - 0887908 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1031\TM03457491[[fn=Metropolitan]].thmx
2015-10-02 19:02 - 2015-10-02 19:02 - 0924687 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1031\TM03457496[[fn=Parallax]].thmx
2015-10-02 19:02 - 2015-10-02 19:02 - 0966946 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1031\TM03457503[[fn=Zitierfähig]].thmx
2015-10-02 19:03 - 2015-10-02 19:03 - 1204049 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1031\TM03457510[[fn=Savon]].thmx
2015-10-02 19:02 - 2015-10-02 19:02 - 0729469 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1031\TM03457515[[fn=Aussicht]].thmx
2015-10-02 19:03 - 2015-10-02 19:03 - 1011082 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1031\TM04033917[[fn=Berlin]].thmx
2015-10-02 19:03 - 2015-10-02 19:03 - 1463634 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1031\TM04033919[[fn=Schaltkreis]].thmx
2015-10-02 19:03 - 2015-10-02 19:03 - 2218943 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1031\TM04033921[[fn=Damast]].thmx
2015-10-02 19:03 - 2015-10-02 19:03 - 2368674 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1031\TM04033923[[fn=Tiefe]].thmx
2015-10-02 19:03 - 2015-10-02 19:03 - 1750795 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1031\TM04033925[[fn=Tropfen]].thmx
2015-10-02 19:03 - 2015-10-02 19:03 - 2924237 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1031\TM04033927[[fn=Wichtiges Ereignis]].thmx
2015-10-02 19:03 - 2015-10-02 19:03 - 2357051 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1031\TM04033929[[fn=Schiefer]].thmx
2015-10-02 19:03 - 2015-10-02 19:03 - 3611324 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1031\TM04033937[[fn=Kondensstreifen]].thmx
2015-11-25 21:57 - 2015-10-14 15:52 - 1526134 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1031\TM10001114[[fn=Galerie]].thmx
2015-11-25 21:57 - 2015-10-12 15:38 - 0608122 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1031\TM10001115[[fn=Paket]].thmx
2015-10-03 10:53 - 2015-10-03 10:53 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1031\Theme Colors
2015-10-03 10:53 - 2015-10-03 10:53 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1031\Theme Effects
2015-10-03 10:54 - 2015-10-03 10:54 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1031\Theme Fonts
2015-10-02 19:02 - 2015-10-02 19:02 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics
2015-10-02 19:02 - 2015-10-02 19:02 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1031
2015-10-02 19:02 - 2015-10-02 19:02 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles
2015-10-02 19:02 - 2015-10-02 19:02 - 0333258 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851216[[fn=apasixtheditionofficeonline]].xsl
2015-10-02 19:02 - 2015-10-02 19:02 - 0343777 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851217[[fn=chicago]].xsl
2015-10-02 19:02 - 2015-10-02 19:02 - 0268317 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851218[[fn=gb]].xsl
2015-10-02 19:02 - 2015-10-02 19:02 - 0255948 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851219[[fn=gostname]].xsl
2015-10-02 19:02 - 2015-10-02 19:02 - 0251032 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851220[[fn=gosttitle]].xsl
2015-10-02 19:02 - 2015-10-02 19:02 - 0284415 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851221[[fn=harvardanglia2008officeonline]].xsl
2015-10-02 19:02 - 2015-10-02 19:02 - 0294178 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851222[[fn=ieee2006officeonline]].xsl
2015-10-02 19:02 - 2015-10-02 19:02 - 0270198 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851223[[fn=iso690]].xsl
2015-10-02 19:02 - 2015-10-02 19:02 - 0217137 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851224[[fn=iso690nmerical]].xsl
2015-10-02 19:02 - 2015-10-02 19:02 - 0254875 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851225[[fn=mlaseventheditionofficeonline]].xsl
2015-10-02 19:02 - 2015-10-02 19:02 - 0344303 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851226[[fn=turabian]].xsl
2015-10-02 19:02 - 2015-10-02 19:02 - 0250983 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851227[[fn=sist02]].xsl
2015-10-02 19:02 - 2015-10-02 19:02 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Building Blocks
2015-10-02 19:02 - 2015-10-02 21:39 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Building Blocks\1031
2015-10-02 19:02 - 2015-10-02 19:02 - 0035406 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Building Blocks\1031\TM01840907[[fn=Equations]].dotx
2015-10-02 19:02 - 2015-10-04 17:21 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Templates\LiveContent\16\User
2015-10-02 19:02 - 2015-10-02 19:02 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Templates\LiveContent\16\User\Document Themes
2015-10-02 19:02 - 2015-10-10 21:47 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Templates\LiveContent\16\User\Document Themes\1031
2015-10-07 18:59 - 2015-10-07 18:59 - 0049620 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Templates\LiveContent\16\User\Document Themes\1031\Facette.thmx
2015-10-03 10:53 - 2015-10-03 10:53 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Templates\LiveContent\16\User\Document Themes\1031\Theme Colors
2015-10-03 10:53 - 2015-10-03 10:53 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Templates\LiveContent\16\User\Document Themes\1031\Theme Effects
2015-10-03 10:54 - 2015-10-03 10:54 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Templates\LiveContent\16\User\Document Themes\1031\Theme Fonts
2015-10-04 17:21 - 2015-10-04 17:21 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Templates\LiveContent\16\User\SmartArt Graphics
2015-10-04 17:21 - 2015-10-04 17:21 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Templates\LiveContent\16\User\SmartArt Graphics\1031
2015-10-02 19:02 - 2015-10-02 19:02 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Templates\LiveContent\16\User\Word Document Bibliography Styles
2015-10-02 19:02 - 2015-10-02 19:02 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Templates\LiveContent\16\User\Word Document Building Blocks
2015-10-02 19:02 - 2015-10-02 19:02 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Templates\LiveContent\16\User\Word Document Building Blocks\1031
2015-10-04 17:21 - 2015-10-04 17:21 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Templates\SmartArt Graphics
2015-10-02 19:02 - 2015-10-04 17:24 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\UProof
2015-10-02 19:02 - 2015-10-02 19:02 - 0000028 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC
2015-10-04 17:24 - 2015-10-04 17:24 - 0000002 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\UProof\ExcludeDictionaryEN0409.lex
2015-10-02 19:05 - 2015-10-02 19:05 - 0000002 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\UProof\ExcludeDictionaryEN0809.lex
2015-10-02 21:35 - 2015-10-02 21:35 - 0000002 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\UProof\ExcludeDictionaryGE0407.lex
2015-05-15 20:04 - 2015-05-15 20:04 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Vault
2015-05-05 19:38 - 2015-05-08 20:15 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows
2015-05-05 19:38 - 2015-11-30 19:38 - 0000000 __SHD () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\Cookies
2015-11-30 19:38 - 2015-11-30 19:38 - 0000000 ___SH () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\Cookies\container.dat
2015-05-05 19:39 - 2015-05-08 20:15 - 0000000 __SHD () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\DNTException
2015-05-08 20:15 - 2015-05-08 20:15 - 0000000 ___SH () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\DNTException\container.dat
2015-05-05 19:39 - 2015-05-05 19:39 - 0000000 ___HD () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\DNTException\Low
2015-05-05 19:39 - 2015-05-05 20:01 - 0000000 __SHD () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\IECompatCache
2015-05-05 20:01 - 2015-05-05 20:01 - 0000000 ___SH () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\IECompatCache\container.dat
2015-05-05 19:39 - 2015-05-08 20:15 - 0000000 __SHD () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\IECompatCache\Low
2015-05-08 20:15 - 2015-05-08 20:15 - 0000000 ___SH () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\IECompatCache\Low\container.dat
2015-05-05 19:39 - 2015-05-05 20:01 - 0000000 __SHD () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\IECompatUACache
2015-05-05 20:01 - 2015-05-05 20:01 - 0000000 ___SH () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\IECompatUACache\container.dat
2015-05-05 19:39 - 2015-05-08 20:15 - 0000000 __SHD () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\IECompatUACache\Low
2015-05-08 20:15 - 2015-05-08 20:15 - 0000000 ___SH () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\IECompatUACache\Low\container.dat
2015-05-08 20:15 - 2015-05-08 20:15 - 0000000 __SHD () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\IEDownloadHistory
2015-05-08 20:15 - 2015-05-08 20:15 - 0000000 ___SH () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\IEDownloadHistory\container.dat
|
|
01.12.2015, 19:33
| #13 |
| | Windows7: Trojaner, registy befallen, HKU, HKCU fixlog.txt 2 Code:
ATTFilter 2015-05-05 19:39 - 2015-10-13 20:01 - 0000000 ___RD () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\Libraries
2015-05-05 19:39 - 2015-10-13 20:01 - 0000274 ___SH () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\Libraries\desktop.ini
2015-05-05 19:39 - 2015-10-13 20:01 - 0003724 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms
2015-05-05 19:39 - 2015-10-13 20:01 - 0003682 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\Libraries\Music.library-ms
2015-05-05 19:39 - 2015-10-13 20:01 - 0003716 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\Libraries\Pictures.library-ms
2015-05-05 19:39 - 2015-10-13 20:01 - 0003695 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\Libraries\Videos.library-ms
2015-05-05 19:38 - 2009-07-14 03:34 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\Network Shortcuts
2015-05-05 19:38 - 2009-07-14 03:35 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
2015-05-05 19:39 - 2015-05-05 19:39 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\PrivacIE
2015-05-05 19:39 - 2015-05-05 19:39 - 0000000 ___HD () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\PrivacIE\Low
2015-05-05 19:38 - 2015-11-30 20:43 - 0000000 ___RD () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\Recent
2015-11-30 20:43 - 2015-11-30 20:43 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations
2015-11-30 19:40 - 2015-12-01 19:12 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations
2015-12-01 18:21 - 2015-12-01 18:21 - 0002582 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\277f4cbeba544308.customDestinations-ms
2015-12-01 18:47 - 2015-12-01 19:12 - 0003730 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\74d7f43c1561fc1e.customDestinations-ms
2015-11-30 20:48 - 2015-12-01 18:23 - 0003680 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\9027fe24326910d2.customDestinations-ms
2015-11-30 19:40 - 2015-12-01 19:12 - 0005448 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\969252ce11249fdd.customDestinations-ms
2015-05-05 19:38 - 2015-07-12 16:54 - 0000000 ___RD () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\SendTo
2015-05-05 19:39 - 2015-05-05 19:39 - 0000000 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth.SendToBluetooth
2015-05-05 19:38 - 2009-06-10 21:45 - 0000003 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\SendTo\Compressed (zipped) Folder.ZFSendToTarget
2015-05-05 19:38 - 2009-06-10 21:44 - 0000007 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\SendTo\Desktop (create shortcut).DeskLink
2015-05-05 19:38 - 2009-07-14 05:54 - 0000558 ___SH () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\SendTo\Desktop.ini
2015-05-05 19:39 - 2015-05-05 19:39 - 0000000 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\SendTo\Dokumente.mydocs
2015-05-05 19:38 - 2009-07-14 05:54 - 0001238 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk
2015-05-05 19:38 - 2009-06-10 21:44 - 0000004 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\SendTo\Mail Recipient.MAPIMail
2015-05-25 17:04 - 2015-05-25 17:04 - 0001118 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\SendTo\PDF24 Creator.lnk
2015-05-05 19:38 - 2015-10-13 20:01 - 0000000 ___RD () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\Start Menu
2015-05-05 19:39 - 2015-10-13 20:01 - 0000174 ___SH () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
2015-05-05 19:38 - 2015-05-05 19:38 - 0000000 _SHDL () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-05-05 19:38 - 2015-10-13 20:01 - 0000000 ___RD () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
2015-05-05 19:39 - 2015-10-13 20:01 - 0000338 ___SH () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
2015-05-05 19:39 - 2015-05-05 19:39 - 0001436 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-10-02 19:00 - 2015-10-02 19:11 - 0002216 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-05-05 19:38 - 2009-07-14 05:54 - 0000000 ___RD () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-05-05 19:38 - 2009-07-14 05:54 - 0001280 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk
2015-05-05 19:38 - 2009-07-14 05:54 - 0000678 ___SH () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini
2015-05-05 19:38 - 2009-07-14 05:54 - 0001304 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk
2015-05-05 19:38 - 2009-07-14 05:49 - 0000262 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Run.lnk
2015-05-05 19:38 - 2009-07-14 05:49 - 0001228 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk
2015-05-05 19:38 - 2009-07-14 05:54 - 0000000 ___RD () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility
2015-05-05 19:38 - 2009-07-14 05:54 - 0000704 ___SH () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Desktop.ini
2015-05-05 19:38 - 2009-07-14 05:54 - 0001358 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk
2015-05-05 19:38 - 2009-07-14 05:54 - 0001258 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk
2015-05-05 19:38 - 2009-07-14 05:54 - 0001262 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk
2015-05-05 19:38 - 2009-07-14 05:54 - 0001250 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk
2015-05-05 19:38 - 2015-05-05 19:39 - 0000000 ___RD () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools
2015-05-05 19:38 - 2009-07-14 05:49 - 0000262 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\computer.lnk
2015-05-05 19:38 - 2009-07-14 05:49 - 0000262 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Control Panel.lnk
2015-05-05 19:38 - 2015-05-05 19:39 - 0000738 ___SH () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Desktop.ini
2015-05-05 19:39 - 2015-05-05 19:39 - 0001498 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
2015-05-05 19:38 - 2009-07-14 05:54 - 0001306 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk
2015-05-05 19:39 - 2015-10-13 20:01 - 0000000 ___RD () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2015-05-05 19:39 - 2015-10-13 20:01 - 0000174 ___SH () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini
2015-05-05 19:38 - 2009-07-14 05:49 - 0000000 ___RD () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-05-05 19:38 - 2009-07-14 05:49 - 0000318 ___SH () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini
2015-05-05 19:38 - 2009-07-14 05:49 - 0000262 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Help.lnk
2015-05-05 19:39 - 2015-12-01 18:34 - 0000000 ___RD () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2015-10-02 19:10 - 2015-10-02 19:10 - 0001282 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
2015-05-05 19:39 - 2015-10-13 20:01 - 0000174 ___SH () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2015-05-21 07:06 - 2015-12-01 18:21 - 0001922 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 6700 (Netzwerk).lnk
2015-12-01 18:34 - 2015-12-01 18:34 - 0000952 _____ () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\weber-7.lnk
2015-05-05 19:38 - 2009-07-14 03:34 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\Templates
2015-05-05 19:39 - 2015-05-05 19:48 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\Themes
2015-05-05 19:48 - 2015-10-02 21:33 - 0000000 ____H () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\Themes\slideshow.ini
2015-05-05 19:39 - 2015-10-02 21:33 - 5958191 ____N () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
2015-10-02 19:02 - 2015-11-29 21:58 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Word
2015-05-16 12:36 - 2015-05-16 12:37 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Mozilla
2015-05-16 12:37 - 2015-05-16 12:37 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Extensions
2015-05-16 12:36 - 2015-05-16 12:36 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox
2015-05-16 12:36 - 2015-05-26 18:28 - 0000139 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\profiles.ini
2015-05-16 12:36 - 2015-11-09 18:32 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Crash Reports
2015-05-16 12:36 - 2015-05-16 12:36 - 0000010 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Crash Reports\InstallTime20150513174244
2015-06-03 20:27 - 2015-06-03 20:27 - 0000010 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Crash Reports\InstallTime20150525141253
2015-07-11 20:14 - 2015-07-11 20:14 - 0000010 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Crash Reports\InstallTime20150630154324
2015-08-10 17:48 - 2015-08-10 17:48 - 0000010 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Crash Reports\InstallTime20150806001005
2015-08-13 19:17 - 2015-08-13 19:17 - 0000010 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Crash Reports\InstallTime20150807085045
2015-08-20 19:54 - 2015-08-20 19:54 - 0000010 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Crash Reports\InstallTime20150812163655
2015-09-02 20:15 - 2015-09-02 20:15 - 0000010 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Crash Reports\InstallTime20150826023504
2015-10-04 17:29 - 2015-10-04 17:29 - 0000010 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Crash Reports\InstallTime20150929144111
2015-10-17 10:11 - 2015-10-17 10:11 - 0000010 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Crash Reports\InstallTime20151014143721
2015-11-09 18:32 - 2015-11-09 18:32 - 0000010 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Crash Reports\InstallTime20151029151421
2015-05-16 12:36 - 2015-05-16 12:36 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Crash Reports\events
2015-05-16 12:36 - 2015-05-26 18:27 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles
2015-05-26 18:27 - 2015-12-01 18:26 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012
2015-11-30 21:22 - 2015-11-30 21:22 - 0008276 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\addons.json
2015-11-30 21:24 - 2015-11-30 21:24 - 0186684 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\blocklist.xml
2015-05-26 19:09 - 2015-05-26 19:09 - 0000391 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\cert_override.txt
2015-05-26 18:28 - 2015-11-30 22:23 - 0360448 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\cert8.db
2015-05-26 18:27 - 2015-12-01 18:25 - 0000206 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\compatibility.ini
2015-05-26 18:28 - 2015-11-30 22:23 - 0229376 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\content-prefs.sqlite
2015-11-30 20:33 - 2015-12-01 18:26 - 0524288 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\cookies.sqlite
2015-12-01 18:25 - 2015-12-01 18:25 - 0032768 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\cookies.sqlite-shm
2015-12-01 18:25 - 2015-12-01 18:26 - 0590288 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\cookies.sqlite-wal
2015-11-30 21:04 - 2015-11-30 21:04 - 0000943 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\downloads.json
2015-11-30 20:56 - 2015-11-30 20:56 - 0000345 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\extensions.ini
2015-11-30 21:26 - 2015-11-30 21:26 - 0035689 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\extensions.json
2015-05-26 18:27 - 2015-12-01 18:26 - 0196608 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\formhistory.sqlite
2015-05-26 18:27 - 2015-11-30 22:08 - 1146880 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\healthreport.sqlite
2015-12-01 18:25 - 2015-12-01 18:25 - 0032768 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\healthreport.sqlite-shm
2015-12-01 18:25 - 2015-12-01 18:26 - 0131200 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\healthreport.sqlite-wal
2015-05-26 18:27 - 2015-11-30 22:23 - 0016384 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\key3.db
2015-05-26 18:27 - 2015-05-25 16:27 - 0000109 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\logins.json
2015-11-29 21:26 - 2015-11-29 21:26 - 0005146 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\mimeTypes.rdf
2015-05-26 18:27 - 2015-12-01 18:25 - 0000000 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\parent.lock
2015-05-26 18:28 - 2015-11-09 18:32 - 0131072 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\permissions.sqlite
2015-05-26 18:27 - 2015-12-01 18:43 - 10485760 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\places.sqlite
2015-12-01 18:25 - 2015-12-01 18:25 - 0032768 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\places.sqlite-shm
2015-12-01 18:25 - 2015-12-01 19:10 - 0098408 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\places.sqlite-wal
2015-11-18 22:38 - 2015-11-18 22:38 - 0003942 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\pluginreg.dat
2015-12-01 18:26 - 2015-12-01 18:26 - 0018059 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\prefs.js
2015-12-01 18:25 - 2015-12-01 18:25 - 0001196 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\revocations.txt
2015-11-30 20:56 - 2015-11-30 20:56 - 0180804 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\search.json
2015-11-27 19:01 - 2015-11-27 19:01 - 0000424 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\search-metadata.json
2015-05-26 18:28 - 2015-05-26 18:28 - 0016384 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\secmod.db
2015-12-01 18:25 - 2015-12-01 18:25 - 0000090 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\sessionCheckpoints.json
2015-05-26 18:29 - 2015-12-01 18:31 - 0004807 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\SiteSecurityServiceState.txt
2015-05-26 18:27 - 2015-05-26 18:27 - 0000047 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\times.json
2015-11-30 20:33 - 2015-11-30 22:23 - 0098304 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\webappsstore.sqlite
2015-12-01 18:25 - 2015-12-01 18:25 - 0032768 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\webappsstore.sqlite-shm
2015-12-01 18:25 - 2015-12-01 18:25 - 0000000 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\webappsstore.sqlite-wal
2015-12-01 18:25 - 2015-12-01 18:25 - 0002426 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\xulstore.json
2015-11-29 20:14 - 2015-12-01 18:26 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\adblockplus
2015-12-01 18:25 - 2015-12-01 18:25 - 3490170 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\adblockplus\elemhide.css
2015-12-01 18:26 - 2015-12-01 18:26 - 2740473 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\adblockplus\patterns.ini
2015-11-29 20:14 - 2015-11-30 19:39 - 2735274 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\adblockplus\patterns-backup1.ini
2015-11-29 20:14 - 2015-11-29 20:14 - 0000039 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\adblockplus\patterns-backup2.ini
2015-05-26 18:27 - 2015-12-01 18:40 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\bookmarkbackups
2015-10-01 19:36 - 2015-10-01 19:36 - 0006677 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\bookmarkbackups\bookmarks-2015-10-01_41_Sij-z36xLGiCcQspju0Q1Q==.jsonlz4
2015-10-02 18:28 - 2015-10-02 18:28 - 0006680 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\bookmarkbackups\bookmarks-2015-10-03_41_ZiQYDSH5+qS0ctwKv4lKKg==.jsonlz4
2015-10-04 13:14 - 2015-10-04 13:14 - 0006800 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\bookmarkbackups\bookmarks-2015-10-06_42_kZkWNN+GD0rcGZAF2arB2g==.jsonlz4
2015-10-07 19:24 - 2015-10-07 19:24 - 0007369 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\bookmarkbackups\bookmarks-2015-10-07_45_z7d+ItYY3S9acfJxRh9qMQ==.jsonlz4
2015-10-10 13:47 - 2015-10-10 13:47 - 0007368 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\bookmarkbackups\bookmarks-2015-10-10_45_1GUgQ0u-dT2iUgbQ4Jl-5A==.jsonlz4
2015-10-11 20:04 - 2015-10-11 20:04 - 0007364 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\bookmarkbackups\bookmarks-2015-10-13_45_gdDZ2pB71wFDrEFT48ueEA==.jsonlz4
2015-10-16 21:14 - 2015-10-16 21:14 - 0007368 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\bookmarkbackups\bookmarks-2015-10-27_45_Xc1M5IakeOAo8wFeYermYA==.jsonlz4
2015-10-28 20:26 - 2015-10-28 20:26 - 0007369 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\bookmarkbackups\bookmarks-2015-10-28_45_CkgFaOyl25wchQgj9B546A==.jsonlz4
2015-10-29 16:14 - 2015-10-29 16:14 - 0007512 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\bookmarkbackups\bookmarks-2015-10-29_46_ajeJ2QMT6W2Leq9StO0wVw==.jsonlz4
2015-11-01 19:12 - 2015-11-01 19:12 - 0007516 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\bookmarkbackups\bookmarks-2015-11-05_46_lwqhWC7TStxPfum4NnGLbw==.jsonlz4
2015-11-07 11:40 - 2015-11-07 11:40 - 0007513 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\bookmarkbackups\bookmarks-2015-11-07_46_eB3bX8lvsuwI3BlLsvJucw==.jsonlz4
2015-11-08 19:16 - 2015-11-08 19:16 - 0007512 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\bookmarkbackups\bookmarks-2015-11-10_46_aq8V-KWt66zepZmqKPniew==.jsonlz4
2015-11-15 18:54 - 2015-11-15 18:54 - 0007514 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\bookmarkbackups\bookmarks-2015-11-15_46_qxBuWtsINbHu0b02r+RYOA==.jsonlz4
2015-11-16 19:11 - 2015-11-16 19:11 - 0008076 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\bookmarkbackups\bookmarks-2015-11-28_49_nhTqkbh4VITx9mtprpjTlA==.jsonlz4
2015-11-30 21:50 - 2015-11-30 21:50 - 0008245 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\bookmarkbackups\bookmarks-2015-12-01_51_1uv7msUb3Dbadfgad+IFLw==.jsonlz4
2015-05-26 18:27 - 2015-12-01 18:26 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\crashes
2015-12-01 18:26 - 2015-12-01 18:26 - 0000066 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\crashes\store.json.mozlz4
2015-05-26 18:27 - 2015-05-26 18:27 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\crashes\events
2015-05-26 18:27 - 2015-12-01 19:10 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\datareporting
2015-12-01 19:10 - 2015-12-01 19:10 - 0011287 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\datareporting\aborted-session-ping
2015-12-01 18:26 - 2015-12-01 18:26 - 0000136 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\datareporting\session-state.json
2015-05-26 18:27 - 2015-05-16 12:37 - 0000051 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\datareporting\state.json
2015-11-09 18:33 - 2015-11-09 18:33 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\datareporting\archived
2015-11-09 18:33 - 2015-11-30 22:23 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\datareporting\archived\2015-11
2015-11-09 18:33 - 2015-11-09 18:33 - 0004711 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\datareporting\archived\2015-11\1447090404939.8a78cf7d-6453-46d3-ae25-3c56d462af30.main.jsonlz4
2015-11-09 19:00 - 2015-11-09 19:00 - 0005067 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\datareporting\archived\2015-11\1447092048444.4ff9a6b8-2b7c-4d3e-9b15-b703772761f4.main.jsonlz4
2015-11-09 21:06 - 2015-11-09 21:06 - 0004872 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\datareporting\archived\2015-11\1447099572977.0965631a-2a81-424d-a611-d26ac2717818.main.jsonlz4
2015-11-10 19:49 - 2015-11-10 19:49 - 0005022 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\datareporting\archived\2015-11\1447181366762.115e8857-21bb-4018-82b9-5ec622003145.main.jsonlz4
2015-11-11 21:41 - 2015-11-11 21:41 - 0004895 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\datareporting\archived\2015-11\1447274476672.db3ef6d6-4f6c-4da8-a144-754b5c76d75d.main.jsonlz4
2015-11-14 17:48 - 2015-11-14 17:48 - 0004895 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\datareporting\archived\2015-11\1447519714747.ba7e802d-ebcc-4753-8655-b3e7653d8fe9.main.jsonlz4
2015-11-15 19:39 - 2015-11-15 19:39 - 0005211 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\datareporting\archived\2015-11\1447612745014.16594188-6bec-4fba-be49-af86d244df9b.main.jsonlz4
2015-11-15 21:57 - 2015-11-15 21:57 - 0004763 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\datareporting\archived\2015-11\1447621047956.71eeab3a-df02-4afd-81b4-9d63fb3e9b5e.main.jsonlz4
2015-11-16 19:17 - 2015-11-16 19:17 - 0005141 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\datareporting\archived\2015-11\1447697856289.0e19b6ea-e854-41f7-b961-897c3a87c73a.main.jsonlz4
2015-11-17 18:56 - 2015-11-17 18:56 - 0005043 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\datareporting\archived\2015-11\1447782962905.1b3e8724-4dd3-4c2d-9d65-6b9312fe6753.main.jsonlz4
2015-11-18 19:00 - 2015-11-18 19:00 - 0004680 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\datareporting\archived\2015-11\1447869622522.9d4dddb8-61b0-48c4-9674-c8088255baa4.main.jsonlz4
2015-11-18 19:00 - 2015-11-18 19:00 - 0004829 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\datareporting\archived\2015-11\1447869640596.d471ce72-5b57-4375-bc4e-0a24134c5d75.main.jsonlz4
2015-11-18 19:10 - 2015-11-18 19:10 - 0004889 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\datareporting\archived\2015-11\1447870236793.a6c8dccf-f8a0-4bb3-8b2f-633da13d8eba.main.jsonlz4
2015-11-18 22:41 - 2015-11-18 22:41 - 0004890 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\datareporting\archived\2015-11\1447882883655.ed68a39d-e933-4b66-89e1-74b2975fed48.main.jsonlz4
2015-11-19 18:48 - 2015-11-19 18:48 - 0004856 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\datareporting\archived\2015-11\1447955326609.f83e58aa-0446-4c2f-8195-8fc7da2c5afc.main.jsonlz4
2015-11-19 19:27 - 2015-11-19 19:27 - 0005312 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\datareporting\archived\2015-11\1447957654146.c40b8cda-4d4c-44ec-ab2f-9dae2a03ae28.main.jsonlz4
2015-11-19 22:19 - 2015-11-19 22:19 - 0004909 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\datareporting\archived\2015-11\1447967965587.05f35eb7-e760-4384-9c77-dd38d4d318ec.main.jsonlz4
2015-11-27 19:36 - 2015-11-27 19:36 - 0005348 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\datareporting\archived\2015-11\1448649382629.23b556f7-b7a9-496f-8530-4f81d145572a.main.jsonlz4
2015-11-28 22:29 - 2015-11-28 22:29 - 0005300 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\datareporting\archived\2015-11\1448746185063.3b4f1bd5-7137-4a92-bc19-d1c82fccc3a6.main.jsonlz4
2015-11-29 19:53 - 2015-11-29 19:53 - 0004855 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\datareporting\archived\2015-11\1448823200343.7572f1ee-6b9c-4d2f-89c8-17c6b9d23984.main.jsonlz4
2015-11-29 20:22 - 2015-11-29 20:22 - 0005287 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\datareporting\archived\2015-11\1448824488876.cca13bf6-52e9-4855-9a0d-d492e59dac30.main.jsonlz4
2015-11-29 20:14 - 2015-11-29 20:14 - 0005222 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\datareporting\archived\2015-11\1448824488878.81789c39-b952-4366-948a-fb1113e88d05.main.jsonlz4
2015-11-29 20:22 - 2015-11-29 20:22 - 0004984 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\datareporting\archived\2015-11\1448824966195.3f922dc4-867f-4b9a-873d-4db779116529.main.jsonlz4
2015-11-29 20:25 - 2015-11-29 20:25 - 0004957 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\datareporting\archived\2015-11\1448825100107.9b66250b-2867-4349-87db-bcc93fa6f4fe.main.jsonlz4
2015-11-29 20:26 - 2015-11-29 20:26 - 0005015 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\datareporting\archived\2015-11\1448825218091.efa4e889-4e9f-4ef5-ba5e-33dfb0a2dded.main.jsonlz4
2015-11-29 20:29 - 2015-11-29 20:29 - 0004979 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\datareporting\archived\2015-11\1448825398488.6237a9a2-a46f-4e1d-9963-f9e30d13dbfa.main.jsonlz4
2015-11-29 21:05 - 2015-11-29 21:05 - 0005009 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\datareporting\archived\2015-11\1448827532443.a60c6064-0fb7-49a3-b8f0-582881d3df5b.main.jsonlz4
2015-11-29 22:07 - 2015-11-29 22:07 - 0005225 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\datareporting\archived\2015-11\1448831228501.d865fd74-8c3c-48ac-b90f-673cbdcb05d5.main.jsonlz4
2015-11-30 19:30 - 2015-11-30 19:30 - 0005291 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\datareporting\archived\2015-11\1448908258320.0f9a491b-41ce-4b29-9d85-420c1d7eadda.main.jsonlz4
2015-11-30 19:39 - 2015-11-30 19:39 - 0004951 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\datareporting\archived\2015-11\1448908624810.6dd505f6-c940-4760-af51-9465cd5eb828.main.jsonlz4
2015-11-30 19:40 - 2015-11-30 19:40 - 0005003 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\datareporting\archived\2015-11\1448908828321.9e4c31fd-8302-44de-89e7-5ef12469623a.main.jsonlz4
2015-11-30 20:42 - 2015-11-30 20:42 - 0004975 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\datareporting\archived\2015-11\1448912354721.0a5d0e88-bab1-46b2-b487-f37428aa6cf7.main.jsonlz4
2015-11-30 20:52 - 2015-11-30 20:52 - 0005032 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\datareporting\archived\2015-11\1448913132932.397614b5-9cd9-4ca7-b55a-0662ba2b51e0.main.jsonlz4
2015-11-30 22:23 - 2015-11-30 22:23 - 0005156 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\datareporting\archived\2015-11\1448918639238.92769bfe-e793-42b7-820e-17d51944d578.main.jsonlz4
2015-05-26 18:41 - 2015-11-29 20:14 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\extensions
2015-11-29 20:14 - 2015-11-29 20:14 - 0977746 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
2015-11-18 19:00 - 2015-11-18 19:00 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\extensions\mailcheck@gmx.net
2015-11-18 19:00 - 2015-11-18 19:00 - 0581909 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\extensions\mailcheck@gmx.net\chrome.jar
2015-11-18 19:00 - 2015-11-18 19:00 - 0004118 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\extensions\mailcheck@gmx.net\chrome.manifest
2015-11-18 19:00 - 2015-11-18 19:00 - 0001822 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\extensions\mailcheck@gmx.net\install.rdf
2015-11-18 19:00 - 2015-11-18 19:00 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\extensions\mailcheck@gmx.net\components
2015-11-18 19:00 - 2015-11-18 19:00 - 0001164 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\extensions\mailcheck@gmx.net\components\aboutNetError.js
2015-11-18 19:00 - 2015-11-18 19:00 - 0006693 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\extensions\mailcheck@gmx.net\components\mCollectAutoComplete.js
2015-11-18 19:00 - 2015-11-18 19:00 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\extensions\mailcheck@gmx.net\defaults
2015-11-18 19:00 - 2015-11-18 19:00 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\extensions\mailcheck@gmx.net\defaults\preferences
2015-11-18 19:00 - 2015-11-18 19:00 - 0000055 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\extensions\mailcheck@gmx.net\defaults\preferences\unitedinternet-debug.js
2015-11-18 19:00 - 2015-11-18 19:00 - 0000353 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\extensions\mailcheck@gmx.net\defaults\preferences\unitedinternet-general.js
2015-11-18 19:00 - 2015-11-18 19:00 - 0000062 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\extensions\mailcheck@gmx.net\defaults\preferences\unitedinternet-highlight.js
2015-11-18 19:00 - 2015-11-18 19:00 - 0000386 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\extensions\mailcheck@gmx.net\defaults\preferences\unitedinternet-login.js
2015-11-18 19:00 - 2015-11-18 19:00 - 0000058 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\extensions\mailcheck@gmx.net\defaults\preferences\unitedinternet-neterror.js
2015-11-18 19:00 - 2015-11-18 19:00 - 0000293 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\extensions\mailcheck@gmx.net\defaults\preferences\unitedinternet-newtab.js
2015-11-18 19:00 - 2015-11-18 19:00 - 0000060 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\extensions\mailcheck@gmx.net\defaults\preferences\unitedinternet-pref.js
2015-11-18 19:00 - 2015-11-18 19:00 - 0000358 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\extensions\mailcheck@gmx.net\defaults\preferences\unitedinternet-search.js
2015-11-18 19:00 - 2015-11-18 19:00 - 0000220 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\extensions\mailcheck@gmx.net\defaults\preferences\unitedinternet-shopping.js
2015-11-18 19:00 - 2015-11-18 19:00 - 0000260 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\extensions\mailcheck@gmx.net\defaults\preferences\unitedinternet-tracking.js
2015-11-18 19:00 - 2015-11-18 19:00 - 0000280 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\extensions\mailcheck@gmx.net\defaults\preferences\unitedinternet-util.js
2015-11-18 19:00 - 2015-11-18 19:00 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\extensions\mailcheck@gmx.net\META-INF
2015-11-18 19:00 - 2015-11-18 19:00 - 0003595 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\extensions\mailcheck@gmx.net\META-INF\manifest.mf
2015-11-18 19:00 - 2015-11-18 19:00 - 0004175 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\extensions\mailcheck@gmx.net\META-INF\mozilla.rsa
2015-11-18 19:00 - 2015-11-18 19:00 - 0000121 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\extensions\mailcheck@gmx.net\META-INF\mozilla.sf
2015-11-18 19:00 - 2015-11-30 20:41 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\extensions\mailcheck@gmx.net\searchplugins
2015-11-18 19:00 - 2015-11-18 19:00 - 0000986 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\extensions\mailcheck@gmx.net\searchplugins\1und1-suche.xml
2015-11-18 19:00 - 2015-11-18 19:00 - 0002837 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\extensions\mailcheck@gmx.net\searchplugins\gmx-at.xml
2015-11-18 19:00 - 2015-11-18 19:00 - 0002833 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\extensions\mailcheck@gmx.net\searchplugins\gmx-ch.xml
2015-11-18 19:00 - 2015-11-18 19:00 - 0010952 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\extensions\mailcheck@gmx.net\searchplugins\gmx-maps.xml
2015-11-18 19:00 - 2015-11-18 19:00 - 0010952 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\extensions\mailcheck@gmx.net\searchplugins\gmx-pic.xml
2015-11-18 19:00 - 2015-11-18 19:00 - 0002805 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\extensions\mailcheck@gmx.net\searchplugins\gmx-suche.xml
2015-11-18 19:00 - 2015-11-18 19:00 - 0005599 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\extensions\mailcheck@gmx.net\searchplugins\webde-suche.xml
2015-05-26 18:28 - 2015-11-09 18:32 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\gmp
2015-11-09 18:32 - 2015-11-09 18:32 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\gmp\WINNT_x86-msvc
2015-05-26 18:30 - 2015-11-09 18:33 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\gmp-eme-adobe
2015-11-09 18:33 - 2015-11-09 18:33 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\gmp-eme-adobe\15
2015-11-09 18:33 - 2015-10-15 00:45 - 6937352 _____ (Adobe Systems Inc) C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\gmp-eme-adobe\15\eme-adobe.dll
2015-11-09 18:33 - 2015-10-17 00:27 - 0000309 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\gmp-eme-adobe\15\eme-adobe.info
2015-11-09 18:33 - 2015-10-15 00:45 - 0222034 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\gmp-eme-adobe\15\eme-adobe.voucher
2015-05-26 18:30 - 2015-11-18 19:00 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\gmp-gmpopenh264
2015-11-18 19:00 - 2015-11-18 19:00 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\gmp-gmpopenh264\1.5.1
2015-11-18 19:00 - 2015-11-12 06:05 - 0688296 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\gmp-gmpopenh264\1.5.1\gmpopenh264.dll
2015-11-18 19:00 - 2015-11-12 05:26 - 0000120 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\gmp-gmpopenh264\1.5.1\gmpopenh264.info
2015-05-26 18:27 - 2015-11-30 21:14 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\healthreport
2015-11-30 21:14 - 2015-11-30 21:14 - 0000193 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\healthreport\state.json
2015-05-26 18:27 - 2015-05-26 18:27 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\minidumps
2015-11-09 19:00 - 2015-12-01 18:26 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\saved-telemetry-pings
2015-05-26 18:28 - 2015-12-01 19:11 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\sessionstore-backups
2015-11-30 22:23 - 2015-11-30 22:23 - 0626815 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\sessionstore-backups\previous.js
2015-12-01 18:25 - 2015-12-01 19:11 - 0629352 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\sessionstore-backups\recovery.bak
2015-12-01 18:25 - 2015-12-01 19:11 - 0629352 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\sessionstore-backups\recovery.js
2015-10-04 17:29 - 2015-10-04 14:25 - 0004879 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\sessionstore-backups\upgrade.js-20150929144111
2015-10-17 10:12 - 2015-10-16 22:50 - 0007371 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\sessionstore-backups\upgrade.js-20151014143721
2015-11-09 18:32 - 2015-11-08 21:56 - 0026569 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\sessionstore-backups\upgrade.js-20151029151421
2015-08-13 19:17 - 2015-11-30 21:12 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\storage
2015-11-30 21:12 - 2015-11-30 21:12 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\storage\default
2015-11-30 21:12 - 2015-11-30 21:12 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\storage\default\http+++www.gmx.net
2015-11-30 21:12 - 2015-11-30 21:25 - 0000042 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\storage\default\http+++www.gmx.net\.metadata
2015-11-30 21:12 - 2015-11-30 21:25 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\storage\default\http+++www.gmx.net\idb
2015-11-30 21:12 - 2015-11-30 21:12 - 0040960 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\storage\default\http+++www.gmx.net\idb\301792106ttes.sqlite
2015-11-30 21:12 - 2015-11-30 21:12 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\storage\default\http+++www.gmx.net\idb\301792106ttes.files
2015-08-13 19:17 - 2015-09-25 13:28 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\storage\permanent
2015-08-13 19:17 - 2015-08-13 19:17 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\storage\permanent\chrome
2015-08-13 19:17 - 2015-08-13 19:17 - 0000029 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\storage\permanent\chrome\.metadata
2015-08-13 19:17 - 2015-12-01 18:25 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\storage\permanent\chrome\idb
2015-08-13 19:17 - 2015-11-09 18:32 - 0040960 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\storage\permanent\chrome\idb\2918063365piupsah.sqlite
2015-08-13 19:17 - 2015-08-13 19:17 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\storage\permanent\chrome\idb\2918063365piupsah.files
2015-09-25 13:28 - 2015-09-25 13:28 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\storage\permanent\moz-safe-about+home
2015-09-25 13:28 - 2015-09-25 13:28 - 0000046 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\storage\permanent\moz-safe-about+home\.metadata
2015-09-25 13:28 - 2015-11-30 21:25 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\storage\permanent\moz-safe-about+home\idb
2015-09-25 13:28 - 2015-09-25 13:28 - 0196608 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\storage\permanent\moz-safe-about+home\idb\818200132aebmoouht.sqlite
2015-09-25 13:28 - 2015-09-25 13:28 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\storage\permanent\moz-safe-about+home\idb\818200132aebmoouht.files
2015-11-30 21:12 - 2015-11-30 21:12 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\storage\temporary
2015-05-26 18:28 - 2015-12-01 18:25 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\webapps
2015-12-01 18:25 - 2015-12-01 18:25 - 0000002 _____ () C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\webapps\webapps.json
2015-05-15 19:32 - 2015-05-15 19:32 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Nitro
2015-05-05 19:49 - 2015-05-05 19:49 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Nitro PDF
2015-05-05 19:49 - 2015-05-05 19:49 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Nitro PDF\Professional
2015-05-15 19:32 - 2015-05-15 19:32 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Nitro\Pro
2015-05-15 19:32 - 2015-05-15 19:33 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Nitro\Pro\9.0
2015-05-15 19:33 - 2015-05-15 19:33 - 0000106 _____ () C:\Users\Marie-Luise\AppData\Roaming\Nitro\Pro\9.0\NitroPDFRecovery.dat
2015-05-15 19:32 - 2015-05-15 19:32 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Nitro\Pro\9.0\JavaScripts
2015-05-15 19:32 - 2015-05-15 19:32 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Nitro\Pro\9.0\Redaction
2015-05-15 19:32 - 2014-02-14 11:47 - 0001365 _____ () C:\Users\Marie-Luise\AppData\Roaming\Nitro\Pro\9.0\Redaction\RedactionCodes.xml
2015-05-15 19:32 - 2015-05-15 19:32 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\Nitro\Pro\9.0\ScanProfiles
2015-06-01 19:17 - 2015-06-01 19:17 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice
2015-06-01 19:17 - 2015-10-29 16:29 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4
2015-06-01 19:17 - 2015-10-29 16:29 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user
2015-10-29 16:29 - 2015-10-29 16:29 - 0210627 _____ () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\registrymodifications.xcu
2015-06-01 19:17 - 2015-06-01 19:17 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\autocorr
2015-06-01 19:17 - 2015-06-01 19:17 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\autotext
2015-06-01 19:17 - 2014-02-25 09:59 - 0000567 _____ () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\autotext\mytexts.bau
2015-06-01 19:17 - 2015-09-26 17:19 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\backup
2015-06-01 19:17 - 2015-06-01 19:17 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\basic
2015-06-01 19:17 - 2014-02-25 10:24 - 0000339 _____ () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\basic\dialog.xlc
2015-06-01 19:17 - 2014-02-25 10:24 - 0000339 _____ () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\basic\script.xlc
2015-06-01 19:17 - 2015-06-01 19:17 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\basic\Standard
2015-06-01 19:17 - 2014-02-25 10:24 - 0000288 _____ () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\basic\Standard\dialog.xlb
2015-06-01 19:17 - 2014-02-25 10:24 - 0001245 _____ () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\basic\Standard\Module1.xba
2015-06-01 19:17 - 2014-02-25 10:24 - 0000349 _____ () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\basic\Standard\script.xlb
2015-06-01 19:17 - 2015-06-01 19:17 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\config
2015-06-01 19:17 - 2014-02-25 10:07 - 0004332 _____ () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\config\arrowhd_de.soe
2015-06-01 19:17 - 2014-02-25 10:07 - 0048408 _____ () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\config\autotbl.fmt
2015-06-01 19:17 - 2014-02-25 10:07 - 0030715 _____ () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\config\classic_de.sog
2015-06-01 19:17 - 2014-02-25 10:07 - 0013132 _____ () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\config\cmyk.soc
2015-06-01 19:17 - 2014-02-25 10:07 - 0004408 _____ () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\config\gallery.soc
2015-06-01 19:17 - 2014-02-25 10:07 - 0005279 _____ () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\config\hatching_de.soh
2015-06-01 19:17 - 2014-02-25 10:07 - 0010766 _____ () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\config\html.soc
2015-06-01 19:17 - 2014-02-25 10:07 - 0006921 _____ () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\config\modern_de.sog
2015-06-01 19:17 - 2014-02-25 10:07 - 0005271 _____ () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\config\palette_de.soc
2015-06-01 19:17 - 2014-02-25 10:07 - 0031320 _____ () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\config\scribus.soc
2015-06-01 19:17 - 2014-02-25 10:07 - 0155895 _____ () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\config\standard.sob
2015-06-01 19:17 - 2014-02-25 10:07 - 0011029 _____ () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\config\standard.soc
2015-06-01 19:17 - 2014-02-25 10:07 - 0002426 _____ () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\config\standard.sod
2015-06-01 19:17 - 2014-02-25 10:07 - 0004965 _____ () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\config\standard.soe
2015-06-01 19:17 - 2014-02-25 10:07 - 0008838 _____ () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\config\standard.sog
2015-06-01 19:17 - 2014-02-25 10:07 - 0002171 _____ () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\config\standard.soh
2015-06-01 19:17 - 2014-02-25 10:07 - 0001708 _____ () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\config\styles_de.sod
2015-06-01 19:17 - 2014-02-25 10:07 - 0014420 _____ () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\config\web.soc
2015-06-01 19:17 - 2015-06-01 19:17 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\config\soffice.cfg
2015-06-01 19:17 - 2015-08-09 18:18 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\config\soffice.cfg\modules
2015-06-07 20:55 - 2015-06-07 20:55 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\config\soffice.cfg\modules\dbapp
2015-06-07 20:55 - 2015-06-07 20:55 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\config\soffice.cfg\modules\dbapp\images
2015-06-07 20:55 - 2015-06-07 20:55 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\config\soffice.cfg\modules\dbapp\images\Bitmaps
2015-06-07 20:55 - 2015-06-07 20:55 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\config\soffice.cfg\modules\dbapp\menubar
2015-06-07 20:55 - 2015-06-07 20:55 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\config\soffice.cfg\modules\dbapp\statusbar
2015-06-07 20:55 - 2015-06-07 20:55 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\config\soffice.cfg\modules\dbapp\toolbar
2015-06-01 19:25 - 2015-06-01 19:25 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\config\soffice.cfg\modules\scalc
2015-06-01 19:25 - 2015-06-01 19:25 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\config\soffice.cfg\modules\scalc\images
2015-06-01 19:25 - 2015-06-01 19:25 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\config\soffice.cfg\modules\scalc\images\Bitmaps
2015-06-01 19:25 - 2015-06-01 19:25 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\config\soffice.cfg\modules\scalc\menubar
2015-06-01 19:25 - 2015-06-01 19:25 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\config\soffice.cfg\modules\scalc\statusbar
2015-06-01 19:25 - 2015-06-01 19:25 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\config\soffice.cfg\modules\scalc\toolbar
2015-08-09 18:18 - 2015-08-09 18:18 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\config\soffice.cfg\modules\sdraw
2015-08-09 18:18 - 2015-08-09 18:18 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\config\soffice.cfg\modules\sdraw\images
2015-08-09 18:18 - 2015-08-09 18:18 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\config\soffice.cfg\modules\sdraw\images\Bitmaps
2015-08-09 18:18 - 2015-08-09 18:18 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\config\soffice.cfg\modules\sdraw\menubar
2015-08-09 18:18 - 2015-08-09 18:18 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\config\soffice.cfg\modules\sdraw\statusbar
2015-08-09 18:18 - 2015-08-09 18:18 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\config\soffice.cfg\modules\sdraw\toolbar
2015-06-01 19:19 - 2015-06-01 19:19 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\config\soffice.cfg\modules\simpress
2015-06-01 19:19 - 2015-06-01 19:19 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\config\soffice.cfg\modules\simpress\images
2015-06-01 19:19 - 2015-06-01 19:19 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\config\soffice.cfg\modules\simpress\images\Bitmaps
2015-06-01 19:19 - 2015-06-01 19:19 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\config\soffice.cfg\modules\simpress\menubar
2015-06-01 19:19 - 2015-06-01 19:19 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\config\soffice.cfg\modules\simpress\statusbar
2015-06-01 19:19 - 2015-09-12 21:25 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\config\soffice.cfg\modules\simpress\toolbar
2015-09-12 21:25 - 2015-09-12 21:26 - 0000729 _____ () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\config\soffice.cfg\modules\simpress\toolbar\commontaskbar.xml
2015-06-01 19:17 - 2015-06-01 19:17 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\config\soffice.cfg\modules\swriter
2015-06-01 19:17 - 2015-06-01 19:17 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\config\soffice.cfg\modules\swriter\images
2015-06-01 19:17 - 2015-06-01 19:17 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\config\soffice.cfg\modules\swriter\images\Bitmaps
2015-06-01 19:17 - 2015-06-01 19:17 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\config\soffice.cfg\modules\swriter\menubar
2015-06-01 19:17 - 2015-06-01 19:17 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\config\soffice.cfg\modules\swriter\statusbar
2015-06-01 19:17 - 2015-06-01 19:17 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\config\soffice.cfg\modules\swriter\toolbar
2015-06-01 19:17 - 2015-06-01 19:17 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\database
2015-06-01 19:17 - 2014-02-25 10:07 - 0001661 _____ () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\database\biblio.odb
2015-06-01 19:17 - 2015-06-01 19:17 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\database\biblio
2015-06-01 19:17 - 2014-02-25 10:07 - 0343909 _____ () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\database\biblio\biblio.dbf
2015-06-01 19:17 - 2014-02-25 10:07 - 0564226 _____ () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\database\biblio\biblio.dbt
2015-06-01 19:17 - 2015-06-01 19:17 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\extensions
2015-06-01 19:17 - 2015-06-01 19:17 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\extensions\bundled
2015-06-01 19:17 - 2015-06-01 19:17 - 0000001 _____ () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\extensions\bundled\lastsynchronized
2015-06-01 19:17 - 2015-06-01 19:17 - 0000001 _____ () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\extensions\bundled\lastsynchronized.bundled
2015-06-01 19:17 - 2015-06-01 19:17 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\extensions\bundled\registry
2015-06-01 19:17 - 2015-06-01 19:17 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\extensions\bundled\registry\com.sun.star.comp.deployment.bundle.PackageRegistryBackend
2015-06-01 19:17 - 2015-06-01 19:17 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\extensions\bundled\registry\com.sun.star.comp.deployment.component.PackageRegistryBackend
2015-06-01 19:17 - 2015-06-01 19:17 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\extensions\bundled\registry\com.sun.star.comp.deployment.configuration.PackageRegistryBackend
2015-06-01 19:17 - 2015-06-01 19:14 - 0000135 _____ () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\extensions\bundled\registry\com.sun.star.comp.deployment.configuration.PackageRegistryBackend\backenddb.xml
2015-06-01 19:17 - 2015-06-01 19:17 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\extensions\bundled\registry\com.sun.star.comp.deployment.executable.PackageRegistryBackend
2015-06-01 19:17 - 2015-06-01 19:17 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\extensions\bundled\registry\com.sun.star.comp.deployment.help.PackageRegistryBackend
2015-06-01 19:17 - 2015-06-01 19:14 - 0000117 _____ () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\extensions\bundled\registry\com.sun.star.comp.deployment.help.PackageRegistryBackend\backenddb.xml
2015-06-01 19:17 - 2015-06-01 19:17 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\extensions\bundled\registry\com.sun.star.comp.deployment.script.PackageRegistryBackend
2015-06-01 19:17 - 2015-06-01 19:17 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\extensions\bundled\registry\com.sun.star.comp.deployment.sfwk.PackageRegistryBackend
2015-06-01 19:17 - 2015-06-01 19:17 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\extensions\shared
2015-06-01 19:17 - 2015-06-01 19:17 - 0000001 _____ () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\extensions\shared\lastsynchronized
2015-06-01 19:17 - 2015-06-01 19:17 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\extensions\shared\registry
2015-06-01 19:17 - 2015-06-01 19:17 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\extensions\shared\registry\com.sun.star.comp.deployment.bundle.PackageRegistryBackend
2015-06-01 19:17 - 2015-06-01 19:17 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\extensions\shared\registry\com.sun.star.comp.deployment.component.PackageRegistryBackend
2015-06-01 19:17 - 2015-06-01 19:17 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\extensions\shared\registry\com.sun.star.comp.deployment.configuration.PackageRegistryBackend
2015-06-01 19:17 - 2015-06-01 19:17 - 0000135 _____ () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\extensions\shared\registry\com.sun.star.comp.deployment.configuration.PackageRegistryBackend\backenddb.xml
2015-06-01 19:17 - 2015-06-01 19:17 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\extensions\shared\registry\com.sun.star.comp.deployment.executable.PackageRegistryBackend
2015-06-01 19:17 - 2015-06-01 19:17 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\extensions\shared\registry\com.sun.star.comp.deployment.help.PackageRegistryBackend
2015-06-01 19:17 - 2015-06-01 19:17 - 0000117 _____ () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\extensions\shared\registry\com.sun.star.comp.deployment.help.PackageRegistryBackend\backenddb.xml
2015-06-01 19:17 - 2015-06-01 19:17 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\extensions\shared\registry\com.sun.star.comp.deployment.script.PackageRegistryBackend
2015-06-01 19:17 - 2015-06-01 19:17 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\extensions\shared\registry\com.sun.star.comp.deployment.sfwk.PackageRegistryBackend
2015-06-01 19:17 - 2015-09-28 20:49 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\extensions\tmp
2015-06-01 19:17 - 2015-06-01 19:17 - 0000005 _____ () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\extensions\tmp\extensions.pmap
2015-06-01 19:17 - 2015-06-01 19:19 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\extensions\tmp\extensions
2015-06-01 19:17 - 2015-06-01 19:17 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\extensions\tmp\registry
2015-06-01 19:17 - 2015-06-01 19:17 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\extensions\tmp\registry\com.sun.star.comp.deployment.bundle.PackageRegistryBackend
2015-06-01 19:17 - 2015-06-01 19:17 - 0000125 _____ () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\extensions\tmp\registry\com.sun.star.comp.deployment.bundle.PackageRegistryBackend\backenddb.xml
2015-06-01 19:17 - 2015-06-01 19:17 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\extensions\tmp\registry\com.sun.star.comp.deployment.component.PackageRegistryBackend
2015-06-01 19:17 - 2015-06-01 19:17 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\extensions\tmp\registry\com.sun.star.comp.deployment.configuration.PackageRegistryBackend
2015-06-01 19:17 - 2015-06-01 19:17 - 0000135 _____ () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\extensions\tmp\registry\com.sun.star.comp.deployment.configuration.PackageRegistryBackend\backenddb.xml
2015-06-01 19:17 - 2015-06-01 19:17 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\extensions\tmp\registry\com.sun.star.comp.deployment.executable.PackageRegistryBackend
2015-06-01 19:17 - 2015-06-01 19:17 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\extensions\tmp\registry\com.sun.star.comp.deployment.help.PackageRegistryBackend
2015-06-01 19:17 - 2015-06-01 19:17 - 0000117 _____ () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\extensions\tmp\registry\com.sun.star.comp.deployment.help.PackageRegistryBackend\backenddb.xml
2015-06-01 19:17 - 2015-06-01 19:17 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\extensions\tmp\registry\com.sun.star.comp.deployment.script.PackageRegistryBackend
2015-06-01 19:17 - 2015-06-01 19:17 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\extensions\tmp\registry\com.sun.star.comp.deployment.sfwk.PackageRegistryBackend
2015-06-01 19:17 - 2015-09-25 16:26 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\gallery
2015-06-01 19:17 - 2014-02-25 10:06 - 0002048 _____ () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\gallery\sg100.sdv
2015-06-01 19:17 - 2014-02-25 10:06 - 0000538 _____ () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\gallery\sg100.thm
2015-06-01 19:17 - 2014-02-25 10:06 - 0002048 _____ () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\gallery\sg30.sdv
2015-06-01 19:17 - 2014-02-25 10:06 - 0000565 _____ () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\gallery\sg30.thm
2015-06-01 19:17 - 2015-06-01 19:17 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\Scripts
2015-06-01 19:17 - 2015-08-18 20:15 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\store
2015-08-18 20:15 - 2015-08-18 20:15 - 0009878 _____ () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\store\.templdir.cache
2015-06-01 19:17 - 2015-06-01 19:17 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\temp
2015-06-01 19:17 - 2015-06-01 19:17 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\template
2015-06-01 19:17 - 2015-06-01 19:17 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\uno_packages
2015-06-01 19:17 - 2015-10-29 16:29 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\uno_packages\cache
2015-06-01 19:17 - 2015-10-29 16:29 - 0007555 _____ () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\uno_packages\cache\log.txt
2015-06-01 19:17 - 2015-06-01 19:17 - 0000860 _____ () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\uno_packages\cache\uno_packages.pmap
2015-06-01 19:17 - 2015-06-01 19:17 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\uno_packages\cache\registry
2015-06-01 19:17 - 2015-06-01 19:17 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\uno_packages\cache\registry\com.sun.star.comp.deployment.bundle.PackageRegistryBackend
2015-06-01 19:17 - 2015-06-01 19:17 - 0002973 _____ () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\uno_packages\cache\registry\com.sun.star.comp.deployment.bundle.PackageRegistryBackend\backenddb.xml
2015-06-01 19:17 - 2015-06-01 19:17 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\uno_packages\cache\registry\com.sun.star.comp.deployment.component.PackageRegistryBackend
2015-06-01 19:17 - 2015-06-01 19:17 - 0000464 _____ () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\uno_packages\cache\registry\com.sun.star.comp.deployment.component.PackageRegistryBackend\backenddb.xml
2015-06-01 19:17 - 2015-06-01 19:17 - 0008192 _____ () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\uno_packages\cache\registry\com.sun.star.comp.deployment.component.PackageRegistryBackend\common.rdb
2015-06-01 19:17 - 2015-06-01 19:17 - 0000178 _____ () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\uno_packages\cache\registry\com.sun.star.comp.deployment.component.PackageRegistryBackend\unorc
2015-06-01 19:17 - 2015-06-01 19:18 - 0001536 _____ () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\uno_packages\cache\registry\com.sun.star.comp.deployment.component.PackageRegistryBackend\Windows_x86.rdb
2015-06-01 19:17 - 2015-06-01 19:17 - 0000141 _____ () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\uno_packages\cache\registry\com.sun.star.comp.deployment.component.PackageRegistryBackend\Windows_x86rc
2015-06-01 19:17 - 2015-06-01 19:17 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\uno_packages\cache\registry\com.sun.star.comp.deployment.configuration.PackageRegistryBackend
2015-06-01 19:17 - 2015-06-01 19:17 - 0003495 _____ () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\uno_packages\cache\registry\com.sun.star.comp.deployment.configuration.PackageRegistryBackend\backenddb.xml
2015-06-01 19:17 - 2015-06-01 19:17 - 0000895 _____ () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\uno_packages\cache\registry\com.sun.star.comp.deployment.configuration.PackageRegistryBackend\configmgr.ini
2015-06-01 19:17 - 2015-06-01 19:17 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\uno_packages\cache\registry\com.sun.star.comp.deployment.configuration.PackageRegistryBackend\svx296.tmp
2015-06-01 19:17 - 2015-06-01 19:17 - 0002144 _____ () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\uno_packages\cache\registry\com.sun.star.comp.deployment.configuration.PackageRegistryBackend\svx296.tmp\dictionaries.xcu
2015-06-01 19:17 - 2015-06-01 19:17 - 0000000 ____D () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\uno_packages\cache\registry\com.sun.star.comp.deployment.configuration.PackageRegistryBackend\svx2s8.tmp
2015-06-01 19:17 - 2015-06-01 19:17 - 0002144 _____ () C:\Users\Marie-Luise\AppData\Roaming\OpenOffice\4\user\uno_packages\cache\registry\com.sun.star.comp.deployment.configuration.PackageRegistryBackend\svx2s8.tmp\dictionaries.xcu
|
|
01.12.2015, 19:38
| #14 |
| /// TB-Ausbilder | Windows7: Trojaner, registy befallen, HKU, HKCU Servus, welche Meldungen sind das von Avira? Bitte genauen Wortlaut. Avira bitte deaktivieren, während wir mit FRST arbeiten. bitte alles posten.  |
|
01.12.2015, 19:49
| #15 |
| | Windows7: Trojaner, registy befallen, HKU, HKCU SYstemlook.txt Code:
ATTFilter SystemLook 30.07.11 by jpshortstuff
Log created at 19:35 on 01/12/2015 by Marie-Luise
Administrator - Elevation successful
========== filefind ==========
Searching for "*isotope-4*"
No files found.
Searching for "*blvds-47*"
No files found.
Searching for "*diode-06*"
No files found.
Searching for "*jedec-08*"
No files found.
Searching for "*pendulum-28*"
No files found.
Searching for "*glonass-89*"
No files found.
========== folderfind ==========
Searching for "*isotope-4*"
No folders found.
Searching for "*blvds-47*"
No folders found.
Searching for "*diode-06*"
No folders found.
Searching for "*jedec-08*"
No folders found.
Searching for "*pendulum-28*"
C:\FRST\Quarantine\C\Users\Marie-Luise\AppData\Roaming\pendulum-28 d------ [20:59 25/11/2015]
Searching for "*glonass-89*"
C:\FRST\Quarantine\C\Users\Marie-Luise\AppData\Roaming\glonass-89 d------ [18:00 18/11/2015]
========== regfind ==========
Searching for "isotope-4"
No data found.
Searching for "blvds-47"
No data found.
Searching for "diode-06"
No data found.
Searching for "jedec-08"
No data found.
Searching for "pendulum-28"
No data found.
Searching for "glonass-89"
No data found.
-= EOF =-
Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:29-11-2015 durchgeführt von Marie-Luise (Administrator) auf MARIE-NOTEBOOK (01-12-2015 19:47:41) Gestartet von C:\Users\Marie-Luise\Desktop Geladene Profile: Marie-Luise (Verfügbare Profile: Marie-Luise) Platform: Windows 7 Professional Service Pack 1 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: FF) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (Lenovo.) C:\Windows\System32\ibmpmsvc.exe (DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe (DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe (Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe () C:\ProgramData\DatacardService\DCService.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe (Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe (Lenovo.) C:\Windows\System32\TpShocks.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe (Screenleap, Inc.) C:\Users\Marie-Luise\AppData\Local\Screenleap\Screenleap.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe (Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe (Docking Station) C:\Program Files (x86)\Lenovo\USB3.0 DVI Adapter\igpxtskmgn64win7.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicatorCom.exe (Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Validity Sensors, Inc.) C:\Program Files\Lenovo Fingerprint Reader\ValBioService.exe (Validity Sensors, Inc.) C:\Program Files\Lenovo Fingerprint Reader\SwipeMonitor.exe (Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.EXE (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [900704 2013-03-15] (Conexant Systems, Inc.) HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] () HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.) HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [384344 2013-11-29] (Lenovo.) HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [184112 2012-09-17] (Intel Corporation) HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2810608 2014-04-07] (Synaptics Incorporated) HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-05-16] (Intel Corporation) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-10-21] (Intel Corporation) HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [552960 2013-05-14] (Vimicro) HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [782520 2015-10-11] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard) HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH) HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66320 2015-10-14] (Avira Operations GmbH & Co. KG) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\...\Run: [HP Officejet 6700 (NET)] => C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.) HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\...\Run: [Screenleap] => C:\Users\Marie-Luise\AppData\Local\Screenleap\Screenleap.exe [2856992 2015-11-29] (Screenleap, Inc.) HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\...\RunOnce: [Uninstall C:\Users\Marie-Luise\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Marie-Luise\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\amd64" HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\...\RunOnce: [anode-94] => C:\Users\Marie-Luise\AppData\Roaming\anode-75\anode-82.exe [619520 2015-12-01] (American Megatrends, Inc) HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\...\MountPoints2: {8225d693-4841-11e5-9626-f8165465672d} - E:\AutoRun.exe HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\...\MountPoints2: {de3f79ed-2748-11e4-b820-806e6f6e6963} - Q:\LenovoQDrive.exe Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\igpxtskmgn.lnk [2014-08-19] ShortcutTarget: igpxtskmgn.lnk -> C:\Program Files (x86)\Lenovo\USB3.0 DVI Adapter\igpxtskmgn64win7.exe (Docking Station) Startup: C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2015-10-02] ShortcutTarget: An OneNote senden.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 6700 (Netzwerk).lnk [2015-12-01] ShortcutTarget: Tintenwarnungen überwachen - HP Officejet 6700 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet 6700\Bin\HPStatusBL.dll (Hewlett-Packard Co.) Startup: C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\weber-7.lnk [2015-12-01] ShortcutTarget: weber-7.lnk -> C:\Users\Marie-Luise\AppData\Roaming\weber-81\weber-8.exe (Intel(R) Corporation) ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{B3636DED-3BAF-45B6-A1E8-E155B3A14D72}: [DhcpNameServer] 192.168.178.1 Internet Explorer: ================== HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13-comm.msn.com/?pc=LNJB HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad SearchScopes: HKU\S-1-5-21-1401465016-1591747146-3379758321-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2015-11-01] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2015-11-01] (Microsoft Corporation) BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2015-11-01] (Microsoft Corporation) BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2015-11-01] (Microsoft Corporation) BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation.) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation.) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-11-01] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-11-01] (Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-11-01] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-11-01] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012 FF Homepage: hxxp://www.jugendlosungen.de/ FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-15] () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-15] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-05-16] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-05-16] (Intel Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2015-11-01] (Microsoft Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.) FF Extension: GMX MailCheck - C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\extensions\mailcheck@gmx.net [2015-11-18] FF Extension: Adblock Plus - C:\Users\Marie-Luise\AppData\Roaming\Mozilla\Firefox\Profiles\26x876dm.default-1432661222012\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-11-29] FF HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] [ist nicht signiert] Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - hxxp://clients2.google.com/service/update2/crx ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [932912 2015-10-11] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [461672 2015-10-11] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [461672 2015-10-11] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1147720 2015-10-14] (Avira Operations GmbH & Co. KG) S2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [243968 2015-10-14] (Avira Operations GmbH & Co. KG) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2869432 2015-11-01] (Microsoft Corporation) R2 DCService.exe; C:\ProgramData\DatacardService\DCService.exe [229376 2010-05-08] () [Datei ist nicht signiert] R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [9281840 2013-10-11] (DisplayLink Corp.) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [Datei ist nicht signiert] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-05-16] (Intel Corporation) R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [136288 2012-08-10] (Lenovo Group Limited) S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272424 2015-08-17] (Lenovo) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-17] () S3 Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software) [Datei ist nicht signiert] S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [21536 2015-09-29] () R2 ValBioService; C:\Program Files\Lenovo Fingerprint Reader\ValBioService.exe [22776 2015-03-03] (Validity Sensors, Inc.) R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [49968 2015-03-03] (Synaptics Incorporated) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-01-17] (Intel® Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [163544 2015-10-11] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [141416 2015-09-01] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-04-16] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [74952 2015-10-11] (Avira Operations GmbH & Co. KG) R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [132920 2013-04-23] (Motorola Solutions, Inc.) R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1385272 2013-08-08] (Motorola Solutions, Inc.) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [250368 2010-04-07] (Huawei Technologies Co., Ltd.) R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-02] (Intel Corporation) R3 ibtusb; C:\Windows\System32\DRIVERS\ibtusb.sys [113096 2013-08-20] (Intel Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-12-01] (Malwarebytes) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation) R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw02.sys [3429344 2014-02-18] (Intel Corporation) R3 RTSPER; C:\Windows\System32\DRIVERS\RtsPer.sys [418008 2013-06-24] (Realsil Semiconductor Corporation) R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [31472 2014-04-07] (Synaptics Incorporated) S3 tvtvcamd; C:\Windows\System32\DRIVERS\tvtvcamd.sys [27432 2013-09-26] (ThinkVantage Communications Utility) R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [206744 2013-06-20] (Windows (R) Win 7 DDK provider) R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [1065344 2013-09-11] (Vimicro Corporation) ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-12-01 19:35 - 2015-12-01 19:38 - 00002498 _____ C:\Users\Marie-Luise\Desktop\SystemLook.txt 2015-12-01 19:34 - 2015-12-01 19:34 - 00165376 _____ C:\Users\Marie-Luise\Desktop\SystemLook_x64.exe 2015-12-01 18:34 - 2015-12-01 18:34 - 00000000 ____D C:\Users\Marie-Luise\AppData\Roaming\weber-81 2015-12-01 18:32 - 2015-12-01 18:32 - 00000000 ____D C:\ProgramData\vctxo-76 2015-12-01 18:25 - 2015-12-01 18:25 - 00000000 ____D C:\Users\Marie-Luise\AppData\Roaming\anode-75 2015-12-01 18:24 - 2015-12-01 19:45 - 00000000 ____D C:\ProgramData\ascii-8 2015-11-30 21:04 - 2015-11-30 21:04 - 02870984 _____ (ESET) C:\Users\Marie-Luise\Desktop\esetsmartinstaller_deu.exe 2015-11-30 21:00 - 2015-11-30 21:07 - 00000000 ____D C:\ProgramData\HitmanPro 2015-11-30 20:59 - 2015-11-30 20:59 - 11337112 _____ (SurfRight B.V.) C:\Users\Marie-Luise\Desktop\HitmanPro_x64.exe 2015-11-30 20:54 - 2015-11-30 20:54 - 00000000 ____D C:\Users\Marie-Luise\AppData\Local\CrashRpt 2015-11-30 20:42 - 2015-11-30 20:42 - 00001027 _____ C:\Users\Marie-Luise\Desktop\JRT.txt 2015-11-30 20:39 - 2015-11-30 20:39 - 01599336 _____ (Malwarebytes) C:\Users\Marie-Luise\Desktop\JRT.exe 2015-11-30 19:38 - 2015-12-01 19:14 - 00702993 _____ C:\Users\Marie-Luise\Desktop\Fixlog.txt 2015-11-29 21:24 - 2015-11-29 21:58 - 00671528 _____ C:\TDSSKiller.3.1.0.6_29.11.2015_21.24.07_log.txt 2015-11-29 21:19 - 2015-12-01 19:45 - 00028796 _____ C:\Users\Marie-Luise\Desktop\Addition.txt 2015-11-29 21:19 - 2015-11-29 21:19 - 04397752 _____ (Kaspersky Lab ZAO) C:\Users\Marie-Luise\Desktop\tdsskiller.exe 2015-11-29 21:18 - 2015-12-01 19:47 - 00021109 _____ C:\Users\Marie-Luise\Desktop\FRST.txt 2015-11-29 21:18 - 2015-12-01 19:47 - 00000000 ____D C:\FRST 2015-11-29 21:17 - 2015-11-29 21:17 - 02350080 _____ (Farbar) C:\Users\Marie-Luise\Desktop\FRST64.exe 2015-11-29 20:47 - 2015-11-29 20:47 - 00001025 _____ C:\Users\Marie-Luise\Desktop\AdwCleaner[C1].txt 2015-11-29 20:13 - 2015-11-29 20:19 - 00000000 ____D C:\AdwCleaner 2015-11-29 20:08 - 2015-11-29 20:08 - 01733632 _____ C:\Users\Marie-Luise\Desktop\adwcleaner_5.022.exe 2015-11-29 20:00 - 2015-12-01 19:45 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-11-29 20:00 - 2015-11-29 20:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-11-29 19:59 - 2015-11-29 20:00 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-11-29 19:59 - 2015-11-29 19:59 - 00000000 ____D C:\ProgramData\Malwarebytes 2015-11-29 19:59 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-11-29 19:59 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-11-29 19:59 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2015-11-29 19:57 - 2015-11-29 19:59 - 22908888 _____ (Malwarebytes ) C:\Users\Marie-Luise\Desktop\mbam-setup-2.2.0.1024.exe.part 2015-11-29 19:57 - 2015-11-29 19:58 - 22908888 _____ (Malwarebytes ) C:\Users\Marie-Luise\Desktop\mbam-setup-2.2.0.1024.exe 2015-11-29 19:51 - 2015-11-29 21:28 - 00000064 _____ C:\Users\Marie-Luise\.screenleap 2015-11-29 19:51 - 2015-11-29 20:29 - 00000000 ____D C:\Users\Marie-Luise\AppData\Local\Screenleap 2015-11-29 19:51 - 2015-11-29 19:51 - 00002000 _____ C:\Users\Marie-Luise\Desktop\Screenleap.lnk 2015-11-15 17:20 - 2015-11-03 18:55 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-11-13 08:38 - 2015-10-20 19:42 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-11-13 08:38 - 2015-10-20 19:42 - 02608128 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-11-13 08:38 - 2015-10-20 19:42 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-11-13 08:38 - 2015-10-20 19:42 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-11-13 08:38 - 2015-10-20 19:42 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-11-13 08:38 - 2015-10-20 19:42 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2015-11-13 08:38 - 2015-10-20 19:42 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2015-11-13 08:38 - 2015-10-20 19:41 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-11-13 08:38 - 2015-10-20 19:41 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll 2015-11-13 08:38 - 2015-10-20 19:41 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-11-13 08:38 - 2015-10-20 19:41 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll 2015-11-13 08:38 - 2015-10-20 18:46 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2015-11-13 08:38 - 2015-10-20 18:46 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2015-11-13 08:38 - 2015-10-20 18:46 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2015-11-13 08:38 - 2015-10-20 18:46 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2015-11-13 08:38 - 2015-10-20 18:45 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2015-11-13 08:35 - 2015-11-03 23:10 - 00390344 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-11-13 08:35 - 2015-11-03 22:51 - 00342728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-11-13 08:35 - 2015-10-31 00:46 - 25818624 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-11-13 08:35 - 2015-10-31 00:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-11-13 08:35 - 2015-10-31 00:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-11-13 08:35 - 2015-10-31 00:25 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-11-13 08:35 - 2015-10-31 00:25 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-11-13 08:35 - 2015-10-31 00:25 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-11-13 08:35 - 2015-10-31 00:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-11-13 08:35 - 2015-10-31 00:24 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-11-13 08:35 - 2015-10-31 00:24 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-11-13 08:35 - 2015-10-31 00:17 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-11-13 08:35 - 2015-10-31 00:16 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-11-13 08:35 - 2015-10-31 00:13 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-11-13 08:35 - 2015-10-31 00:12 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-11-13 08:35 - 2015-10-31 00:12 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-11-13 08:35 - 2015-10-31 00:11 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-11-13 08:35 - 2015-10-31 00:11 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-11-13 08:35 - 2015-10-31 00:11 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-11-13 08:35 - 2015-10-31 00:04 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-11-13 08:35 - 2015-10-31 00:01 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-11-13 08:35 - 2015-10-30 23:58 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-11-13 08:35 - 2015-10-30 23:53 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-11-13 08:35 - 2015-10-30 23:52 - 20331520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-11-13 08:35 - 2015-10-30 23:49 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-11-13 08:35 - 2015-10-30 23:49 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-11-13 08:35 - 2015-10-30 23:47 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-11-13 08:35 - 2015-10-30 23:46 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-11-13 08:35 - 2015-10-30 23:46 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-11-13 08:35 - 2015-10-30 23:45 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2015-11-13 08:35 - 2015-10-30 23:45 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-11-13 08:35 - 2015-10-30 23:44 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2015-11-13 08:35 - 2015-10-30 23:44 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-11-13 08:35 - 2015-10-30 23:42 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-11-13 08:35 - 2015-10-30 23:39 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-11-13 08:35 - 2015-10-30 23:39 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-11-13 08:35 - 2015-10-30 23:37 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-11-13 08:35 - 2015-10-30 23:36 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-11-13 08:35 - 2015-10-30 23:36 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-11-13 08:35 - 2015-10-30 23:36 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-11-13 08:35 - 2015-10-30 23:34 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2015-11-13 08:35 - 2015-10-30 23:32 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-11-13 08:35 - 2015-10-30 23:31 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-11-13 08:35 - 2015-10-30 23:29 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-11-13 08:35 - 2015-10-30 23:29 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-11-13 08:35 - 2015-10-30 23:28 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-11-13 08:35 - 2015-10-30 23:23 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-11-13 08:35 - 2015-10-30 23:22 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-11-13 08:35 - 2015-10-30 23:21 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-11-13 08:35 - 2015-10-30 23:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-11-13 08:35 - 2015-10-30 23:18 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-11-13 08:35 - 2015-10-30 23:17 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-11-13 08:35 - 2015-10-30 23:17 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2015-11-13 08:35 - 2015-10-30 23:16 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-11-13 08:35 - 2015-10-30 23:11 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2015-11-13 08:35 - 2015-10-30 23:10 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-11-13 08:35 - 2015-10-30 23:09 - 12854272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-11-13 08:35 - 2015-10-30 23:09 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-11-13 08:35 - 2015-10-30 23:09 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-11-13 08:35 - 2015-10-30 23:04 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-11-13 08:35 - 2015-10-30 22:53 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-11-13 08:35 - 2015-10-30 22:51 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-11-13 08:35 - 2015-10-30 22:48 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-11-13 08:35 - 2015-10-30 22:46 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-11-13 08:33 - 2015-10-20 02:12 - 05570496 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-11-13 08:32 - 2015-10-20 02:12 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-11-13 08:32 - 2015-10-20 02:12 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-11-13 08:32 - 2015-10-20 02:09 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-11-13 08:32 - 2015-10-20 02:06 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2015-11-13 08:32 - 2015-10-20 02:06 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2015-11-13 08:32 - 2015-10-20 02:06 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2015-11-13 08:32 - 2015-10-20 02:06 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2015-11-13 08:32 - 2015-10-20 02:05 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-11-13 08:32 - 2015-10-20 02:05 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2015-11-13 08:32 - 2015-10-20 02:05 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2015-11-13 08:32 - 2015-10-20 02:05 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-11-13 08:32 - 2015-10-20 02:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-11-13 08:32 - 2015-10-20 02:05 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2015-11-13 08:32 - 2015-10-20 02:05 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-11-13 08:32 - 2015-10-20 02:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-11-13 08:32 - 2015-10-20 02:05 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-11-13 08:32 - 2015-10-20 02:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-11-13 08:32 - 2015-10-20 02:05 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-11-13 08:32 - 2015-10-20 02:05 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-11-13 08:32 - 2015-10-20 02:05 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-11-13 08:32 - 2015-10-20 02:05 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-11-13 08:32 - 2015-10-20 02:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-11-13 08:32 - 2015-10-20 02:05 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2015-11-13 08:32 - 2015-10-20 02:05 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-11-13 08:32 - 2015-10-20 02:05 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-11-13 08:32 - 2015-10-20 02:05 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-11-13 08:32 - 2015-10-20 02:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-11-13 08:32 - 2015-10-20 02:05 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2015-11-13 08:32 - 2015-10-20 02:04 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2015-11-13 08:32 - 2015-10-20 02:04 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-11-13 08:32 - 2015-10-20 02:04 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-11-13 08:32 - 2015-10-20 02:00 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-11-13 08:32 - 2015-10-20 01:59 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-11-13 08:32 - 2015-10-20 01:53 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-11-13 08:32 - 2015-10-20 01:53 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-11-13 08:32 - 2015-10-20 01:53 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:53 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:52 - 03991488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-11-13 08:32 - 2015-10-20 01:52 - 03935680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-11-13 08:32 - 2015-10-20 01:48 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-11-13 08:32 - 2015-10-20 01:45 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-11-13 08:32 - 2015-10-20 01:45 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-11-13 08:32 - 2015-10-20 01:45 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-11-13 08:32 - 2015-10-20 01:45 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-11-13 08:32 - 2015-10-20 01:45 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-11-13 08:32 - 2015-10-20 01:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-11-13 08:32 - 2015-10-20 01:45 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-11-13 08:32 - 2015-10-20 01:45 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2015-11-13 08:32 - 2015-10-20 01:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2015-11-13 08:32 - 2015-10-20 01:45 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-11-13 08:32 - 2015-10-20 01:45 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-11-13 08:32 - 2015-10-20 01:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2015-11-13 08:32 - 2015-10-20 01:44 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2015-11-13 08:32 - 2015-10-20 01:44 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2015-11-13 08:32 - 2015-10-20 01:44 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2015-11-13 08:32 - 2015-10-20 01:44 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-11-13 08:32 - 2015-10-20 01:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-11-13 08:32 - 2015-10-20 01:44 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2015-11-13 08:32 - 2015-10-20 01:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-11-13 08:32 - 2015-10-20 01:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-11-13 08:32 - 2015-10-20 01:35 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-11-13 08:32 - 2015-10-20 01:35 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2015-11-13 08:32 - 2015-10-20 01:35 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:35 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 00:41 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2015-11-13 08:32 - 2015-10-20 00:40 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2015-11-13 08:32 - 2015-10-20 00:40 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2015-11-13 08:32 - 2015-10-20 00:29 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2015-11-13 08:32 - 2015-10-20 00:29 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2015-11-13 08:32 - 2015-10-20 00:27 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 00:27 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 00:27 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2015-11-13 08:32 - 2015-10-20 00:27 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2015-11-13 08:32 - 2015-10-13 17:41 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2015-11-13 08:32 - 2015-10-13 17:40 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys 2015-11-13 08:32 - 2015-10-13 05:57 - 00950720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys 2015-11-13 08:32 - 2015-09-23 14:15 - 00460776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2015-11-13 08:32 - 2015-09-23 14:15 - 00299632 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll 2015-11-13 08:32 - 2015-09-23 14:09 - 00251000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll 2015-11-13 08:31 - 2015-10-01 19:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll 2015-11-13 08:31 - 2015-10-01 19:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll 2015-11-13 08:31 - 2015-10-01 18:50 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll 2015-11-11 21:39 - 2015-11-14 17:48 - 00000000 ____D C:\ProgramData\en ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-12-01 19:45 - 2009-07-14 04:20 - 00000000 ____D C:\Windows 2015-12-01 19:23 - 2009-07-14 05:45 - 00031904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-12-01 19:23 - 2009-07-14 05:45 - 00031904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-12-01 19:21 - 2014-08-19 13:14 - 00699342 _____ C:\Windows\system32\perfh007.dat 2015-12-01 19:21 - 2014-08-19 13:14 - 00149450 _____ C:\Windows\system32\perfc007.dat 2015-12-01 19:21 - 2009-07-14 06:13 - 01619284 _____ C:\Windows\system32\PerfStringBackup.INI 2015-12-01 19:21 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf 2015-12-01 19:15 - 2014-08-19 03:53 - 00000000 ____D C:\ProgramData\Validity 2015-12-01 19:15 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-12-01 19:08 - 2015-08-18 19:53 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-11-30 20:12 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache 2015-11-30 19:05 - 2015-10-25 21:10 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2015-11-30 18:58 - 2015-05-05 19:39 - 00000000 ____D C:\Users\Marie-Luise\AppData\Local\VirtualStore 2015-11-29 19:51 - 2015-05-05 19:38 - 00000000 ____D C:\Users\Marie-Luise 2015-11-18 21:52 - 2014-08-19 04:04 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2015-11-18 21:50 - 2014-08-19 04:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Office 2015-11-16 18:49 - 2009-07-14 05:45 - 00353816 _____ C:\Windows\system32\FNTCACHE.DAT 2015-11-15 20:49 - 2014-08-18 20:55 - 00000000 ____D C:\ProgramData\Lenovo 2015-11-15 20:48 - 2014-08-19 03:55 - 00000000 ____D C:\Windows\System32\Tasks\TVT 2015-11-15 20:48 - 2014-08-19 03:51 - 00000000 ___HD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools 2015-11-15 20:48 - 2014-08-19 03:41 - 00000000 ____D C:\Program Files (x86)\Lenovo 2015-11-15 17:08 - 2015-08-18 19:53 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-11-15 17:08 - 2015-05-23 19:20 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-11-15 17:08 - 2015-05-23 19:20 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-11-13 08:37 - 2014-01-30 22:46 - 01593564 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2015-11-13 08:35 - 2014-02-03 15:34 - 00000000 ____D C:\Program Files\Windows Journal 2015-11-10 18:33 - 2015-05-16 12:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-11-10 18:33 - 2014-08-19 03:44 - 00000000 ____D C:\ProgramData\Package Cache 2015-11-09 18:32 - 2015-05-16 12:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-11-01 20:08 - 2015-07-05 19:31 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2015-05-25 17:00 - 2015-05-25 17:00 - 16342352 _____ (Geek Software GmbH ) C:\Program Files (x86)\pdf24-creator-6.9.2.exe 2015-05-21 06:48 - 2015-05-21 06:48 - 0000057 _____ () C:\ProgramData\Ament.ini 2014-08-19 03:53 - 2014-08-19 03:53 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2014-08-19 03:58 - 2014-08-19 03:59 - 0000107 _____ () C:\ProgramData\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}.log 2014-08-19 03:56 - 2014-08-19 03:57 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log 2014-08-19 03:57 - 2014-08-19 03:58 - 0000110 _____ () C:\ProgramData\{B7A0CE06-068E-11D6-97FD-0050BACBF861}.log 2014-08-19 03:58 - 2014-08-19 03:58 - 0000115 _____ () C:\ProgramData\{D6E853EC-8960-4D44-AF03-7361BB93227C}.log Einige Dateien in TEMP: ==================== C:\Users\Marie-Luise\AppData\Local\Temp\avgnt.exe Einige mit null Byte Größe Dateien/Ordner: ========================== C:\Windows\SysWOW64\dlumd10.dll C:\Windows\SysWOW64\dlumd11.dll C:\Windows\SysWOW64\dlumd9.dll C:\Windows\System32\dlumd10.dll C:\Windows\System32\dlumd11.dll C:\Windows\System32\dlumd9.dll ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\Windows\system32\winlogon.exe => Datei ist digital signiert C:\Windows\system32\wininit.exe => Datei ist digital signiert C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert C:\Windows\explorer.exe => Datei ist digital signiert C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert C:\Windows\system32\svchost.exe => Datei ist digital signiert C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert C:\Windows\system32\services.exe => Datei ist digital signiert C:\Windows\system32\User32.dll => Datei ist digital signiert C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert C:\Windows\system32\userinit.exe => Datei ist digital signiert C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert C:\Windows\system32\rpcss.dll => Datei ist digital signiert C:\Windows\system32\dnsapi.dll => Datei ist digital signiert C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2015-11-30 20:04 ==================== Ende von FRST.txt ============================ Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:29-11-2015
durchgeführt von Marie-Luise (2015-12-01 19:48:01)
Gestartet von C:\Users\Marie-Luise\Desktop
Windows 7 Professional Service Pack 1 (X64) (2015-05-05 18:38:17)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-1401465016-1591747146-3379758321-500 - Administrator - Disabled)
Gast (S-1-5-21-1401465016-1591747146-3379758321-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1401465016-1591747146-3379758321-1002 - Limited - Enabled)
Marie-Luise (S-1-5-21-1401465016-1591747146-3379758321-1001 - Administrator - Enabled) => C:\Users\Marie-Luise
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.180 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.13.210 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{59c4462d-a177-4d44-a95b-deda1be79844}) (Version: 1.1.49.18939 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.49.18939 - Avira Operations GmbH & Co. KG) Hidden
Bing Bar (HKLM-x32\...\{3611CA6C-5FCA-4900-A329-6A118123CCFC}) (Version: 7.1.355.0 - Microsoft Corporation)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.64.62.50 - Conexant)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
DisplayLink Core Software (HKLM\...\{BB07E020-7224-4EC3-864E-2AA0BF42A7DD}) (Version: 7.4.51572.0 - DisplayLink Corp.)
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 16.1.20150424 - Landesfinanzdirektion Thüringen)
Energie-Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.64.1 - Lenovo Group Limited)
HP Officejet 6700 - Grundlegende Software für das Gerät (HKLM\...\{9086D601-50B7-491D-A143-28193DADE36B}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 6700 Hilfe (HKLM-x32\...\{E1AE0CB7-1333-4728-8520-CB3F88A252B4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Integrated Camera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 5.13.911.3 - Vimicro)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.10.1372 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3272 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 3.0.1332.1) (HKLM\...\{302600C1-6BDF-4FD1-1307-148929CC1385}) (Version: 3.1.1307.0366 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Intel(R) Update Manager (x32 Version: 1.6.3.70 - Intel Corporation) Hidden
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.2.32 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{F949AE30-83D1-41B2-92D2-F44478DD058A}) (Version: 4.2.24.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{7e493493-a430-4b7b-b8a2-48d61599e220}) (Version: 17.0.0 - Intel Corporation)
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 2.10 - )
Lenovo Fingerprint Manager (HKLM\...\{D6006D3A-B3F5-48DC-8CC0-D353912379F3}) (Version: 4.5.289.0 - Synaptics)
Lenovo Fingerprint Manager (HKLM\...\{F7AB2C19-6A27-4C75-A92A-8CC7C59E5FA2}) (Version: 4.5.289.0 - )
Lenovo Patch Utility (x32 Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.04 - )
Lenovo Solution Center (HKLM\...\{E92E1FF1-B188-43FE-BECA-2248E227E67D}) (Version: 2.8.005.00 - Lenovo Group Limited)
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.07.0013 - Lenovo)
Lenovo USB Graphics (HKLM\...\{7257526E-B74A-488E-BA2E-56327482B06B}) (Version: 7.4.51587.0 - Lenovo)
Lenovo USB3.0 to DVI VGA Monitor Adapter (HKLM-x32\...\{454D32AD-C149-49BE-9F2E-8C089C3D6620}) (Version: 1.07.15 - Lenovo)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0009.00 - Lenovo Group Limited)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0011.00 - Lenovo)
Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office Home and Student 2016 - de-de (HKLM\...\HomeStudentRetail - de-de) (Version: 16.0.6001.1038 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\...\OneDriveSetup.exe) (Version: 17.3.5951.0827 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{e6e75766-da0f-4ba2-9788-6ea593ce702d}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 11.302.09.04.382 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 42.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 de)) (Version: 42.0 - Mozilla)
Mozilla Thunderbird 31.7.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.7.0 (x86 de)) (Version: 31.7.0 - Mozilla)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6001.1038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6001.1038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6001.1038 - Microsoft Corporation) Hidden
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
PDF24 Creator 6.9.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.21234 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.73.618.2013 - Realtek)
Sony PC Companion 2.10.259 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.259 - Sony)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 18.0.7.40 - Synaptics Incorporated)
Thinkpad USB 3.0 Ethernet Adapter Driver (HKLM-x32\...\{D8102684-7BA1-4948-88B9-535F84E6E588}) (Version: 7.4.911.2013 - Lenovo)
ThinkVantage System für aktiven Festplattenschutz (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.78.0.11 - Lenovo)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows-Treiberpaket - Intel Corporation (iaStorA) HDC (08/01/2013 12.8.0.1016) (HKLM\...\C8A921233C0C441A4E4EAABC2AB08C872FD77A6E) (Version: 08/01/2013 12.8.0.1016 - Intel Corporation)
Windows-Treiberpaket - Lenovo 1.67.04.04 (11/07/2013 1.67.04.04) (HKLM\...\70FB73D983446AEE2932B0ED51A770D1BD1348DA) (Version: 11/07/2013 1.67.04.04 - Lenovo)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Wiederherstellungspunkte =========================
15-11-2015 21:57:56 Windows Update
17-11-2015 18:31:47 Free Antivirus - 17.11.2015 18:31
30-11-2015 20:12:03 Geplanter Prüfpunkt
30-11-2015 20:41:04 JRT Pre-Junkware Removal
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {16A98A40-6353-410F-BD28-5345C3E2DBFE} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2015-08-17] ()
Task: {170F753F-2D86-4F1F-9CE1-4AA1A116B757} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2015-08-17] (Lenovo)
Task: {2EFA6B85-313D-4DD0-B0EC-F2F364F27095} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {474F4629-0DE0-49C2-9D0C-EBF7918BE7D0} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2015-09-29] ()
Task: {4E62F553-C70D-4BC3-B8D2-453C72CBEFF9} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\Bootstrap.exe [2013-07-18] (Intel Corporation)
Task: {5F6F5F29-C047-400D-BD94-3D79F9F6CB0E} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PwmIdTsv.exe [2013-10-21] (Lenovo Group Limited)
Task: {7B3C18C9-06C4-485E-AEE2-91B94C98115F} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\Bootstrap.exe [2013-07-18] (Intel Corporation)
Task: {B2853026-549C-413A-AA6D-1DAF46B17F70} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2015-11-01] (Microsoft Corporation)
Task: {B9E972D3-A324-4B34-9048-0E6C4FC35A6E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2015-11-01] (Microsoft Corporation)
Task: {BDB79BDC-99DF-47C8-9513-0EFF6CD0C369} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2015-08-17] (Lenovo)
Task: {C3D0177B-A8A2-4DEE-B8BD-BDC9EAFD18DC} - System32\Tasks\StartPowerDVDService => C:\PROGRAM FILES (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe
Task: {CD821E1D-24FE-4AC5-AE1D-F3A372670DF9} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2015-08-17] ()
Task: {D29C9B0D-7B4F-442B-996D-3F2C93DED596} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2015-08-17] (Lenovo)
Task: {D5E0EB99-D92E-4F82-8685-FC48AC7298EE} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {E9CB273F-6CEF-4BA3-87EC-C20EE48E7600} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-15] (Adobe Systems Incorporated)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2015-10-02 18:45 - 2015-11-01 02:11 - 00161448 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2010-05-08 12:48 - 2010-05-08 12:48 - 00229376 _____ () C:\ProgramData\DatacardService\DCService.exe
2014-08-19 03:51 - 2013-10-21 23:04 - 00117248 ____N () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL
2014-08-19 03:45 - 2010-10-26 05:40 - 00049056 _____ () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
2014-08-19 03:39 - 2013-05-16 09:05 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\Windows:nlsPreferences
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-1401465016-1591747146-3379758321-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Marie-Luise\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{19CCF886-E8AC-4BE6-8588-095562D3E5F8}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{E6EE83DD-7E36-419E-9EAD-11E70FF5AC53}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{78EE11AE-7BAF-4D29-9A6B-D2DC562442FD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F8B03271-CC30-4390-B53F-321E951E6ECB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A3A91B0D-E7FA-477D-AC4E-3E9B2CCAE2B6}] => (Allow) C:\Program Files\HP\HP Officejet 6700\bin\FaxApplications.exe
FirewallRules: [{584F2355-8676-46E0-9165-282BAFE01DDC}] => (Allow) C:\Program Files\HP\HP Officejet 6700\bin\DigitalWizards.exe
FirewallRules: [{17525D02-32D4-4C7B-8D25-7D7E990BAECB}] => (Allow) C:\Program Files\HP\HP Officejet 6700\bin\SendAFax.exe
FirewallRules: [{C5EAB0C6-B0D9-4803-92E6-E3338DFEDD26}] => (Allow) C:\Program Files\HP\HP Officejet 6700\Bin\DeviceSetup.exe
FirewallRules: [{E3B484FE-6055-466D-B607-E6B57FF8676B}] => (Allow) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe
FirewallRules: [{0048073E-4041-42F9-94E3-F25516F9143D}] => (Allow) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{3D2F336D-7117-49FD-B8A2-FC194C9598F5}] => (Allow) C:\Users\Marie-Luise\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [{9D60C568-89F2-42DB-9DEC-7D1704875119}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E921CD51-E941-4B81-A1A6-C79D2F14FDCA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3C7F4936-989A-4354-81B0-7FA153E46F75}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{F808B78E-F593-47C1-B7ED-C600D8D5916B}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (12/01/2015 07:16:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/01/2015 06:19:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/30/2015 10:07:30 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Error: (11/30/2015 09:09:21 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Error: (11/30/2015 09:09:10 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Error: (11/30/2015 09:04:58 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Error: (11/30/2015 08:54:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/30/2015 07:42:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/30/2015 07:05:34 PM) (Source: MsiInstaller) (EventID: 1024) (User: Marie-Notebook)
Description: Produkt: Adobe Acrobat Reader DC - Deutsch - Update "{AC76BA86-7AD7-0000-2550-AC0F094E6F00}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127
Error: (11/30/2015 06:52:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Systemfehler:
=============
Error: (12/01/2015 07:16:33 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Service Host erreicht.
Error: (12/01/2015 07:15:39 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 01.12.2015 um 19:15:00 unerwartet heruntergefahren.
Error: (12/01/2015 07:13:39 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056
Error: (12/01/2015 07:13:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (12/01/2015 07:13:11 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) PROSet/Wireless Event Log" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (12/01/2015 07:13:11 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) PROSet/Wireless Zero Configuration Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (12/01/2015 07:13:08 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.
Error: (12/01/2015 07:13:08 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (12/01/2015 07:13:08 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "MBAMScheduler" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (12/01/2015 07:13:08 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i3-4100M CPU @ 2.50GHz
Prozentuale Nutzung des RAM: 61%
Installierter physikalischer RAM: 3810.46 MB
Verfügbarer physikalischer RAM: 1478.41 MB
Summe virtueller Speicher: 7619.12 MB
Verfügbarer virtueller Speicher: 4741.44 MB
==================== Laufwerke ================================
Drive c: (Windows7_OS) (Fixed) (Total:301.89 GB) (Free:252.21 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive d: (Volume) (Fixed) (Total:146.48 GB) (Free:120.8 GB) NTFS
Drive q: (Lenovo_Recovery) (Fixed) (Total:15.92 GB) (Free:4.03 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 49FC2C21)
Partition 1: (Active) - (Size=1.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=301.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=146.5 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=15.9 GB) - (Type=07 NTFS)
==================== Ende von Addition.txt ============================
|
|
| Themen zu Windows7: Trojaner, registy befallen, HKU, HKCU |
| avira, bericht, betriebssystem, browser, bytes, code, dateien, desktop, einstellungen, entfernen, erstellt, gelöscht, internetbrowser, log, malware, ordner, quarantäne, server, service, software, suche, trojaner, windows, windows 7, winsock |
und 
und speichere die Logdatei auf Deinem Desktop.
Hybrid-Darstellung
