Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Wie werde ich "win32.downloader.gen" los?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 02.02.2017, 13:25   #1
Mon147
 
Wie werde ich "win32.downloader.gen" los? - Standard

Wie werde ich "win32.downloader.gen" los?



Hi,
SpyBot Search&Destroy hat auf meinem PC "win32.downloader.gen" gefunden.
Avira und TDSSKiller hatten nichts gefunden.

Würde mich freuen wenn mir jemand hilft, das wieder loszuwerden!

Scan mit FRST ergab Folgendes:

Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 29-01-2017
durchgeführt von horton (Administrator) auf HORTON-PC (02-02-2017 12:42:35)
Gestartet von C:\Users\horton\Desktop
Geladene Profile: horton (Verfügbare Profile: horton & Ameise & der Erfinder)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 8 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Adobe Systems Incorporated) C:\Creative Suite CS2\Adobe Creative Suite 2.0\Adobe Version Cue CS2\bin\VersionCueCS2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Digital Wave Ltd.) C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
() C:\Windows\System32\atwtusb.exe
() C:\Creative Suite CS2\Adobe Creative Suite 2.0\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
() C:\Windows\System32\atwtusb.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Windows\System32\WTMKM.exe
(Safer Networking Limited) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
() C:\Users\horton\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(JME) C:\Program Files (x86)\jmesoft\hotkey.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Brightness System\Lenovo Dynamic Brightness System.exe
(CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
() C:\Program Files (x86)\Lenovo\Lenovo EBook&QuickNotes\TMCMonitor.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
() C:\Windows\USB Vibration\7906\USB Gamepad.exe
(Adobe Sytems Incorporated) C:\Creative Suite CS2\Adobe Creative Suite 2.0\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Chip Digital GmbH) C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

==================== Registry (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11057768 2010-07-06] (Realtek Semiconductor)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [MacroKeyManager] => C:\Windows\system32\WTMKM.exe [6446312 2010-06-14] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-03-02] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [jmekey] => C:\Program Files (x86)\jmesoft\hotkey.exe [225280 2009-08-25] (JME)
HKLM-x32\...\Run: [YouCam Mirror Tray icon] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [171104 2010-03-16] (CyberLink Corp.)
HKLM-x32\...\Run: [Lenovo Eye Distance System] => C:\Program Files\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exe [264704 2010-07-08] (Lenovo)
HKLM-x32\...\Run: [Lenovo Dynamic Brightness System] => C:\Program Files\Lenovo\Lenovo Brightness System\Lenovo Dynamic Brightness System.exe [281088 2010-07-16] (Lenovo)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-04] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [TMCMonitor] => C:\Program Files (x86)\Lenovo\Lenovo EBook&QuickNotes\TMCMonitor.exe [53248 2009-11-09] ()
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [917576 2016-12-15] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [61896 2016-12-29] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [USB Gamepad] => C:\Windows\USB Vibration\7906\USB Gamepad.exe [796784 2008-12-10] ()
HKLM-x32\...\Run: [Adobe Version Cue CS2] => c:\Creative Suite CS2\Adobe Creative Suite 2.0\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe [856064 2005-04-06] (Adobe Sytems Incorporated)
HKU\S-1-5-21-3064065677-2226785740-1792966077-1000\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2144088 2009-01-26] (Safer Networking Limited)
HKU\S-1-5-21-3064065677-2226785740-1792966077-1000\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\horton\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKU\S-1-5-21-3064065677-2226785740-1792966077-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_22_0_0_192_Plugin.exe -update plugin
HKU\S-1-5-21-3064065677-2226785740-1792966077-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3064065677-2226785740-1792966077-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3064065677-2226785740-1792966077-1000\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-3064065677-2226785740-1792966077-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [WLStart] => C:\Program Files (x86)\Windows Live\Installer\wlstart.exe [786760 2009-07-26] (Microsoft Corporation)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-11-01] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-11-01] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-11-01] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2016-05-16]
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2010-09-20]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
GroupPolicy\User: Beschränkung <======= ACHTUNG

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{A6F2330F-3790-4172-B4B7-CE7317B8C6F6}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{DCDE01C2-B4BA-4B7A-BBDC-8B4FD2A8AAE7}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-3064065677-2226785740-1792966077-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com
HKU\S-1-5-21-3064065677-2226785740-1792966077-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
URLSearchHook: HKLM-x32 - DVDVideoSoftTB DE Toolbar - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2625848
SearchScopes: HKLM-x32 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2625848
SearchScopes: HKU\S-1-5-21-3064065677-2226785740-1792966077-1000 -> DefaultScope {271EF175-8711-4D5F-A69D-5130D0D13442} URL = hxxp://search.zonealarm.com/search?src=sp&tbid=HFA5&Lan=DE&q={searchTerms}&gu=5461d95f1c7a4557892446976248e913&tu=11Jiy00Ez1D13P0&sku=&tstsId=&ver=&&r=323
SearchScopes: HKU\S-1-5-21-3064065677-2226785740-1792966077-1000 -> {271EF175-8711-4D5F-A69D-5130D0D13442} URL = hxxp://search.zonealarm.com/search?src=sp&tbid=HFA5&Lan=DE&q={searchTerms}&gu=5461d95f1c7a4557892446976248e913&tu=11Jiy00Ez1D13P0&sku=&tstsId=&ver=&&r=323
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-09-08] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2016-11-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-01] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-09-08] (Oracle Corporation)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll [2014-04-22] (DVDVideoSoft Ltd.)
BHO-x32: DVDVideoSoftTB DE Toolbar -> {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} -> C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll [2011-05-09] (Conduit Ltd.)
BHO-x32: Zonealarm Helper Object -> {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} -> C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.29.17\bh\zonealarm.dll => Keine Datei
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO-x32: Kein Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> Keine Datei
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2012-10-31] (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-11-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-11-01] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2012-10-31] (Oracle Corporation)
BHO-x32: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [2009-02-06] (Microsoft Corporation)
BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll [2014-04-30] (DVDVideoSoft Ltd.)
Toolbar: HKLM-x32 - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [2009-02-06] (Microsoft Corporation)
Toolbar: HKLM-x32 - DVDVideoSoftTB DE Toolbar - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll [2011-05-09] (Conduit Ltd.)
Toolbar: HKLM-x32 - ZoneAlarm Security Toolbar - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.29.17\zonealarmTlbr.dll Keine Datei
Toolbar: HKU\S-1-5-21-3064065677-2226785740-1792966077-1000 -> Kein Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  Keine Datei
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-20] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2011-04-22] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2011-04-22] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2011-04-22] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2011-04-22] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: fzwgi5ur.default
FF ProfilePath: C:\Users\horton\AppData\Roaming\Mozilla\Firefox\Profiles\fzwgi5ur.default [2017-02-02]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\fzwgi5ur.default -> DuckDuckGo
FF Extension: (YouTube mp3) - C:\Users\horton\AppData\Roaming\Mozilla\Firefox\Profiles\fzwgi5ur.default\Extensions\info@youtube-mp3.org.xpi [2016-04-27]
FF Extension: (Save as PDF) - C:\Users\horton\AppData\Roaming\Mozilla\Firefox\Profiles\fzwgi5ur.default\Extensions\save-as-pdf-ff@pdfcrowd.com.xpi [2016-04-28]
FF Extension: (UnMHT) - C:\Users\horton\AppData\Roaming\Mozilla\Firefox\Profiles\fzwgi5ur.default\Extensions\{f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}.xpi [2016-11-28]
FF Extension: (Diagnostics) - C:\Users\horton\AppData\Roaming\Mozilla\Firefox\Profiles\fzwgi5ur.default\features\{f11a5f6e-61bd-4e13-8a98-44f23f361f4e}\diagnostics@mozilla.org.xpi [2017-02-02]
FF Extension: (Send HSTS Priming Requests) - C:\Users\horton\AppData\Roaming\Mozilla\Firefox\Profiles\fzwgi5ur.default\features\{f11a5f6e-61bd-4e13-8a98-44f23f361f4e}\hsts-priming@mozilla.org.xpi [2017-02-02]
FF HKU\S-1-5-21-3064065677-2226785740-1792966077-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: (Download videos and MP3s from YouTube) - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-07-18] [ist nicht signiert]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-23] ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-09-08] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-09-08] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-23] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2012-10-31] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2012-10-31] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-12] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2016-01-21] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @playstation.com/PsndlCheck,version=1.00 -> C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll [2011-08-03] (Sony Computer Entertainment Inc.)
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 -> C:\Program Files (x86)\Sony\Media Go\npmediago.dll [2012-08-02] (Sony Network Entertainment International LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-21] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-21] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-12-09] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-12-09] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3064065677-2226785740-1792966077-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\horton\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-04-23] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3064065677-2226785740-1792966077-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\horton\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll [2013-05-22] (Amazon.com, Inc.)

Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3322288&octid=EB_ORIGINAL_CTID&ISID=MCF6129E0-50C5-47DB-9195-25BD87B7A4AE&SearchSource=55&CUI=&UM=6&UP=SP484366AB-7A74-4877-98A7-BE92B29E4CCA&SSPV=
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3322288&octid=EB_ORIGINAL_CTID&ISID=MCF6129E0-50C5-47DB-9195-25BD87B7A4AE&SearchSource=55&CUI=&UM=6&UP=SP484366AB-7A74-4877-98A7-BE92B29E4CCA&SSPV="
CHR DefaultSearchURL: Default -> hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3322288&octid=EB_ORIGINAL_CTID&ISID=MCF6129E0-50C5-47DB-9195-25BD87B7A4AE&SearchSource=58&CUI=&UM=6&UP=SP484366AB-7A74-4877-98A7-BE92B29E4CCA&q={searchTerms}&SSPV=
CHR DefaultSearchKeyword: Default -> trovi.search
CHR DefaultSuggestURL: Default -> hxxp://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\gcswf32.dll => Keine Datei
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll => Keine Datei
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\ppGoogleNaClPluginChrome.dll => Keine Datei
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\pdf.dll => Keine Datei
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => Keine Datei
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll => Keine Datei
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll => Keine Datei
CHR Profile: C:\Users\horton\AppData\Local\Google\Chrome\User Data\Default [2017-02-02]
CHR Extension: (YouTube) - C:\Users\horton\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-02]
CHR Extension: (Google-Suche) - C:\Users\horton\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-02]
CHR Extension: (Avira Browserschutz) - C:\Users\horton\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-04-27]
CHR Extension: (Amazon-Icon) - C:\Users\horton\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkcedibhemacmilmkpndpkoidlnmgngg [2014-03-13]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\horton\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-29]
CHR Extension: (Google Mail) - C:\Users\horton\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR HKU\S-1-5-21-3064065677-2226785740-1792966077-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2014-07-18]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mkcedibhemacmilmkpndpkoidlnmgngg] - C:\Users\horton\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx [2014-01-15]

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2016-05-16] (Adobe Systems) [Datei ist nicht signiert]
R2 Adobe Version Cue CS2; c:\Creative Suite CS2\Adobe Creative Suite 2.0\Adobe Version Cue CS2\bin\VersionCueCS2.exe [163840 2005-04-06] (Adobe Systems Incorporated) [Datei ist nicht signiert]
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [1089592 2016-12-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [476736 2016-12-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [476736 2016-12-15] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [372272 2016-12-29] (Avira Operations GmbH & Co. KG)
S3 becldr3Service; C:\Program Files (x86)\BCL Technologies\easyConverter SDK 3\Common\becldr.exe [176128 2011-04-19] () [Datei ist nicht signiert]
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [915232 2010-07-15] (Broadcom Corporation.)
R2 chip1click; C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe [91136 2016-10-27] (Chip Digital GmbH) [Datei ist nicht signiert]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3042032 2016-12-13] (Microsoft Corporation)
R2 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [391656 2016-07-22] (Digital Wave Ltd.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [Datei ist nicht signiert]
S2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 WTService; C:\Windows\System32\atwtusb.exe [907496 2010-06-14] () [Datei ist nicht signiert]
S4 AntiVirWebService; "C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE" [X]
S2 ZAPrivacyService; "C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe" [X]

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S0 AFS; C:\Windows\SysWow64\Drivers\AFS.sys [77004 2016-08-31] (Oak Technology Inc.) [Datei ist nicht signiert]
R3 ATIAVPCI; C:\Windows\System32\DRIVERS\atinavrr.sys [1557760 2010-03-26] (ATI Technologies Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [176464 2016-12-15] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [148032 2016-12-15] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-02] (Avira Operations GmbH & Co. KG)
S2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [79696 2016-06-02] (Avira Operations GmbH & Co. KG)
S3 h647906; C:\Windows\System32\drivers\h647906.sys [62576 2008-12-01] (Your Corporation)
S3 hid7906; C:\Windows\SysWOW64\drivers\hid7906.sys [41096 2008-12-01] (Your Corporation)
R0 johci; C:\Windows\System32\DRIVERS\johci.sys [23152 2010-01-15] (JMicron )
R3 moufiltr; C:\Windows\System32\DRIVERS\moufiltr.sys [7680 2009-03-08] (Windows (R) Codename Longhorn DDK provider)
R3 NW1950; C:\Windows\System32\DRIVERS\NW1950.sys [26176 2010-08-06] ()
R3 vhidmini; C:\Windows\System32\DRIVERS\walvhid.sys [7552 2009-08-26] (Windows (R) Win 7 DDK provider)
R3 VMC412; C:\Windows\System32\Drivers\VMC412.sys [237568 2010-07-17] (Vimicro Corporation)
R0 WinI2C-DDC; C:\Windows\System32\drivers\DDCDrv.sys [20832 2008-04-08] (Nicomsoft Ltd.)
R0 WinI2C-DDC; C:\Windows\SysWOW64\drivers\DDCDrv.sys [15712 2010-03-22] (Nicomsoft Ltd.)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-02-02 12:42 - 2017-02-02 12:43 - 00030068 _____ C:\Users\horton\Desktop\FRST.txt
2017-02-02 12:42 - 2017-02-02 12:42 - 00000000 ____D C:\FRST
2017-02-02 12:22 - 2017-02-02 12:33 - 02420736 _____ (Farbar) C:\Users\horton\Desktop\FRST64.exe
2017-02-02 12:00 - 2017-02-02 12:08 - 00414016 _____ C:\TDSSKiller.3.1.0.12_02.02.2017_12.00.46_log.txt
2017-02-02 11:55 - 2017-02-02 11:57 - 00414150 _____ C:\TDSSKiller.3.1.0.12_02.02.2017_11.55.10_log.txt
2017-02-02 11:54 - 2017-02-02 11:54 - 00000000 ____D C:\Program Files (x86)\Chip Digital GmbH
2017-02-02 11:18 - 2017-02-02 11:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-02-02 08:47 - 2017-02-02 08:47 - 00000000 ____D C:\Program Files (x86)\TeaTimer (Spybot - Search & Destroy)
2017-02-02 08:47 - 2017-02-02 08:47 - 00000000 ____D C:\Program Files (x86)\File Scanner Library (Spybot - Search & Destroy)
2017-02-02 07:24 - 2017-02-02 07:24 - 00010473 _____ C:\Users\horton\Desktop\TJP e.V.*-*Bundesfreiwilligendienst.htm
2017-02-02 07:24 - 2017-02-02 07:24 - 00000000 ____D C:\Users\horton\Desktop\TJP e.V.*-*Bundesfreiwilligendienst-Dateien
2017-01-31 10:24 - 2017-01-31 10:24 - 00000000 ____D C:\Windows\pss
2017-01-26 14:31 - 2017-02-01 17:36 - 00000000 ____D C:\Users\horton\Desktop\umgang

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-02-02 12:39 - 2012-10-04 19:32 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-02-02 12:14 - 2016-12-03 11:42 - 00000000 ____D C:\Users\horton\AppData\LocalLow\Mozilla
2017-02-02 11:54 - 2012-11-20 21:55 - 00000000 ____D C:\Users\horton\AppData\Local\Downloaded Installations
2017-02-02 11:38 - 2009-07-14 05:45 - 00010096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-02-02 11:38 - 2009-07-14 05:45 - 00010096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-02-02 11:28 - 2009-07-14 03:34 - 00000742 _____ C:\Windows\win.ini
2017-02-02 11:27 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-02 11:20 - 2013-10-17 13:42 - 00007638 _____ C:\Users\horton\AppData\Local\Resmon.ResmonCfg
2017-02-02 11:18 - 2014-08-17 21:45 - 00000000 ____D C:\ProgramData\Package Cache
2017-02-02 10:59 - 2012-11-14 14:55 - 00000000 ____D C:\Program Files (x86)\Conduit
2017-02-02 08:39 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Public\Libraries
2017-02-02 08:04 - 2013-12-18 20:34 - 00000000 ____D C:\ProgramData\SecTaskMan
2017-02-01 14:13 - 2013-05-06 14:07 - 00000000 ____D C:\Users\horton\Desktop\WORK2DO
2017-02-01 14:11 - 2015-01-30 20:08 - 00000000 ____D C:\Users\horton\Desktop\Desktop aufräumen!
2017-02-01 10:57 - 2016-11-30 23:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-02-01 10:57 - 2016-01-21 10:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-01-31 10:13 - 2016-05-04 13:14 - 00000000 ____D C:\Users\horton\Desktop\SoSe2016
2017-01-31 10:11 - 2016-05-04 09:08 - 00000000 ____D C:\Users\horton\Desktop\Beppo
2017-01-31 10:07 - 2014-07-15 18:50 - 00000000 ____D C:\Users\horton\Desktop\uni
2017-01-31 09:28 - 2012-02-23 11:59 - 00000000 ____D C:\Users\horton\AppData\Roaming\vlc
2017-01-25 17:32 - 2016-11-18 16:02 - 00000000 ____D C:\Users\Ameise\AppData\LocalLow\Mozilla
2017-01-23 16:14 - 2015-11-29 18:58 - 00004090 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1448819900
2017-01-23 15:39 - 2012-10-04 19:32 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-01-23 15:39 - 2012-06-08 10:22 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-01-23 15:39 - 2012-03-18 04:26 - 00000000 ____D C:\Windows\system32\Macromed
2017-01-23 15:39 - 2011-06-30 13:45 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-01-23 15:39 - 2010-09-20 13:39 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-01-23 15:05 - 2016-03-10 20:21 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-23 15:04 - 2016-01-21 09:58 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-01-18 16:33 - 2016-01-21 11:08 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-01-18 16:31 - 2016-01-21 11:05 - 00000000 ____D C:\Program Files\Microsoft Office 15

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2013-05-22 12:03 - 2013-05-22 12:03 - 0000050 _____ () C:\Users\horton\AppData\Roaming\AcroIEHelpe.txt
2013-05-22 11:27 - 2013-05-22 11:27 - 0552126 _____ () C:\Users\horton\AppData\Roaming\dict.txt
2013-05-22 11:27 - 2013-05-22 11:27 - 0001466 _____ () C:\Users\horton\AppData\Roaming\jserv.txt
2013-05-22 11:58 - 2013-05-22 11:58 - 0000505 _____ () C:\Users\horton\AppData\Roaming\rost.dat
2013-05-22 11:27 - 2013-05-22 11:27 - 0000260 _____ () C:\Users\horton\AppData\Roaming\srvblck5.tmp
2016-05-12 07:12 - 2016-05-12 07:12 - 0002112 _____ () C:\Users\horton\AppData\Local\recently-used.xbel
2013-10-17 13:42 - 2017-02-02 11:20 - 0007638 _____ () C:\Users\horton\AppData\Local\Resmon.ResmonCfg
2011-11-10 10:40 - 2012-03-06 11:07 - 0000125 ___SH () C:\ProgramData\.zreglib
2010-09-20 13:39 - 2010-09-20 13:39 - 1914000 _____ (Adobe Systems Incorporated) C:\ProgramData\flashax10.exe
2016-07-21 18:00 - 2016-08-03 12:31 - 0000848 ___SH () C:\ProgramData\KGyGaAvL.sys

Dateien, die verschoben oder gelöscht werden sollten:
====================
C:\ProgramData\flashax10.exe


Einige Dateien in TEMP:
====================
2015-05-30 09:31 - 2015-05-30 09:31 - 0000000 ____D () C:\Users\Ameise\AppData\Local\Temp\avgnt.exe
2016-09-13 14:12 - 2016-09-13 14:12 - 0000000 ____D () C:\Users\der Erfinder\AppData\Local\Temp\avgnt.exe
2016-08-10 15:20 - 2016-07-04 01:08 - 0049544 _____ (HP Inc.) C:\Users\horton\AppData\Local\Temp\ACLMInstaller.exe
2013-12-02 12:11 - 2014-08-17 21:45 - 0000000 ____D () C:\Users\horton\AppData\Local\Temp\avgnt.exe
2016-07-21 17:29 - 2016-07-21 17:35 - 0008480 _____ (Corel Corporation) C:\Users\horton\AppData\Local\Temp\DRPCUNLR.dll
2012-09-20 02:15 - 2012-09-20 02:15 - 50352408 _____ (Microsoft Corporation) C:\Users\horton\AppData\Local\Temp\NetFramework45.exe
2016-07-10 07:14 - 2016-07-10 07:14 - 7424678 _____ () C:\Users\horton\AppData\Local\Temp\tmpA44A.tmp.exe

==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2016-11-20 01:49

==================== Ende von FRST.txt ============================
         
Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 29-01-2017
durchgeführt von horton (02-02-2017 12:43:49)
Gestartet von C:\Users\horton\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2011-06-18 20:21:03)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-3064065677-2226785740-1792966077-500 - Administrator - Disabled)
Ameise (S-1-5-21-3064065677-2226785740-1792966077-1001 - Limited - Enabled) => C:\Users\Ameise
der Erfinder (S-1-5-21-3064065677-2226785740-1792966077-1002 - Limited - Enabled) => C:\Users\der Erfinder
Gast (S-1-5-21-3064065677-2226785740-1792966077-501 - Limited - Disabled)
horton (S-1-5-21-3064065677-2226785740-1792966077-1000 - Administrator - Enabled) => C:\Users\horton

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: AntiVir Desktop (Enabled - Up to date) {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AntiVir Desktop (Enabled - Up to date) {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

1x1-Trainer 4  (HKLM-x32\...\1x1-Trainer) (Version: 4 - Hans-Jürgen Stoffels, Köln.)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.023.20056 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2710 - Adobe Systems Incorporated)
Adobe Creative Suite 2 (HKLM-x32\...\{0134A1A1-C283-4A47-91A1-92F19F960372}) (Version:  - )
Adobe Flash Player 24 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version:  3.0 - Adobe Systems, Inc.)
Amazon Kindle (HKU\S-1-5-21-3064065677-2226785740-1792966077-1000\...\Amazon Kindle) (Version:  - Amazon)
Amazon MP3-Downloader 1.0.18 (HKU\S-1-5-21-3064065677-2226785740-1792966077-1000\...\Amazon MP3-Downloader) (Version: 1.0.18 - Amazon Services LLC)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
ArcSoft PhotoStudio Paint (HKLM-x32\...\{EC252D0D-C690-4CE7-BA07-23F4E00505BE}) (Version: 1.0.1.25 - ArcSoft)
ATI Catalyst Install Manager (HKLM\...\{D6D18877-4A64-CE9E-1980-C1F414AC7F27}) (Version: 3.0.765.0 - ATI Technologies, Inc.)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.24.146 - Avira Operations GmbH & Co. KG)
Avira Connect (HKLM-x32\...\{845380e2-f0b5-4584-bc40-cc54345b3c06}) (Version: 1.2.77.41287 - Avira Operations GmbH & Co. KG)
Avira Connect (x32 Version: 1.2.77.41287 - Avira Operations GmbH & Co. KG) Hidden
BCL easyConverter 3.0 Licensing Module (BCL License) (x32 Version: 3.0.18 - BCL Technologies) Hidden
BCL easyConverter 3.0 Loader SDK Module (x32 Version: 3.0.18 - BCL Technologies) Hidden
BCL easyConverter 3.0 Module (Loader, BCL License) (x32 Version: 3.0.18 - BCL Technologies) Hidden
BCL easyConverter 3.0 Module (RTF, BCL License) (x32 Version: 3.0.18 - BCL Technologies) Hidden
BCL easyConverter 3.0 RTF SDK Module (x32 Version: 3.0.18 - BCL Technologies) Hidden
BCL easyConverter 3.0 SDK Module (x32 Version: 3.0.18 - BCL Technologies) Hidden
Bluetooth Notice (HKLM-x32\...\{4CC5AE2D-492D-4A21-9E99-1F46A7D4158B}) (Version: 2.0.00.07050 - Lenovo)
Botanicula (HKLM-x32\...\Botanicula) (Version: 1.0 - Amanita Design, s.r.o.)
ccc-core-static (x32 Version: 2010.0302.2233.40412 - Ihr Firmenname) Hidden
chip 1-click download service (HKLM-x32\...\{503CA94E-0834-4CEE-AD92-BA17AF4E809A}) (Version: 3.6.9.0 - Chip Digital GmbH)
Corel PDF Fusion - Creator (Version: 4.0.0 - Corel Corporation) Hidden
Corel PDF Fusion - ICA (x32 Version: 1.12 - Corel Corporation) Hidden
Corel PDF Fusion - Program (x32 Version: 1.14.0000 - Corel Corporation) Hidden
Corel PDF Fusion - Setup (x32 Version: 1.12 - Corel Corporation) Hidden
Corel PDF Fusion (HKLM-x32\...\_{5D62567F-38BA-4713-B87E-CF06C465E33B}) (Version: 1.14 - Corel Corporation)
Corel Shell Extension - 64Bit (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Content (x32 Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Draw (x32 Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Extra Content (HKLM-x32\...\_{806422F8-8E0A-494A-A369-0F34F1B89160}) (Version:  - Corel Corporation)
CorelDRAW Essentials 4 - Extra Content (x32 Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Filters (x32 Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - ICA (x32 Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - IPM - No VBA (x32 Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang BR (x32 Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang DE (x32 Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang EN (x32 Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang ES (x32 Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang FR (x32 Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang IT (x32 Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang NL (x32 Version: 4.0 - Uw bedrijfsnaam) Hidden
CorelDRAW Essentials 4 - PHOTO-PAINT (x32 Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Windows Shell Extension (HKLM-x32\...\_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}) (Version:  - Corel Corporation)
CorelDRAW Essentials 4 - Windows Shell Extension (x32 Version: 1.1 - Corel Corporation) Hidden
CorelDRAW Essentials 4 (HKLM-x32\...\_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}) (Version:  - Corel Corporation)
CorelDRAW Essentials 4 (x32 Version: 4.0 - Corel Corporation) Hidden
Curling (HKLM-x32\...\{369AAC15-34EF-4A1E-9090-29BEE38956F4}) (Version: 1.16.063010 - NTTC)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2716 - CyberLink Corp.)
Dialang V1 Beta (HKLM-x32\...\{97DF4674-AB43-11D5-91C9-005004F84FA1}) (Version:  - )
DriverInstall (x32 Version: 1.00.0000 - Genaitech) Hidden
DVD Decrypter (Remove Only) (HKLM-x32\...\DVD Decrypter) (Version:  - )
DVDVideoSoftTB DE Toolbar (HKLM-x32\...\DVDVideoSoftTB_DE Toolbar) (Version: 6.9.0.16 - DVDVideoSoftTB DE)
EGR-ShellExtension (HKLM-x32\...\EGR-ShellExtension) (Version: 1.1.0.100 - EasternGraphics)
Firework (HKLM-x32\...\{736DB9B0-D2BA-41DC-AACD-384A599B7D24}) (Version: 1.14.063010 - NTTC)
Free Notes & Office Ink (HKLM-x32\...\{556F2137-B772-43BB-9A45-E0275234DD16}) (Version:   -  )
Funny Cube (HKLM-x32\...\{791708C1-0D84-4D05-88DC-A29EE9808270}) (Version: 1.17.063010 - NTTC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Earth (HKLM-x32\...\{A0C18B96-AB79-46BD-8321-6FA83E6D25B9}) (Version: 7.1.7.2606 - Google)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Happy Hit (HKLM-x32\...\{A8BE86A1-7E0E-4814-80E5-6F4073B744F7}) (Version: 1.33.063010 - NTTC)
HP Foto und Bildbearbeitung 1.0 - HP PSC - HP OfficeJet (HKLM-x32\...\PSC 2000 Series) (Version:  - )
Idea Touch 3.0 (HKLM-x32\...\{70D6A420-AAC3-4213-9EF7-CDD6C16CCF2D}) (Version: 3.00.010.0816 - Lenovo)
InterVideo WinDVD 8 (HKLM-x32\...\InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}) (Version: 8.0.20.197 - InterVideo Inc.)
InterVideo WinDVD 8 (x32 Version: 8.0.20.197 - InterVideo Inc.) Hidden
Janosch Tigerschule (HKLM-x32\...\{DB7DEBC2-8031-4186-A5C2-DAD6C823853C}) (Version: 1.00.0000 - Terzio Verlag)
Janoschs neue Tigerschule (HKLM-x32\...\Janoschs neue Tigerschule) (Version:  - )
Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
Java 7 Update 9 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217009FF}) (Version: 7.0.90 - Oracle)
Java(TM) 6 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)
JMicron 1394 Filter Driver (HKLM-x32\...\{13C96625-28E4-4c58-ADE0-CDAFC64752EB}) (Version: 1.00.09.00 - JMicron Technology Corp.)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.44.1 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
LEGO Digital Designer (HKLM-x32\...\New LEGO Digital Designer) (Version:  - LEGO A/S)
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.2600 - Broadcom Corporation)
Lenovo Dynamic Brightness System (HKLM-x32\...\{D9ED6D06-6002-495E-A7BC-46E6AE386996}) (Version: 4.0.00.19161 - Lenovo)
Lenovo EBook&QuickNotes (HKLM-x32\...\InstallShield_{63EA246F-3C4F-4809-B0DE-3738F99B34DD}) (Version: 1.0.3.9 - ArcSoft)
Lenovo EBook&QuickNotes (x32 Version: 1.0.3.9 - ArcSoft) Hidden
Lenovo Eye Distance System (HKLM-x32\...\{5183D7AB-D09B-411F-A74E-BBAEA61C6505}) (Version: 4.0.00.19080 - Lenovo)
Lenovo Fun Zone (HKLM-x32\...\motiongame) (Version: 0.7.8.51 - Tose(Shanghai) Ltd.)
Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3720 - CyberLink Corp.)
Lenovo Power2Go (x32 Version: 6.0.3720 - CyberLink Corp.) Hidden
Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 3.0.1409 - CyberLink Corp.)
Lenovo Rescue System (Version: 3.0.1409 - CyberLink Corp.) Hidden
Lenovo Treiber- und Anwendungsinstallation (HKLM-x32\...\{45970CD1-D599-47D4-938F-3E9800D54ED1}) (Version: 5.10.1809 - Lenovo)
Lenovo USB2.0 UVC Camera (HKLM-x32\...\{70D2C5B8-EB22-45B1-9EAA-5E8C1C408A3B}) (Version: 1.00.0000 - Vimicro Corporation)
Lenovo VeriTouch 2.0 (HKLM-x32\...\InstallShield_{6A7F7465-284F-4299-8663-CDB496CEFA7D}) (Version: 2.0.1.9 - ArcSoft)
Lenovo VeriTouch2.0 (x32 Version: 2.0.1.9 - ArcSoft) Hidden
Lenovo_Wireless_Driver (HKLM-x32\...\{28ABE740-47F3-441B-9437-852F6A64EFF8}) (Version: 1.02.01 - Lenovo)
LenovoModifyWindowStyle (HKLM-x32\...\{EBC41B09-E56D-421C-B3D0-84AC1103541B}) (Version: 1.00.0408 - Lenovo)
LIMBO (HKU\S-1-5-21-3064065677-2226785740-1792966077-1000\...\Limbo) (Version:  - )
Link Up (HKLM-x32\...\{3DEDB107-2FCB-4544-844D-EC2878A9F22C}) (Version: 1.17.063010 - NTTC)
LVT (HKLM-x32\...\{D3063097-EC84-4D21-84A4-9D852E974355}) (Version: 4.1.2.0423 - Lenovo)
LXH-JME8002B Hotkey Driver (HKLM-x32\...\{29EA755D-404B-4310-872C-EB1B8513F9D6}) (Version: 5.0.0825 - Lenovo)
Machinarium (HKLM-x32\...\Machinarium) (Version:  - Daedalic Entertainment)
MacroKey Manager (HKLM-x32\...\InstallShield_{66A4349A-AA55-43E5-A781-62867A701A90}) (Version:  - )
MacroKey Manager (Version: 1.00.0000 - Ihr Firmenname) Hidden
Mat5070Win7x64Drv (HKLM-x32\...\InstallShield_{884D18CB-F012-4F9D-9498-25D1E004DB87}) (Version: 6.14.10.396 - Geniatech)
Mat5070Win7x64Drv (x32 Version: 6.14.10.396 - Geniatech) Hidden
Media Go (HKLM-x32\...\{7A6C3344-5CF9-4B83-959C-6576C5B27D09}) (Version: 2.3.255 - Sony)
Media Go Video Playback Engine 1.96.115.08260 (HKLM-x32\...\{065DBB54-6E55-A609-2E1E-F0617E827D53}) (Version: 1.96.115.08260 - Sony)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office 365 ProPlus - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 15.0.4893.1002 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Proofing Tools 2013 - Español (HKLM\...\{90150000-001F-0C0A-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Research AutoCollage Touch 2009 (HKLM-x32\...\{1F8DA253-3C27-4B01-A63A-BA3533120833}) (Version: 2.00.2009 - Microsoft Research)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 51.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 de)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
MuseScore 1.2 MuseScore score typesetter (HKLM-x32\...\MuseScore) (Version: 1.2.0 - Werner Schweer and Others)
Music Star (HKLM-x32\...\{E4FB9C8E-E965-4885-A4F8-8D2991AD4A36}) (Version: 1.35.063010 - NTTC)
Music Star (x32 Version: 1.35.063010 - NTTC) Hidden
NextWindow Drivers (HKLM\...\{0D765C2F-D317-4C25-9582-F669974FADA4}) (Version: 1.4.144 - NextWindow)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4893.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4893.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4893.1002 - Microsoft Corporation) Hidden
OpenOffice 4.1.2 (HKLM-x32\...\{F5CAB1AF-7B1A-4CEC-B829-A3F699473AE1}) (Version: 4.12.9782 - Apache Software Foundation)
Opera 12.17 (HKLM-x32\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
Opera Stable 37.0.2178.32 (HKLM-x32\...\Opera 37.0.2178.32) (Version: 37.0.2178.32 - Opera Software)
pCon.planner 6.7 (HKLM-x32\...\pCon.planner 6.7) (Version: 6.7.0.102 - EasternGraphics)
pCon.planner 6.7 (x32 Version: 6.7.0.102 - EasternGraphics) Hidden
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5875) (Version:  - )
PlayStation(R)Network Downloader (HKLM-x32\...\{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}) (Version: 2.07.00849 - Sony Computer Entertainment Inc.)
PlayStation(R)Store (HKLM-x32\...\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}) (Version: 4.12.6.14870 - Sony Computer Entertainment Inc.)
PowerCinema (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 7.0.4308 - CyberLink Corp.)
PowerCinema (x32 Version: 7.0.4308 - CyberLink Corp.) Hidden
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Readiris 7.5 (HKLM-x32\...\{9BFFB382-0B2C-11D6-AB3E-000102B0F79A}) (Version:  - )
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.18.322.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6151 - Realtek Semiconductor Corp.)
Scrabble3D (HKLM-x32\...\{FF7B2746-9028-4784-B4E7-CC8CA67CF98D}) (Version: 3.1.4 - Heiko Tietze)
Security Task Manager 1.8g (HKLM-x32\...\Security Task Manager) (Version: 1.8g - Neuber Software)
Suite Specific (x32 Version: 2.0.0 - Adobe Systems, Incorporated) Hidden
ThemeWallpaper (HKLM-x32\...\{F29CBF73-C211-4616-898A-379A2679F990}) (Version: 1.2.0.100706 - Lenovo)
Tiny and Big - Grandpa's Leftovers (remove only) (HKLM-x32\...\Tiny and Big - Grandpas Leftovers) (Version:  - )
tipptapp (HKLM-x32\...\tipptapp) (Version: 1.1 - UNKNOWN)
tipptapp (x32 Version: 1.1 - UNKNOWN) Hidden
Unity Web Player (HKU\S-1-5-21-3064065677-2226785740-1792966077-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
USB Network Joystick (HKLM-x32\...\{2A558A06-A44E-400D-95AD-D9FAA89AFD36}) (Version: V3.70a - )
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
Windows Driver Package - Broadcom (BTHUSB) Bluetooth  (04/08/2010 6.3.5.430) (HKLM\...\DE7217D2A8B057F15EC6E52329FDAB84231521E8) (Version: 04/08/2010 6.3.5.430 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Live Anmelde-Assistent (HKLM-x32\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinRAR 4.10 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.10.0 - win.rar GmbH)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {04C5F25C-AAFA-492D-81D3-F2A3C7F99DC7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2016-11-01] (Microsoft Corporation)
Task: {06FE0C75-095D-4538-9652-1459AD205388} - System32\Tasks\{68C54E11-A282-461B-95D6-06C9D1E2DA94} => pcalua.exe -a C:\Users\horton\Desktop\dialang.exe -d C:\Users\horton\Desktop
Task: {0B2FB6FB-5A3B-4553-91CA-5D4A0F147735} - System32\Tasks\{D6E62EA7-E2F5-4CA8-BF54-4E460763B5E2} => pcalua.exe -a D:\setup.exe -d D:\
Task: {184B24B0-6EEB-4954-99E5-36D978467C30} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-11-01] (Microsoft Corporation)
Task: {1CF293F8-1AEA-4197-946C-92687175403F} - System32\Tasks\{736C63F3-D2A7-419C-8F26-4F75DB5FA8EE} => pcalua.exe -a C:\Users\horton\Desktop\cs2\CS2_RetNon_Ger_3.exe -d C:\Users\horton\Desktop\cs2
Task: {3B09AC67-7BFE-49D7-AD47-3AD780BF497F} - System32\Tasks\Opera scheduled Autoupdate 1448819900 => C:\Users\Ameise\AppData\Local\Programs\Opera\launcher.exe [2017-01-16] (Opera Software)
Task: {3B289925-D629-4DFE-AE42-D9D95D4B4410} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {3EAB639C-2FC8-4064-98DD-4C85415019E2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-23] (Adobe Systems Incorporated)
Task: {448A37AB-EE09-4022-B1B2-E40C21C38283} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2016-11-01] (Microsoft Corporation)
Task: {54200FB5-0D44-4CAA-98C9-708949FA1F09} - System32\Tasks\Opera scheduled Autoupdate 1418639019 => C:\Program Files (x86)\Opera\launcher.exe [2016-04-28] (Opera Software)
Task: {65219F8A-790B-47DF-A54B-CEE1F484C54D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2016-11-01] (Microsoft Corporation)
Task: {661D22D4-FB9D-4D29-8177-BBA903971A83} - System32\Tasks\{9A441C31-2AC8-449A-98AD-3A8894ED1EB5} => pcalua.exe -a C:\Users\horton\Desktop\Beppo\cs2\CS_2.0_GR_Extras_1.exe -d C:\Users\horton\Desktop\Beppo\cs2
Task: {7BCEE2BE-4536-465C-9685-42B1C8CB5079} - System32\Tasks\{9F891BA6-C1FD-4436-8635-17892C96B09F} => pcalua.exe -a C:\Users\horton\Desktop\cs2\CS_2.0_GR_Extras_1.exe -d C:\Users\horton\Desktop\cs2
Task: {A6155A92-7CDC-49EE-BF19-BC640597705A} - System32\Tasks\{11BC33C9-6703-4868-A206-CC3820EC52EF} => pcalua.exe -a C:\Users\horton\Desktop\cs2\CS2_RetNon_Ger_2.exe -d C:\Users\horton\Desktop\cs2
Task: {AA7AF7A0-6DFC-429F-9B01-3F6FE6409F23} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-11-01] (Microsoft Corporation)
Task: {C85FD0DE-8A35-454D-A55E-9C4A0DF07642} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-13] (Google Inc.)
Task: {CE94750F-6DB9-4D3E-8104-F4408AB635C0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-13] (Google Inc.)
Task: {F7FB24F9-0C03-4DF3-9AD9-48BF1D996598} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2016-01-21 11:05 - 2016-05-24 08:51 - 00116416 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2010-06-14 13:27 - 2010-06-14 13:27 - 00907496 _____ () C:\Windows\System32\atwtusb.exe
2005-04-06 15:53 - 2005-04-06 15:53 - 03502080 _____ () c:\Creative Suite CS2\Adobe Creative Suite 2.0\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
2010-06-14 13:27 - 2010-06-14 13:27 - 00907496 _____ () C:\Windows\system32\atwtusb.exe
2010-07-15 14:37 - 2010-07-15 14:37 - 00173344 _____ () C:\Program Files\Lenovo\Bluetooth Software\btkeyind.dll
2012-02-09 14:01 - 2012-01-09 19:44 - 00193536 _____ () C:\Program Files\WinRAR\rarext.dll
2010-06-14 15:50 - 2010-06-14 15:50 - 06446312 _____ () C:\Windows\System32\WTMKM.exe
2013-05-22 19:50 - 2013-05-22 19:50 - 00400704 _____ () C:\Users\horton\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
2009-11-09 15:38 - 2009-11-09 15:38 - 00053248 _____ () C:\Program Files (x86)\Lenovo\Lenovo EBook&QuickNotes\TMCMonitor.exe
2015-12-25 01:18 - 2008-12-10 11:10 - 00796784 _____ () C:\Windows\USB Vibration\7906\USB Gamepad.exe
2010-04-23 14:29 - 2010-04-23 14:29 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-09-20 13:27 - 2010-09-20 13:27 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2005-04-06 15:52 - 2005-04-06 15:52 - 00028791 _____ () c:\Creative Suite CS2\Adobe Creative Suite 2.0\Adobe Version Cue CS2\jre\bin\hpi.dll
2005-04-06 15:53 - 2005-04-06 15:53 - 00057453 _____ () c:\Creative Suite CS2\Adobe Creative Suite 2.0\Adobe Version Cue CS2\jre\bin\verify.dll
2005-04-06 15:53 - 2005-04-06 15:53 - 00102515 _____ () c:\Creative Suite CS2\Adobe Creative Suite 2.0\Adobe Version Cue CS2\jre\bin\java.dll
2005-04-06 15:53 - 2005-04-06 15:53 - 00053364 _____ () c:\Creative Suite CS2\Adobe Creative Suite 2.0\Adobe Version Cue CS2\jre\bin\zip.dll
2005-04-06 15:53 - 2005-04-06 15:53 - 00057455 _____ () C:\Creative Suite CS2\Adobe Creative Suite 2.0\Adobe Version Cue CS2\jre\bin\net.dll
2005-04-06 15:53 - 2005-04-06 15:53 - 00032880 _____ () C:\Creative Suite CS2\Adobe Creative Suite 2.0\Adobe Version Cue CS2\jre\bin\nio.dll
2005-04-06 15:53 - 2005-04-06 15:53 - 00434255 _____ () c:\Creative Suite CS2\Adobe Creative Suite 2.0\Adobe Version Cue CS2\bin\ps-rw-vc-v8_58.dll
2005-04-06 15:53 - 2005-04-06 15:53 - 01019904 _____ () c:\Creative Suite CS2\Adobe Creative Suite 2.0\Adobe Version Cue CS2\bin\ps-vc-v8_58.dll
2014-07-18 11:12 - 2016-07-22 07:26 - 00114664 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\zlib1.dll
2016-08-08 15:12 - 2016-07-22 07:24 - 00108008 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_filesystem-vc120-mt-1_56.dll
2016-08-08 15:12 - 2016-07-22 07:24 - 00024040 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_system-vc120-mt-1_56.dll
2016-08-08 15:12 - 2016-07-22 07:24 - 00048104 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_date_time-vc120-mt-1_56.dll
2010-09-20 13:31 - 2009-08-21 07:35 - 00032768 _____ () C:\Program Files (x86)\jmesoft\Keyhook.dll
2010-09-20 13:31 - 2009-08-21 08:27 - 00028672 _____ () C:\Program Files (x86)\jmesoft\hidhook.dll
2010-09-20 13:38 - 2010-07-08 13:52 - 00210432 _____ () C:\Program Files\Lenovo\Lenovo Eye Distance System\KeyStoneAdapter.dll
2010-09-20 13:38 - 2010-07-08 13:52 - 00211456 _____ () C:\Program Files\Lenovo\Lenovo Eye Distance System\VideoPlayer.dll
2010-09-20 13:39 - 2010-07-16 14:55 - 00210432 _____ () C:\Program Files\Lenovo\Lenovo Brightness System\KeyStoneAdapter.dll
2010-09-20 13:39 - 2010-07-16 14:55 - 00182272 _____ () C:\Program Files\Lenovo\Lenovo Brightness System\DDCHelperWraper.dll
2009-12-04 15:59 - 2009-12-04 15:59 - 00619816 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll
2009-12-04 16:04 - 2009-12-04 16:04 - 00013096 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-3064065677-2226785740-1792966077-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\horton\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
mpsdrv => Firewall Dienst läuft nicht.
MpsSvc => Firewall Dienst läuft nicht.
bfe => Firewall Dienst läuft nicht.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^hp psc 2000 Series.lnk => C:\Windows\pss\hp psc 2000 Series.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^officejet 6100.lnk => C:\Windows\pss\officejet 6100.lnk.CommonStartup
MSCONFIG\startupreg: Adobe Version Cue CS2 => "c:\Creative Suite CS2\Adobe Creative Suite 2.0\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Share-to-Web Namespace Daemon => C:\Program Files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{A4FB27FC-023D-4129-B1DE-FDF2B09061D5}] => C:\Program Files (x86)\Lenovo\PowerCinema\PowerCinema.exe
FirewallRules: [{8A3B9C82-477B-497B-875D-47FB8BA0C12E}] => C:\Program Files (x86)\Lenovo\PowerCinema\PCMService.exe
FirewallRules: [{9C02D370-9C54-4245-8D97-C3EF1807BD7B}] => C:\Program Files (x86)\Lenovo\PowerCinema\Kernel\DMP\CLBrowserEngine.exe
FirewallRules: [{C31DDC86-21AB-47E0-888F-8DEF4FD5BE47}] => C:\Program Files (x86)\Lenovo\PowerCinema\Kernel\DMS\CLMSService.exe
FirewallRules: [{C8468554-4EA9-4C9F-8262-671D36E9E99F}] => C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{0516DDB6-8361-4C3B-91AD-478A20CF035E}] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{034FFB5D-CBD4-4AC3-AE1F-6F182A2C1083}] => svchost.exe
FirewallRules: [{6CA96BF6-9B90-44A9-AFD3-29CC3CB428E6}] => C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{BD3F27AF-F479-44D9-81F7-343CA3100C7D}] => C:\Program Files (x86)\Opera\opera.exe
FirewallRules: [{590DF1F9-59A1-408A-A742-150E8DE4BC62}] => C:\Program Files (x86)\Opera\opera.exe
FirewallRules: [TCP Query User{97B50266-2462-4C09-817D-46088F510B3D}C:\users\horton\appdata\local\temp\cprogram files (x86)opera\operaupgrader.exe] => C:\users\horton\appdata\local\temp\cprogram files (x86)opera\operaupgrader.exe
FirewallRules: [UDP Query User{4D447EA7-4625-409F-B49C-29DA7B9C90C7}C:\users\horton\appdata\local\temp\cprogram files (x86)opera\operaupgrader.exe] => C:\users\horton\appdata\local\temp\cprogram files (x86)opera\operaupgrader.exe

==================== Wiederherstellungspunkte =========================

20-11-2016 01:55:47 Geplanter Prüfpunkt
22-11-2016 14:10:20 Windows Update
02-02-2017 08:36:22 Removed BlueStacks Notification Center
02-02-2017 08:38:17 Removed BlueStacks Notification Center
Überprüfen Sie den "winmgmt" Dienst oder reparieren Sie den WMI.


==================== Fehlerhafte Geräte im Gerätemanager =============

Name: Realtek PCIe GBE Family Controller #2
Description: Realtek PCIe GBE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8167
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (02/02/2017 08:11:43 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (02/02/2017 08:00:01 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoID={5089AFC7-E689-4661-9467-5683F945F9F1}: Der Benutzer "horton-PC\horton" hat eine Verbindung mit dem Namen "Breitbandverbindung" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 0.

Error: (02/02/2017 07:07:26 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (02/01/2017 02:37:52 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (02/01/2017 10:59:25 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (01/30/2017 08:13:04 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (01/28/2017 11:50:58 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (01/26/2017 08:56:10 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (01/25/2017 04:24:45 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (01/24/2017 02:59:02 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)


Systemfehler:
=============
Error: (02/02/2017 11:54:34 AM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: Der Dienst "chip 1-click download service" hat einen ungültigen aktuellen Status gemeldet: 0

Error: (02/02/2017 11:54:34 AM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: Der Dienst "chip 1-click download service" hat einen ungültigen aktuellen Status gemeldet: 0

Error: (02/02/2017 11:30:27 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147023143 = In der Endpunktzuordnung sind keine weiteren Endpunkte verfügbar..

Error: (02/02/2017 11:30:24 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Dienst "WMPNetworkSvc" konnte nicht ordnungsgemäß gestartet werden, da ein Fehler "0x80004005" in "CoCreateInstance(CLSID_UPnPDeviceFinder)" aufgetreten ist. Überprüfen Sie, ob der Dienst "UPnPHost" ausgeführt wird und ob die Windows-Komponente "UPnPHost" richtig installiert ist.

Error: (02/02/2017 11:29:56 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Avira Email-Schutz" wurde mit folgendem dienstspezifischem Fehler beendet: Unzulässige Funktion.
.

Error: (02/02/2017 11:29:56 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "avnetflt" wurde aufgrund folgenden Fehlers nicht gestartet: 
In der Endpunktzuordnung sind keine weiteren Endpunkte verfügbar.

Error: (02/02/2017 11:29:56 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
AFS

Error: (02/02/2017 11:29:56 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Avira Email-Schutz" wurde nicht richtig gestartet.

Error: (02/02/2017 11:27:29 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ZoneAlarm Privacy Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
Das System kann die angegebene Datei nicht finden.

Error: (02/02/2017 11:27:27 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "SBSD Security Center Service" ist von folgendem Dienst abhängig: wscsvc. Dieser Dienst ist eventuell nicht installiert.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i3 CPU 550 @ 3.20GHz
Prozentuale Nutzung des RAM: 60%
Installierter physikalischer RAM: 4023.12 MB
Verfügbarer physikalischer RAM: 1571.37 MB
Summe virtueller Speicher: 8044.42 MB
Verfügbarer virtueller Speicher: 4969.82 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:906.34 GB) (Free:656.73 GB) NTFS
Drive d: (TippTapp) (CDROM) (Total:0.17 GB) (Free:0 GB) CDFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 8D385642)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=906.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=25.1 GB) - (Type=12)

==================== Ende von Addition.txt ============================
         

Alt 02.02.2017, 14:21   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Wie werde ich "win32.downloader.gen" los? - Standard

Wie werde ich "win32.downloader.gen" los?



Zitat:
SpyBot Search&Destroy hat auf meinem PC "win32.downloader.gen" gefunden.
Sinnigerweise musst du uns schon genau mitteilen was genau und wo genau Spybot da was gefunden hat.
__________________

__________________

Alt 02.02.2017, 16:24   #3
Mon147
 
Wie werde ich "win32.downloader.gen" los? - Standard

Wie werde ich "win32.downloader.gen" los?



Bericht erster Suchdurchlauf:

Code:
ATTFilter
02.02.2017 08:48:24 - ##### check started #####
02.02.2017 08:48:24 - ### Version: 1.6.2
02.02.2017 08:48:24 - ### Date: 02.02.2017 08:48:24
02.02.2017 08:48:27 - ##### checking bots #####
02.02.2017 08:54:25 - found: Win32.Downloader.gen  Bibliothek 
02.02.2017 08:54:25 - found: Win32.Downloader.gen  Daten 
02.02.2017 08:54:47 - found: Conduit.CommunityAlerts Programm-Verzeichnis 
02.02.2017 08:54:47 - found: Conduit.CommunityAlerts Einstellungen 
02.02.2017 08:54:47 - found: Conduit.CommunityAlerts Einstellungen 
02.02.2017 08:54:47 - found: Conduit.CommunityAlerts Class ID 
02.02.2017 08:54:48 - found: Conduit.Shmoopy Einstellungen 
02.02.2017 08:54:48 - found: DownloadSponsor Einstellungen 
02.02.2017 08:54:48 - found: DownloadSponsor Einstellungen 
02.02.2017 09:05:34 - found: DoubleClick Verfolgender Cookie (Internet Explorer: horton)
02.02.2017 09:05:34 - ##### check finished #####
         
Code:
ATTFilter
--- Report generated: 2017-02-02 09:05 ---

Win32.Downloader.gen: [SBI $F65FFCFA]  Bibliothek (Datei, nothing done)
  C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll
  Properties.size=638560
  Properties.md5=6796F6E449F90A543DC3345538ACC46F
  Properties.filedate=1308838846
  Properties.filedatetext=2011-06-23 15:20:46

Win32.Downloader.gen: [SBI $82F4FAFD]  Daten (Datei, nothing done)
  C:\END
  Properties.size=9
  Properties.md5=A103FDF7348130EF3F3FEF56B1700A27
  Properties.filedate=1352901327
  Properties.filedatetext=2012-11-14 14:55:26

Conduit.CommunityAlerts: [SBI $8BC58BD8] Programm-Verzeichnis (Verzeichnis, nothing done)
  C:\Program Files (x86)\Conduit\Community Alerts\

Conduit.CommunityAlerts: [SBI $F17963C8] Einstellungen (Registrierungsdatenbank-Wert, nothing done)
  HKEY_USERS\S-1-5-21-3064065677-2226785740-1792966077-1000\Software\AppDataLow\Software\Conduit\RevertSettings\ConduitLatestHomePage=...hxxp://search.conduit.com?SearchSource=10&ctid=CT2625848...

Conduit.CommunityAlerts: [SBI $59C51646] Einstellungen (Registrierungsdatenbank-Schlüssel, nothing done)
  HKEY_USERS\S-1-5-21-3064065677-2226785740-1792966077-1000\Software\AppDataLow\Software\Conduit\RevertSettings

Conduit.CommunityAlerts: [SBI $CD21D057] Class ID (Registrierungsdatenbank-Schlüssel, nothing done)
  HKEY_CLASSES_ROOT\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}

Conduit.Shmoopy: [SBI $EB085BCA] Einstellungen (Registrierungsdatenbank-Schlüssel, nothing done)
  HKEY_USERS\S-1-5-21-3064065677-2226785740-1792966077-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}

DownloadSponsor: [SBI $CC437C6B] Einstellungen (Registrierungsdatenbank-Wert, nothing done)
  HKEY_USERS\S-1-5-21-3064065677-2226785740-1792966077-1000\Software\OCS\lastPID=...chipderedesign...

DownloadSponsor: [SBI $980DE8E4] Einstellungen (Registrierungsdatenbank-Wert, nothing done)
  HKEY_USERS\S-1-5-21-3064065677-2226785740-1792966077-1000\Software\OCS\PID=...chipde...

DoubleClick: Verfolgender Cookie (Internet Explorer: horton) (Cookie, nothing done)
  


--- Spybot - Search & Destroy version: 1.6.2  (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-01-26 TeaTimer.exe (1.6.4.26)
2012-07-05 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-01-26 advcheck.dll (1.6.2.15)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2015-07-31 Includes\Adware-000.sbi (*)
2015-11-10 Includes\Adware-001.sbi (*)
2017-02-01 Includes\Adware-C.sbi (*)
2014-01-13 Includes\Adware.sbi (*)
2014-01-13 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2014-11-14 Includes\Dialer-000.sbi (*)
2014-11-14 Includes\Dialer-001.sbi (*)
2016-11-16 Includes\Dialer-C.sbi (*)
2014-01-13 Includes\Dialer.sbi (*)
2014-01-13 Includes\DialerC.sbi (*)
2016-08-26 Includes\Fraud-000.sbi (*)
2017-01-30 Includes\Fraud-001.sbi (*)
2015-11-23 Includes\Fraud-002.sbi (*)
2016-07-06 Includes\Fraud-003.sbi (*)
2013-04-11 Includes\HeavyDuty.sbi (*)
2014-11-14 Includes\Hijackers-000.sbi (*)
2014-11-14 Includes\Hijackers-001.sbi (*)
2016-11-09 Includes\Hijackers-C.sbi (*)
2014-01-13 Includes\Hijackers.sbi (*)
2014-01-13 Includes\HijackersC.sbi (*)
2014-01-08 Includes\iPhone-000.sbi (*)
2014-01-08 Includes\iPhone.sbi (*)
2016-05-27 Includes\Keyloggers-000.sbi (*)
2017-02-01 Includes\Keyloggers-C.sbi (*)
2014-01-13 Includes\Keyloggers.sbi (*)
2014-01-13 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2015-06-25 Includes\Malware-000.sbi (*)
2016-06-22 Includes\Malware-001.sbi (*)
2016-06-14 Includes\Malware-002.sbi (*)
2015-11-19 Includes\Malware-003.sbi (*)
2016-06-14 Includes\Malware-004.sbi (*)
2016-06-22 Includes\Malware-005.sbi (*)
2016-01-18 Includes\Malware-006.sbi (*)
2015-10-29 Includes\Malware-007.sbi (*)
2017-02-01 Includes\Malware-C.sbi (*)
2014-01-13 Includes\Malware.sbi (*)
2014-01-13 Includes\MalwareC.sbi (*)
2016-12-28 Includes\PUPS-000.sbi (*)
2015-10-22 Includes\PUPS-001.sbi (*)
2014-01-15 Includes\PUPS-002.sbi (*)
2017-02-01 Includes\PUPS-C.sbi (*)
2014-01-13 Includes\PUPS.sbi (*)
2014-01-13 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2014-01-08 Includes\Security-000.sbi (*)
2015-12-02 Includes\Security-C.sbi (*)
2014-01-08 Includes\Security.sbi (*)
2014-01-13 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2015-11-11 Includes\Spyware-000.sbi (*)
2015-05-06 Includes\Spyware-001.sbi (*)
2016-08-10 Includes\Spyware-C.sbi (*)
2014-01-13 Includes\Spyware.sbi (*)
2014-01-08 Includes\SpywareC.sbi (*)
2012-11-19 Includes\Tracks.uti
2015-11-17 Includes\Trojans-000.sbi (*)
2015-11-19 Includes\Trojans-001.sbi (*)
2015-11-25 Includes\Trojans-002.sbi (*)
2016-01-20 Includes\Trojans-003.sbi (*)
2016-01-22 Includes\Trojans-004.sbi (*)
2015-11-25 Includes\Trojans-005.sbi (*)
2015-11-30 Includes\Trojans-006.sbi (*)
2016-01-27 Includes\Trojans-007.sbi (*)
2015-11-16 Includes\Trojans-008.sbi (*)
2015-04-21 Includes\Trojans-009.sbi (*)
2017-02-01 Includes\Trojans-C.sbi (*)
2016-02-02 Includes\Trojans-OG-000.sbi (*)
2014-01-15 Includes\Trojans-TD-000.sbi (*)
2014-01-15 Includes\Trojans-VM-000.sbi (*)
2014-01-15 Includes\Trojans-VM-001.sbi (*)
2014-01-15 Includes\Trojans-VM-002.sbi (*)
2014-01-15 Includes\Trojans-VM-003.sbi (*)
2014-01-15 Includes\Trojans-VM-004.sbi (*)
2014-01-15 Includes\Trojans-VM-005.sbi (*)
2014-01-15 Includes\Trojans-VM-006.sbi (*)
2014-01-15 Includes\Trojans-VM-007.sbi (*)
2014-01-15 Includes\Trojans-VM-008.sbi (*)
2014-01-15 Includes\Trojans-VM-009.sbi (*)
2014-01-15 Includes\Trojans-VM-010.sbi (*)
2014-01-15 Includes\Trojans-VM-011.sbi (*)
2014-01-15 Includes\Trojans-VM-012.sbi (*)
2014-01-15 Includes\Trojans-VM-013.sbi (*)
2014-01-15 Includes\Trojans-VM-014.sbi (*)
2014-01-15 Includes\Trojans-VM-015.sbi (*)
2014-01-15 Includes\Trojans-VM-016.sbi (*)
2014-01-15 Includes\Trojans-VM-017.sbi (*)
2014-01-15 Includes\Trojans-VM-018.sbi (*)
2014-01-15 Includes\Trojans-VM-019.sbi (*)
2014-01-15 Includes\Trojans-VM-020.sbi (*)
2014-01-15 Includes\Trojans-VM-021.sbi (*)
2014-01-15 Includes\Trojans-VM-022.sbi (*)
2014-01-15 Includes\Trojans-VM-023.sbi (*)
2014-01-15 Includes\Trojans-VM-024.sbi (*)
2014-01-13 Includes\Trojans-VM-025.sbi (*)
2014-01-13 Includes\Trojans-VM-026.sbi (*)
2015-11-09 Includes\Trojans-ZB-000.sbi (*)
2016-02-03 Includes\Trojans-ZL-000.sbi (*)
2014-01-09 Includes\Trojans.sbi (*)
2010-03-10 Includes\TrojansC-01.sbi (*)
2014-01-09 Includes\TrojansC-02.sbi (*)
2014-01-09 Includes\TrojansC-03.sbi (*)
2014-01-16 Includes\TrojansC-04.sbi (*)
2014-01-09 Includes\TrojansC-05.sbi (*)
2014-01-09 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
         

Hatte dann mit "markierte Probleme beheben" mein Glück versucht:
Code:
ATTFilter
--- Report generated: 2017-02-02 10:59 ---

Win32.Downloader.gen: [SBI $F65FFCFA]  Bibliothek (Datei, fixed)
  C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll
  Properties.size=0
  Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Win32.Downloader.gen: [SBI $82F4FAFD]  Daten (Datei, fixed)
  C:\END
  Properties.size=0
  Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Conduit.CommunityAlerts: [SBI $8BC58BD8] Programm-Verzeichnis (Verzeichnis, fixed)
  C:\Program Files (x86)\Conduit\Community Alerts\

Conduit.CommunityAlerts: [SBI $F17963C8] Einstellungen (Registrierungsdatenbank-Wert, fixed)
  HKEY_USERS\S-1-5-21-3064065677-2226785740-1792966077-1000\Software\AppDataLow\Software\Conduit\RevertSettings\ConduitLatestHomePage=...hxxp://search.conduit.com?SearchSource=10&ctid=CT2625848...

Conduit.CommunityAlerts: [SBI $59C51646] Einstellungen (Registrierungsdatenbank-Schlüssel, fixed)
  HKEY_USERS\S-1-5-21-3064065677-2226785740-1792966077-1000\Software\AppDataLow\Software\Conduit\RevertSettings

Conduit.CommunityAlerts: [SBI $CD21D057] Class ID (Registrierungsdatenbank-Schlüssel, fixed)
  HKEY_CLASSES_ROOT\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}

Conduit.Shmoopy: [SBI $EB085BCA] Einstellungen (Registrierungsdatenbank-Schlüssel, fixed)
  HKEY_USERS\S-1-5-21-3064065677-2226785740-1792966077-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}

DownloadSponsor: [SBI $CC437C6B] Einstellungen (Registrierungsdatenbank-Wert, fixed)
  HKEY_USERS\S-1-5-21-3064065677-2226785740-1792966077-1000\Software\OCS\lastPID=...chipderedesign...

DownloadSponsor: [SBI $980DE8E4] Einstellungen (Registrierungsdatenbank-Wert, fixed)
  HKEY_USERS\S-1-5-21-3064065677-2226785740-1792966077-1000\Software\OCS\PID=...chipde...

DoubleClick: Verfolgender Cookie (Internet Explorer: horton) (Cookie, fixed)
  


--- Spybot - Search & Destroy version: 1.6.2  (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-01-26 TeaTimer.exe (1.6.4.26)
2012-07-05 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-01-26 advcheck.dll (1.6.2.15)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2015-07-31 Includes\Adware-000.sbi (*)
2015-11-10 Includes\Adware-001.sbi (*)
2017-02-01 Includes\Adware-C.sbi (*)
2014-01-13 Includes\Adware.sbi (*)
2014-01-13 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2014-11-14 Includes\Dialer-000.sbi (*)
2014-11-14 Includes\Dialer-001.sbi (*)
2016-11-16 Includes\Dialer-C.sbi (*)
2014-01-13 Includes\Dialer.sbi (*)
2014-01-13 Includes\DialerC.sbi (*)
2016-08-26 Includes\Fraud-000.sbi (*)
2017-01-30 Includes\Fraud-001.sbi (*)
2015-11-23 Includes\Fraud-002.sbi (*)
2016-07-06 Includes\Fraud-003.sbi (*)
2013-04-11 Includes\HeavyDuty.sbi (*)
2014-11-14 Includes\Hijackers-000.sbi (*)
2014-11-14 Includes\Hijackers-001.sbi (*)
2016-11-09 Includes\Hijackers-C.sbi (*)
2014-01-13 Includes\Hijackers.sbi (*)
2014-01-13 Includes\HijackersC.sbi (*)
2014-01-08 Includes\iPhone-000.sbi (*)
2014-01-08 Includes\iPhone.sbi (*)
2016-05-27 Includes\Keyloggers-000.sbi (*)
2017-02-01 Includes\Keyloggers-C.sbi (*)
2014-01-13 Includes\Keyloggers.sbi (*)
2014-01-13 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2015-06-25 Includes\Malware-000.sbi (*)
2016-06-22 Includes\Malware-001.sbi (*)
2016-06-14 Includes\Malware-002.sbi (*)
2015-11-19 Includes\Malware-003.sbi (*)
2016-06-14 Includes\Malware-004.sbi (*)
2016-06-22 Includes\Malware-005.sbi (*)
2016-01-18 Includes\Malware-006.sbi (*)
2015-10-29 Includes\Malware-007.sbi (*)
2017-02-01 Includes\Malware-C.sbi (*)
2014-01-13 Includes\Malware.sbi (*)
2014-01-13 Includes\MalwareC.sbi (*)
2016-12-28 Includes\PUPS-000.sbi (*)
2015-10-22 Includes\PUPS-001.sbi (*)
2014-01-15 Includes\PUPS-002.sbi (*)
2017-02-01 Includes\PUPS-C.sbi (*)
2014-01-13 Includes\PUPS.sbi (*)
2014-01-13 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2014-01-08 Includes\Security-000.sbi (*)
2015-12-02 Includes\Security-C.sbi (*)
2014-01-08 Includes\Security.sbi (*)
2014-01-13 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2015-11-11 Includes\Spyware-000.sbi (*)
2015-05-06 Includes\Spyware-001.sbi (*)
2016-08-10 Includes\Spyware-C.sbi (*)
2014-01-13 Includes\Spyware.sbi (*)
2014-01-08 Includes\SpywareC.sbi (*)
2012-11-19 Includes\Tracks.uti
2015-11-17 Includes\Trojans-000.sbi (*)
2015-11-19 Includes\Trojans-001.sbi (*)
2015-11-25 Includes\Trojans-002.sbi (*)
2016-01-20 Includes\Trojans-003.sbi (*)
2016-01-22 Includes\Trojans-004.sbi (*)
2015-11-25 Includes\Trojans-005.sbi (*)
2015-11-30 Includes\Trojans-006.sbi (*)
2016-01-27 Includes\Trojans-007.sbi (*)
2015-11-16 Includes\Trojans-008.sbi (*)
2015-04-21 Includes\Trojans-009.sbi (*)
2017-02-01 Includes\Trojans-C.sbi (*)
2016-02-02 Includes\Trojans-OG-000.sbi (*)
2014-01-15 Includes\Trojans-TD-000.sbi (*)
2014-01-15 Includes\Trojans-VM-000.sbi (*)
2014-01-15 Includes\Trojans-VM-001.sbi (*)
2014-01-15 Includes\Trojans-VM-002.sbi (*)
2014-01-15 Includes\Trojans-VM-003.sbi (*)
2014-01-15 Includes\Trojans-VM-004.sbi (*)
2014-01-15 Includes\Trojans-VM-005.sbi (*)
2014-01-15 Includes\Trojans-VM-006.sbi (*)
2014-01-15 Includes\Trojans-VM-007.sbi (*)
2014-01-15 Includes\Trojans-VM-008.sbi (*)
2014-01-15 Includes\Trojans-VM-009.sbi (*)
2014-01-15 Includes\Trojans-VM-010.sbi (*)
2014-01-15 Includes\Trojans-VM-011.sbi (*)
2014-01-15 Includes\Trojans-VM-012.sbi (*)
2014-01-15 Includes\Trojans-VM-013.sbi (*)
2014-01-15 Includes\Trojans-VM-014.sbi (*)
2014-01-15 Includes\Trojans-VM-015.sbi (*)
2014-01-15 Includes\Trojans-VM-016.sbi (*)
2014-01-15 Includes\Trojans-VM-017.sbi (*)
2014-01-15 Includes\Trojans-VM-018.sbi (*)
2014-01-15 Includes\Trojans-VM-019.sbi (*)
2014-01-15 Includes\Trojans-VM-020.sbi (*)
2014-01-15 Includes\Trojans-VM-021.sbi (*)
2014-01-15 Includes\Trojans-VM-022.sbi (*)
2014-01-15 Includes\Trojans-VM-023.sbi (*)
2014-01-15 Includes\Trojans-VM-024.sbi (*)
2014-01-13 Includes\Trojans-VM-025.sbi (*)
2014-01-13 Includes\Trojans-VM-026.sbi (*)
2015-11-09 Includes\Trojans-ZB-000.sbi (*)
2016-02-03 Includes\Trojans-ZL-000.sbi (*)
2014-01-09 Includes\Trojans.sbi (*)
2010-03-10 Includes\TrojansC-01.sbi (*)
2014-01-09 Includes\TrojansC-02.sbi (*)
2014-01-09 Includes\TrojansC-03.sbi (*)
2014-01-16 Includes\TrojansC-04.sbi (*)
2014-01-09 Includes\TrojansC-05.sbi (*)
2014-01-09 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
         
Danach wurde "Win32.Downloader.gen" erneut von Spybot gefunden. als ich es später nochmal durchlaufen lies dann nicht mehr, dafür "DownloadSponsor" Soll ich die Berichte davon auch noch posten, oder reicht der erste?
__________________

Alt 02.02.2017, 16:31   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Wie werde ich "win32.downloader.gen" los? - Standard

Wie werde ich "win32.downloader.gen" los?



Conduit-Werbek*cke....



Bitte für die Bereinigung Spybot und Avira deinstallieren. Spybot ist weitgehend überflüssig, Avira empfehlen wir schon seit Jahren aus mehreren Gründen nicht mehr. Ein Grund ist ne rel. hohe Fehlalarmquote, der zweite Hauptgrund ist, dass die immer noch mit ASK zusammenarbeiten (Avira Suchfunktion geht über ASK). Auch andere Freewareanbieter wie AVG, Avast oder Panda sprangen auf diesen Zug auf; so was ist bei Sicherheitssoftware einfach inakzeptabel. Vgl. Antivirensoftware: Schutz Für Ihre Dateien, Aber Auf Kosten Ihrer Privatsphäre? | Emsisoft Blog

Gib Bescheid wenn Avira weg ist; wenn wir hier durch sind, kannst du auf einen anderen Virenscanner umsteigen, Infos folgen dann im Abschlussposting. Bitte JETZT nix mehr ohne Absprache installieren!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 02.02.2017, 16:50   #5
Mon147
 
Wie werde ich "win32.downloader.gen" los? - Standard

Wie werde ich "win32.downloader.gen" los?



Ist beides runter. Es kann los gehen!


Alt 02.02.2017, 16:53   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Wie werde ich "win32.downloader.gen" los? - Standard

Wie werde ich "win32.downloader.gen" los?



1. Schritt: Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers




2. Schritt: Kaspersky TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.




Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________
--> Wie werde ich "win32.downloader.gen" los?

Alt 02.02.2017, 19:17   #7
Mon147
 
Wie werde ich "win32.downloader.gen" los? - Standard

Wie werde ich "win32.downloader.gen" los?



nichts gefunden....

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
  main:    v2017.02.02.05
  rootkit: v2016.11.20.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
horton :: HORTON-PC [administrator]

02.02.2017 17:54:40
mbar-log-2017-02-02 (17-54-40).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 437238
Time elapsed: 46 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         
TDSS 1von3

Code:
ATTFilter
18:57:40.0299 0x0e04  TDSS rootkit removing tool 3.1.0.12 Nov  7 2016 07:10:01
18:57:44.0110 0x0e04  ============================================================
18:57:44.0110 0x0e04  Current date / time: 2017/02/02 18:57:44.0110
18:57:44.0110 0x0e04  SystemInfo:
18:57:44.0110 0x0e04  
18:57:44.0110 0x0e04  OS Version: 6.1.7601 ServicePack: 1.0
18:57:44.0110 0x0e04  Product type: Workstation
18:57:44.0110 0x0e04  ComputerName: HORTON-PC
18:57:44.0110 0x0e04  UserName: horton
18:57:44.0110 0x0e04  Windows directory: C:\Windows
18:57:44.0110 0x0e04  System windows directory: C:\Windows
18:57:44.0110 0x0e04  Running under WOW64
18:57:44.0110 0x0e04  Processor architecture: Intel x64
18:57:44.0110 0x0e04  Number of processors: 4
18:57:44.0110 0x0e04  Page size: 0x1000
18:57:44.0110 0x0e04  Boot type: Normal boot
18:57:44.0110 0x0e04  CodeIntegrityOptions = 0x00000001
18:57:44.0110 0x0e04  ============================================================
18:57:45.0697 0x0e04  KLMD registered as C:\Windows\system32\drivers\14141331.sys
18:57:45.0697 0x0e04  KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 7601.23564, osProperties = 0x1
18:57:46.0049 0x0e04  System UUID: {61CA5BEB-E098-32CA-DDDA-50C8CFA771D6}
18:57:46.0485 0x0e04  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:57:46.0489 0x0e04  ============================================================
18:57:46.0489 0x0e04  \Device\Harddisk0\DR0:
18:57:46.0489 0x0e04  MBR partitions:
18:57:46.0489 0x0e04  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
18:57:46.0489 0x0e04  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x714AE800
18:57:46.0489 0x0e04  ============================================================
18:57:46.0510 0x0e04  C: <-> \Device\Harddisk0\DR0\Partition2
18:57:46.0510 0x0e04  ============================================================
18:57:46.0510 0x0e04  Initialize success
18:57:46.0510 0x0e04  ============================================================
18:58:59.0054 0x16bc  ============================================================
18:58:59.0054 0x16bc  Scan started
18:58:59.0054 0x16bc  Mode: Manual; SigCheck; TDLFS; 
18:58:59.0054 0x16bc  ============================================================
18:58:59.0054 0x16bc  KSN ping started
18:58:59.0304 0x16bc  KSN ping finished: true
18:59:01.0393 0x16bc  ================ Scan system memory ========================
18:59:01.0393 0x16bc  System memory - ok
18:59:01.0393 0x16bc  ================ Scan services =============================
18:59:01.0521 0x16bc  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
18:59:01.0616 0x16bc  1394ohci - ok
18:59:01.0644 0x16bc  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
18:59:01.0664 0x16bc  ACPI - ok
18:59:01.0686 0x16bc  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
18:59:01.0740 0x16bc  AcpiPmi - ok
18:59:01.0794 0x16bc  [ D0B11E40EA74A98A5E133DF1F5276240, BAD5885CD8CC271D59DFA95159EFC3AC36D2BA11B6DA593AAED0C45F1C2F280F ] acsock          C:\Windows\system32\DRIVERS\acsock64.sys
18:59:01.0816 0x16bc  acsock - ok
18:59:01.0935 0x16bc  [ 8B46D5A1D3EF08232C04D0EAFB871FB2, 5306F8452EF675851CB0015F9E5C5EB750137D6D65C9CB7E47F8EF5B10A44D10 ] Adobe LM Service C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
18:59:02.0012 0x16bc  Adobe LM Service - detected UnsignedFile.Multi.Generic ( 1 )
18:59:02.0178 0x16bc  Detect skipped due to KSN trusted
18:59:02.0178 0x16bc  Adobe LM Service - ok
18:59:02.0295 0x16bc  [ 41D15EAD554396BF35B7C5246AD47A28, 456835B33E95D083CD0076F06B591D63FB969025940A5CFD87CAB37C658B6855 ] Adobe Version Cue CS2 c:\Creative Suite CS2\Adobe Creative Suite 2.0\Adobe Version Cue CS2\bin\VersionCueCS2.exe
18:59:02.0348 0x16bc  Adobe Version Cue CS2 - detected UnsignedFile.Multi.Generic ( 1 )
18:59:02.0510 0x16bc  Detect skipped due to KSN trusted
18:59:02.0510 0x16bc  Adobe Version Cue CS2 - ok
18:59:02.0581 0x16bc  [ B932E0EE190778D840F1442DFC0F9612, 8780963F14D57279FDD585BE945ED40F24590D32676C7A9EF94002D38B8BA643 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:59:02.0588 0x16bc  AdobeARMservice - ok
18:59:02.0690 0x16bc  [ CA363F172E1978FD155764F2840B0BE8, CB14E2C94ABB8C8809F4E96472F6D1A9A3A0860217631F592E0F62F043165575 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:59:02.0718 0x16bc  AdobeFlashPlayerUpdateSvc - ok
18:59:02.0761 0x16bc  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
18:59:02.0795 0x16bc  adp94xx - ok
18:59:02.0827 0x16bc  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
18:59:02.0846 0x16bc  adpahci - ok
18:59:02.0861 0x16bc  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
18:59:02.0873 0x16bc  adpu320 - ok
18:59:02.0911 0x16bc  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
18:59:03.0008 0x16bc  AeLookupSvc - ok
18:59:03.0063 0x16bc  [ 9A4A1EEE802BF2F878EE8EAB407B21B7, 177EB7DF4B35FE4C0E45E775A0FD5D48D39B410052E3EE18BDEEC809E152D9D8 ] AFD             C:\Windows\system32\drivers\afd.sys
18:59:03.0149 0x16bc  AFD - ok
18:59:03.0179 0x16bc  AFS - ok
18:59:03.0221 0x16bc  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
18:59:03.0230 0x16bc  agp440 - ok
18:59:03.0256 0x16bc  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
18:59:03.0311 0x16bc  ALG - ok
18:59:03.0331 0x16bc  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
18:59:03.0339 0x16bc  aliide - ok
18:59:03.0357 0x16bc  [ B4143CB1DD16AE73C6177C72F33450A6, D675AEF56FF030314AB3B4F13A81D72272E67AE10E415058928182A3B8370FE1 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
18:59:03.0401 0x16bc  AMD External Events Utility - ok
18:59:03.0413 0x16bc  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
18:59:03.0421 0x16bc  amdide - ok
18:59:03.0449 0x16bc  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
18:59:03.0485 0x16bc  AmdK8 - ok
18:59:03.0660 0x16bc  [ D1D06810BF7E21F5763EB06CB7E7262B, 77DEEA2C76D1C3E65E3D4F1FB2C671195019E9B78336EA4E040565DB88228611 ] amdkmdag        C:\Windows\system32\DRIVERS\atipmdag.sys
18:59:03.0882 0x16bc  amdkmdag - ok
18:59:03.0919 0x16bc  [ 6BA71D6616B56816E57394D77DD1BB6F, 5250378D4CA31578D8E92DD4402E2AA34C2299EA2D9471AC5A9A7CEA46A54CB3 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
18:59:03.0963 0x16bc  amdkmdap - ok
18:59:03.0979 0x16bc  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
18:59:04.0022 0x16bc  AmdPPM - ok
18:59:04.0087 0x16bc  [ 6EC6D772EAE38DC17C14AED9B178D24B, B4FB936B31B1265B8CC6B426C64965C34D0CCF1638E645ACD65E88F4AFFC57A6 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
18:59:04.0105 0x16bc  amdsata - ok
18:59:04.0119 0x16bc  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
18:59:04.0147 0x16bc  amdsbs - ok
18:59:04.0165 0x16bc  [ 1142A21DB581A84EA5597B03A26EBAA0, F94EB140D0CD068760D7EB081FF75154C75DAC75E5E24B6DE4E4F9CE65A70343 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
18:59:04.0176 0x16bc  amdxata - ok
18:59:04.0214 0x16bc  [ 8B73FEE96B60EE597CBCAA735A842A36, AB3FC01FEC62AC115EC766770D8694DEDA2FF2286E0199DC238ABF2493EC1A22 ] AppID           C:\Windows\system32\drivers\appid.sys
18:59:04.0246 0x16bc  AppID - ok
18:59:04.0261 0x16bc  [ F5800413C0DF45C2CA15FD3ACBB1365F, 741E09EED0FF0152B59704729BD700E7D7A671C88F0708884AAB7A56ECCBD8AB ] AppIDSvc        C:\Windows\System32\appidsvc.dll
18:59:04.0292 0x16bc  AppIDSvc - ok
18:59:04.0313 0x16bc  [ 978DC0A1FBE9CC91B21B40AF66CB396A, 90BAFF81D98F5AFD743D8BD65F716666A7A7BD2DA612492E03C79B29E9A0F8C2 ] Appinfo         C:\Windows\System32\appinfo.dll
18:59:04.0352 0x16bc  Appinfo - ok
18:59:04.0380 0x16bc  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\DRIVERS\arc.sys
18:59:04.0406 0x16bc  arc - ok
18:59:04.0428 0x16bc  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
18:59:04.0438 0x16bc  arcsas - ok
18:59:04.0552 0x16bc  [ 108FB6DDB69E537A2EA53F425363FAE5, B12A9F5338D39805E08A44A335FF7AA77F2266F535A2F5C8412CC746C75E5B1D ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
18:59:04.0586 0x16bc  aspnet_state - ok
18:59:04.0605 0x16bc  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
18:59:04.0652 0x16bc  AsyncMac - ok
18:59:04.0683 0x16bc  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
18:59:04.0690 0x16bc  atapi - ok
18:59:04.0750 0x16bc  [ F8633CDD09647A64EE8DB550630427FF, 565F32E6B1E8451B2DD866E4997336A47B8DC6669392BDAAF252C35C0383E8A3 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
18:59:04.0820 0x16bc  athr - ok
18:59:04.0883 0x16bc  [ BCD131E1FF612F0F82FD8DEC39F97C9F, 90519368467CF4BFAFAA7C8DBD439DBABE0673713D39EEE37045170C2BEAB46D ] ATIAVPCI        C:\Windows\system32\DRIVERS\atinavrr.sys
18:59:05.0050 0x16bc  ATIAVPCI - ok
18:59:05.0115 0x16bc  [ 67C717EC24FCAAE7B518D9E06AD036AB, F08550E4FCEC2899FACEF2A18CEE3D068D5911FFD2FF5534E4921E56FB0AEF59 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:59:05.0154 0x16bc  AudioEndpointBuilder - ok
18:59:05.0173 0x16bc  [ 67C717EC24FCAAE7B518D9E06AD036AB, F08550E4FCEC2899FACEF2A18CEE3D068D5911FFD2FF5534E4921E56FB0AEF59 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
18:59:05.0194 0x16bc  AudioSrv - ok
18:59:05.0243 0x16bc  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
18:59:05.0328 0x16bc  AxInstSV - ok
18:59:05.0370 0x16bc  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
18:59:05.0428 0x16bc  b06bdrv - ok
18:59:05.0455 0x16bc  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
18:59:05.0482 0x16bc  b57nd60a - ok
18:59:05.0517 0x16bc  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
18:59:05.0543 0x16bc  BDESVC - ok
18:59:05.0631 0x16bc  [ CB7CE2E47139B620D2B87078165F1AD0, 2859F85C463FD34D659EAFDDFE4DE472D04D3D2D639BE4876E19F5DC775D0BA1 ] becldr3Service  C:\Program Files (x86)\BCL Technologies\easyConverter SDK 3\Common\becldr.exe
18:59:05.0648 0x16bc  becldr3Service - detected UnsignedFile.Multi.Generic ( 1 )
18:59:06.0025 0x16bc  Detect skipped due to KSN trusted
18:59:06.0025 0x16bc  becldr3Service - ok
18:59:06.0050 0x16bc  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
18:59:06.0105 0x16bc  Beep - ok
18:59:06.0175 0x16bc  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
18:59:06.0331 0x16bc  BITS - ok
18:59:06.0365 0x16bc  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
18:59:06.0388 0x16bc  blbdrive - ok
18:59:06.0430 0x16bc  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
18:59:06.0471 0x16bc  bowser - ok
18:59:06.0485 0x16bc  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:59:06.0542 0x16bc  BrFiltLo - ok
18:59:06.0550 0x16bc  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:59:06.0573 0x16bc  BrFiltUp - ok
18:59:06.0628 0x16bc  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
18:59:06.0686 0x16bc  Browser - ok
18:59:06.0715 0x16bc  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
18:59:06.0751 0x16bc  Brserid - ok
18:59:06.0766 0x16bc  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
18:59:06.0811 0x16bc  BrSerWdm - ok
18:59:06.0825 0x16bc  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
18:59:06.0854 0x16bc  BrUsbMdm - ok
18:59:06.0884 0x16bc  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
18:59:06.0911 0x16bc  BrUsbSer - ok
18:59:06.0960 0x16bc  [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
18:59:07.0011 0x16bc  BthEnum - ok
18:59:07.0030 0x16bc  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
18:59:07.0067 0x16bc  BTHMODEM - ok
18:59:07.0088 0x16bc  [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
18:59:07.0126 0x16bc  BthPan - ok
18:59:07.0167 0x16bc  [ 64C198198501F7560EE41D8D1EFA7952, 53CE5FDD1866FC8A0B91C7A620F7555D197488C4C8F3DEFD4398D8E3ED2AEBD0 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
18:59:07.0212 0x16bc  BTHPORT - ok
18:59:07.0235 0x16bc  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
18:59:07.0266 0x16bc  bthserv - ok
18:59:07.0275 0x16bc  [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
18:59:07.0304 0x16bc  BTHUSB - ok
18:59:07.0326 0x16bc  [ 2641A3FE3D7B0646308F33B67F3B5300, 8D2E37F6524D10197D36AAE41F59028B3DF0692A113EA342BB1AC36DEA13D8F6 ] btusbflt        C:\Windows\system32\drivers\btusbflt.sys
18:59:07.0333 0x16bc  btusbflt - ok
18:59:07.0357 0x16bc  [ A72A9101F9730DB7332714E566614E4D, 7C75772EA40EAEDDE2565E5FF901B17EA9B748563B8CE40062D86D4B0F1DBF0C ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
18:59:07.0365 0x16bc  btwaudio - ok
18:59:07.0379 0x16bc  [ 5CEEC634B617525F2B6AD29F871033F7, 0A48E08FB3C3384860783F72C85022F6AD11D8F7023580D007478AA94F6F41C5 ] btwavdt         C:\Windows\system32\drivers\btwavdt.sys
18:59:07.0394 0x16bc  btwavdt - ok
18:59:07.0466 0x16bc  [ A5CCE445E343E370589D054AF569B6E1, 54118E06EF7F26408C30017BA852995304DD50563867221F4EF3B7AD2AD5ABD2 ] btwdins         C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
18:59:07.0491 0x16bc  btwdins - ok
18:59:07.0504 0x16bc  [ 6149301DC3F81D6F9667A3FBAC410975, 120E201AFB07054C7F6321461D194843C695012431DBD791E36BBF73FDD41E8A ] btwl2cap        C:\Windows\system32\DRIVERS\btwl2cap.sys
18:59:07.0509 0x16bc  btwl2cap - ok
18:59:07.0519 0x16bc  [ 2AF5604D28BEF77B7CF4B9D232FE7CD3, 758524012FE284EDFC27DF095A2DD5853A0F084999F14DA66784103176E938E4 ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
18:59:07.0524 0x16bc  btwrchid - ok
18:59:07.0542 0x16bc  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
18:59:07.0603 0x16bc  cdfs - ok
18:59:07.0660 0x16bc  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\drivers\cdrom.sys
18:59:07.0680 0x16bc  cdrom - ok
18:59:07.0727 0x16bc  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
18:59:07.0773 0x16bc  CertPropSvc - ok
18:59:07.0853 0x16bc  [ 59B4AB79011957DD3B83F0C2E63741BD, 5DE68785D701DBA0F98452B7D5CC407BEECD51685F39516157733CED2EF2FA19 ] chip1click      C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe
18:59:07.0862 0x16bc  chip1click - detected UnsignedFile.Multi.Generic ( 1 )
18:59:08.0112 0x16bc  Detect skipped due to KSN trusted
18:59:08.0112 0x16bc  chip1click - ok
18:59:08.0138 0x16bc  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
18:59:08.0157 0x16bc  circlass - ok
18:59:08.0192 0x16bc  [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS            C:\Windows\system32\CLFS.sys
18:59:08.0209 0x16bc  CLFS - ok
18:59:08.0797 0x16bc  [ 45AF5F89D707C3F64AC59B627AE34A30, 3E0D50463133FD7D57419258C88D80FF47F2729636D7836EE2567F94B0BA0358 ] ClickToRunSvc   C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
18:59:08.0880 0x16bc  ClickToRunSvc - ok
18:59:08.0996 0x16bc  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:59:09.0016 0x16bc  clr_optimization_v2.0.50727_32 - ok
18:59:09.0032 0x16bc  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:59:09.0050 0x16bc  clr_optimization_v2.0.50727_64 - ok
18:59:09.0150 0x16bc  [ 6D7C8A951AF6AD6835C029B3CB88D333, 66F3D79887B2449B4C6912D1A258D1A96056888F51A8AA24FEDF37942AD5BDBB ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:59:09.0162 0x16bc  clr_optimization_v4.0.30319_32 - ok
18:59:09.0173 0x16bc  [ 86329C35FF23CFEF0FB6C0023BA06BCE, D915CE7AD564F97A1C3B047D5248B7EF67ADDC59687FBC90F1776C21DAA0D3FD ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:59:09.0230 0x16bc  clr_optimization_v4.0.30319_64 - ok
18:59:09.0262 0x16bc  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
18:59:09.0281 0x16bc  CmBatt - ok
18:59:09.0311 0x16bc  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
18:59:09.0318 0x16bc  cmdide - ok
18:59:09.0366 0x16bc  [ 3323F76352B0AF14B2CDC4DFBF3E980A, F8E3C3508C37E647497B6889F26819B1DB30275F48A994D1BBFBAA9454E5FD70 ] CNG             C:\Windows\system32\Drivers\cng.sys
18:59:09.0387 0x16bc  CNG - ok
18:59:09.0409 0x16bc  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
18:59:09.0423 0x16bc  Compbatt - ok
18:59:09.0442 0x16bc  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
18:59:09.0464 0x16bc  CompositeBus - ok
18:59:09.0471 0x16bc  COMSysApp - ok
18:59:09.0488 0x16bc  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
18:59:09.0496 0x16bc  crcdisk - ok
18:59:09.0539 0x16bc  [ BB724567892383010B8436DCC0A84628, 2768F5FD7A096CB1CEA33F8818EF16F9F5E3E07BB8442949A49A9CF24B62C6E6 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
18:59:09.0607 0x16bc  CryptSvc - ok
18:59:09.0690 0x16bc  [ B4D1D62A09F09CB2DFD55628350CDAFB, 7DD3CE77D88B5AFAC4B6187F4CA6D50B7BD3398207163B2A1E4C76467801FF28 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
18:59:09.0718 0x16bc  cvhsvc - ok
18:59:09.0769 0x16bc  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
18:59:09.0827 0x16bc  DcomLaunch - ok
18:59:09.0851 0x16bc  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
18:59:09.0905 0x16bc  defragsvc - ok
18:59:09.0961 0x16bc  [ 9B38580063D281A99E68EF5813022A5F, D91676B0E0A8E2A090E3E5DD340ABCFC20AE0F55B4C82869D6CFB34239BD27DA ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
18:59:09.0984 0x16bc  DfsC - ok
18:59:10.0058 0x16bc  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
18:59:10.0137 0x16bc  Dhcp - ok
18:59:10.0265 0x16bc  [ BB5B80616BD01A9C59BF1D52BA238EDA, 8168F38127EC955B25AD4EF61081D86473E4959F797F68055E6210080EFEFF9F ] DigitalWave.Update.Service C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe
18:59:10.0288 0x16bc  DigitalWave.Update.Service - ok
18:59:10.0317 0x16bc  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
18:59:10.0362 0x16bc  discache - ok
18:59:10.0381 0x16bc  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
18:59:10.0390 0x16bc  Disk - ok
18:59:10.0423 0x16bc  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
18:59:10.0469 0x16bc  Dnscache - ok
18:59:10.0509 0x16bc  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
18:59:10.0575 0x16bc  dot3svc - ok
18:59:10.0632 0x16bc  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
18:59:10.0667 0x16bc  DPS - ok
18:59:10.0696 0x16bc  [ 26FE888505E5A945B0536AF9A2A27A6F, A6B16ED498BAFE300E1F0E0A241E3D62F7A1C5973EE775904ED14F33A2BC08A6 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
18:59:10.0716 0x16bc  drmkaud - ok
18:59:10.0770 0x16bc  [ 3A9D7D464BDB3B70D7ECF689ADABBD4D, B4F5B23705EA1BA453FE30791CA245E1A5F7FBEABAD026E4A8A15A9FC44E8C9C ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
18:59:10.0811 0x16bc  DXGKrnl - ok
18:59:10.0839 0x16bc  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
18:59:10.0891 0x16bc  EapHost - ok
18:59:11.0003 0x16bc  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
18:59:11.0136 0x16bc  ebdrv - ok
18:59:11.0180 0x16bc  [ 0EE3B249D8079D72D4C84B108E99A16F, 453A792CDF2133949EA2E1FFC2373C3CC16895FCAED82A0A403E432ED161DAB9 ] EFS             C:\Windows\System32\lsass.exe
18:59:11.0199 0x16bc  EFS - ok
18:59:11.0264 0x16bc  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
18:59:11.0321 0x16bc  ehRecvr - ok
18:59:11.0351 0x16bc  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
18:59:11.0412 0x16bc  ehSched - ok
18:59:11.0447 0x16bc  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
18:59:11.0467 0x16bc  elxstor - ok
18:59:11.0499 0x16bc  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
18:59:11.0515 0x16bc  ErrDev - ok
18:59:11.0554 0x16bc  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
18:59:11.0599 0x16bc  EventSystem - ok
18:59:11.0612 0x16bc  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
18:59:11.0671 0x16bc  exfat - ok
18:59:11.0691 0x16bc  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
18:59:11.0734 0x16bc  fastfat - ok
18:59:11.0790 0x16bc  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
18:59:11.0849 0x16bc  Fax - ok
18:59:11.0871 0x16bc  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
18:59:11.0907 0x16bc  fdc - ok
18:59:11.0946 0x16bc  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
18:59:11.0995 0x16bc  fdPHost - ok
18:59:12.0032 0x16bc  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
18:59:12.0108 0x16bc  FDResPub - ok
18:59:12.0131 0x16bc  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
18:59:12.0139 0x16bc  FileInfo - ok
18:59:12.0148 0x16bc  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
18:59:12.0192 0x16bc  Filetrace - ok
18:59:12.0213 0x16bc  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
18:59:12.0222 0x16bc  flpydisk - ok
18:59:12.0265 0x16bc  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
18:59:12.0280 0x16bc  FltMgr - ok
18:59:12.0338 0x16bc  [ A3B63B22B761804C7B916F5FBC5763C2, 4F62413BD70E135C142376ACBE9CD46F7F06303B49B6AE0B9FF58FC4DF7BD86A ] FontCache       C:\Windows\system32\FntCache.dll
18:59:12.0380 0x16bc  FontCache - ok
18:59:12.0438 0x16bc  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:59:12.0458 0x16bc  FontCache3.0.0.0 - ok
18:59:12.0483 0x16bc  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
18:59:12.0491 0x16bc  FsDepends - ok
18:59:12.0532 0x16bc  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
18:59:12.0540 0x16bc  Fs_Rec - ok
18:59:12.0588 0x16bc  [ 1F7B25B858FA27015169FE95E54108ED, 72DD12E924AA7273B3E4BDD2A2C581DECE304C8EF3D44EA79ABB032F3F95DCE5 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
18:59:12.0602 0x16bc  fvevol - ok
18:59:12.0619 0x16bc  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
18:59:12.0628 0x16bc  gagp30kx - ok
18:59:12.0674 0x16bc  [ E4AE497857409127ED57562AF913A903, 262ADD713B1FBF6200550967D1F8635B55D01BBD8FA2E753536E71A4EC87867B ] gpsvc           C:\Windows\System32\gpsvc.dll
18:59:12.0721 0x16bc  gpsvc - ok
18:59:12.0822 0x16bc  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:59:12.0839 0x16bc  gupdate - ok
18:59:12.0856 0x16bc  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:59:12.0865 0x16bc  gupdatem - ok
18:59:12.0916 0x16bc  [ 537FDB12109E944A4425E92F3985CC14, 8197911307CF98CA2B22C5B85458918673BDB8F101B426DC50EAB8E84077B91A ] h647906         C:\Windows\system32\drivers\h647906.sys
18:59:12.0924 0x16bc  h647906 - ok
18:59:12.0946 0x16bc  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
18:59:12.0959 0x16bc  hcw85cir - ok
18:59:13.0014 0x16bc  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:59:13.0045 0x16bc  HdAudAddService - ok
18:59:13.0073 0x16bc  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
18:59:13.0104 0x16bc  HDAudBus - ok
18:59:13.0130 0x16bc  hid7906 - ok
18:59:13.0140 0x16bc  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
18:59:13.0157 0x16bc  HidBatt - ok
18:59:13.0170 0x16bc  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
18:59:13.0187 0x16bc  HidBth - ok
18:59:13.0208 0x16bc  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
18:59:13.0244 0x16bc  HidIr - ok
18:59:13.0265 0x16bc  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
18:59:13.0303 0x16bc  hidserv - ok
18:59:13.0344 0x16bc  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
18:59:13.0397 0x16bc  HidUsb - ok
18:59:13.0438 0x16bc  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
18:59:13.0495 0x16bc  hkmsvc - ok
18:59:13.0534 0x16bc  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:59:13.0578 0x16bc  HomeGroupListener - ok
18:59:13.0610 0x16bc  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:59:13.0632 0x16bc  HomeGroupProvider - ok
18:59:13.0651 0x16bc  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
18:59:13.0660 0x16bc  HpSAMD - ok
18:59:13.0718 0x16bc  [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
18:59:13.0783 0x16bc  HTTP - ok
18:59:13.0815 0x16bc  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
18:59:13.0824 0x16bc  hwpolicy - ok
18:59:13.0856 0x16bc  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
18:59:13.0867 0x16bc  i8042prt - ok
18:59:13.0905 0x16bc  [ 3DF4395A7CF8B7A72A5F4606366B8C2D, 483588B8FC6E05488ED631C4E1CFC398553FEBFA2CD2BB527B4DF12D19774F80 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
18:59:13.0923 0x16bc  iaStorV - ok
18:59:14.0032 0x16bc  [ 6F95324909B502E2651442C1548AB12F, FF1B104990FE186C6100ED229A45345FF695323AC778688EC11AA8F5A87B141E ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
18:59:14.0051 0x16bc  IDriverT - detected UnsignedFile.Multi.Generic ( 1 )
18:59:14.0550 0x16bc  Detect skipped due to KSN trusted
18:59:14.0550 0x16bc  IDriverT - ok
18:59:14.0629 0x16bc  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:59:14.0669 0x16bc  idsvc - ok
18:59:14.0688 0x16bc  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
18:59:14.0696 0x16bc  iirsp - ok
18:59:14.0765 0x16bc  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
18:59:14.0824 0x16bc  IKEEXT - ok
18:59:14.0923 0x16bc  [ F5872A11EB4F6DB170D636CD4E53CA9F, 6FCD488E56816AE4203D989CD22E3FB266F1DB6598EA52A526D6A35712610EDE ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
18:59:14.0990 0x16bc  IntcAzAudAddService - ok
18:59:15.0002 0x16bc  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
18:59:15.0032 0x16bc  intelide - ok
18:59:15.0075 0x16bc  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
18:59:15.0105 0x16bc  intelppm - ok
18:59:15.0137 0x16bc  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
18:59:15.0186 0x16bc  IPBusEnum - ok
18:59:15.0253 0x16bc  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:59:15.0306 0x16bc  IpFilterDriver - ok
18:59:15.0340 0x16bc  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
18:59:15.0357 0x16bc  IPMIDRV - ok
18:59:15.0375 0x16bc  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
18:59:15.0424 0x16bc  IPNAT - ok
18:59:15.0456 0x16bc  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
18:59:15.0497 0x16bc  IRENUM - ok
18:59:15.0514 0x16bc  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
18:59:15.0521 0x16bc  isapnp - ok
18:59:15.0538 0x16bc  [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
18:59:15.0552 0x16bc  iScsiPrt - ok
18:59:15.0581 0x16bc  [ 213822072085B5BBAD9AF30AB577D817, 2C373B804D840933EC3A5F3ABFC43E47C2636CDB2431AB51846C565077B7C468 ] IviRegMgr       C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
18:59:15.0588 0x16bc  IviRegMgr - ok
18:59:15.0617 0x16bc  [ 19496FE93696C929392F1595ED1F8BB3, 374503566D19D69CAB93BC60F6A9E1D9E177DD98FFEBD450AC1C01F8705818C6 ] JMCR            C:\Windows\system32\DRIVERS\jmcr.sys
18:59:15.0634 0x16bc  JMCR - ok
18:59:15.0638 0x16bc  [ 429AE448057A868C89813FCEEF702BAB, A271F045FA8CD76556767F02DDC89A21CD720748C76EDADC5FC79F4D4D19DD84 ] johci           C:\Windows\system32\DRIVERS\johci.sys
18:59:15.0643 0x16bc  johci - ok
18:59:15.0662 0x16bc  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
18:59:15.0672 0x16bc  kbdclass - ok
18:59:15.0707 0x16bc  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
18:59:15.0717 0x16bc  kbdhid - ok
18:59:15.0721 0x16bc  [ 0EE3B249D8079D72D4C84B108E99A16F, 453A792CDF2133949EA2E1FFC2373C3CC16895FCAED82A0A403E432ED161DAB9 ] KeyIso          C:\Windows\system32\lsass.exe
18:59:15.0740 0x16bc  KeyIso - ok
18:59:15.0776 0x16bc  [ CF11CC2B73D5155533C67354F9188E09, D59C30B9651F8E0952DFF34A010BC60A1D27AE10F5705C54424BF6BB7ADF9F62 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
18:59:15.0785 0x16bc  KSecDD - ok
18:59:15.0802 0x16bc  [ 2E56D51B184EFB8E353B7AF446299DC8, CE7AAFF89F3A0BFE191DE90430A04C7FB899F5CF3B704AA5A96F47D5F37192B2 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
18:59:15.0813 0x16bc  KSecPkg - ok
18:59:15.0823 0x16bc  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
18:59:15.0873 0x16bc  ksthunk - ok
18:59:15.0898 0x16bc  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
18:59:15.0950 0x16bc  KtmRm - ok
18:59:16.0001 0x16bc  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
18:59:16.0053 0x16bc  LanmanServer - ok
18:59:16.0099 0x16bc  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:59:16.0150 0x16bc  LanmanWorkstation - ok
18:59:16.0191 0x16bc  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
18:59:16.0230 0x16bc  lltdio - ok
18:59:16.0253 0x16bc  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
18:59:16.0301 0x16bc  lltdsvc - ok
18:59:16.0310 0x16bc  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
18:59:16.0389 0x16bc  lmhosts - ok
18:59:16.0423 0x16bc  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
18:59:16.0433 0x16bc  LSI_FC - ok
18:59:16.0445 0x16bc  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
18:59:16.0455 0x16bc  LSI_SAS - ok
18:59:16.0467 0x16bc  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:59:16.0476 0x16bc  LSI_SAS2 - ok
18:59:16.0482 0x16bc  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:59:16.0500 0x16bc  LSI_SCSI - ok
18:59:16.0519 0x16bc  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
18:59:16.0580 0x16bc  luafv - ok
18:59:16.0634 0x16bc  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
18:59:16.0645 0x16bc  Mcx2Svc - ok
18:59:16.0669 0x16bc  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
18:59:16.0686 0x16bc  megasas - ok
18:59:16.0708 0x16bc  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
18:59:16.0722 0x16bc  MegaSR - ok
18:59:16.0749 0x16bc  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
18:59:16.0804 0x16bc  MMCSS - ok
18:59:16.0821 0x16bc  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
18:59:16.0861 0x16bc  Modem - ok
18:59:16.0879 0x16bc  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
18:59:16.0911 0x16bc  monitor - ok
18:59:16.0950 0x16bc  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
18:59:16.0958 0x16bc  mouclass - ok
18:59:16.0997 0x16bc  [ 21B7ACEA1BB49C3371DD5427BF309D6A, 39055A4D9BC293BD5DE5519FC6B95E7345089B32027E1799FA642606E6298856 ] moufiltr        C:\Windows\system32\DRIVERS\moufiltr.sys
18:59:17.0036 0x16bc  moufiltr - ok
18:59:17.0057 0x16bc  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
18:59:17.0066 0x16bc  mouhid - ok
18:59:17.0105 0x16bc  [ 8ADB5445B29941CB41AF2846FD5C93C7, 689582430FE29EC0845B1DB841D3CC49D5D09DE264586E3999EEFE616986D12B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
18:59:17.0114 0x16bc  mountmgr - ok
18:59:17.0191 0x16bc  [ ADF79A49E942C91D1FC9863CBFDD6B58, C2B2A792C4717133DCAE6297EE3F5D985B11D3C1E68A8DC23985AC6B78ACDE98 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:59:17.0202 0x16bc  MozillaMaintenance - ok
18:59:17.0239 0x16bc  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
18:59:17.0250 0x16bc  mpio - ok
18:59:17.0270 0x16bc  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
18:59:17.0308 0x16bc  mpsdrv - ok
18:59:17.0325 0x16bc  [ 98DB1790F0A584E0A2528B92B052417F, 9AA04CA73AFE599810CD233B9CEC212E16D44DCEDF5C7D0181C7257F498068B5 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
18:59:17.0362 0x16bc  MRxDAV - ok
18:59:17.0380 0x16bc  [ FCA01B0C70DAE9BE557577E719469D17, F9868B7B50EF6323BF6690F087A83928A1E82B96A19B27F344E10BF11E520C32 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
18:59:17.0411 0x16bc  mrxsmb - ok
18:59:17.0436 0x16bc  [ 386BE96797C5B480AD31E8B50CEE337C, 88E826F42BEB38CAA7C84AE6ED4D8EBC4D382A8A37CF9F7B8517B297F168F1B3 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:59:17.0465 0x16bc  mrxsmb10 - ok
18:59:17.0494 0x16bc  [ 841474CF2EB14F826038FBCC7D85B857, 4B1BC8AFDA54D1F16AC2AAB7EDDAE07FBF1E3B65D1658F8901A3E3175AF72800 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:59:17.0515 0x16bc  mrxsmb20 - ok
18:59:17.0556 0x16bc  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
18:59:17.0572 0x16bc  msahci - ok
18:59:17.0590 0x16bc  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
18:59:17.0603 0x16bc  msdsm - ok
18:59:17.0626 0x16bc  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
18:59:17.0652 0x16bc  MSDTC - ok
18:59:17.0682 0x16bc  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
18:59:17.0722 0x16bc  Msfs - ok
18:59:17.0733 0x16bc  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
18:59:17.0779 0x16bc  mshidkmdf - ok
18:59:17.0786 0x16bc  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
18:59:17.0794 0x16bc  msisadrv - ok
18:59:17.0812 0x16bc  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
18:59:17.0850 0x16bc  MSiSCSI - ok
18:59:17.0854 0x16bc  msiserver - ok
18:59:17.0869 0x16bc  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
18:59:17.0912 0x16bc  MSKSSRV - ok
18:59:17.0926 0x16bc  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
18:59:17.0980 0x16bc  MSPCLOCK - ok
18:59:17.0987 0x16bc  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
18:59:18.0016 0x16bc  MSPQM - ok
18:59:18.0062 0x16bc  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
18:59:18.0077 0x16bc  MsRPC - ok
18:59:18.0087 0x16bc  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
18:59:18.0095 0x16bc  mssmbios - ok
18:59:18.0108 0x16bc  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
18:59:18.0136 0x16bc  MSTEE - ok
18:59:18.0156 0x16bc  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
18:59:18.0171 0x16bc  MTConfig - ok
18:59:18.0181 0x16bc  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
18:59:18.0190 0x16bc  Mup - ok
18:59:18.0213 0x16bc  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
18:59:18.0275 0x16bc  napagent - ok
18:59:18.0316 0x16bc  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
18:59:18.0340 0x16bc  NativeWifiP - ok
18:59:18.0398 0x16bc  [ F7309F42555F8AAB7144A51A1F2585B0, 065277A8AFAEE3888C997A76D2F751070F92DF4C3354D16B194860B4BDAFF937 ] NDIS            C:\Windows\system32\drivers\ndis.sys
18:59:18.0438 0x16bc  NDIS - ok
18:59:18.0450 0x16bc  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
18:59:18.0505 0x16bc  NdisCap - ok
18:59:18.0527 0x16bc  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
18:59:18.0558 0x16bc  NdisTapi - ok
18:59:18.0591 0x16bc  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
18:59:18.0623 0x16bc  Ndisuio - ok
18:59:18.0657 0x16bc  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
18:59:18.0692 0x16bc  NdisWan - ok
18:59:18.0734 0x16bc  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
18:59:18.0778 0x16bc  NDProxy - ok
18:59:18.0795 0x16bc  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
18:59:18.0841 0x16bc  NetBIOS - ok
18:59:18.0876 0x16bc  [ E47D571FEC2C76E867935109AB2A770C, F349D25890B6F476B106FD75BFB081DB737CA9B224D95E44927942FFF2DF82CD ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
18:59:18.0896 0x16bc  NetBT - ok
18:59:18.0913 0x16bc  [ 0EE3B249D8079D72D4C84B108E99A16F, 453A792CDF2133949EA2E1FFC2373C3CC16895FCAED82A0A403E432ED161DAB9 ] Netlogon        C:\Windows\system32\lsass.exe
18:59:18.0933 0x16bc  Netlogon - ok
18:59:18.0964 0x16bc  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
18:59:19.0011 0x16bc  Netman - ok
18:59:19.0065 0x16bc  [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:59:19.0079 0x16bc  NetMsmqActivator - ok
18:59:19.0085 0x16bc  [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:59:19.0097 0x16bc  NetPipeActivator - ok
18:59:19.0121 0x16bc  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
18:59:19.0182 0x16bc  netprofm - ok
18:59:19.0189 0x16bc  [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:59:19.0213 0x16bc  NetTcpActivator - ok
18:59:19.0219 0x16bc  [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:59:19.0236 0x16bc  NetTcpPortSharing - ok
18:59:19.0256 0x16bc  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
18:59:19.0265 0x16bc  nfrd960 - ok
18:59:19.0309 0x16bc  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
18:59:19.0367 0x16bc  NlaSvc - ok
18:59:19.0380 0x16bc  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
18:59:19.0412 0x16bc  Npfs - ok
18:59:19.0428 0x16bc  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
18:59:19.0458 0x16bc  nsi - ok
18:59:19.0468 0x16bc  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
18:59:19.0525 0x16bc  nsiproxy - ok
18:59:19.0592 0x16bc  [ B98F8C6E31CD07B2E6F71F7F648E38C0, 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
18:59:19.0641 0x16bc  Ntfs - ok
18:59:19.0658 0x16bc  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
18:59:19.0690 0x16bc  Null - ok
18:59:19.0724 0x16bc  [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48, 7738785DE8B50D69993F4408498B812D0283FEE5C04FF5B89C20F149B44E9737 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
18:59:19.0736 0x16bc  nvraid - ok
18:59:19.0747 0x16bc  [ F7CD50FE7139F07E77DA8AC8033D1832, DA96F4B15C8165E6AE1D00E03A062C66CA3A3089E4FF0E9E11CE00B154DD12EC ] nvstor          C:\Windows\system32\drivers\nvstor.sys
18:59:19.0759 0x16bc  nvstor - ok
18:59:19.0772 0x16bc  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
18:59:19.0785 0x16bc  nv_agp - ok
18:59:19.0814 0x16bc  [ 5C0A30851FCE1B73BD92CD13C73F2C0A, EBEABCAD40A1FB66BCE7685169F78322C845C089B49770411F28A6AE677E71A5 ] NW1950          C:\Windows\system32\DRIVERS\NW1950.sys
18:59:19.0821 0x16bc  NW1950 - ok
18:59:19.0833 0x16bc  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
18:59:19.0851 0x16bc  ohci1394 - ok
18:59:19.0904 0x16bc  [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B, 0340E77E8EC2ADC21B8DDD9C9CC95B3F4BCAFD54618A333C72D7D9587D593B83 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:59:19.0915 0x16bc  ose - ok
18:59:20.0108 0x16bc  [ FE9C0029E1AF26350D9985D00520E5C8, 967079CCF7B2CBD4B48C9F076675C26AF93A1CEC26C96811F279414E34004EE6 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:59:20.0251 0x16bc  osppsvc - ok
18:59:20.0279 0x16bc  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
18:59:20.0311 0x16bc  p2pimsvc - ok
18:59:20.0335 0x16bc  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
18:59:20.0355 0x16bc  p2psvc - ok
18:59:20.0378 0x16bc  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
18:59:20.0406 0x16bc  Parport - ok
18:59:20.0440 0x16bc  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
18:59:20.0472 0x16bc  partmgr - ok
18:59:20.0515 0x16bc  [ 3CD83692C43D87088E85E3C916146FFB, 9E812535E8FBA045FDA30F68E9EB2031132C37721D542A2DC9D4C33E2B137FCF ] PcaSvc          C:\Windows\System32\pcasvc.dll
18:59:20.0533 0x16bc  PcaSvc - ok
18:59:20.0569 0x16bc  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
18:59:20.0584 0x16bc  pci - ok
18:59:20.0593 0x16bc  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
18:59:20.0601 0x16bc  pciide - ok
18:59:20.0618 0x16bc  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
18:59:20.0638 0x16bc  pcmcia - ok
18:59:20.0658 0x16bc  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
18:59:20.0667 0x16bc  pcw - ok
18:59:20.0688 0x16bc  [ EA4D67448BE493D543F1730D6CD04694, 24717C5E41B7CA522F3330EF2228B6685E710A5259396E9887A1C1E7A413F8CA ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
18:59:20.0729 0x16bc  PEAUTH - ok
18:59:20.0775 0x16bc  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
18:59:20.0791 0x16bc  PerfHost - ok
18:59:20.0866 0x16bc  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
18:59:20.0946 0x16bc  pla - ok
18:59:21.0005 0x16bc  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
18:59:21.0031 0x16bc  PlugPlay - ok
18:59:21.0044 0x16bc  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
18:59:21.0069 0x16bc  PNRPAutoReg - ok
18:59:21.0087 0x16bc  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
18:59:21.0101 0x16bc  PNRPsvc - ok
18:59:21.0145 0x16bc  [ 80D6B0563ED2BF10656B1D4748331082, B7E6B5E1148B7EE537E8D5C3A65450876B61CD45A395267D08699746E98AD574 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
18:59:21.0181 0x16bc  PolicyAgent - ok
18:59:21.0205 0x16bc  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
18:59:21.0242 0x16bc  Power - ok
18:59:21.0281 0x16bc  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
18:59:21.0322 0x16bc  PptpMiniport - ok
18:59:21.0344 0x16bc  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
18:59:21.0367 0x16bc  Processor - ok
18:59:21.0400 0x16bc  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\Windows\system32\profsvc.dll
18:59:21.0450 0x16bc  ProfSvc - ok
18:59:21.0463 0x16bc  [ 0EE3B249D8079D72D4C84B108E99A16F, 453A792CDF2133949EA2E1FFC2373C3CC16895FCAED82A0A403E432ED161DAB9 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:59:21.0482 0x16bc  ProtectedStorage - ok
18:59:21.0538 0x16bc  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
18:59:21.0567 0x16bc  Psched - ok
18:59:21.0616 0x16bc  [ A6A7AD767BF5141665F5C675F671B3E1, 11D43F732C3B82679E53516F83E675B60B0EFEDE3F4EE3C42AC752AD8D5155AF ] PSI_SVC_2       c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
18:59:21.0625 0x16bc  PSI_SVC_2 - ok
18:59:21.0670 0x16bc  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
18:59:21.0717 0x16bc  ql2300 - ok
18:59:21.0744 0x16bc  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
18:59:21.0754 0x16bc  ql40xx - ok
18:59:21.0781 0x16bc  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
18:59:21.0810 0x16bc  QWAVE - ok
18:59:21.0826 0x16bc  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
18:59:21.0852 0x16bc  QWAVEdrv - ok
18:59:21.0868 0x16bc  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
18:59:21.0913 0x16bc  RasAcd - ok
18:59:21.0946 0x16bc  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
18:59:21.0996 0x16bc  RasAgileVpn - ok
18:59:22.0024 0x16bc  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
18:59:22.0082 0x16bc  RasAuto - ok
18:59:22.0130 0x16bc  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
18:59:22.0186 0x16bc  Rasl2tp - ok
18:59:22.0237 0x16bc  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ]
         

Alt 02.02.2017, 19:36   #8
Mon147
 
Wie werde ich "win32.downloader.gen" los? - Standard

Wie werde ich "win32.downloader.gen" los?



TDSS 2von3

Code:
ATTFilter
RasMan          C:\Windows\System32\rasmans.dll
18:59:22.0294 0x16bc  RasMan - ok
18:59:22.0316 0x16bc  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
18:59:22.0361 0x16bc  RasPppoe - ok
18:59:22.0386 0x16bc  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
18:59:22.0441 0x16bc  RasSstp - ok
18:59:22.0484 0x16bc  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
18:59:22.0535 0x16bc  rdbss - ok
18:59:22.0549 0x16bc  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
18:59:22.0560 0x16bc  rdpbus - ok
18:59:22.0575 0x16bc  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
18:59:22.0623 0x16bc  RDPCDD - ok
18:59:22.0650 0x16bc  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
18:59:22.0700 0x16bc  RDPENCDD - ok
18:59:22.0706 0x16bc  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
18:59:22.0740 0x16bc  RDPREFMP - ok
18:59:22.0781 0x16bc  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
18:59:22.0808 0x16bc  RDPWD - ok
18:59:22.0844 0x16bc  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
18:59:22.0864 0x16bc  rdyboost - ok
18:59:22.0886 0x16bc  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
18:59:22.0927 0x16bc  RemoteAccess - ok
18:59:22.0946 0x16bc  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
18:59:22.0989 0x16bc  RemoteRegistry - ok
18:59:23.0013 0x16bc  [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
18:59:23.0048 0x16bc  RFCOMM - ok
18:59:23.0063 0x16bc  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
18:59:23.0108 0x16bc  RpcEptMapper - ok
18:59:23.0127 0x16bc  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
18:59:23.0136 0x16bc  RpcLocator - ok
18:59:23.0185 0x16bc  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
18:59:23.0223 0x16bc  RpcSs - ok
18:59:23.0236 0x16bc  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
18:59:23.0295 0x16bc  rspndr - ok
18:59:23.0330 0x16bc  [ 4FBDA07EF0A3097CE14C5CABF723B278, 6F1E21362F0057E9C6A180D9189AEB51761F4C019A6835E50E4AD19ED1F58FE6 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
18:59:23.0344 0x16bc  RTL8167 - ok
18:59:23.0355 0x16bc  [ 0EE3B249D8079D72D4C84B108E99A16F, 453A792CDF2133949EA2E1FFC2373C3CC16895FCAED82A0A403E432ED161DAB9 ] SamSs           C:\Windows\system32\lsass.exe
18:59:23.0374 0x16bc  SamSs - ok
18:59:23.0410 0x16bc  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
18:59:23.0420 0x16bc  sbp2port - ok
18:59:23.0445 0x16bc  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
18:59:23.0477 0x16bc  SCardSvr - ok
18:59:23.0514 0x16bc  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
18:59:23.0548 0x16bc  scfilter - ok
18:59:23.0609 0x16bc  [ 40686B59C127F0C93B4234E4A1E3472A, B2DD61CB796C6AA8AFD285D43472B94646CA6D331D282818E0FDC9DE28DDE9CF ] Schedule        C:\Windows\system32\schedsvc.dll
18:59:23.0658 0x16bc  Schedule - ok
18:59:23.0702 0x16bc  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
18:59:23.0733 0x16bc  SCPolicySvc - ok
18:59:23.0784 0x16bc  [ 111E0EBC0AD79CB0FA014B907B231CF0, B7D43D156C2524938503CF8E99C4D1F7A5C55E16C0368F57F4CD23C6D833B38F ] sdbus           C:\Windows\system32\drivers\sdbus.sys
18:59:23.0808 0x16bc  sdbus - ok
18:59:23.0823 0x16bc  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
18:59:23.0864 0x16bc  SDRSVC - ok
18:59:23.0904 0x16bc  [ D358E077A0A05D9B12DA22D137EE8464, 7B6493B199DEF411596B1A6F479F57838202B102C3324333B620E212E0AE9053 ] SeaPort         C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
18:59:23.0915 0x16bc  SeaPort - ok
18:59:23.0939 0x16bc  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
18:59:23.0970 0x16bc  secdrv - ok
18:59:24.0011 0x16bc  [ A19623BDD61E66A12AB53992002B4F3A, E351CEEC086084A417BA3BD0EEF46114D3147EC38E3EF8BE49B724F9D028CC56 ] seclogon        C:\Windows\system32\seclogon.dll
18:59:24.0061 0x16bc  seclogon - ok
18:59:24.0076 0x16bc  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
18:59:24.0109 0x16bc  SENS - ok
18:59:24.0115 0x16bc  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
18:59:24.0151 0x16bc  SensrSvc - ok
18:59:24.0159 0x16bc  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
18:59:24.0169 0x16bc  Serenum - ok
18:59:24.0179 0x16bc  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
18:59:24.0199 0x16bc  Serial - ok
18:59:24.0207 0x16bc  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
18:59:24.0242 0x16bc  sermouse - ok
18:59:24.0283 0x16bc  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
18:59:24.0319 0x16bc  SessionEnv - ok
18:59:24.0352 0x16bc  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
18:59:24.0372 0x16bc  sffdisk - ok
18:59:24.0383 0x16bc  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
18:59:24.0391 0x16bc  sffp_mmc - ok
18:59:24.0394 0x16bc  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
18:59:24.0428 0x16bc  sffp_sd - ok
18:59:24.0472 0x16bc  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
18:59:24.0481 0x16bc  sfloppy - ok
18:59:24.0547 0x16bc  [ 21AB491BBCC8C1B26FDC402A374AB196, DD973C9963C840200D153A15078152D499639730D065BB8122C6BE65D4372300 ] Sftfs           C:\Windows\system32\DRIVERS\Sftfslh.sys
18:59:24.0572 0x16bc  Sftfs - ok
18:59:24.0634 0x16bc  [ 4E1BB8A9CCDB4BAF41F7F9A930EB121D, D994B20DACEB187BEB6530309E2185040B58105E4FD5AC1DA435712F9DE027D0 ] sftlist         C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
18:59:24.0655 0x16bc  sftlist - ok
18:59:24.0690 0x16bc  [ 3B8D43FEEFF7A187534DDDFD675FE123, 9308D5C552FE3AF1121A3F7B7595547C6B892FF500377953F3B623511D84698C ] Sftplay         C:\Windows\system32\DRIVERS\Sftplaylh.sys
18:59:24.0706 0x16bc  Sftplay - ok
18:59:24.0719 0x16bc  [ F1D1B1DC7A8765A09D7640FBF8D20970, 72E59B04BC44DAFFB88987C16CF3F9DC35438B15879E102FD83013673E0DB66F ] Sftredir        C:\Windows\system32\DRIVERS\Sftredirlh.sys
18:59:24.0739 0x16bc  Sftredir - ok
18:59:24.0777 0x16bc  [ B3B9ADE7F8C4AF0C20E712E040588543, 9A6BB11DA046BF6F0239952871263E148FAE91FB21065613645114B5FA054EC5 ] Sftvol          C:\Windows\system32\DRIVERS\Sftvollh.sys
18:59:24.0785 0x16bc  Sftvol - ok
18:59:24.0807 0x16bc  [ CECFDE5D3701B2D914862F5E6C3DFE18, E7627F90630C306324A39DC3C652B37D255F90636AC19D3302EE5B85BD504BD5 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
18:59:24.0818 0x16bc  sftvsa - ok
18:59:24.0840 0x16bc  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
18:59:24.0897 0x16bc  SharedAccess - ok
18:59:24.0937 0x16bc  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:59:24.0973 0x16bc  ShellHWDetection - ok
18:59:24.0990 0x16bc  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:59:24.0998 0x16bc  SiSRaid2 - ok
18:59:25.0013 0x16bc  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
18:59:25.0023 0x16bc  SiSRaid4 - ok
18:59:25.0051 0x16bc  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
18:59:25.0088 0x16bc  Smb - ok
18:59:25.0109 0x16bc  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
18:59:25.0134 0x16bc  SNMPTRAP - ok
18:59:25.0151 0x16bc  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
18:59:25.0161 0x16bc  spldr - ok
18:59:25.0186 0x16bc  [ B96C17B5DC1424D56EEA3A99E97428CD, AF0A85066A7983878DC1C663811CE61C6CA1912DC956184F878B7B82DB93C651 ] Spooler         C:\Windows\System32\spoolsv.exe
18:59:25.0244 0x16bc  Spooler - ok
18:59:25.0356 0x16bc  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
18:59:25.0494 0x16bc  sppsvc - ok
18:59:25.0517 0x16bc  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
18:59:25.0566 0x16bc  sppuinotify - ok
18:59:25.0608 0x16bc  [ EC666682FE8344CF7E6ED69E74FA9F4F, DCD2A1C046425630689E2C9A6A6E356FE5A2A6664D12C20CFE236FCB32240DF9 ] srv             C:\Windows\system32\DRIVERS\srv.sys
18:59:25.0650 0x16bc  srv - ok
18:59:25.0671 0x16bc  [ E450C0318DCE8ED28ED272C8806B8495, D2FD459F8C5E42103EF2F71421FA175A4F0821F8C2A3763093122D433D1C50FB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
18:59:25.0697 0x16bc  srv2 - ok
18:59:25.0711 0x16bc  [ 9C12C78AD36C23D925711A4640228225, FF72C23F2A08EDF0C41BAF1EB0245AB44FF91365C5466F09C47A8F0928D20994 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
18:59:25.0750 0x16bc  srvnet - ok
18:59:25.0783 0x16bc  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
18:59:25.0826 0x16bc  SSDPSRV - ok
18:59:25.0844 0x16bc  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
18:59:25.0874 0x16bc  SstpSvc - ok
18:59:25.0890 0x16bc  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
18:59:25.0898 0x16bc  stexstor - ok
18:59:25.0941 0x16bc  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
18:59:25.0973 0x16bc  stisvc - ok
18:59:26.0008 0x16bc  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
18:59:26.0016 0x16bc  swenum - ok
18:59:26.0036 0x16bc  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
18:59:26.0105 0x16bc  swprv - ok
18:59:26.0179 0x16bc  [ 2E730941CC5BF6200A4F56D1E9C24AAD, 758836D55DC84F3EBE9917DC6FAB8E6170A5B238FEDBCFDB6D7C5C6EA98E08B2 ] SysMain         C:\Windows\system32\sysmain.dll
18:59:26.0242 0x16bc  SysMain - ok
18:59:26.0286 0x16bc  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:59:26.0309 0x16bc  TabletInputService - ok
18:59:26.0326 0x16bc  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
18:59:26.0361 0x16bc  TapiSrv - ok
18:59:26.0378 0x16bc  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
18:59:26.0409 0x16bc  TBS - ok
18:59:26.0494 0x16bc  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
18:59:26.0551 0x16bc  Tcpip - ok
18:59:26.0596 0x16bc  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
18:59:26.0639 0x16bc  TCPIP6 - ok
18:59:26.0676 0x16bc  [ DF687E3D8836BFB04FCC0615BF15A519, 7C5B1E72673B4299DFC21E869F0FBB28198CA54DF4F4AF7080005F2D82467784 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
18:59:26.0720 0x16bc  tcpipreg - ok
18:59:26.0758 0x16bc  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
18:59:26.0802 0x16bc  TDPIPE - ok
18:59:26.0833 0x16bc  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
18:59:26.0847 0x16bc  TDTCP - ok
18:59:26.0889 0x16bc  [ AA77EB517D2F07A947294F260E3ACA83, B7A5DF3066830C0C2302B059778A67419792058A0D300C471DE40AB245EA7E58 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
18:59:26.0899 0x16bc  tdx - ok
18:59:26.0910 0x16bc  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
18:59:26.0919 0x16bc  TermDD - ok
18:59:26.0976 0x16bc  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
18:59:27.0028 0x16bc  TermService - ok
18:59:27.0045 0x16bc  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
18:59:27.0058 0x16bc  Themes - ok
18:59:27.0074 0x16bc  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
18:59:27.0103 0x16bc  THREADORDER - ok
18:59:27.0111 0x16bc  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
18:59:27.0155 0x16bc  TrkWks - ok
18:59:27.0238 0x16bc  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:59:27.0294 0x16bc  TrustedInstaller - ok
18:59:27.0331 0x16bc  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
18:59:27.0339 0x16bc  tssecsrv - ok
18:59:27.0379 0x16bc  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
18:59:27.0396 0x16bc  TsUsbFlt - ok
18:59:27.0455 0x16bc  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
18:59:27.0485 0x16bc  tunnel - ok
18:59:27.0505 0x16bc  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
18:59:27.0514 0x16bc  uagp35 - ok
18:59:27.0533 0x16bc  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
18:59:27.0586 0x16bc  udfs - ok
18:59:27.0616 0x16bc  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
18:59:27.0627 0x16bc  UI0Detect - ok
18:59:27.0640 0x16bc  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
18:59:27.0649 0x16bc  uliagpkx - ok
18:59:27.0678 0x16bc  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\drivers\umbus.sys
18:59:27.0698 0x16bc  umbus - ok
18:59:27.0705 0x16bc  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
18:59:27.0723 0x16bc  UmPass - ok
18:59:27.0740 0x16bc  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
18:59:27.0796 0x16bc  upnphost - ok
18:59:27.0849 0x16bc  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
18:59:27.0871 0x16bc  usbaudio - ok
18:59:27.0912 0x16bc  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
18:59:27.0960 0x16bc  usbccgp - ok
18:59:27.0978 0x16bc  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
18:59:28.0030 0x16bc  usbcir - ok
18:59:28.0059 0x16bc  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
18:59:28.0080 0x16bc  usbehci - ok
18:59:28.0113 0x16bc  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
18:59:28.0127 0x16bc  usbhub - ok
18:59:28.0160 0x16bc  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\drivers\usbohci.sys
18:59:28.0172 0x16bc  usbohci - ok
18:59:28.0190 0x16bc  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
18:59:28.0202 0x16bc  usbprint - ok
18:59:28.0241 0x16bc  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
18:59:28.0267 0x16bc  usbscan - ok
18:59:28.0301 0x16bc  [ D029DD09E22EB24318A8FC3D8138BA43, C95805E8BF75ECB939520AE86420B16467B0771C161C51C9F1A37649ADFADCD0 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:59:28.0345 0x16bc  USBSTOR - ok
18:59:28.0383 0x16bc  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
18:59:28.0404 0x16bc  usbuhci - ok
18:59:28.0458 0x16bc  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
18:59:28.0476 0x16bc  usbvideo - ok
18:59:28.0498 0x16bc  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
18:59:28.0539 0x16bc  UxSms - ok
18:59:28.0546 0x16bc  [ 0EE3B249D8079D72D4C84B108E99A16F, 453A792CDF2133949EA2E1FFC2373C3CC16895FCAED82A0A403E432ED161DAB9 ] VaultSvc        C:\Windows\system32\lsass.exe
18:59:28.0565 0x16bc  VaultSvc - ok
18:59:28.0600 0x16bc  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
18:59:28.0608 0x16bc  vdrvroot - ok
18:59:28.0653 0x16bc  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
18:59:28.0693 0x16bc  vds - ok
18:59:28.0720 0x16bc  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
18:59:28.0742 0x16bc  vga - ok
18:59:28.0764 0x16bc  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
18:59:28.0802 0x16bc  VgaSave - ok
18:59:28.0843 0x16bc  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
18:59:28.0856 0x16bc  vhdmp - ok
18:59:28.0905 0x16bc  [ C2C95D62C90CA809240112B41C1765F2, FAFBA11CE7D273D28D1C27D01BEB4E62AB4ADA7517183F46E505D335E1117CA0 ] vhidmini        C:\Windows\system32\DRIVERS\walvhid.sys
18:59:28.0928 0x16bc  vhidmini - ok
18:59:28.0937 0x16bc  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
18:59:28.0945 0x16bc  viaide - ok
18:59:28.0976 0x16bc  [ 9FE401877C4C6A8DB129B55BE9F2BA01, 6DA12180D6E3C8ED7676E9298C5AFDF7CFAA5A41AE6B5188134D0A010E56912D ] VMC412          C:\Windows\system32\Drivers\VMC412.sys
18:59:28.0995 0x16bc  VMC412 - ok
18:59:29.0009 0x16bc  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
18:59:29.0018 0x16bc  volmgr - ok
18:59:29.0056 0x16bc  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
18:59:29.0072 0x16bc  volmgrx - ok
18:59:29.0092 0x16bc  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
18:59:29.0106 0x16bc  volsnap - ok
18:59:29.0133 0x16bc  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
18:59:29.0146 0x16bc  vsmraid - ok
18:59:29.0218 0x16bc  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
18:59:29.0296 0x16bc  VSS - ok
18:59:29.0314 0x16bc  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
18:59:29.0325 0x16bc  vwifibus - ok
18:59:29.0342 0x16bc  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
18:59:29.0370 0x16bc  vwififlt - ok
18:59:29.0407 0x16bc  [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
18:59:29.0435 0x16bc  vwifimp - ok
18:59:29.0467 0x16bc  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
18:59:29.0504 0x16bc  W32Time - ok
18:59:29.0522 0x16bc  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
18:59:29.0541 0x16bc  WacomPen - ok
18:59:29.0600 0x16bc  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
18:59:29.0637 0x16bc  WANARP - ok
18:59:29.0650 0x16bc  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
18:59:29.0678 0x16bc  Wanarpv6 - ok
18:59:29.0737 0x16bc  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
18:59:29.0784 0x16bc  WatAdminSvc - ok
18:59:29.0856 0x16bc  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
18:59:29.0914 0x16bc  wbengine - ok
18:59:29.0933 0x16bc  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
18:59:29.0950 0x16bc  WbioSrvc - ok
18:59:29.0987 0x16bc  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
18:59:30.0021 0x16bc  wcncsvc - ok
18:59:30.0041 0x16bc  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:59:30.0085 0x16bc  WcsPlugInService - ok
18:59:30.0101 0x16bc  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
18:59:30.0109 0x16bc  Wd - ok
18:59:30.0155 0x16bc  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
18:59:30.0182 0x16bc  Wdf01000 - ok
18:59:30.0193 0x16bc  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
18:59:30.0250 0x16bc  WdiServiceHost - ok
18:59:30.0254 0x16bc  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
18:59:30.0272 0x16bc  WdiSystemHost - ok
18:59:30.0313 0x16bc  [ EE841B6D1F2B9508D3ABAE52AC05A94F, F1AE981FCDBFC4672A4EABABD41382E93762EFC2EDAD96E75530E7ACA5AF1FD8 ] WebClient       C:\Windows\System32\webclnt.dll
18:59:30.0336 0x16bc  WebClient - ok
18:59:30.0359 0x16bc  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
18:59:30.0393 0x16bc  Wecsvc - ok
18:59:30.0402 0x16bc  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
18:59:30.0436 0x16bc  wercplsupport - ok
18:59:30.0450 0x16bc  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
18:59:30.0495 0x16bc  WerSvc - ok
18:59:30.0519 0x16bc  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
18:59:30.0547 0x16bc  WfpLwf - ok
18:59:30.0563 0x16bc  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
18:59:30.0571 0x16bc  WIMMount - ok
18:59:30.0579 0x16bc  WinHttpAutoProxySvc - ok
18:59:30.0607 0x16bc  [ 66C365B542195C1F6E2FF4A7D8F3827C, FB43A64453283D1B236AFF73F010B8F6106B971047313B9B4EBE925C4DD325A2 ] WinI2C-DDC      C:\Windows\system32\drivers\DDCDrv.sys
18:59:30.0615 0x16bc  WinI2C-DDC - ok
18:59:30.0642 0x16bc  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
18:59:30.0688 0x16bc  Winmgmt - ok
18:59:30.0773 0x16bc  [ EBDA1B0F15CB9B2CBCC6C94824E4E054, C51314F7D611E4903DA00EFA8EB99365414436324D256083CE0B5A8E055E8E06 ] WinRM           C:\Windows\system32\WsmSvc.dll
18:59:30.0844 0x16bc  WinRM - ok
18:59:30.0911 0x16bc  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
18:59:30.0922 0x16bc  WinUsb - ok
18:59:30.0957 0x16bc  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
18:59:30.0999 0x16bc  Wlansvc - ok
18:59:31.0032 0x16bc  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
18:59:31.0040 0x16bc  WmiAcpi - ok
18:59:31.0062 0x16bc  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
18:59:31.0099 0x16bc  wmiApSrv - ok
18:59:31.0125 0x16bc  WMPNetworkSvc - ok
18:59:31.0136 0x16bc  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
18:59:31.0158 0x16bc  WPCSvc - ok
18:59:31.0195 0x16bc  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
18:59:31.0207 0x16bc  WPDBusEnum - ok
18:59:31.0226 0x16bc  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
18:59:31.0259 0x16bc  ws2ifsl - ok
18:59:31.0262 0x16bc  WSearch - ok
18:59:31.0289 0x16bc  [ 83575C43B2BFE9AB0661A7F957E843C0, 6FCE62721902A4F35F1A4CED8AF60A0346CFAB657ED92DE4CEFF19BDB830D32D ] wsvd            C:\Windows\system32\DRIVERS\wsvd.sys
18:59:31.0297 0x16bc  wsvd - ok
18:59:31.0307 0x16bc  WTService - ok
18:59:31.0407 0x16bc  [ 86F11B85102AFA6A1A6101DCE2F09386, 68A0F0E628C8F33FDAC114876DA8ED14776DD74E80AC5A6A52257E19DE011091 ] wuauserv        C:\Windows\system32\wuaueng.dll
18:59:31.0500 0x16bc  wuauserv - ok
18:59:31.0519 0x16bc  [ D3381DC54C34D79B22CEE0D65BA91B7C, 70DC4ADCA4C0C28BB133287511E329D1B6B9B97F96CDE5B1D2F1F59FE1A965D9 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
18:59:31.0554 0x16bc  WudfPf - ok
18:59:31.0597 0x16bc  [ CF8D590BE3373029D57AF80914190682, FB9641777E90A58C063FBE95F081DC6D2F4770827DE19108A9DC3E3D6B17B4BF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
18:59:31.0628 0x16bc  WUDFRd - ok
18:59:31.0666 0x16bc  [ 7A95C95B6C4CF292D689106BCAE49543, 9029F489E1E817CE12839B8C6656E46190497D445DC3F43C20CF96E5E6BD0691 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
18:59:31.0697 0x16bc  wudfsvc - ok
18:59:31.0718 0x16bc  [ 9A3452B3C2A46C073166C5CF49FAD1AE, D6F95F51D8E37BA4CF403965EC08CCFEEA9EEFDBFC7752432EAEC19925BDA115 ] WwanSvc         C:\Windows\System32\wwansvc.dll
18:59:31.0749 0x16bc  WwanSvc - ok
18:59:31.0769 0x16bc  ZAPrivacyService - ok
18:59:31.0784 0x16bc  ================ Scan global ===============================
18:59:31.0816 0x16bc  [ 168EA9CD9BD6056BB6F60B57D5304BBE, 5A2F98754F042A7D80E7483842967EB362F01D57CE9720B24C7EDAA047F24C6F ] C:\Windows\system32\basesrv.dll
18:59:31.0854 0x16bc  [ 20EBCFD94E5F9C801354062991E7257B, 9CD497241559A5D6A8C2C77F1109B6D512BFFA8CC154480A3CDC36B7BB68BFAB ] C:\Windows\system32\winsrv.dll
18:59:31.0866 0x16bc  [ 20EBCFD94E5F9C801354062991E7257B, 9CD497241559A5D6A8C2C77F1109B6D512BFFA8CC154480A3CDC36B7BB68BFAB ] C:\Windows\system32\winsrv.dll
18:59:31.0882 0x16bc  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
18:59:31.0921 0x16bc  [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
18:59:31.0928 0x16bc  [ Global ] - ok
18:59:31.0928 0x16bc  ================ Scan MBR ==================================
18:59:31.0935 0x16bc  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:59:32.0212 0x16bc  \Device\Harddisk0\DR0 - ok
18:59:32.0215 0x16bc  ================ Scan VBR ==================================
18:59:32.0217 0x16bc  [ E5D56CAB1763453FB51668D207C6C9F9 ] \Device\Harddisk0\DR0\Partition1
18:59:32.0218 0x16bc  \Device\Harddisk0\DR0\Partition1 - ok
18:59:32.0222 0x16bc  [ 11447B1F7E61050B5A24E90FADE9F6E3 ] \Device\Harddisk0\DR0\Partition2
18:59:32.0223 0x16bc  \Device\Harddisk0\DR0\Partition2 - ok
18:59:32.0225 0x16bc  ================ Scan generic autorun ======================
18:59:32.0549 0x16bc  [ 7EADC0C9225D6F802AB975475D71320C, 6F4C27F9832CECA921980D42AA1E0EC0021F2A7CD014A272FC2CE52A5AD111C2 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
18:59:32.0785 0x16bc  RtHDVCpl - ok
18:59:32.0850 0x16bc  [ 4EC4260D778FB923BA1AB697AFF6C0E3, 72372369153F675C26F938C5106BFD8704FC518348BC95961214B76DECB68689 ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
18:59:32.0856 0x16bc  StartCCC - detected UnsignedFile.Multi.Generic ( 1 )
18:59:33.0340 0x16bc  Detect skipped due to KSN trusted
18:59:33.0340 0x16bc  StartCCC - ok
18:59:33.0368 0x16bc  [ 5FFFF157D8139E2E6C34FEEA0BAF23D7, 5E57021DB60FD35985E73F327737E1E4D6F18FCD2055A5470DA820ADDCA20F3F ] C:\Program Files (x86)\jmesoft\hotkey.exe
18:59:33.0389 0x16bc  jmekey - detected UnsignedFile.Multi.Generic ( 1 )
18:59:33.0801 0x16bc  Detect skipped due to KSN trusted
18:59:33.0801 0x16bc  jmekey - ok
18:59:33.0838 0x16bc  [ 06565F9F4BFBBCED5769E5E871E03E69, ED2298CD56D37836B8CFC7743DD6BEACA1A6D51D2674846B0E7C7E7181276BC4 ] C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
18:59:33.0860 0x16bc  YouCam Mirror Tray icon - detected UnsignedFile.Multi.Generic ( 1 )
18:59:34.0304 0x16bc  Detect skipped due to KSN trusted
18:59:34.0304 0x16bc  YouCam Mirror Tray icon - ok
18:59:34.0346 0x16bc  [ D438F05740E6C8B26F3C4B21731003EC, 9807FED300B0AB9A65C1C0FF1EC70E92526465A4F098CE38F5F39BEE87961EF0 ] C:\Program Files\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exe
18:59:34.0354 0x16bc  Lenovo Eye Distance System - detected UnsignedFile.Multi.Generic ( 1 )
18:59:34.0795 0x16bc  Lenovo Eye Distance System ( UnsignedFile.Multi.Generic ) - warning
18:59:35.0028 0x16bc  [ 7DAF13DF116BC84FA1034E728326C2D6, 8513875A7E367D68D38210126CD72423BDCC4B7C6C9DA21038D35FB35B0DE002 ] C:\Program Files\Lenovo\Lenovo Brightness System\Lenovo Dynamic Brightness System.exe
18:59:35.0042 0x16bc  Lenovo Dynamic Brightness System - detected UnsignedFile.Multi.Generic ( 1 )
18:59:36.0881 0x16bc  Detect skipped due to KSN trusted
18:59:36.0881 0x16bc  Lenovo Dynamic Brightness System - ok
18:59:36.0923 0x16bc  [ 0B427D9943C838620AFA30CBB24A6D77, 5A98B1405126F79846C810E739E964B11A4397F3DE597991308DB3C6AABB8F81 ] C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
18:59:36.0930 0x16bc  CLMLServer - ok
18:59:36.0948 0x16bc  [ 4EFCDF3DB1BBA69C09622991280C4ACB, A86D4694BCFFF3C0FAF07C56A410A8317A953FB581CDCDBED5CAF735A0E2AC0D ] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe
18:59:36.0963 0x16bc  UpdateP2GoShortCut - ok
18:59:36.0999 0x16bc  [ 3FB4E7E2069F0FD9E15ABC18D605E427, 2FFC218E575DA9E8C86E468227B302752C73EA3246CC0A599D7BCC41ED404F4D ] C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe
18:59:37.0010 0x16bc  UpdatePRCShortCut - ok
18:59:37.0030 0x16bc  [ 150F7974EB0B03D4C35107BFC584DEA6, D3C538E14E61453C14885863DDE56B26412445F11E0B0ADA3BBC96021EFAA355 ] C:\Program Files (x86)\Lenovo\Lenovo EBook&QuickNotes\TMCMonitor.exe
18:59:37.0034 0x16bc  TMCMonitor - detected UnsignedFile.Multi.Generic ( 1 )
18:59:37.0577 0x16bc  Detect skipped due to KSN trusted
18:59:37.0577 0x16bc  TMCMonitor - ok
18:59:37.0667 0x16bc  [ 61E4289E91E88C90478D7F4BEB10DCF7, 1D0F4034E0111CF5758F470C15A22A0A28EB8269CB5BF07222C9C0FB07A15C55 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
18:59:37.0675 0x16bc  APSDaemon - ok
18:59:37.0734 0x16bc  [ D4AD55A8145F94E63F60C3B8C3B2AB6E, AC3E4EE8EF27EFE790F7363CB80239D090CC4D3E73F838A612AB1B7D48EC8038 ] C:\Windows\USB Vibration\7906\USB Gamepad.exe
18:59:37.0756 0x16bc  USB Gamepad - ok
18:59:37.0888 0x16bc  [ 98FAFD82E4F0674D2D7BB3C8FD141D32, 4F44F6B17E40268B8EE0251E6D913157CA1E7CE4C9D9B434262E74F136453A10 ] c:\Creative Suite CS2\Adobe Creative Suite 2.0\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
18:59:37.0912 0x16bc  Adobe Version Cue CS2 - detected UnsignedFile.Multi.Generic ( 1 )
18:59:39.0765 0x16bc  Detect skipped due to KSN trusted
18:59:39.0765 0x16bc  Adobe Version Cue CS2 - ok
18:59:39.0851 0x16bc  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
18:59:39.0912 0x16bc  Sidebar - ok
18:59:39.0933 0x16bc  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
18:59:39.0967 0x16bc  mctadmin - ok
18:59:39.0992 0x16bc  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
18:59:40.0025 0x16bc  Sidebar - ok
18:59:40.0031 0x16bc  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
18:59:40.0044 0x16bc  mctadmin - ok
18:59:40.0162 0x16bc  [ E8405C87CD06FF5D69BC6F3B24D766D0, C82171BEDBFE593A04D09C2E20B0528AA3CEC722D6919F8A5C70C6EFFB9EFEAE ] C:\Users\horton\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
18:59:40.0387 0x16bc  AmazonMP3DownloaderHelper - ok
18:59:40.0388 0x16bc  Waiting for KSN requests completion. In queue: 10
18:59:41.0543 0x16bc  AV detected via SS2: AntiVir Desktop, C:\Program Files (x86)\Avira\AntiVir Desktop\wsctool.exe (  ), 0x41000 ( enabled : updated )
18:59:41.0559 0x16bc  Win FW state via NFP2: disabled ( not trusted )
18:59:44.0716 0x16bc  ============================================================
18:59:44.0716 0x16bc  Scan finished
18:59:44.0716 0x16bc  ============================================================
18:59:44.0724 0x0bd4  Detected object count: 1
18:59:44.0724 0x0bd4  Actual detected object count: 1
19:00:32.0687 0x0bd4  Lenovo Eye Distance System ( UnsignedFile.Multi.Generic ) - skipped by user
19:00:32.0687 0x0bd4  Lenovo Eye Distance System ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:00:49.0258 0x0b20  ============================================================
19:00:49.0258 0x0b20  Scan started
19:00:49.0258 0x0b20  Mode: Manual; SigCheck; TDLFS; 
19:00:49.0258 0x0b20  ============================================================
19:00:49.0258 0x0b20  KSN ping started
19:00:49.0541 0x0b20  KSN ping finished: true
19:00:49.0972 0x0b20  ================ Scan system memory ========================
19:00:49.0972 0x0b20  System memory - ok
19:00:49.0972 0x0b20  ================ Scan services =============================
19:00:50.0096 0x0b20  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
19:00:50.0115 0x0b20  1394ohci - ok
19:00:50.0134 0x0b20  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
19:00:50.0147 0x0b20  ACPI - ok
19:00:50.0162 0x0b20  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
19:00:50.0173 0x0b20  AcpiPmi - ok
19:00:50.0211 0x0b20  [ D0B11E40EA74A98A5E133DF1F5276240, BAD5885CD8CC271D59DFA95159EFC3AC36D2BA11B6DA593AAED0C45F1C2F280F ] acsock          C:\Windows\system32\DRIVERS\acsock64.sys
19:00:50.0221 0x0b20  acsock - ok
19:00:50.0286 0x0b20  [ 8B46D5A1D3EF08232C04D0EAFB871FB2, 5306F8452EF675851CB0015F9E5C5EB750137D6D65C9CB7E47F8EF5B10A44D10 ] Adobe LM Service C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
19:00:50.0289 0x0b20  Adobe LM Service - detected UnsignedFile.Multi.Generic ( 1 )
19:00:50.0289 0x0b20  Detect skipped due to KSN trusted
19:00:50.0289 0x0b20  Adobe LM Service - ok
19:00:50.0412 0x0b20  [ 41D15EAD554396BF35B7C5246AD47A28, 456835B33E95D083CD0076F06B591D63FB969025940A5CFD87CAB37C658B6855 ] Adobe Version Cue CS2 c:\Creative Suite CS2\Adobe Creative Suite 2.0\Adobe Version Cue CS2\bin\VersionCueCS2.exe
19:00:50.0417 0x0b20  Adobe Version Cue CS2 - detected UnsignedFile.Multi.Generic ( 1 )
19:00:50.0417 0x0b20  Detect skipped due to KSN trusted
19:00:50.0417 0x0b20  Adobe Version Cue CS2 - ok
19:00:50.0465 0x0b20  [ B932E0EE190778D840F1442DFC0F9612, 8780963F14D57279FDD585BE945ED40F24590D32676C7A9EF94002D38B8BA643 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:00:50.0471 0x0b20  AdobeARMservice - ok
19:00:50.0565 0x0b20  [ CA363F172E1978FD155764F2840B0BE8, CB14E2C94ABB8C8809F4E96472F6D1A9A3A0860217631F592E0F62F043165575 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:00:50.0578 0x0b20  AdobeFlashPlayerUpdateSvc - ok
19:00:50.0620 0x0b20  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
19:00:50.0636 0x0b20  adp94xx - ok
19:00:50.0652 0x0b20  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
19:00:50.0665 0x0b20  adpahci - ok
19:00:50.0677 0x0b20  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
19:00:50.0687 0x0b20  adpu320 - ok
19:00:50.0712 0x0b20  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
19:00:50.0741 0x0b20  AeLookupSvc - ok
19:00:50.0788 0x0b20  [ 9A4A1EEE802BF2F878EE8EAB407B21B7, 177EB7DF4B35FE4C0E45E775A0FD5D48D39B410052E3EE18BDEEC809E152D9D8 ] AFD             C:\Windows\system32\drivers\afd.sys
19:00:50.0807 0x0b20  AFD - ok
19:00:50.0812 0x0b20  AFS - ok
19:00:50.0847 0x0b20  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
19:00:50.0855 0x0b20  agp440 - ok
19:00:50.0874 0x0b20  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
19:00:50.0885 0x0b20  ALG - ok
19:00:50.0897 0x0b20  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
19:00:50.0905 0x0b20  aliide - ok
19:00:50.0924 0x0b20  [ B4143CB1DD16AE73C6177C72F33450A6, D675AEF56FF030314AB3B4F13A81D72272E67AE10E415058928182A3B8370FE1 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
19:00:50.0939 0x0b20  AMD External Events Utility - ok
19:00:50.0955 0x0b20  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
19:00:50.0963 0x0b20  amdide - ok
19:00:50.0983 0x0b20  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
19:00:50.0994 0x0b20  AmdK8 - ok
19:00:51.0150 0x0b20  [ D1D06810BF7E21F5763EB06CB7E7262B, 77DEEA2C76D1C3E65E3D4F1FB2C671195019E9B78336EA4E040565DB88228611 ] amdkmdag        C:\Windows\system32\DRIVERS\atipmdag.sys
19:00:51.0298 0x0b20  amdkmdag - ok
19:00:51.0319 0x0b20  [ 6BA71D6616B56816E57394D77DD1BB6F, 5250378D4CA31578D8E92DD4402E2AA34C2299EA2D9471AC5A9A7CEA46A54CB3 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
19:00:51.0332 0x0b20  amdkmdap - ok
19:00:51.0347 0x0b20  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
19:00:51.0356 0x0b20  AmdPPM - ok
19:00:51.0387 0x0b20  [ 6EC6D772EAE38DC17C14AED9B178D24B, B4FB936B31B1265B8CC6B426C64965C34D0CCF1638E645ACD65E88F4AFFC57A6 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
19:00:51.0397 0x0b20  amdsata - ok
19:00:51.0427 0x0b20  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
19:00:51.0438 0x0b20  amdsbs - ok
19:00:51.0449 0x0b20  [ 1142A21DB581A84EA5597B03A26EBAA0, F94EB140D0CD068760D7EB081FF75154C75DAC75E5E24B6DE4E4F9CE65A70343 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
19:00:51.0457 0x0b20  amdxata - ok
19:00:51.0490 0x0b20  [ 8B73FEE96B60EE597CBCAA735A842A36, AB3FC01FEC62AC115EC766770D8694DEDA2FF2286E0199DC238ABF2493EC1A22 ] AppID           C:\Windows\system32\drivers\appid.sys
19:00:51.0499 0x0b20  AppID - ok
19:00:51.0520 0x0b20  [ F5800413C0DF45C2CA15FD3ACBB1365F, 741E09EED0FF0152B59704729BD700E7D7A671C88F0708884AAB7A56ECCBD8AB ] AppIDSvc        C:\Windows\System32\appidsvc.dll
19:00:51.0529 0x0b20  AppIDSvc - ok
19:00:51.0564 0x0b20  [ 978DC0A1FBE9CC91B21B40AF66CB396A, 90BAFF81D98F5AFD743D8BD65F716666A7A7BD2DA612492E03C79B29E9A0F8C2 ] Appinfo         C:\Windows\System32\appinfo.dll
19:00:51.0573 0x0b20  Appinfo - ok
19:00:51.0590 0x0b20  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\DRIVERS\arc.sys
19:00:51.0599 0x0b20  arc - ok
19:00:51.0611 0x0b20  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
19:00:51.0620 0x0b20  arcsas - ok
19:00:51.0720 0x0b20  [ 108FB6DDB69E537A2EA53F425363FAE5, B12A9F5338D39805E08A44A335FF7AA77F2266F535A2F5C8412CC746C75E5B1D ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:00:51.0731 0x0b20  aspnet_state - ok
19:00:51.0747 0x0b20  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
19:00:51.0776 0x0b20  AsyncMac - ok
19:00:51.0817 0x0b20  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
19:00:51.0825 0x0b20  atapi - ok
19:00:51.0873 0x0b20  [ F8633CDD09647A64EE8DB550630427FF, 565F32E6B1E8451B2DD866E4997336A47B8DC6669392BDAAF252C35C0383E8A3 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
19:00:51.0910 0x0b20  athr - ok
19:00:51.0959 0x0b20  [ BCD131E1FF612F0F82FD8DEC39F97C9F, 90519368467CF4BFAFAA7C8DBD439DBABE0673713D39EEE37045170C2BEAB46D ] ATIAVPCI        C:\Windows\system32\DRIVERS\atinavrr.sys
19:00:51.0996 0x0b20  ATIAVPCI - ok
19:00:52.0049 0x0b20  [ 67C717EC24FCAAE7B518D9E06AD036AB, F08550E4FCEC2899FACEF2A18CEE3D068D5911FFD2FF5534E4921E56FB0AEF59 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:00:52.0072 0x0b20  AudioEndpointBuilder - ok
19:00:52.0088 0x0b20  [ 67C717EC24FCAAE7B518D9E06AD036AB, F08550E4FCEC2899FACEF2A18CEE3D068D5911FFD2FF5534E4921E56FB0AEF59 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
19:00:52.0109 0x0b20  AudioSrv - ok
19:00:52.0143 0x0b20  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
19:00:52.0177 0x0b20  AxInstSV - ok
19:00:52.0220 0x0b20  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
19:00:52.0253 0x0b20  b06bdrv - ok
19:00:52.0271 0x0b20  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
19:00:52.0285 0x0b20  b57nd60a - ok
19:00:52.0308 0x0b20  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
19:00:52.0319 0x0b20  BDESVC - ok
19:00:52.0364 0x0b20  [ CB7CE2E47139B620D2B87078165F1AD0, 2859F85C463FD34D659EAFDDFE4DE472D04D3D2D639BE4876E19F5DC775D0BA1 ] becldr3Service  C:\Program Files (x86)\BCL Technologies\easyConverter SDK 3\Common\becldr.exe
19:00:52.0371 0x0b20  becldr3Service - detected UnsignedFile.Multi.Generic ( 1 )
19:00:52.0371 0x0b20  Detect skipped due to KSN trusted
19:00:52.0371 0x0b20  becldr3Service - ok
19:00:52.0391 0x0b20  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
19:00:52.0422 0x0b20  Beep - ok
19:00:52.0483 0x0b20  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
19:00:52.0557 0x0b20  BITS - ok
19:00:52.0565 0x0b20  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
19:00:52.0576 0x0b20  blbdrive - ok
19:00:52.0594 0x0b20  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
19:00:52.0621 0x0b20  bowser - ok
19:00:52.0635 0x0b20  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:00:52.0645 0x0b20  BrFiltLo - ok
19:00:52.0658 0x0b20  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:00:52.0668 0x0b20  BrFiltUp - ok
19:00:52.0711 0x0b20  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
19:00:52.0723 0x0b20  Browser - ok
19:00:52.0748 0x0b20  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
19:00:52.0763 0x0b20  Brserid - ok
19:00:52.0773 0x0b20  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
19:00:52.0785 0x0b20  BrSerWdm - ok
19:00:52.0799 0x0b20  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
19:00:52.0812 0x0b20  BrUsbMdm - ok
19:00:52.0817 0x0b20  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
19:00:52.0826 0x0b20  BrUsbSer - ok
19:00:52.0852 0x0b20  [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
19:00:52.0869 0x0b20  BthEnum - ok
19:00:52.0880 0x0b20  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
19:00:52.0895 0x0b20  BTHMODEM - ok
19:00:52.0904 0x0b20  [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
19:00:52.0917 0x0b20  BthPan - ok
19:00:52.0942 0x0b20  [ 64C198198501F7560EE41D8D1EFA7952, 53CE5FDD1866FC8A0B91C7A620F7555D197488C4C8F3DEFD4398D8E3ED2AEBD0 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
19:00:52.0970 0x0b20  BTHPORT - ok
19:00:52.0993 0x0b20  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
19:00:53.0023 0x0b20  bthserv - ok
19:00:53.0033 0x0b20  [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
19:00:53.0043 0x0b20  BTHUSB - ok
19:00:53.0050 0x0b20  [ 2641A3FE3D7B0646308F33B67F3B5300, 8D2E37F6524D10197D36AAE41F59028B3DF0692A113EA342BB1AC36DEA13D8F6 ] btusbflt        C:\Windows\system32\drivers\btusbflt.sys
19:00:53.0057 0x0b20  btusbflt - ok
19:00:53.0074 0x0b20  [ A72A9101F9730DB7332714E566614E4D, 7C75772EA40EAEDDE2565E5FF901B17EA9B748563B8CE40062D86D4B0F1DBF0C ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
19:00:53.0082 0x0b20  btwaudio - ok
19:00:53.0095 0x0b20  [ 5CEEC634B617525F2B6AD29F871033F7, 0A48E08FB3C3384860783F72C85022F6AD11D8F7023580D007478AA94F6F41C5 ] btwavdt         C:\Windows\system32\drivers\btwavdt.sys
19:00:53.0103 0x0b20  btwavdt - ok
19:00:53.0156 0x0b20  [ A5CCE445E343E370589D054AF569B6E1, 54118E06EF7F26408C30017BA852995304DD50563867221F4EF3B7AD2AD5ABD2 ] btwdins         C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
19:00:53.0182 0x0b20  btwdins - ok
19:00:53.0195 0x0b20  [ 6149301DC3F81D6F9667A3FBAC410975, 120E201AFB07054C7F6321461D194843C695012431DBD791E36BBF73FDD41E8A ] btwl2cap        C:\Windows\system32\DRIVERS\btwl2cap.sys
19:00:53.0200 0x0b20  btwl2cap - ok
19:00:53.0210 0x0b20  [ 2AF5604D28BEF77B7CF4B9D232FE7CD3, 758524012FE284EDFC27DF095A2DD5853A0F084999F14DA66784103176E938E4 ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
19:00:53.0216 0x0b20  btwrchid - ok
19:00:53.0234 0x0b20  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
19:00:53.0265 0x0b20  cdfs - ok
19:00:53.0302 0x0b20  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\drivers\cdrom.sys
19:00:53.0313 0x0b20  cdrom - ok
19:00:53.0351 0x0b20  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
19:00:53.0386 0x0b20  CertPropSvc - ok
19:00:53.0427 0x0b20  [ 59B4AB79011957DD3B83F0C2E63741BD, 5DE68785D701DBA0F98452B7D5CC407BEECD51685F39516157733CED2EF2FA19 ] chip1click      C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe
19:00:53.0431 0x0b20  chip1click - detected UnsignedFile.Multi.Generic ( 1 )
19:00:53.0431 0x0b20  Detect skipped due to KSN trusted
19:00:53.0431 0x0b20  chip1click - ok
19:00:53.0446 0x0b20  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
19:00:53.0458 0x0b20  circlass - ok
19:00:53.0500 0x0b20  [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS            C:\Windows\system32\CLFS.sys
19:00:53.0519 0x0b20  CLFS - ok
19:00:54.0082 0x0b20  [ 45AF5F89D707C3F64AC59B627AE34A30, 3E0D50463133FD7D57419258C88D80FF47F2729636D7836EE2567F94B0BA0358 ] ClickToRunSvc   C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
19:00:54.0426 0x0b20  ClickToRunSvc - ok
19:00:54.0495 0x0b20  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:00:54.0505 0x0b20  clr_optimization_v2.0.50727_32 - ok
19:00:54.0523 0x0b20  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:00:54.0532 0x0b20  clr_optimization_v2.0.50727_64 - ok
19:00:54.0609 0x0b20  [ 6D7C8A951AF6AD6835C029B3CB88D333, 66F3D79887B2449B4C6912D1A258D1A96056888F51A8AA24FEDF37942AD5BDBB ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:00:54.0620 0x0b20  clr_optimization_v4.0.30319_32 - ok
19:00:54.0631 0x0b20  [ 86329C35FF23CFEF0FB6C0023BA06BCE, D915CE7AD564F97A1C3B047D5248B7EF67ADDC59687FBC90F1776C21DAA0D3FD ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:00:54.0643 0x0b20  clr_optimization_v4.0.30319_64 - ok
19:00:54.0654 0x0b20  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
19:00:54.0662 0x0b20  CmBatt - ok
19:00:54.0694 0x0b20  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
19:00:54.0701 0x0b20  cmdide - ok
19:00:54.0745 0x0b20  [ 3323F76352B0AF14B2CDC4DFBF3E980A, F8E3C3508C37E647497B6889F26819B1DB30275F48A994D1BBFBAA9454E5FD70 ] CNG             C:\Windows\system32\Drivers\cng.sys
19:00:54.0766 0x0b20  CNG - ok
19:00:54.0784 0x0b20  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
19:00:54.0793 0x0b20  Compbatt - ok
19:00:54.0808 0x0b20  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
19:00:54.0824 0x0b20  CompositeBus - ok
19:00:54.0827 0x0b20  COMSysApp - ok
19:00:54.0832 0x0b20  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
19:00:54.0840 0x0b20  crcdisk - ok
19:00:54.0879 0x0b20  [ BB724567892383010B8436DCC0A84628, 2768F5FD7A096CB1CEA33F8818EF16F9F5E3E07BB8442949A49A9CF24B62C6E6 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
19:00:54.0891 0x0b20  CryptSvc - ok
19:00:54.0955 0x0b20  [ B4D1D62A09F09CB2DFD55628350CDAFB, 7DD3CE77D88B5AFAC4B6187F4CA6D50B7BD3398207163B2A1E4C76467801FF28 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
19:00:54.0982 0x0b20  cvhsvc - ok
19:00:55.0034 0x0b20  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
19:00:55.0077 0x0b20  DcomLaunch - ok
19:00:55.0100 0x0b20  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
19:00:55.0135 0x0b20  defragsvc - ok
19:00:55.0144 0x0b20  [ 9B38580063D281A99E68EF5813022A5F, D91676B0E0A8E2A090E3E5DD340ABCFC20AE0F55B4C82869D6CFB34239BD27DA ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
19:00:55.0154 0x0b20  DfsC - ok
19:00:55.0174 0x0b20  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
19:00:55.0209 0x0b20  Dhcp - ok
19:00:55.0280 0x0b20  [ BB5B80616BD01A9C59BF1D52BA238EDA, 8168F38127EC955B25AD4EF61081D86473E4959F797F68055E6210080EFEFF9F ] DigitalWave.Update.Service C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe
19:00:55.0301 0x0b20  DigitalWave.Update.Service - ok
19:00:55.0317 0x0b20  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
19:00:55.0346 0x0b20  discache - ok
19:00:55.0351 0x0b20  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
19:00:55.0361 0x0b20  Disk - ok
19:00:55.0382 0x0b20  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
19:00:55.0393 0x0b20  Dnscache - ok
19:00:55.0444 0x0b20  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
19:00:55.0478 0x0b20  dot3svc - ok
19:00:55.0515 0x0b20  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
19:00:55.0546 0x0b20  DPS - ok
19:00:55.0579 0x0b20  [ 26FE888505E5A945B0536AF9A2A27A6F, A6B16ED498BAFE300E1F0E0A241E3D62F7A1C5973EE775904ED14F33A2BC08A6 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
19:00:55.0587 0x0b20  drmkaud - ok
19:00:55.0644 0x0b20  [ 3A9D7D464BDB3B70D7ECF689ADABBD4D, B4F5B23705EA1BA453FE30791CA245E1A5F7FBEABAD026E4A8A15A9FC44E8C9C ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
19:00:55.0674 0x0b20  DXGKrnl - ok
19:00:55.0689 0x0b20  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
19:00:55.0723 0x0b20  EapHost - ok
19:00:55.0816 0x0b20  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
19:00:55.0901 0x0b20  ebdrv - ok
19:00:55.0946 0x0b20  [ 0EE3B249D8079D72D4C84B108E99A16F, 453A792CDF2133949EA2E1FFC2373C3CC16895FCAED82A0A403E432ED161DAB9 ] EFS             C:\Windows\System32\lsass.exe
19:00:55.0955 0x0b20  EFS - ok
19:00:56.0005 0x0b20  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
19:00:56.0029 0x0b20  ehRecvr - ok
19:00:56.0050 0x0b20  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
19:00:56.0064 0x0b20  ehSched - ok
19:00:56.0086 0x0b20  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
19:00:56.0105 0x0b20  elxstor - ok
19:00:56.0140 0x0b20  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
19:00:56.0150 0x0b20  ErrDev - ok
19:00:56.0179 0x0b20  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
19:00:56.0217 0x0b20  EventSystem - ok
19:00:56.0228 0x0b20  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
19:00:56.0263 0x0b20  exfat - ok
19:00:56.0276 0x0b20  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
19:00:56.0310 0x0b20  fastfat - ok
19:00:56.0357 0x0b20  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
19:00:56.0381 0x0b20  Fax - ok
19:00:56.0404 0x0b20  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
19:00:56.0414 0x0b20  fdc - ok
19:00:56.0429 0x0b20  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
19:00:56.0458 0x0b20  fdPHost - ok
19:00:56.0466 0x0b20  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
19:00:56.0497 0x0b20  FDResPub - ok
19:00:56.0505 0x0b20  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
19:00:56.0516 0x0b20  FileInfo - ok
19:00:56.0523 0x0b20  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
19:00:56.0553 0x0b20  Filetrace - ok
19:00:56.0563 0x0b20  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
19:00:56.0571 0x0b20  flpydisk - ok
19:00:56.0615 0x0b20  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
19:00:56.0629 0x0b20  FltMgr - ok
19:00:56.0688 0x0b20  [ A3B63B22B761804C7B916F5FBC5763C2, 4F62413BD70E135C142376ACBE9CD46F7F06303B49B6AE0B9FF58FC4DF7BD86A ] FontCache       C:\Windows\system32\FntCache.dll
19:00:56.0725 0x0b20  FontCache - ok
19:00:56.0779 0x0b20  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:00:56.0808 0x0b20  FontCache3.0.0.0 - ok
19:00:56.0841 0x0b20  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
19:00:56.0849 0x0b20  FsDepends - ok
19:00:56.0890 0x0b20  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
19:00:56.0898 0x0b20  Fs_Rec - ok
19:00:56.0938 0x0b20  [ 1F7B25B858FA27015169FE95E54108ED, 72DD12E924AA7273B3E4BDD2A2C581DECE304C8EF3D44EA79ABB032F3F95DCE5 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
19:00:56.0952 0x0b20  fvevol - ok
19:00:56.0969 0x0b20  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
19:00:56.0980 0x0b20  gagp30kx - ok
19:00:57.0031 0x0b20  [ E4AE497857409127ED57562AF913A903, 262ADD713B1FBF6200550967D1F8635B55D01BBD8FA2E753536E71A4EC87867B ] gpsvc           C:\Windows\System32\gpsvc.dll
19:00:57.0069 0x0b20  gpsvc - ok
19:00:57.0147 0x0b20  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:00:57.0155 0x0b20  gupdate - ok
19:00:57.0160 0x0b20  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:00:57.0168 0x0b20  gupdatem - ok
19:00:57.0199 0x0b20  [ 537FDB12109E944A4425E92F3985CC14, 8197911307CF98CA2B22C5B85458918673BDB8F101B426DC50EAB8E84077B91A ] h647906         C:\Windows\system32\drivers\h647906.sys
19:00:57.0207 0x0b20  h647906 - ok
19:00:57.0229 0x0b20  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
19:00:57.0237 0x0b20  hcw85cir - ok
19:00:57.0279 0x0b20  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:00:57.0297 0x0b20  HdAudAddService - ok
19:00:57.0315 0x0b20  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
19:00:57.0329 0x0b20  HDAudBus - ok
19:00:57.0333 0x0b20  hid7906 - ok
19:00:57.0348 0x0b20  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
19:00:57.0357 0x0b20  HidBatt - ok
19:00:57.0370 0x0b20  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
19:00:57.0384 0x0b20  HidBth - ok
19:00:57.0400 0x0b20  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
19:00:57.0412 0x0b20  HidIr - ok
19:00:57.0431 0x0b20  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
19:00:57.0462 0x0b20  hidserv - ok
19:00:57.0494 0x0b20  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
19:00:57.0513 0x0b20  HidUsb - ok
19:00:57.0555 0x0b20  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
19:00:57.0584 0x0b20  hkmsvc - ok
19:00:57.0625 0x0b20  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:00:57.0645 0x0b20  HomeGroupListener - ok
19:00:57.0685 0x0b20  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:00:57.0698 0x0b20  HomeGroupProvider - ok
19:00:57.0709 0x0b20  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
19:00:57.0719 0x0b20  HpSAMD - ok
19:00:57.0784 0x0b20  [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
19:00:57.0818 0x0b20  HTTP - ok
19:00:57.0857 0x0b20  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
19:00:57.0864 0x0b20  hwpolicy - ok
19:00:57.0898 0x0b20  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
19:00:57.0908 0x0b20  i8042prt - ok
19:00:57.0930 0x0b20  [ 3DF4395A7CF8B7A72A5F4606366B8C2D, 483588B8FC6E05488ED631C4E1CFC398553FEBFA2CD2BB527B4DF12D19774F80 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
19:00:57.0947 0x0b20  iaStorV - ok
19:00:58.0007 0x0b20  [ 6F95324909B502E2651442C1548AB12F, FF1B104990FE186C6100ED229A45345FF695323AC778688EC11AA8F5A87B141E ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
19:00:58.0011 0x0b20  IDriverT - detected UnsignedFile.Multi.Generic ( 1 )
19:00:58.0011 0x0b20  Detect skipped due to KSN trusted
19:00:58.0011 0x0b20  IDriverT - ok
19:00:58.0078 0x0b20  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:00:58.0105 0x0b20  idsvc - ok
19:00:58.0129 0x0b20  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
19:00:58.0138 0x0b20  iirsp - ok
19:00:58.0190 0x0b20  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
19:00:58.0217 0x0b20  IKEEXT - ok
19:00:58.0281 0x0b20  [ F5872A11EB4F6DB170D636CD4E53CA9F, 6FCD488E56816AE4203D989CD22E3FB266F1DB6598EA52A526D6A35712610EDE ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
19:00:58.0346 0x0b20  IntcAzAudAddService - ok
19:00:58.0360 0x0b20  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
19:00:58.0368 0x0b20  intelide - ok
19:00:58.0383 0x0b20  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
19:00:58.0394 0x0b20  intelppm - ok
19:00:58.0412 0x0b20  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
19:00:58.0452 0x0b20  IPBusEnum - ok
19:00:58.0494 0x0b20  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:00:58.0523 0x0b20  IpFilterDriver - ok
19:00:58.0556 0x0b20  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
19:00:58.0566 0x0b20  IPMIDRV - ok
19:00:58.0584 0x0b20  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
19:00:58.0615 0x0b20  IPNAT - ok
19:00:58.0630 0x0b20  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
19:00:58.0648 0x0b20  IRENUM - ok
19:00:58.0655 0x0b20  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
19:00:58.0663 0x0b20  isapnp - ok
19:00:58.0680 0x0b20  [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
19:00:58.0693 0x0b20  iScsiPrt - ok
19:00:58.0714 0x0b20  [ 213822072085B5BBAD9AF30AB577D817, 2C373B804D840933EC3A5F3ABFC43E47C2636CDB2431AB51846C565077B7C468 ] IviRegMgr       C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
19:00:58.0722 0x0b20  IviRegMgr - ok
19:00:58.0733 0x0b20  [ 19496FE93696C929392F1595ED1F8BB3, 374503566D19D69CAB93BC60F6A9E1D9E177DD98FFEBD450AC1C01F8705818C6 ] JMCR            C:\Windows\system32\DRIVERS\jmcr.sys
19:00:58.0744 0x0b20  JMCR - ok
19:00:58.0747 0x0b20  [ 429AE448057A868C89813FCEEF702BAB, A271F045FA8CD76556767F02DDC89A21CD720748C76EDADC5FC79F4D4D19DD84 ] johci           C:\Windows\system32\DRIVERS\johci.sys
19:00:58.0753 0x0b20  johci - ok
19:00:58.0762 0x0b20  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
19:00:58.0771 0x0b20  kbdclass - ok
19:00:58.0807 0x0b20  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
19:00:58.0816 0x0b20  kbdhid - ok
19:00:58.0819 0x0b20  [ 0EE3B249D8079D72D4C84B108E99A16F, 453A792CDF2133949EA2E1FFC2373C3CC16895FCAED82A0A403E432ED161DAB9 ] KeyIso          C:\Windows\system32\lsass.exe
19:00:58.0827 0x0b20  KeyIso - ok
19:00:58.0858 0x0b20  [ CF11CC2B73D5155533C67354F9188E09, D59C30B9651F8E0952DFF34A010BC60A1D27AE10F5705C54424BF6BB7ADF9F62 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
19:00:58.0867 0x0b20  KSecDD - ok
19:00:58.0885 0x0b20  [ 2E56D51B184EFB8E353B7AF446299DC8, CE7AAFF89F3A0BFE191DE90430A04C7FB899F5CF3B704AA5A96F47D5F37192B2 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
19:00:58.0898 0x0b20  KSecPkg - ok
19:00:58.0915 0x0b20  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
19:00:58.0945 0x0b20  ksthunk - ok
19:00:58.0971 0x0b20  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
19:00:59.0010 0x0b20  KtmRm - ok
19:00:59.0049 0x0b20  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
19:00:59.0082 0x0b20  LanmanServer - ok
19:00:59.0124 0x0b20  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:00:59.0154 0x0b20  LanmanWorkstation - ok
19:00:59.0166 0x0b20  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
19:00:59.0197 0x0b20  lltdio - ok
19:00:59.0219 0x0b20  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
19:00:59.0254 0x0b20  lltdsvc - ok
19:00:59.0268 0x0b20  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
19:00:59.0296 0x0b20  lmhosts - ok
19:00:59.0323 0x0b20  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
19:00:59.0333 0x0b20  LSI_FC - ok
19:00:59.0344 0x0b20  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
19:00:59.0354 0x0b20  LSI_SAS - ok
19:00:59.0367 0x0b20  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:00:59.0376 0x0b20  LSI_SAS2 - ok
19:00:59.0381 0x0b20  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:00:59.0403 0x0b20  LSI_SCSI - ok
19:00:59.0419 0x0b20  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
19:00:59.0454 0x0b20  luafv - ok
19:00:59.0492 0x0b20  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
19:00:59.0505 0x0b20  Mcx2Svc - ok
19:00:59.0519 0x0b20  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
19:00:59.0528 0x0b20  megasas - ok
19:00:59.0549 0x0b20  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
19:00:59.0563 0x0b20  MegaSR - ok
19:00:59.0590 0x0b20  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
19:00:59.0621 0x0b20  MMCSS - ok
19:00:59.0637 0x0b20  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
19:00:59.0666 0x0b20  Modem - ok
19:00:59.0670 0x0b20  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
19:00:59.0682 0x0b20  monitor - ok
19:00:59.0716 0x0b20  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
19:00:59.0725 0x0b20  mouclass - ok
19:00:59.0763 0x0b20  [ 21B7ACEA1BB49C3371DD5427BF309D6A, 39055A4D9BC293BD5DE5519FC6B95E7345089B32027E1799FA642606E6298856 ] moufiltr        C:\Windows\system32\DRIVERS\moufiltr.sys
19:00:59.0777 0x0b20  moufiltr - ok
19:00:59.0790 0x0b20  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
19:00:59.0799 0x0b20  mouhid - ok
19:00:59.0838 0x0b20  [ 8ADB5445B29941CB41AF2846FD5C93C7, 689582430FE29EC0845B1DB841D3CC49D5D09DE264586E3999EEFE616986D12B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
19:00:59.0847 0x0b20  mountmgr - ok
19:00:59.0899 0x0b20  [ ADF79A49E942C91D1FC9863CBFDD6B58, C2B2A792C4717133DCAE6297EE3F5D985B11D3C1E68A8DC23985AC6B78ACDE98 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:00:59.0910 0x0b20  MozillaMaintenance - ok
19:00:59.0929 0x0b20  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
19:00:59.0940 0x0b20  mpio - ok
19:00:59.0962 0x0b20  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
19:00:59.0992 0x0b20  mpsdrv - ok
         

Alt 02.02.2017, 19:38   #9
Mon147
 
Wie werde ich "win32.downloader.gen" los? - Standard

Wie werde ich "win32.downloader.gen" los?



TDSS 3von3:

Code:
ATTFilter
19:01:00.0009 0x0b20  [ 98DB1790F0A584E0A2528B92B052417F, 9AA04CA73AFE599810CD233B9CEC212E16D44DCEDF5C7D0181C7257F498068B5 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
19:01:00.0022 0x0b20  MRxDAV - ok
19:01:00.0046 0x0b20  [ FCA01B0C70DAE9BE557577E719469D17, F9868B7B50EF6323BF6690F087A83928A1E82B96A19B27F344E10BF11E520C32 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
19:01:00.0059 0x0b20  mrxsmb - ok
19:01:00.0078 0x0b20  [ 386BE96797C5B480AD31E8B50CEE337C, 88E826F42BEB38CAA7C84AE6ED4D8EBC4D382A8A37CF9F7B8517B297F168F1B3 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:01:00.0094 0x0b20  mrxsmb10 - ok
19:01:00.0128 0x0b20  [ 841474CF2EB14F826038FBCC7D85B857, 4B1BC8AFDA54D1F16AC2AAB7EDDAE07FBF1E3B65D1658F8901A3E3175AF72800 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:01:00.0138 0x0b20  mrxsmb20 - ok
19:01:00.0173 0x0b20  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
19:01:00.0181 0x0b20  msahci - ok
19:01:00.0198 0x0b20  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
19:01:00.0208 0x0b20  msdsm - ok
19:01:00.0235 0x0b20  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
19:01:00.0249 0x0b20  MSDTC - ok
19:01:00.0274 0x0b20  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
19:01:00.0302 0x0b20  Msfs - ok
19:01:00.0308 0x0b20  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
19:01:00.0336 0x0b20  mshidkmdf - ok
19:01:00.0344 0x0b20  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
19:01:00.0352 0x0b20  msisadrv - ok
19:01:00.0370 0x0b20  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
19:01:00.0402 0x0b20  MSiSCSI - ok
19:01:00.0405 0x0b20  msiserver - ok
19:01:00.0419 0x0b20  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
19:01:00.0447 0x0b20  MSKSSRV - ok
19:01:00.0459 0x0b20  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
19:01:00.0488 0x0b20  MSPCLOCK - ok
19:01:00.0491 0x0b20  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
19:01:00.0522 0x0b20  MSPQM - ok
19:01:00.0570 0x0b20  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
19:01:00.0585 0x0b20  MsRPC - ok
19:01:00.0620 0x0b20  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
19:01:00.0628 0x0b20  mssmbios - ok
19:01:00.0641 0x0b20  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
19:01:00.0669 0x0b20  MSTEE - ok
19:01:00.0681 0x0b20  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
19:01:00.0690 0x0b20  MTConfig - ok
19:01:00.0705 0x0b20  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
19:01:00.0714 0x0b20  Mup - ok
19:01:00.0729 0x0b20  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
19:01:00.0769 0x0b20  napagent - ok
19:01:00.0782 0x0b20  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
19:01:00.0802 0x0b20  NativeWifiP - ok
19:01:00.0856 0x0b20  [ F7309F42555F8AAB7144A51A1F2585B0, 065277A8AFAEE3888C997A76D2F751070F92DF4C3354D16B194860B4BDAFF937 ] NDIS            C:\Windows\system32\drivers\ndis.sys
19:01:00.0885 0x0b20  NDIS - ok
19:01:00.0908 0x0b20  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
19:01:00.0943 0x0b20  NdisCap - ok
19:01:00.0961 0x0b20  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
19:01:00.0993 0x0b20  NdisTapi - ok
19:01:01.0024 0x0b20  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
19:01:01.0052 0x0b20  Ndisuio - ok
19:01:01.0090 0x0b20  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
19:01:01.0121 0x0b20  NdisWan - ok
19:01:01.0159 0x0b20  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
19:01:01.0192 0x0b20  NDProxy - ok
19:01:01.0203 0x0b20  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
19:01:01.0234 0x0b20  NetBIOS - ok
19:01:01.0276 0x0b20  [ E47D571FEC2C76E867935109AB2A770C, F349D25890B6F476B106FD75BFB081DB737CA9B224D95E44927942FFF2DF82CD ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
19:01:01.0291 0x0b20  NetBT - ok
19:01:01.0304 0x0b20  [ 0EE3B249D8079D72D4C84B108E99A16F, 453A792CDF2133949EA2E1FFC2373C3CC16895FCAED82A0A403E432ED161DAB9 ] Netlogon        C:\Windows\system32\lsass.exe
19:01:01.0314 0x0b20  Netlogon - ok
19:01:01.0339 0x0b20  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
19:01:01.0378 0x0b20  Netman - ok
19:01:01.0415 0x0b20  [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:01:01.0427 0x0b20  NetMsmqActivator - ok
19:01:01.0432 0x0b20  [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:01:01.0444 0x0b20  NetPipeActivator - ok
19:01:01.0463 0x0b20  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
19:01:01.0502 0x0b20  netprofm - ok
19:01:01.0508 0x0b20  [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:01:01.0519 0x0b20  NetTcpActivator - ok
19:01:01.0525 0x0b20  [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:01:01.0536 0x0b20  NetTcpPortSharing - ok
19:01:01.0548 0x0b20  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
19:01:01.0556 0x0b20  nfrd960 - ok
19:01:01.0598 0x0b20  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
19:01:01.0625 0x0b20  NlaSvc - ok
19:01:01.0638 0x0b20  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
19:01:01.0675 0x0b20  Npfs - ok
19:01:01.0687 0x0b20  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
19:01:01.0715 0x0b20  nsi - ok
19:01:01.0727 0x0b20  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
19:01:01.0756 0x0b20  nsiproxy - ok
19:01:01.0823 0x0b20  [ B98F8C6E31CD07B2E6F71F7F648E38C0, 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
19:01:01.0868 0x0b20  Ntfs - ok
19:01:01.0891 0x0b20  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
19:01:01.0919 0x0b20  Null - ok
19:01:01.0957 0x0b20  [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48, 7738785DE8B50D69993F4408498B812D0283FEE5C04FF5B89C20F149B44E9737 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
19:01:01.0968 0x0b20  nvraid - ok
19:01:01.0980 0x0b20  [ F7CD50FE7139F07E77DA8AC8033D1832, DA96F4B15C8165E6AE1D00E03A062C66CA3A3089E4FF0E9E11CE00B154DD12EC ] nvstor          C:\Windows\system32\drivers\nvstor.sys
19:01:01.0991 0x0b20  nvstor - ok
19:01:02.0005 0x0b20  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
19:01:02.0015 0x0b20  nv_agp - ok
19:01:02.0039 0x0b20  [ 5C0A30851FCE1B73BD92CD13C73F2C0A, EBEABCAD40A1FB66BCE7685169F78322C845C089B49770411F28A6AE677E71A5 ] NW1950          C:\Windows\system32\DRIVERS\NW1950.sys
19:01:02.0046 0x0b20  NW1950 - ok
19:01:02.0058 0x0b20  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
19:01:02.0078 0x0b20  ohci1394 - ok
19:01:02.0129 0x0b20  [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B, 0340E77E8EC2ADC21B8DDD9C9CC95B3F4BCAFD54618A333C72D7D9587D593B83 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:01:02.0140 0x0b20  ose - ok
19:01:02.0307 0x0b20  [ FE9C0029E1AF26350D9985D00520E5C8, 967079CCF7B2CBD4B48C9F076675C26AF93A1CEC26C96811F279414E34004EE6 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:01:02.0436 0x0b20  osppsvc - ok
19:01:02.0462 0x0b20  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
19:01:02.0485 0x0b20  p2pimsvc - ok
19:01:02.0507 0x0b20  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
19:01:02.0525 0x0b20  p2psvc - ok
19:01:02.0545 0x0b20  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
19:01:02.0555 0x0b20  Parport - ok
19:01:02.0590 0x0b20  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
19:01:02.0599 0x0b20  partmgr - ok
19:01:02.0640 0x0b20  [ 3CD83692C43D87088E85E3C916146FFB, 9E812535E8FBA045FDA30F68E9EB2031132C37721D542A2DC9D4C33E2B137FCF ] PcaSvc          C:\Windows\System32\pcasvc.dll
19:01:02.0658 0x0b20  PcaSvc - ok
19:01:02.0703 0x0b20  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
19:01:02.0715 0x0b20  pci - ok
19:01:02.0726 0x0b20  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
19:01:02.0734 0x0b20  pciide - ok
19:01:02.0752 0x0b20  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
19:01:02.0764 0x0b20  pcmcia - ok
19:01:02.0783 0x0b20  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
19:01:02.0792 0x0b20  pcw - ok
19:01:02.0838 0x0b20  [ EA4D67448BE493D543F1730D6CD04694, 24717C5E41B7CA522F3330EF2228B6685E710A5259396E9887A1C1E7A413F8CA ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
19:01:02.0862 0x0b20  PEAUTH - ok
19:01:02.0905 0x0b20  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
19:01:02.0914 0x0b20  PerfHost - ok
19:01:02.0991 0x0b20  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
19:01:03.0058 0x0b20  pla - ok
19:01:03.0105 0x0b20  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
19:01:03.0123 0x0b20  PlugPlay - ok
19:01:03.0135 0x0b20  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
19:01:03.0144 0x0b20  PNRPAutoReg - ok
19:01:03.0162 0x0b20  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
19:01:03.0176 0x0b20  PNRPsvc - ok
19:01:03.0213 0x0b20  [ 80D6B0563ED2BF10656B1D4748331082, B7E6B5E1148B7EE537E8D5C3A65450876B61CD45A395267D08699746E98AD574 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
19:01:03.0248 0x0b20  PolicyAgent - ok
19:01:03.0270 0x0b20  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
19:01:03.0303 0x0b20  Power - ok
19:01:03.0339 0x0b20  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
19:01:03.0368 0x0b20  PptpMiniport - ok
19:01:03.0385 0x0b20  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
19:01:03.0395 0x0b20  Processor - ok
19:01:03.0434 0x0b20  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\Windows\system32\profsvc.dll
19:01:03.0450 0x0b20  ProfSvc - ok
19:01:03.0462 0x0b20  [ 0EE3B249D8079D72D4C84B108E99A16F, 453A792CDF2133949EA2E1FFC2373C3CC16895FCAED82A0A403E432ED161DAB9 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:01:03.0472 0x0b20  ProtectedStorage - ok
19:01:03.0513 0x0b20  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
19:01:03.0547 0x0b20  Psched - ok
19:01:03.0582 0x0b20  [ A6A7AD767BF5141665F5C675F671B3E1, 11D43F732C3B82679E53516F83E675B60B0EFEDE3F4EE3C42AC752AD8D5155AF ] PSI_SVC_2       c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
19:01:03.0591 0x0b20  PSI_SVC_2 - ok
19:01:03.0637 0x0b20  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
19:01:03.0679 0x0b20  ql2300 - ok
19:01:03.0702 0x0b20  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
19:01:03.0712 0x0b20  ql40xx - ok
19:01:03.0739 0x0b20  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
19:01:03.0756 0x0b20  QWAVE - ok
19:01:03.0767 0x0b20  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
19:01:03.0784 0x0b20  QWAVEdrv - ok
19:01:03.0801 0x0b20  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
19:01:03.0836 0x0b20  RasAcd - ok
19:01:03.0854 0x0b20  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
19:01:03.0886 0x0b20  RasAgileVpn - ok
19:01:03.0899 0x0b20  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
19:01:03.0930 0x0b20  RasAuto - ok
19:01:03.0971 0x0b20  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
19:01:04.0001 0x0b20  Rasl2tp - ok
19:01:04.0020 0x0b20  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
19:01:04.0059 0x0b20  RasMan - ok
19:01:04.0073 0x0b20  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
19:01:04.0108 0x0b20  RasPppoe - ok
19:01:04.0119 0x0b20  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
19:01:04.0153 0x0b20  RasSstp - ok
19:01:04.0200 0x0b20  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
19:01:04.0245 0x0b20  rdbss - ok
19:01:04.0265 0x0b20  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
19:01:04.0278 0x0b20  rdpbus - ok
19:01:04.0292 0x0b20  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
19:01:04.0320 0x0b20  RDPCDD - ok
19:01:04.0325 0x0b20  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
19:01:04.0354 0x0b20  RDPENCDD - ok
19:01:04.0359 0x0b20  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
19:01:04.0387 0x0b20  RDPREFMP - ok
19:01:04.0430 0x0b20  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
19:01:04.0455 0x0b20  RDPWD - ok
19:01:04.0493 0x0b20  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
19:01:04.0504 0x0b20  rdyboost - ok
19:01:04.0518 0x0b20  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
19:01:04.0551 0x0b20  RemoteAccess - ok
19:01:04.0569 0x0b20  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
19:01:04.0604 0x0b20  RemoteRegistry - ok
19:01:04.0620 0x0b20  [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
19:01:04.0634 0x0b20  RFCOMM - ok
19:01:04.0645 0x0b20  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
19:01:04.0675 0x0b20  RpcEptMapper - ok
19:01:04.0684 0x0b20  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
19:01:04.0694 0x0b20  RpcLocator - ok
19:01:04.0742 0x0b20  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
19:01:04.0787 0x0b20  RpcSs - ok
19:01:04.0794 0x0b20  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
19:01:04.0824 0x0b20  rspndr - ok
19:01:04.0852 0x0b20  [ 4FBDA07EF0A3097CE14C5CABF723B278, 6F1E21362F0057E9C6A180D9189AEB51761F4C019A6835E50E4AD19ED1F58FE6 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
19:01:04.0866 0x0b20  RTL8167 - ok
19:01:04.0879 0x0b20  [ 0EE3B249D8079D72D4C84B108E99A16F, 453A792CDF2133949EA2E1FFC2373C3CC16895FCAED82A0A403E432ED161DAB9 ] SamSs           C:\Windows\system32\lsass.exe
19:01:04.0887 0x0b20  SamSs - ok
19:01:04.0926 0x0b20  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
19:01:04.0935 0x0b20  sbp2port - ok
19:01:04.0960 0x0b20  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
19:01:04.0993 0x0b20  SCardSvr - ok
19:01:05.0029 0x0b20  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
19:01:05.0057 0x0b20  scfilter - ok
19:01:05.0114 0x0b20  [ 40686B59C127F0C93B4234E4A1E3472A, B2DD61CB796C6AA8AFD285D43472B94646CA6D331D282818E0FDC9DE28DDE9CF ] Schedule        C:\Windows\system32\schedsvc.dll
19:01:05.0155 0x0b20  Schedule - ok
19:01:05.0201 0x0b20  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
19:01:05.0232 0x0b20  SCPolicySvc - ok
19:01:05.0266 0x0b20  [ 111E0EBC0AD79CB0FA014B907B231CF0, B7D43D156C2524938503CF8E99C4D1F7A5C55E16C0368F57F4CD23C6D833B38F ] sdbus           C:\Windows\system32\drivers\sdbus.sys
19:01:05.0279 0x0b20  sdbus - ok
19:01:05.0297 0x0b20  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
19:01:05.0309 0x0b20  SDRSVC - ok
19:01:05.0336 0x0b20  [ D358E077A0A05D9B12DA22D137EE8464, 7B6493B199DEF411596B1A6F479F57838202B102C3324333B620E212E0AE9053 ] SeaPort         C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
19:01:05.0347 0x0b20  SeaPort - ok
19:01:05.0363 0x0b20  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
19:01:05.0377 0x0b20  secdrv - ok
19:01:05.0410 0x0b20  [ A19623BDD61E66A12AB53992002B4F3A, E351CEEC086084A417BA3BD0EEF46114D3147EC38E3EF8BE49B724F9D028CC56 ] seclogon        C:\Windows\system32\seclogon.dll
19:01:05.0427 0x0b20  seclogon - ok
19:01:05.0442 0x0b20  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
19:01:05.0472 0x0b20  SENS - ok
19:01:05.0481 0x0b20  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
19:01:05.0490 0x0b20  SensrSvc - ok
19:01:05.0500 0x0b20  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
19:01:05.0509 0x0b20  Serenum - ok
19:01:05.0519 0x0b20  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
19:01:05.0530 0x0b20  Serial - ok
19:01:05.0540 0x0b20  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
19:01:05.0550 0x0b20  sermouse - ok
19:01:05.0598 0x0b20  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
19:01:05.0636 0x0b20  SessionEnv - ok
19:01:05.0668 0x0b20  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
19:01:05.0678 0x0b20  sffdisk - ok
19:01:05.0690 0x0b20  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
19:01:05.0699 0x0b20  sffp_mmc - ok
19:01:05.0702 0x0b20  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
19:01:05.0718 0x0b20  sffp_sd - ok
19:01:05.0746 0x0b20  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
19:01:05.0757 0x0b20  sfloppy - ok
19:01:05.0814 0x0b20  [ 21AB491BBCC8C1B26FDC402A374AB196, DD973C9963C840200D153A15078152D499639730D065BB8122C6BE65D4372300 ] Sftfs           C:\Windows\system32\DRIVERS\Sftfslh.sys
19:01:05.0839 0x0b20  Sftfs - ok
19:01:05.0899 0x0b20  [ 4E1BB8A9CCDB4BAF41F7F9A930EB121D, D994B20DACEB187BEB6530309E2185040B58105E4FD5AC1DA435712F9DE027D0 ] sftlist         C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
19:01:05.0918 0x0b20  sftlist - ok
19:01:05.0955 0x0b20  [ 3B8D43FEEFF7A187534DDDFD675FE123, 9308D5C552FE3AF1121A3F7B7595547C6B892FF500377953F3B623511D84698C ] Sftplay         C:\Windows\system32\DRIVERS\Sftplaylh.sys
19:01:05.0969 0x0b20  Sftplay - ok
19:01:05.0976 0x0b20  [ F1D1B1DC7A8765A09D7640FBF8D20970, 72E59B04BC44DAFFB88987C16CF3F9DC35438B15879E102FD83013673E0DB66F ] Sftredir        C:\Windows\system32\DRIVERS\Sftredirlh.sys
19:01:05.0984 0x0b20  Sftredir - ok
19:01:06.0018 0x0b20  [ B3B9ADE7F8C4AF0C20E712E040588543, 9A6BB11DA046BF6F0239952871263E148FAE91FB21065613645114B5FA054EC5 ] Sftvol          C:\Windows\system32\DRIVERS\Sftvollh.sys
19:01:06.0025 0x0b20  Sftvol - ok
19:01:06.0039 0x0b20  [ CECFDE5D3701B2D914862F5E6C3DFE18, E7627F90630C306324A39DC3C652B37D255F90636AC19D3302EE5B85BD504BD5 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
19:01:06.0050 0x0b20  sftvsa - ok
19:01:06.0081 0x0b20  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
19:01:06.0117 0x0b20  SharedAccess - ok
19:01:06.0161 0x0b20  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:01:06.0197 0x0b20  ShellHWDetection - ok
19:01:06.0214 0x0b20  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:01:06.0222 0x0b20  SiSRaid2 - ok
19:01:06.0237 0x0b20  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
19:01:06.0247 0x0b20  SiSRaid4 - ok
19:01:06.0259 0x0b20  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
19:01:06.0289 0x0b20  Smb - ok
19:01:06.0309 0x0b20  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
19:01:06.0330 0x0b20  SNMPTRAP - ok
19:01:06.0342 0x0b20  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
19:01:06.0350 0x0b20  spldr - ok
19:01:06.0368 0x0b20  [ B96C17B5DC1424D56EEA3A99E97428CD, AF0A85066A7983878DC1C663811CE61C6CA1912DC956184F878B7B82DB93C651 ] Spooler         C:\Windows\System32\spoolsv.exe
19:01:06.0410 0x0b20  Spooler - ok
19:01:06.0529 0x0b20  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
19:01:06.0641 0x0b20  sppsvc - ok
19:01:06.0658 0x0b20  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
19:01:06.0688 0x0b20  sppuinotify - ok
19:01:06.0732 0x0b20  [ EC666682FE8344CF7E6ED69E74FA9F4F, DCD2A1C046425630689E2C9A6A6E356FE5A2A6664D12C20CFE236FCB32240DF9 ] srv             C:\Windows\system32\DRIVERS\srv.sys
19:01:06.0756 0x0b20  srv - ok
19:01:06.0781 0x0b20  [ E450C0318DCE8ED28ED272C8806B8495, D2FD459F8C5E42103EF2F71421FA175A4F0821F8C2A3763093122D433D1C50FB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
19:01:06.0797 0x0b20  srv2 - ok
19:01:06.0810 0x0b20  [ 9C12C78AD36C23D925711A4640228225, FF72C23F2A08EDF0C41BAF1EB0245AB44FF91365C5466F09C47A8F0928D20994 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
19:01:06.0822 0x0b20  srvnet - ok
19:01:06.0842 0x0b20  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
19:01:06.0876 0x0b20  SSDPSRV - ok
19:01:06.0893 0x0b20  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
19:01:06.0923 0x0b20  SstpSvc - ok
19:01:06.0939 0x0b20  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
19:01:06.0947 0x0b20  stexstor - ok
19:01:06.0990 0x0b20  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
19:01:07.0021 0x0b20  stisvc - ok
19:01:07.0057 0x0b20  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
19:01:07.0065 0x0b20  swenum - ok
19:01:07.0084 0x0b20  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
19:01:07.0124 0x0b20  swprv - ok
19:01:07.0203 0x0b20  [ 2E730941CC5BF6200A4F56D1E9C24AAD, 758836D55DC84F3EBE9917DC6FAB8E6170A5B238FEDBCFDB6D7C5C6EA98E08B2 ] SysMain         C:\Windows\system32\sysmain.dll
19:01:07.0258 0x0b20  SysMain - ok
19:01:07.0302 0x0b20  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:01:07.0319 0x0b20  TabletInputService - ok
19:01:07.0334 0x0b20  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
19:01:07.0370 0x0b20  TapiSrv - ok
19:01:07.0386 0x0b20  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
19:01:07.0421 0x0b20  TBS - ok
19:01:07.0501 0x0b20  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
19:01:07.0552 0x0b20  Tcpip - ok
19:01:07.0594 0x0b20  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
19:01:07.0637 0x0b20  TCPIP6 - ok
19:01:07.0676 0x0b20  [ DF687E3D8836BFB04FCC0615BF15A519, 7C5B1E72673B4299DFC21E869F0FBB28198CA54DF4F4AF7080005F2D82467784 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
19:01:07.0705 0x0b20  tcpipreg - ok
19:01:07.0725 0x0b20  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
19:01:07.0744 0x0b20  TDPIPE - ok
19:01:07.0774 0x0b20  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
19:01:07.0783 0x0b20  TDTCP - ok
19:01:07.0822 0x0b20  [ AA77EB517D2F07A947294F260E3ACA83, B7A5DF3066830C0C2302B059778A67419792058A0D300C471DE40AB245EA7E58 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
19:01:07.0834 0x0b20  tdx - ok
19:01:07.0844 0x0b20  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
19:01:07.0852 0x0b20  TermDD - ok
19:01:07.0909 0x0b20  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
19:01:07.0933 0x0b20  TermService - ok
19:01:07.0954 0x0b20  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
19:01:07.0970 0x0b20  Themes - ok
19:01:07.0991 0x0b20  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
19:01:08.0020 0x0b20  THREADORDER - ok
19:01:08.0053 0x0b20  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
19:01:08.0089 0x0b20  TrkWks - ok
19:01:08.0138 0x0b20  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:01:08.0170 0x0b20  TrustedInstaller - ok
19:01:08.0206 0x0b20  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
19:01:08.0215 0x0b20  tssecsrv - ok
19:01:08.0254 0x0b20  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
19:01:08.0269 0x0b20  TsUsbFlt - ok
19:01:08.0314 0x0b20  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
19:01:08.0344 0x0b20  tunnel - ok
19:01:08.0364 0x0b20  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
19:01:08.0372 0x0b20  uagp35 - ok
19:01:08.0391 0x0b20  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
19:01:08.0429 0x0b20  udfs - ok
19:01:08.0458 0x0b20  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
19:01:08.0468 0x0b20  UI0Detect - ok
19:01:08.0482 0x0b20  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
19:01:08.0491 0x0b20  uliagpkx - ok
19:01:08.0520 0x0b20  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\drivers\umbus.sys
19:01:08.0529 0x0b20  umbus - ok
19:01:08.0539 0x0b20  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
19:01:08.0547 0x0b20  UmPass - ok
19:01:08.0565 0x0b20  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
19:01:08.0604 0x0b20  upnphost - ok
19:01:08.0641 0x0b20  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
19:01:08.0663 0x0b20  usbaudio - ok
19:01:08.0704 0x0b20  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
19:01:08.0726 0x0b20  usbccgp - ok
19:01:08.0745 0x0b20  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
19:01:08.0763 0x0b20  usbcir - ok
19:01:08.0793 0x0b20  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
19:01:08.0801 0x0b20  usbehci - ok
19:01:08.0846 0x0b20  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
19:01:08.0861 0x0b20  usbhub - ok
19:01:08.0893 0x0b20  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\drivers\usbohci.sys
19:01:08.0901 0x0b20  usbohci - ok
19:01:08.0915 0x0b20  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
19:01:08.0927 0x0b20  usbprint - ok
19:01:08.0965 0x0b20  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
19:01:08.0984 0x0b20  usbscan - ok
19:01:09.0018 0x0b20  [ D029DD09E22EB24318A8FC3D8138BA43, C95805E8BF75ECB939520AE86420B16467B0771C161C51C9F1A37649ADFADCD0 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:01:09.0037 0x0b20  USBSTOR - ok
19:01:09.0075 0x0b20  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
19:01:09.0083 0x0b20  usbuhci - ok
19:01:09.0125 0x0b20  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
19:01:09.0136 0x0b20  usbvideo - ok
19:01:09.0156 0x0b20  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
19:01:09.0192 0x0b20  UxSms - ok
19:01:09.0205 0x0b20  [ 0EE3B249D8079D72D4C84B108E99A16F, 453A792CDF2133949EA2E1FFC2373C3CC16895FCAED82A0A403E432ED161DAB9 ] VaultSvc        C:\Windows\system32\lsass.exe
19:01:09.0215 0x0b20  VaultSvc - ok
19:01:09.0250 0x0b20  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
19:01:09.0258 0x0b20  vdrvroot - ok
19:01:09.0304 0x0b20  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
19:01:09.0345 0x0b20  vds - ok
19:01:09.0362 0x0b20  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
19:01:09.0373 0x0b20  vga - ok
19:01:09.0389 0x0b20  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
19:01:09.0419 0x0b20  VgaSave - ok
19:01:09.0435 0x0b20  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
19:01:09.0447 0x0b20  vhdmp - ok
19:01:09.0480 0x0b20  [ C2C95D62C90CA809240112B41C1765F2, FAFBA11CE7D273D28D1C27D01BEB4E62AB4ADA7517183F46E505D335E1117CA0 ] vhidmini        C:\Windows\system32\DRIVERS\walvhid.sys
19:01:09.0494 0x0b20  vhidmini - ok
19:01:09.0529 0x0b20  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
19:01:09.0536 0x0b20  viaide - ok
19:01:09.0559 0x0b20  [ 9FE401877C4C6A8DB129B55BE9F2BA01, 6DA12180D6E3C8ED7676E9298C5AFDF7CFAA5A41AE6B5188134D0A010E56912D ] VMC412          C:\Windows\system32\Drivers\VMC412.sys
19:01:09.0571 0x0b20  VMC412 - ok
19:01:09.0584 0x0b20  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
19:01:09.0593 0x0b20  volmgr - ok
19:01:09.0631 0x0b20  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
19:01:09.0647 0x0b20  volmgrx - ok
19:01:09.0660 0x0b20  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
19:01:09.0675 0x0b20  volsnap - ok
19:01:09.0700 0x0b20  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
19:01:09.0710 0x0b20  vsmraid - ok
19:01:09.0785 0x0b20  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
19:01:09.0857 0x0b20  VSS - ok
19:01:09.0873 0x0b20  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
19:01:09.0884 0x0b20  vwifibus - ok
19:01:09.0892 0x0b20  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
19:01:09.0910 0x0b20  vwififlt - ok
19:01:09.0914 0x0b20  [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
19:01:09.0930 0x0b20  vwifimp - ok
19:01:09.0951 0x0b20  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
19:01:09.0989 0x0b20  W32Time - ok
19:01:10.0014 0x0b20  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
19:01:10.0023 0x0b20  WacomPen - ok
19:01:10.0067 0x0b20  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
19:01:10.0096 0x0b20  WANARP - ok
19:01:10.0100 0x0b20  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
19:01:10.0129 0x0b20  Wanarpv6 - ok
19:01:10.0188 0x0b20  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
19:01:10.0226 0x0b20  WatAdminSvc - ok
19:01:10.0298 0x0b20  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
19:01:10.0340 0x0b20  wbengine - ok
19:01:10.0358 0x0b20  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
19:01:10.0376 0x0b20  WbioSrvc - ok
19:01:10.0421 0x0b20  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
19:01:10.0442 0x0b20  wcncsvc - ok
19:01:10.0450 0x0b20  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:01:10.0459 0x0b20  WcsPlugInService - ok
19:01:10.0476 0x0b20  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
19:01:10.0488 0x0b20  Wd - ok
19:01:10.0538 0x0b20  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
19:01:10.0565 0x0b20  Wdf01000 - ok
19:01:10.0576 0x0b20  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
19:01:10.0592 0x0b20  WdiServiceHost - ok
19:01:10.0595 0x0b20  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
19:01:10.0610 0x0b20  WdiSystemHost - ok
19:01:10.0647 0x0b20  [ EE841B6D1F2B9508D3ABAE52AC05A94F, F1AE981FCDBFC4672A4EABABD41382E93762EFC2EDAD96E75530E7ACA5AF1FD8 ] WebClient       C:\Windows\System32\webclnt.dll
19:01:10.0663 0x0b20  WebClient - ok
19:01:10.0684 0x0b20  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
19:01:10.0721 0x0b20  Wecsvc - ok
19:01:10.0735 0x0b20  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
19:01:10.0768 0x0b20  wercplsupport - ok
19:01:10.0776 0x0b20  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
19:01:10.0808 0x0b20  WerSvc - ok
19:01:10.0828 0x0b20  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
19:01:10.0859 0x0b20  WfpLwf - ok
19:01:10.0872 0x0b20  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
19:01:10.0880 0x0b20  WIMMount - ok
19:01:10.0888 0x0b20  WinHttpAutoProxySvc - ok
19:01:10.0898 0x0b20  [ 66C365B542195C1F6E2FF4A7D8F3827C, FB43A64453283D1B236AFF73F010B8F6106B971047313B9B4EBE925C4DD325A2 ] WinI2C-DDC      C:\Windows\system32\drivers\DDCDrv.sys
19:01:10.0906 0x0b20  WinI2C-DDC - ok
19:01:10.0935 0x0b20  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
19:01:10.0973 0x0b20  Winmgmt - ok
19:01:11.0056 0x0b20  [ EBDA1B0F15CB9B2CBCC6C94824E4E054, C51314F7D611E4903DA00EFA8EB99365414436324D256083CE0B5A8E055E8E06 ] WinRM           C:\Windows\system32\WsmSvc.dll
19:01:11.0115 0x0b20  WinRM - ok
19:01:11.0161 0x0b20  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
19:01:11.0177 0x0b20  WinUsb - ok
19:01:11.0216 0x0b20  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
19:01:11.0252 0x0b20  Wlansvc - ok
19:01:11.0290 0x0b20  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
19:01:11.0299 0x0b20  WmiAcpi - ok
19:01:11.0329 0x0b20  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
19:01:11.0346 0x0b20  wmiApSrv - ok
19:01:11.0359 0x0b20  WMPNetworkSvc - ok
19:01:11.0370 0x0b20  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
19:01:11.0379 0x0b20  WPCSvc - ok
19:01:11.0420 0x0b20  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
19:01:11.0432 0x0b20  WPDBusEnum - ok
19:01:11.0451 0x0b20  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
19:01:11.0480 0x0b20  ws2ifsl - ok
19:01:11.0483 0x0b20  WSearch - ok
19:01:11.0506 0x0b20  [ 83575C43B2BFE9AB0661A7F957E843C0, 6FCE62721902A4F35F1A4CED8AF60A0346CFAB657ED92DE4CEFF19BDB830D32D ] wsvd            C:\Windows\system32\DRIVERS\wsvd.sys
19:01:11.0514 0x0b20  wsvd - ok
19:01:11.0518 0x0b20  WTService - ok
19:01:11.0614 0x0b20  [ 86F11B85102AFA6A1A6101DCE2F09386, 68A0F0E628C8F33FDAC114876DA8ED14776DD74E80AC5A6A52257E19DE011091 ] wuauserv        C:\Windows\system32\wuaueng.dll
19:01:11.0693 0x0b20  wuauserv - ok
19:01:11.0711 0x0b20  [ D3381DC54C34D79B22CEE0D65BA91B7C, 70DC4ADCA4C0C28BB133287511E329D1B6B9B97F96CDE5B1D2F1F59FE1A965D9 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
19:01:11.0752 0x0b20  WudfPf - ok
19:01:11.0789 0x0b20  [ CF8D590BE3373029D57AF80914190682, FB9641777E90A58C063FBE95F081DC6D2F4770827DE19108A9DC3E3D6B17B4BF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
19:01:11.0821 0x0b20  WUDFRd - ok
19:01:11.0858 0x0b20  [ 7A95C95B6C4CF292D689106BCAE49543, 9029F489E1E817CE12839B8C6656E46190497D445DC3F43C20CF96E5E6BD0691 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
19:01:11.0888 0x0b20  wudfsvc - ok
19:01:11.0912 0x0b20  [ 9A3452B3C2A46C073166C5CF49FAD1AE, D6F95F51D8E37BA4CF403965EC08CCFEEA9EEFDBFC7752432EAEC19925BDA115 ] WwanSvc         C:\Windows\System32\wwansvc.dll
19:01:11.0930 0x0b20  WwanSvc - ok
19:01:11.0935 0x0b20  ZAPrivacyService - ok
19:01:11.0958 0x0b20  ================ Scan global ===============================
19:01:11.0991 0x0b20  [ 168EA9CD9BD6056BB6F60B57D5304BBE, 5A2F98754F042A7D80E7483842967EB362F01D57CE9720B24C7EDAA047F24C6F ] C:\Windows\system32\basesrv.dll
19:01:12.0029 0x0b20  [ 20EBCFD94E5F9C801354062991E7257B, 9CD497241559A5D6A8C2C77F1109B6D512BFFA8CC154480A3CDC36B7BB68BFAB ] C:\Windows\system32\winsrv.dll
19:01:12.0039 0x0b20  [ 20EBCFD94E5F9C801354062991E7257B, 9CD497241559A5D6A8C2C77F1109B6D512BFFA8CC154480A3CDC36B7BB68BFAB ] C:\Windows\system32\winsrv.dll
19:01:12.0057 0x0b20  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
19:01:12.0096 0x0b20  [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
19:01:12.0102 0x0b20  [ Global ] - ok
19:01:12.0103 0x0b20  ================ Scan MBR ==================================
19:01:12.0110 0x0b20  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:01:13.0112 0x0b20  \Device\Harddisk0\DR0 - ok
19:01:13.0115 0x0b20  ================ Scan VBR ==================================
19:01:13.0117 0x0b20  [ E5D56CAB1763453FB51668D207C6C9F9 ] \Device\Harddisk0\DR0\Partition1
19:01:13.0118 0x0b20  \Device\Harddisk0\DR0\Partition1 - ok
19:01:13.0153 0x0b20  [ 11447B1F7E61050B5A24E90FADE9F6E3 ] \Device\Harddisk0\DR0\Partition2
19:01:13.0154 0x0b20  \Device\Harddisk0\DR0\Partition2 - ok
19:01:13.0157 0x0b20  ================ Scan generic autorun ======================
19:01:13.0467 0x0b20  [ 7EADC0C9225D6F802AB975475D71320C, 6F4C27F9832CECA921980D42AA1E0EC0021F2A7CD014A272FC2CE52A5AD111C2 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
19:01:13.0724 0x0b20  RtHDVCpl - ok
19:01:13.0767 0x0b20  [ 4EC4260D778FB923BA1AB697AFF6C0E3, 72372369153F675C26F938C5106BFD8704FC518348BC95961214B76DECB68689 ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
19:01:13.0772 0x0b20  StartCCC - detected UnsignedFile.Multi.Generic ( 1 )
19:01:13.0772 0x0b20  Detect skipped due to KSN trusted
19:01:13.0773 0x0b20  StartCCC - ok
19:01:13.0802 0x0b20  [ 5FFFF157D8139E2E6C34FEEA0BAF23D7, 5E57021DB60FD35985E73F327737E1E4D6F18FCD2055A5470DA820ADDCA20F3F ] C:\Program Files (x86)\jmesoft\hotkey.exe
19:01:13.0809 0x0b20  jmekey - detected UnsignedFile.Multi.Generic ( 1 )
19:01:13.0809 0x0b20  Detect skipped due to KSN trusted
19:01:13.0809 0x0b20  jmekey - ok
19:01:13.0838 0x0b20  [ 06565F9F4BFBBCED5769E5E871E03E69, ED2298CD56D37836B8CFC7743DD6BEACA1A6D51D2674846B0E7C7E7181276BC4 ] C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
19:01:13.0846 0x0b20  YouCam Mirror Tray icon - detected UnsignedFile.Multi.Generic ( 1 )
19:01:13.0847 0x0b20  Detect skipped due to KSN trusted
19:01:13.0847 0x0b20  YouCam Mirror Tray icon - ok
19:01:13.0887 0x0b20  [ D438F05740E6C8B26F3C4B21731003EC, 9807FED300B0AB9A65C1C0FF1EC70E92526465A4F098CE38F5F39BEE87961EF0 ] C:\Program Files\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exe
19:01:13.0896 0x0b20  Lenovo Eye Distance System - detected UnsignedFile.Multi.Generic ( 1 )
19:01:13.0897 0x0b20  Lenovo Eye Distance System ( UnsignedFile.Multi.Generic ) - warning
19:01:14.0078 0x0b20  [ 7DAF13DF116BC84FA1034E728326C2D6, 8513875A7E367D68D38210126CD72423BDCC4B7C6C9DA21038D35FB35B0DE002 ] C:\Program Files\Lenovo\Lenovo Brightness System\Lenovo Dynamic Brightness System.exe
19:01:14.0087 0x0b20  Lenovo Dynamic Brightness System - detected UnsignedFile.Multi.Generic ( 1 )
19:01:14.0087 0x0b20  Detect skipped due to KSN trusted
19:01:14.0087 0x0b20  Lenovo Dynamic Brightness System - ok
19:01:14.0115 0x0b20  [ 0B427D9943C838620AFA30CBB24A6D77, 5A98B1405126F79846C810E739E964B11A4397F3DE597991308DB3C6AABB8F81 ] C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
19:01:14.0122 0x0b20  CLMLServer - ok
19:01:14.0148 0x0b20  [ 4EFCDF3DB1BBA69C09622991280C4ACB, A86D4694BCFFF3C0FAF07C56A410A8317A953FB581CDCDBED5CAF735A0E2AC0D ] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe
19:01:14.0157 0x0b20  UpdateP2GoShortCut - ok
19:01:14.0175 0x0b20  [ 3FB4E7E2069F0FD9E15ABC18D605E427, 2FFC218E575DA9E8C86E468227B302752C73EA3246CC0A599D7BCC41ED404F4D ] C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe
19:01:14.0184 0x0b20  UpdatePRCShortCut - ok
19:01:14.0205 0x0b20  [ 150F7974EB0B03D4C35107BFC584DEA6, D3C538E14E61453C14885863DDE56B26412445F11E0B0ADA3BBC96021EFAA355 ] C:\Program Files (x86)\Lenovo\Lenovo EBook&QuickNotes\TMCMonitor.exe
19:01:14.0209 0x0b20  TMCMonitor - detected UnsignedFile.Multi.Generic ( 1 )
19:01:14.0209 0x0b20  Detect skipped due to KSN trusted
19:01:14.0209 0x0b20  TMCMonitor - ok
19:01:14.0259 0x0b20  [ 61E4289E91E88C90478D7F4BEB10DCF7, 1D0F4034E0111CF5758F470C15A22A0A28EB8269CB5BF07222C9C0FB07A15C55 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
19:01:14.0265 0x0b20  APSDaemon - ok
19:01:14.0334 0x0b20  [ D4AD55A8145F94E63F60C3B8C3B2AB6E, AC3E4EE8EF27EFE790F7363CB80239D090CC4D3E73F838A612AB1B7D48EC8038 ] C:\Windows\USB Vibration\7906\USB Gamepad.exe
19:01:14.0357 0x0b20  USB Gamepad - ok
19:01:14.0471 0x0b20  [ 98FAFD82E4F0674D2D7BB3C8FD141D32, 4F44F6B17E40268B8EE0251E6D913157CA1E7CE4C9D9B434262E74F136453A10 ] c:\Creative Suite CS2\Adobe Creative Suite 2.0\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
19:01:14.0494 0x0b20  Adobe Version Cue CS2 - detected UnsignedFile.Multi.Generic ( 1 )
19:01:14.0494 0x0b20  Detect skipped due to KSN trusted
19:01:14.0494 0x0b20  Adobe Version Cue CS2 - ok
19:01:14.0559 0x0b20  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
19:01:14.0594 0x0b20  Sidebar - ok
19:01:14.0625 0x0b20  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
19:01:14.0639 0x0b20  mctadmin - ok
19:01:14.0664 0x0b20  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
19:01:14.0697 0x0b20  Sidebar - ok
19:01:14.0703 0x0b20  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
19:01:14.0727 0x0b20  mctadmin - ok
19:01:14.0836 0x0b20  [ E8405C87CD06FF5D69BC6F3B24D766D0, C82171BEDBFE593A04D09C2E20B0528AA3CEC722D6919F8A5C70C6EFFB9EFEAE ] C:\Users\horton\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
19:01:14.0850 0x0b20  AmazonMP3DownloaderHelper - ok
19:01:14.0856 0x0b20  AV detected via SS2: AntiVir Desktop, C:\Program Files (x86)\Avira\AntiVir Desktop\wsctool.exe (  ), 0x41000 ( enabled : updated )
19:01:14.0859 0x0b20  Win FW state via NFP2: disabled ( not trusted )
19:01:15.0020 0x0b20  ============================================================
19:01:15.0020 0x0b20  Scan finished
19:01:15.0020 0x0b20  ============================================================
19:01:15.0027 0x0f28  Detected object count: 1
19:01:15.0027 0x0f28  Actual detected object count: 1
19:01:21.0005 0x0f28  Lenovo Eye Distance System ( UnsignedFile.Multi.Generic ) - skipped by user
19:01:21.0005 0x0f28  Lenovo Eye Distance System ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 03.02.2017, 10:34   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Wie werde ich "win32.downloader.gen" los? - Standard

Wie werde ich "win32.downloader.gen" los?



Adware/Junkware/Toolbars entfernen

Alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!
Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren!


1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 03.02.2017, 11:25   #11
Mon147
 
Wie werde ich "win32.downloader.gen" los? - Standard

Wie werde ich "win32.downloader.gen" los?



Ergebnis von AdwCleaner:

Code:
ATTFilter
# AdwCleaner v6.043 - Bericht erstellt am 03/02/2017 um 11:00:00
# Aktualisiert am 27/01/2017 von Malwarebytes
# Datenbank : 2017-02-02.4 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (X64)
# Benutzername : horton - HORTON-PC
# Gestartet von : C:\Users\horton\Desktop\AdwCleaner_6.043.exe
# Modus: Löschen
# Unterstützung : https://www.malwarebytes.com/support



***** [ Dienste ] *****



***** [ Ordner ] *****

[-] Ordner gelöscht: C:\Users\horton\AppData\LocalLow\Conduit
[-] Ordner gelöscht: C:\Users\horton\AppData\LocalLow\DVDVideoSoftTB_DE
[-] Ordner gelöscht: C:\Users\horton\AppData\Roaming\dvdvideosoftiehelpers
[-] Ordner gelöscht: C:\Program Files (x86)\Conduit
[-] Ordner gelöscht: C:\Program Files (x86)\DVDVideoSoftTB_DE
[-] Ordner gelöscht: C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
[-] Ordner gelöscht: C:\Users\horton\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkcedibhemacmilmkpndpkoidlnmgngg


***** [ Dateien ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Verknüpfungen ] *****



***** [ Aufgabenplanung ] *****



***** [ Registrierungsdatenbank ] *****

[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Toolbar.CT2625848
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\AppID\{06DEB529-DE09-43EC-B6E2-451AAB0FF000}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\CLSID\{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\CLSID\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\CLSID\{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\CLSID\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\CLSID\{987D9269-F8A1-408F-BF62-4397D2F5363E}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\CLSID\{E0722BEB-FDA1-4AA1-A2A8-15A74A5B3F70}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\CLSID\{F1963E76-845B-474C-8C7F-D69A96D8AA34}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\CLSID\{457EF9F0-0A7C-4302-B47B-C207A8DE8598}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\TypeLib\{06DEB529-DE09-43EC-B6E2-451AAB0FF000}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\TypeLib\{E00DE9B9-B128-4C39-B732-B5D85013FA48}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}
[-] Schlüssel gelöscht: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{21FA44EF-376D-4D53-9B0F-8A89D3229068}
[-] Schlüssel gelöscht: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{21FA44EF-376D-4D53-9B0F-8A89D3229068}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{457EF9F0-0A7C-4302-B47B-C207A8DE8598}
[-] Wert gelöscht: HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}]
[-] Wert gelöscht: HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59}]
[-] Wert gelöscht: HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{21FA44EF-376D-4D53-9B0F-8A89D3229068}]
[-] Wert gelöscht: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{21FA44EF-376D-4D53-9B0F-8A89D3229068}]
[-] Wert gelöscht: HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}]
[-] Schlüssel gelöscht: HKU\S-1-5-21-3064065677-2226785740-1792966077-1000\Software\Softonic
[-] Schlüssel gelöscht: HKU\S-1-5-21-3064065677-2226785740-1792966077-1000\Software\AppDataLow\Toolbar
[-] Schlüssel gelöscht: HKU\S-1-5-21-3064065677-2226785740-1792966077-1000\Software\AppDataLow\Software\Conduit
[-] Schlüssel gelöscht: HKU\S-1-5-21-3064065677-2226785740-1792966077-1000\Software\AppDataLow\Software\ConduitSearchScopes
[#] Schlüssel mit Neustart gelöscht: HKCU\Software\Softonic
[#] Schlüssel mit Neustart gelöscht: HKCU\Software\AppDataLow\Toolbar
[#] Schlüssel mit Neustart gelöscht: HKCU\Software\AppDataLow\Software\Conduit
[#] Schlüssel mit Neustart gelöscht: HKCU\Software\AppDataLow\Software\ConduitSearchScopes
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\Softonic
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\AppDataLow\Toolbar
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\AppDataLow\Software\Conduit
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\AppDataLow\Software\ConduitSearchScopes
[-] Schlüssel gelöscht: HKU\S-1-5-21-3064065677-2226785740-1792966077-1000\Software\Microsoft\Internet Explorer\SearchScopes\{271EF175-8711-4D5F-A69D-5130D0D13442}
[-] Daten  wiederhergestellt: HKU\S-1-5-21-3064065677-2226785740-1792966077-1000\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[#] Schlüssel mit Neustart gelöscht: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{271EF175-8711-4D5F-A69D-5130D0D13442}
[-] Daten  wiederhergestellt: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
[-] Daten  wiederhergestellt: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{271EF175-8711-4D5F-A69D-5130D0D13442}
[-] Daten  wiederhergestellt: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Wert gelöscht: HKCU\Software\Mozilla\Firefox\Extensions [{b64d9b05-48e1-4ceb-bf58-e0643994e900}]
[#] Wert mit Neustart gelöscht: [x64] HKCU\Software\Mozilla\Firefox\Extensions [{b64d9b05-48e1-4ceb-bf58-e0643994e900}]
[#] Wert mit Neustart gelöscht: HKCU\Software\Mozilla\Firefox\Extensions [{b64d9b05-48e1-4ceb-bf58-e0643994e900}]
[#] Wert mit Neustart gelöscht: [x64] HKCU\Software\Mozilla\Firefox\Extensions [{b64d9b05-48e1-4ceb-bf58-e0643994e900}]
[#] Wert mit Neustart gelöscht: HKCU\Software\Mozilla\Firefox\Extensions [{b64d9b05-48e1-4ceb-bf58-e0643994e900}]
[#] Wert mit Neustart gelöscht: [x64] HKCU\Software\Mozilla\Firefox\Extensions [{b64d9b05-48e1-4ceb-bf58-e0643994e900}]
[#] Wert mit Neustart gelöscht: HKCU\Software\Mozilla\Firefox\Extensions [{b64d9b05-48e1-4ceb-bf58-e0643994e900}]
[#] Wert mit Neustart gelöscht: [x64] HKCU\Software\Mozilla\Firefox\Extensions [{b64d9b05-48e1-4ceb-bf58-e0643994e900}]
[#] Wert mit Neustart gelöscht: HKCU\Software\Mozilla\Firefox\Extensions [{b64d9b05-48e1-4ceb-bf58-e0643994e900}]
[#] Wert mit Neustart gelöscht: [x64] HKCU\Software\Mozilla\Firefox\Extensions [{b64d9b05-48e1-4ceb-bf58-e0643994e900}]
[#] Wert mit Neustart gelöscht: HKCU\Software\Mozilla\Firefox\Extensions [{b64d9b05-48e1-4ceb-bf58-e0643994e900}]
[#] Wert mit Neustart gelöscht: [x64] HKCU\Software\Mozilla\Firefox\Extensions [{b64d9b05-48e1-4ceb-bf58-e0643994e900}]
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Google\Chrome\Extensions\mkcedibhemacmilmkpndpkoidlnmgngg
[-] Schlüssel gelöscht: HKCU\Software\Google\Chrome\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\Google\Chrome\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp


***** [ Browser ] *****

[-] [C:\Users\horton\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Gelöscht: trovi.search
[-] [C:\Users\horton\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Gelöscht: hxxp://www.trovi.com/?gd=&ctid=CT3322288&octid=EB_ORIGINAL_CTID&ISID=MCF6129E0-50C5-47DB-9195-25BD87B7A4AE&SearchSource=55&CUI=&UM=6&UP=SP484366AB-7A74-4877-98A7-BE92B29E4CCA&SSPV=
[-] [C:\Users\horton\AppData\Local\Google\Chrome\User Data\Default] [extension] Gelöscht: mkcedibhemacmilmkpndpkoidlnmgngg
[-] [C:\Users\horton\AppData\Local\Google\Chrome\User Data\Default] [homepage] Gelöscht: hxxp://www.trovi.com/?gd=&ctid=CT3322288&octid=EB_ORIGINAL_CTID&ISID=MCF6129E0-50C5-47DB-9195-25BD87B7A4AE&SearchSource=55&CUI=&UM=6&UP=SP484366AB-7A74-4877-98A7-BE92B29E4CCA&SSPV=


*************************

:: "Tracing" Schlüssel gelöscht
:: Winsock Einstellungen zurückgesetzt
:: Proxy Einstellungen zurückgesetzt
:: Internet Explorer Richtlinien gelöscht
:: Chrome Richtlinien gelöscht

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [9622 Bytes] - [03/02/2017 11:00:00]
C:\AdwCleaner\AdwCleaner[S0].txt - [8981 Bytes] - [03/02/2017 10:58:09]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [9768 Bytes] ##########
         
Ergebnisse JRT:

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 7 Home Premium x64 
Ran by horton (Administrator) on 03.02.2017 at 11:10:35,34
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 18 

Successfully deleted: C:\Users\horton\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\horton\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\131MVRYU (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\horton\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\horton\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B8EDIHJC (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\horton\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\horton\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HABG4H7A (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\horton\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\horton\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PDZD05WZ (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\131MVRYU (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B8EDIHJC (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HABG4H7A (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PDZD05WZ (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\SysWOW64\sho71E4.tmp (File) 
Successfully deleted: C:\Windows\SysWOW64\shoD8B1.tmp (File) 

Deleted the following from C:\Users\horton\AppData\Roaming\Mozilla\Firefox\Profiles\fzwgi5ur.default\prefs.js
user_pref(browser.urlbar.suggest.searches, true);



Registry: 2 

Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03.02.2017 at 11:16:30,26
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

Alt 03.02.2017, 12:16   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Wie werde ich "win32.downloader.gen" los? - Standard

Wie werde ich "win32.downloader.gen" los?



Wir haben leider noch ne ältere Anleitung vom adwCleaner, bitte nochmal ausführen und so einstellen:

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 03.02.2017, 12:25   #13
Mon147
 
Wie werde ich "win32.downloader.gen" los? - Standard

Wie werde ich "win32.downloader.gen" los?



Code:
ATTFilter
# AdwCleaner v6.043 - Bericht erstellt am 03/02/2017 um 12:19:27
# Aktualisiert am 27/01/2017 von Malwarebytes
# Datenbank : 2017-02-02.4 [Lokal]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (X64)
# Benutzername : horton - HORTON-PC
# Gestartet von : C:\Users\horton\Desktop\AdwCleaner_6.043.exe
# Modus: Suchlauf
# Unterstützung : https://www.malwarebytes.com/support



***** [ Dienste ] *****

Keine schädlichen Dienste gefunden.


***** [ Ordner ] *****

Keine schädlichen Ordner gefunden.


***** [ Dateien ] *****

Keine schädlichen Dateien gefunden.


***** [ DLL ] *****

Keine infizierten DLLs gefunden.


***** [ WMI ] *****

Keine schädlichen Schlüssel gefunden.


***** [ Verknüpfungen ] *****

Keine infizierten Verknüpfungen gefunden.


***** [ Aufgabenplanung ] *****

Keine schädlichen Aufgaben gefunden.


***** [ Registrierungsdatenbank ] *****

Keine schädlichen Elemente in der Registrierungsdatenbank gefunden.


***** [ Internetbrowser ] *****

Keine schädlichen Elemente in Firefox basierten Browsern gefunden.
Keine schädlichen Elemente in Chrome basierten Browsern gefunden.

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [9899 Bytes] - [03/02/2017 11:00:00]
C:\AdwCleaner\AdwCleaner[S0].txt - [8981 Bytes] - [03/02/2017 10:58:09]
C:\AdwCleaner\AdwCleaner[S1].txt - [1356 Bytes] - [03/02/2017 12:19:27]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1429 Bytes] ##########
         

Alt 03.02.2017, 13:03   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Wie werde ich "win32.downloader.gen" los? - Standard

Wie werde ich "win32.downloader.gen" los?



Dann zeig mal frische FRST Logs. Haken setzen bei addition.txt dann auf Untersuchen klicken

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 03.02.2017, 13:19   #15
Mon147
 
Wie werde ich "win32.downloader.gen" los? - Standard

Wie werde ich "win32.downloader.gen" los?



Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 29-01-2017
durchgeführt von horton (Administrator) auf HORTON-PC (03-02-2017 13:12:15)
Gestartet von C:\Users\horton\Desktop
Geladene Profile: horton (Verfügbare Profile: horton & Ameise & der Erfinder)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 8 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Adobe Systems Incorporated) C:\Creative Suite CS2\Adobe Creative Suite 2.0\Adobe Version Cue CS2\bin\VersionCueCS2.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Chip Digital GmbH) C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Digital Wave Ltd.) C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
() C:\Creative Suite CS2\Adobe Creative Suite 2.0\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
() C:\Windows\System32\atwtusb.exe
(Microsoft Corporation) C:\Windows\System32\perfmon.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Program Files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

==================== Registry (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11057768 2010-07-06] (Realtek Semiconductor)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [MacroKeyManager] => C:\Windows\system32\WTMKM.exe [6446312 2010-06-14] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-03-02] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [jmekey] => C:\Program Files (x86)\jmesoft\hotkey.exe [225280 2009-08-25] (JME)
HKLM-x32\...\Run: [YouCam Mirror Tray icon] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [171104 2010-03-16] (CyberLink Corp.)
HKLM-x32\...\Run: [Lenovo Eye Distance System] => C:\Program Files\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exe [264704 2010-07-08] (Lenovo)
HKLM-x32\...\Run: [Lenovo Dynamic Brightness System] => C:\Program Files\Lenovo\Lenovo Brightness System\Lenovo Dynamic Brightness System.exe [281088 2010-07-16] (Lenovo)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-04] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [TMCMonitor] => C:\Program Files (x86)\Lenovo\Lenovo EBook&QuickNotes\TMCMonitor.exe [53248 2009-11-09] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [USB Gamepad] => C:\Windows\USB Vibration\7906\USB Gamepad.exe [796784 2008-12-10] ()
HKLM-x32\...\Run: [Adobe Version Cue CS2] => c:\Creative Suite CS2\Adobe Creative Suite 2.0\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe [856064 2005-04-06] (Adobe Sytems Incorporated)
HKU\S-1-5-21-3064065677-2226785740-1792966077-1000\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\horton\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKU\S-1-5-21-3064065677-2226785740-1792966077-1000\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-3064065677-2226785740-1792966077-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [WLStart] => C:\Program Files (x86)\Windows Live\Installer\wlstart.exe [786760 2009-07-26] (Microsoft Corporation)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-11-01] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-11-01] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-11-01] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2016-05-16]
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2010-09-20]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{A6F2330F-3790-4172-B4B7-CE7317B8C6F6}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{DCDE01C2-B4BA-4B7A-BBDC-8B4FD2A8AAE7}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-3064065677-2226785740-1792966077-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com
HKU\S-1-5-21-3064065677-2226785740-1792966077-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3064065677-2226785740-1792966077-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-09-08] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2016-11-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-01] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-09-08] (Oracle Corporation)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll [2014-04-22] (DVDVideoSoft Ltd.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation)
BHO-x32: Kein Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> Keine Datei
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2012-10-31] (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-11-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-11-01] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2012-10-31] (Oracle Corporation)
BHO-x32: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [2009-02-06] (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-20] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2011-04-22] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2011-04-22] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2011-04-22] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2011-04-22] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: fzwgi5ur.default
FF ProfilePath: C:\Users\horton\AppData\Roaming\Mozilla\Firefox\Profiles\fzwgi5ur.default [2017-02-03]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\fzwgi5ur.default -> DuckDuckGo
FF Extension: (YouTube mp3) - C:\Users\horton\AppData\Roaming\Mozilla\Firefox\Profiles\fzwgi5ur.default\Extensions\info@youtube-mp3.org.xpi [2016-04-27]
FF Extension: (Save as PDF) - C:\Users\horton\AppData\Roaming\Mozilla\Firefox\Profiles\fzwgi5ur.default\Extensions\save-as-pdf-ff@pdfcrowd.com.xpi [2016-04-28]
FF Extension: (UnMHT) - C:\Users\horton\AppData\Roaming\Mozilla\Firefox\Profiles\fzwgi5ur.default\Extensions\{f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}.xpi [2016-11-28]
FF Extension: (Diagnostics) - C:\Users\horton\AppData\Roaming\Mozilla\Firefox\Profiles\fzwgi5ur.default\features\{f11a5f6e-61bd-4e13-8a98-44f23f361f4e}\diagnostics@mozilla.org.xpi [2017-02-02]
FF Extension: (Send HSTS Priming Requests) - C:\Users\horton\AppData\Roaming\Mozilla\Firefox\Profiles\fzwgi5ur.default\features\{f11a5f6e-61bd-4e13-8a98-44f23f361f4e}\hsts-priming@mozilla.org.xpi [2017-02-02]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-23] ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-09-08] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-09-08] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-23] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2012-10-31] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2012-10-31] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-12] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2016-01-21] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @playstation.com/PsndlCheck,version=1.00 -> C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll [2011-08-03] (Sony Computer Entertainment Inc.)
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 -> C:\Program Files (x86)\Sony\Media Go\npmediago.dll [2012-08-02] (Sony Network Entertainment International LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-21] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-21] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-12-09] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-12-09] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3064065677-2226785740-1792966077-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\horton\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-04-23] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3064065677-2226785740-1792966077-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\horton\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll [2013-05-22] (Amazon.com, Inc.)

Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://www.google.com/
CHR DefaultSearchURL: Default -> hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3322288&octid=EB_ORIGINAL_CTID&ISID=MCF6129E0-50C5-47DB-9195-25BD87B7A4AE&SearchSource=58&CUI=&UM=6&UP=SP484366AB-7A74-4877-98A7-BE92B29E4CCA&q={searchTerms}&SSPV=
CHR DefaultSearchKeyword: Default -> trovi.search
CHR DefaultSuggestURL: Default -> hxxp://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\gcswf32.dll => Keine Datei
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll => Keine Datei
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\ppGoogleNaClPluginChrome.dll => Keine Datei
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\pdf.dll => Keine Datei
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => Keine Datei
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll => Keine Datei
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll => Keine Datei
CHR Profile: C:\Users\horton\AppData\Local\Google\Chrome\User Data\Default [2017-02-03]
CHR Extension: (YouTube) - C:\Users\horton\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-02]
CHR Extension: (Google-Suche) - C:\Users\horton\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-02]
CHR Extension: (Avira Browserschutz) - C:\Users\horton\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-04-27]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\horton\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-29]
CHR Extension: (Google Mail) - C:\Users\horton\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2016-05-16] (Adobe Systems) [Datei ist nicht signiert]
R2 Adobe Version Cue CS2; c:\Creative Suite CS2\Adobe Creative Suite 2.0\Adobe Version Cue CS2\bin\VersionCueCS2.exe [163840 2005-04-06] (Adobe Systems Incorporated) [Datei ist nicht signiert]
S3 becldr3Service; C:\Program Files (x86)\BCL Technologies\easyConverter SDK 3\Common\becldr.exe [176128 2011-04-19] () [Datei ist nicht signiert]
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [915232 2010-07-15] (Broadcom Corporation.)
R2 chip1click; C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe [91136 2016-10-27] (Chip Digital GmbH) [Datei ist nicht signiert]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3042032 2016-12-13] (Microsoft Corporation)
R2 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [391656 2016-07-22] (Digital Wave Ltd.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [Datei ist nicht signiert]
S2 WTService; C:\Windows\System32\atwtusb.exe [907496 2010-06-14] () [Datei ist nicht signiert]
S2 ZAPrivacyService; "C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe" [X]

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S0 AFS; C:\Windows\SysWow64\Drivers\AFS.sys [77004 2016-08-31] (Oak Technology Inc.) [Datei ist nicht signiert]
R3 ATIAVPCI; C:\Windows\System32\DRIVERS\atinavrr.sys [1557760 2010-03-26] (ATI Technologies Inc.)
S3 h647906; C:\Windows\System32\drivers\h647906.sys [62576 2008-12-01] (Your Corporation)
S3 hid7906; C:\Windows\SysWOW64\drivers\hid7906.sys [41096 2008-12-01] (Your Corporation)
R0 johci; C:\Windows\System32\DRIVERS\johci.sys [23152 2010-01-15] (JMicron )
R3 moufiltr; C:\Windows\System32\DRIVERS\moufiltr.sys [7680 2009-03-08] (Windows (R) Codename Longhorn DDK provider)
R3 NW1950; C:\Windows\System32\DRIVERS\NW1950.sys [26176 2010-08-06] ()
R3 vhidmini; C:\Windows\System32\DRIVERS\walvhid.sys [7552 2009-08-26] (Windows (R) Win 7 DDK provider)
R3 VMC412; C:\Windows\System32\Drivers\VMC412.sys [237568 2010-07-17] (Vimicro Corporation)
R0 WinI2C-DDC; C:\Windows\System32\drivers\DDCDrv.sys [20832 2008-04-08] (Nicomsoft Ltd.)
R0 WinI2C-DDC; C:\Windows\SysWOW64\drivers\DDCDrv.sys [15712 2010-03-22] (Nicomsoft Ltd.)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-02-03 11:16 - 2017-02-03 11:16 - 00003802 _____ C:\Users\horton\Desktop\JRT.txt
2017-02-03 11:09 - 2017-02-03 11:09 - 01663040 _____ (Malwarebytes) C:\Users\horton\Desktop\JRT.exe
2017-02-03 11:05 - 2017-02-03 11:05 - 00009902 _____ C:\Users\horton\Desktop\AdwCleaner[C0].txt
2017-02-03 10:54 - 2017-02-03 12:19 - 00000000 ____D C:\AdwCleaner
2017-02-03 10:51 - 2017-02-03 10:51 - 04015056 _____ C:\Users\horton\Desktop\AdwCleaner_6.043.exe
2017-02-02 18:57 - 2017-02-03 04:57 - 00410058 _____ C:\TDSSKiller.3.1.0.12_02.02.2017_18.57.40_log.txt
2017-02-02 18:56 - 2017-02-02 18:57 - 04747704 _____ (AO Kaspersky Lab) C:\Users\horton\Desktop\tdsskiller.exe
2017-02-02 17:01 - 2017-02-02 18:53 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-02-02 17:01 - 2017-02-02 17:54 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-02-02 17:01 - 2017-02-02 17:01 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-02 16:58 - 2017-02-02 18:53 - 00000000 ____D C:\Users\horton\Desktop\mbar
2017-02-02 16:58 - 2017-02-02 17:53 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2017-02-02 16:55 - 2017-02-02 16:57 - 16563352 _____ (Malwarebytes Corp.) C:\Users\horton\Desktop\mbar-1.09.3.1001.exe
2017-02-02 15:42 - 2017-02-02 15:42 - 00222568 _____ C:\Users\horton\Desktop\SpybotSD.Results.txt
2017-02-02 12:43 - 2017-02-02 12:44 - 00042283 _____ C:\Users\horton\Desktop\Addition.txt
2017-02-02 12:42 - 2017-02-03 13:12 - 00022297 _____ C:\Users\horton\Desktop\FRST.txt
2017-02-02 12:42 - 2017-02-03 13:12 - 00000000 ____D C:\FRST
2017-02-02 12:22 - 2017-02-02 12:33 - 02420736 _____ (Farbar) C:\Users\horton\Desktop\FRST64.exe
2017-02-02 12:00 - 2017-02-02 12:08 - 00414016 _____ C:\TDSSKiller.3.1.0.12_02.02.2017_12.00.46_log.txt
2017-02-02 11:55 - 2017-02-02 11:57 - 00414150 _____ C:\TDSSKiller.3.1.0.12_02.02.2017_11.55.10_log.txt
2017-02-02 11:54 - 2017-02-02 11:54 - 00000000 ____D C:\Program Files (x86)\Chip Digital GmbH
2017-02-02 08:47 - 2017-02-02 08:47 - 00000000 ____D C:\Program Files (x86)\TeaTimer (Spybot - Search & Destroy)
2017-02-02 08:47 - 2017-02-02 08:47 - 00000000 ____D C:\Program Files (x86)\File Scanner Library (Spybot - Search & Destroy)
2017-01-31 10:24 - 2017-01-31 10:24 - 00000000 ____D C:\Windows\pss
2017-01-26 14:31 - 2017-02-01 17:36 - 00000000 ____D C:\Users\horton\Desktop\umgang

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-02-03 12:45 - 2015-01-30 20:08 - 00000000 ____D C:\Users\horton\Desktop\Desktop aufräumen!
2017-02-03 12:42 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2017-02-03 12:39 - 2012-10-04 19:32 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-02-03 12:19 - 2016-12-03 11:42 - 00000000 ____D C:\Users\horton\AppData\LocalLow\Mozilla
2017-02-03 11:32 - 2009-07-14 05:45 - 00010096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-02-03 11:32 - 2009-07-14 05:45 - 00010096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-02-03 11:01 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-03 11:01 - 2009-07-14 03:34 - 00000742 _____ C:\Windows\win.ini
2017-02-03 10:59 - 2015-05-30 09:28 - 00000008 __RSH C:\Users\horton\ntuser.pol
2017-02-03 10:59 - 2011-06-18 21:21 - 00000000 ___HD C:\Users\horton
2017-02-03 07:44 - 2009-07-14 18:58 - 00699868 _____ C:\Windows\system32\perfh007.dat
2017-02-03 07:44 - 2009-07-14 18:58 - 00149750 _____ C:\Windows\system32\perfc007.dat
2017-02-03 07:44 - 2009-07-14 06:13 - 01622228 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-03 07:44 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2017-02-03 05:25 - 2013-10-17 13:42 - 00007634 _____ C:\Users\horton\AppData\Local\Resmon.ResmonCfg
2017-02-02 16:38 - 2013-08-12 19:09 - 00000000 ____D C:\Program Files (x86)\Avira
2017-02-02 16:35 - 2012-07-05 09:40 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-02-02 16:35 - 2012-07-05 09:40 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2017-02-02 16:32 - 2014-08-17 21:45 - 00000000 ____D C:\ProgramData\Package Cache
2017-02-02 16:32 - 2013-08-12 19:09 - 00000000 ____D C:\ProgramData\Avira
2017-02-02 16:31 - 2013-08-12 19:10 - 00000000 ____D C:\Users\horton\AppData\Roaming\Avira
2017-02-02 11:54 - 2012-11-20 21:55 - 00000000 ____D C:\Users\horton\AppData\Local\Downloaded Installations
2017-02-02 08:39 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Public\Libraries
2017-02-02 08:04 - 2013-12-18 20:34 - 00000000 ____D C:\ProgramData\SecTaskMan
2017-02-01 14:13 - 2013-05-06 14:07 - 00000000 ____D C:\Users\horton\Desktop\WORK2DO
2017-02-01 10:57 - 2016-11-30 23:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-02-01 10:57 - 2016-01-21 10:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-01-31 10:13 - 2016-05-04 13:14 - 00000000 ____D C:\Users\horton\Desktop\SoSe2016
2017-01-31 10:11 - 2016-05-04 09:08 - 00000000 ____D C:\Users\horton\Desktop\Beppo
2017-01-31 10:07 - 2014-07-15 18:50 - 00000000 ____D C:\Users\horton\Desktop\uni
2017-01-31 09:28 - 2012-02-23 11:59 - 00000000 ____D C:\Users\horton\AppData\Roaming\vlc
2017-01-25 17:32 - 2016-11-18 16:02 - 00000000 ____D C:\Users\Ameise\AppData\LocalLow\Mozilla
2017-01-23 16:14 - 2015-11-29 18:58 - 00004090 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1448819900
2017-01-23 15:39 - 2012-10-04 19:32 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-01-23 15:39 - 2012-06-08 10:22 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-01-23 15:39 - 2012-03-18 04:26 - 00000000 ____D C:\Windows\system32\Macromed
2017-01-23 15:39 - 2011-06-30 13:45 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-01-23 15:39 - 2010-09-20 13:39 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-01-23 15:05 - 2016-03-10 20:21 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-23 15:04 - 2016-01-21 09:58 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-01-18 16:33 - 2016-01-21 11:08 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-01-18 16:31 - 2016-01-21 11:05 - 00000000 ____D C:\Program Files\Microsoft Office 15

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2013-05-22 12:03 - 2013-05-22 12:03 - 0000050 _____ () C:\Users\horton\AppData\Roaming\AcroIEHelpe.txt
2013-05-22 11:27 - 2013-05-22 11:27 - 0552126 _____ () C:\Users\horton\AppData\Roaming\dict.txt
2013-05-22 11:27 - 2013-05-22 11:27 - 0001466 _____ () C:\Users\horton\AppData\Roaming\jserv.txt
2013-05-22 11:58 - 2013-05-22 11:58 - 0000505 _____ () C:\Users\horton\AppData\Roaming\rost.dat
2013-05-22 11:27 - 2013-05-22 11:27 - 0000260 _____ () C:\Users\horton\AppData\Roaming\srvblck5.tmp
2016-05-12 07:12 - 2016-05-12 07:12 - 0002112 _____ () C:\Users\horton\AppData\Local\recently-used.xbel
2013-10-17 13:42 - 2017-02-03 05:25 - 0007634 _____ () C:\Users\horton\AppData\Local\Resmon.ResmonCfg
2011-11-10 10:40 - 2012-03-06 11:07 - 0000125 ___SH () C:\ProgramData\.zreglib
2010-09-20 13:39 - 2010-09-20 13:39 - 1914000 _____ (Adobe Systems Incorporated) C:\ProgramData\flashax10.exe
2016-07-21 18:00 - 2016-08-03 12:31 - 0000848 ___SH () C:\ProgramData\KGyGaAvL.sys

Dateien, die verschoben oder gelöscht werden sollten:
====================
C:\ProgramData\flashax10.exe


Einige Dateien in TEMP:
====================
2015-05-30 09:31 - 2015-05-30 09:31 - 0000000 ____D () C:\Users\Ameise\AppData\Local\Temp\avgnt.exe
2016-09-13 14:12 - 2016-09-13 14:12 - 0000000 ____D () C:\Users\der Erfinder\AppData\Local\Temp\avgnt.exe
2016-08-10 15:20 - 2016-07-04 01:08 - 0049544 _____ (HP Inc.) C:\Users\horton\AppData\Local\Temp\ACLMInstaller.exe
2013-12-02 12:11 - 2014-08-17 21:45 - 0000000 ____D () C:\Users\horton\AppData\Local\Temp\avgnt.exe
2016-07-21 17:29 - 2016-07-21 17:35 - 0008480 _____ (Corel Corporation) C:\Users\horton\AppData\Local\Temp\DRPCUNLR.dll
2012-09-20 02:15 - 2012-09-20 02:15 - 50352408 _____ (Microsoft Corporation) C:\Users\horton\AppData\Local\Temp\NetFramework45.exe
2016-07-10 07:14 - 2016-07-10 07:14 - 7424678 _____ () C:\Users\horton\AppData\Local\Temp\tmpA44A.tmp.exe

==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2016-11-20 01:49

==================== Ende von FRST.txt ============================
         
Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 29-01-2017
durchgeführt von horton (03-02-2017 13:12:48)
Gestartet von C:\Users\horton\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2011-06-18 20:21:03)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-3064065677-2226785740-1792966077-500 - Administrator - Disabled)
Ameise (S-1-5-21-3064065677-2226785740-1792966077-1001 - Limited - Enabled) => C:\Users\Ameise
der Erfinder (S-1-5-21-3064065677-2226785740-1792966077-1002 - Limited - Enabled) => C:\Users\der Erfinder
Gast (S-1-5-21-3064065677-2226785740-1792966077-501 - Limited - Disabled)
horton (S-1-5-21-3064065677-2226785740-1792966077-1000 - Administrator - Enabled) => C:\Users\horton

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: AntiVir Desktop (Enabled - Up to date) {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AntiVir Desktop (Enabled - Up to date) {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

1x1-Trainer 4  (HKLM-x32\...\1x1-Trainer) (Version: 4 - Hans-Jürgen Stoffels, Köln.)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.023.20056 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2710 - Adobe Systems Incorporated)
Adobe Creative Suite 2 (HKLM-x32\...\{0134A1A1-C283-4A47-91A1-92F19F960372}) (Version:  - )
Adobe Flash Player 24 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version:  3.0 - Adobe Systems, Inc.)
Amazon Kindle (HKU\S-1-5-21-3064065677-2226785740-1792966077-1000\...\Amazon Kindle) (Version:  - Amazon)
Amazon MP3-Downloader 1.0.18 (HKU\S-1-5-21-3064065677-2226785740-1792966077-1000\...\Amazon MP3-Downloader) (Version: 1.0.18 - Amazon Services LLC)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
ArcSoft PhotoStudio Paint (HKLM-x32\...\{EC252D0D-C690-4CE7-BA07-23F4E00505BE}) (Version: 1.0.1.25 - ArcSoft)
ATI Catalyst Install Manager (HKLM\...\{D6D18877-4A64-CE9E-1980-C1F414AC7F27}) (Version: 3.0.765.0 - ATI Technologies, Inc.)
BCL easyConverter 3.0 Licensing Module (BCL License) (x32 Version: 3.0.18 - BCL Technologies) Hidden
BCL easyConverter 3.0 Loader SDK Module (x32 Version: 3.0.18 - BCL Technologies) Hidden
BCL easyConverter 3.0 Module (Loader, BCL License) (x32 Version: 3.0.18 - BCL Technologies) Hidden
BCL easyConverter 3.0 Module (RTF, BCL License) (x32 Version: 3.0.18 - BCL Technologies) Hidden
BCL easyConverter 3.0 RTF SDK Module (x32 Version: 3.0.18 - BCL Technologies) Hidden
BCL easyConverter 3.0 SDK Module (x32 Version: 3.0.18 - BCL Technologies) Hidden
Bluetooth Notice (HKLM-x32\...\{4CC5AE2D-492D-4A21-9E99-1F46A7D4158B}) (Version: 2.0.00.07050 - Lenovo)
Botanicula (HKLM-x32\...\Botanicula) (Version: 1.0 - Amanita Design, s.r.o.)
ccc-core-static (x32 Version: 2010.0302.2233.40412 - Ihr Firmenname) Hidden
chip 1-click download service (HKLM-x32\...\{503CA94E-0834-4CEE-AD92-BA17AF4E809A}) (Version: 3.6.9.0 - Chip Digital GmbH)
Corel PDF Fusion - Creator (Version: 4.0.0 - Corel Corporation) Hidden
Corel PDF Fusion - ICA (x32 Version: 1.12 - Corel Corporation) Hidden
Corel PDF Fusion - Program (x32 Version: 1.14.0000 - Corel Corporation) Hidden
Corel PDF Fusion - Setup (x32 Version: 1.12 - Corel Corporation) Hidden
Corel PDF Fusion (HKLM-x32\...\_{5D62567F-38BA-4713-B87E-CF06C465E33B}) (Version: 1.14 - Corel Corporation)
Corel Shell Extension - 64Bit (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Content (x32 Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Draw (x32 Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Extra Content (HKLM-x32\...\_{806422F8-8E0A-494A-A369-0F34F1B89160}) (Version:  - Corel Corporation)
CorelDRAW Essentials 4 - Extra Content (x32 Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Filters (x32 Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - ICA (x32 Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - IPM - No VBA (x32 Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang BR (x32 Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang DE (x32 Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang EN (x32 Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang ES (x32 Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang FR (x32 Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang IT (x32 Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang NL (x32 Version: 4.0 - Uw bedrijfsnaam) Hidden
CorelDRAW Essentials 4 - PHOTO-PAINT (x32 Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Windows Shell Extension (HKLM-x32\...\_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}) (Version:  - Corel Corporation)
CorelDRAW Essentials 4 - Windows Shell Extension (x32 Version: 1.1 - Corel Corporation) Hidden
CorelDRAW Essentials 4 (HKLM-x32\...\_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}) (Version:  - Corel Corporation)
CorelDRAW Essentials 4 (x32 Version: 4.0 - Corel Corporation) Hidden
Curling (HKLM-x32\...\{369AAC15-34EF-4A1E-9090-29BEE38956F4}) (Version: 1.16.063010 - NTTC)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2716 - CyberLink Corp.)
Dialang V1 Beta (HKLM-x32\...\{97DF4674-AB43-11D5-91C9-005004F84FA1}) (Version:  - )
DriverInstall (x32 Version: 1.00.0000 - Genaitech) Hidden
DVD Decrypter (Remove Only) (HKLM-x32\...\DVD Decrypter) (Version:  - )
DVDVideoSoftTB DE Toolbar (HKLM-x32\...\DVDVideoSoftTB_DE Toolbar) (Version: 6.9.0.16 - DVDVideoSoftTB DE)
EGR-ShellExtension (HKLM-x32\...\EGR-ShellExtension) (Version: 1.1.0.100 - EasternGraphics)
Firework (HKLM-x32\...\{736DB9B0-D2BA-41DC-AACD-384A599B7D24}) (Version: 1.14.063010 - NTTC)
Free Notes & Office Ink (HKLM-x32\...\{556F2137-B772-43BB-9A45-E0275234DD16}) (Version:   -  )
Funny Cube (HKLM-x32\...\{791708C1-0D84-4D05-88DC-A29EE9808270}) (Version: 1.17.063010 - NTTC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Earth (HKLM-x32\...\{A0C18B96-AB79-46BD-8321-6FA83E6D25B9}) (Version: 7.1.7.2606 - Google)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Happy Hit (HKLM-x32\...\{A8BE86A1-7E0E-4814-80E5-6F4073B744F7}) (Version: 1.33.063010 - NTTC)
HP Foto und Bildbearbeitung 1.0 - HP PSC - HP OfficeJet (HKLM-x32\...\PSC 2000 Series) (Version:  - )
Idea Touch 3.0 (HKLM-x32\...\{70D6A420-AAC3-4213-9EF7-CDD6C16CCF2D}) (Version: 3.00.010.0816 - Lenovo)
InterVideo WinDVD 8 (HKLM-x32\...\InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}) (Version: 8.0.20.197 - InterVideo Inc.)
InterVideo WinDVD 8 (x32 Version: 8.0.20.197 - InterVideo Inc.) Hidden
Janosch Tigerschule (HKLM-x32\...\{DB7DEBC2-8031-4186-A5C2-DAD6C823853C}) (Version: 1.00.0000 - Terzio Verlag)
Janoschs neue Tigerschule (HKLM-x32\...\Janoschs neue Tigerschule) (Version:  - )
Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
Java 7 Update 9 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217009FF}) (Version: 7.0.90 - Oracle)
Java(TM) 6 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)
JMicron 1394 Filter Driver (HKLM-x32\...\{13C96625-28E4-4c58-ADE0-CDAFC64752EB}) (Version: 1.00.09.00 - JMicron Technology Corp.)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.44.1 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
LEGO Digital Designer (HKLM-x32\...\New LEGO Digital Designer) (Version:  - LEGO A/S)
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.2600 - Broadcom Corporation)
Lenovo Dynamic Brightness System (HKLM-x32\...\{D9ED6D06-6002-495E-A7BC-46E6AE386996}) (Version: 4.0.00.19161 - Lenovo)
Lenovo EBook&QuickNotes (HKLM-x32\...\InstallShield_{63EA246F-3C4F-4809-B0DE-3738F99B34DD}) (Version: 1.0.3.9 - ArcSoft)
Lenovo EBook&QuickNotes (x32 Version: 1.0.3.9 - ArcSoft) Hidden
Lenovo Eye Distance System (HKLM-x32\...\{5183D7AB-D09B-411F-A74E-BBAEA61C6505}) (Version: 4.0.00.19080 - Lenovo)
Lenovo Fun Zone (HKLM-x32\...\motiongame) (Version: 0.7.8.51 - Tose(Shanghai) Ltd.)
Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3720 - CyberLink Corp.)
Lenovo Power2Go (x32 Version: 6.0.3720 - CyberLink Corp.) Hidden
Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 3.0.1409 - CyberLink Corp.)
Lenovo Rescue System (Version: 3.0.1409 - CyberLink Corp.) Hidden
Lenovo Treiber- und Anwendungsinstallation (HKLM-x32\...\{45970CD1-D599-47D4-938F-3E9800D54ED1}) (Version: 5.10.1809 - Lenovo)
Lenovo USB2.0 UVC Camera (HKLM-x32\...\{70D2C5B8-EB22-45B1-9EAA-5E8C1C408A3B}) (Version: 1.00.0000 - Vimicro Corporation)
Lenovo VeriTouch 2.0 (HKLM-x32\...\InstallShield_{6A7F7465-284F-4299-8663-CDB496CEFA7D}) (Version: 2.0.1.9 - ArcSoft)
Lenovo VeriTouch2.0 (x32 Version: 2.0.1.9 - ArcSoft) Hidden
Lenovo_Wireless_Driver (HKLM-x32\...\{28ABE740-47F3-441B-9437-852F6A64EFF8}) (Version: 1.02.01 - Lenovo)
LenovoModifyWindowStyle (HKLM-x32\...\{EBC41B09-E56D-421C-B3D0-84AC1103541B}) (Version: 1.00.0408 - Lenovo)
LIMBO (HKU\S-1-5-21-3064065677-2226785740-1792966077-1000\...\Limbo) (Version:  - )
Link Up (HKLM-x32\...\{3DEDB107-2FCB-4544-844D-EC2878A9F22C}) (Version: 1.17.063010 - NTTC)
LVT (HKLM-x32\...\{D3063097-EC84-4D21-84A4-9D852E974355}) (Version: 4.1.2.0423 - Lenovo)
LXH-JME8002B Hotkey Driver (HKLM-x32\...\{29EA755D-404B-4310-872C-EB1B8513F9D6}) (Version: 5.0.0825 - Lenovo)
Machinarium (HKLM-x32\...\Machinarium) (Version:  - Daedalic Entertainment)
MacroKey Manager (HKLM-x32\...\InstallShield_{66A4349A-AA55-43E5-A781-62867A701A90}) (Version:  - )
MacroKey Manager (Version: 1.00.0000 - Ihr Firmenname) Hidden
Mat5070Win7x64Drv (HKLM-x32\...\InstallShield_{884D18CB-F012-4F9D-9498-25D1E004DB87}) (Version: 6.14.10.396 - Geniatech)
Mat5070Win7x64Drv (x32 Version: 6.14.10.396 - Geniatech) Hidden
Media Go (HKLM-x32\...\{7A6C3344-5CF9-4B83-959C-6576C5B27D09}) (Version: 2.3.255 - Sony)
Media Go Video Playback Engine 1.96.115.08260 (HKLM-x32\...\{065DBB54-6E55-A609-2E1E-F0617E827D53}) (Version: 1.96.115.08260 - Sony)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office 365 ProPlus - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 15.0.4893.1002 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Proofing Tools 2013 - Español (HKLM\...\{90150000-001F-0C0A-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Research AutoCollage Touch 2009 (HKLM-x32\...\{1F8DA253-3C27-4B01-A63A-BA3533120833}) (Version: 2.00.2009 - Microsoft Research)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 51.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 de)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
MuseScore 1.2 MuseScore score typesetter (HKLM-x32\...\MuseScore) (Version: 1.2.0 - Werner Schweer and Others)
Music Star (HKLM-x32\...\{E4FB9C8E-E965-4885-A4F8-8D2991AD4A36}) (Version: 1.35.063010 - NTTC)
Music Star (x32 Version: 1.35.063010 - NTTC) Hidden
NextWindow Drivers (HKLM\...\{0D765C2F-D317-4C25-9582-F669974FADA4}) (Version: 1.4.144 - NextWindow)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4893.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4893.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4893.1002 - Microsoft Corporation) Hidden
OpenOffice 4.1.2 (HKLM-x32\...\{F5CAB1AF-7B1A-4CEC-B829-A3F699473AE1}) (Version: 4.12.9782 - Apache Software Foundation)
Opera 12.17 (HKLM-x32\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
Opera Stable 37.0.2178.32 (HKLM-x32\...\Opera 37.0.2178.32) (Version: 37.0.2178.32 - Opera Software)
pCon.planner 6.7 (HKLM-x32\...\pCon.planner 6.7) (Version: 6.7.0.102 - EasternGraphics)
pCon.planner 6.7 (x32 Version: 6.7.0.102 - EasternGraphics) Hidden
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5875) (Version:  - )
PlayStation(R)Network Downloader (HKLM-x32\...\{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}) (Version: 2.07.00849 - Sony Computer Entertainment Inc.)
PlayStation(R)Store (HKLM-x32\...\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}) (Version: 4.12.6.14870 - Sony Computer Entertainment Inc.)
PowerCinema (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 7.0.4308 - CyberLink Corp.)
PowerCinema (x32 Version: 7.0.4308 - CyberLink Corp.) Hidden
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Readiris 7.5 (HKLM-x32\...\{9BFFB382-0B2C-11D6-AB3E-000102B0F79A}) (Version:  - )
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.18.322.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6151 - Realtek Semiconductor Corp.)
Scrabble3D (HKLM-x32\...\{FF7B2746-9028-4784-B4E7-CC8CA67CF98D}) (Version: 3.1.4 - Heiko Tietze)
Security Task Manager 1.8g (HKLM-x32\...\Security Task Manager) (Version: 1.8g - Neuber Software)
Suite Specific (x32 Version: 2.0.0 - Adobe Systems, Incorporated) Hidden
ThemeWallpaper (HKLM-x32\...\{F29CBF73-C211-4616-898A-379A2679F990}) (Version: 1.2.0.100706 - Lenovo)
Tiny and Big - Grandpa's Leftovers (remove only) (HKLM-x32\...\Tiny and Big - Grandpas Leftovers) (Version:  - )
tipptapp (HKLM-x32\...\tipptapp) (Version: 1.1 - UNKNOWN)
tipptapp (x32 Version: 1.1 - UNKNOWN) Hidden
Unity Web Player (HKU\S-1-5-21-3064065677-2226785740-1792966077-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
USB Network Joystick (HKLM-x32\...\{2A558A06-A44E-400D-95AD-D9FAA89AFD36}) (Version: V3.70a - )
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
Windows Driver Package - Broadcom (BTHUSB) Bluetooth  (04/08/2010 6.3.5.430) (HKLM\...\DE7217D2A8B057F15EC6E52329FDAB84231521E8) (Version: 04/08/2010 6.3.5.430 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Live Anmelde-Assistent (HKLM-x32\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinRAR 4.10 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.10.0 - win.rar GmbH)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {04C5F25C-AAFA-492D-81D3-F2A3C7F99DC7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2016-11-01] (Microsoft Corporation)
Task: {06FE0C75-095D-4538-9652-1459AD205388} - System32\Tasks\{68C54E11-A282-461B-95D6-06C9D1E2DA94} => pcalua.exe -a C:\Users\horton\Desktop\dialang.exe -d C:\Users\horton\Desktop
Task: {0B2FB6FB-5A3B-4553-91CA-5D4A0F147735} - System32\Tasks\{D6E62EA7-E2F5-4CA8-BF54-4E460763B5E2} => pcalua.exe -a D:\setup.exe -d D:\
Task: {184B24B0-6EEB-4954-99E5-36D978467C30} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-11-01] (Microsoft Corporation)
Task: {1CF293F8-1AEA-4197-946C-92687175403F} - System32\Tasks\{736C63F3-D2A7-419C-8F26-4F75DB5FA8EE} => pcalua.exe -a C:\Users\horton\Desktop\cs2\CS2_RetNon_Ger_3.exe -d C:\Users\horton\Desktop\cs2
Task: {3B09AC67-7BFE-49D7-AD47-3AD780BF497F} - System32\Tasks\Opera scheduled Autoupdate 1448819900 => C:\Users\Ameise\AppData\Local\Programs\Opera\launcher.exe [2017-01-16] (Opera Software)
Task: {3B289925-D629-4DFE-AE42-D9D95D4B4410} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {3EAB639C-2FC8-4064-98DD-4C85415019E2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-23] (Adobe Systems Incorporated)
Task: {448A37AB-EE09-4022-B1B2-E40C21C38283} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2016-11-01] (Microsoft Corporation)
Task: {54200FB5-0D44-4CAA-98C9-708949FA1F09} - System32\Tasks\Opera scheduled Autoupdate 1418639019 => C:\Program Files (x86)\Opera\launcher.exe [2016-04-28] (Opera Software)
Task: {65219F8A-790B-47DF-A54B-CEE1F484C54D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2016-11-01] (Microsoft Corporation)
Task: {661D22D4-FB9D-4D29-8177-BBA903971A83} - System32\Tasks\{9A441C31-2AC8-449A-98AD-3A8894ED1EB5} => pcalua.exe -a C:\Users\horton\Desktop\Beppo\cs2\CS_2.0_GR_Extras_1.exe -d C:\Users\horton\Desktop\Beppo\cs2
Task: {7BCEE2BE-4536-465C-9685-42B1C8CB5079} - System32\Tasks\{9F891BA6-C1FD-4436-8635-17892C96B09F} => pcalua.exe -a C:\Users\horton\Desktop\cs2\CS_2.0_GR_Extras_1.exe -d C:\Users\horton\Desktop\cs2
Task: {A6155A92-7CDC-49EE-BF19-BC640597705A} - System32\Tasks\{11BC33C9-6703-4868-A206-CC3820EC52EF} => pcalua.exe -a C:\Users\horton\Desktop\cs2\CS2_RetNon_Ger_2.exe -d C:\Users\horton\Desktop\cs2
Task: {AA7AF7A0-6DFC-429F-9B01-3F6FE6409F23} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-11-01] (Microsoft Corporation)
Task: {C85FD0DE-8A35-454D-A55E-9C4A0DF07642} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-13] (Google Inc.)
Task: {CE94750F-6DB9-4D3E-8104-F4408AB635C0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-13] (Google Inc.)
Task: {F7FB24F9-0C03-4DF3-9AD9-48BF1D996598} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2016-01-21 11:05 - 2016-05-24 08:51 - 00116416 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2005-04-06 15:53 - 2005-04-06 15:53 - 03502080 _____ () c:\Creative Suite CS2\Adobe Creative Suite 2.0\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
2012-02-09 14:01 - 2012-01-09 19:44 - 00193536 _____ () C:\Program Files\WinRAR\rarext.dll
2010-06-14 13:27 - 2010-06-14 13:27 - 00907496 _____ () C:\Windows\system32\atwtusb.exe
2002-04-11 03:19 - 2002-04-11 03:19 - 00077824 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
2005-04-06 15:52 - 2005-04-06 15:52 - 00028791 _____ () c:\Creative Suite CS2\Adobe Creative Suite 2.0\Adobe Version Cue CS2\jre\bin\hpi.dll
2005-04-06 15:53 - 2005-04-06 15:53 - 00057453 _____ () c:\Creative Suite CS2\Adobe Creative Suite 2.0\Adobe Version Cue CS2\jre\bin\verify.dll
2005-04-06 15:53 - 2005-04-06 15:53 - 00102515 _____ () c:\Creative Suite CS2\Adobe Creative Suite 2.0\Adobe Version Cue CS2\jre\bin\java.dll
2005-04-06 15:53 - 2005-04-06 15:53 - 00053364 _____ () c:\Creative Suite CS2\Adobe Creative Suite 2.0\Adobe Version Cue CS2\jre\bin\zip.dll
2005-04-06 15:53 - 2005-04-06 15:53 - 00057455 _____ () C:\Creative Suite CS2\Adobe Creative Suite 2.0\Adobe Version Cue CS2\jre\bin\net.dll
2005-04-06 15:53 - 2005-04-06 15:53 - 00032880 _____ () C:\Creative Suite CS2\Adobe Creative Suite 2.0\Adobe Version Cue CS2\jre\bin\nio.dll
2005-04-06 15:53 - 2005-04-06 15:53 - 00434255 _____ () c:\Creative Suite CS2\Adobe Creative Suite 2.0\Adobe Version Cue CS2\bin\ps-rw-vc-v8_58.dll
2005-04-06 15:53 - 2005-04-06 15:53 - 01019904 _____ () c:\Creative Suite CS2\Adobe Creative Suite 2.0\Adobe Version Cue CS2\bin\ps-vc-v8_58.dll
2014-07-18 11:12 - 2016-07-22 07:26 - 00114664 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\zlib1.dll
2016-08-08 15:12 - 2016-07-22 07:24 - 00108008 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_filesystem-vc120-mt-1_56.dll
2016-08-08 15:12 - 2016-07-22 07:24 - 00024040 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_system-vc120-mt-1_56.dll
2016-08-08 15:12 - 2016-07-22 07:24 - 00048104 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_date_time-vc120-mt-1_56.dll
2002-04-11 03:19 - 2002-04-11 03:19 - 00024576 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnfps.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-3064065677-2226785740-1792966077-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\horton\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
mpsdrv => Firewall Dienst läuft nicht.
MpsSvc => Firewall Dienst läuft nicht.
bfe => Firewall Dienst läuft nicht.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^hp psc 2000 Series.lnk => C:\Windows\pss\hp psc 2000 Series.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^officejet 6100.lnk => C:\Windows\pss\officejet 6100.lnk.CommonStartup
MSCONFIG\startupreg: Adobe Version Cue CS2 => "c:\Creative Suite CS2\Adobe Creative Suite 2.0\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Share-to-Web Namespace Daemon => C:\Program Files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{A4FB27FC-023D-4129-B1DE-FDF2B09061D5}] => C:\Program Files (x86)\Lenovo\PowerCinema\PowerCinema.exe
FirewallRules: [{8A3B9C82-477B-497B-875D-47FB8BA0C12E}] => C:\Program Files (x86)\Lenovo\PowerCinema\PCMService.exe
FirewallRules: [{9C02D370-9C54-4245-8D97-C3EF1807BD7B}] => C:\Program Files (x86)\Lenovo\PowerCinema\Kernel\DMP\CLBrowserEngine.exe
FirewallRules: [{C31DDC86-21AB-47E0-888F-8DEF4FD5BE47}] => C:\Program Files (x86)\Lenovo\PowerCinema\Kernel\DMS\CLMSService.exe
FirewallRules: [{C8468554-4EA9-4C9F-8262-671D36E9E99F}] => C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{0516DDB6-8361-4C3B-91AD-478A20CF035E}] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{034FFB5D-CBD4-4AC3-AE1F-6F182A2C1083}] => svchost.exe
FirewallRules: [{6CA96BF6-9B90-44A9-AFD3-29CC3CB428E6}] => C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{BD3F27AF-F479-44D9-81F7-343CA3100C7D}] => C:\Program Files (x86)\Opera\opera.exe
FirewallRules: [{590DF1F9-59A1-408A-A742-150E8DE4BC62}] => C:\Program Files (x86)\Opera\opera.exe
FirewallRules: [TCP Query User{97B50266-2462-4C09-817D-46088F510B3D}C:\users\horton\appdata\local\temp\cprogram files (x86)opera\operaupgrader.exe] => C:\users\horton\appdata\local\temp\cprogram files (x86)opera\operaupgrader.exe
FirewallRules: [UDP Query User{4D447EA7-4625-409F-B49C-29DA7B9C90C7}C:\users\horton\appdata\local\temp\cprogram files (x86)opera\operaupgrader.exe] => C:\users\horton\appdata\local\temp\cprogram files (x86)opera\operaupgrader.exe

==================== Wiederherstellungspunkte =========================

20-11-2016 01:55:47 Geplanter Prüfpunkt
22-11-2016 14:10:20 Windows Update
02-02-2017 08:36:22 Removed BlueStacks Notification Center
02-02-2017 08:38:17 Removed BlueStacks Notification Center
03-02-2017 11:10:39 JRT Pre-Junkware Removal
Überprüfen Sie den "winmgmt" Dienst oder reparieren Sie den WMI.


==================== Fehlerhafte Geräte im Gerätemanager =============

Name: Realtek PCIe GBE Family Controller #2
Description: Realtek PCIe GBE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8167
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (02/02/2017 08:11:43 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (02/02/2017 08:00:01 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoID={5089AFC7-E689-4661-9467-5683F945F9F1}: Der Benutzer "horton-PC\horton" hat eine Verbindung mit dem Namen "Breitbandverbindung" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 0.

Error: (02/02/2017 07:07:26 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (02/01/2017 02:37:52 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (02/01/2017 10:59:25 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (01/30/2017 08:13:04 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (01/28/2017 11:50:58 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (01/26/2017 08:56:10 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (01/25/2017 04:24:45 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (01/24/2017 02:59:02 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)


Systemfehler:
=============
Error: (02/03/2017 11:11:55 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "WTService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (02/03/2017 11:05:10 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147023143 = In der Endpunktzuordnung sind keine weiteren Endpunkte verfügbar..

Error: (02/03/2017 11:01:39 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
AFS

Error: (02/03/2017 11:01:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ZoneAlarm Privacy Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
Das System kann die angegebene Datei nicht finden.

Error: (02/03/2017 11:01:33 AM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: Der Dienst "chip 1-click download service" hat einen ungültigen aktuellen Status gemeldet: 0

Error: (02/03/2017 11:01:33 AM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: Der Dienst "chip 1-click download service" hat einen ungültigen aktuellen Status gemeldet: 0

Error: (02/03/2017 10:59:58 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: 
Es wird bereits eine Instanz des Dienstes ausgeführt.

Error: (02/03/2017 10:59:30 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Application Virtualization Client" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (02/03/2017 10:59:29 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (02/03/2017 10:59:29 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i3 CPU 550 @ 3.20GHz
Prozentuale Nutzung des RAM: 52%
Installierter physikalischer RAM: 4023.12 MB
Verfügbarer physikalischer RAM: 1927.5 MB
Summe virtueller Speicher: 8044.42 MB
Verfügbarer virtueller Speicher: 5619.2 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:906.34 GB) (Free:659.28 GB) NTFS
Drive d: (TippTapp) (CDROM) (Total:0.17 GB) (Free:0 GB) CDFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 8D385642)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=906.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=25.1 GB) - (Type=12)

==================== Ende von Addition.txt ============================
         

Antwort

Themen zu Wie werde ich "win32.downloader.gen" los?
adobe, antivir, antivirus, computer, cpu, defender, firefox, flash player, home, homepage, mozilla, mp3, object, prozesse, realtek, registry, rundll, safer networking, security, services.exe, software, svchost.exe, system, temp, udp, windows



Ähnliche Themen: Wie werde ich "win32.downloader.gen" los?


  1. Eset findet "Win32/Bundled.Toolbar.Google.D" und "Win32/OpenCandy.C"
    Plagegeister aller Art und deren Bekämpfung - 22.09.2015 (10)
  2. "troyaner wie win32.Downloader.gen gefunden"
    Log-Analyse und Auswertung - 04.04.2015 (13)
  3. Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!
    Plagegeister aller Art und deren Bekämpfung - 11.01.2015 (16)
  4. Habe ich "win32.downloader.gen" vollständig entfernt?
    Log-Analyse und Auswertung - 16.08.2013 (17)
  5. Avira meldet "TR/Downloader.Gen8" und "TR/Matsnu.EB.130" nach öffnen von Malware
    Plagegeister aller Art und deren Bekämpfung - 20.03.2013 (32)
  6. "Licensevalidator.exe" u.A.: ESET meldet "Win32/Kryptik.ADPW trojan" sowie "Win32/Gataka.A trojan"
    Log-Analyse und Auswertung - 12.04.2012 (21)
  7. viren "Trojan:Win32/Bumat!rts" und "Exploit Java/CVE-2010-0840.ew" auf Laptop
    Plagegeister aller Art und deren Bekämpfung - 05.10.2011 (8)
  8. Malwarereinigung: "TR/Kazy.25747.40", "Trojan.Downloader..." und "Backdoor: Win32Cycbot.B"
    Log-Analyse und Auswertung - 09.06.2011 (1)
  9. "0.05870814618642739.exe" ("Win32:Trojan-gen") in "C:\Users\***\AppData\Local\Temp\"
    Plagegeister aller Art und deren Bekämpfung - 02.01.2011 (25)
  10. "Trojan-Downloader.Win32.Small.eqn"
    Plagegeister aller Art und deren Bekämpfung - 02.10.2008 (14)
  11. "Adware.Virtumonde"/"Downloader.MisleadApp"/"TR/VB.agt.4"/"NewDotNet.A.1350"/"Fakerec
    Plagegeister aller Art und deren Bekämpfung - 22.08.2008 (6)
  12. "Security Toolbar" und Trojan-Downloader.Win32.
    Plagegeister aller Art und deren Bekämpfung - 26.11.2007 (10)
  13. Virus "Trojan-Downloader.Win32.Agent variable" Brauche Hilfe!
    Plagegeister aller Art und deren Bekämpfung - 12.08.2007 (5)
  14. Malware "DyFuCA" ;Win32.Trojan.Downloader mit Ad-Aware SE Personal gefunden
    Log-Analyse und Auswertung - 11.08.2006 (13)
  15. Win:32 "Namedy", Win32: "Dynafor" und Win:32 "Dybac"
    Plagegeister aller Art und deren Bekämpfung - 12.04.2006 (10)
  16. Hilfe zu"Trojan Downloader.Win32.INService.i"!!!
    Plagegeister aller Art und deren Bekämpfung - 21.06.2005 (1)
  17. Werde "Trojan.Win32.StartPage.ix" nicht mehr los!!!
    Log-Analyse und Auswertung - 23.06.2004 (2)

Zum Thema Wie werde ich "win32.downloader.gen" los? - Hi, SpyBot Search&Destroy hat auf meinem PC "win32.downloader.gen" gefunden. Avira und TDSSKiller hatten nichts gefunden. Würde mich freuen wenn mir jemand hilft, das wieder loszuwerden! Scan mit FRST ergab Folgendes: - Wie werde ich "win32.downloader.gen" los?...
Archiv
Du betrachtest: Wie werde ich "win32.downloader.gen" los? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.