Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: svcHost sehr hohe CPU Auslastung

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 08.03.2017, 19:33   #1
almera500
 
svcHost sehr hohe CPU Auslastung - Standard

svcHost sehr hohe CPU Auslastung



Problem:
Svchost.exe bei der CPU Auslastung immer um die 50%.
Spybot Fehler Virtumonde, Win32.z-bot. Aber keine Spione gefunden.
Malwarebytes ohne Funde.

Log File

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:21:29, on 08.03.2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18538)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\UltimateOutsider\GWX Control Panel\GWX_control_panel.exe
C:\Program Files (x86)\FreePDF_XP\fpassist.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_24_0_0_221.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_24_0_0_221.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://safesearch.avira.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AMD SteadyVideo BHO - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O4 - HKLM\..\Run: [FreePDF Assistant] "C:\Program Files (x86)\FreePDF_XP\fpassist.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Avira SystrayStartTrigger] "C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe"
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [AppEx Accelerator UI] C:\Program Files\AMD Quick Stream\AMDQuickStream.exe -h
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [EEDSpeedLauncher] rundll32.exe C:\Windows\system32\eed_ec.dll,SpeedLauncher (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [EEDSpeedLauncher] rundll32.exe C:\Windows\system32\eed_ec.dll,SpeedLauncher (User 'Default user')
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Avira Email-Schutz (AntiVirMailService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
O23 - Service: Avira Planer (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Echtzeit-Scanner (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Webschutz (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
O23 - Service: Avira Service Host (Avira.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Dropbox-Update-Service (dbupdate) (dbupdate) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: Dropbox-Update-Service (dbupdatem) (dbupdatem) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: DbxSvc - Unknown owner - C:\Windows\system32\DbxSvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update-Dienst (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Samsung Network Fax Server - Samsung Electronics Co., Ltd. - C:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exe
O23 - Service: Samsung Printer Dianostics Service - Unknown owner - C:\Windows\system32\\spdsvc.exe
O23 - Service: Samsung UPD Utility Service (SamsungUPDUtilSvc) - Unknown owner - C:\Windows\SysWOW64\SecUPDUtilSvc.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2016.SP1\RpcAgentSrv.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) - DEVGURU Co., LTD. - C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
O23 - Service: TeamViewer 11 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9796 bytes

Alt 09.03.2017, 20:53   #2
M-K-D-B
/// TB-Ausbilder
 
svcHost sehr hohe CPU Auslastung - Standard

svcHost sehr hohe CPU Auslastung






Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo. Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
  • Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
  • Bitte beachten: Download bei filepony.de: So ladet Ihr unsere Tools richtig!
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort als Administrator zu starten!
  • Einige Programme, die wir hier verwenden, können unter Umständen von deinem Antiviren- oder Anti-Malwareprogramm fälschlicherweise als Bedrohung eingestuft werden. Die Sicherheitsprogramme können aufgrund eines bestimmten Programmverhaltens nicht zwischen "gut" oder "böse" unterscheiden und schlagen Alarm. Dabei handelt es sich um Fehlalarme, welche du getrost ignorieren kannst. Gegebenenfalls musst du deine Sicherheitssoftware vor der Ausführung eines Programms deaktivieren, damit unsere Bereinigungsvorgänge nicht beeinträchtigt werden.



Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:
So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke aauf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Danke für deine Mitarbeit!




Zur ersten Analyse bitte FRST und TDSS-Killer ausführen:



Schritt 1
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)






Schritt 2
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.







Bitte poste mit deiner nächsten Antwort
  • die Logdatei von TDSS-Killer,
  • die beiden neuen Logdateien von FRST.
__________________

__________________

Alt 10.03.2017, 06:16   #3
almera500
 
svcHost sehr hohe CPU Auslastung - Standard

svcHost sehr hohe CPU Auslastung



Hallo Matthias,

Danke für die Antwort. Hier die Log´s;

Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 08-03-2017
durchgeführt von Ritzmann (Administrator) auf RITZMANN-PC (10-03-2017 06:05:21)
Gestartet von C:\Users\Ritzmann\Downloads
Geladene Profile: Ritzmann &  (Verfügbare Profile: Ritzmann)
Platform: Windows 7 Professional Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\lpksetup.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
() C:\Windows\SysWOW64\spdsvc.exe
() C:\Windows\SysWOW64\SecUPDUtilSvc.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(UltimateOutsider) C:\Program Files (x86)\UltimateOutsider\GWX Control Panel\GWX_control_panel.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(AppEx Networks Corporation) C:\Program Files\AMD Quick Stream\AMDQuickStream.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_24_0_0_221.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_24_0_0_221.exe
(Farbar) C:\Users\Ritzmann\Downloads\FRST64(1).exe
(Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9068040 2016-11-09] (Realtek Semiconductor)
HKLM\...\Run: [GwxControlPanelMonitor] => C:\Program Files (x86)\UltimateOutsider\GWX Control Panel\GWX_control_panel.exe [4559944 2016-01-24] (UltimateOutsider)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [464608 2014-09-08] ()
HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [373760 2014-03-18] (shbox.de)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [909744 2017-03-03] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [61896 2016-12-29] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [27308304 2017-03-06] (Dropbox, Inc.)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-21-1667937398-1784957356-1515329865-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9363672 2017-02-08] (Piriform Ltd)
HKU\S-1-5-21-1667937398-1784957356-1515329865-1000\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [488640 2015-04-06] (AppEx Networks Corporation)
HKU\S-1-5-21-1667937398-1784957356-1515329865-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9363672 2017-02-08] (Piriform Ltd)
HKU\S-1-5-21-1667937398-1784957356-1515329865-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [488640 2015-04-06] (AppEx Networks Corporation)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.2
Tcpip\..\Interfaces\{83F7B557-C097-4117-AADB-B3D9653C8F66}: [DhcpNameServer] 192.168.0.1 192.168.0.2

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
HKU\S-1-5-21-1667937398-1784957356-1515329865-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
HKU\S-1-5-21-1667937398-1784957356-1515329865-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1667937398-1784957356-1515329865-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1667937398-1784957356-1515329865-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)

FireFox:
========
FF ProfilePath: C:\Users\Ritzmann\AppData\Roaming\Mozilla\Firefox\Profiles\s21y8qmf.default-1488993856462 [2017-03-10]
FF NetworkProxy: Mozilla\Firefox\Profiles\s21y8qmf.default-1488993856462 -> no_proxies_on", ""
FF NetworkProxy: Mozilla\Firefox\Profiles\s21y8qmf.default-1488993856462 -> type", 0
FF Extension: (Adblock Plus) - C:\Users\Ritzmann\AppData\Roaming\Mozilla\Firefox\Profiles\s21y8qmf.default-1488993856462\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-03-08]
FF HKLM-x32\...\Firefox\Extensions: [@greatdealz] - C:\Users\Ritzmann\AppData\Roaming\Mozilla\Firefox\Profiles\3tyhjt1y.default-1459053905676\extensions\@greatdealz.xpi => nicht gefunden
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-15] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2016-01-11] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-15] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1219159.dll [2015-06-26] (Adobe Systems, Inc.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [Keine Datei]
FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [2016-01-11] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin HKU\.DEFAULT: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2016-01-11] (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-1667937398-1784957356-1515329865-1000: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2016-01-11] (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-1667937398-1784957356-1515329865-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Ritzmann\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-02-19] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1667937398-1784957356-1515329865-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2016-01-11] (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-1667937398-1784957356-1515329865-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Ritzmann\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-02-19] (Unity Technologies ApS)

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lobonlhedgiilkfmbbbfhkaoefacipgj] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

ACHTUNG: => Signaturenvergleich konnte nicht durchgeführt werden. Kryptografischer Dienst läuft nicht.

R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-04] (Advanced Micro Devices, Inc.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [1115552 2017-03-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [487424 2017-03-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [487424 2017-03-03] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1519144 2017-03-03] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [372272 2016-12-29] (Avira Operations GmbH & Co. KG)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-03-04] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-03-04] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [46408 2017-01-21] (Dropbox, Inc.)
S2 Samsung Network Fax Server; C:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exe [801472 2015-03-10] (Samsung Electronics Co., Ltd.)
R2 Samsung Printer Dianostics Service; C:\Windows\SysWOW64\\spdsvc.exe [499000 2016-05-18] ()
R2 SamsungUPDUtilSvc; C:\Windows\SysWOW64\SecUPDUtilSvc.exe [143664 2016-02-21] ()
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2016.SP1\RpcAgentSrv.exe [81968 2016-02-23] (SiSoftware)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7500048 2016-09-20] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R2 APXACC; C:\Windows\System32\DRIVERS\appexDrv.sys [229056 2015-04-03] (AppEx Networks Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [176968 2017-03-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [148104 2017-03-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [35328 2017-03-03] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [78600 2017-03-03] (Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\Windows\System32\Drivers\avusbflt.sys [51248 2017-03-03] (Avira Operations GmbH & Co. KG)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [129152 2016-04-24] (Samsung Electronics Co., Ltd.)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [94456 2015-12-04] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [201464 2015-12-04] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [110840 2015-12-04] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [110840 2015-12-04] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [48912 2015-04-27] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [103160 2015-12-04] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [80592 2016-03-14] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [124152 2015-12-04] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [300280 2015-12-04] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [177424 2016-02-17] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [113400 2015-12-04] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [264976 2016-02-17] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [106232 2015-12-04] (Panda Security, S.L.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [171792 2016-08-05] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [127248 2016-08-05] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [205072 2016-08-05] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [131344 2016-08-05] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [144656 2016-08-05] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [114960 2016-08-05] (Panda Security, S.L.)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [70360 2016-08-08] (Panda Security, S.L.)
S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2016.SP1\WNt600x64\Sandra.sys [23112 2009-08-07] (SiSoftware)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [221824 2016-04-24] (Samsung Electronics Co., Ltd.)
S1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [117768 2015-11-10] (Oracle Corporation)
S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)
S3 dbx; system32\DRIVERS\dbx.sys [X]
S1 epp; \??\C:\EEK\bin64\epp.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-03-10 06:05 - 2017-03-10 06:05 - 00000162 _____ C:\TDSSKiller.3.1.0.12_10.03.2017_06.05.46_log.txt
2017-03-10 06:05 - 2017-03-10 06:05 - 00000000 ____D C:\FRST
2017-03-10 06:04 - 2017-03-10 06:04 - 04747704 _____ (AO Kaspersky Lab) C:\Users\Ritzmann\Downloads\tdsskiller(1).exe
2017-03-10 06:04 - 2017-03-10 06:04 - 02423808 _____ (Farbar) C:\Users\Ritzmann\Downloads\FRST64(1).exe
2017-03-10 05:14 - 2017-03-10 05:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-03-09 20:30 - 2017-03-09 20:30 - 00001668 _____ C:\Users\Ritzmann\Documents\cc_20170309_203002.reg
2017-03-09 20:27 - 2017-03-09 20:27 - 01137360 _____ (F-Secure Corporation) C:\Users\Ritzmann\Downloads\fsbl.exe
2017-03-09 20:24 - 2017-03-09 20:24 - 00186880 _____ (CEXX.ORG) C:\Users\Ritzmann\Downloads\LSPFix(1).exe
2017-03-09 14:09 - 2017-03-09 14:18 - 00000000 ____D C:\ProgramData\SecTaskMan
2017-03-09 14:09 - 2017-03-09 14:09 - 02967592 _____ C:\Users\Ritzmann\Downloads\SecurityTaskManager_Setup(1).exe
2017-03-09 14:08 - 2017-03-09 14:15 - 1879438823 _____ (Igor Pavlov) C:\Users\Ritzmann\Downloads\WinFuture_7SP1_x64_UpdatePack_2.72_Januar_2017-Vollversion.exe
2017-03-09 13:58 - 2017-03-09 13:58 - 00536128 _____ (Neuber Software) C:\Users\Ritzmann\Downloads\SvchostAnalyzer.exe
2017-03-09 13:35 - 2017-03-09 13:35 - 00032216 _____ C:\Users\Ritzmann\Documents\cc_20170309_133500.reg
2017-03-09 13:35 - 2017-03-09 13:35 - 00005384 _____ C:\Users\Ritzmann\Documents\cc_20170309_133515.reg
2017-03-09 13:18 - 2017-03-09 13:18 - 00000000 ____D C:\Users\Ritzmann\AppData\Roaming\Navigator
2017-03-09 12:56 - 2017-03-09 12:55 - 00454291 ____R C:\Windows\system32\Drivers\etc\hosts.20170309-125632.backup
2017-03-09 12:32 - 2017-03-09 12:32 - 27545184 _____ (NETGATE Technologies s.r.o. ) C:\Users\Ritzmann\Downloads\se-setup.exe
2017-03-09 12:31 - 2017-03-09 12:31 - 29446176 _____ (SUPERAntiSpyware) C:\Users\Ritzmann\Downloads\SUPERAntiSpyware.exe
2017-03-09 11:25 - 2017-03-09 11:25 - 00061910 _____ C:\Users\Ritzmann\Downloads\Shortcut.txt
2017-03-09 11:23 - 2017-03-09 11:25 - 00041094 _____ C:\Users\Ritzmann\Downloads\Addition.txt
2017-03-09 11:21 - 2017-03-10 06:05 - 00023011 _____ C:\Users\Ritzmann\Downloads\FRST.txt
2017-03-09 11:17 - 2017-03-09 11:17 - 02423808 _____ (Farbar) C:\Users\Ritzmann\Downloads\FRST64.exe
2017-03-09 10:39 - 2017-03-09 10:39 - 00032888 _____ C:\ComboFix.txt
2017-03-09 10:23 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2017-03-09 10:23 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2017-03-09 10:23 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2017-03-09 10:23 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2017-03-09 10:23 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2017-03-09 10:23 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2017-03-09 10:23 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2017-03-09 10:23 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2017-03-09 10:20 - 2017-03-09 10:20 - 00000551 _____ C:\Users\Ritzmann\Desktop\JRT.txt
2017-03-09 10:17 - 2017-03-09 10:17 - 01106888 _____ (Bleeping Computer, LLC) C:\Users\Ritzmann\Downloads\rkill64-6905.exe
2017-03-09 10:10 - 2017-03-09 10:37 - 00000000 ____D C:\Windows\erdnt
2017-03-09 10:10 - 2017-03-09 10:20 - 00006204 _____ C:\Users\Ritzmann\Desktop\Rkill.txt
2017-03-09 10:10 - 2017-03-09 10:10 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Ritzmann\Downloads\rkill.exe
2017-03-09 10:10 - 2017-03-09 10:10 - 01663736 _____ (Malwarebytes) C:\Users\Ritzmann\Downloads\JRT.exe
2017-03-09 10:10 - 2017-03-09 10:10 - 01106888 _____ (Bleeping Computer, LLC) C:\Users\Ritzmann\Downloads\rkill64.exe
2017-03-09 10:09 - 2017-03-09 10:09 - 04747704 _____ (AO Kaspersky Lab) C:\Users\Ritzmann\Downloads\tdsskiller.exe
2017-03-09 10:07 - 2017-03-09 10:10 - 05660168 ____R (Swearware) C:\Users\Ritzmann\Downloads\ComboFix.exe
2017-03-09 06:21 - 2017-03-09 06:21 - 00005912 _____ C:\Users\Ritzmann\Documents\cc_20170309_062113.reg
2017-03-09 06:21 - 2017-03-08 14:40 - 00454291 _____ C:\Windows\system32\Drivers\etc\hosts.20170309-062146.backup
2017-03-08 20:58 - 2017-03-09 07:55 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-03-08 20:57 - 2017-03-09 07:55 - 00000000 ____D C:\Users\Ritzmann\Desktop\mbar
2017-03-08 20:56 - 2017-03-08 20:56 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Ritzmann\Desktop\mbar-1.09.3.1001.exe
2017-03-08 20:56 - 2017-03-08 20:56 - 04031440 _____ C:\Users\Ritzmann\Desktop\adwcleaner_6.044.exe
2017-03-08 19:39 - 2017-03-08 19:39 - 00000000 ____D C:\Program Files (x86)\AMD AVT
2017-03-08 19:39 - 2014-02-16 17:23 - 00060640 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\usbfilter.sys
2017-03-08 19:38 - 2015-01-21 07:17 - 00229088 _____ (Advanced Micro Devices, INC.) C:\Windows\system32\Drivers\amdxhc.sys
2017-03-08 19:38 - 2015-01-21 07:17 - 00108256 _____ (Advanced Micro Devices, INC.) C:\Windows\system32\Drivers\amdhub30.sys
2017-03-08 19:38 - 2014-09-23 18:56 - 00083656 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amd_sata.sys
2017-03-08 19:38 - 2014-09-23 18:56 - 00043720 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amd_xata.sys
2017-03-08 19:16 - 2017-03-08 19:16 - 01402880 _____ C:\Users\Ritzmann\Downloads\HiJackThis-2-04.msi
2017-03-08 19:06 - 2017-03-08 19:19 - 2631704078 _____ C:\Users\Ritzmann\Downloads\AMDChipset_XPWin7-8-81_V512015_809150_809160_Godavari.zip
2017-03-08 18:39 - 2017-02-02 12:39 - 01452200 _____ (Sysinternals - www.sysinternals.com) C:\Users\Ritzmann\Desktop\procexp64.exe
2017-03-08 16:06 - 2008-01-30 19:52 - 01013216 _____ (Safer Networking Limited) C:\Users\Ritzmann\Desktop\NTRegistry.wfx
2017-03-08 16:06 - 2008-01-30 19:51 - 00843744 _____ (Safer Networking Limited) C:\Users\Ritzmann\Desktop\NTFiles.wfx
2017-03-08 16:04 - 2009-04-15 14:05 - 03065008 _____ (Safer Networking Limited) C:\Users\Ritzmann\Desktop\RootAlyzer.exe
2017-03-08 15:23 - 2017-03-08 15:23 - 00000000 ____D C:\ProgramData\MFAData
2017-03-08 14:40 - 2017-03-08 14:40 - 00454291 ____R C:\Windows\system32\Drivers\etc\hosts.20170308-144021.backup
2017-03-08 14:40 - 2017-03-08 14:40 - 00454291 ____R C:\Windows\system32\Drivers\etc\hosts.20170308-144017.backup
2017-03-08 14:40 - 2017-03-08 14:40 - 00454291 ____R C:\Windows\system32\Drivers\etc\hosts.20170308-144014.backup
2017-03-08 14:40 - 2017-03-08 11:41 - 00454291 _____ C:\Windows\system32\Drivers\etc\hosts.20170308-144004.backup
2017-03-08 12:25 - 2017-03-08 12:27 - 268723272 _____ C:\Users\Ritzmann\Downloads\EmsisoftEmergencyKit.exe
2017-03-08 11:41 - 2017-02-13 20:22 - 00454179 _____ C:\Windows\system32\Drivers\etc\hosts.20170308-114137.backup
2017-03-08 11:39 - 2017-02-13 20:22 - 00454179 _____ C:\Windows\system32\Drivers\etc\hosts.20170308-113913.backup
2017-03-08 11:38 - 2017-02-13 20:22 - 00454179 _____ C:\Windows\system32\Drivers\etc\hosts.20170308-113838.backup
2017-03-08 11:38 - 2017-02-13 20:22 - 00454179 _____ C:\Windows\system32\Drivers\etc\hosts.20170308-113811.backup
2017-03-08 11:37 - 2017-02-13 20:22 - 00454179 _____ C:\Windows\system32\Drivers\etc\hosts.20170308-113732.backup
2017-03-08 10:09 - 2017-03-08 10:09 - 00000082 _____ C:\Users\Ritzmann\Documents\cc_20170308_100929.reg
2017-03-08 10:04 - 2017-03-08 10:04 - 01689304 _____ (Security Stronghold ) C:\Users\Ritzmann\Downloads\SvchostFixWizard2.exe
2017-03-08 09:50 - 2017-03-08 09:51 - 09261616 _____ (Piriform Ltd) C:\Users\Ritzmann\Downloads\ccsetup527.exe
2017-03-08 09:50 - 2017-03-08 09:50 - 00013542 _____ C:\Users\Ritzmann\Documents\cc_20170308_095054.reg
2017-03-08 06:39 - 2017-02-23 00:42 - 00084712 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-03-08 06:39 - 2017-02-23 00:37 - 01285632 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-03-08 06:39 - 2017-02-18 15:05 - 01609216 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-03-08 06:39 - 2017-02-18 15:05 - 00646656 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-03-07 11:13 - 2017-03-07 11:13 - 00527496 _____ C:\Users\Ritzmann\Downloads\SVGICC.exe
2017-03-07 10:23 - 2017-03-07 11:17 - 00000000 ____D C:\Users\Ritzmann\AppData\Local\Adobe SVG Viewer
2017-03-06 22:12 - 2017-03-07 18:37 - 00000015 _____ C:\Users\Ritzmann\advanced_ip_scanner_Aliases.bin
2017-03-06 22:05 - 2017-03-06 22:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced IP Scanner v2
2017-03-06 22:05 - 2017-03-06 22:05 - 00000000 ____D C:\Program Files (x86)\Advanced IP Scanner
2017-03-06 22:04 - 2017-03-06 22:04 - 09213648 _____ (Famatech Corp. ) C:\Users\Ritzmann\Downloads\ipscan24(1).exe
2017-03-06 22:04 - 2017-03-06 22:04 - 00000000 ____D C:\Users\Ritzmann\AppData\Local\Advanced IP Scanner 2
2017-03-06 21:50 - 2017-03-06 21:50 - 00046184 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2017-03-03 07:49 - 2017-03-03 07:50 - 48275384 _____ (Maxthon International ltd.) C:\Users\Ritzmann\Downloads\mx5.0.2.2000.exe
2017-03-03 07:05 - 2003-09-11 22:42 - 00016384 _____ C:\Windows\SysWOW64\FileOps.exe
2017-03-03 06:57 - 2017-03-03 06:57 - 26506608 _____ (Microsoft Corporation) C:\Users\Ritzmann\Downloads\IE8-WindowsVista-x64-DEU.exe
2017-03-03 06:52 - 2017-03-03 06:52 - 02354472 _____ C:\Users\Ritzmann\Downloads\SVGView.exe
2017-03-03 06:27 - 2017-03-07 11:08 - 00512161 _____ C:\sedre.log.1
2017-03-03 06:27 - 2017-03-07 10:47 - 00000000 ____D C:\ProgramData\firebird
2017-03-03 01:10 - 2017-03-03 01:10 - 00001851 _____ C:\Users\Ritzmann\Desktop\DocBackup Citroën.lnk
2017-03-03 01:10 - 2017-03-03 01:10 - 00000000 ____D C:\Users\Ritzmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DocBackupAC
2017-03-03 01:10 - 2017-03-03 01:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DocBackupAC
2017-03-02 18:20 - 2017-03-03 06:28 - 00000000 ____D C:\Program Files\DocBackupAC
2017-03-02 15:44 - 2017-03-02 15:44 - 00001871 _____ C:\Users\Ritzmann\Desktop\Citroën SEDRE Backup.lnk
2017-03-02 15:44 - 2017-03-02 15:44 - 00000000 ____D C:\Users\Ritzmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SEDREAC
2017-03-02 15:44 - 2017-03-02 15:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SEDREAC
2017-03-02 15:43 - 2017-03-02 15:54 - 00000000 ____D C:\Program Files\SEDREAC
2017-03-02 15:40 - 2017-03-03 06:35 - 00318528 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2017-03-02 15:37 - 2017-03-03 06:34 - 00268864 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2017-03-02 15:30 - 2017-03-03 06:23 - 00000000 ____D C:\Program Files (x86)\DocBackupJRE
2017-03-01 20:47 - 2017-03-01 20:47 - 00000000 ____D C:\ProgramData\Tracker Software
2017-03-01 10:05 - 2017-03-01 10:05 - 32447561 _____ C:\Users\Ritzmann\Desktop\1032  Art0016.00  Betriebsanleitungtechnisches Datenblatt und Ersatzteilliste.pdf
2017-02-24 09:43 - 2017-02-24 09:43 - 00035864 _____ C:\Users\Ritzmann\Desktop\Rechnung.pdf
2017-02-23 11:53 - 2016-12-31 16:36 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-02-23 11:53 - 2016-12-31 16:36 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-02-23 11:53 - 2016-12-31 16:36 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-02-23 11:53 - 2016-12-31 16:36 - 00233984 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-02-23 11:53 - 2016-12-31 16:36 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-02-23 10:50 - 2017-01-05 19:55 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-02-23 10:50 - 2017-01-05 19:55 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-02-23 10:50 - 2017-01-05 19:52 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-02-23 10:50 - 2017-01-05 19:52 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-02-23 10:50 - 2017-01-05 19:52 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-02-23 10:50 - 2017-01-05 19:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-02-23 10:50 - 2017-01-05 19:52 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-02-23 10:50 - 2017-01-05 19:52 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-02-23 10:50 - 2017-01-05 19:52 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-02-23 10:50 - 2017-01-05 19:52 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-02-23 10:50 - 2017-01-05 19:52 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-02-23 10:50 - 2017-01-05 19:52 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-02-23 10:50 - 2017-01-05 19:52 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-02-23 10:50 - 2017-01-05 19:52 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-02-23 10:50 - 2017-01-05 19:52 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-02-23 10:50 - 2017-01-05 19:52 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-02-23 10:50 - 2017-01-05 19:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-02-23 10:50 - 2017-01-05 19:52 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-02-23 10:50 - 2017-01-05 19:52 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-02-23 10:50 - 2017-01-05 19:52 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-02-23 10:50 - 2017-01-05 19:52 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-02-23 10:50 - 2017-01-05 18:43 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-02-23 10:50 - 2017-01-05 18:43 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-02-23 10:50 - 2017-01-05 18:43 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-02-23 10:50 - 2017-01-05 18:43 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-02-23 10:50 - 2017-01-05 18:43 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-02-23 10:50 - 2017-01-05 18:43 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-02-23 10:50 - 2017-01-05 18:43 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-02-23 10:50 - 2017-01-05 18:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-02-23 10:50 - 2017-01-05 18:43 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-02-23 10:50 - 2017-01-05 18:43 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-02-23 10:50 - 2017-01-05 18:43 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-02-23 10:50 - 2017-01-05 18:43 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-02-23 10:50 - 2017-01-05 18:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-02-23 10:50 - 2017-01-05 18:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-02-23 10:50 - 2017-01-05 18:43 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-02-23 10:50 - 2017-01-05 18:42 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-02-23 10:50 - 2017-01-05 18:32 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-02-23 10:50 - 2017-01-05 18:25 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-02-23 10:50 - 2017-01-05 18:24 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-02-23 10:50 - 2017-01-05 18:24 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-02-23 10:50 - 2017-01-05 18:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-02-23 10:50 - 2017-01-05 18:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-02-23 10:50 - 2017-01-05 18:19 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-02-23 10:50 - 2016-11-21 19:12 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2017-02-23 10:50 - 2016-11-20 17:19 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
2017-02-23 10:50 - 2016-11-20 15:07 - 00467392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2017-02-23 10:50 - 2016-11-17 17:41 - 00370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2017-02-23 10:50 - 2016-11-14 23:39 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-02-23 10:50 - 2016-11-12 20:48 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-02-23 10:50 - 2016-11-12 20:48 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-02-23 10:50 - 2016-11-12 20:28 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-02-23 10:50 - 2016-11-12 20:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-02-23 10:50 - 2016-11-12 20:26 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-02-23 10:50 - 2016-11-12 20:25 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-02-23 10:50 - 2016-11-12 20:25 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-02-23 10:50 - 2016-11-12 20:21 - 02896384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-02-23 10:50 - 2016-11-12 20:15 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-02-23 10:50 - 2016-11-12 20:14 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-02-23 10:50 - 2016-11-12 20:09 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-02-23 10:50 - 2016-11-12 20:08 - 25759744 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-02-23 10:50 - 2016-11-12 20:08 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-02-23 10:50 - 2016-11-12 20:08 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-02-23 10:50 - 2016-11-12 20:07 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-02-23 10:50 - 2016-11-12 20:07 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-02-23 10:50 - 2016-11-12 19:56 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-02-23 10:50 - 2016-11-12 19:53 - 06049280 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-02-23 10:50 - 2016-11-12 19:52 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-02-23 10:50 - 2016-11-12 19:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-02-23 10:50 - 2016-11-12 19:40 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-02-23 10:50 - 2016-11-12 19:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-02-23 10:50 - 2016-11-12 19:34 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-02-23 10:50 - 2016-11-12 19:31 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-02-23 10:50 - 2016-11-12 19:29 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-02-23 10:50 - 2016-11-12 19:29 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-02-23 10:50 - 2016-11-12 19:29 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-02-23 10:50 - 2016-11-12 19:28 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-02-23 10:50 - 2016-11-12 19:27 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-02-23 10:50 - 2016-11-12 19:20 - 02287616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-02-23 10:50 - 2016-11-12 19:19 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-02-23 10:50 - 2016-11-12 19:17 - 20302848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-02-23 10:50 - 2016-11-12 19:15 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-02-23 10:50 - 2016-11-12 19:14 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-02-23 10:50 - 2016-11-12 19:14 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-02-23 10:50 - 2016-11-12 19:14 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-02-23 10:50 - 2016-11-12 19:11 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-02-23 10:50 - 2016-11-12 19:10 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-02-23 10:50 - 2016-11-12 19:08 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-02-23 10:50 - 2016-11-12 19:08 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-02-23 10:50 - 2016-11-12 19:03 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-02-23 10:50 - 2016-11-12 18:56 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-02-23 10:50 - 2016-11-12 18:52 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-02-23 10:50 - 2016-11-12 18:51 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-02-23 10:50 - 2016-11-12 18:49 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-02-23 10:50 - 2016-11-12 18:47 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-02-23 10:50 - 2016-11-12 18:41 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-02-23 10:50 - 2016-11-12 18:40 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-02-23 10:50 - 2016-11-12 18:38 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-02-23 10:50 - 2016-11-12 18:37 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-02-23 10:50 - 2016-11-12 18:36 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-02-23 10:50 - 2016-11-12 18:35 - 02920960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-02-23 10:50 - 2016-11-12 18:21 - 13653504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-02-23 10:50 - 2016-11-12 18:11 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-02-23 10:50 - 2016-11-12 18:05 - 02444800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-02-23 10:50 - 2016-11-12 18:02 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-02-23 10:50 - 2016-11-12 18:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-02-23 10:50 - 2016-11-10 17:32 - 01009152 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2017-02-23 10:50 - 2016-11-10 17:19 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2017-02-23 10:50 - 2016-11-09 17:41 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2017-02-23 10:50 - 2016-11-09 17:33 - 03244032 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2017-02-23 10:50 - 2016-11-09 17:33 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2017-02-23 10:50 - 2016-11-09 17:33 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2017-02-23 10:50 - 2016-11-09 17:33 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2017-02-23 10:50 - 2016-11-09 17:33 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2017-02-23 10:50 - 2016-11-09 17:33 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-02-23 10:50 - 2016-11-09 17:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2017-02-23 10:50 - 2016-11-09 17:17 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2017-02-23 10:50 - 2016-11-09 17:17 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2017-02-23 10:50 - 2016-11-09 17:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2017-02-23 10:50 - 2016-11-09 17:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2017-02-23 10:50 - 2016-11-09 17:02 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2017-02-23 10:50 - 2016-11-09 16:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2017-02-23 10:50 - 2016-11-06 17:33 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-02-23 10:50 - 2016-11-06 17:16 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-02-23 10:50 - 2016-11-06 17:01 - 03219456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-02-23 10:50 - 2016-11-02 16:36 - 00382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-02-23 10:50 - 2016-11-02 16:32 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2017-02-23 10:50 - 2016-11-02 16:32 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-02-23 10:50 - 2016-11-02 16:32 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2017-02-23 10:50 - 2016-11-02 16:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2017-02-23 10:50 - 2016-11-02 16:22 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2017-02-23 10:50 - 2016-11-02 16:16 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2017-02-23 10:50 - 2016-11-02 16:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2017-02-23 10:50 - 2016-11-02 16:16 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2017-02-23 10:50 - 2016-11-02 15:53 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2017-02-23 10:50 - 2016-10-27 16:33 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2017-02-23 10:50 - 2016-10-27 16:20 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2017-02-23 10:50 - 2016-10-15 16:31 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-02-23 10:50 - 2016-10-15 16:31 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2017-02-23 10:50 - 2016-10-15 16:13 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-02-23 10:50 - 2016-10-15 16:13 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2017-02-23 10:50 - 2016-10-11 16:40 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-02-23 10:50 - 2016-10-11 16:37 - 05547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-02-23 10:50 - 2016-10-11 16:37 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-02-23 10:50 - 2016-10-11 16:34 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-02-23 10:50 - 2016-10-11 16:32 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-02-23 10:50 - 2016-10-11 16:32 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-02-23 10:50 - 2016-10-11 16:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-02-23 10:50 - 2016-10-11 16:32 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-02-23 10:50 - 2016-10-11 16:32 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
2017-02-23 10:50 - 2016-10-11 16:32 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-02-23 10:50 - 2016-10-11 16:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-02-23 10:50 - 2016-10-11 16:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-02-23 10:50 - 2016-10-11 16:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-02-23 10:50 - 2016-10-11 16:31 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-02-23 10:50 - 2016-10-11 16:31 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10.IME
2017-02-23 10:50 - 2016-10-11 16:31 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2017-02-23 10:50 - 2016-10-11 16:31 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-02-23 10:50 - 2016-10-11 16:31 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2017-02-23 10:50 - 2016-10-11 16:31 - 00457216 _____ (Microsoft Corporation) C:\Windows\system32\imkr80.ime
2017-02-23 10:50 - 2016-10-11 16:31 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-02-23 10:50 - 2016-10-11 16:31 - 00246784 _____ (Microsoft Corporation) C:\Windows\system32\input.dll
2017-02-23 10:50 - 2016-10-11 16:31 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\tintlgnt.ime
2017-02-23 10:50 - 2016-10-11 16:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\quick.ime
2017-02-23 10:50 - 2016-10-11 16:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\qintlgnt.ime
2017-02-23 10:50 - 2016-10-11 16:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\phon.ime
2017-02-23 10:50 - 2016-10-11 16:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\cintlgnt.ime
2017-02-23 10:50 - 2016-10-11 16:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\chajei.ime
2017-02-23 10:50 - 2016-10-11 16:31 - 00132608 _____ (Microsoft Corporation) C:\Windows\system32\pintlgnt.ime
2017-02-23 10:50 - 2016-10-11 16:31 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-02-23 10:50 - 2016-10-11 16:31 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-02-23 10:50 - 2016-10-11 16:31 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-02-23 10:50 - 2016-10-11 16:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-02-23 10:50 - 2016-10-11 16:31 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-02-23 10:50 - 2016-10-11 16:31 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-02-23 10:50 - 2016-10-11 16:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-02-23 10:50 - 2016-10-11 16:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-02-23 10:50 - 2016-10-11 16:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-02-23 10:50 - 2016-10-11 16:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-02-23 10:50 - 2016-10-11 16:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-02-23 10:50 - 2016-10-11 16:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-02-23 10:50 - 2016-10-11 16:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-02-23 10:50 - 2016-10-11 16:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-02-23 10:50 - 2016-10-11 16:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-02-23 10:50 - 2016-10-11 16:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-02-23 10:50 - 2016-10-11 16:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-02-23 10:50 - 2016-10-11 16:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-02-23 10:50 - 2016-10-11 16:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-02-23 10:50 - 2016-10-11 16:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-02-23 10:50 - 2016-10-11 16:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-02-23 10:50 - 2016-10-11 16:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-02-23 10:50 - 2016-10-11 16:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-02-23 10:50 - 2016-10-11 16:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-02-23 10:50 - 2016-10-11 16:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-02-23 10:50 - 2016-10-11 16:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-02-23 10:50 - 2016-10-11 16:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-02-23 10:50 - 2016-10-11 16:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-02-23 10:50 - 2016-10-11 16:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-02-23 10:50 - 2016-10-11 16:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-02-23 10:50 - 2016-10-11 16:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-02-23 10:50 - 2016-10-11 16:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-02-23 10:50 - 2016-10-11 16:24 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-02-23 10:50 - 2016-10-11 16:24 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-02-23 10:50 - 2016-10-11 16:21 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-02-23 10:50 - 2016-10-11 16:18 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-02-23 10:50 - 2016-10-11 16:18 - 01027584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10.IME
2017-02-23 10:50 - 2016-10-11 16:18 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2017-02-23 10:50 - 2016-10-11 16:18 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2017-02-23 10:50 - 2016-10-11 16:18 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-02-23 10:50 - 2016-10-11 16:18 - 00430080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imkr80.ime
2017-02-23 10:50 - 2016-10-11 16:18 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-02-23 10:50 - 2016-10-11 16:18 - 00202240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\input.dll
2017-02-23 10:50 - 2016-10-11 16:18 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tintlgnt.ime
2017-02-23 10:50 - 2016-10-11 16:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quick.ime
2017-02-23 10:50 - 2016-10-11 16:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qintlgnt.ime
2017-02-23 10:50 - 2016-10-11 16:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\phon.ime
2017-02-23 10:50 - 2016-10-11 16:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cintlgnt.ime
2017-02-23 10:50 - 2016-10-11 16:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\chajei.ime
2017-02-23 10:50 - 2016-10-11 16:18 - 00090112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pintlgnt.ime
2017-02-23 10:50 - 2016-10-11 16:18 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll
2017-02-23 10:50 - 2016-10-11 16:18 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-02-23 10:50 - 2016-10-11 16:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-02-23 10:50 - 2016-10-11 16:18 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-02-23 10:50 - 2016-10-11 16:18 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-02-23 10:50 - 2016-10-11 16:18 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-02-23 10:50 - 2016-10-11 16:18 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-02-23 10:50 - 2016-10-11 16:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-02-23 10:50 - 2016-10-11 16:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-02-23 10:50 - 2016-10-11 16:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-02-23 10:50 - 2016-10-11 16:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-02-23 10:50 - 2016-10-11 16:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-02-23 10:50 - 2016-10-11 16:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-02-23 10:50 - 2016-10-11 16:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-02-23 10:50 - 2016-10-11 16:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-02-23 10:50 - 2016-10-11 16:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-02-23 10:50 - 2016-10-11 16:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-02-23 10:50 - 2016-10-11 16:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-02-23 10:50 - 2016-10-11 16:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-02-23 10:50 - 2016-10-11 16:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-02-23 10:50 - 2016-10-11 16:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-02-23 10:50 - 2016-10-11 16:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-02-23 10:50 - 2016-10-11 16:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-02-23 10:50 - 2016-10-11 16:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-02-23 10:50 - 2016-10-11 16:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-02-23 10:50 - 2016-10-11 16:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-02-23 10:50 - 2016-10-11 16:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-02-23 10:50 - 2016-10-11 16:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-02-23 10:50 - 2016-10-11 16:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-02-23 10:50 - 2016-10-11 16:03 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-02-23 10:50 - 2016-10-11 16:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-02-23 10:50 - 2016-10-11 16:03 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-02-23 10:50 - 2016-10-11 15:59 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-02-23 10:50 - 2016-10-11 15:59 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-02-23 10:50 - 2016-10-11 15:55 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\bcdedit.exe
2017-02-23 10:50 - 2016-10-11 15:55 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-02-23 10:50 - 2016-10-11 15:51 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-02-23 10:50 - 2016-10-11 15:51 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-02-23 10:50 - 2016-10-11 15:51 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-02-23 10:50 - 2016-10-11 15:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-02-23 10:50 - 2016-10-11 15:50 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-02-23 10:50 - 2016-10-11 15:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-02-23 10:50 - 2016-10-11 15:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-02-23 10:50 - 2016-10-11 15:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-02-23 10:50 - 2016-10-11 14:33 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2017-02-23 10:50 - 2016-10-11 14:18 - 00419648 _____ C:\Windows\SysWOW64\locale.nls
2017-02-23 10:50 - 2016-10-11 14:17 - 00419648 _____ C:\Windows\system32\locale.nls
2017-02-23 10:50 - 2016-10-11 14:06 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2017-02-23 10:50 - 2016-10-08 14:06 - 00633296 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2017-02-23 10:50 - 2016-10-07 16:32 - 03649536 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2017-02-23 10:50 - 2016-10-07 16:32 - 00877056 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2017-02-23 10:50 - 2016-10-07 16:32 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2017-02-23 10:50 - 2016-10-07 16:12 - 02291712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2017-02-23 10:50 - 2016-10-07 16:12 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2017-02-23 10:50 - 2016-10-07 16:12 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2017-02-23 10:50 - 2016-10-05 15:54 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2017-02-23 10:50 - 2016-10-04 16:31 - 01483264 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2017-02-23 10:50 - 2016-10-04 16:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2017-02-23 10:50 - 2016-10-04 16:31 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2017-02-23 10:50 - 2016-10-04 16:31 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2017-02-23 10:50 - 2016-10-04 16:13 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2017-02-23 10:50 - 2016-10-04 16:13 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2017-02-23 10:50 - 2016-10-04 16:13 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2017-02-23 10:50 - 2016-10-04 16:13 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2017-02-23 10:50 - 2016-09-15 15:56 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2017-02-23 10:50 - 2016-09-09 19:20 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2017-02-23 10:50 - 2016-09-09 19:00 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2017-02-23 10:50 - 2016-08-22 17:19 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2017-02-23 09:44 - 2017-02-23 11:55 - 00000000 ____D C:\Windows\system32\DAX2
2017-02-23 09:42 - 2016-11-15 00:27 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-02-23 09:42 - 2016-11-12 19:41 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-02-23 09:42 - 2016-11-12 19:30 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-02-23 09:42 - 2016-11-12 19:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-02-23 09:42 - 2016-11-12 19:14 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-02-23 09:42 - 2016-11-12 18:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-02-23 09:42 - 2016-11-12 18:36 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-02-23 09:42 - 2016-11-12 18:20 - 01543680 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-02-23 09:08 - 2017-03-07 15:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-02-23 09:08 - 2017-02-23 09:08 - 00001163 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-02-23 09:08 - 2017-02-23 09:08 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-02-21 21:24 - 2017-02-21 21:24 - 00009500 _____ C:\Users\Ritzmann\Documents\cc_20170221_212412.reg
2017-02-21 14:50 - 2017-02-21 14:50 - 44961864 _____ C:\Users\Ritzmann\Downloads\Firefox Setup 51.0.1(1).exe
2017-02-21 14:48 - 2017-02-21 14:48 - 00245600 _____ C:\Users\Ritzmann\Downloads\Firefox Setup Stub 51.0.1(1).exe
2017-02-21 14:24 - 2017-02-21 14:24 - 47280160 _____ C:\Users\Ritzmann\Downloads\Firefox Setup 51.0.1.exe
2017-02-21 14:23 - 2017-02-21 14:23 - 00245600 _____ C:\Users\Ritzmann\Downloads\Firefox Setup Stub 51.0.1.exe
2017-02-19 11:30 - 2017-02-19 11:30 - 00000000 ____D C:\Users\Ritzmann\Desktop\citroen
2017-02-14 06:36 - 2017-02-14 06:53 - 00000000 ____D C:\Users\Ritzmann\Desktop\Lukas Schule
2017-02-14 06:22 - 2017-02-14 06:22 - 00168592 _____ () C:\Users\Ritzmann\Downloads\FxVMonde.exe
2017-02-13 20:22 - 2016-08-30 04:11 - 00453267 _____ C:\Windows\system32\Drivers\etc\hosts.20170213-202224.backup
2017-02-13 20:21 - 2016-08-30 04:11 - 00453267 _____ C:\Windows\system32\Drivers\etc\hosts.20170213-202151.backup
2017-02-10 19:42 - 2017-02-10 19:42 - 00045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2017-02-10 19:42 - 2017-02-10 19:42 - 00045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2017-02-10 18:32 - 2011-06-26 19:48 - 00000000 ____D C:\Users\Ritzmann\Downloads\IGO8
2017-02-10 18:31 - 2017-02-10 18:31 - 65676152 _____ C:\Users\Ritzmann\Downloads\Nav N Go iGO8.3.4 - SD-Ready - Alle Auflösungen by Jamal2367.exe
2017-02-10 18:20 - 2017-02-10 18:20 - 12462244 _____ (MapFactor s.r.o ) C:\Users\Ritzmann\Downloads\NavigatorFree_install(1).exe
2017-02-10 15:56 - 2017-03-09 13:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navigator 16
2017-02-10 15:55 - 2017-02-10 15:56 - 12462244 _____ (MapFactor s.r.o ) C:\Users\Ritzmann\Downloads\NavigatorFree_install.exe
2017-02-10 15:50 - 2017-02-10 15:50 - 14220056 _____ (NNG Llc.) C:\Users\Ritzmann\Downloads\Naviextras_Toolbox_Setup.exe
2017-02-09 18:25 - 2017-02-09 18:25 - 00012388 _____ C:\Users\Ritzmann\Desktop\Anschreiben.pdf
2017-02-09 18:16 - 2017-02-09 18:16 - 00208532 _____ C:\Users\Ritzmann\Desktop\Abschlusszeugnis Ausbildung.pdf
2017-02-09 18:16 - 2017-02-09 18:16 - 00038617 _____ C:\Users\Ritzmann\Desktop\Lebenslauf 1.pdf
2017-02-09 07:49 - 2017-02-09 07:49 - 00043945 _____ C:\Users\Ritzmann\Desktop\DHL-Portoprodukte-DOF-170209-2L8A2G66X-13433348.pdf

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-03-10 06:03 - 2015-05-01 08:06 - 00000000 ____D C:\Users\Ritzmann\Documents\Outlook-Dateien
2017-03-10 05:52 - 2015-07-14 12:18 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-03-10 05:27 - 2016-11-17 18:33 - 00000000 ____D C:\Users\Ritzmann\AppData\LocalLow\Mozilla
2017-03-10 05:14 - 2016-03-04 11:51 - 00001218 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2017-03-10 05:14 - 2016-03-04 11:51 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-03-10 05:14 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2017-03-10 04:19 - 2009-07-14 05:45 - 00025680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-10 04:19 - 2009-07-14 05:45 - 00025680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-09 20:38 - 2015-05-01 05:44 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-03-09 15:04 - 2015-05-01 09:14 - 00000000 ____D C:\Users\Ritzmann\AppData\Local\ElevatedDiagnostics
2017-03-09 15:04 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2017-03-09 14:34 - 2015-05-01 01:59 - 00699092 _____ C:\Windows\system32\perfh007.dat
2017-03-09 14:34 - 2015-05-01 01:59 - 00149232 _____ C:\Windows\system32\perfc007.dat
2017-03-09 14:34 - 2009-07-14 06:13 - 01619284 _____ C:\Windows\system32\PerfStringBackup.INI
2017-03-09 14:27 - 2015-05-01 08:25 - 00000000 ____D C:\Users\Ritzmann\AppData\Local\FreePDF_XP
2017-03-09 14:26 - 2016-03-04 11:51 - 00001214 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2017-03-09 14:26 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-09 14:25 - 2015-04-30 16:36 - 00065536 _____ C:\Windows\system32\spu_storage.bin
2017-03-09 13:24 - 2015-04-30 16:10 - 00000000 ____D C:\Users\Ritzmann
2017-03-09 13:22 - 2015-05-01 05:55 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-03-09 13:18 - 2016-03-25 17:20 - 00000000 ____D C:\Program Files (x86)\AMD
2017-03-09 11:08 - 2015-05-01 15:32 - 00007654 _____ C:\Users\Ritzmann\AppData\Local\resmon.resmoncfg
2017-03-09 10:36 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2017-03-09 10:34 - 2015-05-09 16:21 - 00000000 ____D C:\ProgramData\TEMP
2017-03-09 06:21 - 2009-07-14 03:34 - 00454291 ____R C:\Windows\system32\Drivers\etc\hosts.20170309-125556.backup
2017-03-09 06:09 - 2015-04-30 16:22 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2017-03-08 19:39 - 2015-04-30 16:25 - 00000000 ____D C:\ProgramData\AMD
2017-03-08 19:38 - 2016-03-25 17:18 - 00000000 ____D C:\Program Files\AMD
2017-03-08 18:24 - 2016-03-27 05:45 - 00000000 ____D C:\Users\Ritzmann\Desktop\Alte Firefox-Daten
2017-03-08 11:41 - 2009-07-14 03:34 - 00454291 ____R C:\Windows\system32\Drivers\etc\hosts.20170308-143931.backup
2017-03-08 09:57 - 2016-04-29 17:28 - 00000000 ____D C:\Windows\pss
2017-03-08 09:55 - 2015-05-07 19:21 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2017-03-08 09:55 - 2015-05-05 14:54 - 00000000 ____D C:\Users\Ritzmann\AppData\Roaming\TeamViewer
2017-03-08 09:53 - 2015-12-13 11:37 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-03-08 07:33 - 2015-05-01 11:35 - 00000000 ____D C:\Users\Ritzmann\AppData\Roaming\Skype
2017-03-08 06:40 - 2015-05-01 07:52 - 00000000 ____D C:\Windows\system32\appraiser
2017-03-07 18:37 - 2015-06-06 20:05 - 00000990 _____ C:\Users\Ritzmann\advanced_ip_scanner_MAC.bin
2017-03-06 22:36 - 2016-03-04 11:55 - 00000000 ___RD C:\Users\Ritzmann\Dropbox
2017-03-06 22:05 - 2015-06-06 19:59 - 00000981 _____ C:\Users\Public\Desktop\Advanced IP Scanner.lnk
2017-03-06 11:46 - 2015-10-15 19:58 - 00000000 ____D C:\Users\Ritzmann\Documents\Scan
2017-03-06 11:42 - 2015-10-15 19:57 - 00000000 ____D C:\ProgramData\boost_interprocess
2017-03-06 11:19 - 2016-01-02 09:41 - 00000569 _____ C:\Windows\wiso.ini
2017-03-03 11:14 - 2016-05-10 12:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-03-03 11:13 - 2016-10-06 19:40 - 00051248 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avusbflt.sys
2017-03-03 11:13 - 2015-05-01 08:02 - 00176968 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2017-03-03 11:13 - 2015-05-01 08:02 - 00148104 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2017-03-03 11:13 - 2015-05-01 08:02 - 00078600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2017-03-03 11:13 - 2015-05-01 08:02 - 00035328 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2017-03-03 09:46 - 2015-07-10 17:10 - 00000000 ____D C:\Users\Ritzmann\AppData\Local\Google
2017-03-03 09:46 - 2015-07-10 17:10 - 00000000 ____D C:\Program Files (x86)\Google
2017-03-03 07:05 - 2015-07-14 12:13 - 00000000 ____D C:\Windows\SysWOW64\Adobe
2017-03-03 06:40 - 2015-11-22 11:33 - 00000000 ____D C:\ProgramData\Oracle
2017-02-24 07:52 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2017-02-24 07:24 - 2009-07-14 05:45 - 00454352 _____ C:\Windows\system32\FNTCACHE.DAT
2017-02-24 07:22 - 2015-05-01 07:52 - 00000000 ___SD C:\Windows\system32\CompatTel
2017-02-23 19:23 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\servicing
2017-02-23 19:23 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\security
2017-02-23 19:23 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2017-02-23 19:22 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2017-02-23 12:13 - 2015-05-01 06:23 - 00000000 ____D C:\Windows\system32\MRT
2017-02-23 12:07 - 2015-05-01 06:23 - 138020592 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-02-23 12:00 - 2015-04-30 16:20 - 01592628 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-02-23 11:54 - 2015-04-30 16:15 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2017-02-23 06:44 - 2016-10-28 10:24 - 00000000 ____D C:\Program Files (x86)\Safer Networking
2017-02-23 06:16 - 2015-04-30 16:18 - 00000000 ____D C:\ProgramData\Package Cache
2017-02-21 18:01 - 2015-10-04 07:32 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-02-15 00:52 - 2015-07-14 12:18 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-02-15 00:52 - 2015-04-30 18:47 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-02-15 00:52 - 2015-04-30 18:47 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-15 00:52 - 2015-04-30 18:47 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-02-15 00:52 - 2015-04-30 18:47 - 00000000 ____D C:\Windows\system32\Macromed
2017-02-14 06:40 - 2015-12-13 11:01 - 00000000 ____D C:\Users\Ritzmann\Desktop\Neuer Ordner
2017-02-13 20:22 - 2009-07-14 03:34 - 00454179 ____R C:\Windows\system32\Drivers\etc\hosts.20170308-105359.backup

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2016-03-25 17:12 - 2016-02-17 23:30 - 15384576 _____ () C:\Users\Ritzmann\AppData\Roaming\Sandra.mdb
2015-05-01 15:32 - 2017-03-09 11:08 - 0007654 _____ () C:\Users\Ritzmann\AppData\Local\resmon.resmoncfg
2015-04-30 16:15 - 2015-04-30 16:15 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => MD5 ist legitim
C:\Windows\system32\wininit.exe => MD5 ist legitim
C:\Windows\SysWOW64\wininit.exe => MD5 ist legitim
C:\Windows\explorer.exe
[2016-09-21 05:15] - [2016-08-29 16:04] - 3229696 ____A (Microsoft Corporation) 38AE1B3C38FAEF56FE4907922F0385BA

C:\Windows\SysWOW64\explorer.exe
[2016-09-21 05:15] - [2016-08-29 15:55] - 2972672 ____A (Microsoft Corporation) 6DDCA324434FFA506CF7DC4E51DB7935

C:\Windows\system32\svchost.exe => MD5 ist legitim
C:\Windows\SysWOW64\svchost.exe => MD5 ist legitim
C:\Windows\system32\services.exe => MD5 ist legitim
C:\Windows\system32\User32.dll
[2017-02-23 10:50] - [2016-11-10 17:32] - 1009152 ____A (Microsoft Corporation) 34BA256FBF83457F9D5E51A56DB54542

C:\Windows\SysWOW64\User32.dll
[2017-02-23 10:50] - [2016-11-10 17:19] - 0833024 ____A (Microsoft Corporation) 3CB074875AC88A7C1010A2A7F9881A8C

C:\Windows\system32\userinit.exe => MD5 ist legitim
C:\Windows\SysWOW64\userinit.exe => MD5 ist legitim
C:\Windows\system32\rpcss.dll => MD5 ist legitim
C:\Windows\system32\dnsapi.dll => MD5 ist legitim
C:\Windows\SysWOW64\dnsapi.dll => MD5 ist legitim
C:\Windows\system32\Drivers\volsnap.sys => MD5 ist legitim

LastRegBack: 2017-03-04 00:33

==================== Ende von FRST.txt ============================
         
__________________

Alt 10.03.2017, 06:16   #4
almera500
 
svcHost sehr hohe CPU Auslastung - Standard

svcHost sehr hohe CPU Auslastung



Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 08-03-2017
durchgeführt von Ritzmann (10-03-2017 06:06:23)
Gestartet von C:\Users\Ritzmann\Downloads
Windows 7 Professional Service Pack 1 (X64) (2015-04-30 15:10:19)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-1667937398-1784957356-1515329865-500 - Administrator - Disabled)
Gast (S-1-5-21-1667937398-1784957356-1515329865-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1667937398-1784957356-1515329865-1002 - Limited - Enabled)
Ritzmann (S-1-5-21-1667937398-1784957356-1515329865-1000 - Administrator - Enabled) => C:\Users\Ritzmann

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 24 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.9.159 - Adobe Systems, Inc.)
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version:  3.0 - Adobe Systems, Inc.)
Advanced IP Scanner 2.4 (HKLM-x32\...\{13ECCF26-E7C4-4BE3-B92D-0470C7B44FDC}) (Version: 2.4.3021 - Famatech)
AMD Catalyst Install Manager (HKLM\...\{82F9EC2D-0230-EA2E-71DC-DF9CEB458187}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 4.0.0.0 - AppEx Networks)
ASUS PC Diagnostics (HKLM-x32\...\{D709005F-D8DC-42A8-8435-5AE880ECAF82}) (Version: 1.3.4 - ASUSTeK Computer Inc.)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.25.154 - Avira Operations GmbH & Co. KG)
Avira Connect (HKLM-x32\...\{845380e2-f0b5-4584-bc40-cc54345b3c06}) (Version: 1.2.77.41287 - Avira Operations GmbH & Co. KG)
Avira Connect (x32 Version: 1.2.77.41287 - Avira Operations GmbH & Co. KG) Hidden
Benutzerhandbuch anzeigen (HKLM-x32\...\View User Guide) (Version: 3.60.45.0 - )
Bonjour (HKLM\...\{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}) (Version: 2.0.2.0 - Apple Inc.)
Bonjour-Druckdienste (HKLM\...\{0DA20600-6130-443B-9D4B-F30520315FA6}) (Version: 2.0.2.0 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.27 - Piriform)
Common Desktop Agent (Version: 1.62.0 - OEM) Hidden
DocBackupAC (HKLM-x32\...\DocBackupAC) (Version:  - )
Dropbox (HKLM-x32\...\Dropbox) (Version: 21.4.25 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
FreePDF (Remove only) (HKLM-x32\...\FreePDF_XP) (Version:  - )
Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
GPL Ghostscript (HKLM-x32\...\GPL Ghostscript 9.07) (Version: 9.07 - Artifex Software Inc.)
GWX Control Panel (HKLM-x32\...\UltimateOutsider_GwxControlPanel) (Version:  - UltimateOutsider)
Klett Nussknacker 1 (HKLM-x32\...\Klett Nussknacker 1) (Version:  - )
Klett Nussknacker 2 (HKLM-x32\...\Klett Nussknacker 2) (Version:  - )
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
Microsoft .NET Framework 4.6.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Standard 2010 (HKLM-x32\...\Office14.STANDARD) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 52.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 52.0 (x86 de)) (Version: 52.0 - Mozilla)
Panda Devices Agent (x32 Version: 1.03.08 - Panda Security) Hidden
Panda Devices Agent (x32 Version: 1.08.00 - Panda Security) Hidden
Panda Free Antivirus (Version: 8.31.00 - Panda Security) Hidden
PDF-XChange Editor (HKLM\...\{25FA3074-EAE7-4217-A088-338F6C4542A8}) (Version: 5.5.316.0 - Tracker Software Products (Canada) Ltd.)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.77.1126.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7982 - Realtek Semiconductor Corp.)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: 1.90 - Ghostgum Software Pty Ltd)
Samsung CLX-3300 Series (HKLM-x32\...\Samsung CLX-3300 Series) (Version: 1.24 (15.06.2015) - Samsung Electronics Co., Ltd.)
Samsung Drucker-Diagnose (HKLM-x32\...\Samsung Printer Diagnostics) (Version: 1.0.1.6.02 - Samsung Electronics Co., Ltd.)
Samsung Easy Document Creator (HKLM-x32\...\Samsung Easy Document Creator) (Version: 1.06.60 (17.03.2015) - Samsung Electronics Co., Ltd.)
Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.05.81.00(25.05.2015) - Samsung Electronics Co., Ltd.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.15045.4 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.3.15045.4 - Samsung Electronics Co., Ltd.) Hidden
Samsung Network PC Fax (HKLM-x32\...\Samsung Network PC Fax) (Version: 1.11.28 (10.03.2015) - Samsung Electronics Co., Ltd.)
Samsung OCR Software (HKLM-x32\...\Samsung OCR Software) (Version: 1.01.12 (15.10.2014) - Samsung Electronics Co., Ltd.)
Samsung Printer Center (HKLM-x32\...\Samsung Printer Center) (Version: 1.0.0.21 - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
Samsung Scan Process Machine (x32 Version: 1.03.05.25 - Samsung Electronics Co., Ltd.) Hidden
Samsung Universal Scan Driver (HKLM-x32\...\Samsung Universal Scan Driver) (Version: 1.2.19.0 - Samsung Electronics Co., Ltd.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.59.0 - Samsung Electronics Co., Ltd.)
SEDREAC (HKLM-x32\...\SEDREAC) (Version:  - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.1.16023.12 - Samsung Electronics Co., Ltd.)
Smart Switch (x32 Version: 4.1.16023.12 - Samsung Electronics Co., Ltd.) Hidden
Software Updater (HKLM-x32\...\{FA7EE274-7370-43B7-9A45-A39B17CCCDC5}) (Version: 4.3.3 - SEIKO EPSON CORPORATION)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
tax 2016 (HKLM-x32\...\{30E85B0C-57D8-4ECE-814B-264550A92FAB}) (Version: 23.00.1146 - Buhl Data Service GmbH)
tax 2017 (HKLM-x32\...\{B0AB97B4-F1E7-4CD6-A93B-1ADC1A4E19E8}) (Version: 24.00.1375 - Buhl Data Service GmbH)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.66695 - TeamViewer)
tiptoi® Manager 3.1.6 (HKLM-x32\...\9978-5763-2995-5228) (Version: 3.1.6 - Ravensburger AG)
Total Commander 64-bit (Remove or Repair) (HKLM-x32\...\Totalcmd64) (Version: 8.52a - Ghisler Software GmbH)
Uninstall Samsung Printer Software (HKLM-x32\...\TotalUninstaller) (Version: 4.0.0.13 - Samsung Electronics CO., LTD.)
Unity Web Player (HKU\S-1-5-21-1667937398-1784957356-1515329865-1000\...\UnityWebPlayer) (Version: 5.3.3f1 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-1667937398-1784957356-1515329865-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\UnityWebPlayer) (Version: 5.3.3f1 - Unity Technologies ApS)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
VirtualDJ 8 (HKLM-x32\...\{6B8D3A67-346D-410E-81D2-3BFE228D263D}) (Version: 8.1.2587.0 - Atomix Productions)
WD My Cloud (HKLM\...\{8F19C800-80A5-4636-B560-39A58112D45B}) (Version: 1.0.4.37 - Western Digital Technologies, Inc.)
WinRAR 5.21 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {1070499F-2781-4B57-A38B-589EB632B7E9} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {1DF407FB-1F36-4234-A641-8797DB00CF8C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {2D1FB0F4-B7AD-41E8-A63C-F36E0DBB6A20} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {31837A99-5F0A-400A-9391-237290BE2FDC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-10] (Google Inc.)
Task: {4145D07A-F54F-41F6-90A1-F1BB145B2226} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {4DFCE1A6-E203-4C38-9DA7-1A85AB253ABC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {4F8E23C3-407E-4292-AC57-F62F914DFD03} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> Keine Datei <==== ACHTUNG
Task: {52F46711-495E-45F8-971F-CB291AD483BD} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-03-04] (Dropbox, Inc.)
Task: {5B2036D5-9A42-4422-9A53-08818D4E3747} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {70B29F8D-1F70-4CCF-9643-3EA5C74D93A3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-10] (Google Inc.)
Task: {71370D44-8C0A-4E46-9DAD-FB0AD3863725} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-03-04] (Dropbox, Inc.)
Task: {A6B78CC2-9B26-479D-8A1C-D9C263276B57} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> Keine Datei <==== ACHTUNG
Task: {B17EFC8F-88DA-429E-82F0-9CD617ED829B} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {F1085A48-A4BF-48EB-866A-935D64229782} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-02-08] (Piriform Ltd)
Task: {F9507549-3B25-41C1-B5B8-862232211909} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-15] (Adobe Systems Incorporated)
Task: {FB9DE405-57FB-4840-9449-36BE137F8BF8} - \Microsoft\Windows\Setup\GWXTriggers\Logon-URT -> Keine Datei <==== ACHTUNG

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

Shortcut: C:\Users\Ritzmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\Online Help.lnk -> hxxp://www.virtualdj.com/wiki
Shortcut: C:\Users\Ritzmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\www.virtualdj.com.lnk -> hxxp://www.virtualdj.com

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2015-04-30 16:19 - 2012-06-21 06:25 - 00113152 _____ () C:\Windows\System32\redmon64.dll
2015-06-12 06:34 - 2015-06-12 06:34 - 00022528 _____ () C:\Windows\System32\sst7clm.dll
2016-02-21 10:07 - 2012-01-09 14:58 - 00034304 _____ () C:\Windows\System32\sst7ylm.dll
2016-02-21 10:08 - 2015-03-12 03:43 - 00022528 _____ () C:\Windows\System32\us003lm.dll
2016-01-30 14:53 - 2015-03-12 03:43 - 00022528 _____ () C:\Windows\System32\ux003lm.dll
2016-01-30 14:56 - 2016-05-18 15:43 - 00499000 ____N () C:\Windows\SysWOW64\spdsvc.exe
2016-02-21 10:08 - 2016-02-21 10:08 - 00143664 ____N () C:\Windows\SysWOW64\SecUPDUtilSvc.exe
2010-07-15 05:44 - 2010-07-15 05:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2014-09-08 13:39 - 2014-09-08 13:39 - 00464608 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
2014-09-08 13:38 - 2014-09-08 13:38 - 00051200 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll
2017-02-08 03:52 - 2017-02-08 03:52 - 00065536 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2016-02-21 10:07 - 2013-10-04 05:53 - 00734720 _____ () C:\Windows\system32\SnMinDrv.dll
2014-07-25 05:36 - 2015-05-26 10:04 - 00087552 ____N () C:\Windows\system32\SSDEVM64.DLL
2013-09-04 23:14 - 2013-09-04 23:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2015-11-11 02:42 - 2015-11-11 02:42 - 01045672 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
2017-02-15 00:52 - 2017-02-15 00:52 - 19770456 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\ProgramData\TEMP:430C6D84 [127]
AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9 [149]
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2 [128]

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

Da befinden sich 7932 mehr Seiten.

IE restricted site: HKU\S-1-5-21-1667937398-1784957356-1515329865-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1667937398-1784957356-1515329865-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1667937398-1784957356-1515329865-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1667937398-1784957356-1515329865-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1667937398-1784957356-1515329865-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1667937398-1784957356-1515329865-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1667937398-1784957356-1515329865-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1667937398-1784957356-1515329865-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1667937398-1784957356-1515329865-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1667937398-1784957356-1515329865-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1667937398-1784957356-1515329865-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1667937398-1784957356-1515329865-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1667937398-1784957356-1515329865-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1667937398-1784957356-1515329865-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1667937398-1784957356-1515329865-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1667937398-1784957356-1515329865-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1667937398-1784957356-1515329865-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1667937398-1784957356-1515329865-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1667937398-1784957356-1515329865-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1667937398-1784957356-1515329865-1000\...\123simsen.com -> www.123simsen.com

Da befinden sich 7930 mehr Seiten.

IE restricted site: HKU\S-1-5-21-1667937398-1784957356-1515329865-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1667937398-1784957356-1515329865-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1667937398-1784957356-1515329865-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1667937398-1784957356-1515329865-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1667937398-1784957356-1515329865-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1667937398-1784957356-1515329865-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1667937398-1784957356-1515329865-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1667937398-1784957356-1515329865-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1667937398-1784957356-1515329865-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1667937398-1784957356-1515329865-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1667937398-1784957356-1515329865-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1667937398-1784957356-1515329865-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1667937398-1784957356-1515329865-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1667937398-1784957356-1515329865-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1667937398-1784957356-1515329865-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1667937398-1784957356-1515329865-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1667937398-1784957356-1515329865-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1667937398-1784957356-1515329865-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1667937398-1784957356-1515329865-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1667937398-1784957356-1515329865-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123simsen.com -> www.123simsen.com

Da befinden sich 7930 mehr Seiten.


==================== Hosts Inhalt: ==========================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 03:34 - 2017-03-09 12:56 - 00454291 ____R C:\Windows\system32\Drivers\etc\hosts

127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	www.10sek.com
127.0.0.1	www.1-2005-search.com
127.0.0.1	1-2005-search.com
127.0.0.1	123fporn.info
127.0.0.1	www.123fporn.info
127.0.0.1	123haustiereundmehr.com
127.0.0.1	www.123haustiereundmehr.com
127.0.0.1	123moviedownload.com
127.0.0.1	www.123moviedownload.com

Da befinden sich 15589 zusätzliche Einträge.


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-1667937398-1784957356-1515329865-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Ritzmann\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1667937398-1784957356-1515329865-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Ritzmann\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1 - 192.168.0.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Samsung Network PC Fax.lnk => C:\Windows\pss\Samsung Network PC Fax.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Ritzmann^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Facebook Gameroom.lnk => C:\Windows\pss\Facebook Gameroom.lnk.Startup
MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
MSCONFIG\startupreg: AcronisTibMounterMonitor => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
MSCONFIG\startupreg: Dropbox => "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: PlaysTV => "C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe" --startup
MSCONFIG\startupreg: PSUAMain => "C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe" /LaunchSysTray
MSCONFIG\startupreg: Raptr => "C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe" --startup
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TrueImageMonitor.exe => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [TCP Query User{F05428AA-AD67-4AC8-9055-74E5585D1F4F}C:\program files (x86)\samsung\easy printer manager\ids.application.exe] => (Allow) C:\program files (x86)\samsung\easy printer manager\ids.application.exe
FirewallRules: [UDP Query User{0082052E-8D06-4FB5-93A1-7591D77705DA}C:\program files (x86)\samsung\easy printer manager\ids.application.exe] => (Allow) C:\program files (x86)\samsung\easy printer manager\ids.application.exe
FirewallRules: [{5CA5C501-BF4D-4C84-A9B2-822F2A8CE811}] => (Block) C:\program files (x86)\samsung\easy printer manager\ids.application.exe
FirewallRules: [{8221B6E0-DDCC-4508-94D1-DCA167E7B3E0}] => (Block) C:\program files (x86)\samsung\easy printer manager\ids.application.exe
FirewallRules: [{310B5726-B4A0-4992-8A52-50E71225F444}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe

==================== Wiederherstellungspunkte =========================

09-03-2017 13:17:40 Removed HiJackThis
09-03-2017 13:17:51 Removed Java 8 Update 121 (64-bit)
09-03-2017 13:18:36 Removed OEM Application Profile
09-03-2017 13:19:44 Removed Skype™ 7.3
09-03-2017 13:19:58 Removed SNS Upload for Easy Document Creator

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (03/10/2017 04:15:14 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "c:\program files (x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8.
Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (03/09/2017 08:28:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: fsbl.exe, Version: 2.2.1092.0, Zeitstempel: 0x48a543e2
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000d08ca
ID des fehlerhaften Prozesses: 0x12e0
Startzeit der fehlerhaften Anwendung: 0x01d2990b43a4d204
Pfad der fehlerhaften Anwendung: C:\Users\Ritzmann\Downloads\fsbl.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: 8814c907-04fe-11e7-ad76-7824af3a9b32

Error: (03/09/2017 02:26:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist.

Error: (03/09/2017 02:20:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist.

Error: (03/09/2017 01:39:51 PM) (Source: Outlook) (EventID: 35) (User: )
Description: Fehler beim Bestimmen, ob sich der Speicher im Durchforstungsbereich befindet (Fehler=0x800706ba).

Error: (03/09/2017 01:39:51 PM) (Source: Outlook) (EventID: 35) (User: )
Description: Fehler beim Bestimmen, ob sich der Speicher im Durchforstungsbereich befindet (Fehler=0x800706ba).

Error: (03/09/2017 01:39:21 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Der Index kann nicht initialisiert werden.

Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/09/2017 01:39:21 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Die Anwendung kann nicht initialisiert werden.

Kontext: Windows Anwendung

Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/09/2017 01:39:21 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog

Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/09/2017 01:39:21 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog

Details:
	Element nicht gefunden.  (HRESULT : 0x80070490) (0x80070490)


Systemfehler:
=============
Error: (03/10/2017 05:33:22 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Arbeitsstationsdienst" wurde unerwartet beendet. Dies ist bereits 5 Mal passiert.

Error: (03/10/2017 05:33:22 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "DNS-Client" wurde unerwartet beendet. Dies ist bereits 5 Mal passiert.

Error: (03/10/2017 05:33:22 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Kryptografiedienste" wurde unerwartet beendet. Dies ist bereits 5 Mal passiert.

Error: (03/09/2017 08:14:51 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Arbeitsstationsdienst" wurde unerwartet beendet. Dies ist bereits 4 Mal passiert.

Error: (03/09/2017 08:14:51 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "DNS-Client" wurde unerwartet beendet. Dies ist bereits 4 Mal passiert.

Error: (03/09/2017 08:14:51 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Kryptografiedienste" wurde unerwartet beendet. Dies ist bereits 4 Mal passiert.

Error: (03/09/2017 04:41:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Telefonie" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.

Error: (03/09/2017 04:41:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NLA (Network Location Awareness)" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.

Error: (03/09/2017 04:41:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Arbeitsstationsdienst" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.

Error: (03/09/2017 04:41:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "DNS-Client" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.


CodeIntegrity:
===================================
  Date: 2015-05-09 16:20:07.309
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_6f8d0e60c043c672\Win32_Tpm.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-09 16:20:07.247
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_6f8d0e60c043c672\Win32_Tpm.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-09 16:20:07.200
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_6f8d0e60c043c672\Win32_Tpm.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-09 16:20:07.059
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6000.16386_none_6d564c64c358b59e\Win32_Tpm.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-09 16:20:07.013
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6000.16386_none_6d564c64c358b59e\Win32_Tpm.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-09 16:20:06.950
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6000.16386_none_6d564c64c358b59e\Win32_Tpm.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-09 16:19:38.277
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6000.16386_none_ec55d170f27a97bb\bcrypt.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-09 16:19:38.215
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6000.16386_none_ec55d170f27a97bb\bcrypt.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-09 16:19:38.153
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6000.16386_none_ec55d170f27a97bb\bcrypt.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-09 15:56:27.633
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_ee8c936cef65a88f\bcrypt.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Speicherinformationen =========================== 

Prozessor: AMD A4-6300 APU with Radeon(tm) HD Graphics 
Prozentuale Nutzung des RAM: 40%
Installierter physikalischer RAM: 7364.18 MB
Verfügbarer physikalischer RAM: 4406.31 MB
Summe virtueller Speicher: 14726.54 MB
Verfügbarer virtueller Speicher: 11244.34 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:821.09 GB) NTFS
Drive e: (VOLUME) (Removable) (Total:7.44 GB) (Free:2.31 GB) FAT32
Drive y: (Public) (Network) (Total:1829.36 GB) (Free:1374.13 GB) NTFS
Drive z: (Public) (Network) (Total:1829.36 GB) (Free:1374.13 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: DE7EC5D9)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

==================== Ende von Addition.txt ============================
         

Alt 10.03.2017, 06:17   #5
almera500
 
svcHost sehr hohe CPU Auslastung - Standard

svcHost sehr hohe CPU Auslastung



Code:
ATTFilter
06:05:46.0828 0x085c  TDSS rootkit removing tool 3.1.0.12 Nov  7 2016 07:10:01
06:06:01.0964 0x085c  ============================================================
06:06:01.0964 0x085c  Current date / time: 2017/03/10 06:06:01.0964
06:06:01.0964 0x085c  SystemInfo:
06:06:01.0964 0x085c  
06:06:01.0964 0x085c  OS Version: 6.1.7601 ServicePack: 1.0
06:06:01.0964 0x085c  Product type: Workstation
06:06:01.0964 0x085c  ComputerName: RITZMANN-PC
06:06:01.0964 0x085c  UserName: Ritzmann
06:06:01.0964 0x085c  Windows directory: C:\Windows
06:06:01.0964 0x085c  System windows directory: C:\Windows
06:06:01.0964 0x085c  Running under WOW64
06:06:01.0964 0x085c  Processor architecture: Intel x64
06:06:01.0964 0x085c  Number of processors: 2
06:06:01.0964 0x085c  Page size: 0x1000
06:06:01.0964 0x085c  Boot type: Normal boot
06:06:01.0964 0x085c  CodeIntegrityOptions = 0x00000001
06:06:01.0964 0x085c  ============================================================
06:06:02.0326 0x085c  KLMD registered as C:\Windows\system32\drivers\25896549.sys
06:06:02.0326 0x085c  KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 7601.23572, osProperties = 0x1
06:06:02.0716 0x085c  System UUID: {291DAB06-5EBA-9BCD-D0AD-B040307365A7}
06:06:03.0230 0x085c  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
06:06:03.0244 0x085c  Drive \Device\Harddisk1\DR1 - Size: 0x1DD180000 ( 7.45 Gb ), SectorSize: 0x200, Cylinders: 0x3CD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
06:06:03.0246 0x085c  ============================================================
06:06:03.0246 0x085c  \Device\Harddisk0\DR0:
06:06:03.0246 0x085c  MBR partitions:
06:06:03.0246 0x085c  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
06:06:03.0246 0x085c  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
06:06:03.0246 0x085c  \Device\Harddisk1\DR1:
06:06:03.0248 0x085c  MBR partitions:
06:06:03.0248 0x085c  \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x800, BlocksNum 0xEE8000
06:06:03.0248 0x085c  ============================================================
06:06:03.0262 0x085c  C: <-> \Device\Harddisk0\DR0\Partition2
06:06:03.0263 0x085c  ============================================================
06:06:03.0263 0x085c  Initialize success
06:06:03.0263 0x085c  ============================================================
06:06:51.0344 0x1734  ============================================================
06:06:51.0344 0x1734  Scan started
06:06:51.0344 0x1734  Mode: Manual; SigCheck; TDLFS; 
06:06:51.0344 0x1734  ============================================================
06:06:51.0344 0x1734  KSN ping started
06:07:03.0567 0x1734  KSN ping finished: true
06:07:05.0747 0x1734  ================ Scan system memory ========================
06:07:05.0747 0x1734  System memory - ok
06:07:05.0747 0x1734  ================ Scan services =============================
06:07:05.0847 0x1734  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
06:07:10.0991 0x1734  1394ohci - ok
06:07:11.0033 0x1734  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
06:07:11.0063 0x1734  ACPI - ok
06:07:11.0097 0x1734  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
06:07:11.0115 0x1734  AcpiPmi - ok
06:07:11.0181 0x1734  [ B932E0EE190778D840F1442DFC0F9612, 8780963F14D57279FDD585BE945ED40F24590D32676C7A9EF94002D38B8BA643 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
06:07:11.0230 0x1734  AdobeARMservice - ok
06:07:11.0304 0x1734  [ 89ECFB35517F62C3802B227F288B750E, 47B329FEC98DC634A9068D6B88A331B323D99E9C21D3FE330352210841E715CA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
06:07:11.0331 0x1734  AdobeFlashPlayerUpdateSvc - ok
06:07:11.0356 0x1734  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
06:07:11.0395 0x1734  adp94xx - ok
06:07:11.0419 0x1734  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
06:07:11.0446 0x1734  adpahci - ok
06:07:11.0476 0x1734  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
06:07:11.0495 0x1734  adpu320 - ok
06:07:11.0531 0x1734  [ 262D7C87D0AC20B96EF9877D3CA478A0, 54F7E5A5F8991C5525500C1ECCF3D3135D13F48866C366E52DF1D052DB2EE15B ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
06:07:11.0623 0x1734  AeLookupSvc - ok
06:07:11.0650 0x1734  [ 9A4A1EEE802BF2F878EE8EAB407B21B7, 177EB7DF4B35FE4C0E45E775A0FD5D48D39B410052E3EE18BDEEC809E152D9D8 ] AFD             C:\Windows\system32\drivers\afd.sys
06:07:11.0757 0x1734  AFD - ok
06:07:11.0777 0x1734  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
06:07:11.0797 0x1734  agp440 - ok
06:07:11.0817 0x1734  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
06:07:11.0857 0x1734  ALG - ok
06:07:11.0897 0x1734  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
06:07:11.0907 0x1734  aliide - ok
06:07:11.0937 0x1734  [ 606C8F129FE18D6E3EA2FD542D43D72D, 1BDB9B1C3C8345429FFF25189DCA16F4174F29B5C5DFD5AEB5C277CD4E6EBCA8 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
06:07:11.0977 0x1734  AMD External Events Utility - ok
06:07:12.0087 0x1734  [ B12D8F8A42080B955D027EE56F5BD1C3, AA4763AF1D77F7F1FF3BFEC5B800E7E38F954C1488B19ED645B04FEC4D771A1C ] AMD FUEL Service C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
06:07:12.0097 0x1734  AMD FUEL Service - detected UnsignedFile.Multi.Generic ( 1 )
06:07:12.0259 0x1734  Detect skipped due to KSN trusted
06:07:12.0259 0x1734  AMD FUEL Service - ok
06:07:12.0289 0x1734  [ 4E2B94939B26E71D6EF309207548FBBD, 0AB68C562321505FFD1A436A45696BBECB801E74FA750E6717E455A934EA0A88 ] amdhub30        C:\Windows\system32\DRIVERS\amdhub30.sys
06:07:12.0319 0x1734  amdhub30 - ok
06:07:12.0339 0x1734  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
06:07:12.0355 0x1734  amdide - ok
06:07:12.0364 0x1734  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
06:07:12.0401 0x1734  AmdK8 - ok
06:07:12.0421 0x1734  amdkmdag - ok
06:07:12.0463 0x1734  [ C0C27A1094F6EA978FB2CAACFDE0E594, 9B481D55ED3D55A975CB1EB32DD0DB9AD032D592585A5799F81918EFB7843AAE ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
06:07:12.0526 0x1734  amdkmdap - ok
06:07:12.0551 0x1734  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
06:07:12.0565 0x1734  AmdPPM - ok
06:07:12.0605 0x1734  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
06:07:12.0617 0x1734  amdsata - ok
06:07:12.0647 0x1734  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
06:07:12.0667 0x1734  amdsbs - ok
06:07:12.0687 0x1734  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
06:07:12.0706 0x1734  amdxata - ok
06:07:12.0739 0x1734  [ 8E35BD0496C98E3DADC21A70200D4D91, DA941CF4396E750D0E76CF42A4D76196B0073485FCF765DAFD9EDBBF343B78EC ] amdxhc          C:\Windows\system32\DRIVERS\amdxhc.sys
06:07:12.0769 0x1734  amdxhc - ok
06:07:12.0806 0x1734  [ 2834CC82613CEA492261885D1CAA25A0, 9B05744ECE77BEF8E6D6EDB99FAC404161715FBD2A5841554496DD8BBF334D02 ] amd_sata        C:\Windows\system32\DRIVERS\amd_sata.sys
06:07:12.0811 0x1734  amd_sata - ok
06:07:12.0831 0x1734  [ A2844D704DB69FC92F5FA8AE9E3316A4, 3909E45814C24616921809D25EC63DC91292686694F904C8227AF150B6490EE2 ] amd_xata        C:\Windows\system32\DRIVERS\amd_xata.sys
06:07:12.0851 0x1734  amd_xata - ok
06:07:12.0943 0x1734  [ 42A60840C182E9CFCD4E5EF950303512, E7C3D9888529156D9FB03BC51B170AC027ABA6E7B1ED69FA29944546A202907A ] AntiVirMailService C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
06:07:12.0997 0x1734  AntiVirMailService - ok
06:07:13.0035 0x1734  [ 58FD213E044D88825E411A1A0A6AEE64, 870591B7995874215C70218F460C1761564533D75BD4855ACB071F9425AAAB77 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
06:07:13.0065 0x1734  AntiVirSchedulerService - ok
06:07:13.0107 0x1734  [ 58FD213E044D88825E411A1A0A6AEE64, 870591B7995874215C70218F460C1761564533D75BD4855ACB071F9425AAAB77 ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
06:07:13.0137 0x1734  AntiVirService - ok
06:07:13.0209 0x1734  [ 4C1B4579EF9D12C88132367333F8F794, 2193359E04F5313BFB7E5FE9AF6D7FBCFFF2CEBCC217F29817F9D450C91160DD ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
06:07:13.0286 0x1734  AntiVirWebService - ok
06:07:13.0298 0x1734  [ C3D487827E48CC5EC17994FEC5BDFF87, 5FCEA3EEA583755D0C9F6005ED3032E9DFECB57F504DC67701AE7D2D2631C30E ] AODDriver4.3    C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys
06:07:13.0311 0x1734  AODDriver4.3 - ok
06:07:13.0336 0x1734  [ FCE5C79717A487BDC71F3DEC78A684CA, F5520F112A4EBDD10444AA5E9FDB9125219FCF768FEB95AB608BC84D60136816 ] AppID           C:\Windows\system32\drivers\appid.sys
06:07:13.0380 0x1734  AppID - ok
06:07:13.0401 0x1734  [ 8921E1D8AE5171691F186A7C5B98B630, 4A37313BB94D4B49D0294C9439AD0793DE328F9F4DA1C47E34E6ACEA46AF6E14 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
06:07:13.0421 0x1734  AppIDSvc - ok
06:07:13.0431 0x1734  [ DE23E052E557580674785CDF45B613F3, A955ADC6CC7D816BA7CE1065F911E7A3295A1908C22BE0A3C506C38CFEE8DE0D ] Appinfo         C:\Windows\System32\appinfo.dll
06:07:13.0473 0x1734  Appinfo - ok
06:07:13.0503 0x1734  [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt         C:\Windows\System32\appmgmts.dll
06:07:13.0533 0x1734  AppMgmt - ok
06:07:13.0563 0x1734  [ CF6E96336D3B247AB48F28CC570B83D8, B606BE7A2127E8FD3C7DFFEE844EFC8ABCBD08FE48384692B7B5928970AD54E3 ] APXACC          C:\Windows\system32\DRIVERS\appexDrv.sys
06:07:13.0593 0x1734  APXACC - ok
06:07:13.0603 0x1734  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
06:07:13.0630 0x1734  arc - ok
06:07:13.0645 0x1734  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
06:07:13.0655 0x1734  arcsas - ok
06:07:13.0727 0x1734  [ EE424A5CE56E3923D59BB7DE2E15036D, 8B8196870EFE74D43EDA72674021A46846D370E97A6A058134D84A721AECD091 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
06:07:13.0747 0x1734  aspnet_state - ok
06:07:13.0770 0x1734  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
06:07:13.0859 0x1734  AsyncMac - ok
06:07:13.0898 0x1734  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
06:07:13.0911 0x1734  atapi - ok
06:07:13.0941 0x1734  [ EE672EACF3CBEDAB390E0655BF5A11AB, DFAFB55584CED9ECF499067D113F81BE51D492627FD36784C4BED06AE0BECC52 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
06:07:13.0981 0x1734  AtiHDAudioService - ok
06:07:14.0043 0x1734  [ 67C717EC24FCAAE7B518D9E06AD036AB, F08550E4FCEC2899FACEF2A18CEE3D068D5911FFD2FF5534E4921E56FB0AEF59 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
06:07:14.0095 0x1734  AudioEndpointBuilder - ok
06:07:14.0143 0x1734  [ 67C717EC24FCAAE7B518D9E06AD036AB, F08550E4FCEC2899FACEF2A18CEE3D068D5911FFD2FF5534E4921E56FB0AEF59 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
06:07:14.0200 0x1734  AudioSrv - ok
06:07:14.0247 0x1734  [ C0B4C2DF426BDFC679F658C442113E9C, CEC53912FF5A9378CB58F2E72FE61D3265E65B800EDCFC32278465ACDB5455D7 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
06:07:14.0277 0x1734  avgntflt - ok
06:07:14.0310 0x1734  [ AD68D7AC2CABCA09140E4FCEA98BCEF6, 134AD5DDFAC5BD58173E2EB2AC7DB1413E9416507E4252E4E0A8172B1A6206F5 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
06:07:14.0331 0x1734  avipbb - ok
06:07:14.0389 0x1734  [ 2AEE4D1D7E668F1CCF97EDE93509B0EE, B082B3BBB27D3C8B26A754508C3B98BA803FEA707898FF18A120D6A2679098DF ] Avira.ServiceHost C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
06:07:14.0446 0x1734  Avira.ServiceHost - ok
06:07:14.0481 0x1734  [ 3E0AB8C453FA433B15A30BAA8BD4B275, 30453E68013DF1A3CD9197F28E8591A67BFA6CA784129666A6F7DF9D2E12440B ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
06:07:14.0501 0x1734  avkmgr - ok
06:07:14.0531 0x1734  [ 19B6F9073BD606B7ABEC03A0328FDC1B, 639E6A05BB0E52CDBDF887A3FA209B32F84253D274F2A9A89E1D96F1BE4C8143 ] avnetflt        C:\Windows\system32\DRIVERS\avnetflt.sys
06:07:14.0551 0x1734  avnetflt - ok
06:07:14.0592 0x1734  [ 741C49B40E5E1FC624D8FBF153FE6C1B, DAF9105F994609E9E6E8545B63FDF0FF46218F7CDB0F7AE3849AE93C83B17B76 ] avusbflt        C:\Windows\system32\Drivers\avusbflt.sys
06:07:14.0613 0x1734  avusbflt - ok
06:07:14.0651 0x1734  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
06:07:14.0675 0x1734  AxInstSV - ok
06:07:14.0724 0x1734  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
06:07:14.0782 0x1734  b06bdrv - ok
06:07:14.0817 0x1734  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
06:07:14.0857 0x1734  b57nd60a - ok
06:07:14.0892 0x1734  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
06:07:14.0913 0x1734  BDESVC - ok
06:07:14.0928 0x1734  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
06:07:14.0989 0x1734  Beep - ok
06:07:15.0051 0x1734  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
06:07:15.0113 0x1734  BFE - ok
06:07:15.0163 0x1734  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\system32\qmgr.dll
06:07:15.0247 0x1734  BITS - ok
06:07:15.0263 0x1734  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
06:07:15.0295 0x1734  blbdrive - ok
06:07:15.0325 0x1734  [ 5AB58C337AC65837FE404462AD6265AB, F7E145F5D8DB1017D5B7B9D5380100F170FE5CC2050B5F7346A521B7B72D2166 ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
06:07:15.0355 0x1734  Bonjour Service - ok
06:07:15.0395 0x1734  [ ABA3984C822E4D3F889699912D85D6C5, 2251FA135CC290DA13DAE4743F393C7CC9E6A737C054707CB8D72C369D1FFACB ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
06:07:15.0407 0x1734  bowser - ok
06:07:15.0427 0x1734  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
06:07:15.0457 0x1734  BrFiltLo - ok
06:07:15.0467 0x1734  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
06:07:15.0488 0x1734  BrFiltUp - ok
06:07:15.0519 0x1734  [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
06:07:15.0559 0x1734  BridgeMP - ok
06:07:15.0597 0x1734  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
06:07:15.0631 0x1734  Browser - ok
06:07:15.0661 0x1734  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
06:07:15.0691 0x1734  Brserid - ok
06:07:15.0701 0x1734  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
06:07:15.0722 0x1734  BrSerWdm - ok
06:07:15.0734 0x1734  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
06:07:15.0763 0x1734  BrUsbMdm - ok
06:07:15.0773 0x1734  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
06:07:15.0793 0x1734  BrUsbSer - ok
06:07:15.0813 0x1734  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
06:07:15.0845 0x1734  BTHMODEM - ok
06:07:15.0865 0x1734  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
06:07:15.0930 0x1734  bthserv - ok
06:07:15.0949 0x1734  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
06:07:16.0008 0x1734  cdfs - ok
06:07:16.0039 0x1734  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
06:07:16.0059 0x1734  cdrom - ok
06:07:16.0079 0x1734  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
06:07:16.0121 0x1734  CertPropSvc - ok
06:07:16.0141 0x1734  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
06:07:16.0180 0x1734  circlass - ok
06:07:16.0213 0x1734  [ 3D67C27DD17B254D7915FA16A5AE3573, 5B3A6C6A7F940C06362775DAF13CEADA37C7AA84A509458A57C23B4369970A90 ] CLFS            C:\Windows\system32\CLFS.sys
06:07:16.0243 0x1734  CLFS - ok
06:07:16.0305 0x1734  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
06:07:16.0325 0x1734  clr_optimization_v2.0.50727_32 - ok
06:07:16.0362 0x1734  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
06:07:16.0377 0x1734  clr_optimization_v2.0.50727_64 - ok
06:07:16.0427 0x1734  [ 5BAF4F1296D4D91FC28560CDB4C37C4B, ACA4BC57ED1F8432F18F0F215EC7FF956BAEF6E02760779E264E4008A979E9DD ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
06:07:16.0447 0x1734  clr_optimization_v4.0.30319_32 - ok
06:07:16.0457 0x1734  [ 569B54004A7E85A74FD92841DE6058E2, 58949313D0F6B1C06359B2F3C68E29940B1655A17E93FFC3718F6D2EAE1633E4 ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
06:07:16.0487 0x1734  clr_optimization_v4.0.30319_64 - ok
06:07:16.0507 0x1734  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
06:07:16.0539 0x1734  CmBatt - ok
06:07:16.0569 0x1734  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
06:07:16.0579 0x1734  cmdide - ok
06:07:16.0609 0x1734  [ A98CED39AD91B445E2E442A9BD67E8B4, B4189DEEF1C0EE22AE983119047B1A40FFDD8F3E163DFFABD7C2706231B0B1B0 ] CNG             C:\Windows\system32\Drivers\cng.sys
06:07:16.0649 0x1734  CNG - ok
06:07:16.0677 0x1734  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
06:07:16.0681 0x1734  Compbatt - ok
06:07:16.0701 0x1734  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
06:07:16.0731 0x1734  CompositeBus - ok
06:07:16.0741 0x1734  COMSysApp - ok
06:07:16.0762 0x1734  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
06:07:16.0773 0x1734  crcdisk - ok
06:07:16.0803 0x1734  [ 2C6632CECFDBBE793FDA8AF9CA55A9CC, 335188515F798483660E529204A13012E4D21B0ECA489224A11C26F91A5B3CCE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
06:07:16.0833 0x1734  CryptSvc - ok
06:07:16.0855 0x1734  [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC             C:\Windows\system32\drivers\csc.sys
06:07:16.0928 0x1734  CSC - ok
06:07:16.0957 0x1734  [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService      C:\Windows\System32\cscsvc.dll
06:07:17.0006 0x1734  CscService - ok
06:07:17.0069 0x1734  [ A1F58FFF448E4099297D6EE0641D4D0E, 47839789332AAF8861F7731BF2D3FBB5E0991EA0D0B457BB4C8C1784F76C73DC ] dbupdate        C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
06:07:17.0089 0x1734  dbupdate - ok
06:07:17.0099 0x1734  [ A1F58FFF448E4099297D6EE0641D4D0E, 47839789332AAF8861F7731BF2D3FBB5E0991EA0D0B457BB4C8C1784F76C73DC ] dbupdatem       C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
06:07:17.0124 0x1734  dbupdatem - ok
06:07:17.0133 0x1734  dbx - ok
06:07:17.0161 0x1734  [ 5B7A202DECF962A6C9A2E759551BF05E, 6BA11F7728C0A13EA4B6EF478584AE0117BA5909346FF6FE20308674F34701D7 ] DbxSvc          C:\Windows\system32\DbxSvc.exe
06:07:17.0181 0x1734  DbxSvc - ok
06:07:17.0231 0x1734  [ 622C96AFB07BB82C8650B47172137AC4, B74CEA5A3F4945E5A3EAE7AF1B1FA75F611C65C6FACE393052A512FA81B0C17C ] DcomLaunch      C:\Windows\system32\rpcss.dll
06:07:17.0284 0x1734  DcomLaunch - ok
06:07:17.0313 0x1734  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
06:07:17.0396 0x1734  defragsvc - ok
06:07:17.0408 0x1734  [ 9B38580063D281A99E68EF5813022A5F, D91676B0E0A8E2A090E3E5DD340ABCFC20AE0F55B4C82869D6CFB34239BD27DA ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
06:07:17.0450 0x1734  DfsC - ok
06:07:17.0481 0x1734  [ D722BC26F7431A4DA9A183E56CA9FEE3, 86AB717431CB3DDAF6213A1CFE8DF3684080BAAD569731A90AA1AA198E97506D ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
06:07:17.0495 0x1734  dg_ssudbus - ok
06:07:17.0542 0x1734  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
06:07:17.0577 0x1734  Dhcp - ok
06:07:17.0649 0x1734  [ EE9954237F15BE4DD9304D12E4D305ED, F295C9BAF20F0E669B673AFCC16B4969EE31B6A3808980DAB93D9B0F167DA3C0 ] DiagTrack       C:\Windows\system32\diagtrack.dll
06:07:17.0761 0x1734  DiagTrack - ok
06:07:17.0799 0x1734  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
06:07:17.0855 0x1734  discache - ok
06:07:17.0879 0x1734  [ 616387BBD83372220B09DE95F4E67BBC, 5E2D5280BB775576E7CDE3FA6BDE494E183123635E5908CF7EBF1FF52966D07D ] Disk            C:\Windows\system32\drivers\disk.sys
06:07:17.0895 0x1734  Disk - ok
06:07:17.0923 0x1734  [ 5DB085A8A6600BE6401F2B24EECB5415, 5FC5C7C1B4DB7BF6EFD0992E91DB41FD047E90D1ABA0B8F868CB72557F88FB13 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
06:07:17.0953 0x1734  dmvsc - ok
06:07:18.0003 0x1734  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
06:07:18.0023 0x1734  Dnscache - ok
06:07:18.0043 0x1734  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
06:07:18.0106 0x1734  dot3svc - ok
06:07:18.0122 0x1734  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
06:07:18.0195 0x1734  DPS - ok
06:07:18.0228 0x1734  [ 26FE888505E5A945B0536AF9A2A27A6F, A6B16ED498BAFE300E1F0E0A241E3D62F7A1C5973EE775904ED14F33A2BC08A6 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
06:07:18.0247 0x1734  drmkaud - ok
06:07:18.0308 0x1734  [ 3A9D7D464BDB3B70D7ECF689ADABBD4D, B4F5B23705EA1BA453FE30791CA245E1A5F7FBEABAD026E4A8A15A9FC44E8C9C ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
06:07:18.0360 0x1734  DXGKrnl - ok
06:07:18.0379 0x1734  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
06:07:18.0429 0x1734  EapHost - ok
06:07:18.0551 0x1734  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
06:07:18.0705 0x1734  ebdrv - ok
06:07:18.0745 0x1734  [ 1F9335A2C68B65E7D95985FA50968EA0, A0918C943F9CF5C6DB9440222B8E3B0DD645068B44E18253F275509550C0DF4D ] EFS             C:\Windows\System32\lsass.exe
06:07:18.0785 0x1734  EFS - ok
06:07:18.0855 0x1734  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
06:07:18.0895 0x1734  ehRecvr - ok
06:07:18.0915 0x1734  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
06:07:18.0937 0x1734  ehSched - ok
06:07:18.0979 0x1734  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
06:07:19.0020 0x1734  elxstor - ok
06:07:19.0029 0x1734  epp - ok
06:07:19.0052 0x1734  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
06:07:19.0070 0x1734  ErrDev - ok
06:07:19.0111 0x1734  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
06:07:19.0161 0x1734  EventSystem - ok
06:07:19.0188 0x1734  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
06:07:19.0258 0x1734  exfat - ok
06:07:19.0283 0x1734  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
06:07:19.0345 0x1734  fastfat - ok
06:07:19.0381 0x1734  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
06:07:19.0447 0x1734  Fax - ok
06:07:19.0477 0x1734  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
06:07:19.0507 0x1734  fdc - ok
06:07:19.0527 0x1734  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
06:07:19.0590 0x1734  fdPHost - ok
06:07:19.0609 0x1734  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
06:07:19.0659 0x1734  FDResPub - ok
06:07:19.0674 0x1734  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
06:07:19.0690 0x1734  FileInfo - ok
06:07:19.0704 0x1734  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
06:07:19.0761 0x1734  Filetrace - ok
06:07:19.0788 0x1734  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
06:07:19.0813 0x1734  flpydisk - ok
06:07:19.0858 0x1734  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
06:07:19.0875 0x1734  FltMgr - ok
06:07:19.0957 0x1734  [ 700A5373FA66F1DAAECBD2CFB88C73ED, D6C1C4C846BC24EB6539ECC701A456FA53BB6679C79391F5B70580D47B6CE395 ] FontCache       C:\Windows\system32\FntCache.dll
06:07:20.0026 0x1734  FontCache - ok
06:07:20.0039 0x1734  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
06:07:20.0059 0x1734  FontCache3.0.0.0 - ok
06:07:20.0079 0x1734  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
06:07:20.0089 0x1734  FsDepends - ok
06:07:20.0119 0x1734  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
06:07:20.0131 0x1734  Fs_Rec - ok
06:07:20.0171 0x1734  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
06:07:20.0191 0x1734  fvevol - ok
06:07:20.0211 0x1734  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
06:07:20.0225 0x1734  gagp30kx - ok
06:07:20.0273 0x1734  [ E4AE497857409127ED57562AF913A903, 262ADD713B1FBF6200550967D1F8635B55D01BBD8FA2E753536E71A4EC87867B ] gpsvc           C:\Windows\System32\gpsvc.dll
06:07:20.0327 0x1734  gpsvc - ok
06:07:20.0365 0x1734  [ 0C03FB91E17987EED93F60007B08DAA0, BF4549F45FA1B291339E5053738B95BA50F021225F294F7B1ED9DACBD09BA426 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
06:07:20.0385 0x1734  gupdate - ok
06:07:20.0395 0x1734  [ 0C03FB91E17987EED93F60007B08DAA0, BF4549F45FA1B291339E5053738B95BA50F021225F294F7B1ED9DACBD09BA426 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
06:07:20.0423 0x1734  gupdatem - ok
06:07:20.0437 0x1734  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
06:07:20.0467 0x1734  hcw85cir - ok
06:07:20.0507 0x1734  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
06:07:20.0537 0x1734  HdAudAddService - ok
06:07:20.0568 0x1734  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
06:07:20.0589 0x1734  HDAudBus - ok
06:07:20.0609 0x1734  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
06:07:20.0629 0x1734  HidBatt - ok
06:07:20.0649 0x1734  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
06:07:20.0677 0x1734  HidBth - ok
06:07:20.0693 0x1734  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
06:07:20.0721 0x1734  HidIr - ok
06:07:20.0741 0x1734  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\System32\hidserv.dll
06:07:20.0791 0x1734  hidserv - ok
06:07:20.0823 0x1734  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
06:07:20.0843 0x1734  HidUsb - ok
06:07:20.0863 0x1734  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
06:07:20.0925 0x1734  hkmsvc - ok
06:07:20.0957 0x1734  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
06:07:20.0987 0x1734  HomeGroupListener - ok
06:07:21.0010 0x1734  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
06:07:21.0039 0x1734  HomeGroupProvider - ok
06:07:21.0079 0x1734  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
06:07:21.0089 0x1734  HpSAMD - ok
06:07:21.0149 0x1734  [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
06:07:21.0201 0x1734  HTTP - ok
06:07:21.0221 0x1734  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
06:07:21.0231 0x1734  hwpolicy - ok
06:07:21.0251 0x1734  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
06:07:21.0271 0x1734  i8042prt - ok
06:07:21.0328 0x1734  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
06:07:21.0343 0x1734  iaStorV - ok
06:07:21.0405 0x1734  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
06:07:21.0455 0x1734  idsvc - ok
06:07:21.0469 0x1734  IEEtwCollectorService - ok
06:07:21.0488 0x1734  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
06:07:21.0497 0x1734  iirsp - ok
06:07:21.0557 0x1734  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
06:07:21.0601 0x1734  IKEEXT - ok
06:07:21.0816 0x1734  [ 1FE5F19EE6F51CD40581F2C68165E51A, 238575199BEC152648B2E6E312728AA5B365FCC86B5CB520EA1E8C72B399849F ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
06:07:22.0036 0x1734  IntcAzAudAddService - ok
06:07:22.0071 0x1734  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
06:07:22.0083 0x1734  intelide - ok
06:07:22.0103 0x1734  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\drivers\intelppm.sys
06:07:22.0139 0x1734  intelppm - ok
06:07:22.0158 0x1734  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
06:07:22.0215 0x1734  IPBusEnum - ok
06:07:22.0235 0x1734  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
06:07:22.0277 0x1734  IpFilterDriver - ok
06:07:22.0329 0x1734  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
06:07:22.0372 0x1734  iphlpsvc - ok
06:07:22.0393 0x1734  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
06:07:22.0411 0x1734  IPMIDRV - ok
06:07:22.0431 0x1734  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
06:07:22.0481 0x1734  IPNAT - ok
06:07:22.0499 0x1734  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
06:07:22.0523 0x1734  IRENUM - ok
06:07:22.0533 0x1734  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
06:07:22.0556 0x1734  isapnp - ok
06:07:22.0575 0x1734  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
06:07:22.0625 0x1734  iScsiPrt - ok
06:07:22.0643 0x1734  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
06:07:22.0657 0x1734  kbdclass - ok
06:07:22.0677 0x1734  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
06:07:22.0715 0x1734  kbdhid - ok
06:07:22.0738 0x1734  [ 1F9335A2C68B65E7D95985FA50968EA0, A0918C943F9CF5C6DB9440222B8E3B0DD645068B44E18253F275509550C0DF4D ] KeyIso          C:\Windows\system32\lsass.exe
06:07:22.0759 0x1734  KeyIso - ok
06:07:22.0803 0x1734  [ 6F5F0C6160EF237F0243C1E416EEBA98, 8BA8AA0D71350A74E294A731226B1638C6059013D645ABDE7188F7733E320FBD ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
06:07:22.0833 0x1734  KSecDD - ok
06:07:22.0858 0x1734  [ 05529E53B286FD60E7EF04EF138CABFD, 6C045750DCD3EE76F748582513AD4FA99C0E8E56B616725CD48DCA1068FF8923 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
06:07:22.0881 0x1734  KSecPkg - ok
06:07:22.0891 0x1734  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
06:07:22.0961 0x1734  ksthunk - ok
06:07:22.0990 0x1734  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
06:07:23.0065 0x1734  KtmRm - ok
06:07:23.0105 0x1734  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\System32\srvsvc.dll
06:07:23.0175 0x1734  LanmanServer - ok
06:07:23.0201 0x1734  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
06:07:23.0269 0x1734  LanmanWorkstation - ok
06:07:23.0299 0x1734  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
06:07:23.0380 0x1734  lltdio - ok
06:07:23.0421 0x1734  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
06:07:23.0499 0x1734  lltdsvc - ok
06:07:23.0519 0x1734  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
06:07:23.0592 0x1734  lmhosts - ok
06:07:23.0618 0x1734  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
06:07:23.0650 0x1734  LSI_FC - ok
06:07:23.0674 0x1734  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
06:07:23.0683 0x1734  LSI_SAS - ok
06:07:23.0703 0x1734  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
06:07:23.0723 0x1734  LSI_SAS2 - ok
06:07:23.0746 0x1734  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
06:07:23.0763 0x1734  LSI_SCSI - ok
06:07:23.0779 0x1734  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
06:07:23.0849 0x1734  luafv - ok
06:07:23.0877 0x1734  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
06:07:23.0907 0x1734  Mcx2Svc - ok
06:07:23.0927 0x1734  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
06:07:23.0951 0x1734  megasas - ok
06:07:23.0969 0x1734  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
06:07:24.0022 0x1734  MegaSR - ok
06:07:24.0059 0x1734  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
06:07:24.0163 0x1734  MMCSS - ok
06:07:24.0185 0x1734  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
06:07:24.0251 0x1734  Modem - ok
06:07:24.0271 0x1734  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
06:07:24.0294 0x1734  monitor - ok
06:07:24.0318 0x1734  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
06:07:24.0336 0x1734  mouclass - ok
06:07:24.0356 0x1734  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
06:07:24.0467 0x1734  mouhid - ok
06:07:24.0493 0x1734  [ 8ADB5445B29941CB41AF2846FD5C93C7, 689582430FE29EC0845B1DB841D3CC49D5D09DE264586E3999EEFE616986D12B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
06:07:24.0515 0x1734  mountmgr - ok
06:07:24.0540 0x1734  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
06:07:24.0557 0x1734  mpio - ok
06:07:24.0617 0x1734  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
06:07:24.0683 0x1734  mpsdrv - ok
06:07:24.0721 0x1734  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
06:07:24.0800 0x1734  MpsSvc - ok
06:07:24.0833 0x1734  [ 98DB1790F0A584E0A2528B92B052417F, 9AA04CA73AFE599810CD233B9CEC212E16D44DCEDF5C7D0181C7257F498068B5 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
06:07:24.0853 0x1734  MRxDAV - ok
06:07:24.0885 0x1734  [ 632E8A00090E4F85F304E152C92C7F2C, A3098941251A8327C95E6B1122384D54FB0ED705A9215577D968EA5B5FD88C87 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
06:07:24.0925 0x1734  mrxsmb - ok
06:07:24.0955 0x1734  [ 0D9C05484F2F4BD9D33A615D5DBE67EA, 1E164B631B1CD85DD5B205284CB547B189609946490AAABD22741743BFB413DF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
06:07:25.0005 0x1734  mrxsmb10 - ok
06:07:25.0026 0x1734  [ 6123E6FECC1C164022868FB1982271BE, 417E6C7AFF8B014B31AFCC202B0DCEECBDBB73205DF8C3EFC7E313664E284178 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
06:07:25.0037 0x1734  mrxsmb20 - ok
06:07:25.0083 0x1734  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
06:07:25.0101 0x1734  msahci - ok
06:07:25.0126 0x1734  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
06:07:25.0149 0x1734  msdsm - ok
06:07:25.0169 0x1734  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
06:07:25.0214 0x1734  MSDTC - ok
06:07:25.0255 0x1734  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
06:07:25.0345 0x1734  Msfs - ok
06:07:25.0373 0x1734  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
06:07:25.0444 0x1734  mshidkmdf - ok
06:07:25.0464 0x1734  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
06:07:25.0485 0x1734  msisadrv - ok
06:07:25.0505 0x1734  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
06:07:25.0577 0x1734  MSiSCSI - ok
06:07:25.0591 0x1734  msiserver - ok
06:07:25.0614 0x1734  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
06:07:25.0659 0x1734  MSKSSRV - ok
06:07:25.0677 0x1734  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
06:07:25.0746 0x1734  MSPCLOCK - ok
06:07:25.0765 0x1734  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
06:07:25.0813 0x1734  MSPQM - ok
06:07:25.0845 0x1734  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
06:07:25.0875 0x1734  MsRPC - ok
06:07:25.0904 0x1734  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
06:07:25.0918 0x1734  mssmbios - ok
06:07:25.0937 0x1734  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
06:07:25.0977 0x1734  MSTEE - ok
06:07:26.0002 0x1734  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
06:07:26.0009 0x1734  MTConfig - ok
06:07:26.0039 0x1734  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
06:07:26.0049 0x1734  Mup - ok
06:07:26.0103 0x1734  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
06:07:26.0185 0x1734  napagent - ok
06:07:26.0213 0x1734  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
06:07:26.0261 0x1734  NativeWifiP - ok
06:07:26.0353 0x1734  [ F7309F42555F8AAB7144A51A1F2585B0, 065277A8AFAEE3888C997A76D2F751070F92DF4C3354D16B194860B4BDAFF937 ] NDIS            C:\Windows\system32\drivers\ndis.sys
06:07:26.0407 0x1734  NDIS - ok
06:07:26.0435 0x1734  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
06:07:26.0510 0x1734  NdisCap - ok
06:07:26.0527 0x1734  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
06:07:26.0567 0x1734  NdisTapi - ok
06:07:26.0590 0x1734  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
06:07:26.0629 0x1734  Ndisuio - ok
06:07:26.0659 0x1734  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
06:07:26.0701 0x1734  NdisWan - ok
06:07:26.0732 0x1734  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
06:07:26.0763 0x1734  NDProxy - ok
06:07:26.0792 0x1734  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
06:07:26.0845 0x1734  NetBIOS - ok
06:07:26.0887 0x1734  [ E47D571FEC2C76E867935109AB2A770C, F349D25890B6F476B106FD75BFB081DB737CA9B224D95E44927942FFF2DF82CD ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
06:07:26.0917 0x1734  NetBT - ok
06:07:26.0937 0x1734  [ 1F9335A2C68B65E7D95985FA50968EA0, A0918C943F9CF5C6DB9440222B8E3B0DD645068B44E18253F275509550C0DF4D ] Netlogon        C:\Windows\system32\lsass.exe
06:07:26.0947 0x1734  Netlogon - ok
06:07:26.0977 0x1734  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
06:07:27.0042 0x1734  Netman - ok
06:07:27.0069 0x1734  [ 0BEF1F19F32C9F3DBE9A503F2E66CC22, 4F4812CDDB675C5D655B5B90375F188A3A5AA52A2BC2CED383B03449CF8210C8 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
06:07:27.0089 0x1734  NetMsmqActivator - ok
06:07:27.0089 0x1734  [ 0BEF1F19F32C9F3DBE9A503F2E66CC22, 4F4812CDDB675C5D655B5B90375F188A3A5AA52A2BC2CED383B03449CF8210C8 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
06:07:27.0127 0x1734  NetPipeActivator - ok
06:07:27.0157 0x1734  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
06:07:27.0219 0x1734  netprofm - ok
06:07:27.0233 0x1734  [ 0BEF1F19F32C9F3DBE9A503F2E66CC22, 4F4812CDDB675C5D655B5B90375F188A3A5AA52A2BC2CED383B03449CF8210C8 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
06:07:27.0250 0x1734  NetTcpActivator - ok
06:07:27.0260 0x1734  [ 0BEF1F19F32C9F3DBE9A503F2E66CC22, 4F4812CDDB675C5D655B5B90375F188A3A5AA52A2BC2CED383B03449CF8210C8 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
06:07:27.0287 0x1734  NetTcpPortSharing - ok
06:07:27.0302 0x1734  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
06:07:27.0317 0x1734  nfrd960 - ok
06:07:27.0351 0x1734  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
06:07:27.0401 0x1734  NlaSvc - ok
06:07:27.0431 0x1734  [ 39C66DD0CF8716B7C3F932B648DAD41C, 4CF2F24DB9DA8AAC4E9299C19F44CC293CBBD4C0A2ABB08C61FC860EE5EB4CD5 ] NNSALPC         C:\Windows\system32\DRIVERS\NNSAlpc.sys
06:07:27.0461 0x1734  NNSALPC - ok
06:07:27.0481 0x1734  [ 06C43C8D9B5AFDD564385E2A4D363678, 2D28F920321DA1775CF9F4F0DC9288B5FDA0233A0857861D693BA6DA6C9766B7 ] NNSHTTP         C:\Windows\system32\DRIVERS\NNSHttp.sys
06:07:27.0501 0x1734  NNSHTTP - ok
06:07:27.0521 0x1734  [ 7403DD9C85A602FDC585DA374B65760F, 616BD09FAC75E5BAF22FEBC06899DFB741B483C77AC29AAAE948E97E6BF5CF32 ] NNSHTTPS        C:\Windows\system32\DRIVERS\NNSHttps.sys
06:07:27.0531 0x1734  NNSHTTPS - ok
06:07:27.0561 0x1734  [ 6EFDD87CA13D50A676F54CF199A7759B, FE3B5FDCA3D45C43C9A5E83148615D7487E05781964C578B16617929913788DA ] NNSIDS          C:\Windows\system32\DRIVERS\NNSIds.sys
06:07:27.0581 0x1734  NNSIDS - ok
06:07:27.0591 0x1734  [ D6C6BE2BBD8ECC91BD48E6504BD19B96, 782819400A1099B0275FE09ACB26179E66878C9D5234F3E61F0C1FE8FB9165E0 ] NNSNAHSL        C:\Windows\system32\DRIVERS\NNSNAHSL.sys
06:07:27.0611 0x1734  NNSNAHSL - ok
06:07:27.0631 0x1734  [ 0C98D5CDD089E2FB3915094268AF7CC5, 7E60923408E5737ABA99B66661AC5EA46D8171AA40A73324407771C7E8A6D680 ] NNSPICC         C:\Windows\system32\DRIVERS\NNSPicc.sys
06:07:27.0651 0x1734  NNSPICC - ok
06:07:27.0671 0x1734  [ 486EB411E4F26C8F6FD600D24D6BC10A, CE34EFBF579B618F2C67D2875BDD88AF4047E5FA33D97039EFA6D23CD33E961E ] NNSPIHSW        C:\Windows\system32\DRIVERS\NNSPihsw.sys
06:07:27.0691 0x1734  NNSPIHSW - ok
06:07:27.0722 0x1734  [ 903DFF78E6C45D2603C07A2BCB42E62B, D63B685C5EAFC1AEF31E51A4D84586E8555889E9BA19D625B2FD4522368CD27B ] NNSPOP3         C:\Windows\system32\DRIVERS\NNSPop3.sys
06:07:27.0753 0x1734  NNSPOP3 - ok
06:07:27.0777 0x1734  [ 35DD429050AC45C2BD3CC5C0837F5B9D, 2CDFD574C1C1166A83E74D8D9DD69C43E3658C09980870817F610D980452FF71 ] NNSPROT         C:\Windows\system32\DRIVERS\NNSProt.sys
06:07:27.0803 0x1734  NNSPROT - ok
06:07:27.0833 0x1734  [ 2CE3A333A43308FE45CED9F3523CD502, 752261AD76EDE752A4704E6B425D50848C3B88E6EDC1E86A4221A491CB6AD1FF ] NNSPRV          C:\Windows\system32\DRIVERS\NNSPrv.sys
06:07:27.0859 0x1734  NNSPRV - ok
06:07:27.0895 0x1734  [ 142494022B4461D631A54984E5C583F4, E04AABD3108A64601B69836E1D0A7A9F1CEA0CB2261E1AF10786A5008838C862 ] NNSSMTP         C:\Windows\system32\DRIVERS\NNSSmtp.sys
06:07:27.0951 0x1734  NNSSMTP - ok
06:07:28.0007 0x1734  [ D9E3A4B710CF2FD0F7D361190219DE50, 732E3488DB39CB8BE44A722635ACA78D6963E1E02BC094AE8B6FFDF0AE2AB137 ] NNSSTRM         C:\Windows\system32\DRIVERS\NNSStrm.sys
06:07:28.0070 0x1734  NNSSTRM - ok
06:07:28.0107 0x1734  [ EFD286B66BB65FB1AEA8549E098E6844, EC39BDBC62B02530C1A588B58B1A66810A513E2D82B6DB3F95BB9E77FEF5654D ] NNSTLSC         C:\Windows\system32\DRIVERS\NNSTlsc.sys
06:07:28.0119 0x1734  NNSTLSC - ok
06:07:28.0191 0x1734  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
06:07:28.0244 0x1734  Npfs - ok
06:07:28.0258 0x1734  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
06:07:28.0323 0x1734  nsi - ok
06:07:28.0356 0x1734  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
06:07:28.0428 0x1734  nsiproxy - ok
06:07:28.0527 0x1734  [ 47B2D0B31BDC3EBE6090228E2BA3764D, 984A4B38300954164BCBF57EC1A09C18B53779E60A26E9618B50E26016735787 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
06:07:28.0617 0x1734  Ntfs - ok
06:07:28.0641 0x1734  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
06:07:28.0681 0x1734  Null - ok
06:07:28.0713 0x1734  [ 786DB821BFD57C0551DBBE4F75384A7D, F956D636F834F2BA5F019E187FDB9CC33940363C75A60E53CD81310A4DB6A6AB ] nusb3hub        C:\Windows\system32\drivers\nusb3hub.sys
06:07:28.0733 0x1734  nusb3hub - ok
06:07:28.0753 0x1734  [ DAA8005CAF745042BB427A1ED7433354, 3019002F174783B76D5D8AA47F7A465B7FEC7C14235B70E5C9277FE534839226 ] nusb3xhc        C:\Windows\system32\drivers\nusb3xhc.sys
06:07:28.0773 0x1734  nusb3xhc - ok
06:07:28.0835 0x1734  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
06:07:28.0855 0x1734  nvraid - ok
06:07:28.0875 0x1734  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
06:07:28.0905 0x1734  nvstor - ok
06:07:28.0915 0x1734  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
06:07:28.0941 0x1734  nv_agp - ok
06:07:28.0958 0x1734  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
06:07:28.0987 0x1734  ohci1394 - ok
06:07:29.0037 0x1734  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
06:07:29.0057 0x1734  ose - ok
06:07:29.0312 0x1734  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
06:07:29.0512 0x1734  osppsvc - ok
06:07:29.0561 0x1734  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
06:07:29.0593 0x1734  p2pimsvc - ok
06:07:29.0633 0x1734  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
06:07:29.0685 0x1734  p2psvc - ok
06:07:29.0715 0x1734  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
06:07:29.0735 0x1734  Parport - ok
06:07:29.0765 0x1734  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
06:07:29.0785 0x1734  partmgr - ok
06:07:29.0822 0x1734  [ 3CD83692C43D87088E85E3C916146FFB, 9E812535E8FBA045FDA30F68E9EB2031132C37721D542A2DC9D4C33E2B137FCF ] PcaSvc          C:\Windows\System32\pcasvc.dll
06:07:29.0837 0x1734  PcaSvc - ok
06:07:29.0867 0x1734  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
06:07:29.0891 0x1734  pci - ok
06:07:29.0926 0x1734  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
06:07:29.0941 0x1734  pciide - ok
06:07:29.0971 0x1734  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
06:07:29.0998 0x1734  pcmcia - ok
06:07:30.0021 0x1734  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
06:07:30.0049 0x1734  pcw - ok
06:07:30.0096 0x1734  [ EA4D67448BE493D543F1730D6CD04694, 24717C5E41B7CA522F3330EF2228B6685E710A5259396E9887A1C1E7A413F8CA ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
06:07:30.0181 0x1734  PEAUTH - ok
06:07:30.0241 0x1734  [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
06:07:30.0323 0x1734  PeerDistSvc - ok
06:07:30.0385 0x1734  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
06:07:30.0415 0x1734  PerfHost - ok
06:07:30.0477 0x1734  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
06:07:30.0627 0x1734  pla - ok
06:07:30.0719 0x1734  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
06:07:31.0090 0x1734  PlugPlay - ok
06:07:31.0100 0x1734  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
06:07:31.0201 0x1734  PNRPAutoReg - ok
06:07:31.0240 0x1734  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
06:07:31.0460 0x1734  PNRPsvc - ok
06:07:31.0599 0x1734  [ 80D6B0563ED2BF10656B1D4748331082, B7E6B5E1148B7EE537E8D5C3A65450876B61CD45A395267D08699746E98AD574 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
06:07:31.0697 0x1734  PolicyAgent - ok
06:07:31.0727 0x1734  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
06:07:31.0805 0x1734  Power - ok
06:07:31.0839 0x1734  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
06:07:31.0881 0x1734  PptpMiniport - ok
06:07:31.0913 0x1734  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
06:07:31.0933 0x1734  Processor - ok
06:07:31.0973 0x1734  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\Windows\system32\profsvc.dll
06:07:32.0013 0x1734  ProfSvc - ok
06:07:32.0033 0x1734  [ 1F9335A2C68B65E7D95985FA50968EA0, A0918C943F9CF5C6DB9440222B8E3B0DD645068B44E18253F275509550C0DF4D ] ProtectedStorage C:\Windows\system32\lsass.exe
06:07:32.0052 0x1734  ProtectedStorage - ok
06:07:32.0065 0x1734  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
06:07:32.0115 0x1734  Psched - ok
06:07:32.0157 0x1734  [ 4C2100234BE55FED7F5AF17F44D94CC3, 704472305E47857B03DAD9AB69E0CC0405DE167D55E4C95730612BE3D0B8F79E ] PSINAflt        C:\Windows\system32\DRIVERS\PSINAflt.sys
06:07:32.0177 0x1734  PSINAflt - ok
06:07:32.0213 0x1734  [ EB45C8CD42B74F87D6A4E556EDEECC5C, C956990CC48327E00E3004F26BE4746DD57754F857C7FD98C1B1327485567ED7 ] PSINFile        C:\Windows\system32\DRIVERS\PSINFile.sys
06:07:32.0232 0x1734  PSINFile - ok
06:07:32.0251 0x1734  [ F7AC32A9225DB455F7E294C5FC850C6A, 8899366E2DCD299CECB8B7C92B3B1834550D3B9D2CA9501D57304DC845055345 ] PSINKNC         C:\Windows\system32\DRIVERS\psinknc.sys
06:07:32.0394 0x1734  PSINKNC - ok
06:07:32.0413 0x1734  [ 7A832241454BB9A29F3EF91708E9E0A6, D4BF000C8281FFF828691FF1F82CFD20E7B6F9B1D913EF6A173305DCA872826C ] PSINProc        C:\Windows\system32\DRIVERS\PSINProc.sys
06:07:32.0465 0x1734  PSINProc - ok
06:07:32.0482 0x1734  [ 11D324F8A15EF374F845C3E9F08256F1, 8FED19313E23AED6F087707C1E859D41828AD9B8828EBB6205052D80EADEAC2F ] PSINProt        C:\Windows\system32\DRIVERS\PSINProt.sys
06:07:32.0527 0x1734  PSINProt - ok
06:07:32.0547 0x1734  [ 6A66E0B13B786851D0EC2B091364DDD3, E17E4B15BFECA7DC107AE52D8910E7B1BE779A5DC4202AC7A35BB09D2D7743F9 ] PSINReg         C:\Windows\system32\DRIVERS\PSINReg.sys
06:07:32.0559 0x1734  PSINReg - ok
06:07:32.0589 0x1734  [ 7A0DB69C5FAE330BD9F492A817B9AA8E, F2870DACA01331529FBEEC519510940FE5212FA2E45518FB32B43128AD9B4AB2 ] PSKMAD          C:\Windows\system32\DRIVERS\PSKMAD.sys
06:07:32.0619 0x1734  PSKMAD - ok
06:07:32.0678 0x1734  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
06:07:32.0750 0x1734  ql2300 - ok
06:07:32.0786 0x1734  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
06:07:32.0802 0x1734  ql40xx - ok
06:07:32.0828 0x1734  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
06:07:32.0863 0x1734  QWAVE - ok
06:07:32.0886 0x1734  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
06:07:32.0905 0x1734  QWAVEdrv - ok
06:07:32.0915 0x1734  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
06:07:32.0985 0x1734  RasAcd - ok
06:07:32.0996 0x1734  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
06:07:33.0052 0x1734  RasAgileVpn - ok
06:07:33.0073 0x1734  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
06:07:33.0137 0x1734  RasAuto - ok
06:07:33.0176 0x1734  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
06:07:33.0227 0x1734  Rasl2tp - ok
06:07:33.0259 0x1734  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
06:07:33.0335 0x1734  RasMan - ok
06:07:33.0357 0x1734  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
06:07:33.0411 0x1734  RasPppoe - ok
06:07:33.0436 0x1734  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
06:07:33.0483 0x1734  RasSstp - ok
06:07:33.0525 0x1734  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
06:07:33.0589 0x1734  rdbss - ok
06:07:33.0605 0x1734  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
06:07:33.0617 0x1734  rdpbus - ok
06:07:33.0637 0x1734  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
06:07:33.0694 0x1734  RDPCDD - ok
06:07:33.0739 0x1734  [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
06:07:33.0759 0x1734  RDPDR - ok
06:07:33.0769 0x1734  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
06:07:33.0825 0x1734  RDPENCDD - ok
06:07:33.0851 0x1734  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
06:07:33.0911 0x1734  RDPREFMP - ok
06:07:33.0973 0x1734  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
06:07:33.0993 0x1734  RdpVideoMiniport - ok
06:07:34.0023 0x1734  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
06:07:34.0063 0x1734  RDPWD - ok
06:07:34.0103 0x1734  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
06:07:34.0123 0x1734  rdyboost - ok
06:07:34.0163 0x1734  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
06:07:34.0203 0x1734  RemoteAccess - ok
06:07:34.0240 0x1734  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
06:07:34.0315 0x1734  RemoteRegistry - ok
06:07:34.0347 0x1734  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
06:07:34.0407 0x1734  RpcEptMapper - ok
06:07:34.0439 0x1734  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
06:07:34.0469 0x1734  RpcLocator - ok
06:07:34.0530 0x1734  [ 622C96AFB07BB82C8650B47172137AC4, B74CEA5A3F4945E5A3EAE7AF1B1FA75F611C65C6FACE393052A512FA81B0C17C ] RpcSs           C:\Windows\system32\rpcss.dll
06:07:34.0551 0x1734  RpcSs - ok
06:07:34.0581 0x1734  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
06:07:34.0633 0x1734  rspndr - ok
06:07:34.0685 0x1734  [ AC4CA62572CA516945AB92D6C9F501F4, 6CB4178DD1ED3D8224EA1F91CAA00AFBC756DCA2DFD71F399B05E511E79D5150 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
06:07:34.0735 0x1734  RTL8167 - ok
06:07:34.0766 0x1734  [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
06:07:34.0835 0x1734  s3cap - ok
06:07:34.0862 0x1734  [ 1F9335A2C68B65E7D95985FA50968EA0, A0918C943F9CF5C6DB9440222B8E3B0DD645068B44E18253F275509550C0DF4D ] SamSs           C:\Windows\system32\lsass.exe
06:07:34.0885 0x1734  SamSs - ok
06:07:34.0957 0x1734  [ B2923FEE51D918ACCE5498728ACB0796, AE6C520FC3DE36F8771AE9419DC2AB459AD062C8112E5A4799FD97F604B7D120 ] Samsung Network Fax Server C:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exe
06:07:35.0011 0x1734  Samsung Network Fax Server - ok
06:07:35.0023 0x1734  Samsung Printer Dianostics Service - ok
06:07:35.0074 0x1734  [ CCFCF96CB350DA48AFDCB221CA999ADA, 7E5490652E367D1EA0400ED95788AFB4E067373E5F8BF73165B7F7FDE20D1B27 ] SamsungUPDUtilSvc C:\Windows\SysWOW64\SecUPDUtilSvc.exe
06:07:35.0091 0x1734  SamsungUPDUtilSvc - ok
06:07:35.0119 0x1734  [ 5EFBBFCC6ADAC121C8E2FE76641ED329, 0EAB16C7F54B61620277977F8C332737081A46BC6BBDE50742B6904BDD54F502 ] SANDRA          C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2016.SP1\WNt600x64\Sandra.sys
06:07:35.0139 0x1734  SANDRA - ok
06:07:35.0159 0x1734  [ 2415052B778693900B61944A09266C41, 5FBFEC29ADCAEA319435146BFAECB391CB9FEB4A03ED502747C8D76A7E530933 ] SandraAgentSrv  C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2016.SP1\RpcAgentSrv.exe
06:07:35.0264 0x1734  SandraAgentSrv - detected UnsignedFile.Multi.Generic ( 1 )
06:07:35.0511 0x1734  Detect skipped due to KSN trusted
06:07:35.0511 0x1734  SandraAgentSrv - ok
06:07:35.0531 0x1734  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
06:07:35.0551 0x1734  sbp2port - ok
06:07:35.0641 0x1734  [ 794D4B48DFB6E999537C7C3947863463, 93DA8AA20D6B02A3360E7F56150F126E75266E9372E6409D42B89DA588EF49C3 ] SBSDWSCService  C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
06:07:35.0686 0x1734  SBSDWSCService - ok
06:07:35.0717 0x1734  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
06:07:35.0793 0x1734  SCardSvr - ok
06:07:35.0825 0x1734  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
06:07:35.0876 0x1734  scfilter - ok
06:07:35.0927 0x1734  [ 40686B59C127F0C93B4234E4A1E3472A, B2DD61CB796C6AA8AFD285D43472B94646CA6D331D282818E0FDC9DE28DDE9CF ] Schedule        C:\Windows\system32\schedsvc.dll
06:07:35.0999 0x1734  Schedule - ok
06:07:36.0026 0x1734  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
06:07:36.0069 0x1734  SCPolicySvc - ok
06:07:36.0099 0x1734  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
06:07:36.0141 0x1734  SDRSVC - ok
06:07:36.0161 0x1734  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
06:07:36.0193 0x1734  secdrv - ok
06:07:36.0223 0x1734  [ A19623BDD61E66A12AB53992002B4F3A, E351CEEC086084A417BA3BD0EEF46114D3147EC38E3EF8BE49B724F9D028CC56 ] seclogon        C:\Windows\system32\seclogon.dll
06:07:36.0253 0x1734  seclogon - ok
06:07:36.0273 0x1734  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\system32\sens.dll
06:07:36.0332 0x1734  SENS - ok
06:07:36.0350 0x1734  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
06:07:36.0365 0x1734  SensrSvc - ok
06:07:36.0385 0x1734  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
06:07:36.0405 0x1734  Serenum - ok
06:07:36.0425 0x1734  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
06:07:36.0445 0x1734  Serial - ok
06:07:36.0465 0x1734  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
06:07:36.0495 0x1734  sermouse - ok
06:07:36.0530 0x1734  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
06:07:36.0597 0x1734  SessionEnv - ok
06:07:36.0623 0x1734  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
06:07:36.0639 0x1734  sffdisk - ok
06:07:36.0659 0x1734  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
06:07:36.0689 0x1734  sffp_mmc - ok
06:07:36.0719 0x1734  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
06:07:36.0739 0x1734  sffp_sd - ok
06:07:36.0759 0x1734  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
06:07:36.0791 0x1734  sfloppy - ok
06:07:36.0831 0x1734  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
06:07:36.0886 0x1734  SharedAccess - ok
06:07:36.0913 0x1734  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
06:07:36.0979 0x1734  ShellHWDetection - ok
06:07:37.0005 0x1734  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
06:07:37.0015 0x1734  SiSRaid2 - ok
06:07:37.0035 0x1734  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
06:07:37.0045 0x1734  SiSRaid4 - ok
06:07:37.0065 0x1734  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
06:07:37.0119 0x1734  Smb - ok
06:07:37.0161 0x1734  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
06:07:37.0177 0x1734  SNMPTRAP - ok
06:07:37.0197 0x1734  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
06:07:37.0217 0x1734  spldr - ok
06:07:37.0266 0x1734  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
06:07:37.0310 0x1734  Spooler - ok
06:07:37.0436 0x1734  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
06:07:37.0643 0x1734  sppsvc - ok
06:07:37.0665 0x1734  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
06:07:37.0764 0x1734  sppuinotify - ok
06:07:37.0836 0x1734  [ EC666682FE8344CF7E6ED69E74FA9F4F, DCD2A1C046425630689E2C9A6A6E356FE5A2A6664D12C20CFE236FCB32240DF9 ] srv             C:\Windows\system32\DRIVERS\srv.sys
06:07:37.0945 0x1734  srv - ok
06:07:37.0977 0x1734  [ E450C0318DCE8ED28ED272C8806B8495, D2FD459F8C5E42103EF2F71421FA175A4F0821F8C2A3763093122D433D1C50FB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
06:07:38.0045 0x1734  srv2 - ok
06:07:38.0072 0x1734  [ 9C12C78AD36C23D925711A4640228225, FF72C23F2A08EDF0C41BAF1EB0245AB44FF91365C5466F09C47A8F0928D20994 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
06:07:38.0131 0x1734  srvnet - ok
06:07:38.0161 0x1734  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
06:07:38.0240 0x1734  SSDPSRV - ok
06:07:38.0263 0x1734  [ 0211AB46B73A2623B86C1CFCB30579AB, 7CC9BA2DF7B9EA6BB17EE342898EDD7F54703B93B6DED6A819E83A7EE9F938B4 ] SSPORT          C:\Windows\system32\Drivers\SSPORT.sys
06:07:38.0283 0x1734  SSPORT - ok
06:07:38.0293 0x1734  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
06:07:38.0353 0x1734  SstpSvc - ok
06:07:38.0405 0x1734  [ 36C3697CA09B23C77BDF95A6B0B57310, DAEF9CFBDE444A80FB41DA0BC5C3C4E1E4B535497A5EDA43EC8768A6EC42E4EA ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
06:07:38.0425 0x1734  ssudmdm - ok
06:07:38.0539 0x1734  [ 7DB9E612A2742ACEAB080B882E83141C, FFD1FA36E732F55223F3F4B5F845331DBB3073B023C2C5BF51A0E7680DEE7FA7 ] ss_conn_service C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
06:07:38.0599 0x1734  ss_conn_service - ok
06:07:38.0619 0x1734  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
06:07:38.0648 0x1734  stexstor - ok
06:07:38.0667 0x1734  [ DECACB6921DED1A38642642685D77DAC, 1633711CE973F818EBCCCA28538772431167C33ECDD44D1E846A9436598B52DC ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
06:07:38.0681 0x1734  StillCam - ok
06:07:38.0711 0x1734  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
06:07:38.0773 0x1734  stisvc - ok
06:07:38.0803 0x1734  [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
06:07:38.0813 0x1734  storflt - ok
06:07:38.0823 0x1734  [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc         C:\Windows\system32\storsvc.dll
06:07:38.0853 0x1734  StorSvc - ok
06:07:38.0873 0x1734  [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc         C:\Windows\system32\drivers\storvsc.sys
06:07:38.0883 0x1734  storvsc - ok
06:07:38.0903 0x1734  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
06:07:38.0913 0x1734  swenum - ok
06:07:38.0955 0x1734  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
06:07:39.0016 0x1734  swprv - ok
06:07:39.0109 0x1734  [ 2E730941CC5BF6200A4F56D1E9C24AAD, 758836D55DC84F3EBE9917DC6FAB8E6170A5B238FEDBCFDB6D7C5C6EA98E08B2 ] SysMain         C:\Windows\system32\sysmain.dll
06:07:39.0219 0x1734  SysMain - ok
06:07:39.0259 0x1734  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
06:07:39.0299 0x1734  TabletInputService - ok
06:07:39.0322 0x1734  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
06:07:39.0391 0x1734  TapiSrv - ok
06:07:39.0478 0x1734  [ B2875D7ABB82867DC3AA03D991940201, F954C33FBA912A517B59330F6438C1953F9F1D8F4D8FD25945EB836A1DB07ABB ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
06:07:39.0564 0x1734  Tcpip - ok
06:07:39.0635 0x1734  [ B2875D7ABB82867DC3AA03D991940201, F954C33FBA912A517B59330F6438C1953F9F1D8F4D8FD25945EB836A1DB07ABB ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
06:07:39.0711 0x1734  TCPIP6 - ok
06:07:39.0755 0x1734  [ 7FE5586314EE7D6AA8483264A089E5AF, 4E3EA68713A45C22F1B9A1AA125E15D06D0C5E637B815537431ADFB6D7563879 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
06:07:39.0767 0x1734  tcpipreg - ok
06:07:39.0797 0x1734  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
06:07:39.0823 0x1734  TDPIPE - ok
06:07:39.0859 0x1734  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
06:07:39.0889 0x1734  TDTCP - ok
06:07:39.0934 0x1734  [ AA77EB517D2F07A947294F260E3ACA83, B7A5DF3066830C0C2302B059778A67419792058A0D300C471DE40AB245EA7E58 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
06:07:39.0951 0x1734  tdx - ok
06:07:40.0230 0x1734  [ F2F02E436BA56A96A06E4427C5787B6E, 1562FF264011A15AC69808CB74F387917C4E8ED3B91546B12933BE10B6E20B3A ] TeamViewer      C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
06:07:40.0520 0x1734  TeamViewer - ok
06:07:40.0554 0x1734  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
06:07:40.0575 0x1734  TermDD - ok
06:07:40.0627 0x1734  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
06:07:40.0688 0x1734  TermService - ok
06:07:40.0699 0x1734  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
06:07:40.0749 0x1734  Themes - ok
06:07:40.0783 0x1734  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
06:07:40.0841 0x1734  THREADORDER - ok
06:07:40.0861 0x1734  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
06:07:40.0921 0x1734  TrkWks - ok
06:07:40.0953 0x1734  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
06:07:41.0020 0x1734  TrustedInstaller - ok
06:07:41.0055 0x1734  [ 19BEDA57F3E0A06B8D5EB6D619BD5624, 952D5FAFD662C93628C12A6F7EB8E240A44216C0A15CBD2F5016BC357CBFE821 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
06:07:41.0085 0x1734  tssecsrv - ok
06:07:41.0125 0x1734  [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
06:07:41.0180 0x1734  TsUsbFlt - ok
06:07:41.0197 0x1734  [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
06:07:41.0227 0x1734  TsUsbGD - ok
06:07:41.0247 0x1734  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
06:07:41.0300 0x1734  tunnel - ok
06:07:41.0319 0x1734  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
06:07:41.0329 0x1734  uagp35 - ok
06:07:41.0359 0x1734  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
06:07:41.0412 0x1734  udfs - ok
06:07:41.0440 0x1734  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
06:07:41.0491 0x1734  UI0Detect - ok
06:07:41.0521 0x1734  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
06:07:41.0541 0x1734  uliagpkx - ok
06:07:41.0561 0x1734  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
06:07:41.0590 0x1734  umbus - ok
06:07:41.0623 0x1734  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
06:07:41.0633 0x1734  UmPass - ok
06:07:41.0673 0x1734  [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService    C:\Windows\System32\umrdp.dll
06:07:41.0703 0x1734  UmRdpService - ok
06:07:41.0740 0x1734  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
06:07:41.0806 0x1734  upnphost - ok
06:07:41.0835 0x1734  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
06:07:41.0865 0x1734  usbaudio - ok
06:07:41.0893 0x1734  [ 28B81917A195B67617AF7DCF4DFE5736, 40A4D2AAE1BDE5ABA8708ED150396E913C566ECD5CDA40D6C6DB256F1B9FD4A9 ] usbccgp         C:\Windows\system32\drivers\usbccgp.sys
06:07:41.0907 0x1734  usbccgp - ok
06:07:41.0937 0x1734  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
06:07:41.0957 0x1734  usbcir - ok
06:07:41.0987 0x1734  [ B626F048318DAE65A3317F0592BE592C, 284D8FFE1D35F852EFDA182A72288AC3A10D6ED825FE2CC5812497D3FE291AF1 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
06:07:42.0014 0x1734  usbehci - ok
06:07:42.0049 0x1734  [ 5A4AC5D05A7C97C68596416C05D6F2B4, 1CDE5172B763D2D65379B9F3ABACC080AF676DB9354EC98A455E620C4CE3E18A ] usbfilter       C:\Windows\system32\DRIVERS\usbfilter.sys
06:07:42.0069 0x1734  usbfilter - ok
06:07:42.0099 0x1734  [ 390109E8E05BA00375DCB1ED64DC60AF, B8628502590B423BEFB6F7C8C69FAD0667AD0746FF6B444EE02016E8E1052B78 ] usbhub          C:\Windows\system32\drivers\usbhub.sys
06:07:42.0129 0x1734  usbhub - ok
06:07:42.0159 0x1734  [ B4DF0F4C1D9D25DFE1DAD1D8670F1D4F, 4317C2DEDC639527B53864BAEC46CBE022D298C0503E29E1072DD1C851D92BFC ] usbohci         C:\Windows\system32\drivers\usbohci.sys
06:07:42.0179 0x1734  usbohci - ok
06:07:42.0189 0x1734  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\drivers\usbprint.sys
06:07:42.0213 0x1734  usbprint - ok
06:07:42.0241 0x1734  [ D029DD09E22EB24318A8FC3D8138BA43, C95805E8BF75ECB939520AE86420B16467B0771C161C51C9F1A37649ADFADCD0 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
06:07:42.0261 0x1734  USBSTOR - ok
06:07:42.0302 0x1734  [ CFEAAF96E666E3DCBD8F6DFF516784AE, 006218A3DB5851790CC0A7F3DCD7B3AF82F624DA679296DE507AFD36C5468317 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
06:07:42.0313 0x1734  usbuhci - ok
06:07:42.0333 0x1734  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
06:07:42.0387 0x1734  UxSms - ok
06:07:42.0405 0x1734  [ 1F9335A2C68B65E7D95985FA50968EA0, A0918C943F9CF5C6DB9440222B8E3B0DD645068B44E18253F275509550C0DF4D ] VaultSvc        C:\Windows\system32\lsass.exe
06:07:42.0425 0x1734  VaultSvc - ok
06:07:42.0460 0x1734  [ F844DC3A071B9840B73A07BD81DED40B, B381CCD493660817544B6FED83C8E583028C4B60420AC812357440F6248D351E ] VBoxNetAdp      C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys
06:07:42.0479 0x1734  VBoxNetAdp - ok
06:07:42.0498 0x1734  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
06:07:42.0507 0x1734  vdrvroot - ok
06:07:42.0548 0x1734  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
06:07:42.0636 0x1734  vds - ok
06:07:42.0662 0x1734  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
06:07:42.0679 0x1734  vga - ok
06:07:42.0689 0x1734  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
06:07:42.0751 0x1734  VgaSave - ok
06:07:42.0771 0x1734  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
06:07:42.0801 0x1734  vhdmp - ok
06:07:42.0823 0x1734  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
06:07:42.0836 0x1734  viaide - ok
06:07:42.0856 0x1734  [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
06:07:42.0883 0x1734  vmbus - ok
06:07:42.0906 0x1734  [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
06:07:42.0922 0x1734  VMBusHID - ok
06:07:42.0931 0x1734  vmci - ok
06:07:42.0944 0x1734  VMnetAdapter - ok
06:07:42.0995 0x1734  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
06:07:43.0005 0x1734  volmgr - ok
06:07:43.0055 0x1734  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
06:07:43.0075 0x1734  volmgrx - ok
06:07:43.0095 0x1734  [ DF8126BD41180351A093A3AD2FC8903B, AEFF4AA89CDDAAAD43CDE17C6B6EB2A397A0AC1651CBD51B889161EC2BC6527A ] volsnap         C:\Windows\system32\drivers\volsnap.sys
06:07:43.0133 0x1734  volsnap - ok
06:07:43.0157 0x1734  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
06:07:43.0207 0x1734  vsmraid - ok
06:07:43.0299 0x1734  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
06:07:43.0399 0x1734  VSS - ok
06:07:43.0419 0x1734  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
06:07:43.0431 0x1734  vwifibus - ok
06:07:43.0461 0x1734  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
06:07:43.0519 0x1734  W32Time - ok
06:07:43.0552 0x1734  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
06:07:43.0583 0x1734  WacomPen - ok
06:07:43.0593 0x1734  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
06:07:43.0653 0x1734  WANARP - ok
06:07:43.0663 0x1734  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
06:07:43.0720 0x1734  Wanarpv6 - ok
06:07:43.0776 0x1734  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
06:07:43.0859 0x1734  wbengine - ok
06:07:43.0890 0x1734  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
06:07:43.0938 0x1734  WbioSrvc - ok
06:07:43.0978 0x1734  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
06:07:44.0020 0x1734  wcncsvc - ok
06:07:44.0053 0x1734  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
06:07:44.0082 0x1734  WcsPlugInService - ok
06:07:44.0102 0x1734  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
06:07:44.0159 0x1734  Wd - ok
06:07:44.0278 0x1734  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
06:07:44.0342 0x1734  Wdf01000 - ok
06:07:44.0382 0x1734  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost  C:\Windows\system32\wdi.dll
06:07:44.0411 0x1734  WdiServiceHost - ok
06:07:44.0423 0x1734  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost   C:\Windows\system32\wdi.dll
06:07:44.0442 0x1734  WdiSystemHost - ok
06:07:44.0470 0x1734  [ 9955F303C20C4F58DB6645C6248DE1C8, 1A04B5C0EF2FE0CDBA054104727C54A02072B829BEAF4F3E4D16E581B50593F1 ] wdm_usb         C:\Windows\system32\DRIVERS\usb2ser.sys
06:07:44.0504 0x1734  wdm_usb - ok
06:07:44.0543 0x1734  [ EE841B6D1F2B9508D3ABAE52AC05A94F, F1AE981FCDBFC4672A4EABABD41382E93762EFC2EDAD96E75530E7ACA5AF1FD8 ] WebClient       C:\Windows\System32\webclnt.dll
06:07:44.0576 0x1734  WebClient - ok
06:07:44.0608 0x1734  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
06:07:44.0658 0x1734  Wecsvc - ok
06:07:44.0700 0x1734  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
06:07:44.0750 0x1734  wercplsupport - ok
06:07:44.0775 0x1734  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
06:07:44.0834 0x1734  WerSvc - ok
06:07:44.0847 0x1734  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
06:07:44.0892 0x1734  WfpLwf - ok
06:07:44.0915 0x1734  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
06:07:44.0924 0x1734  WIMMount - ok
06:07:44.0954 0x1734  WinDefend - ok
06:07:44.0984 0x1734  WinHttpAutoProxySvc - ok
06:07:45.0066 0x1734  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
06:07:45.0142 0x1734  Winmgmt - ok
06:07:45.0228 0x1734  [ EBDA1B0F15CB9B2CBCC6C94824E4E054, C51314F7D611E4903DA00EFA8EB99365414436324D256083CE0B5A8E055E8E06 ] WinRM           C:\Windows\system32\WsmSvc.dll
06:07:45.0382 0x1734  WinRM - ok
06:07:45.0417 0x1734  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
06:07:45.0440 0x1734  WinUsb - ok
06:07:45.0482 0x1734  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
06:07:45.0541 0x1734  Wlansvc - ok
06:07:45.0560 0x1734  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
06:07:45.0579 0x1734  WmiAcpi - ok
06:07:45.0609 0x1734  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
06:07:45.0634 0x1734  wmiApSrv - ok
06:07:45.0644 0x1734  WMPNetworkSvc - ok
06:07:45.0654 0x1734  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
06:07:45.0684 0x1734  WPCSvc - ok
06:07:45.0709 0x1734  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
06:07:45.0726 0x1734  WPDBusEnum - ok
06:07:45.0746 0x1734  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
06:07:45.0808 0x1734  ws2ifsl - ok
06:07:45.0823 0x1734  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\system32\wscsvc.dll
06:07:45.0868 0x1734  wscsvc - ok
06:07:45.0888 0x1734  [ 8D918B1DB190A4D9B1753A66FA8C96E8, DB7D2714DC04D2D6999A207D7399A5647C8653E5A1AD80856A65C5B6065AEDFE ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
06:07:45.0913 0x1734  WSDPrintDevice - ok
06:07:45.0928 0x1734  [ 4A2A5C50DD1A63577D3ACA94269FBC7F, F75C1906D431CF871AD954218DF32A0F206E45FF49332DEF9F13C0A36A407047 ] WSDScan         C:\Windows\system32\DRIVERS\WSDScan.sys
06:07:45.0960 0x1734  WSDScan - ok
06:07:45.0970 0x1734  WSearch - ok
06:07:46.0085 0x1734  [ 31F32E0C1A8BA9A37EEC23DE5F27F847, 0180832BC6172C9A4C32B5B222BB3F91EA615A5EBDA98DB79ED4FED258C2D257 ] wuauserv        C:\Windows\system32\wuaueng.dll
06:07:46.0213 0x1734  wuauserv - ok
06:07:46.0256 0x1734  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
06:07:46.0276 0x1734  WudfPf - ok
06:07:46.0296 0x1734  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
06:07:46.0340 0x1734  WUDFRd - ok
06:07:46.0368 0x1734  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
06:07:46.0388 0x1734  wudfsvc - ok
06:07:46.0418 0x1734  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
06:07:46.0448 0x1734  WwanSvc - ok
06:07:46.0458 0x1734  ================ Scan global ===============================
06:07:46.0508 0x1734  [ 168EA9CD9BD6056BB6F60B57D5304BBE, 5A2F98754F042A7D80E7483842967EB362F01D57CE9720B24C7EDAA047F24C6F ] C:\Windows\system32\basesrv.dll
06:07:46.0538 0x1734  [ 93E5D2B763374F484918A0909724B3EB, 900F1CCAEFCF77AB678C74D542ABDDA7134CD33D7811537E2829FC69E99F2B3E ] C:\Windows\system32\winsrv.dll
06:07:46.0558 0x1734  [ 93E5D2B763374F484918A0909724B3EB, 900F1CCAEFCF77AB678C74D542ABDDA7134CD33D7811537E2829FC69E99F2B3E ] C:\Windows\system32\winsrv.dll
06:07:46.0588 0x1734  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
06:07:46.0620 0x1734  [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
06:07:46.0630 0x1734  [ Global ] - ok
06:07:46.0640 0x1734  ================ Scan MBR ==================================
06:07:46.0650 0x1734  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
06:07:46.0810 0x1734  \Device\Harddisk0\DR0 - ok
06:07:46.0810 0x1734  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
06:07:46.0960 0x1734  \Device\Harddisk1\DR1 - ok
06:07:46.0960 0x1734  ================ Scan VBR ==================================
06:07:46.0960 0x1734  [ A865743A6AAA65602F3AFA8D36616ED1 ] \Device\Harddisk0\DR0\Partition1
06:07:46.0960 0x1734  \Device\Harddisk0\DR0\Partition1 - ok
06:07:46.0980 0x1734  [ 0739F1FD4CC0B5F42DCCBFE53AD460F2 ] \Device\Harddisk0\DR0\Partition2
06:07:46.0980 0x1734  \Device\Harddisk0\DR0\Partition2 - ok
06:07:46.0990 0x1734  [ A9F91B23FB47AE56DCA7718B3AB3D707 ] \Device\Harddisk1\DR1\Partition1
06:07:46.0990 0x1734  \Device\Harddisk1\DR1\Partition1 - ok
06:07:47.0000 0x1734  ================ Scan generic autorun ======================
06:07:47.0323 0x1734  [ E30DE5CAD204F8E5FEA41FD605039B83, 8D15E34FA035734DAFA951CA07C08B928667157D66B5EA7005A768B97BA90C5D ] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
06:07:47.0689 0x1734  RTHDVCPL - ok
06:07:47.0902 0x1734  [ 3CBAA23AB6ED2824DC5D8BE8B6AFBCE9, D11ECBFBAAFFC58D26594923CDD096DEFED0E081EEADE05B65A4173F1866AD42 ] C:\Program Files (x86)\UltimateOutsider\GWX Control Panel\GWX_control_panel.exe
06:07:48.0126 0x1734  GwxControlPanelMonitor - ok
06:07:48.0267 0x1734  [ 8CC5E4DB25E4C22A308E2820E69D4950, A53BBE06FF226DA7E37C3ADA881AF4F856E439553DFA7D10DDECB07196545B39 ] C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
06:07:48.0297 0x1734  CDAServer - ok
06:07:48.0345 0x1734  [ 2B282A4050FE3B4B70EF9E3070BBFF78, 019B667781F5CE411AEB569EAA4095FA2B9942E43A6A1DFC6EEBB2DA214131FE ] C:\Program Files (x86)\FreePDF_XP\fpassist.exe
06:07:48.0440 0x1734  FreePDF Assistant - detected UnsignedFile.Multi.Generic ( 1 )
06:07:48.0608 0x1734  Detect skipped due to KSN trusted
06:07:48.0608 0x1734  FreePDF Assistant - ok
06:07:48.0678 0x1734  [ 1E0029B9936F42C86138EADB5C27439E, 0A57C0DF2E2995C45FB92D1229FFAA1493748F39F01FB53F9559C5AFB5C1CA13 ] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
06:07:48.0729 0x1734  avgnt - ok
06:07:48.0770 0x1734  [ 258E2CD2C4984A977106C9EF7CA8AF69, D8F6409D5F5782CC27D159D18E914A3DB59D8644D7017CA6F84F0CF30E95174C ] C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe
06:07:48.0800 0x1734  Avira SystrayStartTrigger - ok
06:07:48.0860 0x1734  Dropbox - ok
06:07:49.0235 0x1734  [ 3F6B014280D8A98ACC323BB28CA5BCA7, 724FE1E949D57E982B50CC6FBBA8BCB524C42592A39ED60D37042CC2C2E73CAB ] C:\Program Files\CCleaner\CCleaner64.exe
06:07:49.0615 0x1734  CCleaner Monitoring - ok
06:07:49.0686 0x1734  [ BDAE453D2EBCCDE40FC17F3094A43E29, B4642A62F78B3034D51ED8A60BD1353D269A62FCF14AF4FFA87DC7E02A6CC7A0 ] C:\Program Files\AMD Quick Stream\AMDQuickStream.exe
06:07:49.0717 0x1734  AppEx Accelerator UI - ok
06:07:49.0722 0x1734  Waiting for KSN requests completion. In queue: 145
06:07:50.0000 0x0ca4  Object required for P2P: [ 3F6B014280D8A98ACC323BB28CA5BCA7 ] C:\Program Files\CCleaner\CCleaner64.exe
06:07:50.0410 0x0ca4  Object send P2P result: true
06:07:50.0901 0x1734  AV detected via SS2: Avira Antivirus, C:\Program Files (x86)\Avira\AntiVir Desktop\WindowsSecurityCenter.exe ( 15.0.25.151 ), 0x41000 ( enabled : updated )
06:07:50.0941 0x1734  Win FW state via NFP2: enabled ( trusted )
06:07:51.0532 0x1734  ============================================================
06:07:51.0532 0x1734  Scan finished
06:07:51.0532 0x1734  ============================================================
06:07:51.0552 0x09d8  Detected object count: 0
06:07:51.0552 0x09d8  Actual detected object count: 0
         


Alt 10.03.2017, 14:38   #6
M-K-D-B
/// TB-Ausbilder
 
svcHost sehr hohe CPU Auslastung - Standard

svcHost sehr hohe CPU Auslastung



Servus,


du bit ja lustig, führst schon zahlreiche Tools aus, aber erwähnst das mit keinem einzigen Post und fügst auch keine Logdateien mit an. Wieso das Ganze?

Bitte poste die alten Logdateien von
- JRT
- AdwCleaner
- ComboFix
- MBAR
- EmsisoftEmergencyKit
- MBAM

Du sollst die Programme nicht nochmal ausführen, sondern nur die Logdateien von den bereits durchgeführten Suchlaufen posten!





Zitat:
cc_20170308_100929.reg
Auch gleich noch was anderes:


Hinweis: Registry Cleaner

Ich sehe, dass du sogenannte Registry Cleaner installiert hast.
In deinem Fall CCleaner.

Wir raten von der Verwendung jeglicher Art von Registry Cleaner ab.

Der Grund ist ganz einfach:
Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich.
Man sollte nicht unnötigerweise an der Registry rumbasteln. Schon ein kleiner Fehler kann gravierende Folgen haben und auch Programme machen manchmal Fehler.
Zerstörst du die Registry, zerstörst du Windows.

Zudem ist der Nutzen zur Performancesteigerung umstritten und meist kaum im wahrnehmbaren Bereich.

Ich würde dir empfehlen, Registry Cleaner nicht weiterhin zu verwenden und über
Start --> Systemsteuerung --> Software (bei Windows XP)
Start --> Systemsteuerung --> Programme und Funktionen (bei Vista / Win 7)
zu deinstallieren.
__________________
--> svcHost sehr hohe CPU Auslastung

Alt 10.03.2017, 15:21   #7
almera500
 
svcHost sehr hohe CPU Auslastung - Standard

svcHost sehr hohe CPU Auslastung



Hallo,

Sorry. Hier die Logs;

Code:
ATTFilter
Rkill 2.8.4 by Lawrence Abrams (Grinler)
hxxp://www.bleepingcomputer.com/
Copyright 2008-2017 BleepingComputer.com
More Information about Rkill can be found at this link:
 hxxp://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 03/09/2017 10:20:24 AM in x64 mode. (Safe Mode)
Windows Version: Windows 7 Professional Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity: 

 * Basisfiltermodul (BFE) is not Running.
   Startup Type set to: Automatic

 * DHCP-Client (Dhcp) is not Running.
   Startup Type set to: Automatic

 * DNS-Client (Dnscache) is not Running.
   Startup Type set to: Automatic

 * COM+-Ereignissystem (EventSystem) is not Running.
   Startup Type set to: Automatic

 * Windows-Firewall (MpsSvc) is not Running.
   Startup Type set to: Automatic

 * Netzwerkverbindungen (Netman) is not Running.
   Startup Type set to: Manual

 * Netzwerkspeicher-Schnittstellendienst (nsi) is not Running.
   Startup Type set to: Automatic

 * Sicherheitscenter (wscsvc) is not Running.
   Startup Type set to: Automatic (Delayed Start)

 * Windows Update (wuauserv) is not Running.
   Startup Type set to: Automatic (Delayed Start)

 * Ancillary Function Driver for Winsock (AFD) is not Running.
   Startup Type set to: System

 * Windows-Firewallautorisierungstreiber (mpsdrv) is not Running.
   Startup Type set to: Manual

 * NetBT (NetBT) is not Running.
   Startup Type set to: System

 * NSI proxy service driver. (nsiproxy) is not Running.
   Startup Type set to: System

 * NetIO-Legacy-TDI-Supporttreiber (tdx) is not Running.
   Startup Type set to: System

 * TBS [Missing Service]

Searching for Missing Digital Signatures: 

 * No issues found.

Checking HOSTS File: 

 * Cannot edit the HOSTS file.
 * Permissions could not be fixed. Use Hosts-perm.bat to fix permissions: hxxp://www.bleepingcomputer.com/download/hosts-permbat/

 * HOSTS file entries found: 

  127.0.0.1	www.007guard.com
  127.0.0.1	007guard.com
  127.0.0.1	008i.com
  127.0.0.1	www.008k.com
  127.0.0.1	008k.com
  127.0.0.1	www.00hq.com
  127.0.0.1	00hq.com
  127.0.0.1	010402.com
  127.0.0.1	www.032439.com
  127.0.0.1	032439.com
  127.0.0.1	www.0scan.com
  127.0.0.1	0scan.com
  127.0.0.1	1000gratisproben.com
  127.0.0.1	www.1000gratisproben.com
  127.0.0.1	1001namen.com
  127.0.0.1	www.1001namen.com
  127.0.0.1	100888290cs.com
  127.0.0.1	www.100888290cs.com
  127.0.0.1	www.100sexlinks.com
  127.0.0.1	100sexlinks.com

  20 out of 15621 HOSTS entries shown.
  Please review HOSTS file for further entries.

Program finished at: 03/09/2017 10:20:41 AM
Execution time: 0 hours(s), 0 minute(s), and 17 seconds(s)
         
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.1 (02.11.2017)
Operating System: Windows 7 Professional x64 
Ran by Ritzmann (Limited) on 09.03.2017 at 10:19:07,20
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0 




Registry: 0 





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09.03.2017 at 10:20:11,24
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Code:
ATTFilter
ComboFix 17-02-24.01 - Ritzmann 09.03.2017  10:30:42.2.2 - x64 MINIMAL
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.7364.5074 [GMT 1:00]
ausgeführt von:: c:\users\Ritzmann\Downloads\ComboFix.exe
AV: Avira Antivirus *Enabled/Updated* {B3F630BD-538D-1B4A-14FA-14B63235278F}
SP: Avira Antivirus *Enabled/Updated* {0897D159-75B7-14C4-2E4A-2FC449B26D32}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Ritzmann\AppData\Local\assembly\tmp
.
.
(((((((((((((((((((((((   Dateien erstellt von 2017-02-09 bis 2017-03-09  ))))))))))))))))))))))))))))))
.
.
2017-03-09 09:36 . 2017-03-09 09:36	--------	d-----w-	c:\users\Default\AppData\Local\temp
2017-03-09 09:25 . 2017-03-09 09:25	75888	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{3222C98E-AD22-457D-88EC-F24B25FBD993}\offreg.948.dll
2017-03-09 05:10 . 2017-03-09 06:55	--------	d-----w-	C:\EEK
2017-03-08 19:58 . 2017-03-09 06:55	--------	d-----w-	c:\programdata\Malwarebytes' Anti-Malware (portable)
2017-03-08 19:56 . 2017-03-09 05:10	--------	d-----w-	C:\AdwCleaner
2017-03-08 18:39 . 2017-03-08 18:39	--------	d-----w-	c:\program files (x86)\AMD AVT
2017-03-08 18:39 . 2014-02-16 16:23	60640	----a-w-	c:\windows\system32\drivers\usbfilter.sys
2017-03-08 18:38 . 2015-01-21 06:17	108256	----a-w-	c:\windows\system32\drivers\amdhub30.sys
2017-03-08 18:38 . 2014-09-23 17:56	83656	----a-w-	c:\windows\system32\drivers\amd_sata.sys
2017-03-08 18:38 . 2014-09-23 17:56	43720	----a-w-	c:\windows\system32\drivers\amd_xata.sys
2017-03-08 18:38 . 2015-01-21 06:17	229088	----a-w-	c:\windows\system32\drivers\amdxhc.sys
2017-03-08 18:17 . 2017-03-08 18:17	388096	----a-r-	c:\users\Ritzmann\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2017-03-08 18:17 . 2017-03-08 18:17	--------	d-----w-	c:\program files (x86)\Trend Micro
2017-03-08 18:00 . 2017-02-22 10:48	12654400	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{3222C98E-AD22-457D-88EC-F24B25FBD993}\mpengine.dll
2017-03-08 17:39 . 2017-03-08 17:42	--------	d-----w-	c:\windows\system32\catroot2
2017-03-08 14:23 . 2017-03-08 14:23	--------	d--h--w-	c:\programdata\Common Files
2017-03-08 14:23 . 2017-03-08 14:23	--------	d-----w-	c:\programdata\MFAData
2017-03-08 08:48 . 2017-03-03 05:35	110144	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-64.dll
2017-03-08 06:32 . 2017-03-08 06:32	--------	d-----w-	c:\program files (x86)\Common Files\Skype
2017-03-08 06:32 . 2017-03-08 06:32	--------	d-----r-	c:\program files (x86)\Skype
2017-03-08 05:39 . 2017-02-22 23:42	84712	----a-w-	c:\windows\system32\CompatTelRunner.exe
2017-03-08 05:39 . 2017-02-22 23:37	1285632	----a-w-	c:\windows\system32\aeinv.dll
2017-03-08 05:39 . 2017-02-18 14:05	646656	----a-w-	c:\windows\system32\generaltel.dll
2017-03-08 05:39 . 2017-02-18 14:05	1609216	----a-w-	c:\windows\system32\appraiser.dll
2017-03-07 09:23 . 2017-03-07 10:17	--------	d-----w-	c:\users\Ritzmann\AppData\Local\Adobe SVG Viewer
2017-03-07 07:47 . 2017-03-07 07:47	--------	d-----w-	c:\program files (x86)\Common Files\Adobe SVG Viewer
2017-03-06 21:12 . 2017-03-07 17:37	15	----a-w-	c:\users\Ritzmann\advanced_ip_scanner_Aliases.bin
2017-03-06 21:05 . 2017-03-06 21:05	--------	d-----w-	c:\program files (x86)\Advanced IP Scanner
2017-03-06 21:04 . 2017-03-06 21:04	--------	d-----w-	c:\users\Ritzmann\AppData\Local\Advanced IP Scanner 2
2017-03-03 06:05 . 2003-09-11 21:42	16384	----a-w-	c:\windows\SysWow64\FileOps.exe
2017-03-03 05:35 . 2017-03-02 14:40	963488	----a-w-	c:\windows\system32\deployJava1.dll
2017-03-03 05:35 . 2017-03-02 14:40	1085344	----a-w-	c:\windows\system32\npDeployJava1.dll
2017-03-03 05:35 . 2017-03-03 05:35	--------	d-----w-	c:\program files (x86)\Common Files\Java
2017-03-03 05:27 . 2017-03-07 09:47	--------	d-----w-	c:\programdata\firebird
2017-03-02 17:20 . 2017-03-03 05:28	--------	d-----w-	c:\program files\DocBackupAC
2017-03-02 14:43 . 2017-03-02 14:54	--------	d-----w-	c:\program files\SEDREAC
2017-03-02 14:40 . 2017-03-03 05:35	318528	----a-w-	c:\windows\system32\javaws.exe
2017-03-02 14:40 . 2017-03-03 05:35	206912	----a-w-	c:\windows\system32\javaw.exe
2017-03-02 14:40 . 2017-03-03 05:35	206912	----a-w-	c:\windows\system32\java.exe
2017-03-02 14:40 . 2017-03-03 05:35	110144	----a-w-	c:\windows\system32\WindowsAccessBridge-64.dll
2017-03-02 14:40 . 2017-03-03 05:35	--------	d-----w-	c:\program files\Java
2017-03-02 14:30 . 2017-03-03 05:23	--------	d-----w-	c:\program files (x86)\DocBackupJRE
2017-03-01 19:47 . 2017-03-01 19:47	--------	d-----w-	c:\programdata\Tracker Software
2017-02-23 10:53 . 2016-12-31 15:36	335360	----a-w-	c:\windows\system32\invagent.dll
2017-02-23 10:53 . 2016-12-31 15:36	556544	----a-w-	c:\windows\system32\devinv.dll
2017-02-23 10:53 . 2016-12-31 15:36	293376	----a-w-	c:\windows\system32\centel.dll
2017-02-23 10:53 . 2016-12-31 15:36	233984	----a-w-	c:\windows\system32\aepic.dll
2017-02-23 10:53 . 2016-12-31 15:36	133632	----a-w-	c:\windows\system32\acmigration.dll
2017-02-23 08:44 . 2017-02-23 10:55	--------	d-----w-	c:\windows\system32\DAX2
2017-02-23 08:42 . 2016-11-12 18:41	77824	----a-w-	c:\windows\system32\JavaScriptCollectionAgent.dll
2017-02-23 08:42 . 2016-11-12 17:57	60416	----a-w-	c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2017-02-23 08:42 . 2016-11-12 19:13	222720	----a-w-	c:\program files\Internet Explorer\ielowutil.exe
2017-02-23 08:42 . 2016-11-12 18:30	62464	----a-w-	c:\windows\SysWow64\iesetup.dll
2017-02-23 08:42 . 2016-11-14 23:27	394448	----a-w-	c:\windows\system32\iedkcs32.dll
2017-02-23 08:42 . 2016-11-14 22:39	815312	----a-w-	c:\program files (x86)\Internet Explorer\iexplore.exe
2017-02-23 08:42 . 2016-11-12 18:14	115712	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2017-02-23 08:42 . 2016-11-12 18:00	255488	----a-w-	c:\program files (x86)\Internet Explorer\F12Tools.dll
2017-02-23 08:42 . 2016-11-12 17:36	2055680	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2017-02-23 08:42 . 2016-11-12 17:20	1543680	----a-w-	c:\windows\system32\urlmon.dll
2017-02-21 18:49 . 2017-02-21 18:49	46184	----a-w-	c:\windows\system32\drivers\dbx-dev.sys
2017-02-21 18:49 . 2017-02-21 18:49	46184	----a-w-	c:\windows\system32\drivers\dbx-canary.sys
2017-02-10 14:56 . 2017-02-10 14:57	--------	d-----w-	c:\program files (x86)\Navigator16
2017-02-10 14:51 . 2017-02-10 14:51	--------	d-----w-	c:\users\Ritzmann\AppData\Roaming\naviextras
2017-02-10 14:51 . 2017-02-10 14:51	--------	d-----w-	c:\program files (x86)\Naviextras
2017-02-09 08:33 . 2017-02-09 08:33	46408	----a-w-	c:\windows\system32\DbxSvc.exe
2017-02-09 08:33 . 2017-02-09 08:33	46184	----a-w-	c:\windows\system32\drivers\dbx-stable.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-03-09 09:14 . 2015-04-30 15:36	65536	----a-w-	c:\windows\system32\spu_storage.bin
2017-03-09 05:09 . 2015-05-01 04:44	192216	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2017-03-09 05:09 . 2015-04-30 15:22	109272	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2017-03-07 17:37 . 2015-06-06 19:05	990	----a-w-	c:\users\Ritzmann\advanced_ip_scanner_MAC.bin
2017-03-03 10:13 . 2016-10-06 18:40	51248	----a-w-	c:\windows\system32\drivers\avusbflt.sys
2017-03-03 10:13 . 2015-05-01 07:02	78600	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2017-03-03 10:13 . 2015-05-01 07:02	35328	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2017-03-03 10:13 . 2015-05-01 07:02	176968	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2017-03-03 10:13 . 2015-05-01 07:02	148104	----a-w-	c:\windows\system32\drivers\avipbb.sys
2017-02-23 11:07 . 2015-05-01 05:23	138020592	-c--a-w-	c:\windows\system32\MRT.exe
2017-02-14 23:52 . 2015-04-30 17:47	802904	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2017-02-14 23:52 . 2015-04-30 17:47	144472	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt01]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-21 18:54	236872	----a-w-	c:\program files (x86)\Dropbox\Client\DropboxExt.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt02]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-21 18:54	236872	----a-w-	c:\program files (x86)\Dropbox\Client\DropboxExt.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt03]
@="{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-21 18:54	236872	----a-w-	c:\program files (x86)\Dropbox\Client\DropboxExt.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt04]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-21 18:54	236872	----a-w-	c:\program files (x86)\Dropbox\Client\DropboxExt.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt05]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-21 18:54	236872	----a-w-	c:\program files (x86)\Dropbox\Client\DropboxExt.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt06]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-21 18:54	236872	----a-w-	c:\program files (x86)\Dropbox\Client\DropboxExt.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt07]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-21 18:54	236872	----a-w-	c:\program files (x86)\Dropbox\Client\DropboxExt.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt08]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-21 18:54	236872	----a-w-	c:\program files (x86)\Dropbox\Client\DropboxExt.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt09]
@="{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-21 18:54	236872	----a-w-	c:\program files (x86)\Dropbox\Client\DropboxExt.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt10]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-21 18:54	236872	----a-w-	c:\program files (x86)\Dropbox\Client\DropboxExt.14.0.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2017-02-08 9363672]
"AppEx Accelerator UI"="c:\program files\AMD Quick Stream\AMDQuickStream.exe" [2015-04-06 488640]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"FreePDF Assistant"="c:\program files (x86)\FreePDF_XP\fpassist.exe" [2014-03-18 373760]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2017-03-03 909744]
"Avira SystrayStartTrigger"="c:\program files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe" [2016-12-29 61896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
R1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
R1 epp;epp;c:\eek\bin64\epp.sys;c:\eek\bin64\epp.sys [x]
R1 NNSALPC;NNSALPC;c:\windows\system32\DRIVERS\NNSAlpc.sys;c:\windows\SYSNATIVE\DRIVERS\NNSAlpc.sys [x]
R1 NNSHTTP;NNSHTTP;c:\windows\system32\DRIVERS\NNSHttp.sys;c:\windows\SYSNATIVE\DRIVERS\NNSHttp.sys [x]
R1 NNSHTTPS;NNSHTTPS;c:\windows\system32\DRIVERS\NNSHttps.sys;c:\windows\SYSNATIVE\DRIVERS\NNSHttps.sys [x]
R1 NNSIDS;NNSIDS;c:\windows\system32\DRIVERS\NNSIds.sys;c:\windows\SYSNATIVE\DRIVERS\NNSIds.sys [x]
R1 NNSNAHSL;Network Activity Hook Server LightWeight Filter Driver;c:\windows\system32\DRIVERS\NNSNAHSL.sys;c:\windows\SYSNATIVE\DRIVERS\NNSNAHSL.sys [x]
R1 NNSPICC;NNSPICC;c:\windows\system32\DRIVERS\NNSPicc.sys;c:\windows\SYSNATIVE\DRIVERS\NNSPicc.sys [x]
R1 NNSPIHSW;NNSPIHSW;c:\windows\system32\DRIVERS\NNSPihsw.sys;c:\windows\SYSNATIVE\DRIVERS\NNSPihsw.sys [x]
R1 NNSPOP3;NNSPOP3;c:\windows\system32\DRIVERS\NNSPop3.sys;c:\windows\SYSNATIVE\DRIVERS\NNSPop3.sys [x]
R1 NNSPROT;NNSPROT;c:\windows\system32\DRIVERS\NNSProt.sys;c:\windows\SYSNATIVE\DRIVERS\NNSProt.sys [x]
R1 NNSPRV;NNSPRV;c:\windows\system32\DRIVERS\NNSPrv.sys;c:\windows\SYSNATIVE\DRIVERS\NNSPrv.sys [x]
R1 NNSSMTP;NNSSMTP;c:\windows\system32\DRIVERS\NNSSmtp.sys;c:\windows\SYSNATIVE\DRIVERS\NNSSmtp.sys [x]
R1 NNSSTRM;NNSSTRM;c:\windows\system32\DRIVERS\NNSStrm.sys;c:\windows\SYSNATIVE\DRIVERS\NNSStrm.sys [x]
R1 NNSTLSC;NNSTLSC;c:\windows\system32\DRIVERS\NNSTlsc.sys;c:\windows\SYSNATIVE\DRIVERS\NNSTlsc.sys [x]
R1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys;c:\windows\SYSNATIVE\DRIVERS\psinknc.sys [x]
R1 VBoxNetAdp;VirtualBox NDIS 6.0 Miniport Service;c:\windows\system32\DRIVERS\VBoxNetAdp6.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp6.sys [x]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R2 AMD FUEL Service;AMD FUEL Service;c:\program files\AMD\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [x]
R2 AntiVirMailService;Avira Email-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe [x]
R2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
R2 AntiVirWebService;Avira Webschutz;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
R2 AODDriver4.3;AODDriver4.3;c:\program files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R2 APXACC;AppEx Networks Accelerator LWF;c:\windows\system32\DRIVERS\appexDrv.sys;c:\windows\SYSNATIVE\DRIVERS\appexDrv.sys [x]
R2 Avira.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\Launcher\Avira.ServiceHost.exe;c:\program files (x86)\Avira\Launcher\Avira.ServiceHost.exe [x]
R2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 dbupdate;Dropbox-Update-Service (dbupdate);c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe;c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe [x]
R2 DbxSvc;DbxSvc;c:\windows\system32\DbxSvc.exe;c:\windows\SYSNATIVE\DbxSvc.exe [x]
R2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys;c:\windows\SYSNATIVE\DRIVERS\PSINAflt.sys [x]
R2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys;c:\windows\SYSNATIVE\DRIVERS\PSINFile.sys [x]
R2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys;c:\windows\SYSNATIVE\DRIVERS\PSINProc.sys [x]
R2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys;c:\windows\SYSNATIVE\DRIVERS\PSINProt.sys [x]
R2 PSINReg;PSINReg;c:\windows\system32\DRIVERS\PSINReg.sys;c:\windows\SYSNATIVE\DRIVERS\PSINReg.sys [x]
R2 Samsung Network Fax Server;Samsung Network Fax Server;c:\windows\system32\spool\drivers\x64\3\NetFaxServer64.exe;c:\windows\SYSNATIVE\spool\drivers\x64\3\NetFaxServer64.exe [x]
R2 Samsung Printer Dianostics Service;Samsung Printer Dianostics Service;c:\windows\system32\\spdsvc.exe;c:\windows\SYSNATIVE\\spdsvc.exe [x]
R2 SamsungUPDUtilSvc;Samsung UPD Utility Service;c:\windows\SysWOW64\SecUPDUtilSvc.exe;c:\windows\SysWOW64\SecUPDUtilSvc.exe [x]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 ss_conn_service;SAMSUNG Mobile Connectivity Service;c:\program files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe;c:\program files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [x]
R2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
R3 dbupdatem;Dropbox-Update-Service (dbupdatem);c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe;c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe [x]
R3 dbx;dbx;c:\windows\system32\DRIVERS\dbx.sys;c:\windows\SYSNATIVE\DRIVERS\dbx.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys;c:\windows\SYSNATIVE\drivers\nusb3hub.sys [x]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x]
R3 PSKMAD;PSKMAD;c:\windows\system32\DRIVERS\PSKMAD.sys;c:\windows\SYSNATIVE\DRIVERS\PSKMAD.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2016.SP1\RpcAgentSrv.exe;c:\program files\SiSoftware\SiSoftware Sandra Lite 2016.SP1\RpcAgentSrv.exe [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]
R3 wdm_usb;wdm_usb;c:\windows\system32\DRIVERS\usb2ser.sys;c:\windows\SYSNATIVE\DRIVERS\usb2ser.sys [x]
R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S0 avusbflt;avusbflt;c:\windows\System32\Drivers\avusbflt.sys;c:\windows\SYSNATIVE\Drivers\avusbflt.sys [x]
S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys;c:\windows\SYSNATIVE\DRIVERS\amdhub30.sys [x]
S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys;c:\windows\SYSNATIVE\DRIVERS\amdxhc.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
Inhalt des "geplante Tasks" Ordners
.
2017-03-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-30 23:52]
.
2017-03-09 c:\windows\Tasks\DropboxUpdateTaskMachineCore.job
- c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-03-04 10:51]
.
2017-03-09 c:\windows\Tasks\DropboxUpdateTaskMachineUA.job
- c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-03-04 10:51]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt01]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-21 18:54	287048	----a-w-	c:\program files (x86)\Dropbox\Client\DropboxExt64.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt02]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-21 18:54	287048	----a-w-	c:\program files (x86)\Dropbox\Client\DropboxExt64.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt03]
@="{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-21 18:54	287048	----a-w-	c:\program files (x86)\Dropbox\Client\DropboxExt64.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt04]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-21 18:54	287048	----a-w-	c:\program files (x86)\Dropbox\Client\DropboxExt64.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt05]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-21 18:54	287048	----a-w-	c:\program files (x86)\Dropbox\Client\DropboxExt64.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt06]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-21 18:54	287048	----a-w-	c:\program files (x86)\Dropbox\Client\DropboxExt64.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt07]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-21 18:54	287048	----a-w-	c:\program files (x86)\Dropbox\Client\DropboxExt64.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt08]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-21 18:54	287048	----a-w-	c:\program files (x86)\Dropbox\Client\DropboxExt64.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt09]
@="{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-21 18:54	287048	----a-w-	c:\program files (x86)\Dropbox\Client\DropboxExt64.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt10]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-21 18:54	287048	----a-w-	c:\program files (x86)\Dropbox\Client\DropboxExt64.14.0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2016-11-09 9068040]
"GwxControlPanelMonitor"="c:\program files (x86)\UltimateOutsider\GWX Control Panel\GWX_control_panel.exe" [2016-01-24 4559944]
"CDAServer"="c:\program files\Common Files\Common Desktop Agent\CDASrv.exe" [2014-09-08 464608]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = 
uDefault_Search_URL = 
mDefault_Search_URL = 
mDefault_Page_URL = 
mStart Page = 
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = 
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1 192.168.0.2
TCP: Interfaces\{83F7B557-C097-4117-AADB-B3D9653C8F66}: NameServer = 8.8.8.8
FF - ProfilePath - c:\users\Ritzmann\AppData\Roaming\Mozilla\Firefox\Profiles\s21y8qmf.default-1488993856462\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKU-Default-Run-EEDSpeedLauncher - c:\windows\system32\eed_ec.dll
SafeBoot-01452621.sys
SafeBoot-67039832.sys
SafeBoot-NanoServiceMain
SafeBoot-PSUAService
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_24_0_0_221_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_24_0_0_221_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_24_0_0_221_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_24_0_0_221_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_24_0_0_221.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.24"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_24_0_0_221.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_24_0_0_221.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_24_0_0_221.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2017-03-09  10:39:38
ComboFix-quarantined-files.txt  2017-03-09 09:39
.
Vor Suchlauf: 13 Verzeichnis(se), 886.379.085.824 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 885.836.079.104 Bytes frei
.
- - End Of File - - 82577B41CDD83839F3C2004197E681E1
A36C5E4F47E84449FF07ED3517B43A31
         
Zu CCleaner;

habe ich eben deinstalliert

Weitere Log Dateien habe ich keine mehr.

Alt 10.03.2017, 21:11   #8
M-K-D-B
/// TB-Ausbilder
 
svcHost sehr hohe CPU Auslastung - Standard

svcHost sehr hohe CPU Auslastung



Servus,




bitte beachten:
Zitat:
Gestartet von C:\Users\Ritzmann\Downloads
Leider hast du unsere Anleitung nicht richtig befolgt:
Bitte alle Tools direkt auf den Desktop downloaden bzw. dorthin verschieben und vom Desktop starten, da unsere Anleitungen daraufhin ausgelegt sind.
Zudem lassen sich dann am Ende der Bereinigung alle verwendeten Tools sehr einfach entfernen.
Alle Tools bis zum Ende der Bereinigung auf dem Desktop lassen, evtl. benötigen wir manche öfter.






Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________
Gruß
M-K-D-B


==========================================================
offline vom 22.12.2018 bis 01.01.2019
==========================================================

Das Trojaner-Board unterstützen

Alt 13.03.2017, 05:26   #9
almera500
 
svcHost sehr hohe CPU Auslastung - Standard

svcHost sehr hohe CPU Auslastung



Hallo,

sorry war Krankheitsbedingt abwesend.

Problem hat sich aufgelöst. Der Dienst WinUpdate verursacht das Problem.

Alt 13.03.2017, 17:18   #10
M-K-D-B
/// TB-Ausbilder
 
svcHost sehr hohe CPU Auslastung - Standard

svcHost sehr hohe CPU Auslastung



Wenn du keine Probleme mehr mit Malware hast, dann sind wir hier fertig. Deine Logdateien sind sauber.
Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.





Cleanup:
Alle Logs gepostet? Dann lade Dir bitte DelFix herunter.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.
Hinweis:
DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner anschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.





Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:
Java
Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.




Sofern du noch unentschieden bist, verwende ein einziges der folgenden Antivirusprogramme mit Echtzeitscanner und stets aktueller Signaturendatenbank:

   
 

Microsoft Security Essentials (MSE) / Windows Defender (WD) ist ab Windows 8 fest eingebaut, wenn du also Windows 8, 8.1 oder 10 und dich für MSE/WD entschieden hast, brauchst du nicht extra MSE/WD zu installieren. Bei Windows 7 muss es aber manuell installiert oder über die Windows Updates als optionales Update bezogen werden. Selbstverständlich ist ein legales/aktiviertes Windows Voraussetzung dafür.




Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.




Optional:
Adblock Plus Kann Banner, Pop-ups, Videowerbung, Tracking und Malware-Seiten blockieren.
NoScript Verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.

Lade Software von einem sauberen Portal wie .
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner .




Abschließend noch ein paar grundsätzliche Bemerkungen:
  • Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
  • Lade keine Software von Chip, Softonic oder SourceForge. Die dort angebotene Software wird häufig mit einem sog. "Installer" verteilt, mit dem man sich nur unerwünschte Software oder Adware installiert.
  • Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Selbst Microsoft unterstützt sog. Registry-Cleaner nicht. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.




Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...und/oder das Forum mit einer kleinen Spende unterstützen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.


















Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen.
__________________
Gruß
M-K-D-B


==========================================================
offline vom 22.12.2018 bis 01.01.2019
==========================================================

Das Trojaner-Board unterstützen

Antwort

Themen zu svcHost sehr hohe CPU Auslastung
antivir, auslastung, avira, bho, bonjour, desktop, fehler, firefox, flash player, google, hijack, hijackthis, hkus\s-1-5-18, internet, internet explorer, mozilla, problem, safer networking, security, senden, server, software, svchost, system, usb, virtumonde, windows



Ähnliche Themen: svcHost sehr hohe CPU Auslastung


  1. Hohe CPU-Auslastung durch svchost.exe
    Plagegeister aller Art und deren Bekämpfung - 20.12.2016 (5)
  2. svchost exe netsvcs sorgt für sehr hohe cpu auslastung
    Plagegeister aller Art und deren Bekämpfung - 21.09.2016 (19)
  3. Hohe CPU-Auslastung durch svchost.exe und Leerlaufprozesse(ram-auslastung)
    Plagegeister aller Art und deren Bekämpfung - 06.07.2016 (11)
  4. Hohe CPU und RAM Auslastung durch svchost.exe
    Log-Analyse und Auswertung - 08.03.2016 (1)
  5. Windows Vista: svchost.exe verursacht sehr hohe CPU-Auslastung
    Log-Analyse und Auswertung - 22.09.2015 (15)
  6. hohe CPU-Auslastung durch svchost.exe
    Log-Analyse und Auswertung - 30.08.2015 (1)
  7. Hohe CPU-Auslastung, svchost.exe Schuld?
    Netzwerk und Hardware - 12.08.2015 (2)
  8. Problem svchost.exe erzeugt hohe RAM-Auslastung
    Plagegeister aller Art und deren Bekämpfung - 06.05.2015 (26)
  9. Win7 System sehr träge, svchost.exe hohe Auslastung
    Log-Analyse und Auswertung - 12.01.2015 (13)
  10. Hohe CPU Auslastung durch svchost.exe
    Plagegeister aller Art und deren Bekämpfung - 12.11.2014 (1)
  11. Sehr hohe CPU Auslastung aufgrund von svchost.exe
    Plagegeister aller Art und deren Bekämpfung - 03.10.2014 (30)
  12. Windows7: Hohe CPU-Auslastung- svchost.exe
    Log-Analyse und Auswertung - 27.12.2013 (7)
  13. Hohe Auslastung durch svchost.exe
    Log-Analyse und Auswertung - 08.12.2013 (25)
  14. svchost.exe und unerklärlich hohe RAM-Auslastung (99%)
    Log-Analyse und Auswertung - 05.04.2012 (7)
  15. Hohe CPU Auslastung durch svchost.exe
    Log-Analyse und Auswertung - 17.02.2012 (24)
  16. svchost.exe und explorer.exe haben hohe cpu auslastung
    Log-Analyse und Auswertung - 19.10.2007 (6)
  17. svchost: Hohe CPU-Auslastung + Speicherfraß
    Plagegeister aller Art und deren Bekämpfung - 22.01.2006 (12)

Zum Thema svcHost sehr hohe CPU Auslastung - Problem: Svchost.exe bei der CPU Auslastung immer um die 50%. Spybot Fehler Virtumonde, Win32.z-bot. Aber keine Spione gefunden. Malwarebytes ohne Funde. Log File Logfile of Trend Micro HijackThis v2.0.4 Scan - svcHost sehr hohe CPU Auslastung...
Archiv
Du betrachtest: svcHost sehr hohe CPU Auslastung auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.